Gestor de Contraseñas basado en Laravel 8 + PHP 8 + MySQL 8. Self-hosted Password Manager based on Laravel 8 + PHP 8 + MySQL 8.

Hi Eusonlito,

Thank you first of all for all your assistance so far. I'm trying to run this on https using nginx proxy manager. As soon I enable the proxy route from http to https I'm getting CSS/JS issues. Can someone assist in this regard.

Screenshot below:

Suggesting another greeatly missing feature : Attaching files to any App type.

Originally posted by @wangee in https://github.com/eusonlito/Password-Manager/discussions/39#discussioncomment-4244161

Hello,

I strictly followed the install guide, and after browsing to 'http://vault.domain.com/user/auth', I got an error 404 "Not Found"

I tried installing Password-Manager on Debian 11 and Alma 9 and same behaviour happens.

.env file ` APP_NAME="Password Manager" APP_ENV=production APP_KEY=base64:SOME_KEY APP_DEBUG=false APP_URL=http://localhost

APP_LOCALE=en

ASSET_URL=http://localhost

DEBUGBAR_ENABLED=false

AUTH_CHECK_ALLOWED=4 AUTH_CHECK_TIME=60 AUTH_LOCK_TIME=60 AUTH_TFA_ENABLED=true AUTH_CERTIFICATE_ENABLED=true AUTH_API_SECRET_ENABLED=true

AUTH_COUNTRY_ENABLED=false AUTH_COUNTRY_ALLOWED= AUTH_COUNTRY_IP_WHITELIST=127.0.0.1

LOG_CHANNEL=stack LOG_REQUEST=false LOG_DATABASE=false LOG_MAIL=true LOG_CURL=false LOG_DAYS=30

DB_CONNECTION=mysql DB_SOCKET=/var/lib/mysql/mysql.sock DB_DATABASE=passwordmanager DB_USERNAME=passwordmanager DB_PASSWORD=some_password DB_LOG=false

MAIL_MAILER=smtp MAIL_HOST=smtp.mailtrap.io MAIL_PORT=2525 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null MAIL_FROM_ADDRESS=null MAIL_FROM_NAME="${APP_NAME}" MAIL_CONTACT_ADDRESS=

CACHE_ENABLED=true CACHE_DRIVER=file CACHE_PREFIX=password-manager-cache- CACHE_VERSION=1 CACHE_TTL=3600

SESSION_DRIVER=cookie SESSION_LIFETIME=45000 SESSION_COOKIE=password-manager SESSION_ENCRYPT=false

SENTRY_DSN= SENTRY_TRACES_SAMPLE_RATE=0.0 `

apache.conf file ServerRoot "/etc/httpd" Listen 80 Include conf.modules.d/*.conf User apache Group apache ServerAdmin root@localhost DocumentRoot "/home/Password-Manager/public" <Directory "/home/Password-Manager/public"> AllowOverride None Require all granted </Directory> <Directory "/home/Password-Manager/public"> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory> <IfModule dir_module> DirectoryIndex index.html </IfModule> <Files ".ht*"> Require all denied </Files> ErrorLog "logs/error_log" LogLevel warn <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "logs/access_log" combined </IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" </IfModule> <Directory "/var/www/cgi-bin"> AllowOverride None Options None Require all granted </Directory> <IfModule mime_module> TypesConfig /etc/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType text/html .shtml AddOutputFilter INCLUDES .shtml </IfModule> AddDefaultCharset UTF-8 <IfModule mime_magic_module> MIMEMagicFile conf/magic </IfModule> EnableSendfile on IncludeOptional conf.d/*.conf

Any help would be appreciated.

This pull request includes changes from your build using the "Shift Workbench".

Before merging, you need to:

• Checkout the shift-build-1775 branch
• Review all comments for additional changes
• Thoroughly test your application

Don't hesitate to send your feedback to [email protected] or share your :heart: for Shift on Twitter.

buenas

desde hace unos días no puedo conectar usando 2FA, me dice siempre que el código es incorrecto

he tenido que acceder a la base de datos y desactivarlo por query:

update user set tfa_enabled = '0' where id = 1;

ha estado funcionado bien durante meses, y desde hace unos días no funciona

alguna explicación?

Hello,

sorry to bother you :-( This seems not to be a hard issue (for me) but i don't understand it yet.

I've done the following:

1. create a new user as admin
2. login as the new user
3. scan the barcode in google autheticator as the new user
4. enter the current password, check "enable 2fa" and click save
5. the app asks for the google authenticator code
6. the new user enters the code and the app says: Successfully updated settings".
7. open the login page and try to login as the new user by providing username & password. That produces the following error:

It seems that the reason for that behavior is, that after a user enables 2fa the field "password_enabled" in table "users" is set to "0". After i set that manually in the table to 1, a normal login with 2fa is possible again.

Best wishes Sascha

I noticed that in /var/www/html/ there is no routes folder

I configured apache to access access /var/www/html/public

i am acessing this route: http://passman.dchost.com.br/user/auth and show not found

/var/log/apache/error.log

[Mon Apr 04 16:47:28.762233 2022] [core:notice] [pid 13000] AH00094: Command line: '/usr/sbin/apache2'
[Mon Apr 04 16:47:31.620450 2022] [proxy_fcgi:error] [pid 13003] [client 10.158.0.3:52647] AH01071: Got error 'PHP message: PHP Warning:  require(/var/www/html/public/../vendor/autoload.php): Failed to open stream: No such file or directory in /var/www/html/public/index.php on line 24PHP message: PHP Fatal error:  Uncaught Error: Failed opening required '/var/www/html/public/../vendor/autoload.php' (include_path='.:/usr/share/php') in /var/www/html/public/index.php:24\nStack trace:\n#0 {main}\n  thrown in /var/www/html/public/index.php on line 24'
[Mon Apr 04 16:47:32.956765 2022] [proxy_fcgi:error] [pid 13006] [client 10.158.0.3:52648] AH01071: Got error 'PHP message: PHP Warning:  require(/var/www/html/public/../vendor/autoload.php): Failed to open stream: No such file or directory in /var/www/html/public/index.php on line 24PHP message: PHP Fatal error:  Uncaught Error: Failed opening required '/var/www/html/public/../vendor/autoload.php' (include_path='.:/usr/share/php') in /var/www/html/public/index.php:24\nStack trace:\n#0 {main}\n  thrown in /var/www/html/public/index.php on line 24'

Hello,

Currently trying to install password manager on a fresh ubuntu installation. I am now having a problem with the 'php artisan migrate' command:

In Connection.php line 703:

SQLSTATE[HY000] [1045] Access denied for user 'dbuser'@'localhost' (using password: YES) (SQL: select * from information_schema.tables where table_schema = and table_name = migrations and table_type = 'BASE TABLE')

The SQL command is using the database name in the table_schema section. Also, it looks like the database is still empty (i do not know if that should have happened already)

Many thanks for your help!

Hello,

i've followed your installation guide. But when i open the startpage i get the following error:

405 : Method Not Allowed

In the log folder ist no file created, so i don't know how to see any logfile?

I hope you can help here.

Additional Info: when i enter the url including index.php, it's working. But my url is looking like that: https://mydomain.com/passmgr/index.php/user/profile (for ex.).

I am sure that is not the way it shoul be...

Additional Infos: I've enable debug mode and regenrated the cache. Now i can provide the following infomations:

Best whishes Sascha

When I open the applications list page, this error pops up. I reset permissions for the directory but still, it isn't working. any help?

Laravel-Packer issue maybe?

composer install --no-dev --optimize-autoloader --classmap-authoritative --ansi
Generating optimized autoload files
composer/package-versions-deprecated: Generating version class...
composer/package-versions-deprecated: ...done generating version class
> Illuminate\Foundation\ComposerScripts::postAutoloadDump
> @php artisan package:discover --ansi

In App.php line 27:

  Undefined constant "App\Providers\LC_MESSAGES"


Script @php artisan package:discover --ansi handling the post-autoload-dump event returned with error code 1
Script @composer dump-autoload handling the pre-install-cmd event returned with error code 1

• [x] Tags can be created but not deleted. It should be possible to delete tags, eventually with a check that allows the deletion only when they're not associated to any app.
• [x] Tags list could be improved with a link to the Applications list filtered by the given tag.

An option to hide an Application from users is useful in enterprise context.
This could be accomplished via a flag (Hide/Unhide), via a soft-delete/trashbin feature, or via an Archive flag.

Hello @eusonlito , i'm writing a Keepass XML importer as a command. I'm not a Laravel expert , so i have some trouble persisting the entities. For each item, i create an instance of the appropriate type. But then, I don't know how to persist these in the DB, maybe you can give me a clue ?

foreach ($validEntries as $entry) {
    $className = '\\' . $entry->type;
    /** @var TypeAbstract $entity */
    $entity       = new $className($entry->getPayload());
    
    // .. and now ?
}

// $className can be, for example, \App\Domains\App\Service\Type\Format\SSH
// $entry->getPayload() returns an array with the appropriate payload for each Type.

I was wondering if it is possible to make some sort of upload function in for examble csv format to import passwords. It is quite intense to add current passwords manually in.

Hi,

Just gave your project a testdrive through #23 which is obviously quite easy to setup.

While your password manager looks nice and seems well built in terms of security, it lacks some features that would made it outstanding:

• Possibility to create new application types
• Folders (or customers) that can be shared with teams as RO / RW, so every new entry in a folder is shared by default
• password history
• Session timeouts depending on accessing IP address (so one gets 30 days session at work and 30 min sessions at a customers place)
• File storage in applications (sometimes you need to share a big CSV with hundreds of passwords for migrations... You won't create an application per entry for those use cases)
• Import / Export (no password manager can be seen as a valuable option if it doesn't allow to export it's data)
• Android / IOS app (actually an app that just wraps your frontend for easy access)

I've tested multiple other solutions and none provided a certificate for authentication. Nice one, really appreciable.

Thanks for developping your solution. Might become a great contender to Bitwarden, Psono, sysPass and others. Wish you well.