Merge branch 'master' into fix_install

includes/core/load.js.php

@@ -2082,4 +2082,69 @@ function hashUserId(userId) {
         const hash = CryptoJS.SHA256(userId);
         return hash.toString(CryptoJS.enc.Hex).substring(0, 16);
     }
+
+    /**
+     * Get item password to show or copy it in clipboard.
+     * 
+     * @param {string} action - Log action (ex: at_password_shown).
+     * @param {string} id_type - 'item_key' or 'item_id'.
+     * @param {number|string} id_value - The item key or id.
+     * 
+     * @returns {string} - The item cleartext password if user has access.
+     */
+    function getItemPassword(action, id_type, id_value) {
+        let item_password = '';
+
+        // Get password from server
+        $.ajax({
+            type: "POST",
+            async: false,
+            url: 'sources/items.queries.php',
+            data: 'type=get_item_password&action=' + action + '&' + id_type +
+                  '=' + id_value + '&key=<?php echo $session->get('key'); ?>',
+            dataType: "",
+            success: function(data) {
+                //decrypt data
+                try {
+                    data = prepareExchangedData(data, "decode", "<?php echo $session->get('key'); ?>");
+                } catch (e) {
+                    // error
+                    toastr.remove();
+                    toastr.warning(
+                        '<?php echo $lang->get('no_item_to_display'); ?>'
+                    );
+                    return false;
+                }
+
+                // No access
+                if (data.password_error !== '') {
+                    toastr.remove();
+                    toastr.error(
+                        data.password_error,
+                        '<?php echo $lang->get('caution'); ?>', {
+                            timeOut: 5000,
+                            progressBar: true
+                        }
+                    );
+                    return false;
+                }
+
+                const password = simplePurifier(atob(data.password), false, false, false, false).utf8Decode();
+                if (password === '') {
+                    toastr.info(
+                        '<?php echo $lang->get('password_is_empty'); ?>',
+                        '', {
+                            timeOut: 2000,
+                            positionClass: 'toast-bottom-right',
+                            progressBar: true
+                        }
+                    );
+                }
+
+                item_password = password;
+            }
+        });
+
+        return item_password;
+    }
 </script>

includes/core/login.js.php

@@ -627,11 +627,7 @@ function launchIdentify(isDuo, redirect, psk, oauth2 = false) {
         //TODO : je pense que cela pourrait etre modifié pour ne pas faire de requete ajax ; on dispose des infos via `get_teampass_settings`
         $.post(
             'sources/identify.php', {
-                type: 'get2FAMethods',
-                login: $('#login').val(),
-                xhrFields: {
-                    withCredentials: true
-                }
+                type: 'get2FAMethods'
             },
             function(data) {
                 data = JSON.parse(data);

includes/language/bulgarian.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/catalan.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/chinese.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/czech.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/dutch.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/english.php

@@ -39,7 +39,6 @@
     'highlight_selected_tip' => 'When enabled, the selected item will be highlighted in the list.',
     'highlight_favorites' => 'Highlight favorites',
     'highlight_favorites_tip' => 'When enabled, the favorite items will be highlighted in the list.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'oauth2_need_user_old_password' => 'For the first SSO connection, please provide your previous password',
@@ -1183,6 +1182,10 @@
     'syslog_port' => 'Syslog port (default 514)',
     'error_bad_credentials' => 'Login credentials do not correspond!',
     'bruteforce_wait' => 'Too many failed attempts, your account is blocked until: ',
+    'bruteforce_unlock_at' => 'Account unlocked at (anti bruteforce): ',
+    'bruteforce_reset_account' => 'Reset anti bruteforce of user',
+    'bruteforce_reset_mail_subject' => 'TEAMPASS - Your account is disabled',
+    'bruteforce_reset_mail_body' => 'Hello #name#,<br/><br/>Your teampass account has been locked due to a large number of authentication failures.<br/><br/>You can unblock it by clicking on this link <a href="#reset_url#" target="_blank">#reset_url#</a><br/><br/>Automatic unlock: #unlock_at#',
     'settings_ldap_usergroup' => 'LDAP group to search',
     'settings_ldap_usergroup_tip' => 'Enter the LDAP group in the directory where allowed user logins are stored. Example: cn=sysadmins,ou=groups,dc=example,dc=com',
     'server_password_change_enable' => 'Enable changing password on distant server (using ssh connection)',

includes/language/estonian.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/french.php

@@ -881,6 +881,10 @@
     'syslog_port' => 'Port Syslog',
     'error_bad_credentials' => 'Informations de connexion erronées',
     'bruteforce_wait' => 'Trop de tentatives échouées, votre compte est bloqué jusqu'à : ',
+    'bruteforce_unlock_at' => 'Déblocage du compte (anti bruteforce) : ',
+    'bruteforce_reset_account' => 'Réinitialiser l'anti bruteforce de l'utilisateur',
+    'bruteforce_reset_mail_subject' => 'TEAMPASS - Votre compte est désactivé',
+    'bruteforce_reset_mail_body' => 'Bonjour #name#,<br/><br/>Votre compte teampass a été verouillé en raison d&apos;un grand nombre d&apos;échecs d&apos;authentification.<br/><br/>Vous pouvez le débloquer en cliquant sur ce lien <a href="#reset_url#" target="_blank">#reset_url#</a><br/><br/>Déblocage automatique : #unlock_at#',
     'settings_ldap_usergroup' => 'Groupe LDAP dans lequel faire la recherche',
     'settings_ldap_usergroup_tip' => 'Groupe LDAP dans lequel les utilisateurs doivent être membre pour pouvoir se connecter. Exemple : cn=sysadmins,ou=groups,dc=example,dc=com',
     'server_password_change_enable' => 'Activer le changement automatique du mot de passe du compte du serveur (en utilisant une connexion SSH)',
@@ -1189,7 +1193,6 @@
     'show_item_data_tip' => 'Permet d&apos;afficher des informations supplémentaires dans la liste des éléments (nom d&apos;utilisateur, e-mail et URL). Cela peut être utile pour avoir un aperçu rapide du contenu de l&apos;élément.',
     'items_page_split_view_mode' => 'Afficher le détail d&apos;un objet sur la page des objets',
     'replace_tenant_id' => 'Adapter l&apos;url tout en laissant {tenant-id}. Il sera remplacer lors de l&apos;appel.',
-    'user_exists_but_not_oauth2' => 'Vous devez vous authentifier avec votre compte Azure/Entra AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'Vous n&apos;êtes pas autoriser à vous authentifier à l&apos;application Teampass',
     'user_is_not_auth_with_oauth2' => 'Vous ne pouvez pas vous authentifier avec un compte Entra/Azure AD',
     'highlight_favorites' => 'Mettre en évidence les favoris',

includes/language/german.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Zeigt zusätzliche Informationen in der Eintragsliste an (Benutzername, E-Mail, URL). Dies erlaubt einen schnellen Überblick über den Inhalt der Einträge.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/greek.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/hungarian.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/italian.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/japanese.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/norwegian.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/polish.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/portuguese.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/portuguese_br.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/romanian.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',

includes/language/russian.php

@@ -1188,7 +1188,6 @@
     'show_item_data_tip' => 'Permits to display extra information in the items list (username, email and url). This could be useful to have a quick view of the item content.',
     'items_page_split_view_mode' => 'Show item details in page split view mode',
     'replace_tenant_id' => 'Adapt the URL but keep {tenant-id} as is. It will be replaced live by the tenant ID.',
-    'user_exists_but_not_oauth2' => 'User has to authenticate using Entra/Azure AD',
     'user_not_allowed_to_auth_to_teampass_app' => 'User is not allowed to authenticate with Teampass application',
     'user_is_not_auth_with_oauth2' => 'User should not authenticate with Entra/Azure AD',
     'highlight_favorites' => 'Highlight favorites',