diff --git a/README.md b/README.md
index cae19edf..080ac580 100644
--- a/README.md
+++ b/README.md
@@ -34,3 +34,8 @@ To watch for changes use `grunt watch`
## Contributors
Add yours when creating a pull request!
- None
+
+
+## FAQ
+**Are you adding something to check if malicious code is executing on the browser?**
+No, because malitous code could edit the functions that check for malicious code.
\ No newline at end of file
diff --git a/controller/vaultcontroller.php b/controller/vaultcontroller.php
index d6009b18..191d1d9a 100644
--- a/controller/vaultcontroller.php
+++ b/controller/vaultcontroller.php
@@ -38,9 +38,26 @@ class VaultController extends ApiController {
* @NoAdminRequired
*/
public function listVaults() {
-
+ $result = array();
$vaults = $this->vaultService->getByUser($this->userId);
- return new JSONResponse($vaults);
+
+ $protected_credential_fields = array('getDescription','getEmail','getUsername','getPassword');
+
+ foreach($vaults as $vault){
+ $credential = $this->credentialService->getRandomCredentialByVaultId($vault->getId(), $this->userId);
+ $secret_field = $protected_credential_fields[array_rand($protected_credential_fields)];
+ array_push($result, array(
+ 'vault_id' => $vault->getId(),
+ 'guid' => $vault->getGuid(),
+ 'name' => $vault->getName(),
+ 'created' => $vault->getCreated(),
+ 'public_sharing_key' => $vault->getPublicSharingKey(),
+ 'last_access' => $vault->getlastAccess(),
+ 'challenge_password' => $credential->{$secret_field}()
+ ));
+ }
+
+ return new JSONResponse($result);
}
/**
diff --git a/js/app/controllers/credential.js b/js/app/controllers/credential.js
index 459af364..3beed800 100644
--- a/js/app/controllers/credential.js
+++ b/js/app/controllers/credential.js
@@ -22,7 +22,7 @@ angular.module('passmanApp')
_vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass'));
VaultService.setActiveVault(_vault);
$scope.active_vault = _vault;
-
+ console.log(_vault)
//@TODO check if vault exists
}
diff --git a/js/app/controllers/edit_credential.js b/js/app/controllers/edit_credential.js
index 11a7f600..21dfc8d5 100644
--- a/js/app/controllers/edit_credential.js
+++ b/js/app/controllers/edit_credential.js
@@ -18,13 +18,25 @@ angular.module('passmanApp')
} else {
if (SettingsService.getSetting('defaultVault') && SettingsService.getSetting('defaultVaultPass')) {
var _vault = angular.copy(SettingsService.getSetting('defaultVault'));
- _vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass'));
- VaultService.setActiveVault(_vault);
- $scope.active_vault = _vault;
+ VaultService.getVault(_vault).then(function (vault) {
+ vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass'));
+ VaultService.setActiveVault(vault);
+ $scope.active_vault = vault;
- //@TODO check if vault exists
+ $scope.pwSettings = VaultService.getVaultSetting('pwSettings',
+ {
+ 'length': 12,
+ 'useUppercase': true,
+ 'useLowercase': true,
+ 'useDigits': true,
+ 'useSpecialChars': true,
+ 'minimumDigitCount': 3,
+ 'avoidAmbiguousCharacters': false,
+ 'requireEveryCharType': true,
+ 'generateOnCreate': true
+ })
+ })
}
-
}
$scope.tabs = [{
diff --git a/js/app/controllers/revision.js b/js/app/controllers/revision.js
index 79f12a85..5de9c639 100644
--- a/js/app/controllers/revision.js
+++ b/js/app/controllers/revision.js
@@ -18,12 +18,27 @@ angular.module('passmanApp')
} else {
if (SettingsService.getSetting('defaultVault') && SettingsService.getSetting('defaultVaultPass')) {
var _vault = angular.copy(SettingsService.getSetting('defaultVault'));
- _vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass'));
- VaultService.setActiveVault(_vault);
- $scope.active_vault = _vault;
-
+ VaultService.getVault(_vault).then(function (vault) {
+ vault.vaultKey = SettingsService.getSetting('defaultVaultPass');
+ VaultService.setActiveVault(vault);
+ $scope.active_vault = vault;
+ $scope.$parent.selectedVault = true;
+ $scope.vault_settings.pwSettings = VaultService.getVaultSetting('pwSettings',
+ {
+ 'length': 12,
+ 'useUppercase': true,
+ 'useLowercase': true,
+ 'useDigits': true,
+ 'useSpecialChars': true,
+ 'minimumDigitCount': 3,
+ 'avoidAmbiguousCharacters': false,
+ 'requireEveryCharType': true,
+ 'generateOnCreate': true
+ })
+ })
}
}
+
if ($scope.active_vault) {
$scope.$parent.selectedVault = true;
}
diff --git a/js/app/controllers/share.js b/js/app/controllers/share.js
index beddbb83..59da86f7 100644
--- a/js/app/controllers/share.js
+++ b/js/app/controllers/share.js
@@ -105,12 +105,15 @@ angular.module('passmanApp')
var list = $scope.share_settings.credentialSharedWithUserAndGroup;
console.log(list);
for (var i = 0; i < list.length; i++){
+ console.log(list[i]);
if (list[i].type == "user") {
ShareService.getVaultsByUser(list[i].userId).then(function (data) {
+ console.log(list);
+ console.log(i);
list[i].vaults = data;
console.log(data);
var start = new Date().getTime() / 1000;
- ;
+
ShareService.cypherRSAStringWithPublicKeyBulkAsync(data, key)
.progress(function (data) {
console.log(data);
@@ -131,7 +134,7 @@ angular.module('passmanApp')
list[i].vaults = data;
console.log(data);
var start = new Date().getTime() / 1000;
- ;
+
ShareService.cypherRSAStringWithPublicKeyBulkAsync(data, key)
.progress(function (data) {
console.log(data);
diff --git a/js/app/controllers/vault.js b/js/app/controllers/vault.js
index 2959ce11..2f64271c 100644
--- a/js/app/controllers/vault.js
+++ b/js/app/controllers/vault.js
@@ -101,19 +101,17 @@ angular.module('passmanApp')
_vault.vaultKey = angular.copy(vault_key);
VaultService.setActiveVault(_vault);
- VaultService.getVault(vault).then(function (vault) {
- var credential = vault.credentials[0];
- try {
- var c = CredentialService.decryptCredential(credential);
- if ($scope.remember_vault_password) {
- SettingsService.setSetting('defaultVaultPass', vault_key);
- }
- _loginToVault(vault, vault_key);
-
- } catch (e) {
- $scope.error = 'Incorrect vault password!'
+ try {
+ var c = EncryptService.decryptString(vault.challenge_password);
+ if ($scope.remember_vault_password) {
+ SettingsService.setSetting('defaultVaultPass', vault_key);
}
- })
+ _loginToVault(vault, vault_key);
+
+ } catch (e) {
+ $scope.error = 'Incorrect vault password!'
+ }
+
};
diff --git a/js/templates.js b/js/templates.js
index 6bbd1668..606ad011 100644
--- a/js/templates.js
+++ b/js/templates.js
@@ -113,7 +113,7 @@ angular.module('views/share_credential.html', []).run(['$templateCache', functio
angular.module('views/show_vault.html', []).run(['$templateCache', function($templateCache) {
'use strict';
$templateCache.put('views/show_vault.html',
- '
{{credential.label}} {{tag.text}} |
');
+ '{{filtered_credentials}} {{ ::credential.label}} {{ ::tag.text}} |
');
}]);
angular.module('views/vaults.html', []).run(['$templateCache', function($templateCache) {
diff --git a/lib/Db/CredentialMapper.php b/lib/Db/CredentialMapper.php
index 519e7301..f60cffdf 100644
--- a/lib/Db/CredentialMapper.php
+++ b/lib/Db/CredentialMapper.php
@@ -32,6 +32,12 @@ class CredentialMapper extends Mapper {
return $this->findEntities($sql, [$user_id, $vault_id]);
}
+ public function getRandomCredentialByVaultId($vault_id, $user_id) {
+ $sql = 'SELECT * FROM `*PREFIX*passman_credentials` ' .
+ 'WHERE `user_id` = ? and vault_id = ? ORDER BY RAND() LIMIT 1';
+ return $this->findEntities($sql, [$user_id, $vault_id]);
+ }
+
public function getExpiredCredentials($timestamp){
$sql = 'SELECT * FROM `*PREFIX*passman_credentials` ' .
'WHERE `expire_time` > 0 AND `expire_time` < ?';
diff --git a/lib/Db/Vault.php b/lib/Db/Vault.php
index c840cdea..61b00ae6 100644
--- a/lib/Db/Vault.php
+++ b/lib/Db/Vault.php
@@ -49,7 +49,7 @@ class Vault extends Entity implements \JsonSerializable{
protected $privateSharingKey;
protected $sharingKeysGenerated;
protected $vaultSettings;
-
+
public function __construct() {
// add types in constructor
$this->addType('created', 'integer');
diff --git a/lib/Service/CredentialService.php b/lib/Service/CredentialService.php
index 56e1239b..9dbf8f33 100644
--- a/lib/Service/CredentialService.php
+++ b/lib/Service/CredentialService.php
@@ -44,6 +44,10 @@ class CredentialService {
return $this->credentialMapper->getCredentialsByVaultId($vault_id, $user_id);
}
+ public function getRandomCredentialByVaultId($vault_id, $user_id) {
+ return array_pop($this->credentialMapper->getRandomCredentialByVaultId($vault_id, $user_id));
+ }
+
public function getExpiredCredentials($timestamp) {
return $this->credentialMapper->getExpiredCredentials($timestamp);
}
diff --git a/templates/views/show_vault.html b/templates/views/show_vault.html
index 73a6d442..4333afda 100644
--- a/templates/views/show_vault.html
+++ b/templates/views/show_vault.html
@@ -57,6 +57,7 @@
+{{filtered_credentials}}
@@ -71,9 +72,9 @@
ng-class="{'selected': selectedCredential.credential_id == credential.credential_id}">
- {{credential.label}}
+ {{ ::credential.label}}
- {{tag.text}}
+ {{ ::tag.text}}
|
@@ -85,9 +86,9 @@
ng-click="selectCredential(credential)"
use-theme type="'border-color'">
-
{{credential.label}}
+
{{ ::credential.label}}