mitro-co / mitro Goto Github PK
View Code? Open in Web Editor NEWRepository for all Mitro client & server code
License: GNU General Public License v3.0
Repository for all Mitro client & server code
License: GNU General Public License v3.0
The extensions already have a "hidden preference" for this. The iOS and Android apps need an option, and it needs to be visible to users in some way. This will make it far easier to run your own server.
the server-side icon map should be integrated into the browser extension.
Please add support to the Android app for adding and editing passwords
Cheers
Justin
Could you make app with Offline First Design?
Could you open Android App and place source code on GitHub?
...the style guide is indeed publicly available. Please see the following webpage: https://google-styleguide.googlecode.com/svn/trunk/javaguide.html
Currently, mitro uploads the private key in order to share it with clients using the same account. This obviously creates some convenience, but also some security "issues":
With a new option to not upload the private key, but instead having a key pair on each client, these concerns would be gone and the sole attack vector remaining would be the client (and the hosting machine itself). Additionally, I could control which secrets are available where (see 3)).
I'm more then happy for feedback on whether or not this actually a good idea.
Deletion of Multiple secrets
Current Process:
Load Mitro.co website,
for each secret;
load "manage secret" page
click delete secret
Proposed Process:
Load Mitro.co website
select each secret required for deletion
click delete button
On https://sandbox.authorize.net/ using Chrome 36.0.1985.143 on OSX, I can manually log in but Mitro will fail to ask me to remember the password.
I then added a new secret for this site, but when I go there Mitro fails to show the login bar.
If I select the secret from the Mitro extension and tell it to log in, a new tab opens to the site but no credentials are entered in the form.
Currently all secrets are stored in a single list.
Please add support for categorisation/folders.
As you type a really strong password, the strength indicator goes up to "strong" and then bounces back down to "weak" again.
Seems like it should either stick at "strong", or bounce back to "super strong", "insanely strong", etc.
When hovering over "backlinks" on the website 4chan with both 4chan X and Mitro extensions installed in Chrome, the page very often freezes for several seconds.
I simple fix would be to have a blacklist over sites, which Mitro shouldn't load on.
Needs a preference to turn off the automatic and incessant asking in the UI to save the password you just used. It is convenient for a while, but sometimes, you just want it off.
Upon installing the addon for the first time and clicking on the toolbar icon, I got this console error:
console.error: mitro-login-manager:
Message: TypeError: document.getElementById(...) is null
Stack:
updateLoginState/</</</<@resource://gre/modules/addons/XPIProvider.jsm -> jar:file:///home/yan/.mozilla/firefox/PROFILE/extensions/[email protected]!/bootstrap.js -> resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/commonjs/sdk/loader/sandbox.js -> resource://mitro-login-manager-at-jetpack/mitro-login-manager/data/js/popup.js:4:307
Client.prototype.setMethod/this[a]</<@resource://gre/modules/addons/XPIProvider.jsm -> jar:file:///home/yan/.mozilla/firefox/PROFILE/extensions/[email protected]!/bootstrap.js -> resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/commonjs/sdk/loader/sandbox.js -> resource://mitro-login-manager-at-jetpack/mitro-login-manager/data/js/client.js:13:299
Client/this.processIncoming@resource://gre/modules/addons/XPIProvider.jsm -> jar:file:///home/yan/.mozilla/firefox/PROFILE/extensions/[email protected]!/bootstrap.js -> resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/commonjs/sdk/loader/sandbox.js -> resource://mitro-login-manager-at-jetpack/mitro-login-manager/data/js/client.js:2:226
ExtensionHelper/this.bindClient/<@resource://gre/modules/addons/XPIProvider.jsm -> jar:file:///home/yan/.mozilla/firefox/PROFILE/extensions/[email protected]!/bootstrap.js -> resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/commonjs/sdk/loader/sandbox.js -> resource://mitro-login-manager-at-jetpack/mitro-login-manager/data/js/helpers.js:7:411
onEvent@resource://gre/modules/addons/XPIProvider.jsm -> jar:file:///home/yan/.mozilla/firefox/PROFILE/extensions/[email protected]!/bootstrap.js -> resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/commonjs/sdk/loader/sandbox.js -> resource://gre/modules/commonjs/sdk/content/content-worker.js:45:9
onChromeEvent@resource://gre/modules/addons/XPIProvider.jsm -> jar:file:///home/yan/.mozilla/firefox/PROFILE/extensions/[email protected]!/bootstrap.js -> resource://gre/modules/commonjs/toolkit/loader.js -> resource://gre/modules/commonjs/sdk/loader/sandbox.js -> resource://gre/modules/commonjs/sdk/content/content-worker.js:96:9
This is used to send emails to verify email addresses, and is currently in an old private repository.
> yan@snowbunny:~/Documents/efforg/mitro/browser-ext/login$ make
kzjs_srouces = ../api/build/node/lib/node_modules/keyczarjs/*.js
forge_srouces = ../api/build/node/lib/node_modules/keyczarjs/node_modules/node-forge/js/*.js
make: *** No rule to make target '/home/yan/Documents/efforg/mitro/browser-ext/login/build/chrome/release/', needed by '/home/yan/Documents/efforg/mitro/browser-ext/login/build/chrome/release/utils.js'. Stop.
Using Debian.
It works on Firefox 31, but we get some sort of exception on Firefox 32 and 33.
I know it seems counter intuitive, but I would like to be able to have some sites as filling the form only, and not logging in as well.
For some of my super-sensitive passwords I don't store them in a Password Manager, just the username and/or other details. In these cases, when Mitro fills the forms I get an error that the password must be filled in as well. It would be much better to not log in, and just fill in what's available (in some situations).
Mitro stopped working (hangs on login) with FireFox v32 on OSX. Can anybody confirm this?
(Chrome Extension)
Default is 8 characters. If I bump it up to 16 or change any advanced settings, it will forget those settings every time I go back to generate more passwords. Gets annoying to have to go through so many menus to generate a strong password every single time, I ended up having to install a separate generator extension just to avoid the aggravation.
I have a ton of passwords saved in my FF profile.
It would be nice if there was a way to import them.
Edit: the google saves
https://addons.mozilla.org/en-US/firefox/addon/password-exporter/
https://gist.github.com/ajstein/7810078
local file under dropbox
cloud support dropbox / google drive
p2p sync
NSJSONSerialization
first appeared in iOS5 and can be used to work with JSON. It's always better to have less code.
I can make a pull request if this change is acceptable.
git clone https://github.com/mitro-co/mitro
sudo yum install nodejs.x86_64; yum install postgresql.x86_64; yum install postgresql-server; yum install postgresql-contrib
Install java sdk from website as described in mitro-core/README.md
use the jdk-7u67-linux-x64.rpm
sudo rpm -Uvh jdk-7u67-linux-x64.rpm
sudo yum install npm.noarch
Remember to
export NODE_PATH=/<path-to-mitro>/mitro/browser-ext/api/build/node/lib/node_modules
in your .bashrc or .profile
Run sysctl commands as per mitro-core/README
, if you want to run multiple postgres instances
Run build.sh
as per mitro-core/README
and then the other commands to set up a postgresql db.
If you get an error with:
psql -c 'create database mitro;'
like >>> FATAL: database "<user_name> does not exist'
then run
createdb <user_name> -U <user_name>
followed bypsql -c 'create database mitro;'
again
Once that is finished, then build the db:
postgres -d build/postgres
(you may want an & after that to make it run in the background as this process won't return)
And the run the server:
ant server
in the mitro-core directory. Things should be ready to go (you might also want an & here to run in the background)
If you have a problem with 'ant server' indicating 'invalid source release' then you need to install java-1.7.0-openjdk.x86_64 and java-1.7.0-openjdk-devel.x86_64 via yum because the rpm didn't install properly earlier
Test
Connect to: https://localhost:8443/mitro-core/api/BuildMetadata with a browser and you should see
"commit: ... some commit hash
describe: fatal: No names found, cannot describe anything.
build time: ... some date"
Now build the extension and run tests:
cd browser-ext/api
./build.sh
cd js/cli
./runtests.sh FAST && echo "SUCCESS"
Build the 'safari/firefox/chrome'-debug extension in browser-ext/login with 'make safari-debug' (or firefox/chrome)
If you run into problems with 'nopt' not being found then you need to
npm install -g nopt
If that still doesn't work then you can run
npm install nopt
in the browser-ext/third_party/hogan.js/bin directory
If you don't have a safari extension developer certificate then you will need to sign up for one
Turn on Safari Developer Tools under 'Safari->Preferences'
Under 'Develop' in the tool bar you choose 'Show Extension Builder'
Click on the little '+' to add the safari-debug extension
Navigate to browser-ext/login/build/safari/ and choose the debug.safariextension directory
Click 'install' and the extension should be ready to use
Follow the regular "Sign Up" workflow to add a new user to the postgres db
This application is vulnerable to clipboard hijacking when using clipboard for copying http://fc13.ifca.ai/proc/4-2.pdf
The README in mitro-core states:
Generally follow the Java coding guidelines (since Google's Java style guide is not publicly available)
Google's Java style guide is available here: http://google-styleguide.googlecode.com/svn/trunk/javaguide.html
We could add a feature which shows a notification/message that suggest the user to change the password. Example: it can happen after one year.
hi
i have followed installation instruction on: https://github.com/mitro-co/mitro/tree/master/mitro-core
everything seems fine until i wanted to connect via browser to https://:8443/mitro-core/
i am getting a 404:
[21/Aug/2014:07:36:47 +0000] "GET /mitro-core/ HTTP/1.1" 404 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0
Error Page says:
HTTP ERROR: 404
Problem accessing /mitro-core/. Reason:
Not Found
Powered by Jetty://
i am not sure how to investigate this.
hope you can help me out.
thx, argonius
It would be nice if the browser extensions have a few more option around auto-logout. Things I would fine useful are:
I also feel the sign-out option shouldn't be hidden in the settings pane. An icon right next to the settings icon would be nice.
The licence file should be called LICENSE, not LICENCE
When a user has many secrets it becomes hard to manage them in the extension (limited viewing area). It would be nice if we could group secrets into teams with a similar drop down fashion like the details are shown for secrets.
With Mitro enabled, utilizing WordPress's menu editing system becomes nigh impossible.
When dragging menu items to order them, the entire browser tab freezes for several seconds.
Recording this behavior with Chrome's Timeline profiler revealed the pause was due to something in this file: https://github.com/mitro-co/mitro/blob/master/browser-ext/login/common/content.js
Chrome said it's line 22, but this is in the minifed JS, not the above development file.
I'm not sure what's causing this, but I assume it has something to do with WordPress's menu editor being a drag-drop UI within a form that constantly CREDs form elements. Maybe it causes Mitro to scan the form in a way that causes the freeeze?
https://github.com/mitro-co/mitro/blob/master/browser-ext/login/chrome/helpers.js#L27
Uncaught TypeError: Cannot read property '2' of null
With user agent emulation: "Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X; en-us) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53"
./build.sh in mitro/browser-ext/api fails with the following: gyp: Call to 'node -e "require('nan')"' returned exit status 1. while trying to load binding.gyp
ubuntu 14.04 LTS, all the latest stuff. any hints are greatly appreciated.
[exec] Result: 128
[propertyfile] Updating property file: /home/jordan/smallscripts/mitro/mitro-core/build/java/src/build.properties
[exec] /home/jordan/smallscripts/mitro/mitro-core/java/server/lib/commons-codec-1.8.jar
[exec] /tmp/tmpIib5AU
[exec] Traceback (most recent call last):
[exec] File "tools/jarpackager.py", line 108, in
[exec] main()
[exec] File "tools/jarpackager.py", line 91, in main
[exec] unpack_jar(path, tempdir)
[exec] File "tools/jarpackager.py", line 29, in unpack_jar
[exec] process = subprocess.Popen(args)
[exec] File "/usr/lib/python2.7/subprocess.py", line 679, in init
[exec] errread, errwrite)
[exec] File "/usr/lib/python2.7/subprocess.py", line 1259, in _execute_child
[exec] raise child_exception
[exec] OSError: [Errno 2] No such file or directory
[exec] Result: 1
[echo] Built build/mitrocore.jar
server:
[java] Error: Unable to access jarfile /home/jordan/smallscripts/mitro/mitro-core/build/mitrocore.jar
[java] Java Result: 1
Something is up with the compile.
I tried to import my KeePass 2.0 XML exported database, and there was some error halfway through that caused every entry to have a duplicate, so now I'm stuck with a few hundred entries that I want to mass delete. It takes 3 clicks per entry to remove an entry, and you can only do one at a time. No way am I going to click over and over just to reset my Mitro database.
I just discovered what looks like a missing '$' or something like this in your mail system. The error is seems only visible when you view the mail in a text only mail client like mutt. I got the following mail:
From: Mitro [email protected]
To: XXXXXXXXX
Date: Thu, 31 Jul 2014 17:26:25 +0000
Subject: Congratulations on saving your first secret!
Hi {firstname},
Congratulations on adding your first secret to Mitro!
Did you know you can even access it on your phone?
Get our free mobile app today:
Android: https://play.google.com/store/apps/details?id=co.mitro.mitro
iPhone: https://itunes.apple.com/ms/app/mitro-password-manager/id726427383
-The Mitro team
Mitro is the easiest way to share access to your accounts securely.
Tweet us at @MitroCo
I found that the extension in Firefox on Windows does look completely wrong. It shows the "Detail" page instead of the "PopUp" Page for the Plugin.
I saw this first as I was using Mitro on my Firefox in Bootcamp and got this confirmed by a windows user.
Hey thought it is not so nice but did not perceive it as error until I asked him to install it in Google Chrome. After experiencing how it works in Google Chrome it was clear to him that there is a bug with the Firefox Extension in Firefox 31 on Windows 7 (at least).
Hello and 1st off: Thank you for releasing this code under GPL :-)
I'd very much like to try it out in a similar way than old Mozilla Sync engine. There is a seamlessly working (albeit incomplete) ownCloud app for that. Please consider offering such a way to easily self-host the Mitro server.
It would be nice to be able to lock the mobile app with a short PIN / Schema / Whatever.
This could be done securely by encrypting the saved password with that PIN. A number of failed tries would wipe that saved password, and the user would have to enter the main password again.
My company currently use Yubikey with Lastpass for all access and it have been working great!
It would be very nice if this could be added to Mitro as well.
i've followed the installation instruction on actual ubuntu 14.04 server, but when running the test
i've got the Error:
Unable to access jarfile build/mitrocore.jar
and i can not find this file anywhere?
here is the complete test process:
http://pastebin.com/BbFeq2Kc
friendly regards,
argonius
npm ERR! git clone ssh://[email protected]/mitro-co/keyczarjs.git Cloning into bare repository '/root/.npm/_git-remotes/ssh-git-github-com-mitro-co-keyczarjs-git-90545a9d'...
npm ERR! git clone ssh://[email protected]/mitro-co/keyczarjs.git Warning: Permanently added 'github.com,192.30.252.129' (RSA) to the list of known hosts.
npm ERR! git clone ssh://[email protected]/mitro-co/keyczarjs.git Permission denied (publickey).
npm ERR! git clone ssh://[email protected]/mitro-co/keyczarjs.git fatal: Could not read from remote repository.
npm ERR! git clone ssh://[email protected]/mitro-co/keyczarjs.git
npm ERR! git clone ssh://[email protected]/mitro-co/keyczarjs.git Please make sure you have the correct access rights
npm ERR! git clone ssh://[email protected]/mitro-co/keyczarjs.git and the repository exists.
npm ERR! Error: Command failed: Cloning into bare repository '/root/.npm/_git-remotes/ssh-git-github-com-mitro-co-keyczarjs-git-90545a9d'...
npm ERR! Warning: Permanently added 'github.com,192.30.252.129' (RSA) to the list of known hosts.
npm ERR! Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.
npm ERR!
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.