Add more granular Auto-Type confirmation settings

[juzu-o]

Description

This pull request adds a new setting to KeePassXC that allows for more granular control over the Auto-Type confirmation popup. Specifically, it introduces an option to always prompt for confirmation before performing global Auto-Type actions, while allowing users to skip the confirmation when invoking Auto-Type from within the main KeePassXC window.

Problem

Currently, the "Always ask before performing Auto-Type" setting affects all Auto-Type invocations uniformly:

• When enabled: Shows confirmation for both main window actions AND always opens selection popup for global Auto-Type
• When disabled: No confirmations for any Auto-Type method (Except for global Auto-Type when target window doesn't match any entries or matches multiple ones -> then it opens selection popup window)

This may leave users wanting more granular control to streamline their workflow for routine Auto-Type usage while maintaining security for global Auto-Type.

Rationale

Why introduce this feature?

With global Auto-Type, there is a potential risk of accidentally auto-typing the wrong credentials if the currently focused window title matches a single entry in KeePassXC, when the "Always ask before performing Auto-Type" setting is disabled. This could lead to sensitive information being sent to the wrong application or website.

This new setting gives users more control and safety:

• When Auto-Type is invoked globally (e.g., via a system-wide hotkey), the confirmation popup will always appear, letting the user confirm which credentials will be auto-typed.
• When Auto-Type is invoked from within KeePassXC's main window, the confirmation step can be skipped, since the user already can visually confirm which entry is being auto-typed.

This balances usability and security, reducing friction for intended actions while providing an extra safeguard for potentially ambiguous global Auto-Type triggers.

AI Disclosure

This pull request was created with assistance from Copilot AI (Claude Sonnet 4 language model) for code generation and implementation guidance.

Solution

Added a new checkbox setting: "Skip confirmation for main window Auto-Type actions"

Behavior Matrix

Parent Setting	New Setting	Main Window Actions	Global Auto-Type
Unchecked	N/A (disabled)	No confirmation	No selection popup
Checked	Unchecked	Show confirmation	Show selection popup
Checked	Checked	No confirmation	Show selection popup

Key Features

• Granular Control: Separate confirmation behavior for main window vs. global Auto-Type
• Security Maintained: Global Auto-Type (external hotkey) always shows selection popup when parent setting is enabled
• Backwards Compatible: Default behavior unchanged (new setting defaults to unchecked)
• New option is indented under parent setting and only enabled when relevant
• Existing users see no behavior change unless they opt-in

Screenshots

Implementation Details

Technical Changes

Configuration Storage (src/core/Config.h, src/core/Config.cpp):

• Added Security_AutoTypeSkipMainWindowConfirmation configuration key
• Defaults to false to maintain existing behavior

Settings UI (src/gui/ApplicationSettingsWidgetGeneral.ui):

• Added new checkbox with proper indentation and spacing
• Positioned directly under the existing "Always ask before performing Auto-Type" setting

Settings Logic (src/gui/ApplicationSettingsWidget.cpp, src/gui/ApplicationSettingsWidget.h):

• Implemented enable/disable logic for the new checkbox
• Added loading/saving functionality
• New checkbox is only enabled when parent setting is checked

Auto-Type Confirmation Logic (src/gui/DatabaseWidget.cpp):

// Modified confirmation logic in performAutoType()
bool shouldAsk = config()->get(Config::Security_AutoTypeAsk).toBool();
bool skipMainWindowConfirmation = config()->get(Config::Security_AutoTypeSkipMainWindowConfirmation).toBool();

// Show confirmation only when both conditions are met:
// 1. Always ask is enabled AND 2. Skip main window confirmation is disabled
if (shouldAsk && !skipMainWindowConfirmation) {
    // Show confirmation dialog
}

Auto-Type Invocation Paths

1. Main Window Actions → DatabaseWidget::performAutoType() → Uses new granular confirmation logic:

   • Context menu Auto-Type
   • Toolbar Auto-Type buttons
   • CTRL+SHIFT+V keyboard shortcut (when entry is selected)

2. Global Auto-Type → AutoType::performGlobalAutoType() → Unchanged behavior (always shows selection popup)

Testing strategy

• Manually tested global Auto-Type and main window Auto-Type with the new setting enabled and disabled.
• Verified that the confirmation popup appears as expected only for global Auto-Type when the setting is enabled.
• Checked that main window Auto-Type remains convenient and does not prompt unnecessarily.

Type of change

• ✅ New feature (change that adds functionality)

[Copilot]

Pull Request Overview

This PR adds granular control over Auto-Type confirmation settings by introducing a new option to skip confirmation prompts for main window Auto-Type actions while maintaining confirmation for global Auto-Type operations. This enhancement allows users to streamline their workflow for routine Auto-Type usage from within KeePassXC while preserving security for potentially risky global Auto-Type invocations.

Key changes:

• Added new configuration option "Skip confirmation for main window Auto-Type actions"
• Modified Auto-Type confirmation logic to differentiate between main window and global Auto-Type actions
• Enhanced settings UI with proper hierarchical layout and enable/disable logic

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/gui/DatabaseWidget.cpp	Updated Auto-Type confirmation logic to check both parent and new settings
src/gui/ApplicationSettingsWidgetGeneral.ui	Added new indented checkbox for the granular confirmation setting
src/gui/ApplicationSettingsWidget.h	Added slot declaration for handling parent setting toggle
src/gui/ApplicationSettingsWidget.cpp	Implemented loading, saving, and UI state management for new setting
src/core/Config.h	Added new configuration key for the Auto-Type skip confirmation setting
src/core/Config.cpp	Added configuration directive with default value of false
share/translations/keepassxc_en.ts	Added translation entry for the new setting label