From 0a9ea95796419d98496edcd92df5b6cae04e7cce Mon Sep 17 00:00:00 2001 From: ansuz Date: Tue, 10 Jul 2018 13:11:22 +0200 Subject: [PATCH] always set userHash in localStorage even with modern users --- customize.dist/login.js | 15 +++++++++------ www/common/cryptpad-common.js | 19 ++++++++++++++++--- www/common/outer/local-store.js | 13 +++---------- 3 files changed, 28 insertions(+), 19 deletions(-) diff --git a/customize.dist/login.js b/customize.dist/login.js index d14cadfe1..69afa731d 100644 --- a/customize.dist/login.js +++ b/customize.dist/login.js @@ -72,18 +72,20 @@ define([ opt.channel64 = Util.hexToBase64(channelHex); - opt.userHash = '/1/edit/' + [opt.channel64, opt.keys.editKeyStr].join('/'); + opt.userHash = '/1/edit/' + [opt.channel64, opt.keys.editKeyStr].join('/') + '/'; return opt; }; - var loginOptionsFromBlock = function (blockInfo) { // userHash + var loginOptionsFromBlock = function (blockInfo) { var opt = {}; var parsed = Hash.getSecrets('pad', blockInfo.User_hash); opt.channelHex = parsed.channel; opt.keys = parsed.keys; opt.edPublic = blockInfo.edPublic; + opt.edPrivate = blockInfo.edPrivate; + opt.User_name = blockInfo.User_name; return opt; }; @@ -255,6 +257,7 @@ define([ var opt; if (res.blockInfo) { opt = loginOptionsFromBlock(res.blockInfo); + userHash = res.blockInfo.User_hash; } else { console.log("allocating random bytes for a new user object"); opt = allocateBytes(Nacl.randomBytes(Exports.requiredBytes)); @@ -282,7 +285,7 @@ define([ res.realtime = rt.realtime; // they're registering... - res.userHash = false; + res.userHash = userHash; res.userName = uname; // somehow they have a block present, but nothing in the user object it specifies @@ -301,7 +304,6 @@ define([ rt.network.disconnect(); waitFor.abort(); res.blockHash = blockHash; - res.userHash = false; if (shouldImport) { setMergeAnonDrive(); } @@ -315,7 +317,7 @@ define([ if (shouldImport) { setMergeAnonDrive(); } - return void LocalStore.login(false, uname, function () { + return void LocalStore.login(userHash, uname, function () { cb(void 0, res); }); } @@ -367,6 +369,7 @@ define([ // Finally, create the login block for the object you just created. var toPublish = {}; + toPublish[Constants.userNameKey] = uname; toPublish[Constants.userHashKey] = userHash; toPublish.edPublic = RT.proxy.edPublic; toPublish.edPrivate = RT.proxy.edPrivate; @@ -378,7 +381,7 @@ define([ console.log("blockInfo available at:", blockHash); LocalStore.setBlockHash(blockHash); - LocalStore.login(false, uname, function () { + LocalStore.login(userHash, uname, function () { cb(void 0, res); }); })); diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js index a8ba4efa2..5238385f3 100644 --- a/www/common/cryptpad-common.js +++ b/www/common/cryptpad-common.js @@ -706,7 +706,13 @@ define([ }); } var accountName = LocalStore.getAccountName(); - var hash = LocalStore.getUserHash(); // To load your old drive + var hash = LocalStore.getUserHash(); + if (!hash) { + return void cb({ + error: 'E_NOT_LOGGED_IN' + }); + } + var password = data.password; // To remove your old block var newPassword = data.newPassword; // To create your new block var secret = Hash.getSecrets('drive', hash); @@ -777,6 +783,7 @@ define([ waitFor.abort(); return void cb({ error: err }); } + Crypt.put(newHash, val, waitFor(function (err) { if (err) { waitFor.abort(); @@ -795,8 +802,11 @@ define([ var keys = Block.genkeys(newBlockSeed); var content = Block.serialize(JSON.stringify({ User_name: accountName, - User_hash: newHash + User_hash: newHash, + edPublic: edPublic, + // edPrivate XXX }), keys); + common.writeLoginBlock(content, waitFor(function (obj) { var newBlockHash = Block.getBlockHash(keys); LocalStore.setBlockHash(newBlockHash); @@ -1073,6 +1083,9 @@ define([ return; } userHash = block_info[Constants.userHashKey]; + if (!userHash || userHash !== LocalStore.getUserHash()) { + return void requestLogin(); + } } catch (e) { console.error(e); return void console.error("failed to decrypt or decode block content"); @@ -1084,7 +1097,7 @@ define([ init: true, userHash: userHash || LocalStore.getUserHash(), anonHash: LocalStore.getFSHash(), - localToken: tryParsing(localStorage.getItem(Constants.tokenKey)), + localToken: tryParsing(localStorage.getItem(Constants.tokenKey)), // TODO move tihs to LocalStore ? language: common.getLanguage(), messenger: rdyCfg.messenger, // Boolean driveEvents: rdyCfg.driveEvents // Boolean diff --git a/www/common/outer/local-store.js b/www/common/outer/local-store.js index 744371ce3..3246f827c 100644 --- a/www/common/outer/local-store.js +++ b/www/common/outer/local-store.js @@ -75,18 +75,11 @@ define([ typeof getUserHash() === "string"; }; - - - - // XXX update this to take into account blockHash values LocalStore.login = function (hash, name, cb) { - if (hash !== false && !hash) { throw new Error('expected a user hash'); } + if (!hash) { throw new Error('expected a user hash'); } if (!name) { throw new Error('expected a user name'); } - - if (hash) { - hash = Hash.serializeHash(hash); - localStorage.setItem(Constants.userHashKey, hash); - } + hash = Hash.serializeHash(hash); + localStorage.setItem(Constants.userHashKey, hash); localStorage.setItem(Constants.userNameKey, name); if (cb) { cb(); } };