web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix issues with channel ID when using a password

Browse Source
This commit is contained in:
yflory 2018-04-26 15:10:31 +02:00
parent 1879c1829c
commit b26ae67df5
18 changed files with 72 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
www/common/common-hash.js
View File

@ -418,7 +418,7 @@ Version 1
});
return weaker;
};
var findStronger = Hash.findStronger = function (href, recents, password) {
Hash.findStronger = function (href, recents, password) {
var rHref = href || getRelativeHref(window.location.href);
var parsed = parsePadUrl(rHref, password);
if (!parsed.hash) { return false; }

13
www/common/common-ui-elements.js
View File

@ -180,7 +180,7 @@ define([
if (common.isLoggedIn() && AppConfig.enablePinning) {
// check the size of this file...
common.getFileSize(data.href, function (e, bytes) {
common.getFileSize(data.href, data.password, function (e, bytes) {
if (e) {
// there was a problem with the RPC
console.error(e);
@ -1146,7 +1146,8 @@ define([
var cryptKey = secret.keys && secret.keys.fileKeyStr;
var hexFileName = Util.base64ToHex(secret.channel);
var src = Hash.getBlobPathFromHex(hexFileName);
Common.getFileSize(href, function (e, data) {
// No password for avatars
Common.getFileSize(href, null, function (e, data) {
if (e) {
displayDefault();
return void console.error(e);
@ -2219,12 +2220,8 @@ define([
}
});
};
$(input).on('keydown', function (e) {
if (e.which === 13) { submit(); }
})
$(button).on('click', function () {
submit();
})
$(input).on('keydown', function (e) { if (e.which === 13) { submit(); } });
$(button).on('click', function () { submit(); });
var block = h('div#cp-loading-password-prompt', [

21
www/common/cryptpad-common.js
View File

@ -246,8 +246,8 @@ define([
});
};
common.getFileSize = function (href, cb) {
postMessage("GET_FILE_SIZE", {href: href}, function (obj) {
common.getFileSize = function (href, password, cb) {
postMessage("GET_FILE_SIZE", {href: href, password: password}, function (obj) {
if (obj && obj.error) { return void cb(obj.error); }
cb(undefined, obj.size);
});
@ -447,7 +447,7 @@ define([
optsPut.password = password;
}));
}
}).nThen(function (waitFor) {
}).nThen(function () {
Crypt.get(parsed.hash, function (err, val) {
if (err) { throw new Error(err); }
Crypt.put(parsed2.hash, val, cb, optsPut);
@ -843,18 +843,21 @@ define([
window.onhashchange = function (ev) {
if (ev && ev.reset) { oldHref = document.location.href; return; }
var newHref = document.location.href;
var parsedOld = Hash.parsePadUrl(oldHref).hashData;
var parsedNew = Hash.parsePadUrl(newHref).hashData;
if (parsedOld && parsedNew && (
// Password not needed here since we don't access hashData
var parsedOld = Hash.parsePadUrl(oldHref);
var parsedNew = Hash.parsePadUrl(newHref);
if (parsedOld.hashData && parsedNew.hashData &&
parsedOld.getUrl() !== parsedNew.getUrl()) {
/*parseOld && parsedNew && (
parsedOld.type !== parsedNew.type
|| parsedOld.channel !== parsedNew.channel
|| parsedOld.mode !== parsedNew.mode
|| parsedOld.key !== parsedNew.key)) {
if (!parsedOld.channel) { oldHref = newHref; return; }
|| parsedOld.key !== parsedNew.key)) {*/
if (!parsedOld.hashData.channel) { oldHref = newHref; return; }
document.location.reload();
return;
}
if (parsedNew) { oldHref = newHref; }
if (parsedNew.hashData) { oldHref = newHref; }
};
// Listen for login/logout in other tabs
window.addEventListener('storage', function (e) {

1
www/common/diffMarked.js
View File

@ -41,6 +41,7 @@ define([
};
renderer.image = function (href, title, text) {
if (href.slice(0,6) === '/file/') {
// PASSWORD_FILES
var parsed = Hash.parsePadUrl(href);
var hexFileName = Util.base64ToHex(parsed.hashData.channel);
var src = '/blob/' + hexFileName.slice(0,2) + '/' + hexFileName;

28
www/common/outer/async-store.js
View File

@ -81,16 +81,17 @@ define([
var d = store.userObject.getFileData(id);
if (d.owners && d.owners.length && edPublic &&
d.owners.indexOf(edPublic) === -1) { return; }
return Hash.hrefToHexChannelId(d.href);
return Hash.hrefToHexChannelId(d.href, d.password);
})
.filter(function (x) { return x; });
// Get the avatar
var profile = store.proxy.profile;
if (profile) {
var profileChan = profile.edit ? Hash.hrefToHexChannelId('/profile/#' + profile.edit) : null;
// No password for profile or avatar
var profileChan = profile.edit ? Hash.hrefToHexChannelId('/profile/#' + profile.edit, null) : null;
if (profileChan) { list.push(profileChan); }
var avatarChan = profile.avatar ? Hash.hrefToHexChannelId(profile.avatar) : null;
var avatarChan = profile.avatar ? Hash.hrefToHexChannelId(profile.avatar, null) : null;
if (avatarChan) { list.push(avatarChan); }
}
@ -115,7 +116,7 @@ define([
// because of the expiration time
if ((data.owners && data.owners.length && data.owners.indexOf(edPublic) === -1) ||
(data.expire && data.expire < (+new Date()))) {
list.push(Hash.hrefToHexChannelId(data.href));
list.push(Hash.hrefToHexChannelId(data.href, data.password));
}
});
return list;
@ -303,7 +304,7 @@ define([
Store.getFileSize = function (data, cb) {
if (!store.anon_rpc) { return void cb({error: 'ANON_RPC_NOT_READY'}); }
var channelId = Hash.hrefToHexChannelId(data.href);
var channelId = Hash.hrefToHexChannelId(data.href, data.password);
store.anon_rpc.send("GET_FILE_SIZE", channelId, function (e, response) {
if (e) { return void cb({error: e}); }
if (response && response.length && typeof(response[0]) === 'number') {
@ -403,6 +404,7 @@ define([
var makePad = function (href, title) {
var now = +new Date();
// Password not needed here since we only need the type
return {
href: href,
atime: now,
@ -434,14 +436,16 @@ define([
// Push channels owned by someone else or channel that should have expired
// because of the expiration time
if (data.owners && data.owners.length === 1 && data.owners.indexOf(edPublic) !== -1) {
list.push(Hash.hrefToHexChannelId(data.href));
list.push(Hash.hrefToHexChannelId(data.href, data.password));
}
});
if (store.proxy.todo) {
list.push(Hash.hrefToHexChannelId('/todo/#' + store.proxy.todo));
// No password for todo
list.push(Hash.hrefToHexChannelId('/todo/#' + store.proxy.todo, null));
}
if (store.proxy.profile && store.proxy.profile.edit) {
list.push(Hash.hrefToHexChannelId('/profile/#' + store.proxy.profile.edit));
// No password for todo
list.push(Hash.hrefToHexChannelId('/profile/#' + store.proxy.profile.edit, null));
}
return list;
};
@ -615,6 +619,7 @@ define([
});
};
Store.getPadAttribute = function (data, cb) {
console.log(data.href, data.attr);
store.userObject.getPadAttribute(data.href, data.attr, function (err, val) {
if (err) { return void cb({error: err}); }
cb(val);
@ -680,7 +685,8 @@ define([
Store.setPadTitle = function (data, cb) {
var title = data.title;
var href = data.href;
var p = Hash.parsePadUrl(href);
var padData = store.userObject.getFileData(store.userObject.getIdFromHref(href));
var p = Hash.parsePadUrl(href, padData && padData.password);
var h = p.hashData;
if (AppConfig.disableAnonymousStore && !store.loggedIn) { return void cb(); }
@ -707,7 +713,7 @@ define([
var pad = allPads[id];
if (!pad.href) { continue; }
var p2 = Hash.parsePadUrl(pad.href);
var p2 = Hash.parsePadUrl(pad.href, pad.password);
var h2 = p2.hashData;
// Different types, proceed to the next one
@ -788,7 +794,7 @@ define([
};
store.userObject.getFiles(where).forEach(function (id) {
var data = store.userObject.getFileData(id);
var parsed = Hash.parsePadUrl(data.href);
var parsed = Hash.parsePadUrl(data.href, data.password);
if ((!types || types.length === 0 || types.indexOf(parsed.type) !== -1) &&
hashes.indexOf(parsed.hash) === -1 &&
!isFiltered(parsed.type, data)) {

5
www/common/outer/userObject.js
View File

@ -75,7 +75,7 @@ define([
return void todo();
}
if (!pinPads) { return; }
pinPads([Hash.hrefToHexChannelId(data.href)], function (obj) {
pinPads([Hash.hrefToHexChannelId(data.href, data.password)], function (obj) {
if (obj && obj.error) { return void cb(obj.error); }
todo();
});
@ -98,7 +98,7 @@ define([
exp.getFiles([FILES_DATA]).forEach(function (id) {
if (filesList.indexOf(id) === -1) {
var fd = exp.getFileData(id);
var channelId = fd && fd.href && Hash.hrefToHexChannelId(fd.href);
var channelId = fd && fd.href && Hash.hrefToHexChannelId(fd.href, fd.password);
// If trying to remove an owned pad, remove it from server also
if (!isOwnPadRemoved &&
fd.owners && fd.owners.indexOf(edPublic) !== -1 && channelId) {
@ -565,6 +565,7 @@ define([
if (/^https*:\/\//.test(el.href)) { el.href = Hash.getRelativeHref(el.href); }
if (!el.ctime) { el.ctime = el.atime; }
// Password not needed here since we only need the type and hash
var parsed = Hash.parsePadUrl(el.href);
if (!el.title) { el.title = Hash.getDefaultName(parsed); }
if (!parsed.hash) {

2
www/common/sframe-app-framework.js
View File

@ -315,7 +315,7 @@ define([
privateDat.availableHashes.viewHash;
var href = privateDat.pathname + '#' + hash;
if (AppConfig.textAnalyzer && textContentGetter) {
var channelId = Hash.hrefToHexChannelId(href);
var channelId = Hash.hrefToHexChannelId(href, privateDat.password);
AppConfig.textAnalyzer(textContentGetter, channelId);
}

1
www/common/sframe-common-codemirror.js
View File

@ -332,6 +332,7 @@ define([
//var cursor = editor.getCursor();
//var cleanName = data.name.replace(/[\[\]]/g, '');
//var text = '!['+cleanName+']('+data.url+')';
// PASSWORD_FILES
var parsed = Hash.parsePadUrl(data.url);
var hexFileName = Util.base64ToHex(parsed.hashData.channel);
var src = '/blob/' + hexFileName.slice(0,2) + '/' + hexFileName;

17
www/common/sframe-common-outer.js
View File

@ -122,6 +122,7 @@ define([
});
}));
} else {
// Password not needed here since we only want to know if we need a password
var parsed = Utils.Hash.parsePadUrl(window.location.href);
var todo = function () {
secret = Utils.Hash.getSecrets(parsed.type, void 0, password);
@ -133,6 +134,7 @@ define([
var needPassword = parsed.hashData && parsed.hashData.password;
if (needPassword) {
Cryptpad.getPadAttribute('password', waitFor(function (err, val) {
console.log(val);
if (val) {
// We already know the password, use it!
password = val;
@ -158,7 +160,7 @@ define([
});
sframeChan.event("EV_PAD_PASSWORD");
}
}));
}), parsed.getUrl());
return;
}
// If no password, continue...
@ -182,7 +184,7 @@ define([
secret.keys = secret.key;
readOnly = false;
}
var parsed = Utils.Hash.parsePadUrl(window.location.href);
var parsed = Utils.Hash.parsePadUrl(window.location.href, password);
if (!parsed.type) { throw new Error(); }
var defaultTitle = Utils.Hash.getDefaultName(parsed);
var edPublic;
@ -224,7 +226,8 @@ define([
},
isNewFile: isNewFile,
isDeleted: isNewFile && window.location.hash.length > 0,
forceCreationScreen: forceCreationScreen
forceCreationScreen: forceCreationScreen,
password: password
};
for (var k in additionalPriv) { metaObj.priv[k] = additionalPriv[k]; }
@ -292,6 +295,7 @@ define([
sframeChan.on('Q_SET_PAD_TITLE_IN_DRIVE', function (newTitle, cb) {
currentTitle = newTitle;
setDocumentTitle();
Cryptpad.setNewPadPassword(password);
Cryptpad.setPadTitle(newTitle, undefined, undefined, function (err) {
cb(err);
});
@ -414,10 +418,12 @@ define([
// Present mode URL
sframeChan.on('Q_PRESENT_URL_GET_VALUE', function (data, cb) {
// Password not needed here since we only need something directly in the hash
var parsed = Utils.Hash.parsePadUrl(window.location.href);
cb(parsed.hashData && parsed.hashData.present);
});
sframeChan.on('EV_PRESENT_URL_SET_VALUE', function (data) {
// Password not needed here
var parsed = Utils.Hash.parsePadUrl(window.location.href);
window.location.href = parsed.getUrl({
embed: parsed.hashData.embed,
@ -510,6 +516,7 @@ define([
});
});
var getKey = function (href) {
// Password not needed here. We use the fake channel id for thumbnails at the moment
var parsed = Utils.Hash.parsePadUrl(href);
return 'thumbnail-' + parsed.type + '-' + parsed.hashData.channel;
};
@ -707,7 +714,7 @@ define([
sframeChan.on('Q_CREATE_PAD', function (data, cb) {
if (!isNewFile || rtStarted) { return; }
// Create a new hash
var password = data.password;
password = data.password;
var newHash = Utils.Hash.createRandomHash(parsed.type, password);
secret = Utils.Hash.getSecrets(parsed.type, newHash, password);
@ -721,7 +728,7 @@ define([
ohc({reset: true});
// Update metadata values and send new metadata inside
parsed = Utils.Hash.parsePadUrl(window.location.href);
parsed = Utils.Hash.parsePadUrl(window.location.href, password);
defaultTitle = Utils.Hash.getDefaultName(parsed);
hashes = Utils.Hash.getHashes(secret);
readOnly = false;

12
www/common/sframe-common.js
View File

@ -113,8 +113,8 @@ define([
return '<script src="' + origin + '/common/media-tag-nacl.min.js"></script>';
};
funcs.getMediatagFromHref = function (href) {
// PASSWORD_FILES
var parsed = Hash.parsePadUrl(href);
// FILE_HASHES2
var secret = Hash.getSecrets('file', parsed.hash);
var data = ctx.metadataMgr.getPrivateData();
if (secret.keys && secret.channel) {
@ -127,8 +127,8 @@ define([
}
return;
};
funcs.getFileSize = function (href, cb) {
var channelId = Hash.hrefToHexChannelId(href);
funcs.getFileSize = function (href, password, cb) {
var channelId = Hash.hrefToHexChannelId(href, password);
funcs.sendAnonRpcMsg("GET_FILE_SIZE", channelId, function (data) {
if (!data) { return void cb("No response"); }
if (data.error) { return void cb(data.error); }
@ -431,12 +431,8 @@ define([
UI.log(data.logText);
});
ctx.sframeChan.on("EV_PAD_PASSWORD", function (data) {
ctx.sframeChan.on("EV_PAD_PASSWORD", function () {
UIElements.displayPasswordPrompt(funcs);
/*UI.prompt("Password?", "", function (val) {
ctx.sframeChan.event("EV_PAD_PASSWORD_VALUE", val);
});
$('div.alertify').last().css("z-index", Number.MAX_SAFE_INTEGER);*/
});
ctx.metadataMgr.onReady(waitFor());

2
www/common/toolbar3.js
View File

@ -578,7 +578,7 @@ define([
var o = pd.origin;
var hashes = pd.availableHashes;
var url = pd.origin + pd.pathname + '#' + (hashes.editHash || hashes.viewHash);
var cid = Hash.hrefToHexChannelId(url);
var cid = Hash.hrefToHexChannelId(url, pd.password);
Common.sendAnonRpcMsg('IS_CHANNEL_PINNED', cid, function (x) {
if (x.error || !Array.isArray(x.response)) { return void console.log(x); }
if (x.response[0] === true) {

3
www/common/userObject.js
View File

@ -78,6 +78,7 @@ define([
exp.isReadOnlyFile = function (element) {
if (!isFile(element)) { return false; }
var data = exp.getFileData(element);
// Password not needed
var parsed = Hash.parsePadUrl(data.href);
if (!parsed) { return false; }
var pHash = parsed.hashData;
@ -387,7 +388,7 @@ define([
var channels64 = channels.slice().map(Util.hexToBase64);
return getFiles([FILES_DATA]).filter(function (k) {
var data = allFilesList[k];
var parsed = Hash.parsePadUrl(data.href);
var parsed = Hash.parsePadUrl(data.href, data.password);
return parsed.hashData && channels64.indexOf(parsed.hashData.channel) !== -1;
});
};

5
www/drive/inner.js
View File

@ -1264,6 +1264,7 @@ define([
var data = filesOp.getFileData(element);
if (!data) { return void logError("No data for the file", element); }
// Password not needed
var hrefData = Hash.parsePadUrl(data.href);
if (hrefData.type) {
$span.addClass('cp-border-color-'+hrefData.type);
@ -1835,6 +1836,7 @@ define([
var data = filesOp.getFileData(id);
if (!data) { return ''; }
if (prop === 'type') {
// Password not needed
var hrefData = Hash.parsePadUrl(data.href);
return hrefData.type;
}
@ -1870,6 +1872,7 @@ define([
};
}
if (prop === 'type') {
// Password not needed
var hrefData = Hash.parsePadUrl(e.href);
return hrefData.type;
}
@ -2093,6 +2096,7 @@ define([
filesList.forEach(function (r) {
r.paths.forEach(function (path) {
var href = r.data.href;
// Password not needed
var parsed = Hash.parsePadUrl(href);
var $table = $('<table>');
var $icon = $('<td>', {'rowspan': '3', 'class': 'cp-app-drive-search-icon'})
@ -2649,6 +2653,7 @@ define([
if (!filesOp.isFile(id)) { return; }
var data = filesOp.getFileData(id);
if (!data) { return; }
// Password not needed
var parsed = Hash.parsePadUrl(data.href);
if (parsed.hashData.type !== "pad") { return; }
var i = data.href.indexOf('#') + 1;

3
www/file/inner.js
View File

@ -232,7 +232,8 @@ define([
$dlform.find('#cp-app-file-dlfile, #cp-app-file-dlprogress').click(onClick);
};
var href = priv.origin + priv.pathname + priv.filehash;
common.getFileSize(href, function (e, data) {
// PASSWORD_FILES
common.getFileSize(href, null, function (e, data) {
if (e) {
return void UI.errorLoadingScreen(e);
}

1
www/filepicker/inner.js
View File

@ -40,6 +40,7 @@ define([
var parsed = Hash.parsePadUrl(data.url);
hideFileDialog();
if (parsed.type === 'file') {
// PASSWORD_FILES
var hexFileName = Util.base64ToHex(parsed.hashData.channel);
var src = '/blob/' + hexFileName.slice(0,2) + '/' + hexFileName;
sframeChan.event("EV_FILE_PICKED", {

1
www/pad/inner.js
View File

@ -459,6 +459,7 @@ define([
ckeditor: editor,
body: $('body'),
onUploaded: function (ev, data) {
// PASSWORD_FILES
var parsed = Hash.parsePadUrl(data.url);
var hexFileName = Util.base64ToHex(parsed.hashData.channel);
var src = '/blob/' + hexFileName.slice(0,2) + '/' + hexFileName;

4
www/profile/main.js
View File

@ -79,7 +79,7 @@ define([
var addRpc = function (sframeChan, Cryptpad, Utils) {
// Adding a new avatar from the profile: pin it and store it in the object
sframeChan.on('Q_PROFILE_AVATAR_ADD', function (data, cb) {
var chanId = Utils.Hash.hrefToHexChannelId(data);
var chanId = Utils.Hash.hrefToHexChannelId(data, null);
Cryptpad.pinPads([chanId], function (e) {
if (e) { return void cb(e); }
Cryptpad.setAvatar(data, cb);
@ -87,7 +87,7 @@ define([
});
// Removing the avatar from the profile: unpin it
sframeChan.on('Q_PROFILE_AVATAR_REMOVE', function (data, cb) {
var chanId = Utils.Hash.hrefToHexChannelId(data);
var chanId = Utils.Hash.hrefToHexChannelId(data, null);
Cryptpad.unpinPads([chanId], function () {
Cryptpad.setAvatar(undefined, cb);
});

4
www/slide/inner.js
View File

@ -500,9 +500,7 @@ define([
dropArea: $('.CodeMirror'),
body: $('body'),
onUploaded: function (ev, data) {
//var cursor = editor.getCursor();
//var cleanName = data.name.replace(/[\[\]]/g, '');
//var text = '!['+cleanName+']('+data.url+')';
// PASSWORD_FILES
var parsed = Hash.parsePadUrl(data.url);
var hexFileName = Util.base64ToHex(parsed.hashData.channel);
var src = '/blob/' + hexFileName.slice(0,2) + '/' + hexFileName;