search

nilsteampassnet / TeamPass

Collaborative Passwords Manager
https://www.teampass.net
1.63k stars 532 forks source link

Imported items : only password not accessible to other users #4226

Open lblantana opened 1 week ago

lblantana commented 1 week ago

For context: This is part of an attempted migration from Teampass2 to Teampass3 because inplace update breaks the systems and the export functions via the webinterface produce completely unusable output. We used the API to scrape the existing data from Teampass2, poured it into Keepass Files, exported those to XML, and imported those into Teampass3. No other way worked even partially. Then again this failed until we split the XMLs into multiple parts, as import fails after some obscure number of items and this way we can at least narrow down which items fail to import. But to the point...

Steps to reproduce

  1. Enable file import, assign permissions to parent folder
  2. Import Keepass XML file, import process completes without errors
  3. Verify that usernames, credentials, URLs, etc. are present
  4. Log out and log in as a different user that has the same role and write access to the same parent and child folders
  5. Items show up and usernames, URLs, etc. are available, but password fields appear empty. Showing the password in cleartext shows it as empty, and when trying to copy to clipboard it says in the popup message that the item has no password entered.

Expected behaviour

Other users than the one that imported them should see the passwords.

Actual behaviour

Only the user that imported the XML is able to see the passwords.

Server configuration

Operating system: Linux 00ab446d9dad 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64

Web server: nginx/1.24.0

Database: 10.11.6-MariaDB

PHP version: 8.2.7

Teampass version: 3.1.2

Teampass configuration file:

'max_latest_items' => '10',
'enable_favourites' => '1',
'show_last_items' => '1',
'enable_pf_feature' => '1',
'log_connections' => '1',
'log_accessed' => '1',
'time_format' => 'H:i:s',
'date_format' => 'd/m/Y',
'duplicate_folder' => '1',
'item_duplicate_in_same_folder' => '1',
'duplicate_item' => '1',
'number_of_used_pw' => '3',
'manager_edit' => '1',
'cpassman_dir' => '/var/www/html',
'cpassman_url' => 'https://<anonym_url>
'favicon' => 'https://<anonym_url>/favicon.ico',
'path_to_upload_folder' => '/var/www/html/upload',
'path_to_files_folder' => '/var/www/html/files',
'url_to_files_folder' => 'https://<anonym_url>/files',
'activate_expiration' => '0',
'pw_life_duration' => '0',
'maintenance_mode' => '0',
'enable_sts' => '0',
'encryptClientServer' => '1',
'teampass_version' => '3.1.2',
'ldap_mode' => '0',
'ldap_type' => '0',
'ldap_user_attribute' => '0',
'ldap_ssl' => '0',
'ldap_tls' => '0',
'ldap_port' => '389',
'richtext' => '0',
'allow_print' => '0',
'roles_allowed_to_print' => '0',
'show_description' => '1',
'anyone_can_modify' => '0',
'anyone_can_modify_bydefault' => '0',
'nb_bad_authentication' => '0',
'utf8_enabled' => '1',
'restricted_to' => '0',
'restricted_to_roles' => '0',
'enable_send_email_on_user_login' => '0',
'enable_user_can_create_folders' => '1',
'insert_manual_entry_item_history' => '0',
'enable_kb' => '0',
'enable_email_notification_on_item_shown' => '0',
'enable_email_notification_on_user_pw_change' => '0',
'custom_logo' => '',
'custom_login_text' => 'LANtana TeamPass v3 Produktivsystem',
'default_language' => 'english',
'send_stats' => '0',
'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;',
'send_stats_time' => '1716295860',
'get_tp_info' => '0',
'send_mail_on_user_login' => '0',
'sending_emails' => '0',
'nb_items_by_query' => 'auto',
'enable_delete_after_consultation' => '0',
'enable_personal_saltkey_cookie' => '0',
'personal_saltkey_cookie_duration' => '31',
'email_smtp_server' => '<removed>'
'email_smtp_auth' => '',
'email_auth_username' => '<removed>'
'email_auth_pwd' => '<removed>'
'email_port' => '',
'email_security' => '',
'email_server_url' => '',
'email_from' => '<removed>'
'email_from' => '<removed>'
'pwd_maximum_length' => '40',
'google_authentication' => '0',
'delay_item_edition' => '0',
'allow_import' => '1',
'proxy_ip' => '<removed>'
'proxy_port' => '',
'upload_maxfilesize' => '10mb',
'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',
'upload_imagesext' => 'jpg,jpeg,gif,png',
'upload_pkgext' => '7z,rar,tar,zip',
'upload_otherext' => 'sql,xml',
'upload_imageresize_options' => '1',
'upload_imageresize_width' => '800',
'upload_imageresize_height' => '600',
'upload_imageresize_quality' => '90',
'use_md5_password_as_salt' => '0',
'ga_website_name' => 'TeamPass for ChangeMe',
'api' => '0',
'subfolder_rights_as_parent' => '1',
'show_only_accessible_folders' => '1',
'enable_suggestion' => '0',
'otv_expiration_period' => '7',
'default_session_expiration_time' => '60',
'duo' => '0',
'enable_server_password_change' => '0',
'bck_script_path' => '/var/www/html/backups',
'bck_script_filename' => 'bck_teampass',
'syslog_enable' => '0',
'syslog_host' => '<removed>'
'syslog_port' => '514',
'manager_move_item' => '1',
'create_item_without_password' => '1',
'otv_is_enabled' => '0',
'agses_authentication_enabled' => '0',
'item_extra_fields' => '0',
'saltkey_ante_2127' => 'none',
'migration_to_2127' => 'done',
'files_with_defuse' => 'done',
'timezone' => 'Europe/Berlin',
'enable_attachment_encryption' => '1',
'personal_saltkey_security_level' => '50',
'ldap_new_user_is_administrated_by' => '0',
'disable_show_forgot_pwd_link' => '0',
'offline_key_level' => '0',
'enable_http_request_login' => '0',
'ldap_and_local_authentication' => '0',
'secure_display_image' => '1',
'upload_zero_byte_file' => '0',
'upload_all_extensions_file' => '0',
'bck_script_passkey' => '<removed>'
'admin_2fa_required' => '1',
'password_overview_delay' => '10',
'copy_to_clipboard_small_icons' => '1',
'duo_ikey' => '<removed>'
'duo_skey' => '<removed>'
'duo_host' => '<removed>'
'duo_failmode' => 'secure',
'roles_allowed_to_print_select' => '',
'clipboard_life_duration' => '0',
'mfa_for_roles' => '',
'tree_counters' => '0',
'settings_offline_mode' => '0',
'settings_tree_counters' => '0',
'enable_massive_move_delete' => '1',
'email_debug_level' => '0',
'ga_reset_by_user' => '',
'onthefly-backup-key' => '<removed>'
'onthefly-restore-key' => '<removed>'
'ldap_user_dn_attribute' => '',
'ldap_dn_additional_user_dn' => '',
'ldap_user_object_filter' => '',
'ldap_bdn' => '',
'ldap_hosts' => '<removed>'
'ldap_password' => '<removed>'
'ldap_username' => '',
'api_token_duration' => '60',
'last_folder_change' => '',
'enable_tasks_manager' => '1',
'task_maximum_run_time' => '300',
'tasks_manager_refreshing_period' => '20',
'maximum_number_of_items_to_treat' => '100',
'ldap_tls_certifacte_check' => 'LDAP_OPT_X_TLS_NEVER',
'enable_tasks_log' => '1',
'upgrade_timestamp' => '1718887860',
'enable_ad_users_with_ad_groups' => '0',
'enable_ad_user_auto_creation' => '0',
'ldap_guid_attibute' => 'objectguid',
'sending_emails_job_frequency' => '5',
'user_keys_job_frequency' => '1',
'items_statistics_job_frequency' => '10',
'users_personal_folder_task' => 'hourly;16:00',
'clean_orphan_objects_task' => 'daily;02:55',
'purge_temporary_files_task' => 'daily;03:55',
'rebuild_config_file' => '',
'reload_cache_table_task' => 'daily;04:55',
'maximum_session_expiration_time' => '480',
'items_ops_job_frequency' => '1',
'enable_refresh_task_last_execution' => '1',
'ldap_group_objectclasses_attibute' => 'top,groupofuniquenames',
'pwd_default_length' => '14',
'tasks_log_retention_delay' => '30',
'oauth2_enabled' => '0',
'oauth2_client_id' => '',
'oauth2_client_secret' => '',
'oauth2_client_endpoint' => '',
'oauth2_client_token' => '',
'oauth2_client_scopes' => 'openid,profile,email',
'oauth2_client_appname' => 'Login with Azure',

This is a fresh installation.