A unified logging approach for the backend is needed. The logs should be output to stdout/stderr and a file on disk for persistent logs.

Passing wrong types to the public functions of encryption.js will not result in interruptions. Noisy failing will have to be added to make sure we are using the assumed types in further operations.

• Frontend tests password safety
• Frontend can create secure password
• Backend tests if it can guess password
• 2-Factor authentication
• Browser Plugin to inject password into Websites

Subresource Integrity should be used to prove authenticity of the provided JavaScript files in the frontend. With this, malicious scripts to steal user data can be recognised by their wrong signature. Only our correct files would be usable.

A python implementation is needed to authenticate users of the API with JWTs. Should be put in 'auth' of 'app'.

Authentication should support:

• Login
• Logout
• Changing of password or email

API endpoints could be:

• /login
• /logout
• /user

This issue is bigger than expected. Sometimes reloading the page is neccessary to completely clear the fields, otherwise the login attempts fail with API errors about missing fields. This shows incomplete reading of inout fields in the frontend.

As a user, I want to be able to view my existing passwords in the frontend. For that, we need to integrate the PoC with the backend API with API calls. /api/v1/safe should be used to get user data. The received data needs to be decrypted (encryptionModule.importSafe() outputs an Array of JSON objects) and then displayed in a readable manner to the user after they logged in.

Is your feature request related to a problem? Please describe.
I can't use HTTP methods to interact with the API because CORS blocks all origins except localhost.

Describe the solution you'd like
We need a solution to change the CORS acceptance on deployment and for dev environments.

Describe alternatives you've considered
There are not alternatives as we need to deploy to a domain.

As a user, I want to be able to save my password because I always have a hard time remembering them. These have to be taken locally from the frontend. For that, we need to integrate the PoC with the backend API with API calls. /api/v1/safe should be used to save user data. The locally edited data needs to be encrypted (encryptionModule.exportSafe() takes an Array of JSON objects) and then sent to the backend.

As a user, I want to be able to register a new account in the frontend. For that, we need to integrate the PoC with the backend API with API calls. /api/v1/user/new should be used to create the user.

We need a React frontend with basic GUI for the app

As a user, I want to be able to log in to my account in the frontend. For that, we need to integrate the PoC with the backend API with API calls. /api/v1/token should be used to authenticate the user.

As a user, I want to be able to access my passwords on any of my devices (e.g. my smartwatch, microwave or any other device that can run Doom 3D). As of right now, any device with a screen smaller than FHD, the layout looks like crap and is hardly usable for the average user.

We need to fix this and make the layout adaptable to smaller screensizes.

If a user has forgotten their password, they should be able to reset it by deleting their account and creating. Since deleting an account requires JWT auth via the API, we need to add email verification to delete accounts without password access.

When the window width is between 1240px and 1440px the password field gets scuffed

Web frontend needs an encryption module in JS based on Bitwarden authentication and encryption flow. WebCrypto API and Mozilla DOM examples should be used for this.

Registering a new user logs in the user results in a successfu login. After the login, a TypeError from the EncryptionModule gets displayed unnecessarily.

Remove all console.log() calls from frontend code. The user should not be presented with debugging information in a release version.

Redundant functionality of /safe/delete and /user/delete should be unified. Rather than deleting the safe, we could just overwrite it automatically on POST /safe and only delete it on user deletion. This should be enough, but I am open to other suggestions.

Convert openapi.json from swagger to postman compatible format

The python backend should be able to interact with the DB (mongoDB)

Features needed:

• Add user
• Delete user
• Change user data
• Check Hashes for Login of user (works with authentication flow)
• Store relevant safe file name for user

Using DELETE to delete users with a string in the URL is not working from a browser, as the Browser defaults to a GET request. Changes in the backend necessary to handle this.

• verbose naming rules for saving files (Use hashed username)
• create a space for saving files (folder, create if not existing)
• Implement size restrictions for files (security) (?)
• Files should be replaceable
• Triggered on API call (POST/GET/DELETE) "/safe" (with headers) should interact with the local files
• verbose error messages for malformed requests

• User was deleted through swagger -> could not create user again ( Email already in use) but also couldn't log into this user

• #46

• #47

• #48

Mention these points in the documentation of the project:

• Usage of NoSQL
• Impossible OAuth2.0 integration

While using the current v0.0.2-beta release, the user can't save any entries as they do not get POSTed to the API. The necessary initReady var does not get set to true upon loading the dashboard.

Browser log output concerning the bug:

Variablen: testdata@testdata testpassword login.js:79:14
response token login.js:96:16
Importing Data... (initReady: false) dashboard.js:164:12
Imported Data (initReady: false) dashboard.js:166:12