From 0a7c504b90fd8d21014a5554dc958447107d11b7 Mon Sep 17 00:00:00 2001 From: brantje Date: Fri, 30 Sep 2016 18:21:17 +0200 Subject: [PATCH 1/9] Fixes --- js/templates.js | 2 +- templates/views/show_vault.html | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/js/templates.js b/js/templates.js index 6bbd1668..db754cd4 100644 --- a/js/templates.js +++ b/js/templates.js @@ -113,7 +113,7 @@ angular.module('views/share_credential.html', []).run(['$templateCache', functio angular.module('views/show_vault.html', []).run(['$templateCache', function($templateCache) { 'use strict'; $templateCache.put('views/show_vault.html', - '
{{active_vault.name}}
Showing deleted since: All time {{delete_time | date:\'dd-MM-yyyy @ HH:mm:ss\'}} Showing {{filtered_credentials.length}} of {{active_vault.credentials.length}} credentials
+
  • New credential
  • New shared credential
{{credential.label}} {{tag.text}}
  • {{credential.label}}
    {{tag.text}}
Label{{selectedCredential.label}}
Account
Password
OTP
E-mail
URL
Files
{{file.filename}} ({{file.size | bytes}})
{{field.label}}
Expire time{{selectedCredential.expire_time * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}
Changed{{selectedCredential.changed * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}
Created{{selectedCredential.created * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}
{{tag.text}}
'); + '
{{active_vault.name}}
Showing deleted since: All time {{delete_time | date:\'dd-MM-yyyy @ HH:mm:ss\'}} Showing {{filtered_credentials.length}} of {{active_vault.credentials.length}} credentials
+
  • New credential
  • New shared credential
{{ ::credential.label}} {{ ::tag.text}}
  • {{ ::credential.label}}
    {{ ::tag.text}}
Label{{selectedCredential.label}}
Account
Password
OTP
E-mail
URL
Files
{{file.filename}} ({{file.size | bytes}})
{{field.label}}
Expire time{{selectedCredential.expire_time * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}
Changed{{selectedCredential.changed * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}
Created{{selectedCredential.created * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}
{{tag.text}}
'); }]); angular.module('views/vaults.html', []).run(['$templateCache', function($templateCache) { diff --git a/templates/views/show_vault.html b/templates/views/show_vault.html index 73a6d442..47ed21b6 100644 --- a/templates/views/show_vault.html +++ b/templates/views/show_vault.html @@ -71,9 +71,9 @@ ng-class="{'selected': selectedCredential.credential_id == credential.credential_id}"> - {{credential.label}} + {{ ::credential.label}} - {{tag.text}} + {{ ::tag.text}} @@ -85,9 +85,9 @@ ng-click="selectCredential(credential)" use-theme type="'border-color'">
-
{{credential.label}}
+
{{ ::credential.label}}
-
{{tag.text}}
+
{{ ::tag.text}}
From 484a88b7acc4246141f1c3dd00cbd67becde7b4b Mon Sep 17 00:00:00 2001 From: brantje Date: Fri, 30 Sep 2016 18:48:25 +0200 Subject: [PATCH 2/9] Fix loading password preferences at password creation --- js/app/controllers/credential.js | 2 +- js/app/controllers/edit_credential.js | 22 +++++++++++++++++----- js/app/controllers/revision.js | 23 +++++++++++++++++++---- 3 files changed, 37 insertions(+), 10 deletions(-) diff --git a/js/app/controllers/credential.js b/js/app/controllers/credential.js index 459af364..3beed800 100644 --- a/js/app/controllers/credential.js +++ b/js/app/controllers/credential.js @@ -22,7 +22,7 @@ angular.module('passmanApp') _vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass')); VaultService.setActiveVault(_vault); $scope.active_vault = _vault; - + console.log(_vault) //@TODO check if vault exists } diff --git a/js/app/controllers/edit_credential.js b/js/app/controllers/edit_credential.js index 11a7f600..21dfc8d5 100644 --- a/js/app/controllers/edit_credential.js +++ b/js/app/controllers/edit_credential.js @@ -18,13 +18,25 @@ angular.module('passmanApp') } else { if (SettingsService.getSetting('defaultVault') && SettingsService.getSetting('defaultVaultPass')) { var _vault = angular.copy(SettingsService.getSetting('defaultVault')); - _vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass')); - VaultService.setActiveVault(_vault); - $scope.active_vault = _vault; + VaultService.getVault(_vault).then(function (vault) { + vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass')); + VaultService.setActiveVault(vault); + $scope.active_vault = vault; - //@TODO check if vault exists + $scope.pwSettings = VaultService.getVaultSetting('pwSettings', + { + 'length': 12, + 'useUppercase': true, + 'useLowercase': true, + 'useDigits': true, + 'useSpecialChars': true, + 'minimumDigitCount': 3, + 'avoidAmbiguousCharacters': false, + 'requireEveryCharType': true, + 'generateOnCreate': true + }) + }) } - } $scope.tabs = [{ diff --git a/js/app/controllers/revision.js b/js/app/controllers/revision.js index 79f12a85..5de9c639 100644 --- a/js/app/controllers/revision.js +++ b/js/app/controllers/revision.js @@ -18,12 +18,27 @@ angular.module('passmanApp') } else { if (SettingsService.getSetting('defaultVault') && SettingsService.getSetting('defaultVaultPass')) { var _vault = angular.copy(SettingsService.getSetting('defaultVault')); - _vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass')); - VaultService.setActiveVault(_vault); - $scope.active_vault = _vault; - + VaultService.getVault(_vault).then(function (vault) { + vault.vaultKey = SettingsService.getSetting('defaultVaultPass'); + VaultService.setActiveVault(vault); + $scope.active_vault = vault; + $scope.$parent.selectedVault = true; + $scope.vault_settings.pwSettings = VaultService.getVaultSetting('pwSettings', + { + 'length': 12, + 'useUppercase': true, + 'useLowercase': true, + 'useDigits': true, + 'useSpecialChars': true, + 'minimumDigitCount': 3, + 'avoidAmbiguousCharacters': false, + 'requireEveryCharType': true, + 'generateOnCreate': true + }) + }) } } + if ($scope.active_vault) { $scope.$parent.selectedVault = true; } From 0bcc376706323f57c546d35b872f933011747633 Mon Sep 17 00:00:00 2001 From: brantje Date: Fri, 30 Sep 2016 19:12:00 +0200 Subject: [PATCH 3/9] Update readme --- README.md | 5 +++++ js/templates.js | 2 +- templates/views/show_vault.html | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index cae19edf..f7a0ea0d 100644 --- a/README.md +++ b/README.md @@ -34,3 +34,8 @@ To watch for changes use `grunt watch` ## Contributors Add yours when creating a pull request! - None + + +## FAQ +**are you adding something to check if malicious code is executing on the browser?** +No, because malitous code could edit the functions that check for malicious code. \ No newline at end of file diff --git a/js/templates.js b/js/templates.js index db754cd4..606ad011 100644 --- a/js/templates.js +++ b/js/templates.js @@ -113,7 +113,7 @@ angular.module('views/share_credential.html', []).run(['$templateCache', functio angular.module('views/show_vault.html', []).run(['$templateCache', function($templateCache) { 'use strict'; $templateCache.put('views/show_vault.html', - '
{{active_vault.name}}
Showing deleted since: All time {{delete_time | date:\'dd-MM-yyyy @ HH:mm:ss\'}} Showing {{filtered_credentials.length}} of {{active_vault.credentials.length}} credentials
+
  • New credential
  • New shared credential
{{ ::credential.label}} {{ ::tag.text}}
  • {{ ::credential.label}}
    {{ ::tag.text}}
Label{{selectedCredential.label}}
Account
Password
OTP
E-mail
URL
Files
{{file.filename}} ({{file.size | bytes}})
{{field.label}}
Expire time{{selectedCredential.expire_time * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}
Changed{{selectedCredential.changed * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}
Created{{selectedCredential.created * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}
{{tag.text}}
'); + '
{{active_vault.name}}
Showing deleted since: All time {{delete_time | date:\'dd-MM-yyyy @ HH:mm:ss\'}} Showing {{filtered_credentials.length}} of {{active_vault.credentials.length}} credentials
+
  • New credential
  • New shared credential
{{filtered_credentials}}
{{ ::credential.label}} {{ ::tag.text}}
  • {{ ::credential.label}}
    {{ ::tag.text}}
Label{{selectedCredential.label}}
Account
Password
OTP
E-mail
URL
Files
{{file.filename}} ({{file.size | bytes}})
{{field.label}}
Expire time{{selectedCredential.expire_time * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}
Changed{{selectedCredential.changed * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}
Created{{selectedCredential.created * 1000 | date:\'dd-MM-yyyy @ HH:mm:ss\'}}
{{tag.text}}
'); }]); angular.module('views/vaults.html', []).run(['$templateCache', function($templateCache) { diff --git a/templates/views/show_vault.html b/templates/views/show_vault.html index 47ed21b6..4333afda 100644 --- a/templates/views/show_vault.html +++ b/templates/views/show_vault.html @@ -57,6 +57,7 @@ +{{filtered_credentials}}
From 6cc5a9353604cb7455cf9c694de68ed64719ec51 Mon Sep 17 00:00:00 2001 From: brantje Date: Fri, 30 Sep 2016 19:12:13 +0200 Subject: [PATCH 4/9] Update readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f7a0ea0d..080ac580 100644 --- a/README.md +++ b/README.md @@ -37,5 +37,5 @@ Add yours when creating a pull request! ## FAQ -**are you adding something to check if malicious code is executing on the browser?** +**Are you adding something to check if malicious code is executing on the browser?** No, because malitous code could edit the functions that check for malicious code. \ No newline at end of file From 10b1762c72927d8556d5dbefc004cc739a3f24bc Mon Sep 17 00:00:00 2001 From: Marcos Zuriaga Date: Fri, 30 Sep 2016 19:47:22 +0200 Subject: [PATCH 5/9] Debug changes --- js/app/controllers/share.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/js/app/controllers/share.js b/js/app/controllers/share.js index beddbb83..59da86f7 100644 --- a/js/app/controllers/share.js +++ b/js/app/controllers/share.js @@ -105,12 +105,15 @@ angular.module('passmanApp') var list = $scope.share_settings.credentialSharedWithUserAndGroup; console.log(list); for (var i = 0; i < list.length; i++){ + console.log(list[i]); if (list[i].type == "user") { ShareService.getVaultsByUser(list[i].userId).then(function (data) { + console.log(list); + console.log(i); list[i].vaults = data; console.log(data); var start = new Date().getTime() / 1000; - ; + ShareService.cypherRSAStringWithPublicKeyBulkAsync(data, key) .progress(function (data) { console.log(data); @@ -131,7 +134,7 @@ angular.module('passmanApp') list[i].vaults = data; console.log(data); var start = new Date().getTime() / 1000; - ; + ShareService.cypherRSAStringWithPublicKeyBulkAsync(data, key) .progress(function (data) { console.log(data); From 0ff6065f4b600651ef82aeea0b7078aa55cf21ae Mon Sep 17 00:00:00 2001 From: brantje Date: Fri, 30 Sep 2016 20:43:20 +0200 Subject: [PATCH 6/9] Implement a challenge password --- controller/vaultcontroller.php | 23 +++++++++++++++++++++-- js/app/controllers/vault.js | 23 ++++++++++++----------- lib/Db/CredentialMapper.php | 6 ++++++ lib/Db/Vault.php | 4 ++++ lib/Service/CredentialService.php | 4 ++++ 5 files changed, 47 insertions(+), 13 deletions(-) diff --git a/controller/vaultcontroller.php b/controller/vaultcontroller.php index d6009b18..c908f5c0 100644 --- a/controller/vaultcontroller.php +++ b/controller/vaultcontroller.php @@ -38,9 +38,28 @@ class VaultController extends ApiController { * @NoAdminRequired */ public function listVaults() { - + $result = array(); $vaults = $this->vaultService->getByUser($this->userId); - return new JSONResponse($vaults); + + $protected_credential_fields = array('getDescription','getEmail','getUsername','getPassword'); + + foreach($vaults as $vault){ + $credential = $this->credentialService->getRandomCredentialByVaultId($vault->getId(), $this->userId); + $secret_field = $protected_credential_fields[array_rand($protected_credential_fields)]; + $challenge_password = $credential->{$secret_field}(); + $vault = array( + 'vault_id' => $vault->getId(), + 'guid' => $vault->getGuid(), + 'name' => $vault->getName(), + 'created' => $vault->getCreated(), + 'public_sharing_key' => $vault->getPublicSharingKey(), + 'last_access' => $vault->getlastAccess(), + 'challenge_password' => $challenge_password + ); + array_push($result, $vault); + } + + return new JSONResponse($result); } /** diff --git a/js/app/controllers/vault.js b/js/app/controllers/vault.js index 2959ce11..be1f9cfb 100644 --- a/js/app/controllers/vault.js +++ b/js/app/controllers/vault.js @@ -101,19 +101,20 @@ angular.module('passmanApp') _vault.vaultKey = angular.copy(vault_key); VaultService.setActiveVault(_vault); - VaultService.getVault(vault).then(function (vault) { - var credential = vault.credentials[0]; - try { - var c = CredentialService.decryptCredential(credential); - if ($scope.remember_vault_password) { - SettingsService.setSetting('defaultVaultPass', vault_key); - } - _loginToVault(vault, vault_key); - } catch (e) { - $scope.error = 'Incorrect vault password!' + + var challenge_password = vault.challenge_password; + try { + var c = EncryptService.decryptString(challenge_password); + if ($scope.remember_vault_password) { + SettingsService.setSetting('defaultVaultPass', vault_key); } - }) + _loginToVault(vault, vault_key); + + } catch (e) { + $scope.error = 'Incorrect vault password!' + } + }; diff --git a/lib/Db/CredentialMapper.php b/lib/Db/CredentialMapper.php index 519e7301..f60cffdf 100644 --- a/lib/Db/CredentialMapper.php +++ b/lib/Db/CredentialMapper.php @@ -32,6 +32,12 @@ class CredentialMapper extends Mapper { return $this->findEntities($sql, [$user_id, $vault_id]); } + public function getRandomCredentialByVaultId($vault_id, $user_id) { + $sql = 'SELECT * FROM `*PREFIX*passman_credentials` ' . + 'WHERE `user_id` = ? and vault_id = ? ORDER BY RAND() LIMIT 1'; + return $this->findEntities($sql, [$user_id, $vault_id]); + } + public function getExpiredCredentials($timestamp){ $sql = 'SELECT * FROM `*PREFIX*passman_credentials` ' . 'WHERE `expire_time` > 0 AND `expire_time` < ?'; diff --git a/lib/Db/Vault.php b/lib/Db/Vault.php index c840cdea..d3ff393f 100644 --- a/lib/Db/Vault.php +++ b/lib/Db/Vault.php @@ -33,6 +33,9 @@ use \OCP\AppFramework\Db\Entity; * @method integer getSharingKeysGenerated() * @method void setVaultSettings(integer $value) * @method integer getVaultSettings() + * @method void setVaultPass(string $value) + * @method string getVaultPass() + */ @@ -49,6 +52,7 @@ class Vault extends Entity implements \JsonSerializable{ protected $privateSharingKey; protected $sharingKeysGenerated; protected $vaultSettings; + protected $vaultPass; public function __construct() { // add types in constructor diff --git a/lib/Service/CredentialService.php b/lib/Service/CredentialService.php index 56e1239b..9dbf8f33 100644 --- a/lib/Service/CredentialService.php +++ b/lib/Service/CredentialService.php @@ -44,6 +44,10 @@ class CredentialService { return $this->credentialMapper->getCredentialsByVaultId($vault_id, $user_id); } + public function getRandomCredentialByVaultId($vault_id, $user_id) { + return array_pop($this->credentialMapper->getRandomCredentialByVaultId($vault_id, $user_id)); + } + public function getExpiredCredentials($timestamp) { return $this->credentialMapper->getExpiredCredentials($timestamp); } From 9dd4a86ec4fba8e6cfc23bb6488a06ce918881a6 Mon Sep 17 00:00:00 2001 From: brantje Date: Fri, 30 Sep 2016 20:46:06 +0200 Subject: [PATCH 7/9] Remove temp var --- js/app/controllers/vault.js | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/js/app/controllers/vault.js b/js/app/controllers/vault.js index be1f9cfb..2f64271c 100644 --- a/js/app/controllers/vault.js +++ b/js/app/controllers/vault.js @@ -101,11 +101,8 @@ angular.module('passmanApp') _vault.vaultKey = angular.copy(vault_key); VaultService.setActiveVault(_vault); - - - var challenge_password = vault.challenge_password; try { - var c = EncryptService.decryptString(challenge_password); + var c = EncryptService.decryptString(vault.challenge_password); if ($scope.remember_vault_password) { SettingsService.setSetting('defaultVaultPass', vault_key); } From c94870e1c38317014dfb10af77e4e4e5e3aef477 Mon Sep 17 00:00:00 2001 From: brantje Date: Fri, 30 Sep 2016 20:49:35 +0200 Subject: [PATCH 8/9] Clean up code --- controller/vaultcontroller.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/controller/vaultcontroller.php b/controller/vaultcontroller.php index c908f5c0..191d1d9a 100644 --- a/controller/vaultcontroller.php +++ b/controller/vaultcontroller.php @@ -46,17 +46,15 @@ class VaultController extends ApiController { foreach($vaults as $vault){ $credential = $this->credentialService->getRandomCredentialByVaultId($vault->getId(), $this->userId); $secret_field = $protected_credential_fields[array_rand($protected_credential_fields)]; - $challenge_password = $credential->{$secret_field}(); - $vault = array( + array_push($result, array( 'vault_id' => $vault->getId(), 'guid' => $vault->getGuid(), 'name' => $vault->getName(), 'created' => $vault->getCreated(), 'public_sharing_key' => $vault->getPublicSharingKey(), 'last_access' => $vault->getlastAccess(), - 'challenge_password' => $challenge_password - ); - array_push($result, $vault); + 'challenge_password' => $credential->{$secret_field}() + )); } return new JSONResponse($result); From 3af9e39488b034c78ae6a7d25b1501d781ed8126 Mon Sep 17 00:00:00 2001 From: brantje Date: Fri, 30 Sep 2016 20:56:17 +0200 Subject: [PATCH 9/9] Clean up code --- lib/Db/Vault.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/Db/Vault.php b/lib/Db/Vault.php index d3ff393f..61b00ae6 100644 --- a/lib/Db/Vault.php +++ b/lib/Db/Vault.php @@ -33,9 +33,6 @@ use \OCP\AppFramework\Db\Entity; * @method integer getSharingKeysGenerated() * @method void setVaultSettings(integer $value) * @method integer getVaultSettings() - * @method void setVaultPass(string $value) - * @method string getVaultPass() - */ @@ -52,8 +49,7 @@ class Vault extends Entity implements \JsonSerializable{ protected $privateSharingKey; protected $sharingKeysGenerated; protected $vaultSettings; - protected $vaultPass; - + public function __construct() { // add types in constructor $this->addType('created', 'integer');