wip

luckyrat · luckyrat · commit 3443b9de8154 · 2025-06-26T15:05:31.000+01:00
diff --git a/lib/extension_methods.dart b/lib/extension_methods.dart
@@ -70,6 +70,10 @@ extension KdbxFileKDF on KdbxFile {
     }
     return false;
   }
+
+  List<String> get trimmedTags {
+    return tags.map((tag) => tag.trim()).where((tag) => tag.isNotEmpty).toSet().toList(growable: false);
+  }
 }
 
 extension KdbxEntryColor on KdbxEntry {
diff --git a/lib/vault_backend/jwt.dart b/lib/vault_backend/jwt.dart
@@ -90,13 +90,13 @@ class JWT {
     try {
       final keyPair = jwt.JWTKey.fromJWK(jwk);
       // If this does not throw an exception then we know the signature is valid
-      final _ = jwt.JWT.verify(sig, keyPair);
+      final _ = jwt.JWT.verify(sig, keyPair, checkHeaderType: false);
       return ClientVerificationResult(claim: claim, audience: claim.aud);
     } on jwt.JWTExpiredException {
       l.w('JWT expired. Token should therefore be ignored.');
       return ClientVerificationResult(claim: claim, audience: claim.aud);
     } on jwt.JWTException catch (ex) {
-      l.e('Failed to verify JWT', error: ex.message); // e.g. invalid signature
+      l.e('Failed to verify JWT - "$sig"', error: ex.message); // e.g. invalid signature
       throw KeeInvalidJWTException();
     } catch (e, stacktrace) {
       l.e('General cryptography error during JWT verification', error: e, stackTrace: stacktrace);
diff --git a/lib/widgets/autofill_save.dart b/lib/widgets/autofill_save.dart
@@ -114,7 +114,7 @@ class _AutofillSaveWidgetState extends State<AutofillSaveWidget> with TraceableC
           return EntryWidget(
             key: ValueKey('autofillSaveDetails'),
             savingViaAutofill: true,
-            endEditing: (bool keepChanges) => onEndEditing(keepChanges, vaultCubit, vault.files.current.tags),
+            endEditing: (bool keepChanges) => onEndEditing(keepChanges, vaultCubit, vault.files.current.trimmedTags),
             allCustomIcons: vault.files.current.body.meta.customIcons.map(
               (key, value) =>
                   MapEntry(value, Image.memory(value.data, fit: BoxFit.contain, filterQuality: FilterQuality.low)),
diff --git a/lib/widgets/change_subscription.dart b/lib/widgets/change_subscription.dart
@@ -135,7 +135,7 @@ class _ChangeSubscriptionWidgetState extends State<ChangeSubscriptionWidget> {
               alignment: Alignment.center,
               child: OutlinedButton(
                 onPressed: () async => await DialogUtils.openUrl('https://kee.pm/keevault/delete-account/'),
-                style: OutlinedButton.styleFrom(backgroundColor: theme.buttonTheme.colorScheme!.error),
+                style: OutlinedButton.styleFrom(foregroundColor: theme.buttonTheme.colorScheme!.error),
                 child: Text(str.deleteAccount),
               ),
             ),
diff --git a/lib/widgets/entry.dart b/lib/widgets/entry.dart
@@ -15,6 +15,7 @@ import 'package:flutter_speed_dial/flutter_speed_dial.dart';
 
 import 'package:keevault/cubit/entry_cubit.dart';
 import 'package:keevault/cubit/vault_cubit.dart';
+import 'package:keevault/extension_methods.dart';
 import 'package:keevault/logging/logger.dart';
 import 'package:keevault/model/entry.dart';
 import 'package:keevault/model/field.dart';
@@ -495,7 +496,7 @@ class EntryWidget extends StatelessWidget {
                                     ),
                                     LabelsWidget(
                                       tags: entry.tags,
-                                      otherKnownTags: loadedState.vault.files.current.tags
+                                      otherKnownTags: loadedState.vault.files.current.trimmedTags
                                           .map((t) => Tag(t, true))
                                           .where((t) => !entry.tags.any((et) => et.lowercase == t.lowercase))
                                           .toList(),
diff --git a/lib/widgets/entry_list.dart b/lib/widgets/entry_list.dart
@@ -242,7 +242,7 @@ class EntryListItemWidget extends StatelessWidget {
                           final entryCubit = BlocProvider.of<EntryCubit>(context);
                           entryCubit.revertToHistoryEntry(entry, index);
                           final filterCubit = BlocProvider.of<FilterCubit>(context);
-                          filterCubit.reFilter(entry.file!.tags, entry.file!.body.rootGroup);
+                          filterCubit.reFilter(entry.file!.trimmedTags, entry.file!.body.rootGroup);
                           close(returnValue: false);
                           //TODO:f: Maybe one day we can automatically reopen the container with the updated information?
                           //   BlocProvider.of<EntryCubit>(context).startEditing(entry);
@@ -252,7 +252,7 @@ class EntryListItemWidget extends StatelessWidget {
                           final entryCubit = BlocProvider.of<EntryCubit>(context);
                           entryCubit.removeHistoryEntry(entry, index);
                           final filterCubit = BlocProvider.of<FilterCubit>(context);
-                          filterCubit.reFilter(entry.file!.tags, entry.file!.body.rootGroup);
+                          filterCubit.reFilter(entry.file!.trimmedTags, entry.file!.body.rootGroup);
                           close(returnValue: false);
                         },
                       );
@@ -271,7 +271,7 @@ class EntryListItemWidget extends StatelessWidget {
                         final filterCubit = BlocProvider.of<FilterCubit>(context);
                         await BlocProvider.of<InteractionCubit>(context).entrySaved();
                         await iam.showIfAppropriate(InAppMessageTrigger.entryChanged);
-                        filterCubit.reFilter(entry.file!.tags, entry.file!.body.rootGroup);
+                        filterCubit.reFilter(entry.file!.trimmedTags, entry.file!.body.rootGroup);
                         //TODO:f: A separate cubit to track state of ELIVMs might provide better performance and scroll position stability than recreating them all from scratch every time we re-filter?
                       } else {
                         entryCubit.endEditing(null);
diff --git a/lib/widgets/label_filter.dart b/lib/widgets/label_filter.dart
@@ -2,8 +2,8 @@ import 'package:flutter/material.dart';
 import 'package:flutter_bloc/flutter_bloc.dart';
 import 'package:keevault/cubit/filter_cubit.dart';
 import 'package:keevault/cubit/vault_cubit.dart';
+import 'package:keevault/extension_methods.dart';
 import 'package:keevault/generated/l10n.dart';
-import 'package:keevault/logging/logger.dart';
 
 class LabelFilterWidget extends StatelessWidget {
   const LabelFilterWidget({super.key});
@@ -21,7 +21,7 @@ class LabelFilterWidget extends StatelessWidget {
             if (state is! FilterActive) return Container();
             final filterState = state;
             return Visibility(
-              visible: vaultState.vault.files.current.tags.isNotEmpty,
+              visible: vaultState.vault.files.current.trimmedTags.isNotEmpty,
               replacement: Column(
                 mainAxisSize: MainAxisSize.min,
                 mainAxisAlignment: MainAxisAlignment.start,
@@ -51,8 +51,7 @@ class LabelFilterWidget extends StatelessWidget {
                                 crossAxisAlignment: WrapCrossAlignment.center,
                                 alignment: WrapAlignment.center,
                                 runSpacing: 8.0,
-                                children: vaultState.vault.files.current.tags.map((tag) {
-                                  l.d('Found tag: "$tag"');
+                                children: vaultState.vault.files.current.trimmedTags.map((tag) {
                                   final isSelected = filterState.tags.contains(tag.toLowerCase());
                                   return FilterChip(
                                     visualDensity: VisualDensity.standard,
diff --git a/lib/widgets/new_entry_button.dart b/lib/widgets/new_entry_button.dart
@@ -5,6 +5,7 @@ import 'package:kdbx/kdbx.dart';
 import 'package:keevault/cubit/autofill_cubit.dart';
 import 'package:keevault/cubit/entry_cubit.dart';
 import 'package:keevault/cubit/filter_cubit.dart';
+import 'package:keevault/extension_methods.dart';
 import 'package:keevault/widgets/in_app_messenger.dart';
 import '../cubit/account_cubit.dart';
 import '../cubit/interaction_cubit.dart';
@@ -58,7 +59,7 @@ class NewEntryButton extends StatelessWidget {
                   final filterCubit = BlocProvider.of<FilterCubit>(context);
                   await BlocProvider.of<InteractionCubit>(context).entrySaved();
                   await iam.showIfAppropriate(InAppMessageTrigger.entryChanged);
-                  filterCubit.reFilter(currentFile.tags, currentFile.body.rootGroup);
+                  filterCubit.reFilter(currentFile.trimmedTags, currentFile.body.rootGroup);
                 } else {
                   entryCubit.endCreating(null);
                   final vaultCubit = BlocProvider.of<VaultCubit>(context);
diff --git a/lib/widgets/settings.dart b/lib/widgets/settings.dart
@@ -365,6 +365,7 @@ class _BiometricSettingWidgetState extends State<BiometricSettingWidget> {
   @override
   Widget build(BuildContext context) {
     final str = S.of(context);
+    final theme = Theme.of(context);
     final quickUnlockSettings = [
       TextInputSettingsTile(
         title: str.automaticallySignInFor,
@@ -427,6 +428,7 @@ class _BiometricSettingWidgetState extends State<BiometricSettingWidget> {
                 visible: !KeeVaultPlatform.isIOS,
                 replacement: Column(children: quickUnlockSettings),
                 child: SwitchSettingsTile(
+                  activeColor: theme.colorScheme.inversePrimary,
                   settingKey: 'biometrics-enabled',
                   title: str.biometricSignIn,
                   onChange: (value) async {
@@ -509,6 +511,7 @@ class _AutofillStatusWidgetState extends State<AutofillStatusWidget> {
   @override
   Widget build(BuildContext context) {
     final str = S.of(context);
+    final theme = Theme.of(context);
 
     return Column(
       children: [
@@ -552,6 +555,7 @@ class _AutofillStatusWidgetState extends State<AutofillStatusWidget> {
               Visibility(
                 visible: widget.isEnabled && KeeVaultPlatform.isAndroid,
                 child: SwitchSettingsTile(
+                  activeColor: theme.colorScheme.inversePrimary,
                   settingKey: 'autofillServiceEnableSaving',
                   title: str.offerToSave,
                   defaultValue: true,
@@ -569,6 +573,7 @@ class _AutofillStatusWidgetState extends State<AutofillStatusWidget> {
                 visible:
                     widget.isEnabled && KeeVaultPlatform.isAndroid && (_androidDeviceInfo?.version.sdkInt ?? 0) >= 31,
                 child: SwitchSettingsTile(
+                  activeColor: theme.colorScheme.inversePrimary,
                   settingKey: 'autofillServiceEnableIMEIntegration',
                   title: 'Show in keyboard',
                   subtitle: 'experimental feature',
diff --git a/test/jwt_test.dart b/test/jwt_test.dart
@@ -0,0 +1,25 @@
+// dart
+import 'package:flutter_test/flutter_test.dart';
+import 'package:dart_jsonwebtoken/dart_jsonwebtoken.dart';
+
+void main() {
+  group('JWT verification', () {
+    test('verifies a valid JWT signed with idBeta JWK', () async {
+      const sig =
+          'eyJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJSTmk4RTI2N1pCaHk3WlBjUFJpOXhsSWFzTTlKdDRrb2t4TExVZGNMTkpJPSIsImlzcyI6ImlkQmV0YSIsImF1ZCI6ImNsaWVudCIsImV4cCI6MTc1MTAyOTIyNDM2MCwiaWF0IjoxNzUwOTQyODI0MzYwLCJmZWF0dXJlcyI6WyJzdG9yYWdlLWtlZSIsIm11bHRpU2Vzc2lvbiIsInN5bmNTZXR0aW5ncyIsImZvcm1BY2N1cmFjeSJdLCJmZWF0dXJlRXhwaXJ5IjoxNzY0NjA3MTQzMDAwLCJzdWJzY3JpcHRpb25JZCI6ImNiXzFta1Z2dERSQVdmQVpaRkI3In0.Jf_XXlAFE8L1Evz03nCNA7vevMOFrB9ZKJ6eRIdlurzwDjOaiLl8WIjgfClSGKLw-HlKMmEuP_Kr7ExPlKEm_w';
+      // const sig =
+      //     'eyJhbGciOiJFUzI1NiJ9.eyJzdWIiOiJSTmk4RTI2N1pCaHk3WlBjUFJpOXhsSWFzTTlKdDRrb2t4TExVZGNMTkpJPSIsImlzcyI6ImlkQmV0YSIsImF1ZCI6ImNsaWVudCIsImV4cCI6MTc1MTAyOTIyNDM2MCwiaWF0IjoxNzUwOTQyODI0MzYwLCJmZWF0dXJlcyI6WyJzdG9yYWdlLWtlZSIsIm11bHRpU2Vzc2lvbiIsInN5bmNTZXR0aW5ncyIsImZvcm1BY2N1cmFjeSJdLCJmZWF0dXJlRXhwaXJ5IjoxNzY0NjA3MTQzMDAwLCJzdWJzY3JpcHRpb25JZCI6ImNiXzFta1Z2dERSQVdmQVpaRkI3In0.Jf/XXlAFE8L1Evz03nCNA7vevMOFrB9ZKJ6eRIdlurzwDjOaiLl8WIjgfClSGKLw+HlKMmEuP/Kr7ExPlKEm/w';
+
+      final keyPair = JWTKey.fromJWK({
+        'kty': 'EC',
+        'crv': 'P-256',
+        'x': 'CinRkFHv6IGNcd52YlzD3BF_WruIMs-6Nn5oI7QmgjU',
+        'y': 'pJ66MRPoCC2MUBFdYyRqGPfw3pZEnPGtHVhvspLTVDA',
+      });
+      final result = JWT.verify(sig, keyPair, checkHeaderType: false);
+      // expect(result, isA<ClientVerificationResult>());
+      final clientResult = result;
+      expect(clientResult.audience, 'client');
+    });
+  });
+}

Original file line number	Diff line number	Diff line change
`@@ -70,6 +70,10 @@ extension KdbxFileKDF on KdbxFile {`
`70`	`70`	`}`
`71`	`71`	`return false;`
`72`	`72`	`}`
	`73`	`+`
	`74`	`+ List<String> get trimmedTags {`
	`75`	`+ return tags.map((tag) => tag.trim()).where((tag) => tag.isNotEmpty).toSet().toList(growable: false);`
	`76`	`+ }`
`73`	`77`	`}`
`74`	`78`
`75`	`79`	`extension KdbxEntryColor on KdbxEntry {`