search

nilsteampassnet / TeamPass

Collaborative Passwords Manager
https://www.teampass.net
1.68k stars 545 forks source link

Folder ID does not exist when adding new item via API #2760

Closed johnakerlund closed 4 years ago

johnakerlund commented 4 years ago

Steps to reproduce

  1. Verify that folder id is correct via Invoke-RestMethod domain.teampass.url/api/index.php/read/folder/184?apikey=$apiKey This command returns items in folder 184.
  2. Try to add item: Invoke-RestMethod domain.teampass.url/api/index.php/add/item/test;password;Description;184;username;test@test.xyz;url.com;test;1?apikey=$apikey

Expected behaviour

Adds new item with specified properties

Actual behaviour

err: Folder ID does not exist

Server configuration

Operating system: Debian 10

Web server: Apache/2.4.38

Database: 10.3.22-MariaDB

PHP version: PHP Version 7.3.14-1

Teampass version: TeamPass 2.1.27.36

API-version: 2.1.5 Updated from an older Teampass or fresh install: Fresh install

Teampass configuration file:


'max_latest_items' => '10',
    'enable_favourites' => '1',
    'show_last_items' => '1',
    'enable_pf_feature' => '1',
    'log_connections' => '0',
    'log_accessed' => '1',
    'time_format' => 'H:i:s',
    'date_format' => 'Y-m-d',
    'duplicate_folder' => '1',
    'item_duplicate_in_same_folder' => '1',
    'duplicate_item' => '1',
    'number_of_used_pw' => '3',
    'manager_edit' => '1',
    'cpassman_dir' => '/var/www/teampass',
    'cpassman_url' => 'https://<teampass url>',
    'favicon' => 'https://<teampass url>/logo.png',
    'path_to_upload_folder' => '/var/www/teampass/upload',
    'url_to_upload_folder' => 'https://teampass.itsam.se/upload',
    'path_to_files_folder' => '/var/www/teampass/files',
    'url_to_files_folder' => 'https://<teampass url>/files',
    'activate_expiration' => '0',
    'pw_life_duration' => '0',
    'maintenance_mode' => '0',
    'enable_sts' => '0',
    'encryptClientServer' => '1',
    'cpassman_version' => '2.1.27',
    'ldap_mode' => '1',
    'ldap_type' => 'windows',
    'ldap_suffix' => '<@domain>',
    'ldap_domain_dn' => '<dn>',
    'ldap_domain_controler' => '<domain controller>',
    'ldap_user_attribute' => '0',
    'ldap_ssl' => '0',
    'ldap_tls' => '0',
    'ldap_elusers' => '0',
    'ldap_search_base' => '0',
    'ldap_port' => '389',
    'richtext' => '0',
    'allow_print' => '0',
    'roles_allowed_to_print' => '1',
    'show_description' => '1',
    'anyone_can_modify' => '0',
    'anyone_can_modify_bydefault' => '0',
    'nb_bad_authentication' => '0',
    'utf8_enabled' => '1',
    'restricted_to' => '0',
    'restricted_to_roles' => '0',
    'enable_send_email_on_user_login' => '0',
    'enable_user_can_create_folders' => '0',
    'insert_manual_entry_item_history' => '0',
    'enable_kb' => '0',
    'enable_email_notification_on_item_shown' => '0',
    'enable_email_notification_on_user_pw_change' => '0',
    'custom_logo' => 'https://<teampassurl>/logo.png',
    'custom_login_text' => 'Username',
    'default_language' => 'english',
    'send_stats' => '0',
    'send_statistics_items' => 'stat_country;',
    'send_stats_time' => '1580134456',
    'get_tp_info' => '1',
    'send_mail_on_user_login' => '0',
    'sending_emails' => '0',
    'nb_items_by_query' => 'auto',
    'enable_delete_after_consultation' => '0',
    'enable_personal_saltkey_cookie' => '0',
    'personal_saltkey_cookie_duration' => '31',
    'email_smtp_server' => '<mailserver>',
    'email_smtp_auth' => '0',
    'email_auth_username' => '',
    'email_auth_pwd' => '',
    'email_port' => '',
    'email_security' => '',
    'email_server_url' => '',
    'email_from' => 'teampass@<domain>',
    'email_from_name' => 'teampass mailbot',
    'pwd_maximum_length' => '40',
    'google_authentication' => '0',
    'delay_item_edition' => '0',
    'allow_import' => '1',
    'proxy_ip' => '',
    'proxy_port' => '',
    'upload_maxfilesize' => '10mb',
    'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',
    'upload_imagesext' => 'jpg,jpeg,gif,png',
    'upload_pkgext' => '7z,rar,tar,zip',
    'upload_otherext' => 'sql,xml',
    'upload_imageresize_options' => '1',
    'upload_imageresize_width' => '800',
    'upload_imageresize_height' => '600',
    'upload_imageresize_quality' => '90',
    'use_md5_password_as_salt' => '0',
    'ga_website_name' => 'TeamPass for ChangeMe',
    'api' => '1',
    'subfolder_rights_as_parent' => '0',
    'show_only_accessible_folders' => '1',
    'enable_suggestion' => '0',
    'otv_expiration_period' => '7',
    'default_session_expiration_time' => '60',
    'duo' => '0',
    'enable_server_password_change' => '0',
    'ldap_object_class' => '0',
    'bck_script_path' => '/var/www/teampass/backups',
    'bck_script_filename' => 'bck_teampass',
    'syslog_enable' => '0',
    'syslog_host' => 'localhost',
    'syslog_port' => '514',
    'manager_move_item' => '1',
    'create_item_without_password' => '0',
    'otv_is_enabled' => '0',
    'agses_authentication_enabled' => '0',
    'item_extra_fields' => '0',
    'saltkey_ante_2127' => 'none',
    'migration_to_2127' => 'done',
    'files_with_defuse' => 'done',
    'timezone' => 'Europe/Stockholm',
    'enable_attachment_encryption' => '1',
    'personal_saltkey_security_level' => '50',
    'ldap_new_user_is_administrated_by' => '3',
    'disable_show_forgot_pwd_link' => '0',
    'offline_key_level' => '0',
    'enable_http_request_login' => '0',
    'ldap_and_local_authentication' => '0',
    'secure_display_image' => '1',
    'upload_zero_byte_file' => '0',
    'upload_all_extensions_file' => '0',
    'bck_script_passkey' => '<key>',
    'admin_2fa_required' => '1',
    'copy_to_clipboard_small_icons' => '1',
    'ldap_allowed_usergroup' => '<group>',
    'ldap_new_user_role' => '1',
jjvcuyler commented 4 years ago

Did you encode each option between "add/item/" and "?apikey" with base64?

label="test"
password="password"
description="Description"
folderid="184"
login="username"
email="test@test.xyz"
url="url.com"
tags="test"
modify="1"

blabel=$(echo "$label" | base64 | tr '+/' '-_')
bpassword=$(echo "$password" | base64 | tr '+/' '-_')
bdescription=$(echo "$description" | base64 | tr '+/' '-_')
bfolderid=$(echo "$folderid" | base64 | tr '+/' '-_')
blogin=$(echo "$login" | base64 | tr '+/' '-_')
bemail=$(echo "$email" | base64 | tr '+/' '-_')
burl=$(echo "$url" | base64 | tr '+/' '-_')
btags=$(echo "$tags" | base64 | tr '+/' '-_')
bmodify=$(echo "$modify" | base64 | tr '+/' '-_')

domain.teampass.url/api/index.php/add/item/$blabel;$bpassword;$bdescription;$bfolderid;$blogin;$bemail;$burl;$btags;$bmodify?apikey=$apikey
johnakerlund commented 4 years ago

i had it encoded to base64, however the error occured since it was not encoded with utf-8 (probably some default powershell setting..) When using this short script for testing the item gets added. Thank you!

function convertto-base64($input){
 $encoding = [System.Text.Encoding]::GetEncoding(‘utf-8’)
    [byte[]]$Bytes = $encoding.GetBytes($input)
    $output =[Convert]::ToBase64String($Bytes)
    ($output).replace("+","-").replace("/","_")
}

$teampassurl = "teampass.url.se"
$apikey = "123456789"

$label = "Test user" |convertto-base64
$password = "password" |convertto-base64
$description = "description" |convertto-base64
$login = "username" |convertto-base64
$email = "mail@mail.com" |convertto-base64
$url = "www.domain.com" |convertto-base64
$tags ="tag" |convertto-base64
$folderID = "82" |convertto-base64
$anyone= "1" | convertto-base64

Invoke-RestMethod "$teampassurl/api/index.php/add/item/$label;$password;$description;$folderid;$login;$email;$url;$tags;$anyone""?apikey=$apikey"

This generates the string, which works

teampass.url.se/api/index.php/add/item/VGVzdCB1c2Vy;cGFzc3dvcmQ=;ZGVzY3JpcHRpb24=;ODI=;dXNlcm5hbWU=;bWFpbEBtYWlsLmNvbQ==;d3d3LmRvbWFpbi5jb20=;dGFn;MQ=="?apikey=123456789