Add TOTP support #519
Add TOTP support #519
Conversation
|
Wow! This is great! 🎉 |
|
Cloned and tried - awesome! Seems in the current implementation, TOTP codes in the clipboard has the same expiry as other fields like usernames and passwords. If a TOTP code expires in less than 10 seconds, the value in the clipboard gets invalid. Although most websites accepts time shift within a few seconds, I feel it better to always use the correct code. Maybe copy the new code if the old code in the clipboard is expired? |
|
@yan12125 Thanks for the feedback! That's definitely a good point, but wouldn't it get a bit annoying if you copy the value when it is just a couple of seconds away from the expiration time and alt-tab the window to paste it somewhere only to find it has been removed from the clipboard already? I'm also not sure if it would be a good idea to automatically modify the clipboard with an updated value without the user actually asking for it. As you said, most websites have a time window for old codes, so IMHO I don't think that would be a problem. |
|
You're right - overwriting the clipboard content without user involvement sounds bad. I can't figure out a good solution for now. If that really causes problems in the future, we can always revisit it :) |
TheZ3ro
requested review from
phoerious,
droidmonkey and
TheZ3ro
and removed request for
phoerious
src/CMakeLists.txt
Outdated
| @@ -100,6 +100,8 @@ set(keepassx_SOURCES | |||
| gui/SettingsWidget.cpp | |||
| gui/SearchWidget.cpp | |||
| gui/SortFilterHideProxyModel.cpp | |||
| gui/TotpDialog.cpp | |||
| gui/SetupTotpDialog.cpp | |||
There was a problem hiding this comment.
@weslly this line should go before gui/TotpDialog.cpp
src/CMakeLists.txt
Outdated
| @@ -151,6 +155,8 @@ set(keepassx_FORMS | |||
| gui/SearchWidget.ui | |||
| gui/SettingsWidgetGeneral.ui | |||
| gui/SettingsWidgetSecurity.ui | |||
| gui/TotpDialog.ui | |||
| gui/SetupTotpDialog.ui | |||
There was a problem hiding this comment.
@weslly this line should go before gui/TotpDialog.ui
src/core/Entry.cpp
Outdated
| } | ||
|
|
||
| m_data.totpDigits = 6; | ||
| m_data.totpStep = 30; |
There was a problem hiding this comment.
@weslly the default steps and digits are defined 3 times in this file. Maybe we could extract them as constants and place them somewhere in the totp files.
src/gui/DatabaseWidget.cpp
Outdated
| @@ -42,6 +42,8 @@ | |||
| #include "gui/ChangeMasterKeyWidget.h" | |||
| #include "gui/Clipboard.h" | |||
| #include "gui/CloneDialog.h" | |||
| #include "gui/TotpDialog.h" | |||
| #include "gui/SetupTotpDialog.h" | |||
There was a problem hiding this comment.
@weslly I also think this import list is sorted alphabetically.
src/totp/totp.cpp
Outdated
| } | ||
|
|
||
| if (step == 0) { | ||
| step = 30; |
There was a problem hiding this comment.
@weslly default steps and digits also defined here.
|
Hello and sincere thanks for all this superb work. I am an end-user of KeepassXC and need help to get this new totp feature working. Where should I post my question ? |
src/gui/SetupTotpDialog.cpp
Outdated
|
|
||
| void SetupTotpDialog::setStep(quint8 step) | ||
| { | ||
| if (step != 30) { |
There was a problem hiding this comment.
Shouldn't this be QTotp::defaultStep ?
src/gui/SetupTotpDialog.cpp
Outdated
|
|
||
| void SetupTotpDialog::setDigits(quint8 digits) | ||
| { | ||
| if (digits != 6) { |
There was a problem hiding this comment.
Shouldn't this be QTotp::defaultDigits ?
src/gui/SetupTotpDialog.cpp
Outdated
|
|
||
| void SetupTotpDialog::setupTotp() | ||
| { | ||
| quint8 digits = 6; |
There was a problem hiding this comment.
Also this QTotp::defaultDigits
|
Would it be possible do group the TOTP code (in groups of 3 digits), similar to what google authenticato does? Simply adding a small space would be sufficient, I guess and makes reading/remembering much easier in my opinion. |
src/core/Entry.cpp
Outdated
|
|
||
| if (m_attributes->hasKey("otp")) { | ||
| secret = m_attributes->value("otp"); | ||
| } else { |
There was a problem hiding this comment.
@weslly here we assume the TOTP seed is present in the attributes. Shouldn't we check this with m_attributes->hasKey("TOTP Seed")?
| digits = 8; | ||
| } else { | ||
| digits = 6; | ||
| } |
There was a problem hiding this comment.
@weslly small nitpick, but why not use the default here also?
quint8 digits = QTotp::defaultDigits;
if (m_ui->radio8Digits->isChecked()) {
digits = 8;
}There was a problem hiding this comment.
@louib That would assume the default was always 6 but it wouldn't work if the default was 8 and the user checked 6 instead. Realistically the default is always 6 but that could cause problems if someone compiled their own version with 8 as the default at QTotp::defaultDigits.
|
|
||
| void SetupTotpDialog::setDigits(quint8 digits) | ||
| { | ||
| if (digits == 8) { |
There was a problem hiding this comment.
@weslly you could test using digits != QTotp::defaultDigits here as well.
src/gui/TotpDialog.cpp
Outdated
| uCounter = resetCounter(); | ||
| updateProgressBar(); | ||
|
|
||
| QTimer *timer = new QTimer(this); |
src/totp/totp.cpp
Outdated
| } | ||
|
|
||
|
|
||
| QByteArray QTotp::base32_decode(const QByteArray encoded) |
There was a problem hiding this comment.
@weslly This is taken from google authenticator? Maybe it would be better to leave it in a separate file and preserve the original copyright notice? Also maybe adding a link to the original source of the file.
src/totp/totp.cpp
Outdated
| } | ||
|
|
||
|
|
||
| QString QTotp::generateTotp(const QByteArray key, quint64 time, const quint8 numDigits = defaultDigits, const quint8 step = defaultStep) |
There was a problem hiding this comment.
@weslly you could split that line.
tests/TestTotp.cpp
Outdated
| } | ||
|
|
||
|
|
||
| void TestTotp::testSecret() |
There was a problem hiding this comment.
@weslly maybe name it testParseSecret, since it's testing the QTotp::parseOtpString function.
|
I like the display trick as long as copy paste still works properly. |
|
I took the time to test this, and it works great so far! Good job @weslly |
- Added YubiKey 2FA integration for unlocking databases [#127] - Added TOTP support [#519] - Added CSV import tool [#146, #490] - Added KeePassXC CLI tool [#254] - Added diceware password generator [#373] - Added support for entry references [#370, #378] - Added support for Twofish encryption [#167] - Enabled DEP and ASLR for in-memory protection [#371] - Enabled single instance mode [#510] - Enabled portable mode [#645] - Enabled database lock on screensaver and session lock [#545] - Redesigned welcome screen with common features and recent databases [#292] - Multiple updates to search behavior [#168, #213, #374, #471, #603, #654] - Added auto-type fields {CLEARFIELD}, {SPACE}, {{}, {}} [#267, #427, #480] - Fixed auto-type errors on Linux [#550] - Prompt user prior to executing a cmd:// URL [#235] - Entry attributes can be protected (hidden) [#220] - Added extended ascii to password generator [#538] - Added new database icon to toolbar [#289] - Added context menu entry to empty recycle bin in databases [#520] - Added "apply" button to entry and group edit windows [#624] - Added macOS tray icon and enabled minimize on close [#583] - Fixed issues with unclean shutdowns [#170, #580] - Changed keyboard shortcut to create new database to CTRL+SHIFT+N [#515] - Compare window title to entry URLs [#556] - Implemented inline error messages [#162] - Ignore group expansion and other minor changes when making database "dirty" [#464] - Updated license and copyright information on souce files [#632] - Added contributors list to about dialog [#629]
|
Hi guys, regarding AutoType - how can I configure this OTP with AutoType? Thank you! |
|
Use the {TOTP} fill in, see Autotype Wiki for more info. |
phoerious
added
pr: new feature
resolves #80
Description
This PR add support for TOTP code generation (as described by rfc6238) using KeepassXC.
Motivation and context
This is a rework from the ground up of my previous TOTP PR. It has more features, tests and the code is a lot cleaner than before.
Features
{TOTP}tagHow has this been tested?
I added tests and have been using this with my personal database daily.
Screenshots:
Types of changes
Checklist:
-DWITH_ASAN=ON. [REQUIRED]