From 12cb01e7811fd43ed4dcb7d58cf04740efd00f34 Mon Sep 17 00:00:00 2001 From: "Maciej S. Szmigiero" Date: Sat, 28 Sep 2019 00:07:35 +0200 Subject: Remove unused uiEnabled signal and setTextTextBrowser() function from MainWindow --- src/mainwindow.cpp | 4 ---- src/mainwindow.h | 2 -- 2 files changed, 6 deletions(-) diff --git a/src/mainwindow.cpp b/src/mainwindow.cpp index a3b1c9c5..cd21505f 100644 --- a/src/mainwindow.cpp +++ b/src/mainwindow.cpp @@ -203,10 +203,6 @@ void MainWindow::cleanKeygenDialog() { this->keygen = nullptr; } -void MainWindow::setTextTextBrowser(const QString &text) { - ui->textBrowser->setText(text); -} - void MainWindow::flashText(const QString &text, const bool isError, const bool isHtml) { if (isError) diff --git a/src/mainwindow.h b/src/mainwindow.h index 32820e77..10f07df7 100644 --- a/src/mainwindow.h +++ b/src/mainwindow.h @@ -49,7 +49,6 @@ public: void userDialog(QString = ""); void config(); - void setTextTextBrowser(const QString &text); void setUiElementsEnabled(bool state); void flashText(const QString &text, const bool isError, const bool isHtml = false); @@ -66,7 +65,6 @@ protected: bool eventFilter(QObject *obj, QEvent *event); signals: - void uiEnabled(bool state); void passShowHandlerFinished(QString output); void passGitInitNeeded(); void generateGPGKeyPair(QString batch); -- cgit v1.2.3 From b5861885a2df7022922a9e379ecd38dcc4494952 Mon Sep 17 00:00:00 2001 From: "Maciej S. Szmigiero" Date: Sat, 28 Sep 2019 00:19:32 +0200 Subject: Don't connect MainWindow::passShowHandlerFinished signal two times QtPass::connectPassSignalHandlers() will be called twice, the first time for the real pass and the second time for a pass imitator. This means that we can't connect MainWindow::passShowHandlerFinished signal in this function or it will be connected (and so then invoked) twice. Connect it in the QtPass::connectPassSignalHandlers() single caller instead. --- src/qtpass.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/qtpass.cpp b/src/qtpass.cpp index f4465bf7..1c207052 100644 --- a/src/qtpass.cpp +++ b/src/qtpass.cpp @@ -121,6 +121,9 @@ void QtPass::setMainWindow(MainWindow *mW) { connectPassSignalHandlers(QtPassSettings::getRealPass()); connectPassSignalHandlers(QtPassSettings::getImitatePass()); + connect(m_mainWindow, &MainWindow::passShowHandlerFinished, this, + &QtPass::passShowHandlerFinished); + // only for ipass connect(QtPassSettings::getImitatePass(), &ImitatePass::startReencryptPath, m_mainWindow, &MainWindow::startReencryptPath); @@ -144,13 +147,10 @@ void QtPass::setMainWindow(MainWindow *mW) { void QtPass::connectPassSignalHandlers(Pass *pass) { connect(pass, &Pass::error, this, &QtPass::processError); connect(pass, &Pass::processErrorExit, this, &QtPass::processErrorExit); - connect(pass, &Pass::critical, m_mainWindow, &MainWindow::critical); connect(pass, &Pass::startingExecuteWrapper, m_mainWindow, &MainWindow::executeWrapperStarted); connect(pass, &Pass::statusMsg, m_mainWindow, &MainWindow::showStatusMessage); - connect(m_mainWindow, &MainWindow::passShowHandlerFinished, this, - &QtPass::passShowHandlerFinished); connect(pass, &Pass::finishedShow, m_mainWindow, &MainWindow::passShowHandler); connect(pass, &Pass::finishedOtpGenerate, m_mainWindow, -- cgit v1.2.3 From 3c97670a8847f56518095dde1f7b0a2b68cc8421 Mon Sep 17 00:00:00 2001 From: "Maciej S. Szmigiero" Date: Sat, 28 Sep 2019 00:37:19 +0200 Subject: Emit passShowHandlerFinished signal in MainWindow::passShowHandler() Commit 3cb140ca697367 ("Trying to use QtPass as process handler and connector for Pass") removed a DisplayInTextBrowser() call from MainWindow::passShowHandler() and added a similar QtPass::showInTextBrowser() function that is invoked by QtPass::passShowHandlerFinished() slot. This slot is in turn connected to MainWindow::passShowHandlerFinished signal which wasn't emitted anywhere in the code. Emit it where the old DisplayInTextBrowser() call was so password entry non-template details are actually displayed upon selecting it in the main QtPass window. --- src/mainwindow.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/mainwindow.cpp b/src/mainwindow.cpp index cd21505f..1360b6be 100644 --- a/src/mainwindow.cpp +++ b/src/mainwindow.cpp @@ -406,6 +406,7 @@ void MainWindow::passShowHandler(const QString &p_output) { clearPanelTimer.start(); } + emit passShowHandlerFinished(output); setUiElementsEnabled(true); } -- cgit v1.2.3 From 0498dd6862447633e9c7731955be5474cc81d911 Mon Sep 17 00:00:00 2001 From: "Maciej S. Szmigiero" Date: Sat, 28 Sep 2019 00:50:14 +0200 Subject: Don't show a TOTP secret when selecting a password entry in the main window Knowing the TOTP secret for a password entry allows somebody to recreate the whole OTP sequence so it definitely shouldn't be displayed in the clear. In fact, it shouldn't be displayed at all in the main window since the proper way to utilize a TOTP entry is to click the "OTP" button to generate a new OTP (rather than to copy the secret to the clipboard like it was a password). The password edit dialog isn't affected by this change and will still show the whole entry, including its TOTP secret if present. --- src/filecontent.cpp | 21 +++++++++++++++++---- src/filecontent.h | 14 ++++++++++---- src/mainwindow.cpp | 3 ++- 3 files changed, 29 insertions(+), 9 deletions(-) diff --git a/src/filecontent.cpp b/src/filecontent.cpp index d77983c2..0dc25756 100644 --- a/src/filecontent.cpp +++ b/src/filecontent.cpp @@ -1,11 +1,15 @@ #include "filecontent.h" +static bool isLineHidden(const QString &line) { + return line.startsWith("otpauth://", Qt::CaseInsensitive); +} + FileContent FileContent::parse(const QString &fileContent, const QStringList &templateFields, bool allFields) { QStringList lines = fileContent.split("\n"); QString password = lines.takeFirst(); - QStringList remainingData; + QStringList remainingData, remainingDataDisplay; NamedValues namedValues; for (const QString &line : lines) { if (line.contains(":")) { @@ -20,9 +24,13 @@ FileContent FileContent::parse(const QString &fileContent, continue; } } + remainingData.append(line); + if (!isLineHidden(line)) + remainingDataDisplay.append(line); } - return FileContent(password, namedValues, remainingData.join("\n")); + return FileContent(password, namedValues, remainingData.join("\n"), + remainingDataDisplay.join("\n")); } QString FileContent::getPassword() const { return this->password; } @@ -31,11 +39,16 @@ NamedValues FileContent::getNamedValues() const { return this->namedValues; } QString FileContent::getRemainingData() const { return this->remainingData; } +QString FileContent::getRemainingDataForDisplay() const { + return this->remainingDataDisplay; +} + FileContent::FileContent(const QString &password, const NamedValues &namedValues, - const QString &remainingData) + const QString &remainingData, + const QString &remainingDataDisplay) : password(password), namedValues(namedValues), - remainingData(remainingData) {} + remainingData(remainingData), remainingDataDisplay(remainingDataDisplay) {} NamedValues::NamedValues() : QList() {} diff --git a/src/filecontent.h b/src/filecontent.h index 94e48aa0..845648f7 100644 --- a/src/filecontent.h +++ b/src/filecontent.h @@ -28,8 +28,8 @@ public: * @brief parse parses the given fileContent in a FileContent object. * The password is accessible through getPassword. * The named value pairs (name: value) are parsed and depeding on the - * templateFields and allFields parameters accessible through getNamedValues - * or getRemainingData. + * templateFields and allFields parameters accessible through getNamedValues, + * getRemainingData or getRemainingDataForDisplay. * * @param fileContent the file content to parse. * @@ -61,13 +61,19 @@ public: */ QString getRemainingData() const; + /** + * @like getRemainingData but without data that should not be displayed + * (like a TOTP secret). + */ + QString getRemainingDataForDisplay() const; + private: FileContent(const QString &password, const NamedValues &namedValues, - const QString &remainingData); + const QString &remainingData, const QString &remainingDataDisplay); QString password; NamedValues namedValues; - QString remainingData; + QString remainingData, remainingDataDisplay; }; #endif // FILECONTENT_H diff --git a/src/mainwindow.cpp b/src/mainwindow.cpp index 1360b6be..5a0afb0c 100644 --- a/src/mainwindow.cpp +++ b/src/mainwindow.cpp @@ -399,7 +399,8 @@ void MainWindow::passShowHandler(const QString &p_output) { ui->verticalLayoutPassword->setSpacing(0); else ui->verticalLayoutPassword->setSpacing(6); - output = fileContent.getRemainingData(); + + output = fileContent.getRemainingDataForDisplay(); } if (QtPassSettings::isUseAutoclearPanel()) { -- cgit v1.2.3