Handle retrieving credentials from HTTP Basic Auth

keepassxreboot · Dec 11, 2018 · a070f1b · a070f1b
1 parent cb3c489
commit a070f1b
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 6 deletions.
diff --git a/src/browser/BrowserAction.cpp b/src/browser/BrowserAction.cpp
@@ -251,7 +251,9 @@ QJsonObject BrowserAction::handleGetLogins(const QJsonObject& json, const QStrin
 
     const QString id = decrypted.value("id").toString();
     const QString submit = decrypted.value("submitUrl").toString();
-    const QJsonArray users = m_browserService.findMatchingEntries(id, url, submit, "", keyList);
+    const QString auth = decrypted.value("httpAuth").toString();
+    const bool httpAuth = auth.compare("true", Qt::CaseSensitive) == 0 ? true : false;
+    const QJsonArray users = m_browserService.findMatchingEntries(id, url, submit, "", keyList, httpAuth);
 
     if (users.isEmpty()) {
         return getErrorReply(action, ERROR_KEEPASS_NO_LOGINS_FOUND);

diff --git a/src/browser/BrowserOptionDialog.cpp b/src/browser/BrowserOptionDialog.cpp
@@ -100,6 +100,7 @@ void BrowserOptionDialog::loadSettings()
 
     m_ui->alwaysAllowAccess->setChecked(settings->alwaysAllowAccess());
     m_ui->alwaysAllowUpdate->setChecked(settings->alwaysAllowUpdate());
+    m_ui->httpAuthPermission->setChecked(settings->httpAuthPermission());
     m_ui->searchInAllDatabases->setChecked(settings->searchInAllDatabases());
     m_ui->supportKphFields->setChecked(settings->supportKphFields());
     m_ui->supportBrowserProxy->setChecked(settings->supportBrowserProxy());
@@ -156,6 +157,7 @@ void BrowserOptionDialog::saveSettings()
     settings->setUpdateBinaryPath(m_ui->updateBinaryPath->isChecked());
     settings->setAlwaysAllowAccess(m_ui->alwaysAllowAccess->isChecked());
     settings->setAlwaysAllowUpdate(m_ui->alwaysAllowUpdate->isChecked());
+    settings->setHttpAuthPermission(m_ui->httpAuthPermission->isChecked());
     settings->setSearchInAllDatabases(m_ui->searchInAllDatabases->isChecked());
     settings->setSupportKphFields(m_ui->supportKphFields->isChecked());
 

diff --git a/src/browser/BrowserOptionDialog.ui b/src/browser/BrowserOptionDialog.ui
@@ -267,6 +267,13 @@
          </property>
         </widget>
        </item>
+       <item>
+        <widget class="QCheckBox" name="httpAuthPermission">
+         <property name="text">
+          <string extracomment="An extra HTTP Basic Auth setting">Do not ask permission for HTTP &amp;Basic Auth</string>
+         </property>
+        </widget>
+       </item>
        <item>
         <widget class="QCheckBox" name="searchInAllDatabases">
          <property name="toolTip">

diff --git a/src/browser/BrowserService.cpp b/src/browser/BrowserService.cpp
@@ -207,7 +207,8 @@ QJsonArray BrowserService::findMatchingEntries(const QString& id,
                                                const QString& url,
                                                const QString& submitUrl,
                                                const QString& realm,
-                                               const StringPairList& keyList)
+                                               const StringPairList& keyList,
+                                               const bool httpAuth)
 {
     QJsonArray result;
     if (thread() != QThread::currentThread()) {
@@ -219,18 +220,26 @@ QJsonArray BrowserService::findMatchingEntries(const QString& id,
                                   Q_ARG(QString, url),
                                   Q_ARG(QString, submitUrl),
                                   Q_ARG(QString, realm),
-                                  Q_ARG(StringPairList, keyList));
+                                  Q_ARG(StringPairList, keyList),
+                                  Q_ARG(bool, httpAuth));
         return result;
     }
 
     const bool alwaysAllowAccess = browserSettings()->alwaysAllowAccess();
+    const bool ignoreHttpAuth = browserSettings()->httpAuthPermission();
     const QString host = QUrl(url).host();
     const QString submitHost = QUrl(submitUrl).host();
 
     // Check entries for authorization
     QList<Entry*> pwEntriesToConfirm;
     QList<Entry*> pwEntries;
     for (Entry* entry : searchEntries(url, keyList)) {
+        // HTTP Basic Auth always needs a confirmation
+        if (!ignoreHttpAuth && httpAuth) {
+            pwEntriesToConfirm.append(entry);
+            continue;
+        }
+
         switch (checkAccess(entry, host, submitHost, realm)) {
         case Denied:
             continue;
@@ -642,7 +651,10 @@ QJsonObject BrowserService::prepareEntry(const Entry* entry)
 }
 
 BrowserService::Access
-BrowserService::checkAccess(const Entry* entry, const QString& host, const QString& submitHost, const QString& realm)
+BrowserService::checkAccess(const Entry* entry,
+                            const QString& host,
+                            const QString& submitHost,
+                            const QString& realm)
 {
     BrowserEntryConfig config;
     if (!config.load(entry)) {

diff --git a/src/browser/BrowserService.h b/src/browser/BrowserService.h
@@ -67,7 +67,8 @@ public slots:
                                    const QString& url,
                                    const QString& submitUrl,
                                    const QString& realm,
-                                   const StringPairList& keyList);
+                                   const StringPairList& keyList,
+                                   const bool httpAuth = false);
     QString storeKey(const QString& key);
     void updateEntry(const QString& id,
                      const QString& uuid,
@@ -101,7 +102,10 @@ public slots:
                         const QString& submitHost,
                         const QString& realm);
     QJsonObject prepareEntry(const Entry* entry);
-    Access checkAccess(const Entry* entry, const QString& host, const QString& submitHost, const QString& realm);
+    Access checkAccess(const Entry* entry,
+                       const QString& host,
+                       const QString& submitHost,
+                       const QString& realm);
     Group* findCreateAddEntryGroup(QSharedPointer<Database> selectedDb = {});
     int
     sortPriority(const Entry* entry, const QString& host, const QString& submitUrl, const QString& baseSubmitUrl) const;

diff --git a/src/browser/BrowserSettings.cpp b/src/browser/BrowserSettings.cpp
@@ -121,6 +121,16 @@ void BrowserSettings::setAlwaysAllowUpdate(bool alwaysAllowUpdate)
     config()->set("Browser/AlwaysAllowUpdate", alwaysAllowUpdate);
 }
 
+bool BrowserSettings::httpAuthPermission()
+{
+    return config()->get("Browser/HttpAuthPermission", false).toBool();
+}
+
+void BrowserSettings::setHttpAuthPermission(bool httpAuthPermission)
+{
+    config()->set("Browser/HttpAuthPermission", httpAuthPermission);
+}
+
 bool BrowserSettings::searchInAllDatabases()
 {
     return config()->get("Browser/SearchInAllDatabases", false).toBool();

diff --git a/src/browser/BrowserSettings.h b/src/browser/BrowserSettings.h
@@ -51,6 +51,8 @@ class BrowserSettings
     void setAlwaysAllowUpdate(bool alwaysAllowUpdate);
     bool searchInAllDatabases();
     void setSearchInAllDatabases(bool searchInAllDatabases);
+    bool httpAuthPermission();
+    void setHttpAuthPermission(bool httpAuthPermission);
     bool supportKphFields();
     void setSupportKphFields(bool supportKphFields);