From 5733031bcd1fc94b8cbe03bd82b0d989fac542dd Mon Sep 17 00:00:00 2001 From: fnuesse Date: Tue, 8 Jan 2019 21:04:03 +0100 Subject: [PATCH 1/7] Added compromised stlye to credentiallist Signed-off-by: fnuesse --- sass/credentials.scss | 8 ++++++++ templates/views/show_vault.html | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/sass/credentials.scss b/sass/credentials.scss index d5816e72..dbcde808 100644 --- a/sass/credentials.scss +++ b/sass/credentials.scss @@ -214,6 +214,14 @@ &.selected { background-color: #f8f8f8; } + + .compromised { + background-color: #f74040; + } + .compromised:hover { + background-color: darken(#f74040, 4%); + } + td { cursor: pointer; padding: 5px; diff --git a/templates/views/show_vault.html b/templates/views/show_vault.html index f1359f68..aaa6ebd0 100644 --- a/templates/views/show_vault.html +++ b/templates/views/show_vault.html @@ -41,9 +41,9 @@ ng-if="view_mode === 'list'"> - + {{ ::tag.text}} From deee11f454548d22d11fc90f0eab09d52bb1f7a3 Mon Sep 17 00:00:00 2001 From: fnuesse Date: Tue, 8 Jan 2019 21:23:27 +0100 Subject: [PATCH 2/7] Added compromised state to database Signed-off-by: fnuesse --- appinfo/database.xml | 4 ++++ appinfo/info.xml | 6 +++--- controller/credentialcontroller.php | 8 +++++--- js/app/controllers/credential.js | 3 +++ js/app/services/credentialservice.js | 11 +++++++++-- lib/Db/Credential.php | 4 ++++ lib/Db/CredentialMapper.php | 2 ++ 7 files changed, 30 insertions(+), 8 deletions(-) diff --git a/appinfo/database.xml b/appinfo/database.xml index 88cd1ad0..c4c18fb5 100644 --- a/appinfo/database.xml +++ b/appinfo/database.xml @@ -229,6 +229,10 @@ boolean false + + compromised + clob + shared_key clob diff --git a/appinfo/info.xml b/appinfo/info.xml index b5041a01..1f23ff1b 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -19,7 +19,7 @@ Features: - Import from various password managers (KeePass, LastPass, DashLane, ZOHO, Clipperz.is ) For an demo of this app visit [https://demo.passman.cc](https://demo.passman.cc) ]]> - 2.2.1 + 2.2.7 agpl Sander Brand Marcos Zuriaga @@ -42,8 +42,8 @@ For an demo of this app visit [https://demo.passman.cc](https://demo.passman.cc) pgsql mysql openssl - - + + diff --git a/controller/credentialcontroller.php b/controller/credentialcontroller.php index cb3a3265..96e5accc 100644 --- a/controller/credentialcontroller.php +++ b/controller/credentialcontroller.php @@ -70,7 +70,7 @@ class CredentialController extends ApiController { $credential_id, $custom_fields, $delete_time, $description, $email, $expire_time, $favicon, $files, $guid, $hidden, $label, $otp, $password, $renew_interval, - $tags, $url, $username, $vault_id) { + $tags, $url, $username, $vault_id, $compromised) { $credential = array( 'credential_id' => $credential_id, 'guid' => $guid, @@ -93,6 +93,7 @@ class CredentialController extends ApiController { 'custom_fields' => $custom_fields, 'otp' => $otp, 'hidden' => $hidden, + 'compromised' => $compromised ); @@ -125,7 +126,7 @@ class CredentialController extends ApiController { $credential_id, $custom_fields, $delete_time, $credential_guid, $description, $email, $expire_time, $icon, $files, $guid, $hidden, $label, $otp, $password, $renew_interval, - $tags, $url, $username, $vault_id, $revision_created, $shared_key, $acl, $unshare_action, $set_share_key, $skip_revision) { + $tags, $url, $username, $vault_id, $revision_created, $shared_key, $acl, $unshare_action, $set_share_key, $skip_revision, $compromised) { $storedCredential = $this->credentialService->getCredentialByGUID($credential_guid); @@ -151,7 +152,8 @@ class CredentialController extends ApiController { 'delete_time' => $delete_time, 'hidden' => $hidden, 'otp' => $otp, - 'user_id' => $storedCredential->getUserId() + 'user_id' => $storedCredential->getUserId(), + 'compromised' => $compromised ); diff --git a/js/app/controllers/credential.js b/js/app/controllers/credential.js index 0ad511aa..be6f41fc 100644 --- a/js/app/controllers/credential.js +++ b/js/app/controllers/credential.js @@ -105,6 +105,9 @@ } angular.merge($scope.active_vault.credentials, _credentials); $scope.show_spinner = false; + + console.log($scope.active_vault.credentials) + $rootScope.$broadcast('credentials_loaded'); $rootScope.vaultCache[$scope.active_vault.guid] = angular.copy($scope.active_vault); if(!vault.private_sharing_key){ diff --git a/js/app/services/credentialservice.js b/js/app/services/credentialservice.js index 4c5d5f3b..b2859cfa 100644 --- a/js/app/services/credentialservice.js +++ b/js/app/services/credentialservice.js @@ -55,9 +55,10 @@ 'files': [], 'custom_fields': [], 'otp': {}, + 'compromised': false, 'hidden': false }; - var _encryptedFields = ['description', 'username', 'password', 'files', 'custom_fields', 'otp', 'email', 'tags', 'url']; + var _encryptedFields = ['description', 'username', 'password', 'files', 'custom_fields', 'otp', 'email', 'tags', 'url', 'compromised']; return { @@ -140,8 +141,14 @@ var fieldValue = angular.copy(credential[field]); var field_decrypted_value; try { - field_decrypted_value = EncryptService.decryptString(fieldValue, key); + if(fieldValue!==null){ + field_decrypted_value = EncryptService.decryptString(fieldValue, key); + }else{ + field_decrypted_value=null; + } } catch (e) { + console.log(fieldValue) + console.log(e) throw e; } try { diff --git a/lib/Db/Credential.php b/lib/Db/Credential.php index 02187e0b..d99b2511 100644 --- a/lib/Db/Credential.php +++ b/lib/Db/Credential.php @@ -70,6 +70,8 @@ use \OCP\AppFramework\Db\Entity; * @method string getHidden() * @method void setSharedKey(string $value) * @method string getSharedKey() + * @method void setCompromised(bool $value) + * @method bool getCompromised() @@ -101,6 +103,7 @@ class Credential extends Entity implements \JsonSerializable{ protected $otp; protected $hidden; protected $sharedKey; + protected $compromised; public function __construct() { // add types in constructor @@ -142,6 +145,7 @@ class Credential extends Entity implements \JsonSerializable{ 'otp' => $this->getOtp(), 'hidden' => $this->getHidden(), 'shared_key' => $this->getSharedKey(), + 'compromised' => $this->getCompromised() ]; } } \ No newline at end of file diff --git a/lib/Db/CredentialMapper.php b/lib/Db/CredentialMapper.php index 46cbe073..2ae6e8e3 100644 --- a/lib/Db/CredentialMapper.php +++ b/lib/Db/CredentialMapper.php @@ -138,6 +138,7 @@ class CredentialMapper extends Mapper { $credential->setCustomFields($raw_credential['custom_fields']); $credential->setOtp($raw_credential['otp']); $credential->setHidden($raw_credential['hidden']); + $credential->setCompromised($raw_credential['compromised']); if (isset($raw_credential['shared_key'])) { $credential->setSharedKey($raw_credential['shared_key']); } @@ -177,6 +178,7 @@ class CredentialMapper extends Mapper { $credential->setOtp($raw_credential['otp']); $credential->setHidden($raw_credential['hidden']); $credential->setDeleteTime($raw_credential['delete_time']); + $credential->setCompromised($raw_credential['compromised']); if (isset($raw_credential['shared_key'])) { $credential->setSharedKey($raw_credential['shared_key']); From 2a1c5b2777c3141fda6679e2e612ae028f947f74 Mon Sep 17 00:00:00 2001 From: fnuesse Date: Tue, 8 Jan 2019 21:40:23 +0100 Subject: [PATCH 3/7] Added Button to compromise to edit_credential.js Signed-off-by: fnuesse --- controller/translationcontroller.php | 7 +++++++ js/app/controllers/edit_credential.js | 5 +++++ sass/credentials.scss | 11 ++++++++++- templates/views/partials/credential_template.html | 4 ++++ .../views/partials/forms/edit_credential/basics.html | 4 ++++ templates/views/show_vault.html | 6 ++++-- 6 files changed, 34 insertions(+), 3 deletions(-) diff --git a/controller/translationcontroller.php b/controller/translationcontroller.php index 2e293b33..a0c5bc88 100644 --- a/controller/translationcontroller.php +++ b/controller/translationcontroller.php @@ -420,6 +420,13 @@ class TranslationController extends ApiController { 'share.page.link_loading' => $this->trans->t('Loading…'), 'expired.share' => $this->trans->t('Awwhh… credential not found. Maybe it expired'), + + //compromised credentials + 'compromised.label' => $this->trans->t('Compromise!'), + 'compromised.warning.list' => $this->trans->t('Compromised!'), + 'compromised.warning' => $this->trans->t('This password is compromised. You can only remove this warning with changing the password.'), + + ); return new JSONResponse($translations); } diff --git a/js/app/controllers/edit_credential.js b/js/app/controllers/edit_credential.js index a4d59214..20c5df91 100644 --- a/js/app/controllers/edit_credential.js +++ b/js/app/controllers/edit_credential.js @@ -293,6 +293,11 @@ $scope.saving = false; + $scope.compromise = function () { + console.log("This password was compromised"); + $scope.storedCredential.compromised=true; + }; + $scope.saveCredential = function () { $scope.saving = true; diff --git a/sass/credentials.scss b/sass/credentials.scss index dbcde808..ae658a4c 100644 --- a/sass/credentials.scss +++ b/sass/credentials.scss @@ -221,7 +221,11 @@ .compromised:hover { background-color: darken(#f74040, 4%); } - + .compromised-list{ + padding-left: 20px; + font-style: italic; + font-weight: bold; + } td { cursor: pointer; padding: 5px; @@ -521,6 +525,11 @@ overflow-y: auto; .credential-data { + .compromised-details{ + background-color: red; + padding-left: 5px; + padding-right: 5px; + } .row { margin-bottom: 11px; } diff --git a/templates/views/partials/credential_template.html b/templates/views/partials/credential_template.html index 683762d3..78e84b69 100644 --- a/templates/views/partials/credential_template.html +++ b/templates/views/partials/credential_template.html @@ -5,6 +5,10 @@ value="credential.label"> +
+ {{ 'compromised.warning' | translate }} +
+
{{ 'account' | translate }}
+
+ +
{{ 'compromised.warning' | translate}}
+
diff --git a/templates/views/show_vault.html b/templates/views/show_vault.html index aaa6ebd0..1d423b41 100644 --- a/templates/views/show_vault.html +++ b/templates/views/show_vault.html @@ -43,7 +43,7 @@ ng-if="showCredentialRow(credential)" ng-click="selectCredential(credential)" ng-dblclick="editCredential(credential)" ng-class="{'selected': selectedCredential.credential_id == credential.credential_id}"> - + {{ ::tag.text}} @@ -57,7 +57,9 @@ {{ ::credential.label}} - + + {{ 'compromised.warning.list' | translate}} + From bd3f92741d3f968fa88727f75040da5cd4d171e8 Mon Sep 17 00:00:00 2001 From: fnuesse Date: Tue, 8 Jan 2019 21:55:49 +0100 Subject: [PATCH 4/7] set compromised to false if password has been changed Signed-off-by: fnuesse --- js/app/controllers/credential.js | 3 --- js/app/controllers/edit_credential.js | 9 +++++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/js/app/controllers/credential.js b/js/app/controllers/credential.js index be6f41fc..0ad511aa 100644 --- a/js/app/controllers/credential.js +++ b/js/app/controllers/credential.js @@ -105,9 +105,6 @@ } angular.merge($scope.active_vault.credentials, _credentials); $scope.show_spinner = false; - - console.log($scope.active_vault.credentials) - $rootScope.$broadcast('credentials_loaded'); $rootScope.vaultCache[$scope.active_vault.guid] = angular.copy($scope.active_vault); if(!vault.private_sharing_key){ diff --git a/js/app/controllers/edit_credential.js b/js/app/controllers/edit_credential.js index 20c5df91..40842a4a 100644 --- a/js/app/controllers/edit_credential.js +++ b/js/app/controllers/edit_credential.js @@ -113,6 +113,9 @@ $scope.storedCredential.expire_time = $scope.storedCredential.expire_time * 1000; } + //store password to check if it was changed if this credential has been compromised + $scope.oldPassword=$scope.storedCredential.password; + $scope.getTags = function ($query) { return TagService.searchTag($query); }; @@ -301,6 +304,12 @@ $scope.saveCredential = function () { $scope.saving = true; + if($scope.storedCredential.compromised){ + if($scope.oldPassword !== $scope.storedCredential.password){ + $scope.storedCredential.compromised=false; + } + } + if ($scope.new_custom_field.label && $scope.new_custom_field.value) { $scope.storedCredential.custom_fields.push(angular.copy($scope.new_custom_field)); } From df81447997a6b0417150229b9edee51574e03998 Mon Sep 17 00:00:00 2001 From: fnuesse Date: Tue, 8 Jan 2019 23:00:38 +0100 Subject: [PATCH 5/7] Updated styles for warnings Signed-off-by: fnuesse --- sass/credentials.scss | 50 ++++++++++++++++--- .../views/partials/credential_template.html | 5 +- .../forms/edit_credential/basics.html | 8 ++- templates/views/show_vault.html | 4 +- 4 files changed, 54 insertions(+), 13 deletions(-) diff --git a/sass/credentials.scss b/sass/credentials.scss index ae658a4c..adcccadd 100644 --- a/sass/credentials.scss +++ b/sass/credentials.scss @@ -219,13 +219,20 @@ background-color: #f74040; } .compromised:hover { - background-color: darken(#f74040, 4%); + background-color: darken(#f74040, 15%); } .compromised-list{ - padding-left: 20px; - font-style: italic; - font-weight: bold; + display: inline-block; + margin-left: 50px; + .icon{ + height: 18px; + } + .text{ + font-style: italic; + font-weight: bold; + } } + td { cursor: pointer; padding: 5px; @@ -360,6 +367,26 @@ input[type="text"], input[type="password"] { width: 100%; } + .compromised-button{ + margin-top: 15px; + background-color: #e60000; + color: black; + } + + .compromised-details{ + margin-top: 15px; + display: flex; + .icon{ + float: left; + height: 20px; + } + .text{ + padding-left: 5px; + padding-right: 30px; + color: #e9322d; + } + } + .tags { float: left; .tag { @@ -526,9 +553,18 @@ .credential-data { .compromised-details{ - background-color: red; - padding-left: 5px; - padding-right: 5px; + margin-top: 15px; + margin-bottom: 15px; + display: flex; + .icon{ + float: left; + height: 20px; + } + .text{ + padding-left: 5px; + padding-right: 30px; + color: #e9322d; + } } .row { margin-bottom: 11px; diff --git a/templates/views/partials/credential_template.html b/templates/views/partials/credential_template.html index 78e84b69..0a7df654 100644 --- a/templates/views/partials/credential_template.html +++ b/templates/views/partials/credential_template.html @@ -5,8 +5,9 @@ value="credential.label"> -
- {{ 'compromised.warning' | translate }} +
+
+
{{ 'compromised.warning' | translate }}
diff --git a/templates/views/partials/forms/edit_credential/basics.html b/templates/views/partials/forms/edit_credential/basics.html index 6f92bafc..61314dcb 100644 --- a/templates/views/partials/forms/edit_credential/basics.html +++ b/templates/views/partials/forms/edit_credential/basics.html @@ -41,8 +41,12 @@
- -
{{ 'compromised.warning' | translate}}
+ +
+
+
{{ 'compromised.warning' | translate }}
+ +
diff --git a/templates/views/show_vault.html b/templates/views/show_vault.html index 1d423b41..ac1b4e0b 100644 --- a/templates/views/show_vault.html +++ b/templates/views/show_vault.html @@ -58,9 +58,9 @@ {{ ::credential.label}} - {{ 'compromised.warning.list' | translate}} + + {{ 'compromised.warning.list' | translate}} - From 58e2e2fba70af342a3196341dd7283f0710dd58b Mon Sep 17 00:00:00 2001 From: fnuesse Date: Tue, 8 Jan 2019 23:01:16 +0100 Subject: [PATCH 6/7] reverted info.xml Signed-off-by: fnuesse --- appinfo/info.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/appinfo/info.xml b/appinfo/info.xml index 1f23ff1b..b5041a01 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -19,7 +19,7 @@ Features: - Import from various password managers (KeePass, LastPass, DashLane, ZOHO, Clipperz.is ) For an demo of this app visit [https://demo.passman.cc](https://demo.passman.cc) ]]> - 2.2.7 + 2.2.1 agpl Sander Brand Marcos Zuriaga @@ -42,8 +42,8 @@ For an demo of this app visit [https://demo.passman.cc](https://demo.passman.cc) pgsql mysql openssl - - + + From 6f4ad6d5a9cfe7ad18e03ec56882809d21f0b2ed Mon Sep 17 00:00:00 2001 From: fnuesse Date: Tue, 8 Jan 2019 23:05:18 +0100 Subject: [PATCH 7/7] removed logging Signed-off-by: fnuesse --- js/app/services/credentialservice.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/js/app/services/credentialservice.js b/js/app/services/credentialservice.js index b2859cfa..53fa67c0 100644 --- a/js/app/services/credentialservice.js +++ b/js/app/services/credentialservice.js @@ -147,8 +147,6 @@ field_decrypted_value=null; } } catch (e) { - console.log(fieldValue) - console.log(e) throw e; } try {