Passbolt - Open source password manager for teams

Last update: Aug 12, 2022
      ____                  __          ____
     / __ \____  _____ ____/ /_  ____  / / /_
    / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
   / ____/ /_/ (__  |__  ) /_/ / /_/ / / /_
  /_/    \__,_/____/____/_,___/\____/_/\__/

The open source password manager for teams
Copyright (c) 2021 Passbolt SA
https://www.passbolt.com

PHPStan Enabled Psalm level

License

Passbolt - Open source password manager for teams

(c) 2022 Passbolt SA

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License (AGPL) as published by the Free Software Foundation version 3.

The name "Passbolt" is a registered trademark of Passbolt SA, and Passbolt SA hereby declines to grant a trademark license to "Passbolt" pursuant to the GNU Affero General Public License version 3 Section 7(e), without a separate agreement with Passbolt SA.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see GNU Affero General Public License v3.

About Passbolt

Passbolt is an open source password manager for teams. It allows you to securely share and store credentials. For instance, the wifi password of your office, the administrator password of a router or your organization's social media account passwords, all of them can be secured using passbolt.

Passbolt is different from the other password managers because:

  • It is primarily designed for teams and not individuals
  • It is free & open source
  • It is respectful of privacy
  • It is based on OpenPGP, a proven cryptographic standard
  • It is easy to use for both novices and IT professionals alike
  • It is extensible thanks to its RESTful API

Find out more: https://www.passbolt.com

How does it look like?

Login Browse passwords Share passwords

Trying out passbolt

You can try a demo of passbolt at https://demo.passbolt.com.

You will need to install a browser extension. You can find some help here: https://help.passbolt.com/faq/start/browser-extensions

Installing passbolt

You can install passbolt on your own machine. Follow the instructions on the website here: https://help.passbolt.com/hosting/install

Updating passbolt

Every now and then you will need to update passbolt to benefits from important fixes and improvements. Follow the instructions on the website here: https://help.passbolt.com/hosting/update

Contributing to passbolt

Please check out CONTRIBUTING.md for more information on how to get involved!

Reporting a security issue

If you've found a security-related issue in passbolt, please don't open an issue on GitHub. Instead contact us at [email protected]. In the spirit of responsible disclosure we ask that the reporter keep the issue confidential until we announce it.

The passbolt team will take the following actions:

  • Try first to reproduce the issue and confirm the vulnerability.
  • Acknowledge to the reporter that we have received the issue and are working on a fix.
  • Get a fix/patch prepared and create associated automated tests.
  • Prepare a post describing the vulnerability and the possible exploits.
  • Release new versions of all affected major versions.
  • Prominently feature the problem in the release announcement.
  • Give credit in the release announcement to the reporter if they so desire.

Credits

https://www.passbolt.com/credits

GitHub

https://github.com/passbolt/passbolt_api
Comments
  • 1. No mails are sent when providers offer AUTH PLAIN authentification only

    Unable to send Emails to some providers

    • Passbolt Version: e848cd4d9ef8982e405ee8350fca325e2c562fad
    • Platform and Target: -- Operating system: Debian Buster (10) -- PHP: 7.3.14-1~deb10u1 -- Web server: nginx/1.14.2 -- Database server: mariadb Ver 15.1 -- etc.: Vserver

    What you did

    I installed passbolt with the script, everything was working as expected and went very smooth. Except the email sending part. I startet a forum thread with my problems here: https://community.passbolt.com/t/emails-not-sending/2771

    First I thought it was the same with every provider, then I found a provider that worked for me (without TLS and instead with the ssl:// URL) Still the provider I want to use doesnt not work in passbolt. I tried connecting to it manually and in the end did so successfully. From the same system and the same user/pass combination. See this post for an exact output of a successful connection.

    What happened

    Although my email is working in thunderbird/webmail/manual smtp it is not working in passbolt.

    # sudo -u www-data /var/www/passbolt/bin/cake passbolt  send_test_email [email protected]
    
         ____                  __          ____  
        / __ \____  _____ ____/ /_  ____  / / /_ 
       / /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/ 
      / ____/ /_/ (__  |__  ) /_/ / /_/ / / /    
     /_/    \__,_/____/____/_.___/\____/_/\__/   
    
     Open source password manager for teams
    ---------------------------------------------------------------
     Debug email shell
    ---------------------------------------------------------------
    
    Email configuration
    ---------------------------------------------------------------
    Host: mail.systemli.org
    Port: 587
    Username: myworkingusername
    Password: *********
    TLS: true
    
    Sending email from: myemailname
    Sending email to: [email protected]
    ---------------------------------------------------------------
    
    Trace
    [220] mail1.systemli.org ESMTP Postfix (Debian/GNU)
    > EHLO localhost
    [250] mail1.systemli.org
    [250] PIPELINING
    [250] SIZE 40960000
    [250] ETRN
    [250] STARTTLS
    [250] ENHANCEDSTATUSCODES
    [250] 8BITMIME
    [250] DSN
    [250] CHUNKING
    > STARTTLS
    [220] 2.0.0 Ready to start TLS
    > EHLO localhost
    [250] mail1.systemli.org
    [250] PIPELINING
    [250] SIZE 40960000
    [250] ETRN
    [250] AUTH PLAIN
    [250] AUTH=PLAIN
    [250] ENHANCEDSTATUSCODES
    [250] 8BITMIME
    [250] DSN
    [250] CHUNKING
    
    A test email could not be sent.
    Error: SMTP Error: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
    

    What you expected to happen

    I expected a successful mail transfer.

    Reviewed by wnhre2ur8cxx8 at 2020-05-25 16:51
  • 2. Debian 9 / Mariadb 10.1: install fails when creating session tables - "1071 Specified key was too long"

    i tried to set up passbolt 1.6.3 on a debian server running PHP 7.0.19-1 and MariaDB 10.1.26-0+deb9u1 . but when running app/Console/cake install --no-admin as the user, the routine seems to run fine but actually fails in the middle with

    The following table(s) will be created.
    cake_sessions
    Creating table(s).
    cake_sessions: SQLSTATE[42000]: Syntax error or access violation: 1071 Specified key was too long; max key length is 767 bytes
    End create.
    passbolt session table deployed
    

    did i miss something?

    Reviewed by rotanid at 2017-08-31 16:15
  • 3. Could not add user to a group

    Could not add user to a group

    • Passbolt Version: 2.5.0
    • Platform and Target: -- Operating system: Debian 9.6 -- PHP: 7.0.30 -- Web server: Apache/2.4.25 (Debian) -- Database server: 10.1.37-MariaDB-0+deb9u1 Debian 9.6

    What you did

    1. Click on "users" in the top bar.
    2. Click on the "+" symbol in the left bar for the group I want to add a user in.
    3. Click on "edit group".
    4. Search user in the add people field and then click on the user found.
    5. Save the group
    6. Enter the password to validate my privilege (I guess)
    7. Get this error message : Error The group could not be saved

    What happened

    The user is not added to the group. I'm get error: "Error The group could not be saved"

    What you expected to happen

    The user being added to the group.

    Reviewed by AnswerKAS at 2018-11-26 11:25
  • 4. Users in group edit window are listed multiple times

    Users in group edit window are listed multiple times

    • Passbolt Version: 2.0.4-debian
    • Platform and Target: -- Database server: mysql:5.7 -- docker -- updated installation from v1

    What you did

    I pressed the button "Edit group" in the groups tooltip.

    What happened

    Sometimes all users in the list are listed multiple times. But without role information.

    bildschirmfoto 2018-04-30 um 09 58 07 bildschirmfoto 2018-04-30 um 09 58 20

    What you expected to happen

    A user should only be listed once.

    Reviewed by joberthel at 2018-04-30 08:06
  • 5. The requested URL /users/login was not found on this server.

    I did a new installation on debian jessie, i used /var/www/passbolt/app/webroot as document root

    rewrite module is enabled and running in apache2

    this runs without errors and creates mysql tables: app/Console/cake install --no-admin

    when i create admin like this: app/Console/cake passbolt register_user -u [email protected] -f myFirtsname -l myLastname -r admin

    i get mail, but in the url it mentions "localhost", when i correct localhost to the actual ip, it also cannot find the URL

    If i go to server like https://ip-address it gives: Not Found The requested URL /users/login was not found on this server.

    User www-data has read rights to passbolt folders and write rights to: /var/www/passbolt/app/tmp/

    Please help, below are installed php modules:

    php -m [PHP Modules] bcmath bz2 calendar Core ctype date dba dom ereg exif fileinfo filter ftp gd gettext gnupg hash iconv intl json libxml mbstring memcached mhash mysql mysqli openssl pcntl pcre PDO pdo_mysql Phar posix readline Reflection session shmop SimpleXML soap sockets SPL standard sysvmsg sysvsem sysvshm tokenizer wddx xml xmlreader xmlwriter Zend OPcache zip zlib

    [Zend Modules] Zend OPcache

    Reviewed by tomghub at 2017-02-21 18:29
  • 6. SMTP Error: 550 / Gandi RULE3_2

    Hi all,

    I cant undestand why i dont got the email for new user :

    [email protected]:/var/www/passbolt# ./bin/cake EmailQueue.sender SMTP Error: 550 5.7.1 Reject for policy reason RULE3_2. See http://postmaster.gandi.net Email 50 was not sent

    But i make a test :

    `[email protected]:/var/www/passbolt# ./bin/cake passbolt send_test_email

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
    

    / // / __ `/ __/ __/ __ / __ / / / / / // ( | ) // / // / / / // _,//__/.__/___//_/

    Open source password manager for teams

    Debug email shell

    Email configuration

    Host: mail.gandi.net Port: 587 Username: [email protected] Password: ********* TLS: true

    Sending email from: Passbolt [email protected] Sending email to: [email protected]

    Trace [220] relay.mail.gandi.net ESMTP Postfix

    EHLO localhost [250] relay9-d.mail.gandi.net [250] PIPELINING [250] SIZE 35651584 [250] VRFY [250] ETRN [250] STARTTLS [250] AUTH PLAIN LOGIN [250] ENHANCEDSTATUSCODES [250] 8BITMIME [250] DSN STARTTLS [220] 2.0.0 Ready to start TLS EHLO localhost [250] relay9-d.mail.gandi.net [250] PIPELINING [250] SIZE 35651584 [250] VRFY [250] ETRN [250] AUTH PLAIN LOGIN [250] ENHANCEDSTATUSCODES [250] 8BITMIME [250] DSN AUTH LOGIN [334] VXNlcm5hbWU6


    [334] UGFzc3dvcmQ6


    [235] 2.7.0 Authentication successful

    MAIL FROM:<***> [250] 2.1.0 Ok RCPT TO:[email protected] [250] 2.1.5 Ok DATA [354] End data with . From: Passbolt <***> To: [email protected] Date: Sat, 29 Sep 2018 12:32:39 +0000 Message-ID: [email protected] Subject: Passbolt test email MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit

    Congratulations! If you receive this email, it means that your passbolt smtp configuration is working fine.

    . [250] 2.0.0 Ok: queued as 4DF7BFF80B

    QUIT

    The message has been successfully sent! [email protected]:/var/www/passbolt#`

    Its ok, someone can help me please ?

    Best regards.

    Reviewed by m333w at 2018-09-29 12:35
  • 7. Can't pass login page (Firefox)

    After setting up admin account successfully, I am not able to login using this account. After entering my password, I get redirected to the login page again, checking passbolt logs shows:

    2017-08-10 16:08:41 Error: [ForbiddenException] You need to login to access this location
    Request URL: /auth/checkSession.json
    Stack Trace:
    #0 /var/www/html/passbolt/lib/Cake/Controller/Component/AuthComponent.php(349): GpgAuthenticate->unauthenticated(Object(CakeRequest), Object(CakeResponse))
    #1 /var/www/html/passbolt/lib/Cake/Controller/Component/AuthComponent.php(305): AuthComponent->_unauthenticated(Object(AuthController))
    #2 /var/www/html/passbolt/lib/Cake/Utility/ObjectCollection.php(128): AuthComponent->startup(Object(AuthController))
    #3 /var/www/html/passbolt/lib/Cake/Event/CakeEventManager.php(243): ObjectCollection->trigger('startup')
    #4 /var/www/html/passbolt/lib/Cake/Controller/Controller.php(678): CakeEventManager->dispatch(Object(CakeEvent))
    #5 /var/www/html/passbolt/lib/Cake/Routing/Dispatcher.php(189): Controller->startupProcess()
    #6 /var/www/html/passbolt/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke(Object(AuthController), Object(CakeRequest))
    #7 /var/www/html/passbolt/app/webroot/index.php(110): Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))
    #8 {main}
    

    Permission wise, I have set

    chown nginx:nginx app/Config
    chmod -R 777 app/tmp
    chmod -R 777 app/webroot/img/public`
    

    Health check shows no error:

    
     [PASS] PHP version 7.0.21
     [PASS] PCRE compiled with unicode support
     [PASS] The app/tmp directory is writable
     [PASS] The app/webroot/img/public directory is writable
    
     Config files
    
     [PASS] The core config file is present
     [PASS] The database config file is present
     [PASS] The email config file is present
     [PASS] The application config file is present
    
     Core config
    
     [FAIL] Debug mode is on.
      [HELP] Set Configure::write('debug', 0); in app/Config/core.php
     [PASS] Cache is working.
     [PASS] Unique value set for security.salt
     [PASS] Unique value set for security.cipherSeed
     [PASS] Full base url is set to https://passbolt.localdomain.com
     [PASS] App.fullBaseUrl validation OK.
     [PASS] /healthcheck/status is reachable.
    
     SSL Certificate
    
     [PASS] SSL peer certificate validates
     [PASS] Hostname is matching in SSL certificate.
     [WARN] Using a self-signed certificate
    
     Database
    
     [PASS] Configured to use a supported database backend
     [PASS] The application is able to connect to the database
     [PASS] Not using a prefix for database tables
     [PASS] 20 tables found
     [PASS] Some default content is present
     [PASS] The database schema up to date.
    
     GPG Configuration
    
     [PASS] PHP GPG Module is installed and loaded
     [PASS] The server gpg key is not the default one
     [PASS] The environment variable GNUPGHOME is set to /opt/passbolt/.gnupg
     [PASS] The directory containing the keyring is writable by root.
    
     Application configuration
    
     [PASS] Using latest passbolt version (1.6.1)
     [PASS] Passbolt is configured to force SSL use
     [PASS] App.fullBaseUrl is set to HTTPS
     [PASS] Selenium API endpoints are disabled.
     [PASS] Search engine robots are told not to index content.
     [PASS] Registration is closed, only administrators can add users.
     [PASS] Serving the compiled version of the javascript app
    
     Development Tools (optional)
    
     [PASS] Phpunit is installed
     [PASS] Phpunit version is 3.7.38
    
      1 error(s) found. Hang in there!
    

    I also have SELinux set to Permissive. Am I missing something? or there is any other logs to help debug this issue? Thanksget

    Reviewed by tmidi at 2017-08-10 16:34
  • 8. The server was unable to respect the authentication protocol! (Centos7 / PHP7)

    Hi got following problem with new Setup on nginx/1.13.4, PHP 7.0.21

    The server was unable to respect the authentication protocol! There was a problem when trying to communicate with the server (HTTP Code:500)

    passbolt

    2017-08-09 13:18:02 Error: [Exception] encrypt-sign failed
    Request URL: /auth/login.json
    Stack Trace:
    #0 /var/www/html/passbolt/app/Controller/Component/Auth/GpgAuthenticate.php(109): gnupg->encryptsign('gpgauthv1.3.0|3...')
    #1 /var/www/html/passbolt/lib/Cake/Controller/Component/AuthComponent.php(770): GpgAuthenticate->authenticate(Object(CakeRequest), Object(CakeResponse))
    #2 /var/www/html/passbolt/lib/Cake/Controller/Component/AuthComponent.php(611): AuthComponent->identify(Object(CakeRequest), Object(CakeResponse))
    #3 /var/www/html/passbolt/app/Controller/AuthController.php(35): AuthComponent->login()
    #4 [internal function]: AuthController->login()
    #5 /var/www/html/passbolt/lib/Cake/Controller/Controller.php(491): ReflectionMethod->invokeArgs(Object(AuthController), Array)
    #6 /var/www/html/passbolt/lib/Cake/Routing/Dispatcher.php(193): Controller->invokeAction(Object(CakeRequest))
    #7 /var/www/html/passbolt/lib/Cake/Routing/Dispatcher.php(167): Dispatcher->_invoke(Object(AuthController), Object(CakeRequest))
    #8 /var/www/html/passbolt/app/webroot/index.php(110): Dispatcher->dispatch(Object(CakeRequest), Object(CakeResponse))
    #9 {main}
    

    regards

    Sascha

    passbolt_headers

    Reviewed by eraxor at 2017-08-09 13:22
  • 9. Installation no Connection to MySQL

    Distro: Debian 8 SQL DB: MariaDB 10.2 PHP: 5 HTTP Server: Apache (v2)

    The error I get:

    https://hastebin.com/idevoxocaj.scala

    database.php file (this is on a dummy server so not worried about credentials)

    https://hastebin.com/focamefuhu.php

    PHP Packages I installed:

    • php5-common
    • libapache2-mod-php5
    • php5-cli
    • php5-common
    • php5-gd
    • php5-mcrypt
    • php5-dev
    • php-pear
    • php5-fpm
    • php5-mysql
    • php5-gnupg

    The files have cloned into the /var/www/html directory

    So what am I doing wrong?

    Reviewed by c0fe at 2017-02-23 00:49
  • 10. The private key cannot be used to decrypt a message

    I'm trying to install Passbolt and I ran into a few issues so far. The first issue was that the Fingerprint apparently didn't match the fingerprint in the app.php. However, after generating a new key this works.

    The issue I'm getting now is that the private key can't be used to decrypt a message. Also when I try to access the site I only see a cake php file (front-controller?).

    Here is my healthcheck:


    Healthcheck shell

    Environment

    [PASS] PHP version 7.0.22-0ubuntu0.16.04.1 [PASS] PCRE compiled with unicode support [PASS] The temporary directory and its content are writable [PASS] The public image directory and its content are writable

    Config files

    [PASS] The core config file is present [PASS] The database config file is present [PASS] The email config file is present [PASS] The application config file is present

    Core config

    [PASS] Debug mode is off. [PASS] Cache is working. [PASS] Unique value set for security.salt [PASS] Unique value set for security.cipherSeed [PASS] Full base url is set to https://my.domain.com [PASS] App.fullBaseUrl validation OK. [FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl [HELP] Check that the domain name is correct in app/Config/core.php [HELP] Check the network settings

    SSL Certificate

    [FAIL] SSL peer certificate does not validate [FAIL] Hostname does not match when validating certificates. [WARN] Using a self-signed certificate

    Database

    [PASS] Configured to use a supported database backend [PASS] The application is able to connect to the database [PASS] Not using a prefix for database tables [FAIL] No table found [HELP] Run the install script to install the database tables [HELP] sudo su -s /bin/bash -c "/var/www/passbolt/app/Console/cake install" www-data [FAIL] No default content found [HELP] Run the install script to set the default content such as roles and permission types [HELP] sudo su -s /bin/bash -c "/var/www/passbolt/app/Console/cake install" www-data [PASS] The database schema up to date.

    GPG Configuration

    [PASS] PHP GPG Module is installed and loaded [PASS] The server gpg key is not the default one [PASS] The environment variable GNUPGHOME is set to /home/www-data/.gnupg [PASS] The directory /home/www-data/.gnupg containing the keyring is writable by the user the webserver is running as. [PASS] The public key file is defined in app/config.php and readable. [PASS] The private key file is defined in app/config.php and readable. [PASS] The server key fingerprint matches the one defined in app/config.php. [PASS] The server key defined in the app/Config.php is in the keyring. [PASS] There is a valid email id defined for the server key. [PASS] The public key can be used to encrypt and sign a message. [FAIL] The private key cannot be used to decrypt a message [HELP] Make sure that the server private key is valid and that there is no passphrase.

    Application configuration

    [PASS] Using latest passbolt version (1.6.5) [PASS] Passbolt is configured to force SSL use [PASS] App.fullBaseUrl is set to HTTPS [PASS] Selenium API endpoints are disabled. [PASS] Search engine robots are told not to index content. [PASS] Registration is closed, only administrators can add users. [PASS] Serving the compiled version of the javascript app [PASS] All email notifications will be sent.

    Development Tools (optional)

    [PASS] Phpunit is installed [PASS] Phpunit version is 3.7.38

    6 error(s) found. Hang in there!

    I hope you can help me I'm really stuck with this one.

    Reviewed by jaypi95 at 2017-10-20 12:55
  • 11. error after install

    After install i am getting a error. I have the healthcheck output below.

    I set the url to the ip without a port. i tried with 8085 and 8081 to the same issue. Did i miss something? [[email protected]` passbolt]# su -s /bin/bash -c "app/Console/cake passbolt healthcheck" nginx

     ____                  __          ____
    / __ \____  _____ ____/ /_  ____  / / /_
    

    / // / __ `/ __/ __/ __ / __ / / / / / // ( | ) // / // / / / // _,//__/.__/___//_/

    Open source password manager for teams

    Healthcheck shell

    Environment

    [PASS] PHP version 7.0.23 [PASS] PCRE compiled with unicode support [PASS] The temporary directory and its content are writable [PASS] The public image directory and its content are writable

    Config files

    [PASS] The core config file is present [PASS] The database config file is present [PASS] The email config file is present [PASS] The application config file is present

    Core config

    [PASS] Debug mode is off. [PASS] Cache is working. [PASS] Unique value set for security.salt [PASS] Unique value set for security.cipherSeed [PASS] Full base url is set to http://192.168.5.221 [PASS] App.fullBaseUrl validation OK. [FAIL] Could not reach the /healthcheck/status with the url specified in App.fullBaseUrl [HELP] Check that the domain name is correct in app/Config/core.php [HELP] Check the network settings

    SSL Certificate

    [FAIL] SSL peer certificate does not validate [FAIL] Hostname does not match when validating certificates. [WARN] Using a self-signed certificate

    Database

    [PASS] Configured to use a supported database backend [PASS] The application is able to connect to the database [PASS] Not using a prefix for database tables [PASS] 20 tables found [PASS] Some default content is present [PASS] The database schema up to date.

    GPG Configuration

    [PASS] PHP GPG Module is installed and loaded [PASS] The server gpg key is not the default one [PASS] The environment variable GNUPGHOME is set to /var/cache/nginx/.gnupg [PASS] The directory /var/cache/nginx/.gnupg containing the keyring is writable by the user the webserver is running as. [PASS] The public key file is defined in app/config.php and readable. [PASS] The private key file is defined in app/config.php and readable. [PASS] The server key fingerprint matches the one defined in app/config.php. [PASS] The server key defined in the app/Config.php is in the keyring. [PASS] There is a valid email id defined for the server key. [PASS] The public key can be used to encrypt and sign a message. [PASS] The private key can be used to decrypt a message.

    Application configuration

    [PASS] Using latest passbolt version (1.6.5) [FAIL] Passbot is not configured to force SSL use [HELP] Set App.ssl.force to true in app/Config/app.php [FAIL] App.fullBaseUrl is not set to HTTPS [HELP] Check App.fullBaseUrl url scheme in app/Config/core.php [PASS] Selenium API endpoints are disabled. [PASS] Search engine robots are told not to index content. [PASS] Registration is closed, only administrators can add users. [PASS] Serving the compiled version of the javascript app [PASS] All email notifications will be sent.

    Development Tools (optional)

    [PASS] Phpunit is installed [PASS] Phpunit version is 3.7.38

    5 error(s) found. Hang in there!

    Reviewed by shin2344234 at 2017-10-12 16:07
  • 12. Debian postinst maintainer script doesn't honor `passbolt/nginx-configuration`

    Debian postinst maintainer script doesn't honor passbolt/nginx-configuration

    • Passbolt Version: 3.7.0
    • Platform and Target:
      • Operating system: Debian 11
      • PHP: n/a
      • Web server: n/a
      • Database server: n/a

    What you did

    Perform an unattended installation of the passbolt-ce-server package on Debian without nginx.

    Note the line setting passbolt/nginx-configuration to false. MariaDB is already installed.

    sudo debconf-set-selections <<EOS
    passbolt-ce-server passbolt/mysql-configuration boolean true
    passbolt-ce-server passbolt/mysql-passbolt-username string passbolt
    passbolt-ce-server passbolt/mysql-passbolt-password password test1234
    passbolt-ce-server passbolt/mysql-passbolt-password-repeat password test1234
    passbolt-ce-server passbolt/mysql-passbolt-dbname string passbolt
    passbolt-ce-server passbolt/nginx-configuration boolean false
    passbolt-ce-server passbolt/nginx-configuration-three-choices select auto
    passbolt-ce-server passbolt/nginx-configuration-two-choices select none
    passbolt-ce-server passbolt/nginx-domain string passbolt.example.com
    passbolt-ce-server passbolt/nginx-certificate-file string 
    passbolt-ce-server passbolt/nginx-certificate-key-file string 
    EOS
    sudo DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends passbolt-ce-server
    

    What happened

    The installation fails at the postinst step.

    # ... more output preceding this ...
    Setting up passbolt-ce-server (3.7.0-1) ...
    /var/lib/dpkg/info/passbolt-ce-server.postinst: line 217: certbot: command not found
    dpkg: error processing package passbolt-ce-server (--configure):
     installed passbolt-ce-server package post-installation script subprocess returned error exit status 127
    

    The failing line is here.

    What you expected to happen

    I expected the installation to succeed; without attempting to use nginx, certbot or anything else related to the web server.

    Additional information

    The hosting FAQ mentions passbolt/nginx-configuration, but that key is obviously not honored. Instead, the postinst script derives the value of nginx_values[configuration] from passbolt/nginx-configuration-three-choices/passbolt/nginx-configuration-two-choices.

    One way to get around this (which I found by looking at the postinst script) is to set passbolt/nginx-configuration-three-choices and passbolt/nginx-configuration-two-choices to an empty string or an invalid value.

    Reviewed by maxtruxa at 2022-08-08 17:51
  • 13. JWT healthcheck does not recognise read-only mounts, nor dereferences symbolic links

    • Passbolt Version: 3.7.1-1-ce
    • Platform and Target:
      • https://github.com/passbolt/passbolt_docker
      • https://github.com/mmz-srf/passbolt-helm

    What you did

    I was deploying the (community) Helm chart and found the Passbolt container to be too eager in checking JWT file permissions with is_writable.

    What happened

    When the JWT healthcheck runs, an error is thrown, despite the files have correct permissions:

    JWT Authentication
    
     [PASS] The JWT Authentication plugin is enabled
     [FAIL] The /etc/passbolt/jwt/ directory should not be writable.
     [HELP] You can try: 
     [HELP] sudo chown -Rf root:www-data /etc/passbolt/jwt/
     [HELP] sudo chmod 750 /etc/passbolt/jwt/
     [HELP] sudo chmod 640 /etc/passbolt/jwt/jwt.key
     [HELP] sudo chmod 640 /etc/passbolt/jwt/jwt.pem
     [FAIL] A valid JWT key pair is missing
    

    This is due to symbolic links not being dereferenced, and the mount option not being taken into account:

    This is the -L/--dereference flag of ls working:

    $ k -n passbolt exec -it deployment.apps/passbolt-passbolt-helm -- ls -la /etc/passbolt/jwt       
    total 4
    drwxrwxrwt 3 root root      120 Aug  1 12:40 .
    drwxrwx--- 6 root www-data 4096 Jul 28 14:56 ..
    drwxr-xr-x 2 root root       80 Aug  1 12:40 ..2022_08_01_12_40_58.3176624772
    lrwxrwxrwx 1 root root       32 Aug  1 12:40 ..data -> ..2022_08_01_12_40_58.3176624772
    lrwxrwxrwx 1 root root       14 Aug  1 12:40 jwt.key -> ..data/jwt.key
    lrwxrwxrwx 1 root root       14 Aug  1 12:40 jwt.pem -> ..data/jwt.pem
    
    $ k -n passbolt exec -it deployment.apps/passbolt-passbolt-helm -- ls -laL /etc/passbolt/jwt
    total 12
    drwxrwxrwt 3 root root      120 Aug  1 12:40 .
    drwxrwx--- 6 root www-data 4096 Jul 28 14:56 ..
    drwxr-xr-x 2 root root       80 Aug  1 12:40 ..2022_08_01_12_40_58.3176624772
    drwxr-xr-x 2 root root       80 Aug  1 12:40 ..data
    -rw-r----- 1 root root     3243 Aug  1 12:40 jwt.key
    -rw-r----- 1 root root      800 Aug  1 12:40 jwt.pem
    
    

    Here is the actual mountpoint:

    $ k -n passbolt exec -it deployment.apps/passbolt-passbolt-helm -- df -h /etc/passbolt/jwt  
    Filesystem      Size  Used Avail Use% Mounted on
    tmpfs           1.5G  8.0K  1.5G   1% /etc/passbolt/jwt
    
    $ k -n passbolt exec -it deployment.apps/passbolt-passbolt-helm -- cat /proc/mounts | grep passbolt
    tmpfs /etc/passbolt/gpg tmpfs ro,relatime,size=1518884k 0 0
    tmpfs /etc/passbolt/jwt tmpfs ro,relatime,size=1518884k 0 0
    /dev/vda1 /etc/php/7.4/fpm/conf.d/passbolt.ini ext4 ro,relatime 0 0
    /dev/disk/by-id/scsi-0DO_Volume_pvc-cb26fed1-2145-434b-8f09-876d9ae0a9a7 /usr/share/php/passbolt/webroot/img/public ext4 rw,relatime 0 0
    
    
    

    Reference:

    • https://github.com/kubernetes/kubernetes/issues/34982#issuecomment-496507770

    What you expected to happen

    I'm expecting Passbolt to recognise the files as symlinks, and dereference them upon checking, plus evaluating all possible layers of "read-only-ness".

    E.g. in https://bugs.php.net/bug.php?id=68926&edit=1 one suggestion is to try to actually write to a file, in order to determine if that would work.

    Reviewed by almereyda at 2022-08-01 13:14
  • 14. Bump laminas/laminas-diactoros from 2.11.0 to 2.14.0

    Bumps laminas/laminas-diactoros from 2.11.0 to 2.14.0.

    Release notes

    Sourced from laminas/laminas-diactoros's releases.

    2.14.0

    Release Notes for 2.14.0

    Feature release (minor)

    2.14.0

    • Total issues resolved: 0
    • Total pull requests resolved: 3
    • Total contributors: 2

    Documentation,Enhancement

    Enhancement

    2.13.0

    Release Notes for 2.13.0

    Feature release (minor)

    2.13.0

    • Total issues resolved: 0
    • Total pull requests resolved: 4
    • Total contributors: 3

    Enhancement

    renovate

    2.12.0

    Release Notes for 2.12.0

    Feature release (minor)

    2.12.0

    • Total issues resolved: 0
    • Total pull requests resolved: 5

    ... (truncated)

    Commits
    • 6cb35f6 Merge pull request #113 from gsteel/psr-static-return
    • 50d766a Fix static return type in RequestTrait
    • 480fee1 Merge pull request #110 from WoltLab/duplicate-composer-config
    • 3cff7c1 Remove duplicate config.allow-plugins key in composer.json
    • fb90458 Merge pull request #109 from WoltLab/export-ignore-renovate
    • 9446695 Add export-ignore attribute for /renovate.json
    • 34ba650 Merge pull request #106 from Ocramius/feature/laminas-coding-standard-2.3.x-t...
    • 7880719 Improved type signature for parse_cookie_header() return type
    • 2539f32 Refined types as per laminas/laminas-coding-standard:2.3.x upgrades
    • 739ad4d Merge pull request #103 from gsteel/update-laminas-coding-standard
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    Reviewed by dependabot[bot] at 2022-07-31 14:49
  • 15. typos and clarification

    • [ ] bug fix
    • [ ] change of existing behavior
    • [ ] new feature
    • [x] documentation only

    Checklist

    • [ ] User stories are present (given, when, then format)
    • [ ] Unit tests are passing
    • [ ] Selenium tests are passing
    • [ ] Check style is not triggering new error or warning

    What you did

    Just fixing typos and make some comments clearer.

    Reviewed by johanneskastl at 2022-07-27 18:53
  • 16. Healtcheck sometimes fails, on a retry it passes

    • Passbolt Version: 3.6.0.
    • Platform and Target: -- Operating system: Ubuntu 20.04.04 -- PHP: 7.4 -- Web server: Nginx 1.18.0 -- Database server: MariaDB 10.3.34

    What you did

    I created a cron job to extract the health check. For monitoring purposes. Basically this command: ./bin/cake passbolt healthcheck > /data/flusso/passbolt/output/passbolt_healthcheck.txt

    What happened

    Every now and then, there are errors in the output of the health-check. The errors only occur temporarily and when I retry, the errors are gone. These are the 2 errors shown:

     [FAIL] The private key cannot be used to decrypt and verify a message
     [FAIL] The public key cannot be used to verify a signature.
    

    Our Passbolt installation is working fine, so I assume the health-check is sometimes wrong.

    What you expected to happen

    I would expect to the health-check to give consistent results.

    Reviewed by TheReptile at 2022-07-19 10:34
  • 17. Install Translate

    Hi,

    Its possible install the translate pt_BR in passbolt ce? I had downloaded file default.po and copy for /usr/share/php/passbolt/resourcers/pt_BR/default.po but not work for me. I need clear cache in cake.php? How do this?

    Thanks

    Reviewed by eltonsjbv1 at 2022-07-14 15:18
GitScrum is a Project Management Tool, developed to help entrepreneurs, freelancers, managers, and teams Skyrocket their Productivity with the Agile methodology and Gamification.
GitScrum is a Project Management Tool, developed to help entrepreneurs, freelancers, managers, and teams Skyrocket their Productivity with the Agile methodology and Gamification.

GitScrum is a Project Management Tool, developed to help entrepreneurs, freelancers, managers, and teams Skyrocket their Productivity with the Agile methodology and Gamification.

Aug 5, 2022
A simple, intuitive, yet powerful password manager.

Poziomy zabezpieczeń Brak zabezpieczeń Kod jest widoczny bez konieczności podejmowania żadnej akcji. Nie jest szyfrowany. Można udostępniać. Niski poz

Feb 4, 2022
🔐 Password Manager written in PHP with MySQL database.
🔐 Password Manager written in PHP with MySQL database.

Password Manager A very basic password manager. Tech stack: PHP MySQL Bootstrap Setup Download and install XAMPP. Clone this repository: git clone htt

Jun 25, 2022
PHP web based Password Manager for business and personal use.

sysPass - Systems Password Manager Join us in the Gitter chat room: PHP web based Password Manager for business and personal use. AES-256 encryption i

Aug 10, 2022
Server manager is a open source project made for people so that they can add the servers to one single place irrespective of their provider and manage it through one location.
Server manager is a open source project made for people so that they can add the servers to one single place irrespective of their provider and manage it through one location.

Server Manager Are you sick of having to log into hundreads of different website just to access your server? Well we got you, Server manager is a open

Jan 18, 2022
TinyFileManager is web based file manager and it is a simple, fast and small file manager with a single file, multi-language ready web application
TinyFileManager is web based file manager and it is a simple, fast and small file manager with a single file, multi-language ready web application

TinyFileManager is web based file manager and it is a simple, fast and small file manager with a single file, multi-language ready web application for storing, uploading, editing and managing files and folders online via web browser. The Application runs on PHP 5.5+, It allows the creation of multiple users and each user can have its own directory and a build-in support for managing text files with cloud9 IDE and it supports syntax highlighting for over 150+ languages and over 35+ themes.

Aug 12, 2022
flare Manager .flare framework Manager
flare Manager .flare framework Manager

flare-Manager flare Manager .flare framework Manager Welcome to the flare-Manager install Flare form https://github.com/flare-framework/Flare move ind

Aug 14, 2022
CI4-Lic is a software license manager modul for Codeigniter 4, connecting to WordPress license server based on the Software License Manager Plugin.

CI4-Lic CI4-Lic is a software license manager modul for Codeigniter 4, connecting to WordPress license server based on Software License Manager Plugin

Jan 15, 2022
CocoPass is a password management system based on Laravel5.3.

CocoPass is a password management system based on Laravel5.3. You can safely and easily store your password here. If course, it is the first version.

Sep 28, 2021
One time password generator, validator, and qrcode generator that has no web dependencies (self-contained) in PHP
One time password generator, validator, and qrcode generator that has no web dependencies (self-contained) in PHP

otp-thing One time password generator, validator, and qrcode generator that has no web dependencies (self-contained) in PHP Introduction This started

Apr 29, 2022
📛 An open source status page system for everyone.

Cachet is a beautiful and powerful open source status page system. Overview List your service components Report incidents Customise the look of your s

Aug 11, 2022
Create Your Own Broadcast Network With AVideo Platform Open-Source. OAVP OVP
Create Your Own Broadcast Network With AVideo Platform Open-Source. OAVP OVP

Audio Video Platform AVideo is a term that means absolutely nothing, or anything video. Since it doesn't mean anything the brand simply is identifiabl

Aug 8, 2022
Emoncms is an open-source web application for processing, logging and visualising energy, temperature and other environmental data and is part of the OpenEnergyMonitor project.
Emoncms is an open-source web application for processing, logging and visualising energy, temperature and other environmental data and is part of the OpenEnergyMonitor project.

Emoncms is an open-source web application for processing, logging and visualising energy, temperature and other environmental data and is part of the OpenEnergyMonitor project.

Aug 7, 2022
Mibew Messenger - open-source live support application written in PHP and MySQL

Mibew Messenger is an open-source live support application written in PHP and MySQL. It enables one-on-one chat assistance in real-time directly from your website.

Jul 13, 2022
EspoCRM open source CRM application

EspoCRM is an Open Source CRM (Customer Relationship Management) software that allows you to see, enter and evaluate all your company relationships regardless of the type. People, companies or opportunities - all in an easy and intuitive interface.

Aug 13, 2022
OroCRM is an open source Client Relationship Management (CRM) application

OroCRM is an open source Client Relationship Management (CRM) application that allows to create a 360° view of your customers across multiple channels, organize the sales pipeline, manage account and contact information, communicate with customers, run marketing campaigns and track campaign performance.

Aug 6, 2022
classroombookings - open source room booking system for schools.

This is a web-based room booking system for schools and is designed to be as easy to use as possible. Set up your bookable rooms, day schedule and timetable for the year. Add user accounts, and allow them to make and manage bookings from anywhere.

Aug 5, 2022
phpIPAM is an open-source web IP address management application.

phpIPAM is an open-source web IP address management application. Its goal is to provide light and simple IP address management application. It is ajax-based using jQuery libraries, it uses php scripts and javascript and some HTML5/CSS3 features, so some modern browser is preferred to be able to display javascript quickly and correctly.

Aug 7, 2022
Crater is an open-source web & mobile app that helps you track expenses, payments & create professional invoices & estimates.
Crater is an open-source web & mobile app that helps you track expenses, payments & create professional invoices & estimates.

Introduction Crater is an open-source web & mobile app that helps you track expenses, payments & create professional invoices & estimates. Web Applica

Aug 14, 2022