Lock vault after 3 wrong attempts (Fixes #197)

    Fix share button, fix shared_key not added to storedCredential after sharing (Fixes #249)
    Add password app importer. Fixes #248
    Fix version check via proxy. Fixes #237
    Fix activity app not filtering. Fixes #246
    Add EnPass txt importer. Fixes #159
    Fix for disabled share button
    Require vault key for export. Fixes #199
    Indicate that sharing only works with users that have 1 or more vaults.
    Fixes #242
    Reset tags on logout. Fixes #245
    Ability to enter OTP secret manually. Fixes #198
    Create teampass importer. Fixes #244

ISSUE_TEMPLATE.md

@@ -8,7 +8,7 @@ To make it possible for us to help you please fill out below information careful
 If you like to make a feature request, please remove the issue template.
 If you want to fill in a issue, remove the feature request template.
 --> 
-##Issue
+## Bug report
 
 ### Steps to reproduce
 1.
@@ -41,10 +41,8 @@ Tell us what happens instead
 **cloud server:** Nextcloud or ownCloud
 
 **cloud version:** (see admin page or version.php)
-
 
 
-          
 #### Browser log
 <details>
 <summary>Browser log</summary>

README.md

@@ -1,16 +1,43 @@
 #Passman
+Passman is a full featured password manager.
 
 [![Build Status](https://travis-ci.org/nextcloud/passman.svg?branch=master)](https://travis-ci.org/nextcloud/passman)
 [![Codacy Badge](https://api.codacy.com/project/badge/Grade/749bb288c9fd4592a73056549d44a85e)](https://www.codacy.com/app/brantje/passman?utm_source=github.com&utm_medium=referral&utm_content=nextcloud/passman&utm_campaign=Badge_Grade)
 [![Codacy Badge](https://api.codacy.com/project/badge/Coverage/749bb288c9fd4592a73056549d44a85e)](https://www.codacy.com/app/brantje/passman?utm_source=github.com&utm_medium=referral&utm_content=nextcloud/passman&utm_campaign=Badge_Coverage)
 [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/nextcloud/passman/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/nextcloud/passman/?branch=master)
 
 
-Passman is a full featured password manager.
-Features:
+## Contents
+* [Screenshots](https://github.com/nextcloud/passman#Screenshots) 
+* [Features](https://github.com/nextcloud/passman#features) 
+* [External apps](https://github.com/nextcloud/passman#external-apps)
+* [Security](https://github.com/nextcloud/passman#security)
+  * [Password generation](https://github.com/nextcloud/passman#password-generation)
+  * [Storing credentials](https://github.com/nextcloud/passman#storing-credentials)
+* [API](https://github.com/nextcloud/passman#api)
+* [Docker](https://github.com/nextcloud/passman#docker)
+* [Maintainers](https://github.com/nextcloud/passman#main-developers)
+* [Contributors](https://github.com/nextcloud/passman#contributors)
+
+
+
+
+##Screenshots
+![Logged in to vault](http://i.imgur.com/ciShQZg.png)   
+
+![Credential selected](http://i.imgur.com/3tENldT.png)   
+
+![Edit credential](http://i.imgur.com/Iwm3hUe.png)   
+
+![Password tool](http://i.imgur.com/ZYkN70r.png)
+
+For more screenshots: [Click here](http://imgur.com/a/giKVt)
+
+
+## Features:
 - Vaults
 - Vault key is never sent to the server
-- Credentials are stored with 256 bit AES
+- Credentials are stored with 256 bit AES (see [security](https://github.com/nextcloud/passman#security))
 - Ability to add custom fields to credentials
 - Built-in OTP(One Time Password) generator
 - Password analyzer
@@ -21,18 +48,20 @@ Features:
   - DashLane
   - ZOHO
   - Clipperz.is
-
+  - EnPass
+  - [ocPasswords](https://github.com/fcturner/passwords)
+
 
 For a demo of this app visit [https://demo.passman.cc](https://demo.passman.cc)
 
 ## Tested on
 - NextCloud 10 / 11
 - ownCloud 9.1+
 
-## Browser extensions
-At this moment we don't have any extensions available, sorry!   
-However, if you're interested in helping us (or you want to guide us while building)   
-Check out: https://github.com/nextcloud/passman-chrome-extension
+
+## External apps
+- [Firefox / chrome extension](https://github.com/nextcloud/passman-webextension)
+- [Android app](https://github.com/nextcloud/passman-android)
 
 
 ## Supported databases
@@ -44,28 +73,46 @@ Check out: https://github.com/nextcloud/passman-chrome-extension
 Untested databases:
 - pgsql
 
+## Security
 
-##Screenshots
-![Logged in to vault](http://i.imgur.com/ciShQZg.png)   
+### Password generation
+Passman features a build in password generator.
+Not it only generates passwords, but it also measures their strength using [zxcvbn](https://github.com/dropbox/zxcvbn).   
+![](http://i.imgur.com/2qVBUfM.png)   
 
-![Credential selected](http://i.imgur.com/3tENldT.png)   
+Generate passwords as you like   
+![](http://i.imgur.com/jcRicOV.png)   
+Passwords are generated using the random functions from `sjcl`.
 
-![Edit credential](http://i.imgur.com/Iwm3hUe.png)   
 
-![Password tool](http://i.imgur.com/ZYkN70r.png)
+### Storing credentials
+All passwords are encrypted client side using [sjcl](https://github.com/bitwiseshiftleft/sjcl) which uses AES-256 bit.
+Users supply a vault key which is feed into sjcl as encryption key.
+After the credentials are encrypted they are send to the server, there they will be encrypted again.
+This time using the following routine:
+- A key is generated using `passwordsalt` and `secret` from config.php *so back those up*
+- Then the key is [stretched](http://en.wikipedia.org/wiki/Key_stretching) using [Password-Based Key Derivation Function 2](http://en.wikipedia.org/wiki/PBKDF2) (PBKDF2).
+- [Encrypt-then-MAC](http://en.wikipedia.org/wiki/Authenticated_encryption#Approaches_to_Authenticated_Encryption) (EtM) is used for ensuring the authenticity of the encrypted data.
+- Uses openssl with the `aes-256-cbc` ciper.
+- [Initialization vector](http://en.wikipedia.org/wiki/Initialization_vector) (IV) is hidden
+- [Double Hash-based Message Authentication Code](http://en.wikipedia.org/wiki/Hash-based_message_authentication_code) (HMAC) is applied for verification of the source data.
 
-For more screenshots: [Click here](http://imgur.com/a/giKVt)
 
-## Encryption (server side)
-All passwords are encrypted client side AND server side.
-This means that if you move to another server you have to backup the following from config.php
-- `passwordsalt`
-- `secret`
+### Sharing credentials.
+Passman allows users to share passwords (this can be turned off by an administrator). 
 
-## Support Passman
-If you like passman, support us via [patreon](https://www.patreon.com/user?u=4833592) or [paypal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6YS8F97PETVU2)
 
 
+## API 
+For developers passman offers an [api](https://github.com/nextcloud/passman/wiki/API).
+
+## Support Passman
+Passman is open source, but we would gladly accept a beer (or pizza!)   
+Please consider donating via
+- [Paypal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6YS8F97PETVU2)
+- [Patreon](https://www.patreon.com/user?u=4833592)
+- Bitcoin: 1H2c5tkGX54n48yEtM4Wm4UrAGTW85jQpe
+
 ## Code reviews
 If you have any improvements regarding our code.
 Please do the following
@@ -77,8 +124,8 @@ Please do the following
 Or if you're feeling lazy, create an issue, and we'll think about it.
 
 ## Docker
-To run passman with docker you can use `docker run  -p 8080:80 -p 8443:443 brantje/passman`
-To use your own SSL cert mount them as below   
+To run passman with docker you can use `docker run  -p 8080:80 -p 8443:443 brantje/passman`   
+You have to supply your own ssl certs.   
 Example:   
 `docker run -p 8080:80 -p 8443:443 -v /directory/cert.pem:/data/ssl/cert.pem -v /directory/cert.key:/data/ssl/cert.key brantje/passman`
 

appinfo/app.php

@@ -40,7 +40,7 @@
 $manager = \OC::$server->getActivityManager();
 $manager->registerExtension(function() {
 	return new Activity(
-		\OC::$server->getL10NFactory()
+		\OC::$server->getURLGenerator()
 	);
 });
 

appinfo/info.xml

@@ -18,7 +18,7 @@ For an demo of this app visit [https://demo.passman.cc](https://demo.passman.cc)
 ]]></description>
 
     <licence>AGPL</licence>
-    <version>2.0.2</version>
+    <version>2.1.0</version>
     <author homepage="https://github.com/brantje">Sander Brand</author>
     <author homepage="https://github.com/animalillo">Marcos Zuriaga</author>
     <namespace>Passman</namespace>

controller/translationcontroller.php

@@ -69,6 +69,7 @@ public function getLanguageStrings() {
 
 			// js/app/controllers/import.js
 			'import.file.read' => $this->trans->t('File read successfully!'),
+			'import.steps' => $this->trans->t('Follow the following steps to import your file'),
 
 			'import.no.label' => $this->trans->t('Credential has no label, skipping'),
 			'import.adding' => $this->trans->t('Adding {{credential}}'),
@@ -144,7 +145,7 @@ public function getLanguageStrings() {
 
 
 			// templates/views/partials/edit_credential/otp.html
-			'upload.qr' => $this->trans->t('Upload your OTP qr code'),
+			'upload.qr' => $this->trans->t('Upload or enter your OTP secret'),
 			'current.qr' => $this->trans->t('Current OTP settings'),
 			'issuer' => $this->trans->t('Issuer'),
 			'secret' => $this->trans->t('Secret'),
@@ -173,6 +174,7 @@ public function getLanguageStrings() {
 			// templates/views/partials/forms/settings/export.html
 			'export.type' => $this->trans->t('Export type'),
 			'export' => $this->trans->t('Export'),
+			'export.confirm.text' => $this->trans->t('Enter vault password to confirm export.'),
 
 			// templates/views/partials/forms/settings/general_settings.html
 			'rename.vault' => $this->trans->t('Rename vault'),
@@ -226,6 +228,7 @@ public function getLanguageStrings() {
 
 			// templates/vieuws/partials/forms/share_credential/basics.html
 			'search.u.g' => $this->trans->t('Search users or groups...'),
+			'search.result.missing' => $this->trans->t('Missing users? Only users that have vaults are shown.'),
 			'cyphering' => $this->trans->t('Cyphering'),
 			'uploading' => $this->trans->t('Uploading'),
 			'user' => $this->trans->t('User'),
@@ -325,6 +328,7 @@ public function getLanguageStrings() {
 			'accept' => $this->trans->t('Accept'),
 			'decline' => $this->trans->t('Decline'),
 			'session.time.left' => $this->trans->t('You have {{session_time}} left before logout.'),
+			'vault.locked' => $this->trans->t('Your vault has been locked for {{time}} because of {{tries}} failed attempts!'),
 
 			// templates/views/vaults.html
 			'last.access' => $this->trans->t('Last accessed'),