fix enableOTP handling to match docs: prioritize store, then extension config

settings are stored in 3 places:
- login (.gpg file)
- store (.browserpass-settings.json)
- extension-level config (browser UI)

but we don't want each setting to be settable everywhere, so scope
allows one to control which of these 3 places to search for a given
setting.

src/background.js

@@ -450,7 +450,7 @@ async function fillFields(settings, login, fields) {
     // build focus or submit request
     let focusOrSubmitRequest = {
         origin: new BrowserpassURL(settings.tab.url).origin,
-        autoSubmit: getSetting("autoSubmit", login, settings),
+        autoSubmit: helpers.getSetting("autoSubmit", login, settings),
         filledFields: filledFields,
     };
 
@@ -561,25 +561,6 @@ async function getFullSettings() {
     return settings;
 }
 
-/**
- * Get most relevant setting value
- *
- * @param string key      Setting key
- * @param object login    Login object
- * @param object settings Settings object
- * @return object Setting value
- */
-function getSetting(key, login, settings) {
-    if (typeof login.settings[key] !== "undefined") {
-        return login.settings[key];
-    }
-    if (typeof settings.stores[login.store.id].settings[key] !== "undefined") {
-        return settings.stores[login.store.id].settings[key];
-    }
-
-    return settings[key];
-}
-
 /**
  * Deep copy an object
  *
@@ -743,7 +724,7 @@ async function handleMessage(settings, message, sendResponse) {
             }
             break;
         case "copyOTP":
-            if (settings.enableOTP) {
+            if (helpers.getSetting("enableOTP", message.login, settings, helpers.SettingScope.Store)) {
                 try {
                     if (!message.login.fields.otp) {
                         throw new Exception("No OTP seed available");
@@ -815,8 +796,8 @@ async function handleMessage(settings, message, sendResponse) {
 
                 // copy OTP token after fill
                 if (
-                    settings.enableOTP &&
                     typeof message.login !== "undefined" &&
+                    helpers.getSetting("enableOTP", message.login, settings, helpers.SettingScope.Store) &&
                     message.login.fields.hasOwnProperty("otp")
                 ) {
                     copyToClipboard(helpers.makeTOTP(message.login.fields.otp.params));
@@ -968,7 +949,7 @@ async function parseFields(settings, login) {
             if (key === "secret" && lines.length) {
                 login.fields.secret = lines[0];
             } else if (key === "login") {
-                const defaultUsername = getSetting("username", login, settings);
+                const defaultUsername = helpers.getSetting("username", login, settings);
                 login.fields[key] = defaultUsername || login.login.match(/([^\/]+)$/)[1];
             } else {
                 delete login.fields[key];
@@ -982,7 +963,10 @@ async function parseFields(settings, login) {
     }
 
     // preprocess otp
-    if (settings.enableOTP && login.fields.hasOwnProperty("otp")) {
+    if (
+        helpers.getSetting("enableOTP", login, settings, helpers.SettingScope.Store) &&
+        login.fields.hasOwnProperty("otp")
+    ) {
         if (login.fields.otp.match(/^otpauth:\/\/.+/i)) {
             // attempt to parse otp data as URI
             try {

src/helpers.js

@@ -8,15 +8,44 @@ const hash = require("hash.js");
 const Authenticator = require("otplib").authenticator.Authenticator;
 const BrowserpassURL = require("@browserpass/url");
 
+const SettingScope = {
+    // query a setting first from the login, then the store, then globally
+    Login: "login",
+    // query a setting first from the store, then globally
+    Store: "store",
+};
+
 module.exports = {
     prepareLogins,
     filterSortLogins,
+    getSetting,
     ignoreFiles,
     makeTOTP,
+    SettingScope,
 };
 
 //----------------------------------- Function definitions ----------------------------------//
 
+/**
+ * Get most relevant setting value
+ *
+ * @param string key      Setting key
+ * @param object login    Login object
+ * @param object settings Settings object
+ * @param string scope    SettingScope value to specify where to search for the setting (optional)
+ * @return object Setting value
+ */
+function getSetting(key, login, settings, scope = SettingScope.Login) {
+    if (scope === SettingScope.Login && typeof login.settings[key] !== "undefined") {
+        return login.settings[key];
+    }
+    if (typeof settings.stores[login.store.id].settings[key] !== "undefined") {
+        return settings.stores[login.store.id].settings[key];
+    }
+
+    return settings[key];
+}
+
 /**
  * Get the deepest available domain component of a path
  *

src/popup/detailsInterface.js

@@ -103,7 +103,7 @@ function view(ctl, params) {
             ]),
             (() => {
                 if (
-                    this.settings.enableOTP &&
+                    helpers.getSetting("enableOTP", login, this.settings, helpers.SettingScope.Store) &&
                     login.fields.otp &&
                     login.fields.otp.params.type === "totp"
                 ) {