luckyimnotanigger/Aegis
1
0
Fork 0
mirror of https://github.com/beemdevelopment/Aegis.git synced 2025-04-23 23:39:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
1431 commits 4 branches 69 tags 25 MiB
Commit graph

624 commits

Author SHA1 Message Date
Alexander Bakker
282f85fb3b Don't show "Export all groups" option if there are no groups 2022-11-20 18:49:47 +01:00
Alexander Bakker
fd5a0390f0
Merge pull request #1014 from orange-elephant/export-selected-groups 
Allow exporting specific groups
 2022-11-20 18:37:54 +01:00
Alexander Bakker
01e59d79a1
Merge pull request #1013 from orange-elephant/no-icons-view-mode 
Add 'No Icons' view mode
 2022-11-20 18:36:42 +01:00
Alexander Bakker
5ab36d72a4 Add a test for password and backup password changes 2022-11-20 15:05:11 +01:00
Alexander Bakker
5dfdbabf30 Patch scrypt implementation to directly use Java's Integer.rotateLeft 
This should improve performance in some rare cases where the wrapper
function that BouncyCastle has for Integer.rotateLeft is not inlined.

See: #1024
 2022-11-20 12:54:55 +01:00
Alexander Bakker
e7cc3e6ca3 Fix a crash by only creating toasts using Toast.makeText() 2022-11-16 10:48:21 +01:00
Alexander Bakker
f081cfa77b Add support for importing 2FAS schema v3 backups 
Fixes #1026
 2022-11-15 22:44:13 +01:00
Alexander Bakker
55dc4b22d5 Set RESULT_CANCELED before calling finishAffinity() 
This fixes a crash in AuthActivity:

Exception java.lang.IllegalStateException: Can not be called to deliver a result
 2022-11-12 11:50:01 +01:00
Alexander Bakker
9f55d4f659 Do not print a trace when calling the private finish() overload fails 2022-11-09 20:42:59 +01:00
Alexander Bakker
715c5112ab Fix a crash caused by ViewHolder.getAdapterPosition returning -1 2022-11-09 20:18:18 +01:00
elena
c45564d852 Allow exporting specific groups 2022-11-06 18:38:34 +00:00
Alexander Bakker
98e802a534
Merge pull request #1019 from beemdevelopment/feature/quick-settings 
Add quick setting tiles
 2022-11-06 15:34:10 +01:00
Michael Schättgen
6a1e6db486 Add quick setting tiles 2022-11-06 15:21:33 +01:00
elena
237e6744a5 Add option to hide icons 2022-11-06 13:26:47 +00:00
Alexander Bakker
599be44369
Merge pull request #1017 from orange-elephant/reveal-on-hotp-increment 
Reveal hidden code on HOTP increment click
 2022-11-06 12:18:40 +01:00
Alexander Bakker
bee490d091 Check for nulls when opening ContentResolver streams 2022-11-03 22:41:30 +01:00
Michael Schättgen
dd88f5bb0c Fix crash when using non latin language 2022-11-03 13:37:15 +01:00
elena
af9be15ae0 Reveal hidden code on HOTP increment click 2022-11-02 21:07:37 +00:00
Alexander Bakker
fcc7b7baa2 Use MaterialDividerItemDecoration for compact view mode 
This allows us to disable the divider for the "Showing x entries" footer
 2022-11-02 15:18:07 +01:00
Alexander Bakker
7c0b22920d Fix minor entry margin issues 
Accidentally introduced with the entry pinning feature

This also moves the favorite field to the vault instead of shared
preference in order to avoid some complexity
 2022-11-02 15:14:59 +01:00
Alexander Bakker
c27d080a11 Fix call to notifyItemMoved when entry change causes sort change 
This fixes an issue introduced in ffcbaffcfc
 2022-11-02 15:09:42 +01:00
Alexander Bakker
7993142cc5 Show a warning when a separate export/backup password is configured 2022-10-27 22:12:44 +02:00
Michael Schättgen
5ec1e33a31 Add ability to favorite/pin entries 2022-10-26 14:07:49 +02:00
Alexander Bakker
c58b773878 Rename some things related to plaintext backup warning 2022-10-25 18:38:07 +02:00
Alexander Bakker
681326839c Fix back navigation in preferences when pressing the home action button 2022-10-16 13:27:20 +02:00
Alexander Bakker
3d124d225e Use VaultLockReceiver in a Context-registered manner 
Turns out we can't listen from ACTION_SCREEN_OFF from a
manifest-registered broadcast receiver
 2022-10-15 20:48:36 +02:00
Alexander Bakker
8292173297 Remove unused code for storage read permission request results 2022-10-12 17:39:40 +02:00
Alexander Bakker
84e179f9d3 Add helper to simplify animation end listeners 2022-10-12 17:36:46 +02:00
Alexander Bakker
ad77bd687f Add support for predictive back gesture 2022-10-12 17:25:40 +02:00
Alexander Bakker
c6888b11df Add an icon to the backup status in preferences 2022-10-10 22:33:42 +02:00
elena
c206d4bee8 Additional code grouping options 2022-10-09 21:24:01 +01:00
Alexander Bakker
80c37556c7 Prevent double launches of the intro and auth activities 
Since API level 33: When opening Aegis right after installing it,
Android will send a configuration change event (CONFIG_ASSETS_PATHS),
causing MainActivity to restart almost immediately. This would also
cause two IntroActivity's to be started on top of eachother.
 2022-10-09 16:33:28 +02:00
Alexander Bakker
4198ca3bb7 Update Gradle 2022-10-09 12:51:06 +02:00
Alexander Bakker
3927ddec3e Make vault lock intent used in notifications more explicit 
Aegis can display a notification to the user as a reminder that the vault is
unlocked. If the user taps the notification, the vault is locked. CodeQL
reported that Aegis may be vulnerable to CWE-927, because of the use of an
implicit intent wrapped by a PendingIntent in that notification.

This does not appear to be exploitable in our case, because we use
``PendingIntent.getBroadcast`` and explicitly set the action of the wrapped
intent. Aegis also does not read or act on any information from the received
intent. This means that a malicious app cannot launch activities or send a
broadcast with a different action, as is common with these type of weakness. The
worst an app with notification access can do, is lock the vault.

Either way, it's good to make the intent explicit, so this patch addresses that.
Additionally, for API level 23 and up, we've made the wrapped intent immutable a
while back.

We'd like to thank John Rune, who ran a CodeQL scan on the Aegis codebase and
privately disclosed this finding to us.
 2022-10-09 11:56:09 +02:00
Alexander Bakker
adc9179364 Always copy VaultFileCredentials when accessing it 
This makes sure that mutations to the credentails can only ever be persisted
intentionally.
 2022-10-05 19:42:18 +02:00
Alexander Bakker
8ae8130b71 Store and display backup error messages more clearly 2022-10-05 18:21:50 +02:00
Alexander Bakker
acc6b9a3de
Merge pull request #973 from orange-elephant/entries-shown-count 
Add entries showing count
 2022-09-28 13:48:35 +02:00
elena
4bf807c46a Add entries showing count 2022-09-23 18:49:23 +01:00
Alexander Bakker
e4798703f0 Make the FAB scroll listener a less sensitive 
This should help minimize the glitchiness that can occur when scrolling
through the entry list.

Close #963.
 2022-09-17 18:27:56 +02:00
Alexander Bakker
80624f844c Perform a version check when importing from the Steam app 
Fixes #986.
 2022-09-17 18:08:21 +02:00
Maarten Trompper
78feb25543 Minimize or Close app after copying OTP 
Close #805
 2022-09-17 17:51:03 +02:00
Alexander Bakker
3bc10bd4b8 Disallow importing empty secrets 
Fixes #975

And display "ERROR" for any existing bad entries. This is kind of ugly,
but it's better than crashing, and there are probably very few (or zero)
users who have bad entries anyway.
 2022-09-17 17:31:59 +02:00
Alexander Bakker
66b7fd38d6
Merge pull request #964 from orange-elephant/google-auth-style-export 
Google Authenticator compatible export
 2022-09-17 15:46:56 +02:00
elena
bc665b6980 Google Authenticator compatible export 2022-09-16 17:57:42 +01:00
Alexander Bakker
06405d10ad Only request the POST_NOTIFICATIONS permission in tests on API 33 2022-09-14 21:36:31 +02:00
Alexander Bakker
1e3ceefeec Request permission to show notifications 
This is needed since API 33, because we show a "Vault unlocked"
notification if the user has enabled encryption and has unlocked the
vault.
 2022-09-14 20:54:08 +02:00
Alexander Bakker
642864fca1 Mark clipboard data as "sensitive" when copying tokens 2022-09-14 18:33:28 +02:00
Alexander Bakker
3ec6e35011 Update dependencies 
This also updates the test dependencies to an alpha version. We have to
use a pre-stable version, because these include some fixes for running
on API 33.
 2022-09-14 18:08:47 +02:00
Alexander Bakker
029ca81bbf Don't catch the IllegalArgumentException when calling getMissingIndices 
We always call isSingleBatch beforehand, so if the exception occurs,
it's a bug.
 2022-08-22 19:14:51 +02:00
Alexander Bakker
70ceca6a7b
Merge pull request #958 from orange-elephant/fix-scan-google-auth-export-from-image 
Import Google Authenticator exports by image
 2022-08-22 19:06:59 +02:00