[Feature Request] Make sysPass more streamlined for corporate usage

[RolfWojtech]

While I will probably not use syspass for our corporation, I wanted to give you some details for my reasoning combined with suggested changes.

New Account Creation:

• Make the user field optional (not every device has a username)
• Allow to set default Customer and Category (see my other feature request)
• Allow users to unhide the password field and to paste/write it once (no repeat).
• Do not set an arbitrary expiry date by default (why 3 months?) At least allow the admin to set one

Master Password:

• Not sure I fully understand why it is needed but this is a pain in the butt for corporate settings. Having to supply each user with their own Temporary Password is painful and somewhat undermines LDAP auto-user-creation functionality

Session Expiry:

• Do not hide the login dialog from the user when his session expires (?logout=1)
• Logout page will not automatically redirect to login page if user presses F5

Categories / Tags

• What is the point of having Categories (forced) when you also have tags?

[nuxsmin]

@RolfWojtech thanks for taking time to make those suggestions, they are welcome and I agree with you on every one.

Some of them are so because a lack of time in the app lifecycle, what means that I preferred to release a version which will be improved in next releases cycle. Last 2.1 version needed to be launched so fast because a CVE related to the encryption mechanism, so many features/improvements couldn't be implemented.

Regarding the master password, the main idea is not to store it anywhere in plain text, so it needs to be supplied by the users. I'm aware that it could be a hassle but it was thought with security in mind. As I discussed in a issue, I thinking on implementing an option to store the master password to get sysPass more SSO friendly, since SSO implementations don't send any suitable data to use as encryption key to lock/unlock the stored master password.

Regarding the categories point, you're right, they're senseless when using tags, but tags were added as of 2.0 version, and categories were previously being used, so they're there because legacy.

I really appreciate your feedback!

[vmario89]

Dear @RolfWojtech and @nuxsmin. I got same feature requests/agreements for many points,

because we like to use "Accounts" for a more general use so you could just call it a "ressource". Sometimes a user maybe just want to store a license key, a password without a user name and maybe also without category/customer (these items could be displayed as "not assigned items"). A default setting sounds also good!

by the way: when importing from KeePass there is an exploit: KeePass items do not require users, so i have many entries without user (just passwords or serials). imported items in sysPass do not have a user and this works to save. But creating a new account by hand fails because you have to set the user.

i also agree to pass on expiration date. it makes sense in theory but there are many problems in practice :-( expiration policies may could be forced by sysPass as an option in admin settings or something like that.

[vmario89]

ps: i think a "legacy" category is suited well in sysPass and should stay. My interpretation data representation as the following (forged by an example belonging to demo.syspass.org): Account name = "syspass demo" Customer = "cygnux.org" user= "demo" password = "syspass" URL = "http://demo.syspass.org/index.php" Tags: syspass, passwordmanager,pw-database, ... ...

just let me think in a bunch of synonyms:

account means something like an #email, #OS user, #website login, #serial number (e.g. product key), an #SSH user, #FTP user, ... (network procotols like FTP, SFTP, DAV, HTTP, SSH i would use in different URL custom fields) or in more general: #access, a #credential, #login, #source, #ressource, #title, #container, #dataset

customer means a #company, #client, #mandator - further maybe #source , #target, #origin or a more general thought as #owner, #hoster or #creator - this thinking also will generate a good mind mapping for user, because a given URL maps great to the #origin/#hoster

category means a #product, #project (a project may be a product!) or a #vendor, in more general a #containing folder or a #collection (of general things, which is also a #data group, but not a #user group). Maybe it would make sense to give possibilty to set categories to accounts the same dynamic way as you can set tags, or to tag the tags (sounds weird, but maybe give different types of taggings). In my opinion there's great difference between tags and categories:

tags means #synonym, #belonging word, #keyword, #key phrase, #similarity or in more general: a search phrase appendix, which generates a lifecycle because other accounts can use parts of the tag data source

i hope you can follow my thougts on how to structure mass data for corporations or intense private use (i got about 400 logins for myself. Just scale this up with some more people^^)

[Hickory420]

I have commented out lines 149-150 in inc/SP/Forms/AccountForm.class.php This allows me to create accounts (or "resources" as a better term, imo) without requiring to specify a username. This is useful for when you only need to enter licence keys in the password field.

May I also suggest a toggle for allowing the Custom Fields to be searchable? Just like you have a toggle for "Required" when creating a custom field. This is useful when someone would want to enter an Operating System field. Then you could search for something like "CentOS", or "2012"

This is a very decent application and has the potential to compete against some of the big boys in the Password Management industry. You just need to let more people help you code. If I was a PHP developer, I would help.

Thanks again!

[vmario89]

i noticed that if you do not provide an expiration date (NULL value), it gets displayed as 01.01.1970. Making the field blank should fit better. Maybe it's a bug?