eusonlito / password-manager Goto Github PK

Hello,

I have a strange issue when I create a Web Application.
Steps to reproduce:
Fill out the following fields:

• Type = Web
• Name = Test
• URL = https://github.com/
  Click on Save
  Actual Behavior: error message 'Class "Imagick" not found'.
  Laravel Log file:
  [2023-01-12 16:05:53] production.ERROR: Class "Imagick" not found {"userId":1,"exception":"[object] (Error(code: 0): Class "Imagick" not found at /var/www/nico/app/Domains/App/Service/Icon/Image.php:35)

Additional Information:

• Remove the URL and click Save. It works.
• Add the URL and click Save. It works too.

Is it a bug?
Thanks,
Nicolas

Screenshot: https://prnt.sc/y9sOF2ste1NG

How can I solve it? I've inserted DB credentials in the .env file.

Hi,

Just gave your project a testdrive through #23 which is obviously quite easy to setup.

While your password manager looks nice and seems well built in terms of security, it lacks some features that would made it outstanding:

• Possibility to create new application types
• Folders (or customers) that can be shared with teams as RO / RW, so every new entry in a folder is shared by default
• password history
• Session timeouts depending on accessing IP address (so one gets 30 days session at work and 30 min sessions at a customers place)
• File storage in applications (sometimes you need to share a big CSV with hundreds of passwords for migrations... You won't create an application per entry for those use cases)
• Import / Export (no password manager can be seen as a valuable option if it doesn't allow to export it's data)
• Android / IOS app (actually an app that just wraps your frontend for easy access)

I've tested multiple other solutions and none provided a certificate for authentication. Nice one, really appreciable.

Thanks for developping your solution. Might become a great contender to Bitwarden, Psono, sysPass and others.
Wish you well.

Hello,

sorry to bother you :-(
This seems not to be a hard issue (for me) but i don't understand it yet.

I've done the following:

1. create a new user as admin
2. login as the new user
3. scan the barcode in google autheticator as the new user
4. enter the current password, check "enable 2fa" and click save
5. the app asks for the google authenticator code
6. the new user enters the code and the app says: Successfully updated settings".
7. open the login page and try to login as the new user by providing username & password. That produces the following error:

It seems that the reason for that behavior is, that after a user enables 2fa the field "password_enabled" in table "users" is set to "0".
After i set that manually in the table to 1, a normal login with 2fa is possible again.

Best wishes
Sascha

Hi Guys,

Will it be a challenge to import csv passwords into the system?

Hello,

it would be great if 2fa is possbile with Microsoft authenticator app. I've tried that already but it seems not to work.

Best Wishes
Sascha

Hello

Somehow my "php artisan migrate" command not working and getting below error -

`[pass-manager@ip-172-28-0-46 Password-Manager]$ php artisan migrate
PHP Warning: Module "imagick" is already loaded in Unknown on line 0

                                                                              APPLICATION IN PRODUCTION.                                                                                   

Do you really wish to run this command? (yes/no) [no]
❯ yes

In Connection.php line 760:

SQLSTATE[HY000] [2002] No such file or directory (SQL: select * from information_schema.tables where table_schema = pass_manager and table_name = migrations and table_type = 'BASE TABLE'
)
In Connector.php line 70:

SQLSTATE[HY000] [2002] No such file or directory
`

Also I am not sure if I have to create empty database and provide details in .env file. I have created empty database and .env file looks like below for database section:

DB_CONNECTION=mysql DB_SOCKET=/var/run/mysqld/mysqld.sock DB_DATABASE=pass_manager DB_USERNAME=pass-man DB_PASSWORD=***************** DB_LOG=true DB_LOG_BACKTRACE=false

Appreciate if you can help me with this issue resolution.

Hello,

I'm trying to install Password Manager on a Server but unfortunately without success. I was able to follow all install steps successfully but I get the error 500 System Error when I'm calling the site via the browser.

For this installation, I created a virtual host where only Password Manager will be used. In Apache2, DocumentRoot points to the public folder. I don't get any error message from Apache2 and I don't find any log on Password Manager.
Virtual Host configuration:

Do you know what the 500 System Error message means? How can I troubleshoot here?
Many thanks,
Nicolas

lease provide a valid cache path.

Script @php artisan optimize --ansi handling the artisan-cache event returned with error code 1

In Compiler.php line 66:

Please provide a valid cache path.

In Compiler.php line 66:

Please provide a valid cache path.

In Compiler.php line 66:

Please provide a valid cache path.

Running my environment in docker

(en) Password hierarchy management implementation
So you can have a classification of passwords

(es) Implementación de la gestión de la jerarquía de contraseñas
Así puedes tener una clasificación de contraseñas

Hello,

I made the translation to pt-BR and I would like to make the translation files available, but I never made a pull request, how can I send it to you?

thanks

Hello,

Some months ago, I told you that I had an issue with the automatic logout. Although I setup the SESSION_LIFETIME variable to 1 (sec), PasswordManager never log out automatically.
#58

I think that I found something interesting regarding this issue. When I login into PasswordManager, 3 Cookies are generated:

• vAt5NjcBNQeMKGO7HxKOE8dgltLpNnGO5ltpoghd
• password-manager
• remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d
  The cookie remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d has an expire date of more than a year. When I update its date like the other cookies, then PasswordManager logs out automatically as expected.

Do you think that you can do anything here?
Many thanks.

Good day,

Is is possible to delete icons, there are random icons appearing in my list?

it would be useful to add "e-mail" as a password type so that you can also archive your e-mail passwords

I was wondering if it is possible to make some sort of upload function in for examble csv format to import passwords. It is quite intense to add current passwords manually in.

Suggesting another greeatly missing feature : Attaching files to any App type.

Originally posted by @wangee in #39 (reply in thread)

Hello,

Currently trying to install password manager on a fresh ubuntu installation. I am now having a problem with the 'php artisan migrate' command:

In Connection.php line 703:

SQLSTATE[HY000] [1045] Access denied for user 'dbuser'@'localhost' (using password: YES) (SQL: select * from information_schema.tables where table_schema = and table_name = migrations and table_type = 'BASE TABLE')

The SQL command is using the database name in the table_schema section.
Also, it looks like the database is still empty (i do not know if that should have happened already)

Many thanks for your help!

Hello,

i've followed your installation guide. But when i open the startpage i get the following error:

405 : Method Not Allowed

In the log folder ist no file created, so i don't know how to see any logfile?

I hope you can help here.

Additional Info: when i enter the url including index.php, it's working. But my url is looking like that: https://mydomain.com/passmgr/index.php/user/profile (for ex.).

I am sure that is not the way it shoul be...

Additional Infos: I've enable debug mode and regenrated the cache. Now i can provide the following infomations:

Best whishes
Sascha

When I open the applications list page, this error pops up. I reset permissions for the directory but still, it isn't working. any help?

Laravel-Packer issue maybe?

Hello @eusonlito ,
i'm writing a Keepass XML importer as a command.
I'm not a Laravel expert , so i have some trouble persisting the entities.
For each item, i create an instance of the appropriate type.
But then, I don't know how to persist these in the DB, maybe you can give me a clue ?

foreach ($validEntries as $entry) {
    $className = '\\' . $entry->type;
    /** @var TypeAbstract $entity */
    $entity       = new $className($entry->getPayload());
    
    // .. and now ?
}

// $className can be, for example, \App\Domains\App\Service\Type\Format\SSH
// $entry->getPayload() returns an array with the appropriate payload for each Type.

Hello,

I installed Password-Manager locally and I'm never automatically logged out (even after several days). In .env I have the default configuration AUTH_LOCK_TIME=60.
Did I forget to activate anything?
Thanks.

The "Log" has issues, it says it's dangerous, and even though it has an SSL certificate, it's the only part of the app where it says it's dangerous, vault.example.com/log

I get my login password wrong 5 times, I get the "ip blocked" message, but if I try to log in immediately after with the correct password, I log in easily.
Basically it's like there's no blocking on incorrect login attempts...

• Tags can be created but not deleted. It should be possible to delete tags, eventually with a check that allows the deletion only when they're not associated to any app.
• Tags list could be improved with a link to the Applications list filtered by the given tag.

Hello,

I strictly followed the install guide, and after browsing to 'http://vault.domain.com/user/auth', I got an error 404 "Not Found"

I tried installing Password-Manager on Debian 11 and Alma 9 and same behaviour happens.

.env file
`
APP_NAME="Password Manager"
APP_ENV=production
APP_KEY=base64:SOME_KEY
APP_DEBUG=false
APP_URL=http://localhost

APP_LOCALE=en

ASSET_URL=http://localhost

DEBUGBAR_ENABLED=false

AUTH_CHECK_ALLOWED=4
AUTH_CHECK_TIME=60
AUTH_LOCK_TIME=60
AUTH_TFA_ENABLED=true
AUTH_CERTIFICATE_ENABLED=true
AUTH_API_SECRET_ENABLED=true

AUTH_COUNTRY_ENABLED=false
AUTH_COUNTRY_ALLOWED=
AUTH_COUNTRY_IP_WHITELIST=127.0.0.1

LOG_CHANNEL=stack
LOG_REQUEST=false
LOG_DATABASE=false
LOG_MAIL=true
LOG_CURL=false
LOG_DAYS=30

DB_CONNECTION=mysql
DB_SOCKET=/var/lib/mysql/mysql.sock
DB_DATABASE=passwordmanager
DB_USERNAME=passwordmanager
DB_PASSWORD=some_password
DB_LOG=false

MAIL_MAILER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS=null
MAIL_FROM_NAME="${APP_NAME}"
MAIL_CONTACT_ADDRESS=

CACHE_ENABLED=true
CACHE_DRIVER=file
CACHE_PREFIX=password-manager-cache-
CACHE_VERSION=1
CACHE_TTL=3600

SESSION_DRIVER=cookie
SESSION_LIFETIME=45000
SESSION_COOKIE=password-manager
SESSION_ENCRYPT=false

SENTRY_DSN=
SENTRY_TRACES_SAMPLE_RATE=0.0
`

apache.conf file
ServerRoot "/etc/httpd" Listen 80 Include conf.modules.d/*.conf User apache Group apache ServerAdmin root@localhost DocumentRoot "/home/Password-Manager/public" <Directory "/home/Password-Manager/public"> AllowOverride None Require all granted </Directory> <Directory "/home/Password-Manager/public"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> <IfModule dir_module> DirectoryIndex index.html </IfModule> <Files ".ht*"> Require all denied </Files> ErrorLog "logs/error_log" LogLevel warn <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/access_log" combined </IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" </IfModule> <Directory "/var/www/cgi-bin"> AllowOverride None Options None Require all granted </Directory> <IfModule mime_module> TypesConfig /etc/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> AddDefaultCharset UTF-8 <IfModule mime_magic_module> MIMEMagicFile conf/magic </IfModule> EnableSendfile on IncludeOptional conf.d/*.conf

Any help would be appreciated.

Good Day,

Is it possible to explain me how to add logo to login page?

As well as to add extra type applications?

Hello,

if you want, i can offer to do the german translations for you. Just tell me what to do.

Best Wishes
Sascha

An option to hide an Application from users is useful in enterprise context.
This could be accomplished via a flag (Hide/Unhide), via a soft-delete/trashbin feature, or via an Archive flag.

Has anyone managed to get this working with reverse proxy manager?

My 2FA Tab not showing qrcode how i fix this ?

Hi Eusonlito,

Thank you first of all for all your assistance so far. I'm trying to run this on https using nginx proxy manager. As soon I enable the proxy route from http to https I'm getting CSS/JS issues. Can someone assist in this regard.

Screenshot below:

Good day.

Can you please make a video of the installation or atleast explain how to import the database?

Hello Eusonlito,

I have configured the project on CentOS 7. Also configured HTTPS using Certbot and Let's Encrypt SSL cert.
All the code installation steps worked out well without any errors/issues. However after configuring the HTTPD, I can't seem to access the UI. I get "500 System error" message.

HTTPD access logs has below messages -

52.33.193.87 - - [14/Feb/2023:04:07:24 +0000] "GET /user/auth HTTP/1.1" 500 1694
72.201.100.76 - - [14/Feb/2023:04:07:55 +0000] "GET /user/auth HTTP/1.1" 500 1694

I have installed the "Password-Manager" in "/var/www/html" folder. Updated the owner and group to "apache" user for entire folder and subfolders.

ls -ld /var/www/html/Password-Manager/
drwxr-xr-x. 13 apache apache 4096 Feb 14 03:32 /var/www/html/Password-Manager/

My /etc/httpd/conf.d/pam.conf looks like below -

<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot "/var/www/html/Password-Manager/public"
    DirectoryIndex index.php
    ServerName pam.mydomain.com
    ErrorLog "/var/log/httpd/pam.mydomain.com.error_log"
    CustomLog "/var/log/httpd/pam.mydomain.com.access_log" common
    <Directory "/var/www/html/Password-Manager/public">
        Options Indexes FollowSymLinks MultiViews
        Allowoverride All
        Order allow,deny
        allow from all
    </Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =pam.mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin [email protected]
    DocumentRoot "/var/www/html/Password-Manager/public"
    DirectoryIndex index.php
    ServerName pam.mydomain.com
    ErrorLog "/var/log/httpd/pam.mydomain.com.error_log"
    CustomLog "/var/log/httpd/pam.mydomain.com.access_log" common
    <Directory "/var/www/html/Password-Manager/public">
        Options Indexes FollowSymLinks MultiViews
        Allowoverride All
        Order allow,deny
        allow from all
    </Directory>
SSLCertificateFile /etc/letsencrypt/live/pam.mydomain.com.cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/pam.mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/pam.mydomain.com/chain.pem
</VirtualHost>
</IfModule>

I am novice with PHP LARAVEL. Any inputs/suggestions appreciated.

When I run:
php artisan db:seed --class=Database\\Seeders\\Database
Return:
Target class [Database\\Seeders\\Database] does not exist. at [...]\Password-Manager\vendor\laravel\framework\src\Illuminate\Container\Container.php:895

I tried unsuccessfully:
composer dump-autoload

There is an issue, when you run Password-Manager behind a reverse proxy.
The installation runs with the given docker-compose sample. Environment file was changed and the correct data was entered. If you now add a nginx with https in front of it, then the click on password (for copy) does not work under Main-Page "Applications" with the error message "Failed to fetch".

This is because in the property "data-copy-ajax" the protocol is http:// instead of https://. If you change this manually in the dev console it works or rewrite it with nginx sub_filter, then it also works.

It would be very helpful a way to create custom types and views to avoid fork and miss the project updates.

buenas

desde hace unos días no puedo conectar usando 2FA, me dice siempre que el código es incorrecto

he tenido que acceder a la base de datos y desactivarlo por query:

update user set tfa_enabled = '0' where id = 1;

ha estado funcionado bien durante meses, y desde hace unos días no funciona

alguna explicación?

2FA Code is not showing in my application

EN:
Requests Implementations: - group and user import with LDAP protocol

• Authentication with protocol
  LDAP

ES:
Implementaciones de solicitudes: - importación de grupos y usuarios con protocolo LDAP

• Autenticación con protocolo
  LDAP

Hello,

In order to use PasswordManager, I either use in the URL the IP Address (http://192.168.1.4:8080/app) or the name of the Server (http://Home:8080/app).

In .env, the variables APP_URL and ASSET_URL are setup with the IP Address and PasswordManager is working correctly. When the name of the server is used, the icons are not displayed correctly. As you previously explained, this is because of these variables.

Do you know how I could add both IP Address and Server Name into these variables so that the icons are always correctly displayed?

Many thanks.

Sería útil que se pudiera configurar el límite de resultados por página

I noticed that in /var/www/html/ there is no routes folder

I configured apache to access access /var/www/html/public

i am acessing this route: http://passman.dchost.com.br/user/auth
and show not found

/var/log/apache/error.log

[Mon Apr 04 16:47:28.762233 2022] [core:notice] [pid 13000] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 04 16:47:31.620450 2022] [proxy_fcgi:error] [pid 13003] [client 10.158.0.3:52647] AH01071: Got error 'PHP message: PHP Warning:  require(/var/www/html/public/../vendor/autoload.php): Failed to open stream: No such file or directory in /var/www/html/public/index.php on line 24PHP message: PHP Fatal error:  Uncaught Error: Failed opening required '/var/www/html/public/../vendor/autoload.php' (include_path='.:/usr/share/php') in /var/www/html/public/index.php:24\nStack trace:\n#0 {main}\n  thrown in /var/www/html/public/index.php on line 24'
[Mon Apr 04 16:47:32.956765 2022] [proxy_fcgi:error] [pid 13006] [client 10.158.0.3:52648] AH01071: Got error 'PHP message: PHP Warning:  require(/var/www/html/public/../vendor/autoload.php): Failed to open stream: No such file or directory in /var/www/html/public/index.php on line 24PHP message: PHP Fatal error:  Uncaught Error: Failed opening required '/var/www/html/public/../vendor/autoload.php' (include_path='.:/usr/share/php') in /var/www/html/public/index.php:24\nStack trace:\n#0 {main}\n  thrown in /var/www/html/public/index.php on line 24'

Issue Description:
When trying to create a new application with a newly created user without admin access through the standard interface, the required menu options are not displayed. However, it's noticed that creating an application directly through the URL seems to work.

Steps to Reproduce:

1. Log in with a newly created user without admin access.
2. Navigate to the application creation section through the standard interface.
3. Note that the menu options required for creating an application are not visible.
4. Attempt to create an application directly through the URL and check if the functionality is present.

Attached Screenshot:

    I would like to see 2 more "generic" templates in the applications section. Only "password" and only "username "+"password" .

For example, if I want to store the password for a ZIP file, the password for a PFX certificate or similar, I have hardly any possibility to do so.

Also the pure storage of e.g. system wide service accounts is difficult. Currently, one can help out with the WIFI template, but the somewhat misappropriated.

We noticed in everyday life that we miss these two generic templates, because not all passwords have a URL, IP or similar.

Originally posted by @JSXRED in #63

I am getting this error on place of 2fa QR Image