From 4f5cb98fd5af8c7381bb3eb5672cab06fa5afcde Mon Sep 17 00:00:00 2001 From: yflory Date: Mon, 22 Mar 2021 12:08:37 +0100 Subject: [PATCH] Fix OO password change --- www/common/cryptpad-common.js | 8 +++----- www/common/inner/access.js | 16 +++++++++++----- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js index f4419d2cb..8bf01c965 100644 --- a/www/common/cryptpad-common.js +++ b/www/common/cryptpad-common.js @@ -1435,7 +1435,6 @@ define([ var oldMetadata; var oldRtChannel; var privateData; - var padData; var newSecret; if (parsed.hashData.version >= 2) { @@ -1462,9 +1461,8 @@ define([ Nthen(function (waitFor) { common.getPadAttribute('', waitFor(function (err, _data) { - padData = _data; - if (!oldPassword) { - optsGet.password = padData.password; + if (!oldPassword && _data) { + optsGet.password = _data.password; } }), href); common.getAccessKeys(waitFor(function (keys) { @@ -1472,7 +1470,7 @@ define([ optsPut.accessKeys = keys; })); }).nThen(function (waitFor) { - oldSecret = Hash.getSecrets(parsed.type, parsed.hash, padData.password); + oldSecret = Hash.getSecrets(parsed.type, parsed.hash, optsGet.password); require([ '/common/cryptget.js', diff --git a/www/common/inner/access.js b/www/common/inner/access.js index a09f98bfb..95450e073 100644 --- a/www/common/inner/access.js +++ b/www/common/inner/access.js @@ -894,6 +894,7 @@ define([ if (data.fakeHref) { href = Hash.hashToHref(bestHash, priv.app); } + var isNotStored = Boolean(data.fakeHref); sframeChan.query(q, { teamId: typeof(owned) !== "boolean" ? owned : undefined, href: href, @@ -931,22 +932,27 @@ define([ // Pad password changed: update the href // Use hidden hash if needed (we're an owner of this pad so we know it is stored) var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']); - var href = (priv.readOnly && data.roHref) ? data.roHref : data.href; + if (isNotStored) { useUnsafe = true; } + var _href = (priv.readOnly && data.roHref) ? data.roHref : data.href; if (useUnsafe !== true) { - var newParsed = Hash.parsePadUrl(href); + var newParsed = Hash.parsePadUrl(_href); var newSecret = Hash.getSecrets(newParsed.type, newParsed.hash, newPass); var newHash = Hash.getHiddenHashFromKeys(parsed.type, newSecret, {}); - href = Hash.hashToHref(newHash, parsed.type); + _href = Hash.hashToHref(newHash, parsed.type); } + var reload = false; + // Trigger a page reload if the href didn't change + if (_href === href) { _href = undefined; } + if (data.warning) { return void UI.alert(Messages.properties_passwordWarning, function () { - common.gotoURL(href); + common.gotoURL(_href); }, {force: true}); } return void UI.alert(Messages.properties_passwordSuccess, function () { if (!isSharedFolder) { - common.gotoURL(href); + common.gotoURL(_href); } }, {force: true}); });