Fix OO password change

4 years ago · 4f5cb98fd5
parent c03f7dceaa
commit 4f5cb98fd5
2 changed files with 14 additions and 10 deletions
--- a/www/common/cryptpad-common.js
+++ b/www/common/cryptpad-common.js
@ -1435,7 +1435,6 @@ define([
        var oldMetadata;
        var oldRtChannel;
        var privateData;
        var padData;
        var newSecret;
        if (parsed.hashData.version >= 2) {
@ -1462,9 +1461,8 @@ define([
        Nthen(function (waitFor) {
            common.getPadAttribute('', waitFor(function (err, _data) {
-                padData = _data;
+                if (!oldPassword && _data) {
-                if (!oldPassword) {
+                    optsGet.password = _data.password;
                    optsGet.password = padData.password;
                }
            }), href);
            common.getAccessKeys(waitFor(function (keys) {
@ -1472,7 +1470,7 @@ define([
                optsPut.accessKeys = keys;
            }));
        }).nThen(function (waitFor) {
-            oldSecret = Hash.getSecrets(parsed.type, parsed.hash, padData.password);
+            oldSecret = Hash.getSecrets(parsed.type, parsed.hash, optsGet.password);
            require([
                '/common/cryptget.js',
--- a/www/common/inner/access.js
+++ b/www/common/inner/access.js
@ -894,6 +894,7 @@ define([
                        if (data.fakeHref) {
                            href = Hash.hashToHref(bestHash, priv.app);
                        }
                        var isNotStored = Boolean(data.fakeHref);
                        sframeChan.query(q, {
                            teamId: typeof(owned) !== "boolean" ? owned : undefined,
                            href: href,
@ -931,22 +932,27 @@ define([
                            // Pad password changed: update the href
                            // Use hidden hash if needed (we're an owner of this pad so we know it is stored)
                            var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']);
-                            var href = (priv.readOnly && data.roHref) ? data.roHref : data.href;
+                            if (isNotStored) { useUnsafe = true; }
                            var _href = (priv.readOnly && data.roHref) ? data.roHref : data.href;
                            if (useUnsafe !== true) {
-                                var newParsed = Hash.parsePadUrl(href);
+                                var newParsed = Hash.parsePadUrl(_href);
                                var newSecret = Hash.getSecrets(newParsed.type, newParsed.hash, newPass);
                                var newHash = Hash.getHiddenHashFromKeys(parsed.type, newSecret, {});
-                                href = Hash.hashToHref(newHash, parsed.type);
+                                _href = Hash.hashToHref(newHash, parsed.type);
                            }
                            var reload = false;
                            // Trigger a page reload if the href didn't change
                            if (_href === href) { _href = undefined; }
                            if (data.warning) {
                                return void UI.alert(Messages.properties_passwordWarning, function () {
-                                    common.gotoURL(href);
+                                    common.gotoURL(_href);
                                }, {force: true});
                            }
                            return void UI.alert(Messages.properties_passwordSuccess, function () {
                                if (!isSharedFolder) {
-                                    common.gotoURL(href);
+                                    common.gotoURL(_href);
                                }
                            }, {force: true});
                        });