Make search case-insensitive

- Improve documentation

README.md

@@ -97,12 +97,12 @@ To get help on the available commands:
 
 ```bash
 $  passlane -h
-A password manager for the command line
+A password manager using Keepass as the storage backend.
 
 Usage: passlane [COMMAND]
 
 Commands:
-  add     Adds an item to the vault. Without arguments adds a new credential, use -p to add a payment card.
+  add     Adds an item to the vault. Without arguments adds a new credential, use -p to add a payment card and -n to add a secure note.
   csv     Imports credentials from a CSV file.
   delete  Deletes one or more entries.
   show    Shows one or more entries.
@@ -215,9 +215,58 @@ passlane show -n
 
 ### Authenticator functionality
 
-[//]: # (TODO)
+By default, Passlane stores the Timed One Time Passwords in a file named `totp.json` in the `~/.passlane/` directory.
+You can change the location by storing the file path in a text file called `.totp_vault_path` in the `~/.passlane/` directory.
+**We recommend that you store the file in a separate location that is different from the main vault file.** This way
+you gain the benefit of two-factor authentication. You don't want to store these eggs in the same basket.
 
-### Migrating from 1Password, LastPass, Dashlane etc.
+Here is an example where teh totp vault file is stored in Dropbox:
+
+```bash
+➜  .passlane cat .totp_vault_path                                                                             ~/.passlane
+/Users/anssi/Dropbox/stuff/totp.kdbx        
+```
+
+The TOTP vault has a separate master password that you need to enter when you access the one time passwords. 
+You can also store the master password in your computer's keychain to avoid typing it every time. Use 
+the unlock command with the `-o` option for this purpose.
+
+```bash
+passlane unlock -o
+```
+
+To add a new one time password authentication entry:
+
+```bash
+passlane add -o
+```
+
+Use -o to show the one time passwords. Following lists all OTP entries in the vault:
+
+```bash
+passlane show -o
+```
+
+To look up by name of the issuer, use the following command:
+
+```bash
+passlane show -o heroku
+```
+the output will be:
+
+```bash
+Unlocking TOTP vault...
+Found 1 matching OTP authorizers:
+
+Code 447091 (also copied to clipboard). Press q to exit.
+Next code in 23 seconds
+.......................
+.......................
+Code 942344 (also copied to clipboard). Press q to exit.
+Next code in 30 seconds
+..............................
+...
+```
 
 You can import credentials from a CSV file. With this approach, you can easily migrate from less elegant and often expensive commercial services.
 
@@ -273,8 +322,8 @@ You can change the location by storing the file path in a text file called `.vau
 For example, this shows how John has stored the path `/Users/john/Dropbox/Stuff/store.kdbx` to the `.vault_path` file:
 
 ```bash
-➜  ~ cat ~/.passlane/.vault_path                                                                                      ~
-/Users/john/Dropbox/Stuff/store.kdbx%   
+➜  ~ cat ~/.passlane/.vault_path
+/Users/john/Dropbox/Stuff/store.kdbx
 ```
 
 ## Other Keepass compatible applications

SECURITY.md

@@ -0,0 +1,13 @@
+# Security Policy
+
+Passlane is free software and is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software.
+
+## Supported Versions
+
+Only the current major version will receive security updates.
+
+## Reporting a Vulnerability
+
+Please use the GitHub private vulnerability reporting features to report vulnerability. See the [GitHub docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability) for more details.
+
+Since keepass-rs is a volunteer project, vulnerabilities will be addressed on a best effort basis, with no guarantees made on timelines to resolution.

src/actions/show.rs

@@ -259,7 +259,7 @@ impl UnlockingAction for ShowAction {
                 handle_matches(vault.find_notes(), &mut Box::new(ShowNotesTemplate { verbose: self.verbose }))?;
             }
             ItemType::Totp => {
-                handle_matches(vault.find_totp(None), &mut Box::new(ShowTotpTemplate))?;
+                handle_matches(vault.find_totp(self.grep.as_deref()), &mut Box::new(ShowTotpTemplate))?;
             }
         }
         Ok("bye".to_string())

src/store.rs

@@ -111,7 +111,7 @@ fn resolve_vault_path(default_filename: &str, path_config_filename: &str) -> Str
     let default_path = dir_path().join(default_filename).to_str().unwrap().to_string();
     let path = dir_path().join(path_config_filename);
     if path.exists() {
-        return read_from_file(&path).unwrap_or(default_path);
+        return read_from_file(&path).unwrap_or(default_path).trim().to_string();
     }
     default_path
 }

src/vault/keepass_vault.rs

@@ -128,7 +128,7 @@ impl KeepassVault {
             .map(Self::node_to_credential)
             .filter(|cred| {
                 if let Some(grep) = &grep {
-                    if !cred.username.contains(grep) && !cred.service.contains(grep) {
+                    if !cred.username.to_lowercase().contains(&grep.to_lowercase()) && !cred.service.to_lowercase().contains(&grep.to_lowercase()) {
                         return false;
                     }
                 }
@@ -144,7 +144,7 @@ impl KeepassVault {
             .map(Self::node_to_totp)
             .filter(|totp| {
                 if let Some(grep) = &grep {
-                    if !totp.label.contains(grep) && !totp.issuer.contains(grep) {
+                    if !totp.label.to_lowercase().contains(&grep.to_lowercase()) && !totp.issuer.to_lowercase().contains(&grep.to_lowercase()) {
                         return false;
                     }
                 }