Merge branch 'challengePassword'

README.md

@@ -34,3 +34,8 @@ To watch for changes use `grunt watch`
 ## Contributors
 Add yours when creating a pull request!
 - None
+
+
+## FAQ
+**Are you adding something to check if malicious code is executing on the browser?**   
+No, because malitous code could edit the functions that check for malicious code.

controller/vaultcontroller.php

@@ -38,9 +38,26 @@ class VaultController extends ApiController {
 	 * @NoAdminRequired
 	 */
 	public function listVaults() {
-
+		$result = array();
 		$vaults = $this->vaultService->getByUser($this->userId);
-		return new JSONResponse($vaults);
+
+		$protected_credential_fields = array('getDescription','getEmail','getUsername','getPassword');
+
+		foreach($vaults as $vault){
+			$credential = $this->credentialService->getRandomCredentialByVaultId($vault->getId(), $this->userId);
+			$secret_field = $protected_credential_fields[array_rand($protected_credential_fields)];
+			array_push($result, array(
+				'vault_id' => $vault->getId(),
+				'guid' => $vault->getGuid(),
+				'name' => $vault->getName(),
+				'created' => $vault->getCreated(),
+				'public_sharing_key' => $vault->getPublicSharingKey(),
+				'last_access' => $vault->getlastAccess(),
+				'challenge_password' => $credential->{$secret_field}()
+			));
+		}
+
+		return new JSONResponse($result);
 	}
 
 	/**

js/app/controllers/credential.js

@@ -22,7 +22,7 @@ angular.module('passmanApp')
 					_vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass'));
 					VaultService.setActiveVault(_vault);
 					$scope.active_vault = _vault;
-
+					console.log(_vault)
 					//@TODO check if vault exists
 				}
 

js/app/controllers/edit_credential.js

@@ -18,13 +18,25 @@ angular.module('passmanApp')
 			} else {
 				if (SettingsService.getSetting('defaultVault') && SettingsService.getSetting('defaultVaultPass')) {
 					var _vault = angular.copy(SettingsService.getSetting('defaultVault'));
-					_vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass'));
-					VaultService.setActiveVault(_vault);
-					$scope.active_vault = _vault;
+					VaultService.getVault(_vault).then(function (vault) {
+						vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass'));
+						VaultService.setActiveVault(vault);
+						$scope.active_vault = vault;
 
-					//@TODO check if vault exists
+						$scope.pwSettings = VaultService.getVaultSetting('pwSettings',
+							{
+								'length': 12,
+								'useUppercase': true,
+								'useLowercase': true,
+								'useDigits': true,
+								'useSpecialChars': true,
+								'minimumDigitCount': 3,
+								'avoidAmbiguousCharacters': false,
+								'requireEveryCharType': true,
+								'generateOnCreate': true
+							})
+					})
 				}
-
 			}
 
 			$scope.tabs = [{

js/app/controllers/revision.js

@@ -18,12 +18,27 @@ angular.module('passmanApp')
 			} else {
 				if (SettingsService.getSetting('defaultVault') && SettingsService.getSetting('defaultVaultPass')) {
 					var _vault = angular.copy(SettingsService.getSetting('defaultVault'));
-					_vault.vaultKey = angular.copy(SettingsService.getSetting('defaultVaultPass'));
-					VaultService.setActiveVault(_vault);
-					$scope.active_vault = _vault;
+					VaultService.getVault(_vault).then(function (vault) {
+						vault.vaultKey = SettingsService.getSetting('defaultVaultPass');
+						VaultService.setActiveVault(vault);
+						$scope.active_vault = vault;
+						$scope.$parent.selectedVault = true;
+						$scope.vault_settings.pwSettings = VaultService.getVaultSetting('pwSettings',
+							{
+								'length': 12,
+								'useUppercase': true,
+								'useLowercase': true,
+								'useDigits': true,
+								'useSpecialChars': true,
+								'minimumDigitCount': 3,
+								'avoidAmbiguousCharacters': false,
+								'requireEveryCharType': true,
+								'generateOnCreate': true
+							})
+					})
+				}
+			}
 
-				}
-			}
 			if ($scope.active_vault) {
 				$scope.$parent.selectedVault = true;
 			}

js/app/controllers/share.js

@@ -105,12 +105,15 @@ angular.module('passmanApp')
 				var list = $scope.share_settings.credentialSharedWithUserAndGroup;
 				console.log(list);
 				for (var i = 0; i < list.length; i++){
+					console.log(list[i]);
 					if (list[i].type == "user") {
 						ShareService.getVaultsByUser(list[i].userId).then(function (data) {
+							console.log(list);
+							console.log(i);
 							list[i].vaults = data;
 							console.log(data);
 							var start = new Date().getTime() / 1000;
-							;
+
 							ShareService.cypherRSAStringWithPublicKeyBulkAsync(data, key)
 								.progress(function (data) {
 									console.log(data);
@@ -131,7 +134,7 @@ angular.module('passmanApp')
 								list[i].vaults = data;
 								console.log(data);
 								var start = new Date().getTime() / 1000;
-								;
+
 								ShareService.cypherRSAStringWithPublicKeyBulkAsync(data, key)
 									.progress(function (data) {
 										console.log(data);

js/app/controllers/vault.js

@@ -101,10 +101,8 @@ angular.module('passmanApp')
 			_vault.vaultKey = angular.copy(vault_key);
 
 			VaultService.setActiveVault(_vault);
-			VaultService.getVault(vault).then(function (vault) {
-				var credential = vault.credentials[0];
 			try {
-					var c = CredentialService.decryptCredential(credential);
+				var c = EncryptService.decryptString(vault.challenge_password);
 				if ($scope.remember_vault_password) {
 					SettingsService.setSetting('defaultVaultPass', vault_key);
 				}
@@ -113,7 +111,7 @@ angular.module('passmanApp')
 			} catch (e) {
 				$scope.error = 'Incorrect vault password!'
 			}
-			})
+
 		};
 
 

lib/Db/CredentialMapper.php

@@ -32,6 +32,12 @@ class CredentialMapper extends Mapper {
 		return $this->findEntities($sql, [$user_id, $vault_id]);
 	}
 
+	public function getRandomCredentialByVaultId($vault_id, $user_id) {
+		$sql = 'SELECT * FROM `*PREFIX*passman_credentials` ' .
+			'WHERE `user_id` = ? and vault_id = ? ORDER BY RAND() LIMIT 1';
+		return $this->findEntities($sql, [$user_id, $vault_id]);
+	}
+
 	public function getExpiredCredentials($timestamp){
 		$sql = 'SELECT * FROM `*PREFIX*passman_credentials` ' .
 			'WHERE `expire_time` > 0 AND `expire_time` < ?';

lib/Service/CredentialService.php

@@ -44,6 +44,10 @@ class CredentialService {
 		return $this->credentialMapper->getCredentialsByVaultId($vault_id, $user_id);
 	}
 
+	public function getRandomCredentialByVaultId($vault_id, $user_id) {
+		return array_pop($this->credentialMapper->getRandomCredentialByVaultId($vault_id, $user_id));
+	}
+
 	public function getExpiredCredentials($timestamp) {
 		return $this->credentialMapper->getExpiredCredentials($timestamp);
 	}

templates/views/show_vault.html

@@ -57,6 +57,7 @@
 		</div>
 	</div>
 </div>
+{{filtered_credentials}}
 <div off-click="closeSelected()">
 
 	<div class="loaderContainer" ng-if="show_spinner">
@@ -71,9 +72,9 @@
 				ng-class="{'selected': selectedCredential.credential_id == credential.credential_id}">
 				<td>
 					<span class="icon"><i class="fa fa-lock"></i> </span>
-					<span class="label">{{credential.label}}</span>
+					<span class="label">{{ ::credential.label}}</span>
 					<span class="tags">
-				<span class="tag" ng-repeat="tag in credential.tags_raw">{{tag.text}}</span>
+				<span class="tag" ng-repeat="tag in credential.tags_raw">{{ ::tag.text}}</span>
 
 			</span>
 				</td>
@@ -85,9 +86,9 @@
 					ng-click="selectCredential(credential)"
 					use-theme type="'border-color'">
 					<div class="credential_content" >
-						<div class="label">{{credential.label}}</div>
+						<div class="label">{{ ::credential.label}}</div>
 						<div class="tags">
-							<div class="tag" ng-repeat="tag in credential.tags_raw">{{tag.text}}</div>
+							<div class="tag" ng-repeat="tag in credential.tags_raw">{{ ::tag.text}}</div>
 						</div>
 					</div>
 				</li>