search

pglombardo / PasswordPusher

🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.
https://docs.pwpush.com
Apache License 2.0
1.94k stars 341 forks source link

Just password generation for internal users and login for external users #2159

Closed riahc3 closed 3 months ago

riahc3 commented 3 months ago

Checklist

❓ Question

I've been asked by our network team the following:

Is it possible that when accessing the page internally https://pwpass.company.com , no login is asked and passwords can be generated BUT when accessing the page external, credentials are required?

The reason I configured a login is to avoid random people accessing https://pwpass.company.com and generating/storing passwords....I only wanted to allow our company. That's why I made registration mandatory AND only to our domain.

But on the other hand, I do understand that generating passwords, by having to login each time, etc. is a bit of a troublesome process for support.

pglombardo commented 3 months ago

This unfortunately isn't currently possible. Requiring logins is more than an conditional on/off switch - it is sprinkled throughout the code in sensitive areas. e.g. places like the about page doesn't require a login ever.

I might be able to add IP based configurability eventually but it doesn't exist today.

There are a couple options that can (at a minimum) help out hopefully:

  1. You can use the Admin Dashboard to manage users
  2. The allow_anonymous setting to require logins to push passwords. (I think you already have this set from your description)
riahc3 commented 3 months ago

Maybe I didnt explain correctly and you are giving me the solution :)

Lets say my internal networks are

192.168.1.x 172.16.1.x 10.10.10.x

My objetive would be:

If I access from there, I get no logon and I can create a password and its link so a client can access it.

But If I access from elsewhere, I have to register, login and then I can create a password and its link so a client can access it.

Now,if someone tries to access the /en/p/r/fwuifhueiwfhwi part (the link to the password, off the top of my head, I can remember the EXACT path), that is ALWAYS allowed.

Sorry if it wasnt clear

riahc3 commented 3 months ago

Solved this. Im gonna open a seperate issue though...