Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Main window entry details improvements #477

Merged
merged 4 commits into from Sep 28, 2019
Merged
Prev

Don't show a TOTP secret when selecting a password entry in the main …

…window

Knowing the TOTP secret for a password entry allows somebody to recreate
the whole OTP sequence so it definitely shouldn't be displayed in the
clear.

In fact, it shouldn't be displayed at all in the main window since the
proper way to utilize a TOTP entry is to click the "OTP" button to generate
a new OTP (rather than to copy the secret to the clipboard like it was a
password).

The password edit dialog isn't affected by this change and will still show
the whole entry, including its TOTP secret if present.
  • Loading branch information
maciejsszmigiero committed Sep 27, 2019
commit 0498dd6862447633e9c7731955be5474cc81d911
@@ -1,11 +1,15 @@
#include "filecontent.h"

static bool isLineHidden(const QString &line) {
return line.startsWith("otpauth://", Qt::CaseInsensitive);
}

FileContent FileContent::parse(const QString &fileContent,
const QStringList &templateFields,
bool allFields) {
QStringList lines = fileContent.split("\n");
QString password = lines.takeFirst();
QStringList remainingData;
QStringList remainingData, remainingDataDisplay;
NamedValues namedValues;
for (const QString &line : lines) {
if (line.contains(":")) {
@@ -20,9 +24,13 @@ FileContent FileContent::parse(const QString &fileContent,
continue;
}
}

remainingData.append(line);
if (!isLineHidden(line))
remainingDataDisplay.append(line);
}
return FileContent(password, namedValues, remainingData.join("\n"));
return FileContent(password, namedValues, remainingData.join("\n"),
remainingDataDisplay.join("\n"));
}

QString FileContent::getPassword() const { return this->password; }
@@ -31,11 +39,16 @@ NamedValues FileContent::getNamedValues() const { return this->namedValues; }

QString FileContent::getRemainingData() const { return this->remainingData; }

QString FileContent::getRemainingDataForDisplay() const {
return this->remainingDataDisplay;
}

FileContent::FileContent(const QString &password,
const NamedValues &namedValues,
const QString &remainingData)
const QString &remainingData,
const QString &remainingDataDisplay)
: password(password), namedValues(namedValues),
remainingData(remainingData) {}
remainingData(remainingData), remainingDataDisplay(remainingDataDisplay) {}

NamedValues::NamedValues() : QList() {}

@@ -28,8 +28,8 @@ class FileContent {
* @brief parse parses the given fileContent in a FileContent object.
* The password is accessible through getPassword.
* The named value pairs (name: value) are parsed and depeding on the
* templateFields and allFields parameters accessible through getNamedValues
* or getRemainingData.
* templateFields and allFields parameters accessible through getNamedValues,
* getRemainingData or getRemainingDataForDisplay.
*
* @param fileContent the file content to parse.
*
@@ -61,13 +61,19 @@ class FileContent {
*/
QString getRemainingData() const;

/**
* @like getRemainingData but without data that should not be displayed
* (like a TOTP secret).
*/
QString getRemainingDataForDisplay() const;

private:
FileContent(const QString &password, const NamedValues &namedValues,
const QString &remainingData);
const QString &remainingData, const QString &remainingDataDisplay);

QString password;
NamedValues namedValues;
QString remainingData;
QString remainingData, remainingDataDisplay;
};

#endif // FILECONTENT_H
@@ -399,7 +399,8 @@ void MainWindow::passShowHandler(const QString &p_output) {
ui->verticalLayoutPassword->setSpacing(0);
else
ui->verticalLayoutPassword->setSpacing(6);
output = fileContent.getRemainingData();

output = fileContent.getRemainingDataForDisplay();
}

if (QtPassSettings::isUseAutoclearPanel()) {
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.