add 'log out everywhere' functionality in settings

2017-05-05 15:09:07 +02:00
parent c07d3e6162
commit a173e4c7a0
4 changed files with 85 additions and 7 deletions
--- a/www/common/fsStore.js
+++ b/www/common/fsStore.js
@@ -134,6 +134,23 @@ define([
        return ret;
    };

+    var requestLogin = function () {
+        // log out so that you don't go into an endless loop...
+        Cryptpad.logout();
+
+        // redirect them to log in, and come back when they're done.
+        sessionStorage.redirectTo = window.location.href;
+        window.location.href = '/login/';
+    };
+
+    var tryParsing = function (x) {
+        try { return JSON.parse(x); }
+        catch (e) {
+            console.error(e);
+            return null;
+        }
+    };
+
    var onReady = function (f, proxy, Cryptpad, exp) {
        var fo = exp.fo = FO.init(proxy.drive, {
            Cryptpad: Cryptpad
@@ -145,6 +162,28 @@ define([
            f(void 0, store);
        }

+        if (Cryptpad.isLoggedIn()) {
+/*  This isn't truly secure, since anyone who can read the user's object can
+    set their local loginToken to match that in the object. However, it exposes
+    a UI that will work most of the time. */
+            var tokenKey = 'loginToken';
+
+            // every user object should have a persistent, random number
+            if (typeof(proxy.loginToken) !== 'number') {
+                proxy[tokenKey] = Math.floor(Math.random()*Number.MAX_SAFE_INTEGER);
+            }
+
+            var localToken = tryParsing(localStorage.getItem(tokenKey));
+            if (localToken === null) {
+                // if that number hasn't been set to localStorage, do so.
+                localStorage.setItem(tokenKey, proxy.loginToken);
+            } else if (localToken !== proxy[tokenKey]) {
+                // if it has been, and the local number doesn't match that in
+                // the user object, request that they reauthenticate.
+                return void requestLogin();
+            }
+        }
+
        if (typeof(proxy.allowUserFeedback) !== 'boolean') {
            proxy.allowUserFeedback = true;
        }
@@ -157,13 +196,7 @@ define([

        // if the user is logged in, but does not have signing keys...
        if (Cryptpad.isLoggedIn() && !Cryptpad.hasSigningKeys(proxy)) {
-            // log out so that you don't go into an endless loop...
-            Cryptpad.logout();
-
-            // redirect them to log in, and come back when they're done.
-            sessionStorage.redirectTo = window.location.href;
-            window.location.href = '/login/';
-            return;
+            return void requestLogin();
        }

        proxy.on('change', [Cryptpad.displayNameKey], function (o, n) {