Merge pull request #542 from nextcloud/feature/540/markcredentialascompromised

Feature/540/markcredentialascompromised

appinfo/database.xml

@@ -229,6 +229,10 @@
 				<type>boolean</type>
 				<default>false</default>
 			</field>
+			<field>
+				<name>compromised</name>
+				<type>clob</type>
+			</field>
 			<field>
 				<name>shared_key</name>
 				<type>clob</type>

controller/credentialcontroller.php

@@ -70,7 +70,7 @@ class CredentialController extends ApiController {
 									 $credential_id, $custom_fields, $delete_time,
 									 $description, $email, $expire_time, $favicon, $files, $guid,
 									 $hidden, $label, $otp, $password, $renew_interval,
-									 $tags, $url, $username, $vault_id) {
+									 $tags, $url, $username, $vault_id, $compromised) {
 		$credential = array(
 			'credential_id' => $credential_id,
 			'guid' => $guid,
@@ -93,6 +93,7 @@ class CredentialController extends ApiController {
 			'custom_fields' => $custom_fields,
 			'otp' => $otp,
 			'hidden' => $hidden,
+			'compromised' => $compromised
 
 		);
 
@@ -125,7 +126,7 @@ class CredentialController extends ApiController {
 									 $credential_id, $custom_fields, $delete_time, $credential_guid,
 									 $description, $email, $expire_time, $icon, $files, $guid,
 									 $hidden, $label, $otp, $password, $renew_interval,
-									 $tags, $url, $username, $vault_id, $revision_created, $shared_key, $acl, $unshare_action, $set_share_key, $skip_revision) {
+									 $tags, $url, $username, $vault_id, $revision_created, $shared_key, $acl, $unshare_action, $set_share_key, $skip_revision, $compromised) {
 
 
 		$storedCredential = $this->credentialService->getCredentialByGUID($credential_guid);
@@ -151,7 +152,8 @@ class CredentialController extends ApiController {
 			'delete_time' => $delete_time,
 			'hidden' => $hidden,
 			'otp' => $otp,
-			'user_id' => $storedCredential->getUserId()
+			'user_id' => $storedCredential->getUserId(),
+			'compromised' => $compromised
 		);
 
 

controller/translationcontroller.php

@@ -420,6 +420,11 @@ class TranslationController extends ApiController {
 			'share.page.link_loading' => $this->trans->t('Loading…'),
 			'expired.share' => $this->trans->t('Awwhh… credential not found. Maybe it expired'),
 
+			//compromised credentials
+			'compromised.label' => $this->trans->t('Compromise!'),
+			'compromised.warning.list' => $this->trans->t('Compromised!'),
+			'compromised.warning' => $this->trans->t('This password is compromised. You can only remove this warning with changing the password.'),
+
 			//searchboxexpanderservice
 			'search.settings.input.label' => $this->trans->t('Label'),
 			'search.settings.input.username' => $this->trans->t('Username'),

js/app/controllers/edit_credential.js

@@ -113,6 +113,9 @@
 					$scope.storedCredential.expire_time = $scope.storedCredential.expire_time * 1000;
 				}
 
+				//store password to check if it was changed if this credential has been compromised
+				$scope.oldPassword=$scope.storedCredential.password;
+
 				$scope.getTags = function ($query) {
 					return TagService.searchTag($query);
 				};
@@ -293,9 +296,20 @@
 
 				$scope.saving = false;
 
+				$scope.compromise = function () {
+					console.log("This password was compromised");
+					$scope.storedCredential.compromised=true;
+				};
+
 				$scope.saveCredential = function () {
 					$scope.saving = true;
 
+					if($scope.storedCredential.compromised){
+						if($scope.oldPassword !== $scope.storedCredential.password){
+							$scope.storedCredential.compromised=false;
+						}
+					}
+
 					if ($scope.new_custom_field.label && $scope.new_custom_field.value) {
 						$scope.storedCredential.custom_fields.push(angular.copy($scope.new_custom_field));
 					}

js/app/services/credentialservice.js

@@ -55,9 +55,10 @@
 				'files': [],
 				'custom_fields': [],
 				'otp': {},
+				'compromised': false,
 				'hidden': false
 			};
-			var _encryptedFields = ['description', 'username', 'password', 'files', 'custom_fields', 'otp', 'email', 'tags', 'url'];
+			var _encryptedFields = ['description', 'username', 'password', 'files', 'custom_fields', 'otp', 'email', 'tags', 'url', 'compromised'];
 
 
 			return {
@@ -140,7 +141,11 @@
 						var fieldValue = angular.copy(credential[field]);
 						var field_decrypted_value;
 						try {
-							field_decrypted_value = EncryptService.decryptString(fieldValue, key);
+							if(fieldValue!==null){
+								field_decrypted_value = EncryptService.decryptString(fieldValue, key);
+							}else{
+								field_decrypted_value=null;
+							}
 						} catch (e) {
 							throw e;
 						}

lib/Db/Credential.php

@@ -70,6 +70,8 @@ use \OCP\AppFramework\Db\Entity;
  * @method string getHidden()
  * @method void setSharedKey(string $value)
  * @method string getSharedKey()
+ * @method void setCompromised(bool $value)
+ * @method bool getCompromised()
 
 
 
@@ -101,6 +103,7 @@ class Credential extends Entity implements  \JsonSerializable{
 	protected $otp;
 	protected $hidden;
 	protected $sharedKey;
+	protected $compromised;
 
 	public function __construct() {
 		// add types in constructor
@@ -142,6 +145,7 @@ class Credential extends Entity implements  \JsonSerializable{
 			'otp' => $this->getOtp(),
 			'hidden' => $this->getHidden(),
 			'shared_key' => $this->getSharedKey(),
+			'compromised' => $this->getCompromised()
 		];
 	}
 }

lib/Db/CredentialMapper.php

@@ -138,6 +138,7 @@ class CredentialMapper extends Mapper {
 		$credential->setCustomFields($raw_credential['custom_fields']);
 		$credential->setOtp($raw_credential['otp']);
 		$credential->setHidden($raw_credential['hidden']);
+		$credential->setCompromised($raw_credential['compromised']);
 		if (isset($raw_credential['shared_key'])) {
 			$credential->setSharedKey($raw_credential['shared_key']);
 		}
@@ -177,6 +178,7 @@ class CredentialMapper extends Mapper {
 		$credential->setOtp($raw_credential['otp']);
 		$credential->setHidden($raw_credential['hidden']);
 		$credential->setDeleteTime($raw_credential['delete_time']);
+		$credential->setCompromised($raw_credential['compromised']);
 
 		if (isset($raw_credential['shared_key'])) {
 			$credential->setSharedKey($raw_credential['shared_key']);

sass/credentials.scss

@@ -214,6 +214,25 @@
         &.selected {
           background-color: #f8f8f8;
         }
+
+        .compromised {
+          background-color: #f74040;
+        }
+        .compromised:hover {
+          background-color: darken(#f74040, 15%);
+        }
+        .compromised-list{
+          display: inline-block;
+          margin-left: 50px;
+          .icon{
+            height: 18px;
+          }
+          .text{
+            font-style: italic;
+            font-weight: bold;
+          }
+        }
+
         td {
           cursor: pointer;
           padding: 5px;
@@ -348,6 +367,26 @@
       input[type="text"], input[type="password"] {
         width: 100%;
       }
+      .compromised-button{
+        margin-top: 15px;
+        background-color: #e60000;
+        color: black;
+      }
+
+      .compromised-details{
+        margin-top: 15px;
+        display: flex;
+        .icon{
+          float: left;
+          height: 20px;
+        }
+        .text{
+          padding-left: 5px;
+          padding-right: 30px;
+          color: #e9322d;
+        }
+      }
+
       .tags {
         float: left;
         .tag {
@@ -513,6 +552,20 @@
       overflow-y: auto;
 
       .credential-data {
+        .compromised-details{
+          margin-top: 15px;
+          margin-bottom: 15px;
+          display: flex;
+          .icon{
+            float: left;
+            height: 20px;
+          }
+          .text{
+            padding-left: 5px;
+            padding-right: 30px;
+            color: #e9322d;
+          }
+        }
         .row {
           margin-bottom: 11px;
         }

templates/views/partials/credential_template.html

@@ -5,6 +5,11 @@
 													  value="credential.label"></span></div>
 	</div>
 
+	<div class="compromised-details" ng-show="credential.compromised">
+		<div class="icon-error-color icon"></div>
+		<div class="text">{{ 'compromised.warning' | translate }}</div>
+	</div>
+
 	<div class="row" ng-show="credential.username">
 		<div class="col-xs-4 col-md-3 col-lg-3">{{ 'account' | translate }}</div>
 		<div class="col-xs-8 col-md-9 col-lg-9"><span credential-field

templates/views/partials/forms/edit_credential/basics.html

@@ -40,6 +40,14 @@
 			</tags-input>
 		</div>
 	</div>
+	<div class="col-xs-12 col-md-6">
+		<button class="compromised-button" ng-click="compromise()">{{ 'compromised.label' | translate}}</button>
+		<div class="compromised-details" ng-show="storedCredential.compromised">
+			<div class="icon-error-color icon"></div>
+			<div class="text">{{ 'compromised.warning' | translate }}</div>
+
+		</div>
+	</div>
 </div>
 
 

templates/views/show_vault.html

@@ -41,9 +41,9 @@
 			   ng-if="view_mode === 'list'">
 			<tr ng-repeat="credential in filtered_credentials | orderBy:'label'"
 				ng-if="showCredentialRow(credential)"
-				ng-click="selectCredential(credential)"  ng-dblclick="editCredential(credential)"
+				ng-click="selectCredential(credential)" ng-dblclick="editCredential(credential)"
 				ng-class="{'selected': selectedCredential.credential_id == credential.credential_id}">
-				<td>
+				<td ng-class="{'compromised': credential.compromised }">
 					<span class="tags">
 					<span class="tag" ng-repeat="tag in credential.tags_raw">{{ ::tag.text}}</span>
 
@@ -57,8 +57,10 @@
 						<i class="fa fa-share-alt-square" ng-if="credential.shared_key"> </i>
 					</span>
 					<a class="label">{{ ::credential.label}}</a>
-
-
+					<span ng-if="credential.compromised" class="compromised-list">
+						<i class="icon-error icon"></i>
+						<span class="text">{{ 'compromised.warning.list' | translate}}</span>
+					</span>
 				</td>
 			</tr>
 		</table>