Skip to content

Commit

Permalink
3.0.6
Browse files Browse the repository at this point in the history 
Fix for #3662, #3660
Updated documentation
Small code review fixes
  • Loading branch information
@nilsteampassnet
nilsteampassnet committed Apr 16, 2023
1 parent 5ca02ed commit b60e830
Show file tree
Hide file tree
Showing 15 changed files with 100 additions and 80 deletions.
4 changes: 3 additions & 1 deletion docs/README.md
View file
Expand Up @@ -12,7 +12,9 @@
[![Build Status](https://scrutinizer-ci.com/g/nilsteampassnet/TeamPass/badges/build.png?b=master)](https://scrutinizer-ci.com/g/nilsteampassnet/TeamPass/build-status/master)
[![Code Intelligence Status](https://scrutinizer-ci.com/g/nilsteampassnet/TeamPass/badges/code-intelligence.svg?b=master)](https://scrutinizer-ci.com/code-intelligence)

> 💪 Work in progress - 📡 [Old documentation](https://teampass.readthedocs.io/en/latest/) is still available.
> 💪 Work in progress
>
> 📡 Old documentation is still available at [teampass.readthedocs.io](https://teampass.readthedocs.io/en/latest/).
## Features

Expand Down
Binary file added docs/_media/tp3_keys_1.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/_media/tp3_keys_2.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/_media/tp3_keys_3.png
View file
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions docs/_sidebar.md
View file
Expand Up @@ -8,6 +8,7 @@
- [Extra](install/extra-settings.md)
- **Features**
- [Authentication](features/authentication.md)
- [Keys](features/keys.md)
- [Roles](features/roles.md)
- **Manage**
- [Settings](manage/settings.md)
Expand Down
32 changes: 32 additions & 0 deletions docs/features/keys.md
View file
@@ -0,0 +1,32 @@
<!-- docs/features/keys.md -->

> 🚧 Under construction
## Generalities

In Teampass, all encrypted elements (such as passwords and encrypted fields) have a unique key for each user.
This key is encrypted with his/hers login password.
Such a process ensures a high level of security for all data stored in the database through Teampass.

💡 [Read more](../install/encryption.md) about this encryption process.

## Regenerate your keys (as a User)

For any reason, if you notice that while browsing Teampass's objects, all related passwords are empty then it might be a corruption of your private key is corrupted.
Could be after several login password changes.

For regenerated all your keys, just follow the next instructions.

1. Select entry `Generate new keys` in personal menu
![1](../_media/tp3_keys_1.png)

2. Ensure that the form contains your login password
![1](../_media/tp3_keys_2.png)

3. Click `Confirm` button

4. Once started, the process will run in background during several minutes. You can still use Teampass but all the passwords will be blank.
On top of screen, an orange box will show you the process progress. Once finished, you will have your passwords back.
![1](../_media/tp3_keys_3.png)

> 💡 During this process, you can change page and even leave Teampass.
2 changes: 1 addition & 1 deletion docs/features/roles.md
View file
@@ -1,7 +1,7 @@
<!-- docs/features/roles.md -->


> STILL UNDER CONSTRUCTION
> 🚧 Under construction
## Generalities

Expand Down
6 changes: 3 additions & 3 deletions docs/install/encryption.md
View file
Expand Up @@ -16,10 +16,10 @@ User credentails are stored encrypted in the database. The encryption is perform
Teampass encrypts sensitive data and especially password part of any defined item.

The encryption relies on public and private keys each user has. When a user is added, his keys are generated following the next process.
![Generating user keys](./_media/tp3_encrypt_user.png)
![Generating user keys](../_media/tp3_encrypt_user.png)

Each encrypted element (password, custom fields) has one shared key by user. This key can only be decrypted with one user Password and Private key.
![Element encryption](./_media/tp3_encrypt_item.png)
![Element encryption](../_media/tp3_encrypt_item.png)

When a user has to visualize an encrypted element, his password and private key is mandatory
![encryption model](./_media/tp3_decrypt_item.png)
![encryption model](../_media/tp3_decrypt_item.png)
2 changes: 1 addition & 1 deletion pages/items.js.php
View file
Expand Up @@ -4582,7 +4582,7 @@ function(teampassItem) {
$('#card-item-field-' + field.id)
.removeClass('hidden')
.children(".card-item-field-value")
.text(field.value);
.html(field.value);
}
// Item edit form
$('#form-item-field-' + field.id)
Expand Down
4 changes: 2 additions & 2 deletions pages/search.js.php
View file
Expand Up @@ -26,7 +26,7 @@
* @see https://www.teampass.net
*/

$var = [];
$var = [];
$var['hidden_asterisk'] = '<i class="fas fa-asterisk mr-2"></i><i class="fas fa-asterisk mr-2"></i><i class="fas fa-asterisk mr-2"></i><i class="fas fa-asterisk mr-2"></i><i class="fas fa-asterisk"></i>';

?>
Expand Down Expand Up @@ -74,7 +74,7 @@
"url": "<?php echo $SETTINGS['cpassman_url']; ?>/includes/language/datatables.<?php echo $_SESSION['user']['user_language']; ?>.txt"
},
"columns": [{
"width": "10%",
"width": "70px",
class: "details-control",
defaultContent: ""
},
Expand Down
2 changes: 1 addition & 1 deletion pages/search.php
View file
Expand Up @@ -100,7 +100,7 @@
</div>
<!-- /.card-header -->
<div class="card-body">
<table id="search-results-items" class="table table-bordered table-striped table-responsive" style="width:100%">
<table id="search-results-items" class="table table-bordered table-striped" style="width:100%">
<thead>
<tr>
<th></th>
Expand Down
31 changes: 24 additions & 7 deletions sources/find.queries.php
View file
Expand Up @@ -78,11 +78,11 @@
DB::$ssl = DB_SSL;
DB::$connect_options = DB_CONNECT_OPTIONS;
//Columns name
$aColumns = ['id', 'label', 'login', 'description', 'tags', 'id_tree', 'folder', 'login', 'url'];
$aColumns = ['c.id', 'c.label', 'c.login', 'c.description', 'c.tags', 'c.id_tree', 'c.folder', 'c.login', 'c.url', 'ci.data'];//
$aSortTypes = ['ASC', 'DESC'];
//init SQL variables
$sOrder = $sLimit = $sWhere = '';
$sWhere = 'id_tree IN %ls_idtree';
$sWhere = 'c.id_tree IN %ls_idtree';
//limit search to the visible folders

if (isset($_GET['limited']) === false
Expand Down Expand Up @@ -190,6 +190,7 @@
'6' => $search_criteria,
'7' => $search_criteria,
'8' => $search_criteria,
'9' => $search_criteria,
'pf' => $arrayPf,
];
}
Expand All @@ -207,6 +208,7 @@
'6' => $search_criteria,
'7' => $search_criteria,
'8' => $search_criteria,
'9' => $search_criteria,
'pf' => $arrayPf,
];
}
Expand All @@ -216,27 +218,42 @@
if (empty($sWhere) === false) {
$sWhere .= ' AND ';
}
$sWhere = 'WHERE ' . $sWhere . 'id_tree NOT IN %ls_pf ';
$sWhere = 'WHERE ' . $sWhere . 'c.id_tree NOT IN %ls_pf ';
} else {
$sWhere = 'WHERE ' . $sWhere;
}

// Do queries
DB::query(
'SELECT id FROM ' . prefixTable('cache') . "
"SELECT c.id
FROM " . prefixTable('cache') . " AS c
LEFT JOIN " . prefixTable('categories_items') . " AS ci ON (ci.item_id = c.id)
${sWhere}
${sOrder}",
$crit
);
$iTotal = DB::count();
$rows = DB::query(
'SELECT id, label, description, tags, id_tree, perso, restricted_to, login, folder, author, renewal_period, url, timestamp
FROM ' . prefixTable('cache') . "
"SELECT c.*, ci.data
FROM " . prefixTable('cache') . " AS c
LEFT JOIN " . prefixTable('categories_items') . " AS ci ON (ci.item_id = c.id)
${sWhere}
${sOrder}
${sLimit}",
$crit
);

/*
// Search in fields
$rows_fields = DB::query(
'SELECT item_id, data
FROM ' . prefixTable('categories_items') . "
WHERE encryption_type = 'not_set' AND data LIKE %ss_search
${sOrder}
${sLimit}",
$search_criteria
);*/

/*
* Output
*/
Expand Down Expand Up @@ -388,7 +405,7 @@
} elseif (isset($_GET['type']) && ($_GET['type'] === 'search_for_items' || $_GET['type'] === 'search_for_items_with_tags')) {
include_once 'main.functions.php';
include_once $SETTINGS['cpassman_dir'] . '/includes/language/' . $_SESSION['user']['user_language'] . '.php';

$arr_data = [];
foreach ($rows as $record) {
$displayItem = false;
Expand Down
77 changes: 22 additions & 55 deletions sources/items.queries.php
View file
Expand Up @@ -212,11 +212,10 @@
FILTER_SANITIZE_FULL_SPECIAL_CHARS
);
$post_email = filter_var(htmlspecialchars_decode($dataReceived['email']), FILTER_SANITIZE_EMAIL);
$post_fields = filter_var(
$post_fields = filter_var_array(
$dataReceived['fields'],
FILTER_SANITIZE_FULL_SPECIAL_CHARS
);
$post_fields = $post_fields !== false ? json_decode($post_fields) : '';
$inputData['folderId'] = filter_var($dataReceived['folder'], FILTER_SANITIZE_NUMBER_INT);
$post_folder_is_personal = filter_var($dataReceived['folder_is_personal'], FILTER_SANITIZE_NUMBER_INT);
$inputData['label'] = filter_var($dataReceived['label'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
Expand Down Expand Up @@ -465,89 +464,56 @@
$SETTINGS
);

/*
// Prepare shareKey for users
if ((int) $post_folder_is_personal === 1 && isset($post_folder_is_personal) === true) {
// If this is a personal object
DB::insert(
prefixTable('sharekeys_items'),
array(
'object_id' => $newID,
'user_id' => $_SESSION['user_id'],
'share_key' => encryptUserObjectKey($cryptedStuff['objectKey'], $_SESSION['user']['public_key']),
)
);
} else {
// This is a public object
$users = DB::query(
'SELECT id, public_key
FROM '.prefixTable('users').'
WHERE id NOT IN ("'.OTV_USER_ID.'","'.SSH_USER_ID.'","'.API_USER_ID.'")
AND public_key != ""'
);
foreach ($users as $user) {
// Insert in DB the new object key for this item by user
DB::insert(
prefixTable('sharekeys_items'),
array(
'object_id' => $newID,
'user_id' => (int) $user['id'],
'share_key' => encryptUserObjectKey($cryptedStuff['objectKey'], $user['public_key']),
)
);
}
}
*/

// update fields
if (
isset($SETTINGS['item_extra_fields']) === true
&& (int) $SETTINGS['item_extra_fields'] === 1
) {
foreach (explode('_|_', $post_fields) as $field) {
$field_data = explode('~~', $field);
if (count($field_data) > 1 && empty($field_data[1]) === false) {
foreach ($post_fields as $field) {
if (empty($field['value']) === false) {
// should we encrypt the data
$dataTmp = DB::queryFirstRow(
'SELECT encrypted_data
FROM ' . prefixTable('categories') . '
WHERE id = %i',
$field_data[0]
$field['id']
);

// Should we encrypt the data
if ((int) $dataTmp['encrypted_data'] === 1) {
$cryptedStuff = doDataEncryption($field_data[1]);

// Create sharekeys for users
storeUsersShareKey(
prefixTable('sharekeys_fields'),
(int) $post_folder_is_personal,
(int) $inputData['folderId'],
(int) $newId,
$cryptedStuff['objectKey'],
$SETTINGS
);
$cryptedStuff = doDataEncryption($field['value']);

// update value
// Store value
DB::insert(
prefixTable('categories_items'),
array(
'item_id' => $newID,
'field_id' => $field_data[0],
'field_id' => $field['id'],
'data' => $cryptedStuff['encrypted'],
'data_iv' => '',
'encryption_type' => TP_ENCRYPTION_NAME,
)
);
$newBojectId = DB::insertId();

// Store key
storeUsersShareKey(
prefixTable('sharekeys_fields'),
(int) $post_folder_is_personal,
(int) $inputData['folderId'],
(int) $newBojectId,
$cryptedStuff['objectKey'],
$SETTINGS
);
} else {
// update value
DB::insert(
prefixTable('categories_items'),
array(
'item_id' => $newID,
'field_id' => $field_data[0],
'data' => $field_data[1],
'field_id' => $field['id'],
'data' => $field['value'],
'data_iv' => '',
'encryption_type' => 'not_set',
)
Expand Down Expand Up @@ -2706,7 +2672,8 @@
WHERE user_id = %i AND object_id = %i',
$_SESSION['user_id'],
$row['id']
);//db::debugmode(false);
);
//db::debugmode(false);
$fieldText = [];
if (DB::count() === 0) {
// Not encrypted
Expand Down

0 comments on commit b60e830

Please sign in to comment.