From 0eec54eca33e45ffafb81815e4eddd407106e079 Mon Sep 17 00:00:00 2001 From: Anssi Piirainen Date: Tue, 14 May 2024 20:40:34 +0300 Subject: [PATCH] Make search case-insensitive - Improve documentation --- README.md | 61 ++++++++++++++++++++++++++++++++++---- SECURITY.md | 13 ++++++++ src/actions/show.rs | 2 +- src/store.rs | 2 +- src/vault/keepass_vault.rs | 4 +-- 5 files changed, 72 insertions(+), 10 deletions(-) create mode 100644 SECURITY.md diff --git a/README.md b/README.md index c700b02..ef8b251 100644 --- a/README.md +++ b/README.md @@ -97,12 +97,12 @@ To get help on the available commands: ```bash $ passlane -h -A password manager for the command line +A password manager using Keepass as the storage backend. Usage: passlane [COMMAND] Commands: - add Adds an item to the vault. Without arguments adds a new credential, use -p to add a payment card. + add Adds an item to the vault. Without arguments adds a new credential, use -p to add a payment card and -n to add a secure note. csv Imports credentials from a CSV file. delete Deletes one or more entries. show Shows one or more entries. @@ -215,9 +215,58 @@ passlane show -n ### Authenticator functionality -[//]: # (TODO) +By default, Passlane stores the Timed One Time Passwords in a file named `totp.json` in the `~/.passlane/` directory. +You can change the location by storing the file path in a text file called `.totp_vault_path` in the `~/.passlane/` directory. +**We recommend that you store the file in a separate location that is different from the main vault file.** This way +you gain the benefit of two-factor authentication. You don't want to store these eggs in the same basket. -### Migrating from 1Password, LastPass, Dashlane etc. +Here is an example where teh totp vault file is stored in Dropbox: + +```bash +➜ .passlane cat .totp_vault_path ~/.passlane +/Users/anssi/Dropbox/stuff/totp.kdbx +``` + +The TOTP vault has a separate master password that you need to enter when you access the one time passwords. +You can also store the master password in your computer's keychain to avoid typing it every time. Use +the unlock command with the `-o` option for this purpose. + +```bash +passlane unlock -o +``` + +To add a new one time password authentication entry: + +```bash +passlane add -o +``` + +Use -o to show the one time passwords. Following lists all OTP entries in the vault: + +```bash +passlane show -o +``` + +To look up by name of the issuer, use the following command: + +```bash +passlane show -o heroku +``` +the output will be: + +```bash +Unlocking TOTP vault... +Found 1 matching OTP authorizers: + +Code 447091 (also copied to clipboard). Press q to exit. +Next code in 23 seconds +....................... +....................... +Code 942344 (also copied to clipboard). Press q to exit. +Next code in 30 seconds +.............................. +... +``` You can import credentials from a CSV file. With this approach, you can easily migrate from less elegant and often expensive commercial services. @@ -273,8 +322,8 @@ You can change the location by storing the file path in a text file called `.vau For example, this shows how John has stored the path `/Users/john/Dropbox/Stuff/store.kdbx` to the `.vault_path` file: ```bash -➜ ~ cat ~/.passlane/.vault_path ~ -/Users/john/Dropbox/Stuff/store.kdbx% +➜ ~ cat ~/.passlane/.vault_path +/Users/john/Dropbox/Stuff/store.kdbx ``` ## Other Keepass compatible applications diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..090dc6a --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,13 @@ +# Security Policy + +Passlane is free software and is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software. + +## Supported Versions + +Only the current major version will receive security updates. + +## Reporting a Vulnerability + +Please use the GitHub private vulnerability reporting features to report vulnerability. See the [GitHub docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability) for more details. + +Since keepass-rs is a volunteer project, vulnerabilities will be addressed on a best effort basis, with no guarantees made on timelines to resolution. diff --git a/src/actions/show.rs b/src/actions/show.rs index 71240db..c1a88b5 100644 --- a/src/actions/show.rs +++ b/src/actions/show.rs @@ -259,7 +259,7 @@ impl UnlockingAction for ShowAction { handle_matches(vault.find_notes(), &mut Box::new(ShowNotesTemplate { verbose: self.verbose }))?; } ItemType::Totp => { - handle_matches(vault.find_totp(None), &mut Box::new(ShowTotpTemplate))?; + handle_matches(vault.find_totp(self.grep.as_deref()), &mut Box::new(ShowTotpTemplate))?; } } Ok("bye".to_string()) diff --git a/src/store.rs b/src/store.rs index 97ba819..599ee33 100644 --- a/src/store.rs +++ b/src/store.rs @@ -111,7 +111,7 @@ fn resolve_vault_path(default_filename: &str, path_config_filename: &str) -> Str let default_path = dir_path().join(default_filename).to_str().unwrap().to_string(); let path = dir_path().join(path_config_filename); if path.exists() { - return read_from_file(&path).unwrap_or(default_path); + return read_from_file(&path).unwrap_or(default_path).trim().to_string(); } default_path } diff --git a/src/vault/keepass_vault.rs b/src/vault/keepass_vault.rs index 74f4778..34dfbef 100644 --- a/src/vault/keepass_vault.rs +++ b/src/vault/keepass_vault.rs @@ -128,7 +128,7 @@ impl KeepassVault { .map(Self::node_to_credential) .filter(|cred| { if let Some(grep) = &grep { - if !cred.username.contains(grep) && !cred.service.contains(grep) { + if !cred.username.to_lowercase().contains(&grep.to_lowercase()) && !cred.service.to_lowercase().contains(&grep.to_lowercase()) { return false; } } @@ -144,7 +144,7 @@ impl KeepassVault { .map(Self::node_to_totp) .filter(|totp| { if let Some(grep) = &grep { - if !totp.label.contains(grep) && !totp.issuer.contains(grep) { + if !totp.label.to_lowercase().contains(&grep.to_lowercase()) && !totp.issuer.to_lowercase().contains(&grep.to_lowercase()) { return false; } }