luckyimnotanigger/Aegis
1
0
Fork 0
mirror of https://github.com/beemdevelopment/Aegis.git synced 2025-04-24 07:46:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
1197 commits 4 branches 69 tags 25 MiB
Commit graph

1013 commits

Author SHA1 Message Date
Alexander Bakker
80c37556c7 Prevent double launches of the intro and auth activities 
Since API level 33: When opening Aegis right after installing it,
Android will send a configuration change event (CONFIG_ASSETS_PATHS),
causing MainActivity to restart almost immediately. This would also
cause two IntroActivity's to be started on top of eachother.
 2022-10-09 16:33:28 +02:00
Alexander Bakker
7517cfc975 Update dependencies 2022-10-09 12:53:46 +02:00
Alexander Bakker
4198ca3bb7 Update Gradle 2022-10-09 12:51:06 +02:00
Alexander Bakker
3927ddec3e Make vault lock intent used in notifications more explicit 
Aegis can display a notification to the user as a reminder that the vault is
unlocked. If the user taps the notification, the vault is locked. CodeQL
reported that Aegis may be vulnerable to CWE-927, because of the use of an
implicit intent wrapped by a PendingIntent in that notification.

This does not appear to be exploitable in our case, because we use
``PendingIntent.getBroadcast`` and explicitly set the action of the wrapped
intent. Aegis also does not read or act on any information from the received
intent. This means that a malicious app cannot launch activities or send a
broadcast with a different action, as is common with these type of weakness. The
worst an app with notification access can do, is lock the vault.

Either way, it's good to make the intent explicit, so this patch addresses that.
Additionally, for API level 23 and up, we've made the wrapped intent immutable a
while back.

We'd like to thank John Rune, who ran a CodeQL scan on the Aegis codebase and
privately disclosed this finding to us.
 2022-10-09 11:56:09 +02:00
Alexander Bakker
adc9179364 Always copy VaultFileCredentials when accessing it 
This makes sure that mutations to the credentails can only ever be persisted
intentionally.
 2022-10-05 19:42:18 +02:00
Alexander Bakker
8ae8130b71 Store and display backup error messages more clearly 2022-10-05 18:21:50 +02:00
Alexander Bakker
4427498d5e Rename the instrumented tests to be more consistent 2022-10-05 13:44:12 +02:00
Alexander Bakker
aad6d78750 Move the panic trigger setting to the Security fragment 2022-10-05 13:27:28 +02:00
Alexander Bakker
ef2e803e04 Make the entry count text a bit smaller 2022-10-05 13:25:17 +02:00
Alexander Bakker
c718ea79c5 Update dependencies 2022-10-03 19:29:06 +02:00
Alexander Bakker
acc6b9a3de
Merge pull request #973 from orange-elephant/entries-shown-count 
Add entries showing count
 2022-09-28 13:48:35 +02:00
elena
4bf807c46a Add entries showing count 2022-09-23 18:49:23 +01:00
Alexander Bakker
e4798703f0 Make the FAB scroll listener a less sensitive 
This should help minimize the glitchiness that can occur when scrolling
through the entry list.

Close #963.
 2022-09-17 18:27:56 +02:00
Alexander Bakker
80624f844c Perform a version check when importing from the Steam app 
Fixes #986.
 2022-09-17 18:08:21 +02:00
Maarten Trompper
78feb25543 Minimize or Close app after copying OTP 
Close #805
 2022-09-17 17:51:03 +02:00
Alexander Bakker
3bc10bd4b8 Disallow importing empty secrets 
Fixes #975

And display "ERROR" for any existing bad entries. This is kind of ugly,
but it's better than crashing, and there are probably very few (or zero)
users who have bad entries anyway.
 2022-09-17 17:31:59 +02:00
Alexander Bakker
66b7fd38d6
Merge pull request #964 from orange-elephant/google-auth-style-export 
Google Authenticator compatible export
 2022-09-17 15:46:56 +02:00
elena
bc665b6980 Google Authenticator compatible export 2022-09-16 17:57:42 +01:00
Alexander Bakker
06405d10ad Only request the POST_NOTIFICATIONS permission in tests on API 33 2022-09-14 21:36:31 +02:00
Alexander Bakker
1e3ceefeec Request permission to show notifications 
This is needed since API 33, because we show a "Vault unlocked"
notification if the user has enabled encryption and has unlocked the
vault.
 2022-09-14 20:54:08 +02:00
Alexander Bakker
642864fca1 Mark clipboard data as "sensitive" when copying tokens 2022-09-14 18:33:28 +02:00
Alexander Bakker
3ec6e35011 Update dependencies 
This also updates the test dependencies to an alpha version. We have to
use a pre-stable version, because these include some fixes for running
on API 33.
 2022-09-14 18:08:47 +02:00
Alexander Bakker
e19ceb0761
Merge pull request #981 from jas14/monochromatic-icon 
Add monochrome launcher icon
 2022-09-14 17:33:53 +02:00
Joe Stein
012b66fe9b Pin Robolectric target SDKs to 32 2022-09-05 17:09:48 -04:00
Joe Stein
4cd0d2de04 Bump targetSdkVersion to 33 2022-09-05 17:09:43 -04:00
Joe Stein
bb3f4d733f Add monochrome adaptive icon for Android 13 2022-09-03 23:08:40 -04:00
Maarten Trompper
05a8c7c51f Fixes #794 2022-08-26 20:31:29 +02:00
Alexander Bakker
029ca81bbf Don't catch the IllegalArgumentException when calling getMissingIndices 
We always call isSingleBatch beforehand, so if the exception occurs,
it's a bug.
 2022-08-22 19:14:51 +02:00
Alexander Bakker
70ceca6a7b
Merge pull request #958 from orange-elephant/fix-scan-google-auth-export-from-image 
Import Google Authenticator exports by image
 2022-08-22 19:06:59 +02:00
elena
2767727ad4 Import google auth export from image 2022-08-21 18:47:54 +01:00
Alexander Bakker
79022be3b6 Add an import button to the intro 2022-08-17 19:11:35 +02:00
Alexander Bakker
dcda668671 Disable postprocessing for debug builds to speed them up 2022-08-17 12:00:17 +02:00
elena
5bb32a982b Enable sharing text to Aegis 2022-08-11 21:32:33 +01:00
Alexander Bakker
85e230c46a
Merge pull request #957 from orange-elephant/add-plaintext-export-warning 
Add warning banner after plaintext export
 2022-08-11 21:03:20 +02:00
elena
045b8280bf Add warning banner after plaintext export 2022-08-10 17:17:51 +01:00
Alexander Bakker
6fd8a3b6b4 Allow sharing multiple QR code images to Aegis through a single intent 
This also refactors the logic for handling incoming intents a bit
 2022-08-10 17:48:36 +02:00
Alexander Bakker
e46857a26e Add support for importing multiple QR code images in one go 
This is also part of the preparation needed for scanning Google
Authenticator Export QR codes from images.
 2022-08-10 17:22:09 +02:00
Alexander Bakker
b875baacef
Merge pull request #948 from orange-elephant/Add-mOTP-support 
Add MOTP support
 2022-08-07 18:31:51 +02:00
elena
3441deee64 Add MOTP support 2022-08-07 16:40:08 +01:00
Alexander Bakker
bd3697659f Try harder to find QR codes in image files 
And refactor a bit by moving some of the QR scanning related logic to a
separate helper class.
 2022-08-07 17:13:58 +02:00
Alexander Bakker
5f12eae678 Add tests for scanning QR codes 2022-08-04 21:47:51 +02:00
Alexander Bakker
3b715d58cf
Merge pull request #952 from Hovn/master 
Set the searchview to occupy all Toolbar widths when it expands
 2022-08-04 18:49:59 +02:00
Alexander Bakker
76245677b0 Downgrade ResourceType linter error to a warning 2022-08-03 22:42:56 +02:00
Alexander Bakker
f73a64acd6 Update gradle and dependencies 2022-08-03 20:38:10 +02:00
HovnCompany
b4f12af23a Set the searchview to occupy all Toolbar widths when it expands 2022-08-01 16:00:40 +08:00
Alexander Bakker
043b17909c Wait for ViewPager to be idle in instrumented tests 
This fixes the flakiness issues with the intro tests
 2022-06-06 19:07:02 +02:00
Alexander Bakker
1dcf56a0fa Capture screenshots of failing instrumented tests 2022-06-06 14:52:17 +02:00
Alexander Bakker
f32ac0e8ab Make ProgressDialog adhere to the "Secure screen" setting 2022-06-06 14:05:16 +02:00
Alexander Bakker
8d3b2e2c9d Rename slot type DERIVED to PASSWORD 2022-06-06 13:55:19 +02:00
Alexander Bakker
5db365a999 Add instrumented tests for backup and export 2022-06-06 13:19:46 +02:00