diff --git a/www/common/common-hash.js b/www/common/common-hash.js index b9cdfa699..4b30d7100 100644 --- a/www/common/common-hash.js +++ b/www/common/common-hash.js @@ -644,6 +644,27 @@ Version 4: Data URL when not a realtime link yet (new pad or "static" app) return hashes; }; + Hash.getFormData = function (secret, hash, password) { + secret = secret || Hash.getSecrets('form', hash, password); + var keys = secret && secret.keys; + var secondary = keys && keys.secondaryKey; + if (!secondary) { return; } + var curvePair = Nacl.box.keyPair.fromSecretKey(Nacl.util.decodeUTF8(secondary).slice(0,32)); + var ret = {}; + ret.form_public = Nacl.util.encodeBase64(curvePair.publicKey); + var privateKey = ret.form_private = Nacl.util.encodeBase64(curvePair.secretKey); + + var auditorHash = Hash.getViewHashFromKeys({ + version: 1, + channel: secret.channel, + keys: { viewKeyStr: Nacl.util.encodeBase64(keys.cryptKey) } + }); + var _parsed = Hash.parseTypeHash('pad', auditorHash); + ret.form_auditorHash = _parsed.getHash({auditorKey: privateKey}); + + return ret; + }; + // STORAGE Hash.hrefToHexChannelId = function (href, password) { var parsed = Hash.parsePadUrl(href); diff --git a/www/common/drive-ui.js b/www/common/drive-ui.js index b8b734a8c..a06600e81 100644 --- a/www/common/drive-ui.js +++ b/www/common/drive-ui.js @@ -2068,6 +2068,7 @@ define([ // can't share the read-only URL and we don't have access to the edit one. // We should hide the share button. if (!data.href && !ro) { return; } + $shareBlock.click(function () { Share.getShareModal(common, { teamId: APP.team, @@ -4449,6 +4450,18 @@ define([ data = sf ? manager.getSharedFolderData(el) : manager.getFileData(el); } parsed = (data.href && data.href.indexOf('#') !== -1) ? Hash.parsePadUrl(data.href) : {}; + + // Form: get auditor hash + var auditorHash; + if (parsed.hash && parsed.type === "form") { + console.error('ICI'); + var formData = Hash.getFormData(null, parsed.hash, data.password); + console.log(formData); + if (formData) { + auditorHash = formData.form_auditorHash; + } + } + var roParsed = Hash.parsePadUrl(data.roHref); var padType = parsed.type || roParsed.type; var ro = !sf || (folders[el] && folders[el].version >= 2); @@ -4463,6 +4476,7 @@ define([ viewHash: ro && roParsed.hash, fileHash: parsed.hash }, + auditorHash: auditorHash, fileData: { hash: parsed.hash, password: data.password diff --git a/www/form/main.js b/www/form/main.js index 4e6345efc..77f4381d0 100644 --- a/www/form/main.js +++ b/www/form/main.js @@ -31,22 +31,15 @@ define([ meta.form_auditorHash = hash; } - var secondary = keys && keys.secondaryKey; - if (!secondary) { return; } - var curvePair = Nacl.box.keyPair.fromSecretKey(Nacl.util.decodeUTF8(secondary).slice(0,32)); + var formData = Utils.Hash.getFormData(Utils.secret); + if (!formData) { return; } + var validateKey = keys.secondaryValidateKey; meta.form_answerValidateKey = validateKey; - publicKey = meta.form_public = Nacl.util.encodeBase64(curvePair.publicKey); - privateKey = meta.form_private = Nacl.util.encodeBase64(curvePair.secretKey); - - var auditorHash = Utils.Hash.getViewHashFromKeys({ - version: 1, - channel: Utils.secret.channel, - keys: { viewKeyStr: Nacl.util.encodeBase64(keys.cryptKey) } - }); - var _parsed = Utils.Hash.parseTypeHash('pad', auditorHash); - meta.form_auditorHash = _parsed.getHash({auditorKey: privateKey}); + publicKey = meta.form_public = formData.form_public; + privateKey = meta.form_private = formData.form_private; + meta.form_auditorHash = formData.form_auditorHash; }; var addRpc = function (sframeChan, Cryptpad, Utils) { sframeChan.on('EV_FORM_PIN', function (data) {