Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CLI] Add a db-edit command #8400

Merged
merged 2 commits into from
Oct 5, 2022
Merged

[CLI] Add a db-edit command #8400

merged 2 commits into from
Oct 5, 2022

Conversation

louib
Copy link
Member

@louib louib commented Aug 21, 2022

This PR adds the db-edit command.

Changes in this PR include:

  • Renamed the Create command to DatabaseCreate
  • Renamed the Info command to DatabaseInfo
  • Added a DatabaseEdit (db-edit) command with the following options:
    • Changing the password with -p
    • Removing the password with --unset-password
    • Changing the key file with --set-key-file
    • Removing the key file with --unset-key-file
  • Deprecated the -k option for setting the key file. Otherwise it would clash with the -k option to specify the current key file when calling db-edit

The challenge response key options will be addressed in another PR. Those include:

  • Changing the yubikey with --set-yubikey.
  • Removing the yubikey with --unset-yubikey.

Other editing options will also be covered in another PR. For example, we could set the name and description of the db, but we don't even do that in db-create, so it could be added to both at the same time.

I also did not add the --decryption-time option that is available to db-create. It would take a bit of refactoring to be able to reuse the code, and I feel like this PR is already big enough, so I'll defer that to another PR.

Testing strategy

So far, unit tests and manual testing.

Type of change

  • ✅ New feature (change that adds functionality)

@louib louib changed the title Cli db edit [CLI] Add a db-edit command Aug 21, 2022
@codecov-commenter
Copy link

codecov-commenter commented Aug 21, 2022

Codecov Report

Attention: Patch coverage is 86.89655% with 19 lines in your changes missing coverage. Please review.

Project coverage is 64.43%. Comparing base (b1e7c34) to head (6cf9c7c).
Report is 370 commits behind head on develop.

Files with missing lines Patch % Lines
src/cli/DatabaseEdit.cpp 85.59% 16 Missing ⚠️
src/keys/CompositeKey.cpp 80.00% 2 Missing ⚠️
src/cli/DatabaseCreate.cpp 93.75% 1 Missing ⚠️
Additional details and impacted files
@@             Coverage Diff             @@
##           develop    #8400      +/-   ##
===========================================
+ Coverage    64.39%   64.43%   +0.05%     
===========================================
  Files          339      340       +1     
  Lines        44007    44138     +131     
===========================================
+ Hits         28334    28439     +105     
- Misses       15673    15699      +26     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.


🚨 Try these New Features:

@phoerious
Copy link
Member

Should we add failsafes to prevent databases without any key?

Is it really possible to have multiple password keys or multiple file keys?

For our use cases, no, but in theory, yes. It's also important to keep the correct order of different key types, since they are hashed sequentially. I would prefer this to remain a list.

The second blocker is smaller: The -k option name is overloaded. Normally it is used to specify the key file when opening a database. But in the db-create command, it is used to set the keyfile for the new database. I think it would be better to use only the longer form (--set-key-file) for the db-create command, so that it can be reused by the db-edit command. That is a breaking change though, so we will have to document that in the release notes.

Emit a deprecation warning, then we can break things in 2.9.

@louib
Copy link
Member Author

louib commented Aug 22, 2022

Should we add failsafes to prevent databases without any key?

Good call.

For our use cases, no, but in theory, yes.

Ouch. How would you change the password if there might be many? 🤔

It's also important to keep the correct order of different key types, since they are hashed sequentially. I would prefer this to remain a list.

This can be enforced from within the keys() function, which would still return a list. That would also make the order explicit, and encapsulate that logic in the CompositeKey class.

Emit a deprecation warning, then we can break things in 2.9.

👍

@phoerious
Copy link
Member

I still don't think the overhead of a map compared to a small list is justified, especially not when you would have to return a list from keys() anyway. I think it makes things more complicated, not less. I'd rather implement a removeByType() convenience function.

@louib
Copy link
Member Author

louib commented Sep 7, 2022

Should we add failsafes to prevent databases without any key?

This is done.

Emit a deprecation warning, then we can break things in 2.9.

This is done as well.

It's also important to keep the correct order of different key types, since they are hashed sequentially.

I'm still not sure I understand how this is currently implemented. Right now I'm pretty sure the getNewDatabaseKey function can change the order of the different key types. The tests are passing though, so I'm not sure this is a concern in this case.

This is still a work in progress, but feedback would be much appreciated.

@louib louib force-pushed the cli_db_edit branch 4 times, most recently from 2ac89c1 to 3911b5d Compare September 13, 2022 00:40
@louib louib marked this pull request as ready for review September 16, 2022 02:12
@louib
Copy link
Member Author

louib commented Sep 16, 2022

I think this PR is close to being mergeable, so I'm taking it out of the draft state. I only added an hasKey function to CompositeKey, which makes the code a bit cleaner in the new command. I will try to think about other unit tests that could be added.

There's still a chance that the order of the different key types changes during an update. For example, if there is only a key file and a password is added, the password will be added after the key file. Not sure if that's a problem though.

I'm thinking about renaming the Database related commands to DatabaseCreate and DatabaseInfo, for consistency with the new DatabaseEdit command. Let me know what you guys think of that.

@louib louib force-pushed the cli_db_edit branch 2 times, most recently from 664d715 to d54d0b4 Compare September 17, 2022 19:45
@louib
Copy link
Member Author

louib commented Sep 17, 2022

There's still a chance that the order of the different key types changes during an update. For example, if there is only a key file and a password is added, the password will be added after the key file. Not sure if that's a problem though.

Turns out that this was indeed a problem! Adding more tests confirmed that the key order is important, as @phoerious mentioned in a previous comment. The getNewDatabaseKey function now handles the key types in the expected order: password, then key file, then challenge response. I also added a sanity check to make sure that those are the only key types in the CompositeKey, in case we add more types in the future. I think some of that code should be encapsulated in CompositeKey at some point, but that could be deferred to another PR.

The last thing I would test before merging is that the challenge-response key will be preserved when editing the database with db-edit, although the code is pretty straightforward so I don't expect any surprises.

This PR is ready for review!

@louib louib force-pushed the cli_db_edit branch 2 times, most recently from 3f29b55 to 8cb8f69 Compare September 24, 2022 01:09
@droidmonkey droidmonkey added this to the v2.8.0 milestone Oct 2, 2022
@droidmonkey droidmonkey modified the milestones: v2.8.0, v2.7.2 Oct 2, 2022
@louib louib force-pushed the cli_db_edit branch 3 times, most recently from 7290518 to 355a0ae Compare October 2, 2022 14:51
@louib louib changed the title [CLI] Add a db-edit command [DO NOT MERGE][CLI] Add a db-edit command Oct 2, 2022
@louib
Copy link
Member Author

louib commented Oct 2, 2022

@droidmonkey I found a bug with the handling of challenge-response keys, which I fixed in the last commit. I tested locally and everything is working, the only concern I have left is that I get prompted 3 times to touch my yubikey. Once for unlocking, and twice for saving. Not sure why 2 times is necessary when editing the database 🤔

@louib louib changed the title [DO NOT MERGE][CLI] Add a db-edit command [CLI] Add a db-edit command Oct 2, 2022
@louib
Copy link
Member Author

louib commented Oct 4, 2022

@droidmonkey please have a look at the last commit. It fixes the double yubikey interaction when saving, although I'm not 100% that it's ok to disable the key transformation in that case. I see that we call setKey when writing, with the following parameters:

db->setKey(db->key(), false, true)

So I guess the key transformation is going to happen anyway.

@droidmonkey
Copy link
Member

Did my own yubikey test and found that you could not --unset-password and have just a Yubikey on the database. Fixed that problem, good to go now!

@louib
Copy link
Member Author

louib commented Oct 4, 2022

@droidmonkey good catch!

@droidmonkey droidmonkey merged commit db98f11 into develop Oct 5, 2022
@droidmonkey droidmonkey deleted the cli_db_edit branch October 5, 2022 11:30
@droidmonkey droidmonkey added the pr: backported Pull request backported to previous release label Oct 5, 2022
droidmonkey pushed a commit that referenced this pull request Oct 5, 2022
pull bot pushed a commit to tigerwill90/keepassxc that referenced this pull request Oct 5, 2022
pull bot pushed a commit to Tiamat-Tech/keepassxc that referenced this pull request Oct 5, 2022
droidmonkey pushed a commit that referenced this pull request Oct 16, 2022
@phoerious phoerious added pr: new feature Pull request that adds a new feature new feature and removed new feature labels Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature: CLI pr: backported Pull request backported to previous release pr: new feature Pull request that adds a new feature
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants