Passman 2.1.0

    Lock vault after 3 wrong attempts (Fixes #197)
    Fix share button, fix shared_key not added to storedCredential after sharing (Fixes #249)
    Add password app importer. Fixes #248
    Fix version check via proxy. Fixes #237
    Fix activity app not filtering. Fixes #246
    Add EnPass txt importer. Fixes #159
    Fix for disabled share button
    Require vault key for export. Fixes #199
    Indicate that sharing only works with users that have 1 or more vaults.
    Fixes #242
    Reset tags on logout. Fixes #245
    Ability to enter OTP secret manually. Fixes #198
    Create teampass importer. Fixes #244

Signed-off-by: Passman Bot <info@passman.cc>

ISSUE_TEMPLATE.md

@@ -4,7 +4,12 @@ This is the bug tracker for the Passman. Find passman-webextension at https://gi
 
 
 To make it possible for us to help you please fill out below information carefully.
+
+If you like to make a feature request, please remove the issue template.
+If you want to fill in a issue, remove the feature request template.
 --> 
+## Bug report
+
 ### Steps to reproduce
 1.
 2.
@@ -19,17 +24,24 @@ Tell us what happens instead
 ### Configuration
 **Operating system**:   
 
-
-**Browser**:   
-
-
+**Browser**:      
+
 **Extensions that might cause interference**:   
-
-
+
 **Passman version**:    
-
-
-**Nextcloud version**:
+
+**Operating system**:
+
+**Web server:**
+
+**Database:**
+
+**PHP version:**
+
+**cloud server:** Nextcloud or ownCloud
+
+**cloud version:** (see admin page or version.php)
+
 
 #### Browser log
 <details>
@@ -41,4 +53,49 @@ a) The javascript console log
 b) The network log
 c) ...
 ```
-</details>   
+</details>   
+
+
+#### Cloud log
+<!--
+The log has the name owncloud.log or nextcloud.log and is found in the data folder
+-->
+
+<details>
+<summary>Cloud log</summary>
+
+```
+Insert your cloud log here
+```
+</details>
+
+
+## Feature request
+
+**User type**: Logged-in or public user
+
+**User level**: Beginners, intermediate or advanced
+
+### Description
+<!--
+Please try to give as much information as you can about your request
+-->
+
+### Benefit / value
+<!--
+Please explain how it could benefit users of the app, other apps or 3rd party services
+-->
+
+### Risk / caveats
+<!--
+Please explain the risks and caveats associated with this request
+-->
+
+### Sponsorship
+<!--
+This greatly accelerates the delivery of a feature
+-->
+
+**Are you a developer willing to implement this feature?**: yes/no
+
+**Can you sponsor the development of this feature or do you know someone who can?**: yes/no

README.md

@@ -1,16 +1,43 @@
 #Passman
+Passman is a full featured password manager.
 
 [![Build Status](https://travis-ci.org/nextcloud/passman.svg?branch=master)](https://travis-ci.org/nextcloud/passman)
 [![Codacy Badge](https://api.codacy.com/project/badge/Grade/749bb288c9fd4592a73056549d44a85e)](https://www.codacy.com/app/brantje/passman?utm_source=github.com&utm_medium=referral&utm_content=nextcloud/passman&utm_campaign=Badge_Grade)
 [![Codacy Badge](https://api.codacy.com/project/badge/Coverage/749bb288c9fd4592a73056549d44a85e)](https://www.codacy.com/app/brantje/passman?utm_source=github.com&utm_medium=referral&utm_content=nextcloud/passman&utm_campaign=Badge_Coverage)
 [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/nextcloud/passman/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/nextcloud/passman/?branch=master)
 
 
-Passman is a full featured password manager.
-Features:
+## Contents
+* [Screenshots](https://github.com/nextcloud/passman#Screenshots) 
+* [Features](https://github.com/nextcloud/passman#features) 
+* [External apps](https://github.com/nextcloud/passman#external-apps)
+* [Security](https://github.com/nextcloud/passman#security)
+  * [Password generation](https://github.com/nextcloud/passman#password-generation)
+  * [Storing credentials](https://github.com/nextcloud/passman#storing-credentials)
+* [API](https://github.com/nextcloud/passman#api)
+* [Docker](https://github.com/nextcloud/passman#docker)
+* [Maintainers](https://github.com/nextcloud/passman#main-developers)
+* [Contributors](https://github.com/nextcloud/passman#contributors)
+
+
+
+
+##Screenshots
+![Logged in to vault](http://i.imgur.com/ciShQZg.png)   
+
+![Credential selected](http://i.imgur.com/3tENldT.png)   
+
+![Edit credential](http://i.imgur.com/Iwm3hUe.png)   
+
+![Password tool](http://i.imgur.com/ZYkN70r.png)
+
+For more screenshots: [Click here](http://imgur.com/a/giKVt)
+
+
+## Features:
 - Vaults
 - Vault key is never sent to the server
-- Credentials are stored with 256 bit AES
+- Credentials are stored with 256 bit AES (see [security](https://github.com/nextcloud/passman#security))
 - Ability to add custom fields to credentials
 - Built-in OTP(One Time Password) generator
 - Password analyzer
@@ -21,18 +48,20 @@ Features:
   - DashLane
   - ZOHO
   - Clipperz.is
-
+  - EnPass
+  - [ocPasswords](https://github.com/fcturner/passwords)
+
 
 For a demo of this app visit [https://demo.passman.cc](https://demo.passman.cc)
 
 ## Tested on
 - NextCloud 10 / 11
 - ownCloud 9.1+
 
-## Browser extensions
-At this moment we don't have any extensions available, sorry!   
-However, if you're interested in helping us (or you want to guide us while building)   
-Check out: https://github.com/nextcloud/passman-chrome-extension
+
+## External apps
+- [Firefox / chrome extension](https://github.com/nextcloud/passman-webextension)
+- [Android app](https://github.com/nextcloud/passman-android)
 
 
 ## Supported databases
@@ -44,28 +73,46 @@ Check out: https://github.com/nextcloud/passman-chrome-extension
 Untested databases:
 - pgsql
 
+## Security
 
-##Screenshots
-![Logged in to vault](http://i.imgur.com/ciShQZg.png)   
+### Password generation
+Passman features a build in password generator.
+Not it only generates passwords, but it also measures their strength using [zxcvbn](https://github.com/dropbox/zxcvbn).   
+![](http://i.imgur.com/2qVBUfM.png)   
 
-![Credential selected](http://i.imgur.com/3tENldT.png)   
+Generate passwords as you like   
+![](http://i.imgur.com/jcRicOV.png)   
+Passwords are generated using the random functions from `sjcl`.
 
-![Edit credential](http://i.imgur.com/Iwm3hUe.png)   
 
-![Password tool](http://i.imgur.com/ZYkN70r.png)
+### Storing credentials
+All passwords are encrypted client side using [sjcl](https://github.com/bitwiseshiftleft/sjcl) which uses AES-256 bit.
+Users supply a vault key which is feed into sjcl as encryption key.
+After the credentials are encrypted they are send to the server, there they will be encrypted again.
+This time using the following routine:
+- A key is generated using `passwordsalt` and `secret` from config.php *so back those up*
+- Then the key is [stretched](http://en.wikipedia.org/wiki/Key_stretching) using [Password-Based Key Derivation Function 2](http://en.wikipedia.org/wiki/PBKDF2) (PBKDF2).
+- [Encrypt-then-MAC](http://en.wikipedia.org/wiki/Authenticated_encryption#Approaches_to_Authenticated_Encryption) (EtM) is used for ensuring the authenticity of the encrypted data.
+- Uses openssl with the `aes-256-cbc` ciper.
+- [Initialization vector](http://en.wikipedia.org/wiki/Initialization_vector) (IV) is hidden
+- [Double Hash-based Message Authentication Code](http://en.wikipedia.org/wiki/Hash-based_message_authentication_code) (HMAC) is applied for verification of the source data.
 
-For more screenshots: [Click here](http://imgur.com/a/giKVt)
 
-## Encryption (server side)
-All passwords are encrypted client side AND server side.
-This means that if you move to another server you have to backup the following from config.php
-- `passwordsalt`
-- `secret`
+### Sharing credentials.
+Passman allows users to share passwords (this can be turned off by an administrator). 
 
-## Support Passman
-If you like passman, support us via [patreon](https://www.patreon.com/user?u=4833592) or [paypal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6YS8F97PETVU2)
 
 
+## API 
+For developers passman offers an [api](https://github.com/nextcloud/passman/wiki/API).
+
+## Support Passman
+Passman is open source, but we would gladly accept a beer (or pizza!)   
+Please consider donating via
+- [Paypal](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6YS8F97PETVU2)
+- [Patreon](https://www.patreon.com/user?u=4833592)
+- Bitcoin: 1H2c5tkGX54n48yEtM4Wm4UrAGTW85jQpe
+
 ## Code reviews
 If you have any improvements regarding our code.
 Please do the following
@@ -77,8 +124,8 @@ Please do the following
 Or if you're feeling lazy, create an issue, and we'll think about it.
 
 ## Docker
-To run passman with docker you can use `docker run  -p 8080:80 -p 8443:443 brantje/passman`
-To use your own SSL cert mount them as below   
+To run passman with docker you can use `docker run  -p 8080:80 -p 8443:443 brantje/passman`   
+You have to supply your own ssl certs.   
 Example:   
 `docker run -p 8080:80 -p 8443:443 -v /directory/cert.pem:/data/ssl/cert.pem -v /directory/cert.key:/data/ssl/cert.key brantje/passman`
 

appinfo/app.php

@@ -40,7 +40,7 @@
 $manager = \OC::$server->getActivityManager();
 $manager->registerExtension(function() {
 	return new Activity(
-		\OC::$server->getL10NFactory()
+		\OC::$server->getURLGenerator()
 	);
 });
 

appinfo/info.xml

@@ -18,7 +18,7 @@ For an demo of this app visit [https://demo.passman.cc](https://demo.passman.cc)
 ]]></description>
 
     <licence>AGPL</licence>
-    <version>2.0.2</version>
+    <version>2.1.0</version>
     <author homepage="https://github.com/brantje">Sander Brand</author>
     <author homepage="https://github.com/animalillo">Marcos Zuriaga</author>
     <namespace>Passman</namespace>

controller/translationcontroller.php

@@ -69,6 +69,7 @@ public function getLanguageStrings() {
 
 			// js/app/controllers/import.js
 			'import.file.read' => $this->trans->t('File read successfully!'),
+			'import.steps' => $this->trans->t('Follow the following steps to import your file'),
 
 			'import.no.label' => $this->trans->t('Credential has no label, skipping'),
 			'import.adding' => $this->trans->t('Adding {{credential}}'),
@@ -144,7 +145,7 @@ public function getLanguageStrings() {
 
 
 			// templates/views/partials/edit_credential/otp.html
-			'upload.qr' => $this->trans->t('Upload your OTP qr code'),
+			'upload.qr' => $this->trans->t('Upload or enter your OTP secret'),
 			'current.qr' => $this->trans->t('Current OTP settings'),
 			'issuer' => $this->trans->t('Issuer'),
 			'secret' => $this->trans->t('Secret'),
@@ -173,6 +174,7 @@ public function getLanguageStrings() {
 			// templates/views/partials/forms/settings/export.html
 			'export.type' => $this->trans->t('Export type'),
 			'export' => $this->trans->t('Export'),
+			'export.confirm.text' => $this->trans->t('Enter vault password to confirm export.'),
 
 			// templates/views/partials/forms/settings/general_settings.html
 			'rename.vault' => $this->trans->t('Rename vault'),
@@ -226,6 +228,7 @@ public function getLanguageStrings() {
 
 			// templates/vieuws/partials/forms/share_credential/basics.html
 			'search.u.g' => $this->trans->t('Search users or groups...'),
+			'search.result.missing' => $this->trans->t('Missing users? Only users that have vaults are shown.'),
 			'cyphering' => $this->trans->t('Cyphering'),
 			'uploading' => $this->trans->t('Uploading'),
 			'user' => $this->trans->t('User'),
@@ -325,6 +328,7 @@ public function getLanguageStrings() {
 			'accept' => $this->trans->t('Accept'),
 			'decline' => $this->trans->t('Decline'),
 			'session.time.left' => $this->trans->t('You have {{session_time}} left before logout.'),
+			'vault.locked' => $this->trans->t('Your vault has been locked for {{time}} because of {{tries}} failed attempts!'),
 
 			// templates/views/vaults.html
 			'last.access' => $this->trans->t('Last accessed'),

l10n/pl.js

@@ -284,4 +284,4 @@ OC.L10N.register(
     "Dismiss" : "Odrzuć",
     "seconds ago" : "sekund temu"
 },
-"nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);");
+"nplurals=4; plural=(n==1 ? 0 : (n%10>=2 && n%10<=4) && (n%100<12 || n%100>=14) ? 1 : n!=1 && (n%10>=0 && n%10<=1) || (n%10>=5 && n%10<=9) || (n%100>=12 && n%100<=14) ? 2 : 3);");

l10n/pl.json

@@ -281,5 +281,5 @@
     "Saving..." : "Zapisywanie...",
     "Dismiss" : "Odrzuć",
     "seconds ago" : "sekund temu"
-},"pluralForm" :"nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);"
+},"pluralForm" :"nplurals=4; plural=(n==1 ? 0 : (n%10>=2 && n%10<=4) && (n%100<12 || n%100>=14) ? 1 : n!=1 && (n%10>=0 && n%10<=1) || (n%10>=5 && n%10<=9) || (n%100>=12 && n%100<=14) ? 2 : 3);"
 }