Merge branch 'master' into stable

.github/workflows/build.yml

@@ -52,7 +52,7 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@v1
         with:
-          node-version: '18.14.0'
+          node-version: '18.17.0'
 
       # Npm global packages caching
       - name: Cache global npm modules
@@ -74,7 +74,7 @@ jobs:
           cache-name: cache-node-modules
         with:
           # npm modules cache files are stored in `./node_modules`
-          path: ./node_modules
+          path: ./node_modules'
           key: ${{ runner.os }}-build-cache-v1-${{ hashFiles('**/package-lock.json') }}
           restore-keys: |
             ${{ runner.os }}-build-cache-v1-${{ hashFiles('**/package-lock.json') }}

README.md

@@ -1,3 +1,4 @@
+
 ![logo](https://raw.githubusercontent.com/puzzle/cryptopus/57f8ad8de410e4a0ba16227620727787f22c7d1c/frontend/public/assets/images/cryptopussy.svg)
 
 [![Cryptopus CI build](https://github.com/puzzle/cryptopus/actions/workflows/build.yml/badge.svg)](https://github.com/puzzle/cryptopus/actions/workflows/build.yml)
@@ -12,9 +13,39 @@ Cryptopus combines symmetric and asymmetric encryption.
 
 Learn more about Cryptopus on our [wiki](https://github.com/puzzle/cryptopus/wiki) page.
 
-# Getting started
+![Cryptogif](https://github.com/puzzle/cryptopus/assets/88040929/64d10f03-b2b4-4dc8-9153-ab01d38c0947)
+
+# Key Features
+### Credential management
+- Cryptopus lets you store your credentials with options for userame, email, password, pin, token or
+  a custom attribute.
+- To generate your password for a new account we provide you with a built-in password generator with
+  customizable option like length or use of special characters.
+- Since we want to increase the awarness to cyber security we ship our password generator with a
+  evaluation system which evaluates your password and tells you how secure it is.
+- Last but not least we enable standard copy actions for an efficient login.
+
+### Sharing
+- With our transfer algorithm we support sharing passwords with other users or teams.
+- Similar to our credential sharing service it is possible to share files with other members or
+  even add them to a credential if necessary.
+
+### OpenID Connect
+- With Version > 3.6 Cryptopus supports Single-Sign-On (SSO) with OpenID Connect / Keycloak for
+  simple logins => fast, easy, secure!
+
+### Translations
+- As one of the only cryptographic tools on the market, we now provide translations for Swissgerman
+  which follows the implementation of German, French and English
+
+### Support
+- With one of the most known and most prestigious projects we assure you that this
+  project will never run out of support.
+- New features and updates are going to be implemented and published in this repository, so
+  stay in touch!
+
+# Getting involved
 
-## System requirements 👩🏽‍💻
 Development instructions [here][setup]. 
 
 [setup]: https://github.com/puzzle/cryptopus/wiki/Development
@@ -44,19 +75,6 @@ or FITNESS FOR A PARTICULAR PURPOSE.
 
 See the License for more details.
 
-# License
-
-This program is free software: you can redistribute it and/or modify it
-under the terms of the GNU Affero General Public License as published by
-the Free Software Foundation, either version 3 of the License, or (at
-your option) any later version.
-
-You should have received a copy of the GNU Affero General Public License
-along with this program. If not, see
-[licenses](http://www.gnu.org/licenses/).
-
-Copyright (c) 2008-2022, Puzzle ITC GmbH.
-
 # Contact Information
 
 Cryptopus was made by the guys at Puzzle ITC. Please go to

VERSION

@@ -1 +1 @@
-5.2
+5.3

app/controllers/api/encryptables_controller.rb

@@ -2,7 +2,7 @@
 
 class Api::EncryptablesController < ApiController
 
-  self.permitted_attrs = [:name, :description, :file]
+  self.permitted_attrs = [:name, :description, :file, :folder_id]
 
   helper_method :team
 
@@ -68,7 +68,7 @@ def model_class
   end
 
   def define_model_class
-    if credential_id.present?
+    if credential_id.present? || params[:folder_id].present?
       Encryptable::File
     else
       Encryptable::Credentials
@@ -81,10 +81,14 @@ def build_entry
     super
   end
 
-  def file_credential
+  def credential
     Encryptable::Credentials.find(credential_id)
   end
 
+  def folder
+    Folder.find(params[:folder_id])
+  end
+
   def fetch_entry
     model_scope.find(entry_id)
   end
@@ -126,10 +130,10 @@ def permitted_attrs
     permitted_attrs = self.class.permitted_attrs.deep_dup
 
     if model_class == Encryptable::File
-      permitted_attrs + [:filename, :credentials_id, :file]
+      permitted_attrs + [:filename, :credentials_id]
     elsif model_class == Encryptable::Credentials
       permitted_attrs + [:cleartext_username, :cleartext_password, :cleartext_token,
-                         :cleartext_pin, :cleartext_email, :folder_id,
+                         :cleartext_pin, :cleartext_email,
                          :cleartext_custom_attr, :cleartext_custom_attr_label]
     else
       []
@@ -165,23 +169,18 @@ def fetch_encryptable_files
   def build_encryptable_file
     filename = params[:file].original_filename
 
-    file = new_file(file_credential, params[:description], filename)
+    file = Encryptable::File.new(description: params[:description], name: filename)
+    file.encryptable_credential = credential if credential_id.present?
+    file.folder = folder if credential_id.blank?
     file.content_type = params[:file].content_type
     file.cleartext_file = params[:file].read
-
     instance_variable_set(:"@#{ivar_name}", file)
   end
 
-  def new_file(parent_encryptable, description, name)
-    Encryptable::File.new(encryptable_credential: parent_encryptable,
-                          description: description,
-                          name: name)
-  end
-
   def credential_id
     return params[:id] if params[:id].present?
 
-    params[:credential_id]
+    nil_param?(params[:credential_id])
   end
 
   def encrypt(encryptable)

app/controllers/api/env_settings_controller.rb

@@ -32,7 +32,7 @@ def index
   private
 
   def last_login_message
-    Flash::LastLoginMessage.new(session).message
+    # Flash::LastLoginMessage.new(session).message
   end
 
   def fallback_info

app/controllers/concerns/param_converters.rb

@@ -7,4 +7,8 @@ module ParamConverters
   def true?(value)
     %w[1 yes true].include?(value.to_s.downcase)
   end
+
+  def nil_param?(value)
+    value == 'null' ? nil : value
+  end
 end

app/models/encryptable/file.rb

@@ -10,6 +10,7 @@ class Encryptable::File < Encryptable
              foreign_key: :credential_id
 
   validates :name, uniqueness: { scope: :credential_id }, if: :credential_id
+  validates :name, uniqueness: { scope: :folder_id }, if: :folder_id
 
   validate :file_size, on: [:create, :update]
 

app/serializers/encryptable/file_serializer.rb

@@ -1,11 +1,7 @@
 # frozen_string_literal: true
 
-class Encryptable::FileSerializer < ApplicationSerializer
-  attributes :id, :name, :description, :sender_name
+class Encryptable::FileSerializer < EncryptableSerializer
+  attributes :id, :name, :description, :sender_name, :created_at
 
-  def sender_name
-    object.sender&.label
-  end
-
-  belongs_to :encryptable_credential
+  belongs_to :encryptable_credential, if: -> { object.encryptable_credential.present? }
 end

app/serializers/folder_serializer.rb

@@ -20,16 +20,9 @@
 class FolderSerializer < ActiveModel::Serializer
   attributes :id, :name, :description, :unread_transferred_count
 
-  has_many :encryptables, serializer: EncryptableMinimalSerializer do
-    if object.personal_inbox?
-      object.encryptables.order('created_at DESC')
-    else
-      object.encryptables.order(:name)
-    end
-  end
+  has_many :encryptables, serializer: EncryptableMinimalSerializer
 
   def unread_transferred_count
     object.personal_inbox? ? object.unread_count_transferred_encryptables : nil
   end
-
 end

bin/frontend-tests.sh

@@ -14,9 +14,9 @@ rc=$?; if [[ $rc != 0 ]]; then exit $rc; fi
 
 cd frontend
 if [[ $SERVER == true ]]; then
-  export NODE_OPTIONS=--openssl-legacy-provider && ember test --server
+  ember test --server
 else
-  export NODE_OPTIONS=--openssl-legacy-provider && yarn test
+  ember test
 fi
 rc=$?
 cd ..

bin/prepare-frontend.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
-export NODE_OPTIONS=--openssl-legacy-provider && yarn --cwd frontend/ install
-export NODE_OPTIONS=--openssl-legacy-provider && yarn --cwd frontend/ build-prod
+yarn --cwd frontend/ install
+yarn --cwd frontend/ build-prod
 rm public/frontend-index.html
 rsync --ignore-existing -r frontend/dist/* public/
 mv public/{index,frontend-index}.html

config/docker/development/Ember.dockerfile

@@ -1,4 +1,4 @@
-FROM danlynn/ember-cli:4.8.0-node_18.12
+FROM danlynn/ember-cli:5.2.1-node_18.17
 
 RUN chown 1000:1000 /myapp
 

config/initializers/content_security_policy.rb

@@ -14,8 +14,10 @@
   # :unsafe_eval, allows execution of eval statements
   # :unsafe_inline, allows inline resources usage
 
-  policy.default_src :none
-  policy.font_src    :self
+  policy.default_src :none unless Rails.env.development?
+  policy.font_src    :self, "http://localhost:4200/text-security-disc-compat.eot?#iefix",
+                            "http://localhost:4200/text-security-disc.woff2",
+                            "http://localhost:4200/text-security-disc-compat.ttf"
   policy.img_src     :self
   policy.connect_src :self, 'https://sentry.puzzle.ch'
 

config/initializers/scrub_logs.rb

@@ -0,0 +1,16 @@
+module ActiveSupport
+  module TaggedLogging
+    module Formatter
+      # Hide Encryptable#encrypted_data column from SQL queries because it's huge.
+      def scrub_encrypted_data_source(input)
+        input.gsub(/\["encrypted_data", ".*, \["/, '["encrypted_data", "REDACTED"], ["')
+      end
+
+      alias orig_call call
+
+      def call(severity, timestamp, progname, msg)
+        orig_call(severity, timestamp, progname, scrub_encrypted_data_source(msg))
+      end
+    end
+  end
+end

config/locales/ch_be.yml

@@ -97,7 +97,7 @@ ch_be:
         encryptable/file:
           attributes:
             name:
-              taken: Datei isch schomau ufägladä wordä
+              taken: Dateiname isch schomau verwändet worde
 
   #Pundit
   pundit:

config/locales/de.yml

@@ -97,7 +97,7 @@ de:
         encryptable/file:
           attributes:
             name:
-              taken: Datei ist schon hochgeladen worden
+              taken: Dateiname wurde bereits verwendet
 
   #Pundit
   pundit:

config/locales/en.yml

@@ -97,7 +97,7 @@ en:
         encryptable/file:
           attributes:
             name:
-              taken: File has already been taken
+              taken: File name has already been taken
 
   #Pundit
   pundit:

config/locales/fr.yml

@@ -97,7 +97,7 @@ fr:
         encryptable/file:
           attributes:
             name:
-              taken: Le fichier a déjà été pris
+              taken: Le nom du fichier a déjà été utilisé
 
  #Pundit
   pundit:

docker-compose.yml

@@ -32,14 +32,13 @@ services:
       - ./frontend:/myapp
       - ./tmp/bash_history:/root/.bash_history
       - yarn_cache:/myapp/node_modules
+      - ./frontend/tmp:/tmp
     tmpfs:
       - /myapp/tmp
     ports:
       - "4200:4200"
       - "7020:7020"
       - "7357:7357"
-    environment:
-      - NODE_OPTIONS=--openssl-legacy-provider
 volumes:
   bundler_cache:
   yarn_cache:

frontend/app/components/admin/user/table.js

@@ -16,7 +16,6 @@ export default class AdminUsersTable extends Component {
 
     if (this.args.users) {
       this.users = this.args.users
-        .toArray()
         .filter((user) => {
           return !user.isDeleted;
         })

frontend/app/components/admin/users.js

@@ -17,7 +17,7 @@ export default class UsersComponent extends Component {
     super(...arguments);
 
     if (this.args.unlockedUsers)
-      this.unlockedUsers = this.args.unlockedUsers.toArray();
+      this.unlockedUsers = this.args.unlockedUsers.slice();
   }
 
   @action