23548427933

Committed 25 Mar 2026 03:12PM UTC coverage: 17.411% (-0.1%) from 17.516%

Build # 23548427933

Build Type

Pull #769

github

Committed by

web-flow

Commit Message

Merge 2e804a75f into 8c5fc9456

Pull Request Pull Request #769: CodeFactor: Fix complex method and style recommendations

Coverage Stats

0 of 140 new or added lines in 2 files covered. (0.0%)

6 existing lines in 1 file now uncovered.

866 of 4974 relevant lines covered (17.41%)

7.19 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.3

/src/imitatepass.cpp

// SPDX-FileCopyrightText: 2016 Anne Jan Brouwer
// SPDX-License-Identifier: GPL-3.0-or-later
#include "imitatepass.h"
#include "qtpasssettings.h"
#include "util.h"
#include <QDirIterator>
#include <QRegularExpression>
#include <utility>

#ifdef QT_DEBUG
#include "debughelper.h"
#endif

using Enums::CLIPBOARD_ALWAYS;
using Enums::CLIPBOARD_NEVER;
using Enums::CLIPBOARD_ON_DEMAND;
using Enums::GIT_ADD;
using Enums::GIT_COMMIT;
using Enums::GIT_COPY;
using Enums::GIT_INIT;
using Enums::GIT_MOVE;
using Enums::GIT_PULL;
using Enums::GIT_PUSH;
using Enums::GIT_RM;
using Enums::GPG_GENKEYS;
using Enums::INVALID;
using Enums::PASS_COPY;
using Enums::PASS_INIT;
using Enums::PASS_INSERT;
using Enums::PASS_MOVE;
using Enums::PASS_OTP_GENERATE;
using Enums::PASS_REMOVE;
using Enums::PASS_SHOW;
using Enums::PROCESS_COUNT;

/**
 * @brief ImitatePass::ImitatePass for situaions when pass is not available
 * we imitate the behavior of pass https://www.passwordstore.org/
 */
ImitatePass::ImitatePass() = default;

static auto pgit(const QString &path) -> QString {
  if (!QtPassSettings::getGitExecutable().startsWith("wsl ")) {
    return path;
  }
  QString res = "$(wslpath " + path + ")";
  return res.replace('\\', '/');
}

static auto pgpg(const QString &path) -> QString {
  if (!QtPassSettings::getGpgExecutable().startsWith("wsl ")) {
    return path;
  }
  QString res = "$(wslpath " + path + ")";
  return res.replace('\\', '/');
}

/**
 * @brief ImitatePass::GitInit git init wrapper
 */
void ImitatePass::GitInit() {
  executeGit(GIT_INIT, {"init", pgit(QtPassSettings::getPassStore())});
}

/**
 * @brief ImitatePass::GitPull git init wrapper
 */
void ImitatePass::GitPull() { executeGit(GIT_PULL, {"pull"}); }

/**
 * @brief ImitatePass::GitPull_b git pull wrapper
 */
void ImitatePass::GitPull_b() {
  Executor::executeBlocking(QtPassSettings::getGitExecutable(), {"pull"});
}

/**
 * @brief ImitatePass::GitPush git init wrapper
 */
void ImitatePass::GitPush() {
  if (QtPassSettings::isUseGit()) {
    executeGit(GIT_PUSH, {"push"});
  }
}

/**
 * @brief ImitatePass::Show shows content of file
 */
void ImitatePass::Show(QString file) {
  file = QtPassSettings::getPassStore() + file + ".gpg";
  QStringList args = {"-d",      "--quiet",     "--yes",   "--no-encrypt-to",
                      "--batch", "--use-agent", pgpg(file)};
  executeGpg(PASS_SHOW, args);
}

/**
 * @brief ImitatePass::OtpGenerate generates an otp code
 */
void ImitatePass::OtpGenerate(QString file) {
#ifdef QT_DEBUG
  dbg() << "No OTP generation code for fake pass yet, attempting for file: " +
               file;
#else
  Q_UNUSED(file)
#endif
}

/**
 * @brief ImitatePass::Insert create new file with encrypted content
 *
 * @param file      file to be created
 * @param newValue  value to be stored in file
 * @param overwrite whether to overwrite existing file
 */
void ImitatePass::Insert(QString file, QString newValue, bool overwrite) {
  file = file + ".gpg";
  QString gpgIdPath = Pass::getGpgIdPath(file);
  if (!verifyGpgIdFile(gpgIdPath)) {
    emit critical(tr("Check .gpgid file signature!"),
                  tr("Signature for %1 is invalid.").arg(gpgIdPath));
    return;
  }
  transactionHelper trans(this, PASS_INSERT);
  QStringList recipients = Pass::getRecipientList(file);
  if (recipients.isEmpty()) {
    // TODO(bezet): probably throw here
    emit critical(tr("Can not edit"),
                  tr("Could not read encryption key to use, .gpg-id "
                     "file missing or invalid."));
    return;
  }
  QStringList args = {"--batch", "-eq", "--output", pgpg(file)};
  for (auto &r : recipients) {
    args.append("-r");
    args.append(r);
  }
  if (overwrite) {
    args.append("--yes");
  }
  args.append("-");
  executeGpg(PASS_INSERT, args, newValue);
  if (!QtPassSettings::isUseWebDav() && QtPassSettings::isUseGit()) {
    // TODO(bezet): why not?
    if (!overwrite) {
      executeGit(GIT_ADD, {"add", pgit(file)});
    }
    QString path = QDir(QtPassSettings::getPassStore()).relativeFilePath(file);
    path.replace(Util::endsWithGpg(), "");
    QString msg =
        QString(overwrite ? "Edit" : "Add") + " for " + path + " using QtPass.";
    GitCommit(file, msg);
  }
}

/**
 * @brief ImitatePass::GitCommit commit a file to git with an appropriate commit
 * message
 * @param file
 * @param msg
 */
void ImitatePass::GitCommit(const QString &file, const QString &msg) {
  if (file.isEmpty()) {
    executeGit(GIT_COMMIT, {"commit", "-m", msg});
  } else {
    executeGit(GIT_COMMIT, {"commit", "-m", msg, "--", pgit(file)});
  }
}

/**
 * @brief ImitatePass::Remove custom implementation of "pass remove"
 */
void ImitatePass::Remove(QString file, bool isDir) {
  file = QtPassSettings::getPassStore() + file;
  transactionHelper trans(this, PASS_REMOVE);
  if (!isDir) {
    file += ".gpg";
  }
  if (QtPassSettings::isUseGit()) {
    executeGit(GIT_RM, {"rm", (isDir ? "-rf" : "-f"), pgit(file)});
    // TODO(bezet): commit message used to have pass-like file name inside(ie.
    //  getFile(file, true)
    GitCommit(file, "Remove for " + file + " using QtPass.");
  } else {
    if (isDir) {
      QDir dir(file);
      dir.removeRecursively();
    } else {
      QFile(file).remove();
    }
  }
}

/**
 * @brief ImitatePass::Init initialize pass repository
 *
 * @param path      path in which new password-store will be created
 * @param users     list of users who shall be able to decrypt passwords in
 * path
 */
auto ImitatePass::checkSigningKeys(const QStringList &signingKeys) -> bool {
  QString out;
  QStringList args =
      QStringList{"--status-fd=1", "--list-secret-keys"} + signingKeys;
  Executor::executeBlocking(QtPassSettings::getGpgExecutable(), args, &out);
  for (auto &key : signingKeys) {
    if (out.contains("[GNUPG:] KEY_CONSIDERED " + key)) {
      return true;
    }
  }
  return false;
}

void ImitatePass::writeGpgIdFile(const QString &gpgIdFile,
                                 const QList<UserInfo> &users) {
  QFile gpgId(gpgIdFile);
  if (!gpgId.open(QIODevice::WriteOnly | QIODevice::Text)) {
    emit critical(tr("Cannot update"),
                  tr("Failed to open .gpg-id for writing."));
    return;
  }
  bool secret_selected = false;
  foreach (const UserInfo &user, users) {
    if (user.enabled) {
      gpgId.write((user.key_id + "\n").toUtf8());
      secret_selected |= user.have_secret;
    }
  }
  gpgId.close();
  if (!secret_selected) {
    emit critical(
        tr("Check selected users!"),
        tr("None of the selected keys have a secret key available.\n"
           "You will not be able to decrypt any newly added passwords!"));
  }
}

void ImitatePass::signGpgIdFile(const QString &gpgIdFile,
                                const QStringList &signingKeys) {
  QStringList args;
  for (auto &key : signingKeys) {
    args.append(QStringList{"--default-key", key});
  }
  args.append(QStringList{"--yes", "--detach-sign", gpgIdFile});
  Executor::executeBlocking(QtPassSettings::getGpgExecutable(), args);
  if (!verifyGpgIdFile(gpgIdFile)) {
    emit critical(tr("Check .gpgid file signature!"),
                  tr("Signature for %1 is invalid.").arg(gpgIdFile));
  }
}

void ImitatePass::gitAddGpgId(const QString &gpgIdFile, const QString &gpgIdSigFile,
                              bool addFile, bool addSigFile) {
  if (addFile) {
    executeGit(GIT_ADD, {"add", pgit(gpgIdFile)});
  }
  QString commitPath = gpgIdFile;
  commitPath.replace(Util::endsWithGpg(), "");
  GitCommit(gpgIdFile, "Added " + commitPath + " using QtPass.");
  if (!addSigFile) {
    return;
  }
  executeGit(GIT_ADD, {"add", pgit(gpgIdSigFile)});
  commitPath = gpgIdSigFile;
  commitPath.replace(QRegularExpression("\\.gpg$"), "");
  GitCommit(gpgIdSigFile, "Added " + commitPath + " using QtPass.");
}

void ImitatePass::Init(QString path, const QList<UserInfo> &users) {
#if QT_VERSION >= QT_VERSION_CHECK(5, 15, 0)
  QStringList signingKeys =
      QtPassSettings::getPassSigningKey().split(" ", Qt::SkipEmptyParts);
#else
  QStringList signingKeys =
      QtPassSettings::getPassSigningKey().split(" ", QString::SkipEmptyParts);
#endif
  QString gpgIdSigFile = path + ".gpg-id.sig";
  bool addSigFile = false;
  if (!signingKeys.isEmpty()) {
    if (!checkSigningKeys(signingKeys)) {
      emit critical(tr("No signing key!"),
                    tr("None of the secret signing keys is available.\n"
                       "You will not be able to change the user list!"));
      return;
    }
    QFileInfo checkFile(gpgIdSigFile);
    if (!checkFile.exists() || !checkFile.isFile()) {
      addSigFile = true;
    }
  }

  QString gpgIdFile = path + ".gpg-id";
  bool addFile = false;
  transactionHelper trans(this, PASS_INIT);
  if (QtPassSettings::isAddGPGId(true)) {
    QFileInfo checkFile(gpgIdFile);
    if (!checkFile.exists() || !checkFile.isFile()) {
      addFile = true;
    }
  }
  writeGpgIdFile(gpgIdFile, users);

  if (!signingKeys.isEmpty()) {
    signGpgIdFile(gpgIdFile, signingKeys);
  }

  if (!QtPassSettings::isUseWebDav() && QtPassSettings::isUseGit() &&
      !QtPassSettings::getGitExecutable().isEmpty()) {
    gitAddGpgId(gpgIdFile, gpgIdSigFile, addFile, addSigFile);
  }
  reencryptPath(path);
}

/**
 * @brief ImitatePass::verifyGpgIdFile verify detached gpgid file signature.
 * @param file which gpgid file.
 * @return was verification succesful?
 */
auto ImitatePass::verifyGpgIdFile(const QString &file) -> bool {
#if QT_VERSION >= QT_VERSION_CHECK(5, 15, 0)
  QStringList signingKeys =
      QtPassSettings::getPassSigningKey().split(" ", Qt::SkipEmptyParts);
#else
  QStringList signingKeys =
      QtPassSettings::getPassSigningKey().split(" ", QString::SkipEmptyParts);
#endif
  if (signingKeys.isEmpty()) {
    return true;
  }
  QString out;
  QStringList args =
      QStringList{"--verify", "--status-fd=1", pgpg(file) + ".sig", pgpg(file)};
  Executor::executeBlocking(QtPassSettings::getGpgExecutable(), args, &out);
  QRegularExpression re(
      R"(^\[GNUPG:\] VALIDSIG ([A-F0-9]{40}) .* ([A-F0-9]{40})\r?$)",
      QRegularExpression::MultilineOption);
  QRegularExpressionMatch m = re.match(out);
  if (!m.hasMatch()) {
    return false;
  }
  QStringList fingerprints = m.capturedTexts();
  fingerprints.removeFirst();
  for (auto &key : signingKeys) {
    if (fingerprints.contains(key)) {
      return true;
    }
  }
  return false;
}

/**
 * @brief ImitatePass::removeDir delete folder recursive.
 * @param dirName which folder.
 * @return was removal succesful?
 */
auto ImitatePass::removeDir(const QString &dirName) -> bool {
  bool result = true;
  QDir dir(dirName);

  if (dir.exists(dirName)) {
    for (const QFileInfo &info :
         dir.entryInfoList(QDir::NoDotAndDotDot | QDir::System | QDir::Hidden |
                               QDir::AllDirs | QDir::Files,
                           QDir::DirsFirst)) {
      if (info.isDir()) {
        result = removeDir(info.absoluteFilePath());
      } else {
        result = QFile::remove(info.absoluteFilePath());
      }

      if (!result) {
        return result;
      }
    }
    result = dir.rmdir(dirName);
  }
  return result;
}

/**
 * @brief ImitatePass::reencryptPath reencrypt all files under the chosen
 * directory
 *
 * This is stil quite experimental..
 * @param dir
  */
void ImitatePass::verifyGpgIdForDir(const QString &file,
                                     QStringList &gpgIdFilesVerified,
                                     QStringList &gpgId) {
  QString gpgIdPath = Pass::getGpgIdPath(file);
  if (gpgIdFilesVerified.contains(gpgIdPath)) {
    return;
  }
  if (!verifyGpgIdFile(gpgIdPath)) {
    emit critical(tr("Check .gpgid file signature!"),
                  tr("Signature for %1 is invalid.").arg(gpgIdPath));
    emit endReencryptPath();
    return;
  }
  gpgIdFilesVerified.append(gpgIdPath);
  gpgId = getRecipientList(file);
  gpgId.sort();
}

auto ImitatePass::getKeysFromFile(const QString &fileName) -> QStringList {
  QStringList args = {
      "-v",          "--no-secmem-warning", "--no-permission-warning",
      "--list-only", "--keyid-format=long", pgpg(fileName)};
  QString keys;
  QString err;
  Executor::executeBlocking(QtPassSettings::getGpgExecutable(), args, &keys,
                            &err);
  QStringList actualKeys;
  keys += err;
#if QT_VERSION >= QT_VERSION_CHECK(5, 15, 0)
  QStringList key = keys.split(Util::newLinesRegex(), Qt::SkipEmptyParts);
#else
  QStringList key = keys.split(Util::newLinesRegex(), QString::SkipEmptyParts);
#endif
  QListIterator<QString> itr(key);
  while (itr.hasNext()) {
    QString current = itr.next();
    QStringList cur = current.split(" ");
    if (cur.length() > 4) {
      QString actualKey = cur.takeAt(4);
      if (actualKey.length() == 16) {
        actualKeys << actualKey;
      }
    }
  }
  actualKeys.sort();
  return actualKeys;
}

void ImitatePass::reencryptSingleFile(const QString &fileName,
                                       const QStringList &recipients) {
#ifdef QT_DEBUG
  dbg() << "reencrypt " << fileName << " for " << recipients;
#endif
  QString local_lastDecrypt = "Could not decrypt";
  QStringList args = {
      "-d",      "--quiet",     "--yes",       "--no-encrypt-to",
      "--batch", "--use-agent", pgpg(fileName)};
  Executor::executeBlocking(QtPassSettings::getGpgExecutable(), args,
                            &local_lastDecrypt);

  if (local_lastDecrypt.isEmpty() ||
      local_lastDecrypt == "Could not decrypt") {
#ifdef QT_DEBUG
    dbg() << "Decrypt error on re-encrypt";
#endif
    return;
  }

  if (local_lastDecrypt.right(1) != "\n") {
    local_lastDecrypt += "\n";
  }

  QStringList recipientsList = Pass::getRecipientList(fileName);
  if (recipientsList.isEmpty()) {
    emit critical(tr("Can not edit"),
                  tr("Could not read encryption key to use, .gpg-id "
                     "file missing or invalid."));
    return;
  }
  args = QStringList{"--yes", "--batch", "-eq", "--output", pgpg(fileName)};
  for (auto &i : recipientsList) {
    args.append("-r");
    args.append(i);
  }
  args.append("-");
  Executor::executeBlocking(QtPassSettings::getGpgExecutable(), args,
                            local_lastDecrypt);

  if (!QtPassSettings::isUseWebDav() && QtPassSettings::isUseGit()) {
    Executor::executeBlocking(QtPassSettings::getGitExecutable(),
                              {"add", pgit(fileName)});
    QString path =
        QDir(QtPassSettings::getPassStore()).relativeFilePath(fileName);
    path.replace(Util::endsWithGpg(), "");
    Executor::executeBlocking(QtPassSettings::getGitExecutable(),
                              {"commit", pgit(fileName), "-m",
                               "Edit for " + path + " using QtPass."});
  }
}

void ImitatePass::reencryptPath(const QString &dir) {
  emit statusMsg(tr("Re-encrypting from folder %1").arg(dir), 3000);
  emit startReencryptPath();
  if (QtPassSettings::isAutoPull()) {
    emit statusMsg(tr("Updating password-store"), 2000);
    GitPull_b();
  }
  QDir currentDir;
  QDirIterator gpgFiles(dir, QStringList() << "*.gpg", QDir::Files,
                        QDirIterator::Subdirectories);
  QStringList gpgIdFilesVerified;
  QStringList gpgId;
  while (gpgFiles.hasNext()) {
    QString fileName = gpgFiles.next();
    if (gpgFiles.fileInfo().path() != currentDir.path()) {
      verifyGpgIdForDir(fileName, gpgIdFilesVerified, gpgId);
      if (gpgId.isEmpty() && !gpgIdFilesVerified.isEmpty()) {
        return;
      }
    }
    QStringList actualKeys = getKeysFromFile(fileName);
    if (actualKeys != gpgId) {
      reencryptSingleFile(fileName, gpgId);
    }
  }
  if (QtPassSettings::isAutoPush()) {
    emit statusMsg(tr("Updating password-store"), 2000);
    GitPush();
  }
  emit endReencryptPath();
}

auto ImitatePass::resolveMoveDestination(const QString &src,
                                          const QString &dest,
                                          bool force) -> QString {
  QFileInfo srcFileInfo(src);
  QFileInfo destFileInfo(dest);
  QString destFile;
  QString srcFileBaseName = srcFileInfo.fileName();

  if (srcFileInfo.isFile()) {
    if (destFileInfo.isFile()) {
      if (!force) {
#ifdef QT_DEBUG
        dbg() << "Destination file already exists";
#endif
        return QString();
      }
    } else if (destFileInfo.isDir()) {
      destFile = QDir(dest).filePath(srcFileBaseName);
    } else {
      destFile = dest;
    }

    if (destFile.endsWith(".gpg", Qt::CaseInsensitive)) {
      destFile.chop(4);
    }
    destFile.append(".gpg");
  } else if (srcFileInfo.isDir()) {
    if (destFileInfo.isDir()) {
      destFile = QDir(dest).filePath(srcFileBaseName);
    } else if (destFileInfo.isFile()) {
#ifdef QT_DEBUG
      dbg() << "Destination is a file";
#endif
      return QString();
    } else {
      destFile = dest;
    }
  } else {
#ifdef QT_DEBUG
    dbg() << "Source file does not exist";
#endif
    return QString();
  }
  return destFile;
}

void ImitatePass::executeMoveGit(const QString &src, const QString &destFile,
                                  bool force) {
  QStringList args;
  args << "mv";
  if (force) {
    args << "-f";
  }
  args << pgit(src);
  args << pgit(destFile);
  executeGit(GIT_MOVE, args);

  QString relSrc = QDir(QtPassSettings::getPassStore()).relativeFilePath(src);
  relSrc.replace(Util::endsWithGpg(), "");
  QString relDest =
      QDir(QtPassSettings::getPassStore()).relativeFilePath(destFile);
  relDest.replace(Util::endsWithGpg(), "");
  QString message = QString("Moved for %1 to %2 using QtPass.");
  message = message.arg(relSrc, relDest);
  GitCommit("", message);
}

void ImitatePass::Move(const QString src, const QString dest,
                       const bool force) {
  transactionHelper trans(this, PASS_MOVE);
  QString destFile = resolveMoveDestination(src, dest, force);
  if (destFile.isEmpty()) {
    return;
  }

#ifdef QT_DEBUG
  dbg() << "Move Source: " << src;
  dbg() << "Move Destination: " << destFile;
#endif

  if (QtPassSettings::isUseGit()) {
    executeMoveGit(src, destFile, force);
  } else {
    QDir qDir;
    if (force) {
      qDir.remove(destFile);
    }
    qDir.rename(src, destFile);
  }
}

void ImitatePass::Copy(const QString src, const QString dest,
                       const bool force) {
  QFileInfo destFileInfo(dest);
  transactionHelper trans(this, PASS_COPY);
  if (QtPassSettings::isUseGit()) {
    QStringList args;
    args << "cp";
    if (force) {
      args << "-f";
    }
    args << pgit(src);
    args << pgit(dest);
    executeGit(GIT_COPY, args);

    QString message = QString("copied from %1 to %2 using QTPass.");
    message = message.arg(src, dest);
    GitCommit("", message);
  } else {
    QDir qDir;
    if (force) {
      qDir.remove(dest);
    }
    QFile::copy(src, dest);
  }
  // reecrypt all files under the new folder
  if (destFileInfo.isDir()) {
    reencryptPath(destFileInfo.absoluteFilePath());
  } else if (destFileInfo.isFile()) {
    reencryptPath(destFileInfo.dir().path());
  }
}

/**
 * @brief ImitatePass::executeGpg easy wrapper for running gpg commands
 * @param args
 */
void ImitatePass::executeGpg(PROCESS id, const QStringList &args, QString input,
                             bool readStdout, bool readStderr) {
  executeWrapper(id, QtPassSettings::getGpgExecutable(), args, std::move(input),
                 readStdout, readStderr);
}
/**
 * @brief ImitatePass::executeGit easy wrapper for running git commands
 * @param args
 */
void ImitatePass::executeGit(PROCESS id, const QStringList &args, QString input,
                             bool readStdout, bool readStderr) {
  executeWrapper(id, QtPassSettings::getGitExecutable(), args, std::move(input),
                 readStdout, readStderr);
}

/**
 * @brief ImitatePass::finished this function is overloaded to ensure
 *                              identical behaviour to RealPass ie. only PASS_*
 *                              processes are visible inside Pass::finish, so
 *                              that interface-wise it all looks the same
 * @param id
 * @param exitCode
 * @param out
 * @param err
 */
void ImitatePass::finished(int id, int exitCode, const QString &out,
                           const QString &err) {
#ifdef QT_DEBUG
  dbg() << "Imitate Pass";
#endif
  static QString transactionOutput;
  PROCESS pid = transactionIsOver(static_cast<PROCESS>(id));
  transactionOutput.append(out);

  if (exitCode == 0) {
    if (pid == INVALID) {
      return;
    }
  } else {
    while (pid == INVALID) {
      id = exec.cancelNext();
      if (id == -1) {
        //  this is probably irrecoverable and shall not happen
#ifdef QT_DEBUG
        dbg() << "No such transaction!";
#endif
        return;
      }
      pid = transactionIsOver(static_cast<PROCESS>(id));
    }
  }
  Pass::finished(pid, exitCode, transactionOutput, err);
  transactionOutput.clear();
}

/**
 * @brief executeWrapper    overrided so that every execution is a transaction
 * @param id
 * @param app
 * @param args
 * @param input
 * @param readStdout
 * @param readStderr
 */
void ImitatePass::executeWrapper(PROCESS id, const QString &app,
                                 const QStringList &args, QString input,
                                 bool readStdout, bool readStderr) {
  transactionAdd(id);
  Pass::executeWrapper(id, app, args, input, readStdout, readStderr);
}

IJHack / QtPass / 23548427933

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous