Merge pull request #3 from AgustinSRG/v2

Merge version 2 changes into master branch

Author: AgustinSRG

content/en/docs/Console Client/manual.md

@@ -32,6 +32,7 @@ pmv-cli [OPTIONS] <COMMAND>
 | [invites](#command-invites) | Manages invites |
 | [batch](#command-batch) | Applies a batch operation to a list of media assets |
 | [get-server-information](#command-get-server-information) | Gets server information, like the version it is using |
+| [get-disk-usage](#command-get-disk-usage) | Gets server disk usage |
 
 <ins>**Options:**</ins>
 
@@ -60,6 +61,7 @@ pmv-cli login [OPTIONS]
 | `-U, --username <USERNAME>` | Vault username. You can also specify the credentials in the URL |
 | `-D, --duration <DURATION>` | Session duration. Can be: day, week, month or year |
 | `-I, --invite-code <INVITE_CODE>` | Invite code. Setting this option will ignore the credentials and use the code |
+| `-T, --tfa-code <TFA_CODE>` | Two factor authentication code |
 | `-h, --help` | Print help |
 
 ## Command: logout
@@ -95,7 +97,12 @@ pmv-cli account <COMMAND>
 | [context](#command-account-context) | Prints account context to the standard output |
 | [change-username](#command-account-change-username) | Changes username (only for root account) |
 | [change-password](#command-account-change-password) | Changes account password |
-| [list](#command-account-list) | List accounts |
+| [get-security-settings](#command-account-get-security-settings) | Gets account security settings |
+| [set-auth-confirmation](#command-account-set-auth-confirmation) | Sets auth confirmation options |
+| [get-totp-settings](#command-account-get-totp-settings) | Gets TOTP settings in order to enable two factor authentication |
+| [enable-tfa](#command-account-enable-tfa) | Enables two factor authentication |
+| [disable-tfa](#command-account-disable-tfa) | Disables two factor authentication |
+| [list](#command-account-list) | Lists accounts |
 | [create](#command-account-create) | Creates new account |
 | [update](#command-account-update) | Updates an account |
 | [delete](#command-account-delete) | Deletes an existing account |
@@ -160,9 +167,112 @@ pmv-cli account change-password
 | --- | --- |
 | `-h, --help` | Print help |
 
+### Command: account get-security-settings
+
+Gets account security settings
+
+<ins>**Usage:**</ins>
+
+```
+pmv-cli account get-security-settings
+```
+
+<ins>**Options:**</ins>
+
+| Option | Description |
+| --- | --- |
+| `-h, --help` | Print help |
+
+### Command: account set-auth-confirmation
+
+Sets auth confirmation options
+
+<ins>**Usage:**</ins>
+
+```
+pmv-cli account set-auth-confirmation [OPTIONS] <AUTH_CONFIRMATION>
+```
+
+<ins>**Arguments:**</ins>
+
+| Argument | Description |
+| --- | --- |
+| `<AUTH_CONFIRMATION>` | Set to 'true' to enable auth confirmation, Set it to 'false' to disable it |
+
+<ins>**Options:**</ins>
+
+| Option | Description |
+| --- | --- |
+| `--prefer-password` |  |
+| `Prefer using the account password instead of two factor authentication` |  |
+| `--period-seconds <PERIOD_SECONDS>` |  |
+| `Period (seconds) to remember the last auth confirmation` |  |
+| `-h, --help` |  |
+| `Print help` |  |
+
+### Command: account get-totp-settings
+
+Gets TOTP settings in order to enable two factor authentication
+
+<ins>**Usage:**</ins>
+
+```
+pmv-cli account get-totp-settings [OPTIONS]
+```
+
+<ins>**Options:**</ins>
+
+| Option | Description |
+| --- | --- |
+| `--issuer <ISSUER>` | TOTP issuer (to be added th the URL) |
+| `--account <ACCOUNT>` | TOTP account (to be added th the URL) |
+| `--algorithm <ALGORITHM>` | Hashing algorithm (sha-1, sha-256 or sha-512) |
+| `--period <PERIOD>` | TOTP period (30s, 60s or 120s) |
+| `--allow-skew` | Allows clock skew of 1 period |
+| `-h, --help` | Print help |
+
+### Command: account enable-tfa
+
+Enables two factor authentication
+
+<ins>**Usage:**</ins>
+
+```
+pmv-cli account enable-tfa <METHOD> <SECRET>
+```
+
+<ins>**Arguments:**</ins>
+
+| Argument | Description |
+| --- | --- |
+| `<METHOD>` | Two factor authentication method (from the settings command result) |
+| `<SECRET>` | Two factor authentication secret |
+
+<ins>**Options:**</ins>
+
+| Option | Description |
+| --- | --- |
+| `-h, --help` | Print help |
+
+### Command: account disable-tfa
+
+Disables two factor authentication
+
+<ins>**Usage:**</ins>
+
+```
+pmv-cli account disable-tfa
+```
+
+<ins>**Options:**</ins>
+
+| Option | Description |
+| --- | --- |
+| `-h, --help` | Print help |
+
 ### Command: account list
 
-List accounts
+Lists accounts
 
 <ins>**Usage:**</ins>
 
@@ -1473,6 +1583,8 @@ pmv-cli config <COMMAND>
 | [set-max-tasks](#command-config-set-max-tasks) | Sets max tasks in parallel |
 | [set-encoding-threads](#command-config-set-encoding-threads) | Sets number of encoding threads to use |
 | [set-video-previews-interval](#command-config-set-video-previews-interval) | Sets the video previews interval in seconds |
+| [set-max-invites](#command-config-set-max-invites) | Sets the max number of invited sessions by user |
+| [set-preserve-originals](#command-config-set-preserve-originals) | Sets the option to preserve original files, before encoding, as an attachment |
 | [set-css](#command-config-set-css) | Sets custom CSS for the vault |
 | [clear-css](#command-config-clear-css) | Clears custom CSS for the vault |
 | [add-video-resolution](#command-config-add-video-resolution) | Adds video resolution |
@@ -1606,6 +1718,50 @@ pmv-cli config set-video-previews-interval <INTERVAL_SECONDS>
 | --- | --- |
 | `-h, --help` | Print help |
 
+### Command: config set-max-invites
+
+Sets the max number of invited sessions by user
+
+<ins>**Usage:**</ins>
+
+```
+pmv-cli config set-max-invites <INVITE_LIMIT>
+```
+
+<ins>**Arguments:**</ins>
+
+| Argument | Description |
+| --- | --- |
+| `<INVITE_LIMIT>` | Max number of invited sessions by user |
+
+<ins>**Options:**</ins>
+
+| Option | Description |
+| --- | --- |
+| `-h, --help` | Print help |
+
+### Command: config set-preserve-originals
+
+Sets the option to preserve original files, before encoding, as an attachment
+
+<ins>**Usage:**</ins>
+
+```
+pmv-cli config set-preserve-originals [PRESERVE_ORIGINALS]
+```
+
+<ins>**Arguments:**</ins>
+
+| Argument | Description |
+| --- | --- |
+| `[PRESERVE_ORIGINALS]` | Preserve original media, before encoding, as an attachment? |
+
+<ins>**Options:**</ins>
+
+| Option | Description |
+| --- | --- |
+| `-h, --help` | Print help |
+
 ### Command: config set-css
 
 Sets custom CSS for the vault
@@ -2100,3 +2256,19 @@ pmv-cli get-server-information
 | Option | Description |
 | --- | --- |
 | `-h, --help` | Print help |
+
+## Command: get-disk-usage
+
+Gets server disk usage
+
+<ins>**Usage:**</ins>
+
+```
+pmv-cli get-disk-usage
+```
+
+<ins>**Options:**</ins>
+
+| Option | Description |
+| --- | --- |
+| `-h, --help` | Print help |

content/en/docs/Technical Documentation/storage-model.md

@@ -305,26 +305,38 @@ The credentials file, named `credentials.json` is an [unencrypted JSON file](#un
 
 The JSON file contains the following fields:
 
-| Field name    | Type                 | Description                                  |
-| ------------- | -------------------- | -------------------------------------------- |
-| `user`        | String               | Username of the root account                 |
-| `pwhash`      | String               | Password hash. Base 64 encoded               |
-| `salt`        | String               | Hashing salt. Base 64 encoded                |
-| `enckey`      | String               | Encrypted key. Base 64 encoded               |
-| `method`      | String               | Name of the hashing + encryption method used |
-| `fingerprint` | String               | Vault fingerprint                            |
-| `accounts`    | Array<Account> | Array of additional accounts                 |
+| Field name                 | Type                             | Description                                                                                    |
+| -------------------------- | -------------------------------- | ---------------------------------------------------------------------------------------------- |
+| `user`                     | String                           | Username of the root account                                                                   |
+| `pwhash`                   | String                           | Password hash. Base 64 encoded                                                                 |
+| `salt`                     | String                           | Hashing salt. Base 64 encoded                                                                  |
+| `enckey`                   | String                           | Encrypted key. Base 64 encoded                                                                 |
+| `method`                   | String                           | Name of the hashing + encryption method used                                                   |
+| `tfa`                      | Boolean                          | True if two factor authentication is enabled                                                   |
+| `tfa_method`               | String                           | If two factor authentication is enabled, the method (eg: `totp:sha1:60:1`)                     |
+| `tfa_enckey`               | String                           | Encrypted two factor authentication key. Base 64 encoded                                       |
+| `auth_confirmation`        | Boolean                          | True if the authentication confirmation is enabled                                             |
+| `auth_confirmation_method` | String                           | Authentication confirmation method (`tfa` or `pw`)                                             |
+| `auth_confirmation_period` | Number (32 bit unsigned integer) | Period (seconds) to prevent asking for authentication confirmation multiple consecutive times. |
+| `fingerprint`              | String                           | Vault fingerprint                                                                              |
+| `accounts`                 | Array<Account>             | Array of additional accounts                                                                   |
 
 Each `Account` is an object with the following fields:
 
-| Field name | Type    | Description                                            |
-| ---------- | ------- | ------------------------------------------------------ |
-| `user`     | String  | Account username                                       |
-| `pwhash`   | String  | Password hash. Base 64 encoded                         |
-| `salt`     | String  | Hashing salt. Base 64 encoded                          |
-| `enckey`   | String  | Encrypted key. Base 64 encoded                         |
-| `method`   | String  | Name of the hashing + encryption method used           |
-| `write`    | Boolean | True if the account has permission to modify the vault |
+| Field name                 | Type                             | Description                                                                                    |
+| -------------------------- | -------------------------------- | ---------------------------------------------------------------------------------------------- |
+| `user`                     | String                           | Account username                                                                               |
+| `pwhash`                   | String                           | Password hash. Base 64 encoded                                                                 |
+| `salt`                     | String                           | Hashing salt. Base 64 encoded                                                                  |
+| `enckey`                   | String                           | Encrypted key. Base 64 encoded                                                                 |
+| `method`                   | String                           | Name of the hashing + encryption method used                                                   |
+| `tfa`                      | Boolean                          | True if two factor authentication is enabled                                                   |
+| `tfa_method`               | String                           | If two factor authentication is enabled, the method (eg: `totp:sha1:60:1`)                     |
+| `tfa_enckey`               | String                           | Encrypted two factor authentication key. Base 64 encoded                                       |
+| `auth_confirmation`        | Boolean                          | True if the authentication confirmation is enabled                                             |
+| `auth_confirmation_method` | String                           | Authentication confirmation method (`tfa` or `pw`)                                             |
+| `auth_confirmation_period` | Number (32 bit unsigned integer) | Period (seconds) to prevent asking for authentication confirmation multiple consecutive times. |
+| `write`                    | Boolean                          | True if the account has permission to modify the vault                                         |
 
 Currently, the following methods are implemented:
 

content/en/docs/Tutorials/01-setting-up-everything.md

@@ -151,6 +151,17 @@ Is it recommended to use a password manager, and making a backup of your passwor
 
 ![Screenshot]({{< baseurl >}}images/en/change-password.jpg)
 
+### Account security
+
+Click in the **Account security** option in order to change the security settings of your account.
+
+You can configure the following settings:
+
+ - Two factor authentication
+ - Authentication confirmation (Require confirmation for certain dangerous operations). You can also set if you want to use your password, or a two factor authentication code. You can also configure a period to prevent asking for confirmation too often.
+
+![Screenshot]({{< baseurl >}}images/en/account-security.jpg)
+
 ### Invite
 
 Click in the **Invite** option in order to invite users or devices to access the vault.

content/en/docs/Tutorials/08-backups.md

@@ -34,18 +34,35 @@ In case the destination path is not empty, it will only copy the new files and u
 You can also use the backup tool from the terminal, running the `pmv-backup` binary:
 
 ```sh
-pmv-backup /path/to/vault /path/to/backup/folder
+pmv-backup backup /path/to/vault /path/to/backup/folder
 ```
 
 ## Re-encrypting
 
 In case you got the encryption key leaked, and it's no longer secure, you can make a backup re-encrypting everything with a brand new randomly generated encryption key. 
 
-In order to do that, use the `--re-encrypt` option:
+In order to do that, use the `re-encrypt` option:
 
 ```sh
-pmv-backup /path/to/vault /path/to/backup/folder --re-encrypt
+pmv-backup re-encrypt /path/to/vault /path/to/backup/folder
 ```
 
 Note: The re-encryption process may take a very long time. Make sure to always use a secure password in order to prevent data leaks in the first place.
 
+## Key recovery
+
+Since restoring backup can take a long time, you may want a method to recover access to your vaulty fast in case you lose access to your credentials.
+
+You can use the `key-export` option of the backup tool in order to export the vault encryption key:
+
+```sh
+pmv-backup key-export /path/to/vault
+```
+
+Make sure to back it up in a secure and private place.
+
+In case you lose access to your vault, and want to recover the key, you can use the `key-recover` option of the backup tool:
+
+```sh
+pmv-backup key-recover /path/to/vault
+```