2
* Copyright (C) 2019 KeePassXC Team <team@keepassxc.org>
4
* This program is free software: you can redistribute it and/or modify
5
* it under the terms of the GNU General Public License as published by
6
* the Free Software Foundation, either version 2 or (at your option)
7
* version 3 of the License.
9
* This program is distributed in the hope that it will be useful,
10
* but WITHOUT ANY WARRANTY; without even the implied warranty of
11
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
* GNU General Public License for more details.
14
* You should have received a copy of the GNU General Public License
15
* along with this program. If not, see <http://www.gnu.org/licenses/>.
18
#include "OpVaultReader.h"
20
#include "core/Entry.h"
30
QDateTime resolveDate(const QString& kind, const QJsonValue& value)
33
if (kind == "monthYear") {34
// 1Password programmers are sadistic...
35
auto dateValue = QString::number(value.toInt());
36
date = QDateTime::fromString(dateValue, "yyyyMM");
37
date.setTimeSpec(Qt::UTC);
38
} else if (value.isString()) {39
date = QDateTime::fromTime_t(value.toString().toUInt(), Qt::UTC);
41
date = QDateTime::fromTime_t(value.toInt(), Qt::UTC);
47
void OpVaultReader::fillFromSection(Entry* entry, const QJsonObject& section)
49
const auto uuid = entry->uuid();
50
auto sectionTitle = section["title"].toString();
52
if (!section.contains("fields")) {53
auto sectionName = section["name"].toString();
54
if (!(sectionName.toLower() == "linked items" && sectionTitle.toLower() == "related items")) {55
qWarning() << R"(Skipping "fields"-less Section in UUID ")" << uuid << "\": <<" << section << ">>";
58
} else if (!section["fields"].isArray()) {59
qWarning() << R"(Skipping non-Array "fields" in UUID ")" << uuid << "\"\n";
63
QJsonArray sectionFields = section["fields"].toArray();
64
for (const QJsonValue sectionField : sectionFields) {65
if (!sectionField.isObject()) {66
qWarning() << R"(Skipping non-Object "fields" in UUID ")" << uuid << "\": << " << sectionField << ">>";
69
fillFromSectionField(entry, sectionTitle, sectionField.toObject());
73
void OpVaultReader::fillFromSectionField(Entry* entry, const QString& sectionName, const QJsonObject& field)
75
if (!field.contains("v")) {76
// for our purposes, we don't care if there isn't a value in the field
80
// Ignore "a" and "inputTraits" fields, they don't apply to KPXC
82
auto attrName = resolveAttributeName(sectionName, field["n"].toString(), field["t"].toString());
83
auto attrValue = field.value("v").toString();84
auto kind = field["k"].toString();
86
if (attrName.startsWith("TOTP_")) {87
if (entry->hasTotp()) {88
// Store multiple TOTP definitions as additional otp attributes
91
auto attributes = entry->attributes()->keys();
92
while (attributes.contains(name)) {93
name = QString("otp_%1").arg(++i);95
entry->attributes()->set(name, attrValue, true);
96
} else if (attrValue.startsWith("otpauth://")) {97
QUrlQuery query(attrValue);
98
// at least as of 1Password 7, they don't append the digits= and period= which totp.cpp requires
99
if (!query.hasQueryItem("digits")) {100
query.addQueryItem("digits", QString("%1").arg(Totp::DEFAULT_DIGITS));102
if (!query.hasQueryItem("period")) {103
query.addQueryItem("period", QString("%1").arg(Totp::DEFAULT_STEP));105
attrValue = query.toString(QUrl::FullyEncoded);
106
entry->setTotp(Totp::parseSettings(attrValue));
108
entry->setTotp(Totp::parseSettings({}, attrValue));111
} else if (attrName.startsWith("expir", Qt::CaseInsensitive)) {112
QDateTime expiry = resolveDate(kind, field.value("v"));113
if (expiry.isValid()) {114
entry->setExpiryTime(expiry);
115
entry->setExpires(true);
117
qWarning() << QString("[%1] Invalid expiration date found: %2").arg(entry->title(), attrValue);120
if (kind == "date" || kind == "monthYear") {121
QDateTime date = resolveDate(kind, field.value("v"));122
if (date.isValid()) {123
entry->attributes()->set(attrName, date.toString(Qt::SystemLocaleShortDate));
126
<< QString("[%1] Invalid date attribute found: %2 = %3").arg(entry->title(), attrName, attrValue);128
} else if (kind == "address") {129
// Expand address into multiple attributes
130
auto addrFields = field.value("v").toObject().toVariantMap();131
for (auto& part : addrFields.keys()) {132
entry->attributes()->set(attrName + QString("_%1").arg(part), addrFields.value(part).toString());135
if (entry->attributes()->hasKey(attrName)) {136
// Append a random string to the attribute name to avoid collisions
137
attrName += QString("_%1").arg(QUuid::createUuid().toString().mid(1, 5));139
entry->attributes()->set(attrName, attrValue, (kind == "password" || kind == "concealed"));
144
QString OpVaultReader::resolveAttributeName(const QString& section, const QString& name, const QString& text)
146
// Special case for TOTP
147
if (name.startsWith("TOTP_")) {151
auto lowName = name.toLower();
152
auto lowText = text.toLower();
153
if (section.isEmpty() || name.startsWith("address")) {154
// Empty section implies these are core attributes
155
// try to find username, password, url
156
if (lowName == "password" || lowText == "password") {157
return EntryAttributes::PasswordKey;
158
} else if (lowName == "username" || lowText == "username") {159
return EntryAttributes::UserNameKey;
160
} else if (lowName == "url" || lowText == "url" || lowName == "hostname" || lowText == "server"
161
|| lowName == "website") {162
return EntryAttributes::URLKey;
167
return QString("%1_%2").arg(section, text);