diff --git a/appinfo/database.xml b/appinfo/database.xml index 98d912c0..5df22b47 100644 --- a/appinfo/database.xml +++ b/appinfo/database.xml @@ -419,14 +419,14 @@ vault_id integer - true + false true 8 vault_guid text - true + false 64 @@ -470,7 +470,7 @@ shared_key clob - true + false diff --git a/appinfo/info.xml b/appinfo/info.xml index cbf69058..be0c72d2 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -5,7 +5,7 @@ A password manager for Nextcloud AGPL Sander Brand - 1.0.2.21 + 1.0.2.24 Passman other https://github.com/nextcloud/passman/ diff --git a/controller/sharecontroller.php b/controller/sharecontroller.php index 40ac2fc5..a976cd61 100644 --- a/controller/sharecontroller.php +++ b/controller/sharecontroller.php @@ -297,6 +297,8 @@ class ShareController extends ApiController { * @PublicPage */ public function getPublicCredentialData($credential_guid) { + //@TODO if ExpireViews --, if 0 delete + //@TODO Check expire date try { $credential = $this->shareService->getSharedItem(null, $credential_guid); return new JSONResponse($credential); diff --git a/js/app/controllers/public_shared_credential.js b/js/app/controllers/public_shared_credential.js index c2752f11..33dcc9a2 100644 --- a/js/app/controllers/public_shared_credential.js +++ b/js/app/controllers/public_shared_credential.js @@ -10,83 +10,20 @@ angular.module('passmanApp') $scope.test = 'hello world'; $scope.loading = false; - - - var example_shared_credential = { - "credential_id": 292, - "guid": "3D18EAD3-CF40-4B2B-B568-82CD7CB3D47F", - "user_id": "sander", - "vault_id": 2, - "label": "donnelly.com", - "description": null, - "created": 1475479693, - "changed": 1475479693, - "tags": [{"text": "Games"}], - "email": null, - "username": "ebrekke", - "password": "hd%/U_%vzvh%", - "url": "http://api.namefake.com/english-united-states/male/2854dda4938c9c5f60a288fa6fbe5095", - "favicon": null, - "renew_interval": null, - "expire_time": 0, - "delete_time": 0, - "files": [{ - "file_id": 1, - "filename": "20160925-Clipperz_Export.html", - "guid": "6DA2CE41-A26B-4F97-A334-2CC74F7E9890", - "size": 13863, - "created": 1475485368, - "mimetype": "text/html", - "$$hashKey": "object:1261" - }, { - "file_id": 2, - "filename": "20160925_Clipperz_Offline.html", - "guid": "9337D189-B79E-4750-BEF9-3C912A9EA59D", - "size": 3088428, - "created": 1475485376, - "mimetype": "text/html", - "$$hashKey": "object:1268" - }], - "custom_fields": [{ - "label": "Test field", - "value": "blah blah", - "secret": false, - "$$hashKey": "object:1205" - }, { - "label": "another field =)", - "value": "vlaue", - "secret": true, - "$$hashKey": "object:1220" - }], - "otp": { - "type": "totp", - "label": "Google:fake@gmail.com", - "qr_uri": { - "qrData": "otpauth://totp/Google%3Afake%40gmail.com?secret=oyonyttithtryvpnqqrxluytgwon2mhw&issuer=Google", - "image": "" - }, - "secret": "oyonyttithtryvpnqqrxluytgwon2mhw", - "issuer": "Google" - }, - "hidden": 0, - "shared_key": null, - "tags_raw": [{"text": "Games"}] - }; - $scope.loadSharedCredential = function () { $scope.loading = true; - var guid = $window.location.hash.replace('#',''); + var data = window.atob($window.location.hash.replace('#','')).split('<::>'); + var guid = data[0]; + var _key = data[1]; ShareService.getPublicSharedCredential(guid).then(function (sharedCredential) { $scope.loading = false; - console.log(sharedCredential) if(sharedCredential.status === 200){ - $scope.shared_credential = example_shared_credential; + var _credential = ShareService.decryptSharedCredential(sharedCredential.data.credential_data, _key); + $scope.shared_credential = _credential; } else { $scope.expired = true; } - }, function(error){ - return false; }) } diff --git a/js/app/controllers/share.js b/js/app/controllers/share.js index 487d23f5..c12e8aab 100644 --- a/js/app/controllers/share.js +++ b/js/app/controllers/share.js @@ -61,7 +61,6 @@ angular.module('passmanApp') $location.path('/vault/' + $scope.storedCredential.vault_id); }; - $scope.share_link = $location.$$protocol + '://' + $location.$$host + OC.generateUrl('apps/passman/share/public#') + $scope.storedCredential.guid; $scope.default_permissions = new SharingACL(0); $scope.default_permissions.addPermission( @@ -138,12 +137,11 @@ angular.module('passmanApp') }; $scope.unshareCredential = function (credential) { - ShareService.unshareCredential(credential).then(function () { - var _credential = angular.copy(credential); - _credential.shared_key = null; - CredentialService.updateCredential(_credential).then(function () { - NotificationService.showNotification('Credential unshared', 4000) - }) + ShareService.unshareCredential(credential); + var _credential = angular.copy(credential); + _credential.shared_key = null; + CredentialService.updateCredential(_credential).then(function () { + NotificationService.showNotification('Credential unshared', 4000) }) }; @@ -196,12 +194,15 @@ angular.module('passmanApp') if($scope.share_settings.linkSharing.enabled){ var shareObj = { - item_id: '', + item_id: $scope.storedCredential.credential_id, + item_guid: $scope.storedCredential.guid, permissions: $scope.share_settings.linkSharing.settings.acl.getAccessLevel(), expire_timestamp: $scope.share_settings.linkSharing.settings.expire_time, expire_views: $scope.share_settings.linkSharing.settings.expire_views }; ShareService.createPublicSharedCredential(shareObj).then(function(){ + var hash = window.btoa($scope.storedCredential.guid + '<::>'+ key) + $scope.share_link = $location.$$protocol + '://' + $location.$$host + OC.generateUrl('apps/passman/share/public#') + hash; }); } diff --git a/templates/public_share.php b/templates/public_share.php index 6a979676..3f13d58d 100644 --- a/templates/public_share.php +++ b/templates/public_share.php @@ -65,7 +65,7 @@ style('passman', 'public-page');

Passman

- {name} has shared a credential with you. + Someone has shared a credential with you.