-
-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Features] Update App btn & OTP enabled #54
Comments
If you use docker, you can just setup this container, will auto update for you https://github.com/containrrr/watchtower |
I'm a messy person because I've many of my apps and files in different places 🤪 So far I've only launched apps based on guides. I would like to keep the application up to date faster and easier. Github is new to me, but I'm making progress. I think I'll soon know how to manually update the app, but for now "update button" saves my ass :) @ZicPL "Auto Update" in the self-hosted version is good idea for newbies like I. In "application health" has version app info and that's fine. Ofc If there was an "update" button in the "app settings" that would be great. I would be grateful if you could edit the topic to include an OTP request -> I wouldn't have to create another issue. @zigazajc007 Could you give labels to this issue and define a roadmap for these features? |
@0xGingi I didn't reply but I missed the notification. I've Passky applications in a LAMP stack. LAMP, like Dockers, has its pros and cons - in this particular case I didn't want Docker. @MarkusDeland Here you go ;) |
Hello, The main goal of a Passky server is to use as little code as possible, including only the most important features. Therefore, it only uses four libraries. You should occasionally check if any of these libraries have received security updates and update them using Composer. Secondly, always keep your PHP version up-to-date. We chose PHP as our programming language to minimize the use of external libraries and rely on PHP's built-in functions. Thus, the security of a Passky server is closely tied to the security of PHP itself. The project is currently three years old, and I don't recall any security vulnerabilities that required immediate updates. However, I still recommend you occasionally check for new versions and updates. An "Update App" button would require code capable of replacing PHP files automatically. This could create a significant security vulnerability if exploited by bad actors. Sometimes, it is better not to include such features at all to completely avoid worst-case scenarios. Enabling the OTP feature through the Admin Panel would require PHP code that can edit the .env file or environment variables. This approach can introduce significant risks if exploited by bad actors. The safest and most secure method would be for users to manually enter the 2FA secret into the .env file. However, this method would make it much harder for users to set up. While I love making Passky more convenient for users, I still prioritize security over convenience. |
@zigazajc007 Every time someone can submit a request for a new feature in this app that will be impossible to maintain by a small number of developers. I didn't want that and I don't think my request is more important than others. I'm really grateful for Passky 😍 It wasn't just convenience that made me create an issue. I often ask myself if I'm paranoid about security, so I understand what You wrote - otherwise you wouldn't allow app in version: Shared Hosting / docker / etc. because most users here don't have a server with a fast connection and keep files in service providers who are a bigger risk (otherwise only You would host a server app). I could argue that requesting an "update version app" button:
You're a security expert (this app confirms that) and the final word is Yours (because maintaining this feature will take Your time). I and I guess other people (topic likes) didn't want to impose on You. Please consider this as a voice of Your users who will be grateful for fulfilling their requests. Thank You for understanding me. |
The "Update App" feature is very easy to implement and maintain, so there shouldn't be any issues here. If you own the server or VPS, I recommend disabling SSH on the external firewall and only enabling it when needed or using SSH keys. Updating your server should be as important as updating PHP or Passky. There is one strong argument for implementing this feature: if another person has access to the Admin Panel, it would be much safer to have an "Update App" button than to give them access to the server. You can expect these two features to be implemented in August. |
This is what you wrote (1st)
and that (2nd)
are inconsistent with each other. 1st or more precisely, "make it much harder for users to set up." you sacrifice security for easy configuration but in 2nd that safety is more important than comfort. 2fa and better TOTP can't be quantified in term safety for me because it's important on my mental well-being. Ofc maybe there are ways to make the process of adding a secret simpler and automated or well described 😃
I still lack the skills and experience to comment but what you wrote was a big surprise to me. The 1st thing after starting the Passky-Server application (when I was looking for 2fa/totp settings) was the lack of an update button.
Cool thanks. It was a very thoughtful discussion. Through the use of these arguments, I came to understand how seemingly simple things can be dangerous. |
To clarify the difference between application security and user security because they are both super important but quite distinct. Application Security:
In our example this would be how we decide to implement 2FA in Admin Panel. The most secure way would be for users to manually insert 2FA secret to .env file or set it as environment variable. Another option that we discussed is to have it similar as in Passky applications. Easiest way to enable it (on Admin Panel), but it would require the code to edit .env file or environment variables (potentially increases risk). Setting 2FA on Admin Panel would most likely be a one time process when deploying Passky Server. If we go with the first option (my recommendation), we could also add an option to enable or disable 2FA in installation script. User Security:
From a security perspective, allowing the application to edit the .env file / environment variables could increase the attack surface for bad actors. If they manage to edit other environment variables like the password and 2FA for Admin Panel, they could potentially bypass both security measures entirely. While 2FA would increase user security, depending on the implementation, it could be worse than not having 2FA at all. In this example, both options are secure and used by many applications, but one is simply more secure than the other. I'm sorry for any confusion in my previous message. I was specifically talking about application security. |
If any apology is necessary, it should come from me. I understand that my request may have led to a more vigorous exchange of ideas than intended. You're an amazing job. Thanks for the effort! The focus on simplicity and transparency in Your apps is particularly valuable, and I'm sure the security auditing community would agree. Can't wait for August to see the new features in action 🙏 I think I'll reinstall the application 😢
Could You describe what the role of the "installer.sh" file will be? Maybe it would be better to create another new file like reconfigure.sh? |
The installer.sh file is designed to create a .env file with the necessary configuration data you provide. This simplifies the setup process for users by automating the creation of this essential configuration file. However, to make the process even more user-friendly, I am considering developing a web-based .env file generator on the Passky website (passky.org). This tool would allow users to input all the required data through a web form, and then it would generate the content needed for the .env file.
Currently documentation for shared-hosting isn't as user-friendly as I would hope it to be. In this department quite a lot of changes should be made. If you have more suggestions on this, I'd love to hear them! |
Sounds great 👍 I'llrefer to your conversation with MarkusDeland (talk about OTP), where you wrote:
Brilliant idea "web-based .env file generator". I didn't think it could be done that way. If I could have a few comments/questions:
Sure, I've a few observations:
I hope my observations are useful in some way. |
Yes, the process should be the same as enabling 2FA in Passky Clients.
The Admin Panel only allows administrators to create, delete, and update licenses and accounts. The encryption and decryption of user data (stored passwords) occur on the client side, ensuring that administrators cannot decrypt user passwords. The most significant risk is that an administrator could delete your database or data. Therefore, it is crucial to keep encrypted backups of your account in multiple locations. Encrypting OTPs in the .env file would complicate the setup process for self-hosters, forcing them to use the web generator.
Yes, you can generate a new .env file using the web generator and replace the old one manually. You can also upload the existing .env file and edit it accordingly through the web generator.
There might have been a miscommunication. My plan is not to include the web generator for the .env file in the Passky Server itself, but rather on the https://passky.org website. Users installing Passky Server can choose to use the web generator, the default installation script, or manually edit the .env file. The source code of the web generator will be open and will not include any server-side code, meaning it will execute only on the client side. This allows users to verify the script before running it.
I will add this code to a try block and return -1 if it isn't supported by your shared hosting provider. Additionally, I will add an option to disable server stats and reports API endpoint completely via the .env file.
I will upload a separate .zip file for shared hosting for each released version. |
Thank You for Your reply -> It allowed me to better understand the direction You are heading in developing Your apps. Everything sounds amazing ;) Below I've referred to few issues that are still no clear for me or that I need clarification on.
|
The 2FA secret is a string of characters. The QR code is simply a convenient way to transfer the 2FA secret from the server to the user's 2FA authenticator, so the user doesn't need to manually enter the secret. If the server admin has access to your .env file, they could theoretically generate the same QR code since it is derived from the 2FA secret stored in that file. Additionally, the server admin could edit the .env file to change or disable 2FA for your Admin Panel.
Every time someone tries to sign in, the encrypted 2FA secret would need to be decrypted on the server to verify the provided 2FA code. Since the server needs access to the decrypted secret to perform this verification, encryption wouldn't add any additional security in this context.
The 6-digit TOTP (Time-based One-Time Password) can only be recreated by knowing the secret. This secret is randomly generated by the web-based installer and stored in the .env file. The installer also generates a QR code from this secret, allowing the user to easily add it to their 2FA authenticator application (such as Aegis, Google Authenticator, etc.). If someone has access to the .env file, they could use the secret to recreate the TOTPs.
The website is deployed as a Cloudflare Page, meaning the code is distributed across thousands of servers worldwide. This setup ensures that if one location goes down, all traffic is seamlessly redirected to the nearest operational location, maintaining high availability and performance. Uptime can be tracked on https://status.passky.org |
True, nosy server admin is a rare and unusual case. Maybe another way would be to receive an e-Mail (shouldn't be in the .env file because it can be edited -> encryption in DB?) about an attempt to log in or log in (a local file e.g. .txt or DataBase record may be modified by admin). I think the best way would be to receive an e-Mail message with an activation link. Maybe It would solve the problem. I don't want to add a new feature, but it seems like a good solution. If You have time, one of the future versions (this year?) of the server app will have this feature ✌️ |
I've been working on a web-based .env file generator. It's meant to be simple and guide you through the setup. The generated .env file will only work with future Passky Server versions, but old .env files will still be compatible. If you have a moment, could you check it out at https://passky.org/configurator and share any feedback? Would love to know if there's anything I could improve. |
Apologies for the delayed response. Due to unforeseen personal circumstances, I was unable to respond earlier. Please find below my proposed solutions, which I believe will be beneficial. I would appreciate your expert feedback on these suggestions.
For me, 6. and 7. are important. |
@zigazajc007 |
The generator operates entirely on the client-side (JS). All data input stays on your device, meaning the .env file is generated, stored, and downloaded directly on your machine without any interaction with a server. Since the file never leaves the device and is kept offline, there’s no need to encrypt it in a .zip archive. I can still add an option to download it as encrypted .zip archive. |
Your proposal to make this feature optional seems to be the most appropriate. I hope it won't cause any significant delays in the planned release schedule |
@zigazajc007 I'm following Your progress with great interest and would love to know when the new version of your app will be available for testing. There's no urgency. If you find the time, I'd be thankful for your reply. I'm looking forward to your response :) |
Tauri 2.0 just came out, so we’ll be using it for both desktop and mobile apps. There are a lot of updates to roll out, but I plan to do it step by step (feature by feature) with plenty of testing—I’d really appreciate your help with that! Since I started my new job, I haven’t had as much time for personal projects. I’ll be unavailable on Saturday, but on Sunday, I’ll be working on rewriting the Docker image for Passky Server to use Alpine instead of Debian to reduce the image size. The front end also needs to be rewritten from JavaScript to TypeScript. The libraries Passky is currently using have already been rewritten in TypeScript and published to the JSR and NPM repositories. A full code rewrite would help us make the codebase cleaner and easier to maintain, as well as attract more contributors. Once the front end is updated, we can start replacing Electron with Tauri. This is my roadmap for now, before moving on to new features for Passky. |
@zigazajc007 Thanks for your answer. When you write about Tauri, you mean this: https://github.com/tauri-apps/tauri ?
People using docker will definitely appreciate this. In this topic we are talking about LAMP stack app.
This means that the server application will not be able to run in the LAMP stack?
Is it to be understood that the implementation of automatic updates and OTP support will be deferred indefinitely? This is a bit surprising because You already prepared the page to generate the .env file and You only needed to implement the automatic update.. Perhaps you could find some time next week to end features from this topic?" I'm somewhat concerned after contacting several FOSS editors to express my big enthusiasm for Your app and review its new features. There isn't Your fault for here (feel free), as my optimism occasionally overshadows my judgment. |
Yes, that is correct.
No, the server application can still run on a LAMP stack.
The current focus is on improving existing features and infrastructure. As a result, the implementation of new features, like automatic updates, will be delayed for the time being. Security-focused projects, such as password managers, require more time to introduce new features, as stability and security are top priorities. This is also one reason why password managers often struggle to maintain momentum. |
Impatience is often counterproductive. I recognize the paramount importance of refactoring the code for efficiency and optimization. It is widely known that any other people, apart from me, are also following this topic. While we would all appreciate the immediate implementation of these features, we understand the complexities and priorities involved. While we would all appreciate the immediate implementation of these features, we understand the complexities and priorities involved. Could you please provide an estimated timeline for the release of the new application version? Achieving this goal would be highly valued by people frome here. It would be nice of you to provide when we could expect the features from this topic (new version of the application). If you managed to meet the implementation deadline now, it would make us happy. The features seem basic to me, so I have high hopes. Do not treat this message as persuading you to reorganize your plans, but as a request not to postpone the implementation of the goals from this topic for a long time. |
Don't generate a downloadable file. Display the output on a web page to copy/create the .env yourself. Generating QR to TOTP could offer to enter the secret yourself (as an alternative: https://github.com/stefansundin/2fa-qr?tab=readme-ov-file) Work on features still ongoing? |
quelque chose de nouveau à ce sujet ? |
It's been over half a year and the feature still doesn't exist.. Huge delay. Why stop work ?I could change Keepass to Passky, TOTP is my minimum requirement. |
I’m currently working on a complete rewrite of Passky clients, including Android and iOS applications. Once the rewrite is complete, I will shift focus to implementing new features. Passky does support TOTP at the account level, but TOTP for the Admin Panel is not yet available. The Admin Panel is primarily used for administrative tasks such as:
It’s important to note that the most damage an unauthorized user with Admin Panel access could do is:
Since the Admin Panel is designed to be used rarely, I recommend generating a strong, 50+ character password for it. Optionally, you can store this password in Passky if you access the Admin Panel frequently. This approach should make unauthorized access highly improbable, reducing the immediate need for TOTP for the Admin Panel. |
What's wrong with Passky client? Unlike Passky server app, Client app have more and more options. In addition, the server app looks terribly archaic and has errors, e.g. number of passwords for any user account displayed in server app doesn't decrease when the user deletes pass in client app <- it only grows upwards. There is also no option to migrate the client database (user accounts) between passky server instances. _My reasons: A friend create infrastructure (e.g forum) for fans of a sports team and leave me in this mess with 3 person (where only I've IT skills but no diploma) because he didn't have time to deal with it. Other 3 people consider themselves as bigheads like a boss... All four of us have access to the settings of all apps (forum, yt, instagram, etc.). Someone lost our password (idiot) and I had a ton of spam.. Fortunately, no one from the forum gives out their real personal data. You know that all three of them used the pass saved in BROWSER!! I threatened them that either they would start using Keepass or I say goodbye to them. I liked your app for 2 reasons: I can use it on hosting (we don't have money for more expensive solutions because we don't earn) and I can see who logs in to the Passky server and when. TOTP that @ZicPL wrote about would protect me from another pass loss by these anti-geniuses. You wrote something about it that there will be a new version, that's why I didn't write about these errors etc. so sometimes I checked here if there is a new version. This is the 1st time I see person focusing more on client than on server (which is more unfinished). I'm not criticizing you and I'd like to use your app serwer in future, but now it doesn't make sense because I have shared pass access without TOTP. I only have a basic question: Will Passky Server get features (from here) in this year? |
@MarkusDeland, You know that it's Open-Source, which has advantages/disadvantages. It isn't @zigazajc007 's fault that our request has a lower priority or delay. I talked with Him and I agree with His plans. I appreciate His work because He has enough knowledge to develop such an advanced project. Popularity of this request surprised me. When feature will be done then this whole community will be grateful to Him (200 Github stars for project of this Passky server is proof). The advantage of Open-Source is "free" and self-care of security by people like I. This mean, people who don't want to use closed apps. The disadvantage is the cost (cash/time). My request will allow to make Passky server better (showcase of @zigazajc007), but this isn't easy to do. @MarkusDeland You wrote that You've IT skills. You could support this project (ask owner) or Ofc You can pay for faster implementation. You sugesst that discussion is too long. Ok, let me collect all goals and put them in the first post. It will be easier to navigate. Be patient :) |
I'm patient, but four-month deadline waiting is excessive. Failure to meet deadlines is bit disrespectful to the community. |
@zigazajc007 Maybe you can make a Christmas gift for users? ❤️ |
I'm also waiting. Does anyone know when this issue would be available? |
Exciting news! I’m on vacation from my regular job until January 6th, which means I’ll have plenty of time to focus on my personal projects. |
I think I can write this on behalf of everyone here. This is very nice news and we will be waiting for Your messages with great interest ✨ Ps. like as I wrote on Session, Merry Christmas and Happy New Year! |
I use shared hosting. The fact that I could run your server app is something amazing. Maintaining the current software version is one of the basics of security. It would be great to be able to do this in an easy way :) If I understand correctly, the current solution is to replace the files manually?
The text was updated successfully, but these errors were encountered: