From 086e500b8edc295338377170f57940571c626102 Mon Sep 17 00:00:00 2001 From: yflory Date: Thu, 6 Feb 2020 13:58:27 +0100 Subject: [PATCH 01/57] Fix hidden hash error with password change --- www/common/common-hash.js | 4 +++- www/common/common-ui-elements.js | 19 ++++++++++++++----- www/common/cryptpad-common.js | 7 +++++-- www/common/drive-ui.js | 8 +++----- 4 files changed, 25 insertions(+), 13 deletions(-) diff --git a/www/common/common-hash.js b/www/common/common-hash.js index ad32e65c8..b60ab3306 100644 --- a/www/common/common-hash.js +++ b/www/common/common-hash.js @@ -62,7 +62,9 @@ var factory = function (Util, Crypto, Nacl) { }; Hash.getHiddenHashFromKeys = function (type, secret, opts) { - var mode = ((secret.keys && secret.keys.editKeyStr) || secret.key) ? 'edit/' : 'view/'; + opts = opts || {}; + var canEdit = (secret.keys && secret.keys.editKeyStr) || secret.key; + var mode = (!opts.view && canEdit) ? 'edit/' : 'view/'; var pass = secret.password ? 'p/' : ''; if (secret.keys && secret.keys.fileKeyStr) { mode = ''; } diff --git a/www/common/common-ui-elements.js b/www/common/common-ui-elements.js index d106702b5..977f8963d 100644 --- a/www/common/common-ui-elements.js +++ b/www/common/common-ui-elements.js @@ -638,17 +638,26 @@ define([ : Messages.properties_passwordSuccessFile; return void UI.alert(alertMsg, undefined, {force: true}); } - // If we didn't have a password, we have to add the /p/ - // If we had a password and we changed it to a new one, we just have to reload - // If we had a password and we removed it, we have to remove the /p/ + + // Pad password changed: update the href + // Use hidden hash if needed (we're an owner of this pad so we know it is stored) + var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']); + var href = data.href || data.roHref; + if (!useUnsafe) { + var newParsed = Hash.parsePadUrl(href); + var newSecret = Hash.getSecrets(newParsed.type, newParsed.hash, newPass); + var newHash = Hash.getHiddenHashFromKeys(parsed.type, newSecret, {}); + href = Hash.hashToHref(newHash, parsed.type); + } + if (data.warning) { return void UI.alert(Messages.properties_passwordWarning, function () { - common.gotoURL(hasPassword && newPass ? undefined : (data.href || data.roHref)); + common.gotoURL(href); }, {force: true}); } return void UI.alert(Messages.properties_passwordSuccess, function () { if (!isSharedFolder) { - common.gotoURL(hasPassword && newPass ? undefined : (data.href || data.roHref)); + common.gotoURL(href); } }, {force: true}); }); diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js index 0aa75f561..393fafa8b 100644 --- a/www/common/cryptpad-common.js +++ b/www/common/cryptpad-common.js @@ -1041,7 +1041,7 @@ define([ warning: warning, hash: newHash, href: newHref, - roHref: newRoHref + roHref: newRoHref, }); }); }; @@ -2121,7 +2121,10 @@ define([ var parsedNew = Hash.parsePadUrl(newHref); if (parsedOld.hashData && parsedNew.hashData && parsedOld.getUrl() !== parsedNew.getUrl()) { - if (!parsedOld.hashData.key) { oldHref = newHref; return; } + if (parsedOld.hashData.version !== 3 && !parsedOld.hashData.key) { + oldHref = newHref; + return; + } // If different, reload document.location.reload(); return; diff --git a/www/common/drive-ui.js b/www/common/drive-ui.js index a19ba9be1..ff15e091f 100644 --- a/www/common/drive-ui.js +++ b/www/common/drive-ui.js @@ -1044,11 +1044,9 @@ define([ // Get hidden hash var parsed = Hash.parsePadUrl(href); var secret = Hash.getSecrets(parsed.type, parsed.hash, data.password); - if (isRo && secret.keys && secret.keys.editKeyStr) { - delete secret.keys.editKeyStr; - delete secret.key; - } - var hash = Hash.getHiddenHashFromKeys(parsed.type, secret); + var opts = {}; + if (isRo) { opts.view = true; } + var hash = Hash.getHiddenHashFromKeys(parsed.type, secret, opts); var hiddenHref = Hash.hashToHref(hash, parsed.type); window.open(APP.origin + hiddenHref); }; From 12a45377e711af8c15db8ed593f3bc6ef7e84a67 Mon Sep 17 00:00:00 2001 From: yflory Date: Thu, 6 Feb 2020 15:35:58 +0100 Subject: [PATCH 02/57] Fix password change issues with read-only pads or from the drive --- www/common/common-ui-elements.js | 46 ++++++++++++++++++++----------- www/common/cryptpad-common.js | 3 ++ www/common/sframe-common-outer.js | 4 +-- 3 files changed, 35 insertions(+), 18 deletions(-) diff --git a/www/common/common-ui-elements.js b/www/common/common-ui-elements.js index 977f8963d..4916517e6 100644 --- a/www/common/common-ui-elements.js +++ b/www/common/common-ui-elements.js @@ -547,21 +547,27 @@ define([ if (!data.noPassword) { var hasPassword = data.password; + var $pwLabel = $('