michaelthessel / pwx Goto Github PK

The credentialService has two main functionalities at the moment which are persistance and crypto. For a better unit-testing experience I propose to separate this functionalities to a crypto-service and a persistance-service, connected by a factory or something similar.

The other way could be that the persistance execution moves to the controller and the persistance query moves to en entity-Repository.
Create an entity (with properties for encrypted and plain-information) would be a nice improvement too.

I recently added the Yeti theme from https://bootswatch.com/. We could download all the themes and offer theme support.

The /link/{hash} view doesn't use the configured baseUrl value so it leads to 404 error

When having relative paths for css+js breaks for pages like the view password page. Adding a base URL config setting and including resources based on that should solve that problem.

Add functionality which automatically deletes the entry after viewing it once.

It would be nice if a user could add a recipient email address and the link to view the password would be sent there automatically.

Share link should be:

http(s)://example.com/pw/...

instead of:

example.com/pw/...

It would be very useful to be able to load different translations from po files depending on the locale of the browser.

Hi Michael,

could you please tag the current version in master with e.g. 1.1? I need the PHP 7 support, but don't want to leave my installation on your master branch. The reason is that I made the installation via Puppet and it would download automatically every pull request you accept.

Thanks in advance!

Cheers
Dennis

In our usecases, the comment section is nothing but a link to the site.

It would be nice if this was clickable - e.g. the rendering would turn it into an ... bit.

e.g.: https://pwx.example.com/?lang=es

This would be fantastic for further integrating this tool with multilingual websites

I would like to save an entry through API, but I'm getting this:

            <h1>Sorry, the page you are looking for could not be found.</h1>

The way I'm trying is this:

curl -X POST -F "password=passwd" https://pwx.mycompany.com/api

When pwx is installed in a subdomain all loads fine, but when it's installed in a subfolder then the js / css files are not loaded because the app tries to load them from the root folder:

/css/style.css
/js/hideShowPassword.min.js
/js/jquery.zclip.min.js
/js/script.js

This is possibly the same for long passwords and usernames.

This would need to be a config option. If an email address is supplied then the credentials are sent there.

I've come across the expectation several times that people assume I will notified immediately of the credentials, and they forget to send an email with the link.

It would be handy for support services.

It may probably be a good idea to display a default message warning about it too. E.g. "A link to this credentials will be automatically sent to [email protected]".

This would be related to #19 but depending not on the user but on the particular server installation.

I'm thinking that an alternative soution could be if this config option would fill the default value of the new email field proposed in #19. It's not the same thing at all but they are not incompatible either. It would be perfect to have both.

If you use "Delete record after it has been viewed" and open the link, it still shows "This listing will be removed in" and a countdown of one hour. It should say something like "This record was already deleted, you cannot reload the page or reuse the link".

User will need to provide password to view the entry

app.data.onetimeview

needs to be tranlsated in eo.yml

Hi Michael,

Not sure if this is the correct way to bring this up or even if you will provide support in this manner. But I figured it was worth a shot. I have deployed pwx successfully multiple times in the past and have now hit a wall. (Great tool btw)

I have the tool running at https://pwx.clearconcepts.ca/
nginx, mariadb, ubuntu server
composer.phar has been fully updated.
nginx is configured exactly how Silex documentation asks for.

It lets you create an entry, it creates a link, it adds information into the database but when viewing the entry it is either empty or shows encrypted type characters.

I am not seeing any errors in my nginx error or access logs.

Any ideas on where I can look to troubleshoot?

Thank you.
-James

Hello,
I tried to install my own pwx instance for work purpose.
For testing purpose I disabled ssl mandatory from you app/config.php file.
I use nginx as a web server with the following conf (example.com is replaced by my organization domain):

server {
    listen 80;
    server_name pwx.example.com;

    access_log /var/log/nginx/access-pwx.log;
    error_log /var/log/nginx/error-pwx.log;

    root /var/www/pwx/web;
    index index.php;

    location ~* \.php$ {
        try_files $uri =404;
        include fastcgi.conf;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
    }
}

I assume that the POST is not working and failed to create the temporary file in link folder. I create the web/link folder, make my web server group the owner of this folder (and chmod 777 it to be sure for the test …). But I still have the same error:

NGINX LOG

==> access-pwx.log<==
[15/Mar/2016:14:51:49 +0100] "POST / HTTP/1.1" 302 320 "http://pwx.example.com/" "Mozilla/5.0" (X11; Fedora; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0"

==> error-pwx.log <==
2016/03/15 14:51:49 [error] 16266#0: *46 open() "/var/www/pwx/web/link/3662178eab" failed (2: No such file or directory), client: 1.2.3.4 server: pwx.example.com, request: "GET /link/3662178eab HTTP/1.1", host: "pwx.example.com", referrer: "http://pwx.example.com/"

==> access-pwx.log <==
[15/Mar/2016:14:51:49 +0100] "GET /link/3662178eab HTTP/1.1" 404 168 "http://pwx.example.com/" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0"

LOG/APP.LOG
[2016-03-15 14:51:43.172076] pwx.INFO: Matched route "GET_". {"route_parameters":{"controller":"app.default_controller:indexAction","route":"GET"},"request_uri":"http://pwx.example.com/"} {"clientIp":"1.2.3.4","token":"56e8136f279c4"}
[2016-03-15 14:51:43.172647] pwx.INFO: > GET / [] {"clientIp":"1.2.3.4","token":"56e8136f279c4"}
[2016-03-15 14:51:43.295656] pwx.INFO: < 200 [] {"clientIp":"1.2.3.4","token":"56e8136f279c4"}
[2016-03-15 14:51:43.296611] pwx.DEBUG: Script executed in 169.605ms. {"msExecTime":169.605,"method":"GET","path":"/"} {"clientIp":"1.2.3.4","token":"56e8136f279c4"} [2016-03-15 14:51:49.264898] pwx.INFO: Matched route "POST". {"route_parameters": {"_controller":"app.default_controller:indexPostAction","route":"POST"},"request_uri":"http://pwx.example.com/"} {"clientIp":"1.2.3.4","token":"56e813753f255"}
[2016-03-15 14:51:49.265250] pwx.INFO: > POST / [] {"clientIp":"1.2.3.4","token":"56e813753f255"}
[2016-03-15 14:51:49.379064] pwx.INFO: < 302 /link/3662178eab [] {"clientIp":"1.2.3.4","token":"56e813753f255"}
[2016-03-15 14:51:49.379964] pwx.DEBUG: Script executed in 143.301ms. {"msExecTime":143.301,"method":"POST","path":"/"} {"clientIp":"1.2.3.4","token":"56e813753f255"}

Do you have any clue ?

Bests regards.

It would be fine to have an entity-Object for the credential stuff. Brings the following benefits:

• Encapsulation of User and Password-Data
• Better testing experience
• TypeHinting in services
• Database and schema-creation by doctrine and possibility to user other DBs like postgres, mongo, sqlite, etc.

I think there are many other benefits.

The properties could be:

• hash
• usernamePlainText
• username
• passwordPlaintext
• password
• commentPlainText
• comment
• email (#28)
• expiresAt

Where the plaintext properties won't be persisted.
Then you can pipe this entity easy through encrypting and decrypting services.

Here is an old and informative example with the use of annotations and CLI:
http://ahoj.io/silex-doctrine2-orm