Commit 9cff30b2 authored by chickahoona's avatar chickahoona

Refactoring

parent 35ba81ee
......@@ -97,7 +97,7 @@ job-deploy-chrome:
image: ubuntu:16.04
script:
- sh ./var/build-ubuntu.sh
- sh ./var/build-chrome-extension.sh
- sh ./var/package-chrome-extension.sh
- sh ./var/deploy-chrome-extension.sh
environment:
name: chrome-webstore
......@@ -111,7 +111,7 @@ job-deploy-firefox:
image: ubuntu:16.04
script:
- sh ./var/build-ubuntu.sh
- sh ./var/build-firefox-extension.sh
- sh ./var/package-firefox-extension.sh
- sh ./var/deploy-firefox-extension.sh
environment:
name: firefox-webstore
......
# Change Log
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).
## [Unreleased]
### Added
- User Validation Challenge
- Forward Security Encryption Layer
- Password Sharing
- User Logout
- User Login
- User Registration
\ No newline at end of file
......@@ -26,6 +26,9 @@ The canonical source of PSONO Client is [hosted on GitLab.com](https://gitlab.co
## as Docker Web Client
The latest build of our Web Client as a docker image can be found here: https://hub.docker.com/r/psono/psono-client/
Follow belows instructions to bring it online.
1. Create config
The client will offer a pre-filled "Server Address". Its supposed to be the address where you see
......@@ -43,7 +46,12 @@ The canonical source of PSONO Client is [hosted on GitLab.com](https://gitlab.co
If you open now http://your-ip:10100 you should see a beautiful login screen.
If not, please make sure you have no firewall on the server blocking you.
3. Setup nginx (or apache) relay
For a config that is suitable for production use take a look at:
./configs/nginx-docker.conf
Two things you should be aware of:
......@@ -56,8 +64,8 @@ in `@example.com` where `example.com` is in your `settings.yaml` in the `ALLOWED
# Preamble
The following steps are verified on Ubuntu 16.04 LTS. Ubuntu 12.04+ LTS and Debian based systems should be similar if not
even identical.
The following steps are verified on Ubuntu 16.04 LTS. Ubuntu 12.04+ LTS and Debian based systems should be similar if not
even identical.
# Install for developers
......@@ -85,83 +93,79 @@ you may install belows dependencies and execute below mentioned commands.
# How to create a release
0. Preamble
1. Wait for the build / tests to finish on the develop branch
2. Merge develop branch into master branch
3. Wait for the build / tests to finish on the master branch
4. Create new Tag with the version information e.g v1.0.14 and provide adequate information for the Changelog
This whole guide is based on Ubuntu 16.04 LTS. Ubuntu 12.04+ LTS and Debian based systems should be similar if not
even identical.
# How to build and deploy extensions
Build and deployment are automated in the build pipeline and distributed as artifacts, but if someone wants
to build / publish his own version of this extension, then follow the following guide.
1. Pre-requirements
Follow the steps of the `Install for developers` section
2. Update your Firefox API key
Make sure that your Firefox API key is in located in `~/.psono_client/apikey_addons_mozilla_org/key.json` in the
following format
2. (optional) Update the manifest
{
"issuer": "user:123467:789",
"secret": "15c686fea..."
}
(replace the values with your api credentials from addons.mozilla.org)
3. Execute Script
The following script will create a new firefox and chrome update with a new version. In addition it will create
the appropriate tags and update the develop and master branch.
If you want to publish an own version in the chrome / firefox app store, then you have to update
the name / description / version before, otherwise you will run into naming conflicts.
You can skip this step if you do not want to upload it to the official app stores.
./var/release.sh
# How to build extensions
2. Build
1. Pre-requirements
Make sure that your Firefox API key is in
2. Update your Firefox API key
To build the Chrome and Firefox extensions (and Web Client) execute the following command:
Make sure that your Firefox API key is in located in `~/.psono_client/apikey_addons_mozilla_org/key.json` in the
following format
{
"issuer": "user:123467:789",
"secret": "15c686fea..."
}
(replace the values with your api credentials from addons.mozilla.org)
3. Pack Chrome extension for release
gulp
gulp crx
This will build the raw extension folders (which you can use to load as unpacked extension for previews in your browser)
3. Packaging
(make sure to run gulp without parameter first)
The packaging is done nowadays in a simple zip file. You can do so manually, or execute:
After this command you will find in ./dist/chrome/psono.PW.crx (and ./dist/chrome/psono.PW.update.xml)
./var/package-chrome-extension.sh
or for firefox:
4. Pack Firefox extension for release
./var/package-firefox-extension.sh
gulp xpi
4. Deploy
(make sure to run gulp without parameter first)
The deployment is a simple upload to:
After this command you will find ./dist/firefox/psono.PW.xpi (and the unsigned version
./dist/firefox/psono.PW.unsigned.xpi)
If you do not want to create an official signed version and only want to create the unsigned version you can do:
- https://chrome.google.com/webstore/developer/dashboard
or for firefox:
gulp xpiunsigned
- https://addons.mozilla.org/de/developers/addons
Only ./dist/firefox/psono.PW.unsigned.xpi will be created.
This process has been automated in our build pipeline and needs some investment on your side to gather all keys and
so on if to replicate it (if you want it). The scripts responsible here are:
./var/deploy-chrome-extension.sh
5. (optional) Pack chrome and firefox for release
or for firefox:
The "All In One" command is:
./var/deploy-firefox-extension.sh
# How to build and deploy the Web Client
Build and deployment are automated in the build pipeline and distributed as docker image but if you want to
create the package for the Web Client, then follow the following guide.
gulp dist
This command will execute gulp, gulp crx and gulp xpi
1. Pre-requirements
Follow the steps of the `Install for developers` section
2. Build
To build the Web Client execute the following command:
gulp
This will build the raw web client folder which you can serve with any webserver e.g. nginx
# Install for unit tests
......@@ -177,8 +181,8 @@ For unittest you have some additional dependencies.
karma start ./unittests/karma-chrome.conf.js
if you want to use another browser like firefox you can also use ./unittests/karma-firefox.conf.js instead or for
something more generic ./unittests/karma-generic.conf.js. If you use "generic" point the browser of your choice
if you want to use another browser like firefox you can also use `./unittests/karma-firefox.conf.js` instead or for
something more generic `./unittests/karma-generic.conf.js`. If you use "generic" point the browser of your choice
to the shown url.
or more sexy with gulp:
......@@ -188,7 +192,11 @@ For unittest you have some additional dependencies.
or if you want to watch for changes and run it automatically:
gulp unittestwatch
2. Coverage
The `./unittests/karma-generic.conf.js` config automatically generates an karma coverage report in html format
in `unittests/coverage`
# Generate javascript docs
......@@ -197,19 +205,6 @@ To generate the javascript run the following command
gulp docs
# Debug
### Firefox:
We assume you have jpm and firefox developer edition installed, then you can debug the firefox extension with:
gulp
cd ./password-manager-browser-plugins/build/firefox
jpm run -b "path/to/developer-firefox-edition"
# Documentation
More information about the code, the used cryptography and design concepts can be found in the [Documentation](docu/DOCUMENTATION.md)
......
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'";
}
server {
listen 80;
server_name www.example.com;
return 301 https://$host$request_uri;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'";
}
server {
listen 443 ssl;
server_name example.com;
return 301 https://www.$host$request_uri;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
# Enable this only if you are sure what you are doing :)
# add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'";
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
ssl_dhparam /path/to/dhparam.pem;
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
# Enable this only if you are sure what you are doing :)
# add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
ssl_certificate /path/to/fullchain.pem;
ssl_certificate_key /path/to/privkey.pem;
ssl_dhparam /path/to/dhparam.pem;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'";
root /var/www/html;
location ~ /.well-known {
allow all;
}
location /server {
rewrite ^/server/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#
proxy_pass http://localhost:10100;
# proxy_read_timeout 90;
#
# proxy_redirect http://localhost:10100 https://example.com;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:10101;
proxy_read_timeout 90;
proxy_redirect http://localhost:10101 https://example.com;
}
}
......@@ -220,8 +220,6 @@
var onSuccess = function(data) {
$scope.errors = [];
browserClient.emit("login", null);
browserClient.resize(295);
};
return managerDatastoreUser.activate_token().then(onSuccess, onError);
......@@ -260,10 +258,6 @@
return;
}
if (username.indexOf('@') === -1) {
username = username + '@' + $scope.selected_server_domain;
}
var onError = function(data) {
if (data.error_data === null) {
$scope.errors = ['Server offline.']
......@@ -280,7 +274,8 @@
return next_login_step(required_multifactors);
};
managerDatastoreUser.login(username, password, remember, angular.copy($scope.selected_server)).then(onSuccess, onError);
managerDatastoreUser.login(username, $scope.selected_server_domain, password, remember, angular.copy($scope.selected_server))
.then(onSuccess, onError);
}
}]
);
......
......@@ -160,6 +160,8 @@
*/
function recovery_enable(username, code1, code2, words) {
// TODO refactor this function and put logic into a service
$scope.errors = [];
$scope.msgs = [];
var test_result;
......@@ -175,14 +177,8 @@
}
// Validate now the username
if (username.indexOf('@') === -1){
username = username + '@' + $scope.selected_server_domain;
}
var res = username.split("@");
var username_part = res[0];
test_result = helper.is_valid_username(username_part);
username = helper.form_full_username(username, $scope.selected_server_domain);
test_result = helper.is_valid_username(username);
if (test_result !== true) {
$scope.errors.push(test_result);
return;
......
......@@ -148,14 +148,9 @@
return;
}
if (username.indexOf('@') === -1){
username = username + '@' + $scope.selected_server_domain;
}
var res = username.split("@");
var username_part = res[0];
username = helper.form_full_username(username, $scope.selected_server_domain);
test_result = helper.is_valid_username(username_part);
test_result = helper.is_valid_username(username);
if (test_result !== true) {
$scope.errors.push(test_result);
return;
......
This diff is collapsed.
......@@ -228,6 +228,9 @@
session_password = null;
verification = null;
browserClient.emit("login", null);
browserClient.resize(295);
return {
response:"success"
};
......@@ -331,13 +334,16 @@
* Also handles the validation of the token with the server by solving the cryptographic puzzle
*
* @param {string} username The username to login with
* @param {string} domain The domain which we append if necessary to the username
* @param {string} password The password to login with
* @param {boolean|undefined} remember Remember the username and server
* @param {object} server The server object to send the login request to
*
* @returns {promise} Returns a promise with the login status
*/
var login = function(username, password, remember, server) {
var login = function(username, domain, password, remember, server) {
username = helper.form_full_username(username, domain);
managerBase.delete_local_data();
......
......@@ -70,11 +70,7 @@
if (fields[i].name === "user_search_username") {
if (fields[i].value && fields[i].value.length > 0) {
possible_username = fields[i].value;
if (fields[i].value.indexOf('@') === -1 && selected_server_domain) {
possible_username = possible_username + '@' + selected_server_domain;
}
possible_username = helper.form_full_username(fields[i].value, selected_server_domain);
// Regex obtained from Angular JS
var regexp = /^[a-z0-9!#$%&'*+\/=?^_`{|}~.-]+@[a-z0-9]([a-z0-9-]*[a-z0-9])?(\.[a-z0-9]([a-z0-9-]*[a-z0-9])?)*$/i;
......@@ -114,9 +110,7 @@
}
}
if (search_username.indexOf('@') === -1 && selected_server_domain) {
search_username = search_username + '@' + selected_server_domain;
}
search_username = helper.form_full_username(search_username, selected_server_domain);
var onSuccess = function(data) {
data = data.data;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment