QR Code generator #1167
QR Code generator #1167
Conversation
adolfogc
changed the title
droidmonkey
changed the title
|
Having finished to organize the GIT history for this PR into a better set of commits, I consider it to be ready for review. |
|
I'm not sure about the auto-close feature. An user with a bad camera on an old phone may take more than 30 seconds trying to focus a more detailed QR code like the one in the screenshot. |
|
@weslly How much time would be reasonable? 60 seconds? |
|
@adolfogc how about adding a configuration setting for it. I guess 45 seconds should work with most phones, so a default and maybe a few common options would be nice? |
|
45 seconds is fine for most modern phones but I would prefer not having the auto-close. I think most users would just click the close button before the timer runs out when they are done. There could also be cases where people open the QR code dialog before getting their phone ready and would have to open it again. |
|
@adolfogc Maybe we could have something like this instead: |
|
@adolfogc as long as the user can disable it, you can leave at 30s |
|
@adolfogc The app crashes when I try to view the QR code from entries that use the alternative settings format from KeeOtp ( |
src/gui/MainWindow.ui
Outdated
| @@ -545,6 +546,11 @@ | |||
| <string>Show TOTP</string> | |||
| </property> | |||
| </action> | |||
| <action name="actionEntryTotpDisplayKey"> | |||
| <property name="text"> | |||
| <string>Show TOTP key</string> | |||
There was a problem hiding this comment.
Something like "Export TOTP settings" would be better here, since someone could confuse the key as the generated code.
|
@weslly Thanks for the review, I'll work on it this weekend. |
|
I was looking into this, seems that libqrcodegen it's not in debian repository but I'm not sure. If it is we will have some problem when packaging for debian since we should use debian version of the library (that uses exception) |
|
@TheZ3ro There is no dependency on an external library such as |
|
@adolfogc You are including code from another library (qrcodegen) and modifying it for our needs. It's fine from a license point of view, but debian packaging require us to use system library (if present) instead of bundling the library ourselves. My comment was just an heads-up, currently qrcodegen doesn't seems to be in debian repo so it's fine, but if in the future it will be included as a separate package we will have some problem. Maybe @hifi or @julian-klode can drive us the right way :) |
|
Well, yeah, we don't want embedded code in Debian. If you want to use a library, and want to ship a convience bundle, it should be unmodified so we can link it against a system library. This mostly becomes a problem once multiple programs use the same library and the library gets a security update - it's a question of updating one package vs multiple (and keeping track of these). Also the COPYING stuff is wrong. You added a GPL-3 license to the files, so they are not MIT licensed, but MIT and (GPL-2 or GPL-3). And while it's legal to add GPLed modifications like that, it's just rude IMO. |
|
I would probably use a QR code generation library that's well supported across distributions rather than embed if possible.
https://packages.debian.org/stretch/qrencode |
|
Hi guys, my reply below.
Nayuki's QR Code Generator library is relatively new and currently it's distributed as source code (please check its repo here: https://github.com/nayuki/QR-Code-generator). What is the best way to use this library as it is today?
I don't have much experience with licensing stuff, please understand I wasn't trying to be rude. I just used the same license as the rest of the KeepassXC codebase; can change it to MIT if it's OK with the KeepassXC developers.
Well, originally I used |
|
The Debian comment mainly related to using distributed libraries to prevent security issues (ie, http).. the qrcode library doesn't fall into that camp. |
|
Personally I will prefer a well supported library like qrencode, less code to maintain ourselves in the core codebase |
|
@phoerious Thanks, that fixed the issue I was having with CI. @hifi I tried fixing the aspect ratio issue by subclassing |
|
@adolfogc I think you need to have a layout that allows space around the widget (with spacers?) so that something will fill the window when it's not a perfect square. |
|
just my 2 cents about the auto-close feature:
the first setting (resp. its default behavior) will prevent conflicts or headaches for newbies and placing the setting there will make it easier to understand that the auto-close of the qr-code is due to security reasons. |
|
@DJCrashdummy Currently, you can set this value as shown below:
Though one would expect the timeout used for the DB auto-close to be higher than the one used for closing the QR code window, I guess it does make sense to use the minimum of those two timeout values, as you're suggesting. What about letting the user specify the timeout value and default to using |
no, i'm rather suggesting an additional checkbox (if not hardcoded?) to ensure, that the qr-code window gets always closed when the database gets locked, whether because of timeout or anything else. so this would also apply to the window minimizing behavior, session-lock, lid-close etc. AFTER this essential feature is implemented (and only if optional as checkbox), and both timeouts are activated, this question you are trying to answer arises. |
|
@adolfogc can you rebase this on develop? Now that the code format is merged we are ready to merge 2.4 PR's. |
|
@droidmonkey I'll try to work on it this weekend. |
|
@adolfogc @phoerious @hifi do you think this needs anymore work? |
|
Status on this PR? |
|
@droidmonkey, @TheZ3ro: Sorry for the late reply guys; due to work, I haven't had the chance to work on this PR lately. There are still some changes I'd like to make. |
|
Hello @adolfogc, will you be able to make your changes? I would love to merge this in to develop. If not, can you describe what you want to change and maybe someone else can do it? I rebased onto develop for you. |
src/gui/SettingsWidget.cpp
Outdated
| m_secUi->closeTotpExportSettingsDialogCheckBox->setChecked( | ||
| config()->get("security/AutoCloseTotpExportSettingsDialog", true).toBool()); | ||
| m_secUi->closeTotpExportSettingsDialogSpinBox->setValue( | ||
| config()->get("security/AutoCloseTotpExportSettingsDialogTimeout", 45).toInt()); |
There was a problem hiding this comment.
I personally think this setting is unnecessary. Just fix it at 45 seconds. Will make this PR more streamlined.
|
Hi @droidmonkey, sorry for the late reply. Thanks for the improvements you made in cdd26c3! I'm currently unable to work on this PR, so I was wondering if perhaps you can finish it by implementing these changes:
|
|
This is ready for rebase merge. |
- New Database Wizard [#1952] - Advanced Search [#1797] - Automatic update checker [#2648] - KeeShare database synchronization [#2109, #1992, #2738, #2742, #2746, #2739] - Improve favicon fetching; transition to Duck-Duck-Go [#2795, #2011, #2439] - Remove KeePassHttp support [#1752] - CLI: output info to stderr for easier scripting [#2558] - CLI: Add --quiet option [#2507] - CLI: Add create command [#2540] - CLI: Add recursive listing of entries [#2345] - CLI: Fix stdin/stdout encoding on Windows [#2425] - SSH Agent: Support OpenSSH for Windows [#1994] - macOS: TouchID Quick Unlock [#1851] - macOS: Multiple improvements; include CLI in DMG [#2165, #2331, #2583] - Linux: Prevent Klipper from storing secrets in clipboard [#1969] - Linux: Use polling based file watching for NFS [#2171] - Linux: Enable use of browser plugin in Snap build [#2802] - TOTP QR Code Generator [#1167] - High-DPI Scaling for 4k screens [#2404] - Make keyboard shortcuts more consistent [#2431] - Warn user if deleting referenced entries [#1744] - Allow toolbar to be hidden and repositioned [#1819, #2357] - Increase max allowed database timeout to 12 hours [#2173] - Password generator uses existing password length by default [#2318] - Improve alert message box button labels [#2376] - Show message when a database merge makes no changes [#2551] - Browser Integration Enhancements [#1497, #2253, #1904, #2232, #1850, #2218, #2391, #2396, #2542, #2622, #2637, #2790] - Overall Code Improvements [#2316, #2284, #2351, #2402, #2410, #2419, #2422, #2443, #2491, #2506, #2610, #2667, #2709, #2731]
Description
This PR is an alternative to PR #1001.
Motivation and context
This is an improved version of PR #1001 (it also uses libqrencode, instead of qrcodegen).
How has this been tested?
Manually on macOS.
Screenshots (if appropriate):
Types of changes
Checklist:
-DWITH_ASAN=ON. [REQUIRED]☑️ My change requires a change to the documentation and I have updated it accordingly.☑️ I have added tests to cover my changes.