Version Control: Link
Minimum required ownCloud 8.0
Maximum required ownCloud 9.2
|Submitted: Jun 27 2015|
Updated: Sep 15 2016
Passwordsonly by the user who created the password (so this user must be logged in),
for ownCloud 8 and later and NextCloud 9 and later
2015-2016, Fallon Turner firstname.lastname@example.org
This app cannot be installed from within ownCloud, since this system demands repackaging of releases and kills the possibility to freely use GitHub master versions.
This is a Password Manager for generating, SHARING, editing, and categorizing passwords in ownCloud 8 and later and NextCloud 9 and later. It has full LDAP support and features both client side and server side encryption (using combined EtM [Encrypt-then-MAC] and MCRYPT_BLOWFISH encryption with user-specific, ownCloud-specific, and database entry-specific data), where only the user who creates the password is able to decrypt and view it. So passwords are stored heavily encrypted into the ownCloud database (read about Security and sharing here: https://github.com/fcturner/passwords#security).
Gallery with more screenshots:
This app is compatible with KeePass, 1Password, LastPass, SplashID or every other source, as long as passwords are exported as CSV.
All passwords are encrypted with user-specific, ownCloud/NextCloud-specific and server-specific keys. This means passwords can be decrypted:
only on the same ownCloud/NextCloud instance where the password was created in (meaning: same password salt in config.php).
Other users or administrators are never able to decrypt passwords, since they cannot login as the user (assuming the users password isnt known). If the password salt is lost, all passwords of all users are lost and irretrievable.
Use these commands to use Git directly (fastest way). Edit /var/www/owncloud/ to match the root of your ownCloud installation. The first one is optional to remove an existing folder with contents:
rm -rf /var/www/owncloud/apps/passwords
git clone --branch 19 https://github.com/fcturner/passwords.git /var/www/owncloud/apps/passwords
Or download the latest release and copy the folder passwords to /owncloud/apps/ (remember that the folder must be called 'passwords'). Login as admin and enable the app. The database tables will be created automatically.
Latest release: https://github.com/fcturner/passwords/releases/latest/
A big thanks to all participants in this project. I thank Anthony Ferrara (ircmaxell), for teaching the world how to properly set up security in PHP.
v19 - Sept 15th, 2016
This is a rather big update.
* Support for ownCloud 9.1 and NextCloud 9 and 10 (now works on all versions of OC 8 and later, and NC 9 and later)
* Added the possibility for a master password! Users can choose between their own ownCloud password (default after you update), a self chosen master password or no extra password at all.
-- Authentication is served over POST requests (safer than URL requests)
-- A timer (cookie) is available and can be set per user
-- A master password and the cookie timer will be hashed with a 512-bit SHA2-hash. This hash contains no retrievable information and is useless, even for database administrators. It will only be used to verify it with the hashed version of the user"s input.
-- This is particularly handy when other users know your ownCloud password (for practical reasons).
-- Master passwords do not re-encrypt existing passwords, it is only used for entering the app.
-- The countdown timer will lock the app instead of log you off when it reaches zero and you use an extra authentication
-- Added "Lock app" button as option for users who have set an extra authentication
* Full LDAP support
-- LDAP users can now share their passwords with other LDAP users and local users
-- Extra authentication using the ownCloud password is possible too
* Added user option to change icon sizes. Default is now larger: 32px instead of 16px, but users can change this themselves to 16px, 24px or 32px.
* Added support for different app locations. If you use `/owncloud/apps2/passwords` for an instance, this will now be supported too. Admins can change this in the admin settings of ownCloud.
* Readded support for PostgreSQL (changed database format for BLOB-types)
* Added version info on ownCloud/NextCloud admin page; it will check this GitHub project (/appinfo/info.xml) for a new version and will alert you with a message and buttons to visit this project, download the ZIP or TAR file, or view all releases
* Added "Share" button to cell menu
* Added "View" button to cell menu on shared passwords (removed "Edit" and "Share")
* Added "Clone" button to cell menu; e.g. with this button you can clone/recreate a password that has been shared to you
* Added "Stop sharing" button to popup for passwords that have been shared
* Added immediate clipboard copy when you click on a username or password, hidden or not
* Added "Clear" button to popup
* Added support for Danish, Japanese, Romanian, Russian, Slovenian, Spanish (Mexico), Thai and Turkish. Now available in 25 languages: English, German, Spanish, French, Italian, Dutch, Danish, Czech, Norwegian Bokmål, Russian, Japanese, Polish, Portuguese (Brazil), Portuguese (Portugal), Spanish (Mexico), Turkish, Swedish, Catalan, Thai, Hebrew, Romanian, Albanian, Slovenian, Icelandic, Galician.
* Added auto load of website picture (favicon) when creating a password so it is instantly visible
* Changed appearance of left navigation pane, including removal of password form (which has moved to a popup)
* Changed password generation (pre-)algorithm, it now loops 10 times and returns the strongest of them
* Removed ZeroClipboard in favour of Clipboard.js, so Flash is fully eliminated and copy support has been extended (except for Safari)
* CSS fixes for checkboxes to comply with the ownCloud 9 standard
* Fixed responsive design, especially for mobile screens (OC Passwords looks great on iPhone!)
* Fix for loading avatars on share dialog
* Fix for notes and categories not being saved on unshared passwords
* Fix for sharing with users whose username contains a `.` or `@`
* Fix for SQLite databases
* Fix for import of addresses and notes
* Fix for `Not Found Exception`
* Fix for many small CSS bugs
* Fixed ownCloud dialogs with own CSS so they actually work and the buttons are always in sight
v18.0 - Apr 4, 2016
* Added sharing! Share all your passwords with others (you can trust)!
-- The users you can share with, is based on the admin settings (only from your own group, or all users, ...)
-- Icons indicate the number of users you"ve shared a password with
-- Popup shows avatars, ownCloud login names and display names
-- It uses a random share key (256-bit strong) that is created everytime a share is created.
This key is saved to a new (third) database table, `oc_passwords_share`, and to the encrypted `properties` column of the password owner.
When the keys match, the password will be decrypted on the receiving user"s side.
-- Note: LDAP is not yet supported, but will be in v18.1.
* This app can now fully be controlled remotely!
This makes it technically possible to use ownCloud Passwords on Android, iPhones, remote servers, you name it.
Other authors have already made browser plugins available for Firefox and Chrome.
No strict need to use the website of ownCloud anymore, but it all works just as safe.
-- Changed RESTful API to support GET, POST, DELETE, and PUT
-- Wrote documentation for API use: [url](https://github.com/fcturner/passwords/wiki/ownCloud-Passwords-%7C-RESTful-API)[/url]
-- Firefox addon: [url](https://addons.mozilla.org/en-US/firefox/addon/firefox-owncloud-passwords[/url] (thanks to @eglia)
-- Chrome extension: [url](https://github.com/thefirstofthe300/ownCloud-Passwords[/url] (thanks to @thefirstofthe300)
* Created a gallery with screenshots: https://github.com/fcturner/passwords/wiki/ownCloud-Passwords-%7C-Gallery-(screenshots)
* Allow tabs for input in notes field (so pressing Tab doesn"t switch to another field, but instead inserts a tab)
* Filtering a category or text now only searches active passwords, ignoring passwords in the trash bin
* Added "Edit categories" button to category popup
* Changed all deprecated PHP classes, to follow ownCloud"s guidelines
* Changed default `session_lifetime` to 15 minutes.
This will terminate a user session after 15 minutes of inactivity, if (1) a user has set a countdown timer in his personal settings and (2) this user setting is longer than 15 minutes (900 seconds).
The timer will reset on activity, just like the normal countdown timer on the lower right of the screen.
* Dropped support for PostgreSQL, for now (I"ll try to support it from 18.1 on again)
* Faster transition to categories and back
* Changed popup background to better show buttons like "Generate password"
* Enlarged popup
* Set default length for generating passwords to 30 instead of 25
* Show password fields in space fixed font, which makes complex passwords easier to read
* Fix for column headers `Strength` and `Last changed`
* Fix for scrollbar on sidebar
* Fix for reset of category list after adding a password
* Fix for losing a full URL when password was changed
* Fix for popup on smaller screens (mobile phones): the popup is now scrollable when it covers more than 75% of the browsers height
* Fix for website icons not always showing
* Fix for password column width
* Fix for restore icon not always showing after deleting a password
* Fix for select boxes after deleting a category
* Fix for SQLite when database type is not defined in config/config.php
* Direct link to this version: https://github.com/fcturner/passwords/archive/18.0.zip
Click here to view the whole changelog: