WebKeyPass
PHP JavaScript
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Controller
DependencyInjection
Entity
Form
Resources
install
COPYING
INSTALL
README
UCLWebKeyPassBundle.php

README

UCL WebKeyPass

Description
-----------

A simple web application for storing passwords and other pieces of
information about servers.

The servers and their virtual machines can be categorized (e.g. by
operating systems). A hierarchy is displayed in a side panel. Misc nodes
can also be added. This can be useful for licenses, web sites, databases
or other things.

To access the data, a login is necessary. There is a form to create a
user. A user can be a normal user or an admin. Admins have access to an
admin zone, where they can activate or edit other user accounts, and see
a log of logins/logouts by month. Admins can also create the master key
and encrypt the master key for other users (more information below).

The Symfony 2 PHP web framework is used. This repository contains only a
bundle. See the file INSTALL for the installation.

Security
--------

Each user has a username and a password. The password can be modified at
any time. The user passwords are hashed and stored in the database. So
far so good.

The user must also provide a private key. Initially, when the user
account is created, this private key is stored as-is in the database.
But this is temporary.

An admin must provide the master key, in the admin zone. The master key
is then encrypted with the private key of the admin. The admin can also
encrypt the master key for other users. Once the master key is encrypted
for a certain user, his or her private key field is emptied.

Users must provide each time their private key when they log in, to be
able to decrypt the master key.

The purpose of all this system is to encrypt and decrypt the server
passwords with the master key.

Shibboleth
----------

Shibboleth is an authentication system used at the UCL. When creating a
new user account, WebKeyPass detects if the user is already
authenticated with Shibboleth. If yes, some fields of the form are
filled (username, name, e-mail, etc.). The private key is taken from
Shibboleth too.

If a user has created an account with Shibboleth, he or she must enter a
username/password to login. If the user is not authenticated with
Shibboleth, the user can enter manually his private key.

Structure of the code
---------------------

The architecture of the code follows mainly the Symfony 2 best
practices. There is one difference though: in the Form/ directory, the
classes are named *Form.php instead of *Type.php. So when we see the
name "Form", we know that it is a form…

The Controller/ directory is quite big, but most of the files are really
small. There are three types of classes there:
- Controller classes. All controlers derives from the MainController.
  Another important controller is the NodeController, which is the base
  class for displaying a node. For example, to display a category, the
  CategoryNodeController is used.

- Action classes. Each possible action (which modifies in a certain
  manner the data) has an associated Action class. Action.php is the
  base class. For an action involving a form, there is FormAction. To
  take an example, there is the EditServerAction class for editing a
  server. The actions have an access to the controller object, to set
  the successful message, redirect the page, save the data to the
  database, etc.

- Other classes: Icons, MasterKey, PrivateKey, Settings and Shibboleth.


To display the tree in the side panel, the JQuery jsTree plugin is used.
The size of the icons is 16x16.