From 6718289108eaa4a1ee3e6fa7b40e509b130e1f8d Mon Sep 17 00:00:00 2001
From: binsky <timo@binsky.org>
Date: Sun, 22 Sep 2024 16:25:25 +0200
Subject: [PATCH 1/2] prevent encryption and decryption of non present (usually
 encrypted) credential fields #815

---
 js/app/services/credentialservice.js | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/js/app/services/credentialservice.js b/js/app/services/credentialservice.js
index 5361bb2d..4f830dfa 100644
--- a/js/app/services/credentialservice.js
+++ b/js/app/services/credentialservice.js
@@ -123,15 +123,20 @@
 				encryptCredential: function (credential, key) {
 					for (var i = 0; i < _encryptedFields.length; i++) {
 						var field = _encryptedFields[i];
-						var fieldValue = angular.copy(credential[field]);
-						credential[field] = EncryptService.encryptString(JSON.stringify(fieldValue), key);
+						if (credential[field] !== undefined) {
+							var fieldValue = angular.copy(credential[field]);
+							credential[field] = EncryptService.encryptString(JSON.stringify(fieldValue), key);
+						}
 					}
 					return credential;
 				},
 				decryptCredential: function (credential, key) {
 					for (var i = 0; i < _encryptedFields.length; i++) {
 						var field = _encryptedFields[i];
-						var fieldValue = angular.copy(credential[field]);
+						var fieldValue = null;
+						if (credential[field] !== undefined) {
+							fieldValue = angular.copy(credential[field]);
+						}
 						var field_decrypted_value;
 						try {
 							if(fieldValue!==null && fieldValue!=="null" && fieldValue!==""){

From 611e7aa069be829689f767c0db120e99c4eaa864 Mon Sep 17 00:00:00 2001
From: binsky <timo@binsky.org>
Date: Sun, 22 Sep 2024 16:42:57 +0200
Subject: [PATCH 2/2] hide credential edit files tab for shared credentials
 with missing FILES acl #815

---
 js/app/controllers/edit_credential.js | 18 +++++++++++++++---
 js/templates.js                       |  2 +-
 templates/views/edit_credential.html  |  1 +
 3 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/js/app/controllers/edit_credential.js b/js/app/controllers/edit_credential.js
index 4c38f210..44cc6479 100644
--- a/js/app/controllers/edit_credential.js
+++ b/js/app/controllers/edit_credential.js
@@ -32,8 +32,8 @@
 	 * Controller of the passmanApp
 	 */
 	angular.module('passmanApp')
-		.controller('CredentialEditCtrl', ['$scope', 'VaultService', 'CredentialService', 'SettingsService', '$location', '$routeParams', 'FileService', 'EncryptService', 'TagService', 'NotificationService', 'ShareService', '$translate','$rootScope',
-			function ($scope, VaultService, CredentialService, SettingsService, $location, $routeParams, FileService, EncryptService, TagService, NotificationService, ShareService, $translate, $rootScope) {
+		.controller('CredentialEditCtrl', ['$scope', 'VaultService', 'CredentialService', 'SettingsService', '$location', '$routeParams', 'FileService', 'EncryptService', 'TagService', 'NotificationService', 'ShareService', 'SharingACL', '$translate','$rootScope',
+			function ($scope, VaultService, CredentialService, SettingsService, $location, $routeParams, FileService, EncryptService, TagService, NotificationService, ShareService, SharingACL, $translate, $rootScope) {
 				$scope.active_vault = VaultService.getActiveVault();
 				if (!SettingsService.getSetting('defaultVault') || !SettingsService.getSetting('defaultVaultPass')) {
 					if (!$scope.active_vault) {
@@ -89,7 +89,8 @@
 					}, {
 						title: translations.files,
 						url: 'views/partials/forms/edit_credential/files.html',
-						color: 'yellow'
+						color: 'yellow',
+						requiredACL: $scope.permissions.permissions.FILES
 					}, {
 						title: translations.otp,
 						url: 'views/partials/forms/edit_credential/otp.html',
@@ -135,6 +136,17 @@
 					return tab.url === $scope.currentTab.url;
 				};
 
+				$scope.permissions = new SharingACL(0);
+
+				$scope.hasPermission = function (acl, permission) {
+					if (acl) {
+						var tmp = new SharingACL(acl.permission);
+						return tmp.hasPermission(permission);
+					} else {
+						return true;
+					}
+				};
+
 				/**
 				 * Below general edit functions
 				 */
diff --git a/js/templates.js b/js/templates.js
index 2025b5ac..1893dcb4 100644
--- a/js/templates.js
+++ b/js/templates.js
@@ -9,7 +9,7 @@ angular.module('views/credential_revisions.html', []).run(['$templateCache', fun
 angular.module('views/edit_credential.html', []).run(['$templateCache', function($templateCache) {
   'use strict';
   $templateCache.put('views/edit_credential.html',
-    '<div id="passman-controls"><div class="breadcrumb"><ul class="breadcrumb"><li class="crumb svg crumbhome"><a ng-click="logout()" class="icon-home">Home</a> <span style="display: none;"></span></li><li class="crumb svg" data-dir="/Test"><a ng-click="cancel()">{{ active_vault.name }}</a></li><li class="crumb svg last" data-dir="/Test"><a ng-if="storedCredential.credential_id">{{ \'edit.credential\' | translate }} "{{ storedCredential.label }}"</a> <a ng-if="!storedCredential.credential_id">{{ \'create.credential\' | translate }}</a></li></ul></div></div><div class="app-sidebar-tabs"><nav class="app-sidebar-tabs__nav"><ul><li ng-repeat="tab in tabs track by $index" class="app-sidebar-tabs__tab" ng-class="isActiveTab(tab)? \'active\' : \'inactive\'" ng-click="onClickTab(tab)">{{ tab.title }}</li></ul></nav><div class="tab_container edit_credential" use-theme type="\'border-top-color\'"><div ng-include="currentTab.url"></div><button ng-click="saveCredential()" ng-disabled="saving"><i class="fa fa-spinner fa-spin" ng-show="saving"></i> {{ \'save\' | translate }}</button> <button ng-click="cancel()">{{ \'cancel\' | translate }}</button></div></div>');
+    '<div id="passman-controls"><div class="breadcrumb"><ul class="breadcrumb"><li class="crumb svg crumbhome"><a ng-click="logout()" class="icon-home">Home</a> <span style="display: none;"></span></li><li class="crumb svg" data-dir="/Test"><a ng-click="cancel()">{{ active_vault.name }}</a></li><li class="crumb svg last" data-dir="/Test"><a ng-if="storedCredential.credential_id">{{ \'edit.credential\' | translate }} "{{ storedCredential.label }}"</a> <a ng-if="!storedCredential.credential_id">{{ \'create.credential\' | translate }}</a></li></ul></div></div><div class="app-sidebar-tabs"><nav class="app-sidebar-tabs__nav"><ul><li ng-repeat="tab in tabs track by $index" class="app-sidebar-tabs__tab" ng-if="tab.requiredACL == undefined || storedCredential.acl == undefined || hasPermission(storedCredential.acl.permissions, tab.requiredACL)" ng-class="isActiveTab(tab)? \'active\' : \'inactive\'" ng-click="onClickTab(tab)">{{ tab.title }}</li></ul></nav><div class="tab_container edit_credential" use-theme type="\'border-top-color\'"><div ng-include="currentTab.url"></div><button ng-click="saveCredential()" ng-disabled="saving"><i class="fa fa-spinner fa-spin" ng-show="saving"></i> {{ \'save\' | translate }}</button> <button ng-click="cancel()">{{ \'cancel\' | translate }}</button></div></div>');
 }]);
 
 angular.module('views/partials/credential_template.html', []).run(['$templateCache', function($templateCache) {
diff --git a/templates/views/edit_credential.html b/templates/views/edit_credential.html
index 715b971f..c29b67b5 100644
--- a/templates/views/edit_credential.html
+++ b/templates/views/edit_credential.html
@@ -21,6 +21,7 @@
     <nav class="app-sidebar-tabs__nav">
         <ul>
             <li ng-repeat="tab in tabs track by $index" class="app-sidebar-tabs__tab"
+                ng-if="tab.requiredACL == undefined || storedCredential.acl == undefined || hasPermission(storedCredential.acl.permissions, tab.requiredACL)"
                 ng-class="isActiveTab(tab)? 'active' : 'inactive'"
                 ng-click="onClickTab(tab)">{{ tab.title }}
             </li>