diff options
author | Maciej S. Szmigiero <mail@maciej.szmigiero.name> | 2019-09-28 00:50:14 +0200 |
---|---|---|
committer | Maciej S. Szmigiero <mail@maciej.szmigiero.name> | 2019-09-28 00:53:55 +0200 |
commit | 0498dd6862447633e9c7731955be5474cc81d911 (patch) | |
tree | 1fbb1e6a6bcf451e1738708f6efa151c345a4305 | |
parent | 3c97670a8847f56518095dde1f7b0a2b68cc8421 (diff) |
Don't show a TOTP secret when selecting a password entry in the main window
Knowing the TOTP secret for a password entry allows somebody to recreate
the whole OTP sequence so it definitely shouldn't be displayed in the
clear.
In fact, it shouldn't be displayed at all in the main window since the
proper way to utilize a TOTP entry is to click the "OTP" button to generate
a new OTP (rather than to copy the secret to the clipboard like it was a
password).
The password edit dialog isn't affected by this change and will still show
the whole entry, including its TOTP secret if present.
-rw-r--r-- | src/filecontent.cpp | 21 | ||||
-rw-r--r-- | src/filecontent.h | 14 | ||||
-rw-r--r-- | src/mainwindow.cpp | 3 |
3 files changed, 29 insertions, 9 deletions
diff --git a/src/filecontent.cpp b/src/filecontent.cpp index d77983c2..0dc25756 100644 --- a/src/filecontent.cpp +++ b/src/filecontent.cpp @@ -1,11 +1,15 @@ #include "filecontent.h" +static bool isLineHidden(const QString &line) { + return line.startsWith("otpauth://", Qt::CaseInsensitive); +} + FileContent FileContent::parse(const QString &fileContent, const QStringList &templateFields, bool allFields) { QStringList lines = fileContent.split("\n"); QString password = lines.takeFirst(); - QStringList remainingData; + QStringList remainingData, remainingDataDisplay; NamedValues namedValues; for (const QString &line : lines) { if (line.contains(":")) { @@ -20,9 +24,13 @@ FileContent FileContent::parse(const QString &fileContent, continue; } } + remainingData.append(line); + if (!isLineHidden(line)) + remainingDataDisplay.append(line); } - return FileContent(password, namedValues, remainingData.join("\n")); + return FileContent(password, namedValues, remainingData.join("\n"), + remainingDataDisplay.join("\n")); } QString FileContent::getPassword() const { return this->password; } @@ -31,11 +39,16 @@ NamedValues FileContent::getNamedValues() const { return this->namedValues; } QString FileContent::getRemainingData() const { return this->remainingData; } +QString FileContent::getRemainingDataForDisplay() const { + return this->remainingDataDisplay; +} + FileContent::FileContent(const QString &password, const NamedValues &namedValues, - const QString &remainingData) + const QString &remainingData, + const QString &remainingDataDisplay) : password(password), namedValues(namedValues), - remainingData(remainingData) {} + remainingData(remainingData), remainingDataDisplay(remainingDataDisplay) {} NamedValues::NamedValues() : QList() {} diff --git a/src/filecontent.h b/src/filecontent.h index 94e48aa0..845648f7 100644 --- a/src/filecontent.h +++ b/src/filecontent.h @@ -28,8 +28,8 @@ public: * @brief parse parses the given fileContent in a FileContent object. * The password is accessible through getPassword. * The named value pairs (name: value) are parsed and depeding on the - * templateFields and allFields parameters accessible through getNamedValues - * or getRemainingData. + * templateFields and allFields parameters accessible through getNamedValues, + * getRemainingData or getRemainingDataForDisplay. * * @param fileContent the file content to parse. * @@ -61,13 +61,19 @@ public: */ QString getRemainingData() const; + /** + * @like getRemainingData but without data that should not be displayed + * (like a TOTP secret). + */ + QString getRemainingDataForDisplay() const; + private: FileContent(const QString &password, const NamedValues &namedValues, - const QString &remainingData); + const QString &remainingData, const QString &remainingDataDisplay); QString password; NamedValues namedValues; - QString remainingData; + QString remainingData, remainingDataDisplay; }; #endif // FILECONTENT_H diff --git a/src/mainwindow.cpp b/src/mainwindow.cpp index 1360b6be..5a0afb0c 100644 --- a/src/mainwindow.cpp +++ b/src/mainwindow.cpp @@ -399,7 +399,8 @@ void MainWindow::passShowHandler(const QString &p_output) { ui->verticalLayoutPassword->setSpacing(0); else ui->verticalLayoutPassword->setSpacing(6); - output = fileContent.getRemainingData(); + + output = fileContent.getRemainingDataForDisplay(); } if (QtPassSettings::isUseAutoclearPanel()) { |