buttercup-core icon indicating copy to clipboard operation
buttercup-core copied to clipboard

Published 20 hours ago verified publisher icon buttercup

Password Expiry

Open xburelle opened this issue 7 years ago • 1 comments

Goal : Verify programmatically or to be alerted if a password need to be changed due to an expiry value.

Suggestions :

  • Each time a password is changed, an attribute (pwdModifiedTime) is set with the current date.
  • What is the date format to use ? Date.now() give UTC timestamp in milliseconds. It can be the format used to store the date and we convert it to the user.
  • The password expiry attribute (pwdExpiry) is set to 0 by default, and has a day value ("30" days for example). 0 means : never expires.
  • A pwdExpiryTime attribute calculates the timestamp from pwdModifiedTime. It can be set in same time of pwdModifiedTime.
  • (Alert : in UI interface, an alert message warns the user)

So, I have some questions :

  • Do we need to add default attributes, maybe with validAttributes functions ?

  • Do we add another attribute pwdExpired with a boolean value, or in the alert part/expiry management we calculate if (pwdExpiryTime - pwdModifiedTime) > pwdExpiryInMilliseconds ?

  • Do we add functions to have expiry management ? Group.hasExpiredPwd() Archive.hasExpiredPwd()

  • Until there is a setting part, each password expiry for an entry has to be set manually.

I'm interested in working on settings too. You certainly planned to do it. And I like to know more about it : Which format is used to store the settings? Where do you store it? In the archive? Which features do you want to it?

xburelle avatar Jun 05 '17 13:06 xburelle

Sorry for replying so late @xWayfarer - This is definitely something we'd like to look into quite soon. It would be beneficial to keep it as simple as possible in terms of scope, so what I'd recommend doing would be:

  • Add pass expiry attribute
  • Add pass modified attribute
  • Use only UTC timestamps ((new Date()).getTime();)

Do we add functions to have expiry management ? Group.hasExpiredPwd() Archive.hasExpiredPwd()

I would suggest not to add anything outside of Entry for now. Perhaps a function could be added to the entry decorators called say findEntriesByExpiredPassword. Entry could perhaps have something like hasExpiredPassword().

Do we need to add default attributes, maybe with validAttributes functions ?

The attribute keys go in the Entry class.

Until there is a setting part, each password expiry for an entry has to be set manually.

This is best for now. Settings can come later.

Which format is used to store the settings? Where do you store it? In the archive? Which features do you want to it?

A very loaded question 😅.. but the settings thing hasn't been decided just yet. It should be something that makes sense and is quite portable between platforms that buttercup runs on. I'm open to discussion, but that should occur here.

perry-mitchell avatar Jul 07 '17 16:07 perry-mitchell