Skip to content

Commit

Permalink
3.0.10
Browse files Browse the repository at this point in the history 
Several important changes related to keys management.
- Users can export their recovery keys needed when regenerating the items passwords and also their personal ones.
- Tasks management - maintenance tasks can be launched manually
- Small bugs fix
- documentation updated
  • Loading branch information
@nilsteampassnet
nilsteampassnet committed Oct 22, 2023
1 parent f6e5490 commit b207d00
Show file tree
Hide file tree
Showing 52 changed files with 1,341 additions and 217 deletions.
Binary file modified docs/_media/tp3_keys_2.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/_media/tp3_keys_4.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/_media/tp3_keys_5.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
22 changes: 21 additions & 1 deletion docs/features/keys.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,22 @@ Such a process ensures a high level of security for all data stored in the datab

💡 [Read more](../install/encryption.md) about this encryption process.

## Store your recovery keys

For any reason, if your data becomes corrupted, it is requested to recover your personal data using your `recovery keys`.

When user gets logged in, if the recovery keys has never been downloaded, a warning icon is shown at the left of top user menu button.

![1](../_media/tp3_keys_4.png)

By clicking the red bell icon, you will be redirected to your profile page where you will be able to download your recovery keys.

![1](../_media/tp3_keys_5.png)

Now click button `Download your recovery keys` and __store the generated file in a safe place__!

> ⛔ Without those keys, your personal items password would be lost if you need to regenerate your keys.
## Regenerate your keys (as a User)

For any reason, if you notice that while browsing Teampass's objects, all related passwords are empty then it might be a corruption of your private key is corrupted.
Expand All @@ -20,7 +36,11 @@ For regenerated all your keys, just follow the next instructions.
1. Select entry `Generate new keys` in personal menu
![1](../_media/tp3_keys_1.png)

2. Ensure that the form contains your login password
2. Ensure that the form contains your login password, and that you have copied the public and private keys

> 💡 Regenerating the items keys is possible without the public and private recovery keys. You will need to tick the checkbox.
> Remember that without them, your personal items password would be lost.
![1](../_media/tp3_keys_2.png)

3. Click `Confirm` button
Expand Down
4 changes: 2 additions & 2 deletions includes/config/include.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@
* @see http://www.teampass.net
*/
define('TP_VERSION', '3.0.10');
define("UPGRADE_MIN_DATE", "1697362566");
define('TP_VERSION_MINOR', '82');
define("UPGRADE_MIN_DATE", "1697990713");
define('TP_VERSION_MINOR', '83');
define('TP_TOOL_NAME', 'Teampass');
define('TP_ONE_DAY_SECONDS', 86400);
define('TP_ONE_WEEK_SECONDS', 604800);
Expand Down
83 changes: 74 additions & 9 deletions includes/core/load.js.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ function(data) {
// Check if new privatekey needs to be adapted
var data = {
'user_id': store.get('teampassUser').user_id,
'fields' : 'special, auth_type, is_ready_for_usage, ongoing_process_id, otp_provided',
'fields' : 'special, auth_type, is_ready_for_usage, ongoing_process_id, otp_provided, keys_recovery_time',
}
$.post(
"sources/main.queries.php", {
Expand All @@ -137,6 +137,7 @@ function(teampassUser) {
teampassUser.auth_type = data.queryResults.auth_type;
teampassUser.is_ready_for_usage = data.queryResults.is_ready_for_usage;
teampassUser.ongoing_process_id = data.queryResults.ongoing_process_id;
teampassUser.keys_recovery_time = data.queryResults.keys_recovery_time;
}
);

Expand Down Expand Up @@ -191,6 +192,21 @@ function(teampassUser) {

// Show form
$('#dialog-ldap-user-change-password').removeClass('hidden');
} else if (typeof data.queryResults !== 'undefined' && data.queryResults.keys_recovery_time === null && store.get('teampassUser').user_admin === 0) {
// User has not yet recovered his keys
$('#open_user_keys_management').removeClass('hidden');

// if profile page, then show warning
if (window.location.href.indexOf('page=profile') > -1) {
$('#keys_not_recovered').removeClass('hidden');
$('#profile-keys_download-date').text('<?php echo langHdl('none'); ?>');
}

// handle button click redirection to profile page
$("#open_user_keys_management").on('click', function(event) {
event.preventDefault();
document.location.href = "index.php?page=profile&tab=keys";
});
}
}
);
Expand Down Expand Up @@ -515,13 +531,40 @@ function(data) {
'<div class="form-group">'+
'<?php echo langHdl('generate_new_keys_info'); ?>' +
'</div>' +
'<div class="input-group mb-2 hidden" id="new-encryption-div">' +
'<div class="input-group-prepend">' +
'<span class="input-group-text"><?php echo langHdl('confirm_password'); ?></span>' +
'<div class="hidden" id="new-encryption-div">' +
'<div class="row">' +
'<div class="input-group mb-2">' +
'<div class="input-group-prepend">' +
'<span class="input-group-text"><?php echo langHdl('confirm_password'); ?></span>' +
'</div>' +
'<input id="encryption-otp" type="password" class="form-control form-item-control" value="'+store.get('teampassUser').pwd+'">' +
'<div class="input-group-append">' +
'<button class="btn btn-outline-secondary btn-no-click" id="show-encryption-otp" title="<?php echo langHdl('mask_pw'); ?>"><i class="fas fa-low-vision"></i></button>' +
'</div>' +
'</div>' +
'</div>' +
'<div class="row mt-2<?php echo isset($SETTINGS['enable_pf_feature']) === true && (int) $SETTINGS['enable_pf_feature'] === 1 ? '' : ' hidden'; ?>">' +
'<h6><?php echo langHdl('provide_recovery_keys'); ?></h6>' +
'<div class="input-group mb-2">' +
'<div class="input-group-prepend">' +
'<span class="input-group-text"><?php echo langHdl('public_key'); ?></span>' +
'</div>' +
'<textarea rows="1" id="recovery-public-key" class="form-control form-item-control"></textarea>' +
'</div>' +
'<div class="input-group mb-2">' +
'<div class="input-group-prepend">' +
'<span class="input-group-text"><?php echo langHdl('private_key'); ?></span>' +
'</div>' +
'<textarea rows="2" id="recovery-private-key" class="form-control form-item-control"></textarea>' +
'</div>' +
'</div>' +
'<input id="encryption-otp" type="password" class="form-control form-item-control" value="'+store.get('teampassUser').pwd+'">' +
'<div class="input-group-append">' +
'<button class="btn btn-outline-secondary btn-no-click" id="show-encryption-otp" title="<?php echo langHdl('mask_pw'); ?>"><i class="fas fa-low-vision"></i></button>' +
'<div class="row mt-2<?php echo isset($SETTINGS['enable_pf_feature']) === true && (int) $SETTINGS['enable_pf_feature'] === 1 ? '' : ' hidden'; ?>">' +
'<div class="alert" id="confirm-no-recovery-keys-div">' +
'<div class="form-check">' +
'<input type="checkbox" class="form-check-input" id="confirm-no-recovery-keys">' +
'<label class="form-check-label ml-1" for="confirm-no-recovery-keys"><?php echo langHdl('no_recovery_keys'); ?></label>' +
'</div>' +
'</div>' +
'</div>' +
'</div>',
'<?php echo langHdl('perform'); ?>',
Expand All @@ -540,6 +583,23 @@ function(data) {
.click(function(e) {
e.preventDefault();
});
$('#confirm-no-recovery-keys').click(function(e) {
//e.preventDefault();
if ($(this).prop('checked') === true) {
$('#confirm-no-recovery-keys-div').addClass('alert-danger');
} else {
$('#confirm-no-recovery-keys-div').removeClass('alert-danger');
}
});
$('#recovery-public-key, #recovery-private-key').focusout(function(e) {
e.preventDefault();
if ($('#recovery-public-key').val() !== '' && $('#recovery-private-key').val() !== '') {
$('#confirm-no-recovery-keys-div').removeClass('alert-danger');
$('#confirm-no-recovery-keys').prop('checked', false);
} else {

}
});

// Manage click on button PERFORM
$(document).on('click', '#warningModalButtonAction', function() {
Expand All @@ -553,12 +613,14 @@ function(data) {
} else if ($('#warningModalButtonAction').attr('data-button-confirm') === 'true') {
// As reencryption relies on user's password
// ensure we have it
if ($('#encryption-otp').val() === '') {
if ($('#encryption-otp').val() === '' ||
($('#recovery-public-key').val() === '' || $('#recovery-private-key').val() === '') && $('#confirm-no-recovery-keys').prop('checked') === false
) {
// No user password provided
$('#warningModalButtonAction')
.html('<?php echo langHdl('perform'); ?>')
.attr('data-button-confirm', 'false');

} else {
// We have the password, start reencryption
$('#warningModalButtonAction')
Expand All @@ -577,6 +639,9 @@ function(data) {
'send_email_to_user': true,
'email_body': 'email_body_user_config_4',
'generate_user_new_password': false,
'user_self_change': true,
'recovery_public_key': $('#recovery-public-key').val(),
'recovery_private_key': $('#recovery-private-key').val(),
};

$.post(
Expand Down
7 changes: 7 additions & 0 deletions includes/core/teampass_ascii.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@

_____ ____
|_ _|__ __ _ _ __ ___ | _ \ __ _ ___ ___
| |/ _ \/ _` | '_ ` _ \| |_) / _` / __/ __|
| | __/ (_| | | | | | | __/ (_| \__ \__ \
|_|\___|\__,_|_| |_| |_|_| \__,_|___/___/

13 changes: 13 additions & 0 deletions includes/language/bulgarian.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1129,5 +1129,18 @@
'settings_otv_subdomain_tip' => 'Dedicated subdomain for onetime links. Considere your main Teampass URL as isolated from internet, this subdomain could be reachable by everyone to share this item with someone outside your organisation. From security perspective it is a lot safer with such mechanics. Note: This would requite to have a DNS entry for this subdomain pointing to your Teampass server.',
'existing_valid_otv_links' => 'OTV valid links',
'started' => 'Started',
'recovery_keys_not_downloaded' => 'Recovery keys not downloaded',
'no_recovery_keys' => 'I do not have recovery keys. This will clear all passwords from my personal items.',
'provide_recovery_keys' => 'Provide your recovery keys',
'public_key' => 'Public key',
'private_key' => 'Private key',
'download_recovery_keys' => 'Download your recovery keys',
'download_recovery_keys_confirmation' => 'You are about to download your recovery keys. Please store them in a safe place as they should be mandatory in case of deasaster.',
'recovery_keys_download_date' => 'Recovery keys download date',
'keys_not_recovered' => 'Public and Private keys not stored',
'keys_not_recovered_explanation' => 'In order to prevent against any passwords lost, you should store safely your personal Teampass keys',
'get_your_recovery_keys' => 'Get your recovery keys',
'keys_management' => 'Keys management',
'please_confirm_task_to_be_run' => 'Please confirm the task to be performed',

);
13 changes: 13 additions & 0 deletions includes/language/catalan.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1129,5 +1129,18 @@
'settings_otv_subdomain_tip' => 'Dedicated subdomain for onetime links. Considere your main Teampass URL as isolated from internet, this subdomain could be reachable by everyone to share this item with someone outside your organisation. From security perspective it is a lot safer with such mechanics. Note: This would requite to have a DNS entry for this subdomain pointing to your Teampass server.',
'existing_valid_otv_links' => 'OTV valid links',
'started' => 'Started',
'recovery_keys_not_downloaded' => 'Recovery keys not downloaded',
'no_recovery_keys' => 'I do not have recovery keys. This will clear all passwords from my personal items.',
'provide_recovery_keys' => 'Provide your recovery keys',
'public_key' => 'Public key',
'private_key' => 'Private key',
'download_recovery_keys' => 'Download your recovery keys',
'download_recovery_keys_confirmation' => 'You are about to download your recovery keys. Please store them in a safe place as they should be mandatory in case of deasaster.',
'recovery_keys_download_date' => 'Recovery keys download date',
'keys_not_recovered' => 'Public and Private keys not stored',
'keys_not_recovered_explanation' => 'In order to prevent against any passwords lost, you should store safely your personal Teampass keys',
'get_your_recovery_keys' => 'Get your recovery keys',
'keys_management' => 'Keys management',
'please_confirm_task_to_be_run' => 'Please confirm the task to be performed',

);
13 changes: 13 additions & 0 deletions includes/language/chinese.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1129,5 +1129,18 @@
'settings_otv_subdomain_tip' => 'Dedicated subdomain for onetime links. Considere your main Teampass URL as isolated from internet, this subdomain could be reachable by everyone to share this item with someone outside your organisation. From security perspective it is a lot safer with such mechanics. Note: This would requite to have a DNS entry for this subdomain pointing to your Teampass server.',
'existing_valid_otv_links' => 'OTV valid links',
'started' => 'Started',
'recovery_keys_not_downloaded' => 'Recovery keys not downloaded',
'no_recovery_keys' => 'I do not have recovery keys. This will clear all passwords from my personal items.',
'provide_recovery_keys' => 'Provide your recovery keys',
'public_key' => 'Public key',
'private_key' => 'Private key',
'download_recovery_keys' => 'Download your recovery keys',
'download_recovery_keys_confirmation' => 'You are about to download your recovery keys. Please store them in a safe place as they should be mandatory in case of deasaster.',
'recovery_keys_download_date' => 'Recovery keys download date',
'keys_not_recovered' => 'Public and Private keys not stored',
'keys_not_recovered_explanation' => 'In order to prevent against any passwords lost, you should store safely your personal Teampass keys',
'get_your_recovery_keys' => 'Get your recovery keys',
'keys_management' => 'Keys management',
'please_confirm_task_to_be_run' => 'Please confirm the task to be performed',

);
13 changes: 13 additions & 0 deletions includes/language/czech.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1129,5 +1129,18 @@
'settings_otv_subdomain_tip' => 'Dedicated subdomain for onetime links. Considere your main Teampass URL as isolated from internet, this subdomain could be reachable by everyone to share this item with someone outside your organisation. From security perspective it is a lot safer with such mechanics. Note: This would requite to have a DNS entry for this subdomain pointing to your Teampass server.',
'existing_valid_otv_links' => 'OTV valid links',
'started' => 'Started',
'recovery_keys_not_downloaded' => 'Recovery keys not downloaded',
'no_recovery_keys' => 'I do not have recovery keys. This will clear all passwords from my personal items.',
'provide_recovery_keys' => 'Provide your recovery keys',
'public_key' => 'Public key',
'private_key' => 'Private key',
'download_recovery_keys' => 'Download your recovery keys',
'download_recovery_keys_confirmation' => 'You are about to download your recovery keys. Please store them in a safe place as they should be mandatory in case of deasaster.',
'recovery_keys_download_date' => 'Recovery keys download date',
'keys_not_recovered' => 'Public and Private keys not stored',
'keys_not_recovered_explanation' => 'In order to prevent against any passwords lost, you should store safely your personal Teampass keys',
'get_your_recovery_keys' => 'Get your recovery keys',
'keys_management' => 'Keys management',
'please_confirm_task_to_be_run' => 'Please confirm the task to be performed',

);
13 changes: 13 additions & 0 deletions includes/language/dutch.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1129,5 +1129,18 @@
'settings_otv_subdomain_tip' => 'Dedicated subdomain for onetime links. Considere your main Teampass URL as isolated from internet, this subdomain could be reachable by everyone to share this item with someone outside your organisation. From security perspective it is a lot safer with such mechanics. Note: This would requite to have a DNS entry for this subdomain pointing to your Teampass server.',
'existing_valid_otv_links' => 'OTV valid links',
'started' => 'Started',
'recovery_keys_not_downloaded' => 'Recovery keys not downloaded',
'no_recovery_keys' => 'I do not have recovery keys. This will clear all passwords from my personal items.',
'provide_recovery_keys' => 'Provide your recovery keys',
'public_key' => 'Public key',
'private_key' => 'Private key',
'download_recovery_keys' => 'Download your recovery keys',
'download_recovery_keys_confirmation' => 'You are about to download your recovery keys. Please store them in a safe place as they should be mandatory in case of deasaster.',
'recovery_keys_download_date' => 'Recovery keys download date',
'keys_not_recovered' => 'Public and Private keys not stored',
'keys_not_recovered_explanation' => 'In order to prevent against any passwords lost, you should store safely your personal Teampass keys',
'get_your_recovery_keys' => 'Get your recovery keys',
'keys_management' => 'Keys management',
'please_confirm_task_to_be_run' => 'Please confirm the task to be performed',

);
Loading

0 comments on commit b207d00

Please sign in to comment.