feat: 添加密码管理功能,包括 API、数据库支持和前端界面
This commit is contained in:
@@ -63,3 +63,43 @@ The system SHALL treat exactly one configured email as an administrator and allo
|
||||
- **GIVEN** an authenticated admin user
|
||||
- **WHEN** the admin calls `GET /admin/users/{id}/bookmarks`
|
||||
- **THEN** the server returns `200` and that user's bookmarks
|
||||
|
||||
### Requirement: Credential storage API
|
||||
The system SHALL provide authenticated CRUD APIs for credentials scoped to the current user.
|
||||
|
||||
#### Scenario: Create credential
|
||||
- **WHEN** an authenticated user calls `POST /credentials` with `siteOrigin`, `username`, and `password`
|
||||
- **THEN** the server stores the credential and returns the created record
|
||||
|
||||
#### Scenario: List credentials
|
||||
- **WHEN** an authenticated user calls `GET /credentials?siteOrigin=...`
|
||||
- **THEN** the server returns the matching credentials for that user
|
||||
|
||||
#### Scenario: Update credential
|
||||
- **WHEN** an authenticated user calls `PATCH /credentials/{id}`
|
||||
- **THEN** the server updates the credential and returns the updated record
|
||||
|
||||
#### Scenario: Delete credential
|
||||
- **WHEN** an authenticated user calls `DELETE /credentials/{id}`
|
||||
- **THEN** the server deletes the credential
|
||||
|
||||
### Requirement: Credential plaintext access
|
||||
The system SHALL allow authenticated users to request plaintext passwords for their own credentials.
|
||||
|
||||
#### Scenario: User requests plaintext
|
||||
- **GIVEN** an authenticated user
|
||||
- **WHEN** the user calls `GET /credentials?includePassword=true`
|
||||
- **THEN** the server returns plaintext passwords for that user
|
||||
|
||||
#### Scenario: Admin requests plaintext for a user
|
||||
- **GIVEN** an authenticated admin user
|
||||
- **WHEN** the admin calls `GET /admin/users/{id}/credentials?includePassword=true`
|
||||
- **THEN** the server returns plaintext passwords for that user
|
||||
|
||||
### Requirement: Admin credential management
|
||||
The system SHALL allow an admin to list and manage any user’s credentials.
|
||||
|
||||
#### Scenario: Admin lists user credentials
|
||||
- **GIVEN** an authenticated admin user
|
||||
- **WHEN** the admin calls `GET /admin/users/{id}/credentials`
|
||||
- **THEN** the server returns that user’s credentials
|
||||
|
||||
64
openspec/specs/password-manager/spec.md
Normal file
64
openspec/specs/password-manager/spec.md
Normal file
@@ -0,0 +1,64 @@
|
||||
# Capability: Password Manager
|
||||
|
||||
## Purpose
|
||||
Define password-manager behavior across the extension and web UI.
|
||||
|
||||
## Requirements
|
||||
|
||||
### Requirement: Extension save prompt
|
||||
The extension SHALL prompt the user to save credentials when a login form is detected and submitted.
|
||||
|
||||
#### Scenario: Save confirmed
|
||||
- **WHEN** the user confirms “保存/记住密码” in the prompt
|
||||
- **THEN** the extension sends the credential to the server for storage
|
||||
|
||||
#### Scenario: Save canceled
|
||||
- **WHEN** the user cancels or dismisses the prompt
|
||||
- **THEN** the extension MUST NOT store the credential
|
||||
|
||||
#### Scenario: Save prompt suppressed for matching credential
|
||||
- **GIVEN** a previously saved credential for the same `siteOrigin` and `username`
|
||||
- **WHEN** the user submits the same password
|
||||
- **THEN** the save prompt is not shown
|
||||
|
||||
#### Scenario: Save prompt update for password change
|
||||
- **GIVEN** a previously saved credential for the same `siteOrigin` and `username`
|
||||
- **WHEN** the user submits a different password
|
||||
- **THEN** the prompt message indicates a password update
|
||||
|
||||
#### Scenario: Save prompt for new username
|
||||
- **GIVEN** a site with saved credentials
|
||||
- **WHEN** the user submits a username that does not exist
|
||||
- **THEN** the prompt message indicates a new account
|
||||
|
||||
### Requirement: Extension autofill selector
|
||||
The extension SHALL show a credential selector near login fields for sites with saved accounts.
|
||||
|
||||
#### Scenario: Select credential
|
||||
- **GIVEN** a site with multiple saved credentials
|
||||
- **WHEN** the user opens the selector and chooses one
|
||||
- **THEN** the username and password fields are filled with that credential
|
||||
|
||||
### Requirement: Web password manager (desktop only)
|
||||
The web app SHALL provide a desktop-only password manager view.
|
||||
|
||||
#### Scenario: Desktop view
|
||||
- **WHEN** the user visits the password manager page on desktop
|
||||
- **THEN** the page is visible and provides list/edit/delete
|
||||
|
||||
#### Scenario: Mobile view hidden
|
||||
- **WHEN** the user visits the password manager page on mobile
|
||||
- **THEN** the page is hidden or redirects to a notice page
|
||||
|
||||
### Requirement: Plaintext visibility control
|
||||
The system SHALL allow a user to reveal plaintext passwords for their own credentials during the current browser session.
|
||||
|
||||
#### Scenario: User reveals plaintext
|
||||
- **GIVEN** a non-admin user
|
||||
- **WHEN** the user chooses to reveal plaintext
|
||||
- **THEN** the UI shows plaintext passwords during the current browser session
|
||||
|
||||
#### Scenario: Admin view
|
||||
- **GIVEN** an admin user
|
||||
- **WHEN** the admin views credentials
|
||||
- **THEN** plaintext is visible
|
||||
Reference in New Issue
Block a user