Add column to shared_items to store the encrypted username, adjust logic to support encrypting/decrypting the login shared username

2023-01-28 21:20:11 +00:00 · 2023-01-28 21:20:11 +00:00 · 64417d6fb4
parent 0a1fb2227e
commit 64417d6fb4
6 changed files with 44 additions and 24 deletions
--- a/ajax.php
+++ b/ajax.php
@ -222,6 +222,7 @@ if (isset($_GET['ticket_query_views'])) {
 if (isset($_GET['share_generate_link'])) {
    validateTechRole();

+    $item_encrypted_username = '';  // Default empty
    $item_encrypted_credential = '';  // Default empty

    $client_id = intval($_GET['client_id']);
@ -243,22 +244,27 @@ if (isset($_GET['share_generate_link'])) {
    }

    if ($item_type == "Login") {
-        $login = mysqli_query($mysqli, "SELECT login_name, login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
+        $login = mysqli_query($mysqli, "SELECT login_name, login_username, login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
        $row = mysqli_fetch_array($login);

        $item_name = strip_tags(mysqli_real_escape_string($mysqli, $row['login_name']));

-        // Decrypt & re-encrypt password for sharing
-        $login_password_cleartext = decryptLoginEntry($row['login_password']);
+        // Decrypt & re-encrypt username/password for sharing
        $login_encryption_key = randomString();
-        $iv = randomString();
-        $ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);

-        $item_encrypted_credential = $iv . $ciphertext;
+        $login_username_cleartext = decryptLoginEntry($row['login_username']);
+        $iv = randomString();
+        $username_ciphertext = openssl_encrypt($login_username_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
+        $item_encrypted_username = $iv . $username_ciphertext;
+
+        $login_password_cleartext = decryptLoginEntry($row['login_password']);
+        $iv = randomString();
+        $password_ciphertext = openssl_encrypt($login_password_cleartext, 'aes-128-cbc', $login_encryption_key, 0, $iv);
+        $item_encrypted_credential = $iv . $password_ciphertext;
    }

    // Insert entry into DB
-    $sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
+    $sql = mysqli_query($mysqli, "INSERT INTO shared_items SET item_active = '1', item_key = '$item_key', item_type = '$item_type', item_related_id = '$item_id', item_encrypted_username = '$item_encrypted_username', item_encrypted_credential = '$item_encrypted_credential', item_note = '$item_note', item_views = 0, item_view_limit = '$item_view_limit', item_created_at = NOW(), item_expire_at = '$item_expires', item_client_id = '$client_id'");
    $share_id = $mysqli->insert_id;

    // Return URL
--- a/database_updates.php
+++ b/database_updates.php
@ -796,20 +796,28 @@ if(LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION){
        // Update config.php var with new version var for use with docker
        file_put_contents("config.php", "\n\$installation_id = '$installation_id';" . PHP_EOL, FILE_APPEND);

-        
+
        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.6'");
    }

-    //if(CURRENT_DATABASE_VERSION == '0.3.6'){
-    // Insert queries here required to update to DB version 0.3.7
+    if(CURRENT_DATABASE_VERSION == '0.3.6'){
+        // Insert queries here required to update to DB version 0.3.7
+        mysqli_query($mysqli, "ALTER TABLE `shared_items` ADD `item_encrypted_username` VARCHAR(255) NULL DEFAULT NULL AFTER `item_related_id`");
+
+        // Then, update the database to the next sequential version
+        mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.7'");
+    }
+
+    //if(CURRENT_DATABASE_VERSION == '0.3.7'){
+    // Insert queries here required to update to DB version 0.3.8

    // Then, update the database to the next sequential version
-    // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.7'");
+    // mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '0.3.8'");
    //}



-        
+

 } else {
    // Up-to-date
--- a/database_version.php
+++ b/database_version.php
@ -5,4 +5,4 @@
 * It is used in conjunction with database_updates.php
 */

-DEFINE("LATEST_DATABASE_VERSION", "0.3.6");
+DEFINE("LATEST_DATABASE_VERSION", "0.3.7");
--- a/db.sql
+++ b/db.sql
@ -1098,6 +1098,7 @@ CREATE TABLE `shared_items` (
  `item_key` varchar(255) NOT NULL,
  `item_type` varchar(255) NOT NULL,
  `item_related_id` int(11) NOT NULL,
+  `item_encrypted_username` varchar(255) DEFAULT NULL,
  `item_encrypted_credential` varchar(255) DEFAULT NULL,
  `item_note` varchar(255) DEFAULT NULL,
  `item_views` int(11) NOT NULL,
--- a/guest_view_item.php
+++ b/guest_view_item.php
@ -111,10 +111,15 @@ if ($item_type == "Document") {

    $login_name = htmlentities($login_row['login_name']);
    $login_uri = htmlentities($login_row['login_uri']);
-    $login_username = htmlentities($login_row['login_username']);
-    $login_iv = substr($row['item_encrypted_credential'], 0, 16);
-    $login_ciphertext = substr($row['item_encrypted_credential'], 16);
-    $login_password = openssl_decrypt($login_ciphertext, 'aes-128-cbc', $encryption_key,0, $login_iv);
+
+    $username_iv = substr($row['item_encrypted_username'], 0, 16);
+    $username_ciphertext = substr($row['item_encrypted_username'], 16);
+    $login_username = openssl_decrypt($username_ciphertext, 'aes-128-cbc', $encryption_key,0, $username_iv);
+
+    $password_iv = substr($row['item_encrypted_credential'], 0, 16);
+    $password_ciphertext = substr($row['item_encrypted_credential'], 16);
+    $login_password = openssl_decrypt($password_ciphertext, 'aes-128-cbc', $encryption_key,0, $password_iv);
+
    $login_otp = $login_row['login_otp_secret'];
    $login_notes = htmlentities($login_row['login_note']);

@ -143,4 +148,4 @@ if ($item_type == "Document") {

 echo "<br><hr>";
 echo $config_app_name;
-include("guest_footer.php");
+include("guest_footer.php");
--- a/share_modal.php
+++ b/share_modal.php
@ -52,7 +52,7 @@ function generateShareLink() {
        <input type="hidden" name="item_type" id="share_item_type"  value="">
        <input type="hidden" name="item_ref_id" id="share_item_ref_id"  value="">
 	      <div class="modal-body bg-white">
-	        
+
          <label>Views / Expire <strong class="text-danger">*</strong></label>
          <div class="form-row">
            <div class="col-4">
@ -72,12 +72,12 @@ function generateShareLink() {
              </div>
            </div>
          </div>
-          
+
          <div class="form-group">
-            <textarea class="form-control" rows="4" name="note" id="share_note" placeholder="Client visible note" required></textarea>
+            <textarea class="form-control" rows="4" name="note" id="share_note" placeholder="Client visible note (required)" required></textarea>
          </div>
-	   
-	        <p><i>Note: Login passwords are shared "as is" and will not update</i></p>
+
+	        <p><i>Note: Logins are shared "as is" and will not update</i></p>

 	        <hr>

@ -93,4 +93,4 @@ function generateShareLink() {
 	    </form>
    </div>
  </div>
-</div>
+</div>