sii / siptrackweb Goto Github PK

When viewing password key, show all the users connected to password key, for admins.

Request from users is to edit password category attributes.

Siptrackd and the client API has support for encrypted attributes but siptrackweb so far lacks a GUI for them.

More quick edit options for certain attributes on devices.

For example

• Warranty end
• Service tag or serial number

Only administrators should be able to connect password keys.

Modified to instead focus on changing passwords on password keys.

I need to be able to edit attributes on password categories, same way I can edit them on device categories.

This is part of an effort to make siptrack replace Keepass. Keepass has a lot of meta info that Siptrack has no place for, but attributes could be used for some of that meta data.

For example if you have different customers under their own password category, you can have info about that customer as attributes in their password category.

Documentation page is showing PHP/HTML code instead of web page.
http://siptrack.theoak.se/

Screenshot: http://prnt.sc/ai1yls

An advanced search function for attributes, so we can construct links like /search/?attribute=customername&value=FooBarInc to list any object with that attribute value.

This was reported to me from a co-worker who managed to trigger it in our internal Siptrack, so I have yet to test it fully but I'm pretty sure of the following.

When I implemented encrypted attributes I did not consider that there is a feature to change the password key of a password.

So most likely that feature is only updating the encrypted password and not the encrypted attributes of that password.

So when the update is made that node in Siptrack will crash with an exception that it cannot decode the encrypted attribute content.

For now, don't change password key on passwords with encrypted attributes.

I've been forced to delete the encrypted attribute directly from the DB to get rid of the error because getOID can't even fetch the object to run delete() on.

Textile 2.3 triggers an IndexError bug right now.

Needs to be resolved.

In the display password view important attributes are not being shown in the table of attributes.

While creating device name, the user interface should not allow the names with space in it.

At least 3 times now I've had users with the same issue. They're trying to connect a password key for another user. Which is common because you might not want to give out a password key password to other users just to connect it for them.

So they do this from the account Alice, connect the key to account Bob.

But since Alice does not have Bob's user password Alice can never complete the connection. All Alice can do is place a pending subkey in Bob's account. This is a siptrack specific feature.

So next time Bob logs in to Siptrack Bob gives his user password and with that user password is able to connect all the pending subkeys to his account.

The alternative is to have Bob give Alice his password. Or for Alice to give Bob the password for the password key she's trying to connect.

This needs to be made clear in the web gui because people are clearly not understanding the part with the pending subkeys.

.table-striped>tbody>tr:nth-of-type(odd) {
background-color: #f9f9f9;
}

This above part is added to the odd rows and breaks the stylesheet causing white rows instead of the expected color red.

Error seen here:

Similar issue discussed here:

swiss/styleguide#358

A common issue I've run into is that administrators cannot connect password keys to users.

It only works once the user logs in and connects it themselves. This is not a good solution as it requires handing out the password key password to the user. Or logging in as that user.

Will need to troubleshoot this when time is given.

global name 'parent' is not defined

Hello!

We have been running a quite old siptrack installation. We are now trying to upgrade in an isolated test environment, upgrade seems to work fine however non admins when they access the webinterface and have signed in successfully get greeted by the message:

Permission Denied
Action not permitted.

Attaching a screenshot.

They cant view anything but their user profile.

Users with admin role does not have this problem. Is there some place to set permissions on the view in siptrack?

Any help is much appreciated

Delete a password key that is still connected to a user and that users profile page will crash with an exception.

This is due to improper error handling, relatively easy to fix once I get the time.

A workaround is to delete the offending subkey through the API.

In [1]: myuser = st.getOID('1234')                    
In [4]: for subkey in myuser.listChildren(include=['sub key']):
   ...:     try:
   ...:         pw_key = subkey.password_key
   ...:     except:
   ...:         print('Deleting subkey {oid}'.format(oid=subkey.oid))
   ...:         subkey.delete()
   ...:     pp(pw_key)

A new node type for licenses.

This node type will most resemble a device, in that it needs to be able to be linked to other devices to show how many are using the license. Also in that it needs attributes with part numbers from the vendor.

Attributes named with spaces cannot be searched with the advanced search box.

I've already fixed and tested this and will commit soon, this issue is just for referencing in the commit.

The problem was simply that I didn't take into account that whoosh replaces spaces with underlines and makes all characters lower case when indexing.

Need to implement some sort of 2FA, perhaps using django-otp that I've already tested but not fully finished.

Option to create counters with alphabetical characters like aaa, aab and so forth.

Deleting a password key while it's connected to any user will make siptrackweb unable to display that users page.

1. Create password key.
2. Connect password key to user.
3. Delete password key.
4. Display user page.

Expected results: User info page.
Actual results: Exception error page.

Workaround, disassociate the password key from the user through the API.

If a device with class active directory is linked to a server then it would be good if the passwords from the active directory is shown on the server. Also open for other solutions :)

It's already possible to associate devices with password categories or passwords using the Siptrack client API.

But it should also be possible to do using the web GUI.

Here is how it's done in the API using this repl script.

device1 = st.getOID('1771701')
category1 = st.getOID('1785430')
device1.associate(category1)

While following https://github.com/sii/siptrackweb/wiki/Install-personal-dev-environment I ran into NameError: name 'patterns' is not defined when running python manage.py migrate. According to stackoverflow this can be fixed by replacing

from django.conf.urls import url, include

with

from django.conf.urls import url, include, patterns

which got me past that issue, but then I see

/var/venv/siptrack/lib/python2.7/site-packages/siptrackweb/urls.py:253: RemovedInDjango110Warning: django.conf.urls.patterns() is deprecated and will be removed in Django 1.10. Update your urlpatterns to be a list of django.conf.urls.url() instances instead.
  (r'^prototype.js$', 'root.prototypejs'),

Should the instructions be updated to avoid this deprecation?

Per a comment in a reddit thread, you're missing a requirements.txt for any extra Python dependencies.