438e341000
After triggering the removal of an account from storage in the UI, it may be possible for the UI not to fully reflect this change for a while yet. During this short time window, it is possible for an operation to occur on an already deleted account object which is a use-after-free bug. In particular signals from animations and timers in the QML UI might still trigger which causes a slot to be invoked that accesses the underlying account object. This change introduces a guard property called 'alive' which is flipped when the account removal operation is triggered. Slots are updated to check for the alive status of the UI before proceeding with other logic. |
||
---|---|---|
LICENSES | ||
android | ||
autotests | ||
src | ||
.gitignore | ||
.gitlab-ci.yml | ||
CMakeLists.txt | ||
COPYING | ||
CTestConfig.cmake | ||
Messages.sh | ||
README.md | ||
keysmith.svg | ||
org.kde.keysmith.appdata.xml | ||
org.kde.keysmith.desktop | ||
org.kde.keysmith.json | ||
org.kde.keysmith.json.license |
README.md
Keysmith
It uses the oath-toolkit provided library liboath to generate the 2FA codes, both TOTP and HOTP based. Currently it is largely untested. From initial rough testing it seems that auto-refreshing of code is not working. Also button to refresh token for HOTP is also dummy at moment.
Some todo items include,
- QR code scanning
- Backup and Restore of accounts
- Encrypted storage of the secret token
This code is largely based on the authenticator-ng application by the Rodney Dawes and Michael Zanetti for the Ubuntu Touch.