* Api: Store recoverable password (encrypted) for shares so you don't have to change it when you forget

This commit is contained in:
nathan 2023-08-14 13:41:18 -06:00
parent 4ffaaea76e
commit 2c5170f15b
5 changed files with 40 additions and 5 deletions

View File

@ -66,9 +66,16 @@ export class Et2Password extends Et2InvokerMixin(Et2Textbox)
}
attrs.type = 'password';
if(attrs.viewable)
if(typeof attrs.viewable !== "undefined")
{
attrs['passwordToggle'] = true;
attrs['passwordToggle'] = attrs.viewable;
delete attrs.viewable;
}
if(typeof attrs.passwordToggle !== "undefined" && !attrs.passwordToggle
|| typeof attrs.passwordToggle == "string" && !this.getArrayMgr("content").parseBoolExpression(attrs.passwordToggle))
{
// Unset passwordToggle if its false. It's from parent, and it doesn't handle string "false" = false
delete attrs.passwordToggle;
}
super.transformAttributes(attrs);
@ -149,7 +156,7 @@ export class Et2Password extends Et2InvokerMixin(Et2Textbox)
this.visible = !this.visible; // can't access private isPasswordVisible
if (!this.visible || !this.encrypted)
if(!this.visible || !this.encrypted || !this.value)
{
this.type = this.visible ? 'text' : 'password';
return;

View File

@ -11,7 +11,7 @@
/* Basic information about this app */
$setup_info['api']['name'] = 'api';
$setup_info['api']['title'] = 'EGroupware API';
$setup_info['api']['version'] = '23.1.002';
$setup_info['api']['version'] = '23.1.003';
$setup_info['api']['versions']['current_header'] = '1.29';
// maintenance release in sync with changelog in doc/rpm-build/debian.changes
$setup_info['api']['versions']['maintenance_release'] = '23.1.20230728';

View File

@ -397,6 +397,8 @@ $phpgw_baseline = array(
'share_writable' => array('type' => 'int','precision' => '1','nullable' => False,'default' => '0','comment' => '0=readable, 1=writable'),
'share_with' => array('type' => 'varchar','precision' => '4096','comment' => 'email addresses, comma seperated'),
'share_passwd' => array('type' => 'varchar','precision' => '128','comment' => 'optional password-hash'),
'share_password' => array('type' => 'varchar', 'precision' => '128',
'comment' => 'optional reversible password'),
'share_created' => array('type' => 'timestamp','nullable' => False,'comment' => 'creation date'),
'share_last_accessed' => array('type' => 'timestamp','comment' => 'last access of share')
),

View File

@ -902,4 +902,15 @@ function api_upgrade23_1_001()
));
return $GLOBALS['setup_info']['api']['currentver'] = '23.1.002';
}
function api_upgrade23_1_002()
{
$GLOBALS['egw_setup']->oProc->AddColumn('egw_sharing', 'share_password', array(
'type' => 'varchar',
'precision' => '128',
'comment' => 'optional reversible password'
));
return $GLOBALS['setup_info']['api']['currentver'] = '23.1.003';
}

View File

@ -59,7 +59,10 @@ class Password extends Etemplate\Widget\Textbox
$preserv = (string)$value;
// only send password (or hash) to client-side, if explicitly requested
if (!empty($value) && (!array_key_exists('viewable', $this->attrs) || !in_array($this->attrs['viewable'], ['1', 'true', true], true)))
if(!empty($value) && (!array_key_exists('viewable', $this->attrs) ||
!in_array($this->attrs['viewable'], ['1', 'true', true], true))
&& (!array_key_exists('passwordToggle', $this->attrs) ||
!in_array($this->attrs['passwordToggle'], ['1', 'true', true], true)))
{
$value = str_repeat('*', strlen($preserv));
}
@ -144,6 +147,18 @@ class Password extends Etemplate\Widget\Textbox
if($GLOBALS['egw']->auth->authenticate($GLOBALS['egw_info']['user']['account_lid'],$user_password))
{
$decrypted = Credentials::decrypt(array('cred_password' => $password,'cred_pw_enc' => Credentials::SYSTEM_AES));
// Try user
if(!$decrypted || $decrypted == Credentials::UNAVAILABLE)
{
$decrypted = Credentials::decrypt(
[
'cred_password' => $password,
'cred_pw_enc' => Credentials::USER_AES,
'account_id' => $GLOBALS['egw_info']['user']['account_id']
]
);
}
}
$response->data($decrypted);
}