Use custom data to save any browser integration related data #1497
Conversation
|
This needs to be rebased and cleaned up after the Custom Data PR is merged. |
varjolintu
force-pushed
the
feature/custom-data-browser
branch
2 times, most recently
from
d569e33
to
06fadb4
Compare
|
I wonder if there should be some transitional code for those who have used the old implementation. Maybe even check if we are using KDBX 4 already and then convert all string attributes to custom data, otherwise, keep using string attributes. |
|
This PR still needs a way to view/delete the stored keys. So a little more work is needed. |
varjolintu
force-pushed
the
feature/custom-data-browser
branch
from
f1194d2
to
fe5eb02
Compare
|
Added the key view/removal to Browser Integration settings window and rebased. |
varjolintu
force-pushed
the
feature/custom-data-browser
branch
2 times, most recently
from
e873c4d
to
a53196b
Compare
varjolintu
force-pushed
the
feature/custom-data-browser
branch
from
a53196b
to
60d8670
Compare
varjolintu
force-pushed
the
feature/custom-data-browser
branch
from
60d8670
to
aad4cd9
Compare
|
This feature will be added #1591 to the PR. |
|
This also needs to convert existing attributes to custom data, or will you be supporting both? |
|
@droidmonkey I'll do a feature that converts both KeePassHTTP and KeePassXC-Browser attributes to custom data. I will not support both of them. |
varjolintu
force-pushed
the
feature/custom-data-browser
branch
from
1c7ee40
to
53165ea
Compare
|
Button added to Browser Integration settings page. Rebased. |
|
@droidmonkey I agree. This should be asked automatically (but still leaving the manual button just in case). If the KeePassXC-Browser Settings attribute is found, the conversion popup dialog appears. I'll do the necessary fixes today. |
|
I noticed that the keys are not converted to custom data, but instead still using the old KeePassXC-Browser entry method. Maybe this needs to be changed too. |
|
IMO the browser entry should be deleted and the attributes moved to the root folder custom data. We can also store the default folder location (user choice) for new entries made from the plugin in that custom data. Let's think outside the box a little. |
varjolintu
force-pushed
the
feature/custom-data-browser
branch
from
cc70244
to
64e4417
Compare
|
Key conversion done. (Please review the dialog text). Every time database is opened, BrowserService class checks if there are any old attributes or old key entry. If found, a popup dialog is shown. |
varjolintu
force-pushed
the
feature/custom-data-browser
branch
from
64e4417
to
c923453
Compare
|
Key count added to the popup dialog. Checking for legacy settings has been moved to another function. |
src/browser/BrowserOptionDialog.cpp
Outdated
| if (QMessageBox::Yes != MessageBox::question(this, | ||
| tr("Delete the selected key?"), | ||
| tr("Do you really want to delete the selected key?\n" | ||
| "This may cause the affected plugins to malfunction."), |
There was a problem hiding this comment.
What does it mean to malfunction? I think the correct verbiage here is "This may prevent connection to the browser plugin."
Note that we warn when you remove an individual key, but when you click on "Disconnect all browsers" it just does it without any confirmation. Same with "Forget all remembered permissions" which is a little bit confusing, this button should probably say "Forget all site-specific settings on entries".
There was a problem hiding this comment.
I agree. There should be confirmation for each of these actions.
src/browser/BrowserService.cpp
Outdated
| tr("KeePassXC: Settings not available!"), | ||
| Database* db = getDatabase(); | ||
| if (!db) { | ||
| QMessageBox::information(0, tr("KeePassXC: Settings not available!"), |
There was a problem hiding this comment.
Technically if you reach here you do not have an active database. I think this warning can be dropped.
src/browser/BrowserService.cpp
Outdated
| return; | ||
| } | ||
|
|
||
| Database* db = m_dbTabWidget->currentDatabaseWidget()->database(); |
There was a problem hiding this comment.
Why isn't "getDatabase()" used here?
Here is my problem with this settings dialog, application settings are meant to be global. So these buttons make no sense at all. Basically I have to have the correct database selected prior to hitting the settings button, which is an undiscoverable "feature".
Here are some options:
- Move everything below "Sort matching credentials..." into the database settings
- Add a drop-down selection list above the buttons that let's you select from the currently open databases.
To me, option 1 is the most acceptable because it makes sense. It is also where the KeeShare settings are going so that would be consistent.
There was a problem hiding this comment.
A separate Browser Integration page should be added to the Database settings. Then it would be nice and clean.
src/browser/BrowserService.cpp
Outdated
| auto dialogResult = QMessageBox::warning(nullptr, | ||
| tr("KeePassXC: Legacy browser integration settings detected"), | ||
| tr("Legacy browser integration settings have been detected.\n" | ||
| "Do you want to transfer the settings and stored keys to custom data?\n" |
There was a problem hiding this comment.
I would just say "Do you want to upgrade the settings to the latest standard?\nThis is necessary to maintain compatibility with the browser plugin."
varjolintu
force-pushed
the
feature/custom-data-browser
branch
2 times, most recently
from
5465cbf
to
d382905
Compare
|
An update:
|
varjolintu
force-pushed
the
feature/custom-data-browser
branch
5 times, most recently
from
1e5c684
to
0e2b789
Compare
|
A final update:
|
droidmonkey
force-pushed
the
feature/custom-data-browser
branch
from
0e2b789
to
b9057b9
Compare
varjolintu
force-pushed
the
feature/custom-data-browser
branch
from
58f27fc
to
0e9a618
Compare
|
One more update:
|
varjolintu
force-pushed
the
feature/custom-data-browser
branch
from
0e9a618
to
008f41a
Compare
droidmonkey
force-pushed
the
feature/custom-data-browser
branch
from
008f41a
to
76095d0
Compare
- New Database Wizard [#1952] - Advanced Search [#1797] - Automatic update checker [#2648] - KeeShare database synchronization [#2109, #1992, #2738, #2742, #2746, #2739] - Improve favicon fetching; transition to Duck-Duck-Go [#2795, #2011, #2439] - Remove KeePassHttp support [#1752] - CLI: output info to stderr for easier scripting [#2558] - CLI: Add --quiet option [#2507] - CLI: Add create command [#2540] - CLI: Add recursive listing of entries [#2345] - CLI: Fix stdin/stdout encoding on Windows [#2425] - SSH Agent: Support OpenSSH for Windows [#1994] - macOS: TouchID Quick Unlock [#1851] - macOS: Multiple improvements; include CLI in DMG [#2165, #2331, #2583] - Linux: Prevent Klipper from storing secrets in clipboard [#1969] - Linux: Use polling based file watching for NFS [#2171] - Linux: Enable use of browser plugin in Snap build [#2802] - TOTP QR Code Generator [#1167] - High-DPI Scaling for 4k screens [#2404] - Make keyboard shortcuts more consistent [#2431] - Warn user if deleting referenced entries [#1744] - Allow toolbar to be hidden and repositioned [#1819, #2357] - Increase max allowed database timeout to 12 hours [#2173] - Password generator uses existing password length by default [#2318] - Improve alert message box button labels [#2376] - Show message when a database merge makes no changes [#2551] - Browser Integration Enhancements [#1497, #2253, #1904, #2232, #1850, #2218, #2391, #2396, #2542, #2622, #2637, #2790] - Overall Code Improvements [#2316, #2284, #2351, #2402, #2410, #2419, #2422, #2443, #2491, #2506, #2610, #2667, #2709, #2731]
Description
Browser connection keys and Allow/Deny rules are stored to custom data instead of attributes.
Motivation and context
Fixes keepassxreboot/keepassxc-browser#11.
How has this been tested?
Tested manually with the latest KeePassXC-Browser.
Types of changes
Checklist:
-DWITH_ASAN=ON. [REQUIRED]