Skip to content

Commit 1470406

Browse files
authored
Merge pull request #3 from AgustinSRG/v2
Merge version 2 changes into master branch
2 parents be90314 + 987268e commit 1470406

File tree

8 files changed

+999
-37
lines changed

8 files changed

+999
-37
lines changed

content/en/docs/Console Client/manual.md

Lines changed: 174 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ pmv-cli [OPTIONS] <COMMAND>
3232
| [invites](#command-invites) | Manages invites |
3333
| [batch](#command-batch) | Applies a batch operation to a list of media assets |
3434
| [get-server-information](#command-get-server-information) | Gets server information, like the version it is using |
35+
| [get-disk-usage](#command-get-disk-usage) | Gets server disk usage |
3536

3637
<ins>**Options:**</ins>
3738

@@ -60,6 +61,7 @@ pmv-cli login [OPTIONS]
6061
| `-U, --username <USERNAME>` | Vault username. You can also specify the credentials in the URL |
6162
| `-D, --duration <DURATION>` | Session duration. Can be: day, week, month or year |
6263
| `-I, --invite-code <INVITE_CODE>` | Invite code. Setting this option will ignore the credentials and use the code |
64+
| `-T, --tfa-code <TFA_CODE>` | Two factor authentication code |
6365
| `-h, --help` | Print help |
6466

6567
## Command: logout
@@ -95,7 +97,12 @@ pmv-cli account <COMMAND>
9597
| [context](#command-account-context) | Prints account context to the standard output |
9698
| [change-username](#command-account-change-username) | Changes username (only for root account) |
9799
| [change-password](#command-account-change-password) | Changes account password |
98-
| [list](#command-account-list) | List accounts |
100+
| [get-security-settings](#command-account-get-security-settings) | Gets account security settings |
101+
| [set-auth-confirmation](#command-account-set-auth-confirmation) | Sets auth confirmation options |
102+
| [get-totp-settings](#command-account-get-totp-settings) | Gets TOTP settings in order to enable two factor authentication |
103+
| [enable-tfa](#command-account-enable-tfa) | Enables two factor authentication |
104+
| [disable-tfa](#command-account-disable-tfa) | Disables two factor authentication |
105+
| [list](#command-account-list) | Lists accounts |
99106
| [create](#command-account-create) | Creates new account |
100107
| [update](#command-account-update) | Updates an account |
101108
| [delete](#command-account-delete) | Deletes an existing account |
@@ -160,9 +167,112 @@ pmv-cli account change-password
160167
| --- | --- |
161168
| `-h, --help` | Print help |
162169

170+
### Command: account get-security-settings
171+
172+
Gets account security settings
173+
174+
<ins>**Usage:**</ins>
175+
176+
```
177+
pmv-cli account get-security-settings
178+
```
179+
180+
<ins>**Options:**</ins>
181+
182+
| Option | Description |
183+
| --- | --- |
184+
| `-h, --help` | Print help |
185+
186+
### Command: account set-auth-confirmation
187+
188+
Sets auth confirmation options
189+
190+
<ins>**Usage:**</ins>
191+
192+
```
193+
pmv-cli account set-auth-confirmation [OPTIONS] <AUTH_CONFIRMATION>
194+
```
195+
196+
<ins>**Arguments:**</ins>
197+
198+
| Argument | Description |
199+
| --- | --- |
200+
| `<AUTH_CONFIRMATION>` | Set to 'true' to enable auth confirmation, Set it to 'false' to disable it |
201+
202+
<ins>**Options:**</ins>
203+
204+
| Option | Description |
205+
| --- | --- |
206+
| `--prefer-password` | |
207+
| `Prefer using the account password instead of two factor authentication` | |
208+
| `--period-seconds <PERIOD_SECONDS>` | |
209+
| `Period (seconds) to remember the last auth confirmation` | |
210+
| `-h, --help` | |
211+
| `Print help` | |
212+
213+
### Command: account get-totp-settings
214+
215+
Gets TOTP settings in order to enable two factor authentication
216+
217+
<ins>**Usage:**</ins>
218+
219+
```
220+
pmv-cli account get-totp-settings [OPTIONS]
221+
```
222+
223+
<ins>**Options:**</ins>
224+
225+
| Option | Description |
226+
| --- | --- |
227+
| `--issuer <ISSUER>` | TOTP issuer (to be added th the URL) |
228+
| `--account <ACCOUNT>` | TOTP account (to be added th the URL) |
229+
| `--algorithm <ALGORITHM>` | Hashing algorithm (sha-1, sha-256 or sha-512) |
230+
| `--period <PERIOD>` | TOTP period (30s, 60s or 120s) |
231+
| `--allow-skew` | Allows clock skew of 1 period |
232+
| `-h, --help` | Print help |
233+
234+
### Command: account enable-tfa
235+
236+
Enables two factor authentication
237+
238+
<ins>**Usage:**</ins>
239+
240+
```
241+
pmv-cli account enable-tfa <METHOD> <SECRET>
242+
```
243+
244+
<ins>**Arguments:**</ins>
245+
246+
| Argument | Description |
247+
| --- | --- |
248+
| `<METHOD>` | Two factor authentication method (from the settings command result) |
249+
| `<SECRET>` | Two factor authentication secret |
250+
251+
<ins>**Options:**</ins>
252+
253+
| Option | Description |
254+
| --- | --- |
255+
| `-h, --help` | Print help |
256+
257+
### Command: account disable-tfa
258+
259+
Disables two factor authentication
260+
261+
<ins>**Usage:**</ins>
262+
263+
```
264+
pmv-cli account disable-tfa
265+
```
266+
267+
<ins>**Options:**</ins>
268+
269+
| Option | Description |
270+
| --- | --- |
271+
| `-h, --help` | Print help |
272+
163273
### Command: account list
164274

165-
List accounts
275+
Lists accounts
166276

167277
<ins>**Usage:**</ins>
168278

@@ -1473,6 +1583,8 @@ pmv-cli config <COMMAND>
14731583
| [set-max-tasks](#command-config-set-max-tasks) | Sets max tasks in parallel |
14741584
| [set-encoding-threads](#command-config-set-encoding-threads) | Sets number of encoding threads to use |
14751585
| [set-video-previews-interval](#command-config-set-video-previews-interval) | Sets the video previews interval in seconds |
1586+
| [set-max-invites](#command-config-set-max-invites) | Sets the max number of invited sessions by user |
1587+
| [set-preserve-originals](#command-config-set-preserve-originals) | Sets the option to preserve original files, before encoding, as an attachment |
14761588
| [set-css](#command-config-set-css) | Sets custom CSS for the vault |
14771589
| [clear-css](#command-config-clear-css) | Clears custom CSS for the vault |
14781590
| [add-video-resolution](#command-config-add-video-resolution) | Adds video resolution |
@@ -1606,6 +1718,50 @@ pmv-cli config set-video-previews-interval <INTERVAL_SECONDS>
16061718
| --- | --- |
16071719
| `-h, --help` | Print help |
16081720

1721+
### Command: config set-max-invites
1722+
1723+
Sets the max number of invited sessions by user
1724+
1725+
<ins>**Usage:**</ins>
1726+
1727+
```
1728+
pmv-cli config set-max-invites <INVITE_LIMIT>
1729+
```
1730+
1731+
<ins>**Arguments:**</ins>
1732+
1733+
| Argument | Description |
1734+
| --- | --- |
1735+
| `<INVITE_LIMIT>` | Max number of invited sessions by user |
1736+
1737+
<ins>**Options:**</ins>
1738+
1739+
| Option | Description |
1740+
| --- | --- |
1741+
| `-h, --help` | Print help |
1742+
1743+
### Command: config set-preserve-originals
1744+
1745+
Sets the option to preserve original files, before encoding, as an attachment
1746+
1747+
<ins>**Usage:**</ins>
1748+
1749+
```
1750+
pmv-cli config set-preserve-originals [PRESERVE_ORIGINALS]
1751+
```
1752+
1753+
<ins>**Arguments:**</ins>
1754+
1755+
| Argument | Description |
1756+
| --- | --- |
1757+
| `[PRESERVE_ORIGINALS]` | Preserve original media, before encoding, as an attachment? |
1758+
1759+
<ins>**Options:**</ins>
1760+
1761+
| Option | Description |
1762+
| --- | --- |
1763+
| `-h, --help` | Print help |
1764+
16091765
### Command: config set-css
16101766

16111767
Sets custom CSS for the vault
@@ -2100,3 +2256,19 @@ pmv-cli get-server-information
21002256
| Option | Description |
21012257
| --- | --- |
21022258
| `-h, --help` | Print help |
2259+
2260+
## Command: get-disk-usage
2261+
2262+
Gets server disk usage
2263+
2264+
<ins>**Usage:**</ins>
2265+
2266+
```
2267+
pmv-cli get-disk-usage
2268+
```
2269+
2270+
<ins>**Options:**</ins>
2271+
2272+
| Option | Description |
2273+
| --- | --- |
2274+
| `-h, --help` | Print help |

content/en/docs/Technical Documentation/storage-model.md

Lines changed: 29 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -305,26 +305,38 @@ The credentials file, named `credentials.json` is an [unencrypted JSON file](#un
305305

306306
The JSON file contains the following fields:
307307

308-
| Field name | Type | Description |
309-
| ------------- | -------------------- | -------------------------------------------- |
310-
| `user` | String | Username of the root account |
311-
| `pwhash` | String | Password hash. Base 64 encoded |
312-
| `salt` | String | Hashing salt. Base 64 encoded |
313-
| `enckey` | String | Encrypted key. Base 64 encoded |
314-
| `method` | String | Name of the hashing + encryption method used |
315-
| `fingerprint` | String | Vault fingerprint |
316-
| `accounts` | Array&lt;Account&gt; | Array of additional accounts |
308+
| Field name | Type | Description |
309+
| -------------------------- | -------------------------------- | ---------------------------------------------------------------------------------------------- |
310+
| `user` | String | Username of the root account |
311+
| `pwhash` | String | Password hash. Base 64 encoded |
312+
| `salt` | String | Hashing salt. Base 64 encoded |
313+
| `enckey` | String | Encrypted key. Base 64 encoded |
314+
| `method` | String | Name of the hashing + encryption method used |
315+
| `tfa` | Boolean | True if two factor authentication is enabled |
316+
| `tfa_method` | String | If two factor authentication is enabled, the method (eg: `totp:sha1:60:1`) |
317+
| `tfa_enckey` | String | Encrypted two factor authentication key. Base 64 encoded |
318+
| `auth_confirmation` | Boolean | True if the authentication confirmation is enabled |
319+
| `auth_confirmation_method` | String | Authentication confirmation method (`tfa` or `pw`) |
320+
| `auth_confirmation_period` | Number (32 bit unsigned integer) | Period (seconds) to prevent asking for authentication confirmation multiple consecutive times. |
321+
| `fingerprint` | String | Vault fingerprint |
322+
| `accounts` | Array&lt;Account&gt; | Array of additional accounts |
317323

318324
Each `Account` is an object with the following fields:
319325

320-
| Field name | Type | Description |
321-
| ---------- | ------- | ------------------------------------------------------ |
322-
| `user` | String | Account username |
323-
| `pwhash` | String | Password hash. Base 64 encoded |
324-
| `salt` | String | Hashing salt. Base 64 encoded |
325-
| `enckey` | String | Encrypted key. Base 64 encoded |
326-
| `method` | String | Name of the hashing + encryption method used |
327-
| `write` | Boolean | True if the account has permission to modify the vault |
326+
| Field name | Type | Description |
327+
| -------------------------- | -------------------------------- | ---------------------------------------------------------------------------------------------- |
328+
| `user` | String | Account username |
329+
| `pwhash` | String | Password hash. Base 64 encoded |
330+
| `salt` | String | Hashing salt. Base 64 encoded |
331+
| `enckey` | String | Encrypted key. Base 64 encoded |
332+
| `method` | String | Name of the hashing + encryption method used |
333+
| `tfa` | Boolean | True if two factor authentication is enabled |
334+
| `tfa_method` | String | If two factor authentication is enabled, the method (eg: `totp:sha1:60:1`) |
335+
| `tfa_enckey` | String | Encrypted two factor authentication key. Base 64 encoded |
336+
| `auth_confirmation` | Boolean | True if the authentication confirmation is enabled |
337+
| `auth_confirmation_method` | String | Authentication confirmation method (`tfa` or `pw`) |
338+
| `auth_confirmation_period` | Number (32 bit unsigned integer) | Period (seconds) to prevent asking for authentication confirmation multiple consecutive times. |
339+
| `write` | Boolean | True if the account has permission to modify the vault |
328340

329341
Currently, the following methods are implemented:
330342

content/en/docs/Tutorials/01-setting-up-everything.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -151,6 +151,17 @@ Is it recommended to use a password manager, and making a backup of your passwor
151151

152152
![Screenshot]({{< baseurl >}}images/en/change-password.jpg)
153153

154+
### Account security
155+
156+
Click in the **Account security** option in order to change the security settings of your account.
157+
158+
You can configure the following settings:
159+
160+
- Two factor authentication
161+
- Authentication confirmation (Require confirmation for certain dangerous operations). You can also set if you want to use your password, or a two factor authentication code. You can also configure a period to prevent asking for confirmation too often.
162+
163+
![Screenshot]({{< baseurl >}}images/en/account-security.jpg)
164+
154165
### Invite
155166

156167
Click in the **Invite** option in order to invite users or devices to access the vault.

content/en/docs/Tutorials/08-backups.md

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -34,18 +34,35 @@ In case the destination path is not empty, it will only copy the new files and u
3434
You can also use the backup tool from the terminal, running the `pmv-backup` binary:
3535

3636
```sh
37-
pmv-backup /path/to/vault /path/to/backup/folder
37+
pmv-backup backup /path/to/vault /path/to/backup/folder
3838
```
3939

4040
## Re-encrypting
4141

4242
In case you got the encryption key leaked, and it's no longer secure, you can make a backup re-encrypting everything with a brand new randomly generated encryption key.
4343

44-
In order to do that, use the `--re-encrypt` option:
44+
In order to do that, use the `re-encrypt` option:
4545

4646
```sh
47-
pmv-backup /path/to/vault /path/to/backup/folder --re-encrypt
47+
pmv-backup re-encrypt /path/to/vault /path/to/backup/folder
4848
```
4949

5050
Note: The re-encryption process may take a very long time. Make sure to always use a secure password in order to prevent data leaks in the first place.
5151

52+
## Key recovery
53+
54+
Since restoring backup can take a long time, you may want a method to recover access to your vaulty fast in case you lose access to your credentials.
55+
56+
You can use the `key-export` option of the backup tool in order to export the vault encryption key:
57+
58+
```sh
59+
pmv-backup key-export /path/to/vault
60+
```
61+
62+
Make sure to back it up in a secure and private place.
63+
64+
In case you lose access to your vault, and want to recover the key, you can use the `key-recover` option of the backup tool:
65+
66+
```sh
67+
pmv-backup key-recover /path/to/vault
68+
```

0 commit comments

Comments
 (0)