- Refactor code to have delegates per account-type & simplify code
- Rework layouting in terms of anchors
- Fix positioning of account name and token labels to be vertically
centered
- Make health indicator/token life timer for TOTP accounts sit flush
with the bottom of the TOTP delegate UI itself and extend along the
whole width. This resolves issue #11
Two bits of boolean state are introduces to track whether or not:
- an error has occurred
- accounts have been loaded from storage yet
This change paves the way for having error handling UX.
With this change token secrets are encrypted prior to writing them to
storage, and decrypted as and when needed to generate tokens. Additional
validation is performed to verify that token secrets can be decrypted
successfully when loading accounts from storage.
With this change issue #6 should finally be resolved.
With this change Keysmith now prompts the user to either:
- setup a new password
- supply an existing password (if detected)
Additionally the organisation/structure of the QML is cleaned up a bit.
All QML pages are dedicated QML files and a few signals are introduced
to provide slightly better encapsulation/decouple interdependencies.
With this change an unlock stage is introduced to loading account storage.
Key derivation parameters for a master key are recorded, and the master
password may be supplied to "unlock" the account secret(s) in storage.
This change paves the way for actually decrypting encrypted account
secrets later, and finally solving issue #6.
Introduce a secrets library which implements the necessary crypto using
libsodium. This change provides the basic building blocks for resolving
issue #6.
Apparently having *.license files among asssets triggers build failures
from the Android tooling/androiddeployqt.
Move the licensing/copyright notices to .reuse/dep5 as a work-around.
Delegate recycling causes a bug when removing an account and then adding
it back: the old, stale UI for the account is reused instead of a new one.
In combination with 'alive' guard property on the UI for account entries,
this results in the account entry becoming frozen in the old stale state.
(Incorrect helath indicators, tokens that do not update and buttons that no
longer respond anymore.)
After triggering the removal of an account from storage in the UI, it may
be possible for the UI not to fully reflect this change for a while yet.
During this short time window, it is possible for an operation to occur on
an already deleted account object which is a use-after-free bug.
In particular signals from animations and timers in the QML UI might still
trigger which causes a slot to be invoked that accesses the underlying
account object.
This change introduces a guard property called 'alive' which is flipped
when the account removal operation is triggered. Slots are updated to
check for the alive status of the UI before proceeding with other logic.
With this change the "Add" button in the "Add account" page is not enabled
until the entered account name and details are valid. Additionally, the UI
for entering the token secret now uses a password field with appropriate
hints for input methods.
This change fixes input validation for the following cases:
- Check that entered account names are still available
- Working validation for time steps (input mask was completely broken)
- Allow longer tokens: liboath is no longer used, Keysmith can handle it
Additionally the QML code is refactored significantly:
- Extracted the main accounts overview page
- Extracted the add an account page
- Completed the internal renaming of "Oath" to "Keysmith" for QML types
This change is a workaround for behaviour of QML controls: when fixup is
called during input validation, the `acceptableInput` property is not
updated correctly.
Johan Ouwerkerk
l10n daemon script
Bhushan Shah
Nicolas Fella
Volker Krause
Yuri Chornoivan