xsPasswordManagerPlugin - 0.3.1

XSolve Password Manager Plugin

You are currently browsing
the website for symfony 1

Visit the Symfony2 website


« Back to the Plugins Home

Signin


Forgot your password?
Create an account

Tools

Stats

advanced search
Information Readme Dependencies Releases Changelog Contribute
Show source

XSolve Password Manager Plugin

About

XSolve Password Manager is a symfony plugin for storing and managing passwords. It is based on the sfGuardPLugin, which is responsible for managing users, permissions and groups. It's a plugin, not a standalone application, which makes it easy to integrate it with an existing symfony application, customize and extend without modifying the plugin code.

The main target of this plugin are companies which have many passwords to differnt systems or documents and need to share these passwords with some employees or clients. This doesn't mean that it won't be useful for a regular user. Thanks to the functionality of private passwords, users can store their private passwords for e-mail, forum, online game accounts, encrypted pdf documents and zip archives and many more.

Installation

  • To install this plugin you need an initialized symfony application with sfGuardPlugin installed.

  • For password encryption install the Mcrypt php extension and enable it in php.ini

  • Now install xsPasswordManagerPlugin.

    $ symfony plugin:install xsPasswordManagerPlugin
    
  • Rebuild your model.

    $ symfony propel:build-model
    $ symfony propel:build-sql
    
  • Create the tables in your database (warning: this will wipe all data from existing tables).

    $ symfony propel:insert-sql
    

    Or if you don't want to loose data in database you can manualy make the changes found in generated SQL files in data/sql.

  • Load the initial data to the database - permission types and log event types. If you also want to create and admin user, copy the plugins/xsPasswordManagerPlugin/data/fixtures/xsPasswordManagerAdminUser.yml.sample to your main fixtures directory and remove the ".sample" postfix.

    $ mkdir data/fixtures
    $ cp plugins/xsPasswordManagerPlugin/data/fixtures/xsPasswordManagerAdminUser.yml.sample data/fixtures/xsPasswordManagerAdminUser.yml
    

    Load the fixtures. Replace 'frontend' with your application name.

    $ symfony propel:data-load frontend
    
  • The plugin still uses symfony 1.0 forms, so you need to enable sfCompat10Plugin in config/ProjectConfiguration.class.php

  • Enable modules in apps//config/settings.yml.

    all:
      .settings
        enabled_modules: [..., xsPasswordManagerPasswords, xsPasswordManagerLog]

    xsPasswordManagerLog is an administration tool - you may want to put it in your backend application.

  • Enable I18n in your application. In apps//config/settings.yml:

    all:
      .settings
        i18n: on
  • Change the parent class in apps//lib/myUser.class.php

    class myUser extends xsPasswordManagerUser
    {
    }
  • Now it's almost done. The last thing to do is to set your encryption key. The passwords are not stored in plain text - they're encrypted using a symetric-key algorithm. You need Mcrypt php extension with support for CAST-128 cipher. If you don't have it or you don't want to encrypt passwords, add this to your apps//config/app.yml file:

    all:
      xsPasswordManagerPlugin:
        encryptPasswords: no

    otherwise create a file lib/model/xsPasswordManagerPassword.php with the following content:

    <?php
    class xsPasswordManagerPassword extends PluginxsPasswordManagerPassword
    {
      var $encryptionKey = "This is my top secret encryption key";
    }

    and replace the text with your key.

Now you should be able to launch the passwords module by calling /xsPasswordManagerPasswords/index and log module by calling /xsPasswordManagerLog/index

Users, groups, permissions

You can add users, groups and permissions using sfGuardUser, sfGuardGroup and sfGuardPermission modules. When creating a new user you can assign him to groups and grant permissions.

Granting permissions and assigning users to groups

There are two ways of granting permissions to users. One method is by assigning permissions directly to a user, using checkboxes on the image above. Another way is by asociating permissions with groups and groups with users. The user derives permissions from all groups he is assigned to. You can associate groups with permissions in the sfGuardGroup module.

There are 6 predefined permissions loaded from the fixtures file. DO NOT RENAME OR DELETE THEM - they are required for the plugin to work! The predefined permissions are:

  • xsAdmin - Administrator permission. User with this permission can do anything with any password, except for other users ptivate passwords. When this permission is granted, other permission settings mean nothing because admin has all permissions.
  • xsAdd - Permission to add new passwords. User can add new passwords to all groups he belongs to. Don't confuse this permission with adding private passwords - everyone can do that and it has nothing to do with this permission.
  • xsEditOwned - Permission to edit passwords which were added by the same user.
  • xsEdit - Permission to edit any password in groups the user belongs to. This permission overrides editOwned permission.
  • xsDeleteOwned - Permission to delete passwords which were created by the same user.
  • xsDelete - Permission to delete any password in groups the user belongs to.

Log

Every user action involving a password is logged in the database. You can browse the log in the xsPasswordManagerLog module. Logged events can be filtered by date, user, action, status, detailed description and IP address. You can easily find history of a password or find all actions of a user.

Passwords

To manage your passwords load the xsPasswordManagerPasswords module. You will se a list of all passwrds you're allowed to see. If you've just installed the module, the list is empty - to fill it, click "Add new password".

Creating new password

Choose you password name - e.g. "Company e-mail account". You can attach some description but it's not mandatory. Put your mail login page url in "URL Address" field. Fill the login and password fields. The "Group" field let's you choose which group will have access to the newly created password. You don't want anyone to access your e-mail account, so choose "private" from the drop-down list. Private passwords can't be accessed by anyone except for the password owner. Even the system administrator can't see it... well.. he can change your account password, log in to your account and see it then... so you need to trust your administrator. Now when you clink "Add", you will see your newly created entry in the password list.

Password list

Your new entry has a green background - that's because it's private. If you create a new password, and choose a group for it, so it's not private, it will have a light-blue background. In this view you can apply various filters to the password list. There's not much to search in right now, but you will find it very useful when your list gets bigger. To the right of each entry, you'll find tools for manipulating the passwords. They will let you see the password details, edit the entry and delete it. To see the details, including the actual password, click the magnifying glass icon.

Password details

You can see all information about your password. To log in to your e-mail account, follow the link "URL Address" and put the login and password in the form. You can use the "Link to this page" link to show someone the password. You can send this link to someone via an instant messenger or a forum without worrying that someone else will see it. He will the follow the link, log in to the password manager and see the password details, if he's allowed to see it of course. Another advantage ofthis is that you can change the password without notifying everyone who uses it about this change. They'll follow the link and see the curent password.

Credits

This plugin was created by XSolve sp. z o.o.