-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for quick unlock with TouchID on Macbook Pro #1851
Add support for quick unlock with TouchID on Macbook Pro #1851
Conversation
src/touchid/TouchID.mm
Outdated
@@ -0,0 +1,212 @@ | |||
#define SECURITY_ATTRIBUTE_ACCOUNT CFSTR("KeepassXC TouchID Keys") | |||
#define TOUCH_ID_PROMPT_MESSAGE CFSTR("authenticate to access KeepassXC database!") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From the screenshot, looks like the touchid UI automatically adds a . to the end of this message, making the exclamation mark seem out of place.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right, I'll remove it and replace the whole thing with QCoreApplication::translate(...).
Looks great! Unfortunately I don't have touch ID on my mac so this I'll be pretty hard to test :( |
@weslly Does anyone of the development team have one to test with? Also, can you tell me why the build fails so I can make adjustments? |
@kolhagen You can see the build log if you click in details and login as a guest at TeamCity |
Please fix the conflicts and rebase (on top of develop) |
b45c8b7
to
298d39f
Compare
b3e9d4c
to
8ca9f46
Compare
Did another rebase. Any updates on a possible integration? |
I haven't found any easy way to simulate TouchID on macOS like you can do on iOS simulator, but it seems there's a workaround: https://stackoverflow.com/questions/40414077/how-can-you-test-touch-id-for-macos |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
works fine, excellent feature.
I think we can merge this |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried using LAPolicyDeviceOwnerAuthentication
instead of LAPolicyDeviceOwnerAuthenticationWithBiometrics
as suggested by that stackoverflow answer and it didn't work, but it also didn't seem to break anything either so I guess we can merge this and see if anyone else with TouchID has problems with this feature. But before that we need to have some kind of test to hide the TouchID checkbox(es) for devices that don't have the sensor available.
Actually it already seems to hide the checkbox if I change the policy back to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor changes and a discussion point
src/gui/DatabaseOpenWidget.cpp
Outdated
m_ui->checkTouchID->setVisible(false); | ||
#else | ||
if (!TouchID::getInstance().isAvailable()) | ||
m_ui->checkTouchID->setVisible(false); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wrap with { }
src/gui/DatabaseOpenWidget.cpp
Outdated
useTouchID.insert(m_filename, true); | ||
} | ||
} else { | ||
// when TouchID not available or unchecked, reset for all databases |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Technically this code only resets for the current database
src/touchid/TouchID.h
Outdated
public: | ||
static TouchID& getInstance() | ||
{ | ||
static TouchID instance; // Guaranteed to be destroyed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I much prefer having this function body and global variable declared in TouchID.mm. Declaring it in the header may cause issues if we move this to an external library in the future.
e738558
to
c77286d
Compare
In case you would need any help with testing the feature, I can provide some sort of feedback or help if needed as I have a Macbook Pro 15'' with TouchID (2017 model). |
There's still an open issue with the complexity of the method Does it help splitting the method up (e.g. like this)? |
You can ignore that failure, I might remove codefactor as a check. You can't turn complexity to a warning.... |
Hey, due to previous time constraints, I'm a little late to the review party. So first of all, thanks for your effort. I haven't really had a chance to look at the code yet, but I think at least the UI needs some tweaks. The most important issue is probably the alignment of the checkbox on the unlock screen. Please fix that before we merge. After this PR we should also have some discussion about a general redesign of that screen, since it starts becoming really crowded with all sorts of options. |
c77286d
to
ab3d9d7
Compare
Thanks for the feedback! Fixed the UI issue with checkboxes not being aligned and did another rebase. |
Great addition, thx! Happy to help testing, i have a MBP 15" 2017. Let me know when and what to do when you are ready. |
Hi, i just tried version 2.3.4 but couldn't find the touchid support. I thought there was nothing blocking the merger into a final version. Don't want to push anybody, but would be great if it could be in the next release. |
This is destined for 2.4, it will be merged very soon |
ab3d9d7
to
2e85456
Compare
2e85456
to
a069377
Compare
Do you have an outlook when the new 2.4 version will be released as binary? |
We will be doing a beta launch very soon. The last major feature was just integrated (group sharing). Snapshots of the develop branch are already available at https://snapshot.keepassxc.org, however TouchID does not work unless the binary is signed. |
Hi, i tried 2.4 Beta 1 on my MBP 2017 (Mojave 10.14.3) but can't get TouchID to work, not sure if i am doing the right thing. Should i open a separate issue or can we use this thread? Problem: |
If you're using the beta version (which is probably not signed), TouchID will not work? I think @droidmonkey stated that TouchID does not work unless the binary is signed. |
I signed the beta version. Unfortunately I cannot test touch id since I only have a Mac mini. Please open a new issue, we may have broken it during one of our refactors. |
Are the entitlements for code-signing added like described in #209? |
I opened a new bug report for this. |
@mxk6n probably not. That entitlement definition should have been included in the repository.... I will add and re-sign. |
Hi, just downloaded en tried beta 2. But still not able to log in with TouchID. Should i open a new bug report? |
@bhavers yes please, include screenshots of the unlock dialog |
Done, see this bug report. |
- New Database Wizard [#1952] - Advanced Search [#1797] - Automatic update checker [#2648] - KeeShare database synchronization [#2109, #1992, #2738, #2742, #2746, #2739] - Improve favicon fetching; transition to Duck-Duck-Go [#2795, #2011, #2439] - Remove KeePassHttp support [#1752] - CLI: output info to stderr for easier scripting [#2558] - CLI: Add --quiet option [#2507] - CLI: Add create command [#2540] - CLI: Add recursive listing of entries [#2345] - CLI: Fix stdin/stdout encoding on Windows [#2425] - SSH Agent: Support OpenSSH for Windows [#1994] - macOS: TouchID Quick Unlock [#1851] - macOS: Multiple improvements; include CLI in DMG [#2165, #2331, #2583] - Linux: Prevent Klipper from storing secrets in clipboard [#1969] - Linux: Use polling based file watching for NFS [#2171] - Linux: Enable use of browser plugin in Snap build [#2802] - TOTP QR Code Generator [#1167] - High-DPI Scaling for 4k screens [#2404] - Make keyboard shortcuts more consistent [#2431] - Warn user if deleting referenced entries [#1744] - Allow toolbar to be hidden and repositioned [#1819, #2357] - Increase max allowed database timeout to 12 hours [#2173] - Password generator uses existing password length by default [#2318] - Improve alert message box button labels [#2376] - Show message when a database merge makes no changes [#2551] - Browser Integration Enhancements [#1497, #2253, #1904, #2232, #1850, #2218, #2391, #2396, #2542, #2622, #2637, #2790] - Overall Code Improvements [#2316, #2284, #2351, #2402, #2410, #2419, #2422, #2443, #2491, #2506, #2610, #2667, #2709, #2731]
To further improve the utilization of TouchID on Macbook Pro and make the unlock feature more intuitive to use (see comments in #2720), I would propose implementing the following changes:
How do you guys feel about this? Edit: Moved the discussion to #2865 |
Please make a new issue with your proposed changes. |
@mxk6n Great feature. Thank you for implementing! But I want to add that while using touch id is not very convenient. Here is my workflow:
It would be more convenient to immediately request Touch ID, as is done in Safari.
|
I have my new Macbook since 4 months (first time with fingerprint sensor) and I just found out how it works with keepass after investing 10 minutes into finding how to activate it just to find out by myself that I have to click OK with an empty password. I think the OK button should have the text "Unlock with fingerprint" if no password is entered and the option is active. Or like @augustgerro said to just bring it up whenever the db is closed. |
Description
Unlock your database using TouchID on supported Macbook Pro models.
Motivation and context
With quick unlock one can simply unlock the database using TouchID without having to enter your password again while the application is still running. #209
Features
Compilation
-DWITH_XC_TOUCHID=ON
Possible future enhancements:
How has this been tested?
Screenshots:
Types of changes
Checklist:
-DWITH_ASAN=ON
. [REQUIRED]