Fix minor issues in the app

[droidmonkey]

• Fixes Do not show the tearing off tags menu when there are no tags and other bugs #11808

  • Don't show tear off menu or option to tear off if there are no tags
  • Fix "No Tags" not being shown on first hover
  • Fix issues when using a tag named "No Tags"

• Fixes Buttons in the new toolbar are not disabled #11662 - disable the save button when viewing Password Generator and Application Settings to restore previous behavior of toolbar

• Fixes UI: Adding new entry doesn't always start with "Entry" tab #11891

• Fixes Preview panel adds extra space to translate “invalid key” #11357

  • Introduces validity parameter to TOTP generator function for future use elsewhere in the code base

• Fixes Passphrase custom wordlist cannot be less than 4000 words #11856

  • Set the minimum recommended wordlist size to 1,296 - equal to the EFF Short List
  • Issue a clear warning when using a smaller wordlist but do not prevent generation of passphrases

• Remove start menu shortcuts on uninstall

• Fixes Icon downloader popup appears behind main application #12070

• Fixes Tags sorted incorrectly in context menu #12153 - tags becoming unsorted in the context menu when switching between database tabs

Testing strategy

Tested on Windows

Type of change

• ✅ Bug fix (non-breaking change that fixes an issue)

[codecov]

Codecov Report

Attention: Patch coverage is 65.04854% with 36 lines in your changes missing coverage. Please review.

Project coverage is 64.24%. Comparing base (c4b4be4) to head (dd0574c).
Report is 9 commits behind head on develop.

Files with missing lines	Patch %	Lines
src/gui/PasswordGeneratorWidget.cpp	44.44%	10 Missing ⚠️
src/gui/MainWindow.cpp	18.18%	9 Missing ⚠️
src/autotype/AutoType.cpp	0.00%	7 Missing ⚠️
src/core/Totp.cpp	81.25%	3 Missing ⚠️
src/gui/MessageBox.cpp	0.00%	2 Missing ⚠️
src/autotype/AutoTypeSelectDialog.cpp	0.00%	1 Missing ⚠️
src/browser/BrowserService.cpp	0.00%	1 Missing ⚠️
src/core/Entry.cpp	83.33%	1 Missing ⚠️
src/gui/DatabaseWidget.cpp	50.00%	1 Missing ⚠️
src/gui/EntryPreviewWidget.cpp	93.33%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #12102      +/-   ##
===========================================
+ Coverage    63.89%   64.24%   +0.35%     
===========================================
  Files          369      375       +6     
  Lines        38943    39292     +349     
===========================================
+ Hits         24882    25241     +359     
+ Misses       14061    14051      -10     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[droidmonkey]

Ok got both issues fixed:

Also properly hiding the progress bar and text label if the TOTP code isn't valid on the popup dialog.

[varjolintu]

Maybe the copy button should be disabled also if the TOTP is not valid? After all it's just copying the "Invalid Key" value to clipboard.

[droidmonkey]

Added another fix for the passphrase generator wordlist size handling:

I also added disabling the copy button on the TOTP dialog if the code is invalid

[varjolintu]

Now when the Copy button is disabled in the dialog, it would make sense also disable the Copy TOTP and Copy Password and TOTP menu items when TOTP is invalid. Not mandatory though.

[xboxones1]

And show qr-code can also be disabled

[droidmonkey]

The buttons are only testing if totp is configured... that would be a bigger change to the code logic deep in the totp settings. I will consider this.

[droidmonkey]

Ok well this turned out much easier than I expected and actually improves a lot of behaviors:

Give this a thorough test, but I think I hit everything, even copying TOTP from the auto-type dialog and browser extension

[Copilot]

Pull Request Overview

This PR addresses several minor UI, functionality, and data-handling issues across the application:

• Hides or disables UI elements when no tags or invalid TOTP settings are present and restores toolbar save button behavior
• Refactors the TOTP API to include a validity flag with corresponding codepaths in entries, database, autotype, and browser services
• Updates passphrase generator’s minimum wordlist size, renames validation methods, and surfaces warnings without blocking generation
• Cleans up start menu shortcuts on uninstall and sorts tags using a collator

Reviewed Changes

Copilot reviewed 20 out of 35 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
src/gui/EntryPreviewWidget.ui	Wrapped TOTP label/progress in a zero-margin QWidget container
src/gui/EntryPreviewWidget.cpp	Connected toggle to container visibility; unified show/hide logic
src/gui/EditWidget.cpp	Expanded pageIndex to consider the scroll area itself
src/gui/DatabaseWidget.cpp	Switched from hasTotp() to hasValidTotp() for clipboards
src/fdosecrets/objects/Item.cpp	Updated TOTP check to hasValidTotp()
src/core/Totp.h & src/core/Totp.cpp	Added checkValidSettings(), extended generateTotp() with flag
src/core/PassphraseGenerator.h & .cpp	Renamed isValid() to isWordListValid(), adjusted min size
src/core/Entry.h & src/core/Entry.cpp	Modified totp() signature and introduced hasValidTotp()
src/core/Database.cpp	Replaced m_tagList.sort() with std::sort() + QCollator
src/cli/Diceware.cpp	Downgraded wordlist-too-small error to a warning
src/browser/BrowserService.cpp	Guarded JSON TOTP inclusion with hasValidTotp()
src/autotype/AutoTypeSelectDialog.cpp	Switched to hasValidTotp() for action menu updates
src/autotype/AutoType.cpp	Added explicit invalid-TOTP error path in sequence parsing
share/windows/wix-template.xml	Added <RemoveFile> to clear start menu shortcuts on uninstall
share/translations/keepassxc_en.ts	Added new translations; removed obsolete entries
share/icons/icons.qrc & COPYING	Added totp-invalid.svg and updated license manifest

Comments suppressed due to low confidence (4)

share/translations/keepassxc_en.ts:727

• Missing translation entry for the "Invalid Settings" error returned by Totp::checkValidSettings(). Add a <message> block for this source string under the appropriate context.

    <message>

share/translations/keepassxc_en.ts:727

• Missing translation entry for the "Invalid Key" error returned by Totp::checkValidSettings(). Add a <message> block for this source string under the TOTP context.

    <message>

src/core/PassphraseGenerator.h:53

• [nitpick] Member variable m_minWordListSize deviates from the repository’s snake_case convention (e.g., m_minimum_wordlist_length). Consider renaming to m_minimum_word_list_size for consistency.

    int m_minWordListSize = 1296;

src/core/PassphraseGenerator.cpp:120

• The original check for m_wordCount > 0 was removed. Without validating m_wordCount, you may generate zero-word passphrases. Reintroduce a check on m_wordCount or ensure it’s always positive.

    if (m_wordlist.isEmpty()) {

[xboxones1]

@droidmonkey, I checked and it still hasn't been fixed. Or don't you see what the problem is?

[droidmonkey]

What hasn't been fixed? I could not replicate your gif

[xboxones1]

@droidmonkey, I outlined the steps to reproduce the issue, but you marked the message as outdated. I thought a GIF would be more helpful.

1. In the security settings, disable the option to hide TOTP in the preview panel.
2. Expand the preview panel so that it is visible after unlocking the database.
3. After unlocking, ensure that TOTP is configured in the first entrey that is opened.
4. After unlocking the database, TOTP should display in the preview panel, but it does not. You have to click twice, as shown in the GIF. This is the bug.
5. This issue occurs on Linux, but I can build on Windows to test

[droidmonkey]

Ah, I figured it out, fix inbound