Release 2.6.02.6.0

Added

- Custom Light and Dark themes [#4110, #4769, #4791, #4796, #4892, #4915]
- Compact mode to use classic Group and Entry line height [#4910]
- View menu to quickly switch themes, compact mode, and toggle UI elements [#4910]
- Search for groups and scope search to matched groups [#4705]
- Save Database Backup feature [#4550]
- Sort entries by "natural order" and move lines up/down [#4357]
- Option to launch KeePassXC on system startup/login [#4675]
- Caps Lock warning on password input fields [#3646]
- Add "Size" column to entry view [#4588]
- Browser-like tab experience using Ctrl+[Num] (Alt+[Num] on Linux) [#4063, #4305]
- Password Generator: Define additional characters to choose from [#3876]
- Reports: Database password health check (offline) [#3993]
- Reports: HIBP online service to check for breached passwords [#4438]
- Auto-Type: DateTime placeholders [#4409]
- Browser: Show group name in results sent to browser extension [#4111]
- Browser: Ability to define a custom browser location (macOS and Linux only) [#4148]
- Browser: Ability to change root group UUID and inline edit connection ID [#4315, #4591]
- CLI: `db-info` command [#4231]
- CLI: Use wl-clipboard if xclip is not available (Linux) [#4323]
- CLI: Incorporate xclip into snap builds [#4697]
- SSH Agent: Key file path env substitution, SSH_AUTH_SOCK override, and connection test [#3769, #3801, #4545]
- SSH Agent: Context menu actions to add/remove keys [#4290]

Changed

- Complete replacement of default database icons [#4699]
- Complete replacement of application icons [#4066, #4161, #4203, #4411]
- Complete rewrite of documentation and manpages using Asciidoctor [#4937]
- Complete refactor of config files; separate between local and roaming [#4665]
- Complete refactor of browser integration and proxy code [#4680]
- Complete refactor of hardware key integration (YubiKey and OnlyKey) [#4584, #4843]
- Significantly improve performance when saving and opening databases [#4309, #4833]
- Remove read-only detection for database files [#4508]
- Overhaul of password fields and password generator [#4367]
- Replace instances of "Master Key" with "Database Credentials" [#4929]
- Change settings checkboxes to positive phrasing for consistency [#4715]
- Improve UX of using entry actions (focus fix) [#3893]
- Set expiration time to Now when enabling entry expiration [#4406]
- Always show "New Entry" in context menu [#4617]
- Issue warning before adding large attachments [#4651]
- Improve importing OPVault [#4630]
- Improve AutoOpen capability [#3901, #4752]
- Check for updates every 7 days even while still running [#4752]
- Improve Windows installer UI/UX [#4675]
- Improve config file handling of portable distribution [#4131, #4752]
- macOS: Hide dock icon when application is hidden to tray [#4782]
- Browser: Use unlock dialog to improve UX of opening a locked database [#3698]
- Browser: Improve database and entry settings experience [#4392, #4591]
- Browser: Improve confirm access dialog [#2143, #4660]
- KeeShare: Improve monitoring file changes of shares [#4720]
- CLI: Rename `create` command to `db-create` [#4231]
- CLI: Cleanup `db-create` options (`--set-key-file` and `--set-password`) [#4313]
- CLI: Use stderr for help text and password prompts [#4086, #4623]
- FdoSecrets: Display existing secret service process [#4128]

Fixed

- Fix changing focus around the main window using tab key [#4641]
- Fix search field clearing while still using the application [#4368]
- Improve search help widget displaying on macOS and Linux [#4236]
- Return keyboard focus after editing an entry [#4287]
- Reset database path after failed "Save As" [#4526]
- Use SHA256 Digest for Windows code signing [#4129]
- Improve handling of ccache when building [#4104, #4335]
- macOS: Properly re-hide application window after browser integration and Auto-Type usage [#4909]
- Auto-Type: Fix crash when performing on new entry [#4132]
- Browser: Send legacy HTTP settings to recycle bin [#4589]
- Browser: Fix merging browser keys [#4685]
- CLI: Fix encoding when exporting database [#3921]
- SSH Agent: Improve reliability and underlying code [#3833, #4256, #4549, #4595]
- FdoSecrets: Fix crash when editing settings before service is enabled [#4332]

1 files changed, 119 insertions, 0 deletions

diff --git a/src/core/PasswordHealth.h b/src/core/PasswordHealth.h
new file mode 100644
index 000000000..ef3249380
--- /dev/null
+++ b/src/core/PasswordHealth.h
@@ -0,0 +1,119 @@
+/*
+ *  Copyright (C) 2019 KeePassXC Team <team@keepassxc.org>
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 2 or (at your option)
+ *  version 3 of the License.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef KEEPASSX_PASSWORDHEALTH_H
+#define KEEPASSX_PASSWORDHEALTH_H
+
+#include <QHash>
+#include <QSharedPointer>
+#include <QStringList>
+
+class Database;
+class Entry;
+
+/**
+ * Health status of a single password.
+ *
+ * @see HealthChecker
+ */
+class PasswordHealth
+{
+public:
+    explicit PasswordHealth(double entropy);
+    explicit PasswordHealth(QString pwd);
+
+    /*
+     * The password score is defined to be the greater the better
+     * (more secure) the password is. It doesn't have a dimension,
+     * there are no defined maximum or minimum values, and score
+     * values may change with different versions of the software.
+     */
+    int score() const
+    {
+        return m_score;
+    }
+
+    void setScore(int score);
+    void adjustScore(int amount);
+
+    /*
+     * A text description for the password's quality assessment
+     * (translated into the application language), and additional
+     * information. Empty if nothing is wrong with the password.
+     * May contain more than line, separated by '\n'.
+     */
+    QString scoreReason() const;
+    void addScoreReason(QString reason);
+
+    QString scoreDetails() const;
+    void addScoreDetails(QString details);
+
+    /*
+     * The password quality assessment (based on the score).
+     */
+    enum class Quality
+    {
+        Bad,
+        Poor,
+        Weak,
+        Good,
+        Excellent
+    };
+    Quality quality() const;
+
+    /*
+     * The password's raw entropy value, in bits.
+     */
+    double entropy() const
+    {
+        return m_entropy;
+    }
+
+    /**
+     * Name of custom data field that holds the "this is a known
+     * bad password" flag. Legal values of the field are TRUE_STR
+     * and FALSE_STR, the default (used if the field doesn't exist)
+     * is false.
+     */
+    static const QString OPTION_KNOWN_BAD;
+
+private:
+    int m_score = 0;
+    double m_entropy = 0.0;
+    QStringList m_scoreReasons;
+    QStringList m_scoreDetails;
+};
+
+/**
+ * Password health check for all entries of a database.
+ *
+ * @see PasswordHealth
+ */
+class HealthChecker
+{
+public:
+    explicit HealthChecker(QSharedPointer<Database>);
+
+    // Get the health status of an entry in the database
+    QSharedPointer<PasswordHealth> evaluate(const Entry* entry) const;
+
+private:
+    // To determine password re-use: first = password, second = entries that use it
+    QHash<QString, QStringList> m_reuse;
+};
+
+#endif // KEEPASSX_PASSWORDHEALTH_H