passman
passman copied to clipboard
nextcloud
Credetials created through api are not visible by passman front-end / extension
Bug report
Steps to reproduce
- add credential through api
- login into vault
- see "An error occurred during decryption" error
Expected behaviour
Once a credentials are created through api those credentials should will be visible in passman app / extension
Actual behaviour
Once created through api those credentials are not visible in browser extension neither in passman app (here once entered into some vault with credentials created through api we will experiencing a message during credentials enryption such as "An error occurred during decryption") from here https://github.com/nextcloud/passman/blob/master/js/app/controllers/credential.js#L78
Configuration
Operating system: any
Browser: any browser
Extensions that might cause interference:
Passman version: latest
Operating system: any
Web server:
Database:
PHP version: 7.x
cloud server: Nextcloud
cloud version: 15.x
An example of json for creating new vault credential
{
'vault_id': 1,
'label': 'label',
'username': 'encrypted',
'password': 'encrypted',,
'hidden': false
}
NB: If i call https://github.com/nextcloud/passman/blob/master/docs/api.md#get-vault-get i see correctly the previous created credentials through api
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
It should work, since that's the very exact api the web interface is using to comunicate with the server.
Please, make sure you are using the exact same format and encryption keys and algorythm that the client expects.
Also check if you've got any console errors.
I guess you've already noticed but the base64 encrypted data is actually a json carrying some extra information needed for decrypting the details.
Hope you get your thing working!
The data I post are exactly the same as those generated by passman web app, even if i post the minimal json ie
{"vault_id":1,"label":"twitter"}
I have the same issue.
de facto after I have created some credentials i can't display them in passman app but if I gather it by passman api as desribed in the first post it works because i'm able to decrypt all data in the same way passman'app is doing....
P.S
I guess you've already noticed but the base64 encrypted data is actually a json carrying some extra information needed for decrypting the details.
In fact once the encoded string is decode with base64 it contains a json object which describes the algorithm on how the data was previously encrypted
sadly i lack some knowledge in general. But as far as i could test and confirm, When using just simple curl to make an api call with the minimal requirements (vault id,label) i do receive a decryption error when opening my vault via the web interface. When using the API to query all the credentials i do receive the one created with the API call.
But what i do notice is that all the other fields that should be encrypted are empty (makes sense to me) but a credential without any data created via the webinterface did contain encrypted data in all of the encrypted fields.
Sadly from here i do lack the knowledge to create a proper call to the API, with all the fields in it, encrypted the right way to see if that would make a difference.
