web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Password change UI

Browse Source
This commit is contained in:
yflory 2019-10-22 15:22:43 +02:00
parent 456c88b22c
commit 550965b1c8
2 changed files with 70 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
www/common/common-ui-elements.js
View File

@ -564,14 +564,18 @@ define([
newPassword, newPassword,
passwordOk passwordOk
]); ]);
var pLocked = false;
$(passwordOk).click(function () { $(passwordOk).click(function () {
var newPass = $(newPassword).find('input').val(); var newPass = $(newPassword).find('input').val();
if (data.password === newPass || if (data.password === newPass ||
(!data.password && !newPass)) { (!data.password && !newPass)) {
return void UI.alert(Messages.properties_passwordSame); return void UI.alert(Messages.properties_passwordSame);
} }
if (pLocked) { return; }
pLocked = true;
UI.confirm(changePwConfirm, function (yes) { UI.confirm(changePwConfirm, function (yes) {
if (!yes) { return; } if (!yes) { pLocked = false; return; }
$(passwordOk).html('').append(h('span.fa.fa-spinner.fa-spin', {style: 'margin-left: 0'}));
sframeChan.query("Q_PAD_PASSWORD_CHANGE", { sframeChan.query("Q_PAD_PASSWORD_CHANGE", {
teamId: typeof(owned) !== "boolean" ? owned : undefined, teamId: typeof(owned) !== "boolean" ? owned : undefined,
href: data.href || data.roHref, href: data.href || data.roHref,
@ -579,6 +583,8 @@ define([
}, function (err, data) { }, function (err, data) {
if (err || data.error) { if (err || data.error) {
console.error(err || data.error); console.error(err || data.error);
pLocked = false;
$(passwordOk).text(Messages.properties_changePasswordButton);
return void UI.alert(Messages.properties_passwordError); return void UI.alert(Messages.properties_passwordError);
} }
UI.findOKButton().click(); UI.findOKButton().click();

114
www/common/sframe-common-outer.js
View File

@ -206,64 +206,72 @@ define([
// 2c: 'view' pad and '/p/' and a wrong password stored --> the seed is incorrect // 2c: 'view' pad and '/p/' and a wrong password stored --> the seed is incorrect
// 2d: 'view' pad and '/p/' and password never stored (security feature) --> password-prompt // 2d: 'view' pad and '/p/' and password never stored (security feature) --> password-prompt
Cryptpad.getPadAttribute('password', waitFor(function (err, val) { var askPassword = function (wrongPasswordStored) {
var askPassword = function (wrongPasswordStored) { // Ask for the password and check if the pad exists
// Ask for the password and check if the pad exists // If the pad doesn't exist, it means the password isn't correct
// If the pad doesn't exist, it means the password isn't correct // or the pad has been deleted
// or the pad has been deleted var correctPassword = waitFor();
var correctPassword = waitFor(); sframeChan.on('Q_PAD_PASSWORD_VALUE', function (data, cb) {
sframeChan.on('Q_PAD_PASSWORD_VALUE', function (data, cb) { password = data;
password = data; var next = function (e, isNew) {
var next = function (e, isNew) { if (Boolean(isNew)) {
if (Boolean(isNew)) { // Ask again in the inner iframe
// Ask again in the inner iframe // We should receive a new Q_PAD_PASSWORD_VALUE
// We should receive a new Q_PAD_PASSWORD_VALUE cb(false);
cb(false); } else {
todo();
if (wrongPasswordStored) {
// Store the correct password
nThen(function (w) {
// XXX noPasswordStored: return; ?
Cryptpad.setPadAttribute('password', password, w(), parsed.getUrl());
Cryptpad.setPadAttribute('channel', secret.channel, w(), parsed.getUrl());
if (parsed.hashData.mode === 'edit') {
var href = window.location.pathname + '#' + Utils.Hash.getEditHashFromKeys(secret);
Cryptpad.setPadAttribute('href', href, w(), parsed.getUrl());
var roHref = window.location.pathname + '#' + Utils.Hash.getViewHashFromKeys(secret);
Cryptpad.setPadAttribute('roHref', roHref, w(), parsed.getUrl());
}
}).nThen(correctPassword);
} else { } else {
todo(); correctPassword();
if (wrongPasswordStored) {
// Store the correct password
nThen(function (w) {
// XXX noPasswordStored: return; ?
Cryptpad.setPadAttribute('password', password, w(), parsed.getUrl());
Cryptpad.setPadAttribute('channel', secret.channel, w(), parsed.getUrl());
if (parsed.hashData.mode === 'edit') {
var href = window.location.pathname + '#' + Utils.Hash.getEditHashFromKeys(secret);
Cryptpad.setPadAttribute('href', href, w(), parsed.getUrl());
var roHref = window.location.pathname + '#' + Utils.Hash.getViewHashFromKeys(secret);
Cryptpad.setPadAttribute('roHref', roHref, w(), parsed.getUrl());
}
}).nThen(correctPassword);
} else {
correctPassword();
}
cb(true);
} }
}; cb(true);
if (parsed.type === "file") {
// `isNewChannel` doesn't work for files (not a channel)
// `getFileSize` is not adapted to channels because of metadata
Cryptpad.getFileSize(window.location.href, password, function (e, size) {
next(e, size === 0);
});
return;
} }
// Not a file, so we can use `isNewChannel` };
Cryptpad.isNewChannel(window.location.href, password, next); if (parsed.type === "file") {
}); // `isNewChannel` doesn't work for files (not a channel)
sframeChan.event("EV_PAD_PASSWORD"); // `getFileSize` is not adapted to channels because of metadata
}; Cryptpad.getFileSize(window.location.href, password, function (e, size) {
next(e, size === 0);
});
return;
}
// Not a file, so we can use `isNewChannel`
Cryptpad.isNewChannel(window.location.href, password, next);
});
sframeChan.event("EV_PAD_PASSWORD");
};
if (!val && sessionStorage.newPadPassword) { var done = waitFor();
val = sessionStorage.newPadPassword; var stored = false;
nThen(function (w) {
Cryptpad.getPadAttribute('title', w(function (err, data) {
stored = (!err && typeof (data) === "string");
}));
Cryptpad.getPadAttribute('password', w(function (err, val) {
password = val;
}), parsed.getUrl());
}).nThen(function (w) {
if (!password && sessionStorage.newPadPassword) {
password = sessionStorage.newPadPassword;
delete sessionStorage.newPadPassword; delete sessionStorage.newPadPassword;
} }
password = val;
if (parsed.type === "file") { if (parsed.type === "file") {
// `isNewChannel` doesn't work for files (not a channel) // `isNewChannel` doesn't work for files (not a channel)
// `getFileSize` is not adapted to channels because of metadata // `getFileSize` is not adapted to channels because of metadata
Cryptpad.getFileSize(window.location.href, password, waitFor(function (e, size) { Cryptpad.getFileSize(window.location.href, password, w(function (e, size) {
if (size !== 0) { return void todo(); } if (size !== 0) { return void todo(); }
// Wrong password or deleted file? // Wrong password or deleted file?
askPassword(true); askPassword(true);
@ -271,19 +279,23 @@ define([
return; return;
} }
// Not a file, so we can use `isNewChannel` // Not a file, so we can use `isNewChannel`
Cryptpad.isNewChannel(window.location.href, password, waitFor(function(e, isNew) { Cryptpad.isNewChannel(window.location.href, password, w(function(e, isNew) {
if (!isNew) { return void todo(); } if (!isNew) { return void todo(); }
if (parsed.hashData.mode === 'view' && (val || !parsed.hashData.password)) { if (parsed.hashData.mode === 'view' && (password || !parsed.hashData.password)) {
// Error, wrong password stored, the view seed has changed with the password // Error, wrong password stored, the view seed has changed with the password
// password will never work // password will never work
sframeChan.event("EV_PAD_PASSWORD_ERROR"); sframeChan.event("EV_PAD_PASSWORD_ERROR");
waitFor.abort(); waitFor.abort();
return; return;
} }
if (!stored && !parsed.hashData.password) {
// We've received a link without /p/ and it doesn't work without a password: abort
return void todo();
}
// Wrong password or deleted file? // Wrong password or deleted file?
askPassword(true); askPassword(true);
})); }));
}), parsed.getUrl()); }).nThen(done);
} }
}).nThen(function (waitFor) { }).nThen(function (waitFor) {
if (cfg.afterSecrets) { if (cfg.afterSecrets) {