Select group when adding new credentials

[varjolintu]

Allows selecting a group when adding new credentials to KeePassXC from the popup dialog.

A new command get-database-groups is added to the protocol. If older version than KeePassXC 2.4.0 is used, credentials are saved to the default KeePassXC-Browser Passwords group. For saving, both name and group UUID are used.

The groups are read from a dynamic array where each group can contain N children:

{
    name: '<group name>',
    uuid: '<group UUID>',
    children: [...]
}

Fixes #382.
Fixes #388.
Fixes #427.

Related KeePassXC PR: keepassxreboot/keepassxc#2637.

Also, a default group can be set, or the group can be asked every time:

[droidmonkey]

This is not scalable and could get very confusing for people with many nested groups. Would it be possible to use an accordion type widget that shows only the top level groups, when that group is clicked it should the child, etc etc?

Alternatively a select form element would be better since it would only ever show one group and the whole contents would be visible when dropped down.

[varjolintu]

I updated the PR to include a tree view. I'll update the KeePassXC side soon.

[droidmonkey]

Is the tree collapsed by default? (Should be) the arrows don't seem to indicate the correct state.

[varjolintu]

@droidmonkey It's not collapsed, or cannot be collapsed. It's just a tree view. What do you suggest instead of the arrows (maybe arrow down like in KeePassXC)? Or should it definitely be able to collapse?

[varjolintu]

I changed the icon to arrow down, indicating open tree. For now.

[droidmonkey]

Would you want to show a proper error at this point? Would the CANNOT_DECRYPT_MESSAGE be appropriate here?

[varjolintu]

It's not appropriate here. The actual decryption is made much earlier. The extension actually doesn't have an error message for failed verification. I'll add it as a separate PR later, because that is something that every protocol command will need.

[droidmonkey]

Something like "Invalid or corrupt message sent from KeePassXC"

[varjolintu]

Something like that yes. Currently the verifyResponse() returns false from multiple reasons, so the message must be a general one. The one you proposed or something like: "Message sent from KeePassXC cannot be verified".

[varjolintu]

I added one more thing to the PR. A default group can be specified, or the user can set an option that asks for the group every time when saving new credentials.

[droidmonkey]

There is still a problem. When defining the group to save to, if it does not exist then the entry is silently dropped. The group should be created to store the new entry if it doesn't already exist. This will likely require changes on KeePassXC side.

[varjolintu]

It also seems that triggering notifications from the popup doesn't work. Some changes are needed for that too. Probably we need to call the background script to activate them.

[varjolintu]

@droidmonkey That is now done. KeePassXC side support is here: keepassxreboot/keepassxc#2790.

[droidmonkey]

I thought of a little vulnerability with create entry/group. There is really nothing stopping abuse of the API to create an entry or group. We prevent retrieving information from the database by showing allow/deny dialog, but we do not prevent writing to the database (from KeePassXC).

[varjolintu]

@droidmonkey Yes. We need to restrict this in some way.

[droidmonkey]

We can introduce the protections in 2.4.1

[droidmonkey]

I really like this functionality