sysPass icon indicating copy to clipboard operation
sysPass copied to clipboard

Published 20 hours ago verified publisher icon nuxsmin

Expose tags-account data via API

Open symcbean opened this issue 3 years ago • 0 comments

Is your feature request related to a problem? Please describe. I require the ability to verify and rotate passwords. This depends on a lot of meta-data which can be stored using the tag mechanism, but needs to be surfaced in the API. Although tags are visible in the API as documented for version 3.1 (I'm now using 3.2.2) there appears to be no way of resolving these to the accounts they are linked to.

Describe the solution you'd like account/search and/or account/view should expose the linked tags (specifically the name attribute) as properties of the account object.

Describe alternatives you've considered My options were to implement a parallel database, or bypass the API and access the Syspass database directly. Instead I was able to implement this hack (below) in mysql which surfaces the data but not properly encoded. this does not solve the problem of injecting data back into Syspass (e.g. for tagging invalid passwords, accounts belonging to offline hosts, etc):

RENAME TABLE account_search_v TO dist_account_search_v;

CREATE
 SQL SECURITY DEFINER
 VIEW `account_search_v`
 AS
 SELECT `Account`.`id` AS `id`,`Account`.`clientId` AS `clientId`,`Account`.`categoryId` AS `categoryId`
 ,`Account`.`name` AS `name`,`Account`.`login` AS `login`,`Account`.`url` AS `url`
 ,`Account`.`notes` AS `notes`,`Account`.`userId` AS `userId`,`Account`.`userGroupId` AS `userGroupId`
 ,`Account`.`otherUserEdit` AS `otherUserEdit`,`Account`.`otherUserGroupEdit` AS `otherUserGroupEdit`
 ,`Account`.`isPrivate` AS `isPrivate`,`Account`.`isPrivateGroup` AS `isPrivateGroup`,`Account`.`passDate` AS `passDate`,`Account`.`passDateChange` AS `passDateChange`,`Account`.`parentId` AS `parentId`
 ,`Account`.`countView` AS `countView`,`Account`.`dateEdit` AS `dateEdit`,`User`.`name` AS `userName`
 ,`User`.`login` AS `userLogin`,`UserGroup`.`name` AS `userGroupName`,`Category`.`name` AS `categoryName`
 ,`Client`.`name` AS `clientName`
 ,(select count(0)
from `AccountFile`
where (`AccountFile`.`accountId` = `Account`.`id`)
) AS `num_files`
 ,`PublicLink`.`hash` AS `publicLinkHash`,`PublicLink`.`dateExpire` AS `publicLinkDateExpire`
 ,`PublicLink`.`totalCountViews` AS `publicLinkTotalCountViews`
 , (SELECT GROUP_CONCAT(REPLACE(Tag.name, ',',';'))
FROM AccountToTag
JOIN Tag
ON AccountToTag.tagId=Tag.id
WHERE Account.id=AccountToTag.accountId) AS multiTag
 FROM (((((
       `Account` join `Category`
          ON ((`Account`.`categoryId` = `Category`.`id`)))
     JOIN `Client`
          ON ((`Client`.`id` = `Account`.`clientId`)))
  JOIN `User`
       ON ((`Account`.`userId` = `User`.`id`)))
 JOIN `UserGroup`
       on((`Account`.`userGroupId` = `UserGroup`.`id`)))
LEFT JOIN `PublicLink`
 ON ((`Account`.`id` = `PublicLink`.`itemId`)))
;

The addition here is.....

(SELECT GROUP_CONCAT(REPLACE(Tag.name, ',',';'))
FROM AccountToTag
JOIN Tag
ON AccountToTag.tagId=Tag.id
WHERE Account.id=AccountToTag.accountId) AS multiTag

(although current versions of MySQL support the JSON_ARRAYAGG() function which affregates data similarly to GROUP_CONCAT() but with JSON encoding, 1) this is not available in the MySQL versions I am currently running and 2) there would stil be the minor issue of JSON embedded inside JSON)

Additional context Add any other context or screenshots about the feature request here.

symcbean avatar Jul 07 '21 22:07 symcbean