diff --git a/www/common/common-hash.js b/www/common/common-hash.js index cc4344413..f335d011b 100644 --- a/www/common/common-hash.js +++ b/www/common/common-hash.js @@ -28,6 +28,13 @@ var factory = function (Util, Crypto, Keys, Nacl) { }; }; + Hash.getSignPublicFromPrivate = function (edPrivateSafeStr) { + var edPrivateStr = Crypto.b64AddSlashes(edPrivateSafeStr); + var privateKey = Nacl.util.decodeBase64(edPrivateStr); + var keyPair = Nacl.sign.keyPair.fromSecretKey(privateKey); + return Nacl.util.encodeBase64(keyPair.publicKey); + }; + var getEditHashFromKeys = Hash.getEditHashFromKeys = function (secret) { var version = secret.version; var data = secret.keys; diff --git a/www/common/sframe-common-outer.js b/www/common/sframe-common-outer.js index 27aade357..7253d8f1a 100644 --- a/www/common/sframe-common-outer.js +++ b/www/common/sframe-common-outer.js @@ -28,6 +28,7 @@ define([ var Test; var password; var initialPathInDrive; + var burnAfterReading; var currentPad = window.CryptPad_location = { app: '', @@ -171,6 +172,8 @@ define([ }); var parsed = Utils.Hash.parsePadUrl(currentPad.href); + burnAfterReading = parsed && parsed.hashData && parsed.hashData.ownerKey; + currentPad.app = parsed.type; if (cfg.getSecrets) { var w = waitFor(); @@ -376,6 +379,24 @@ define([ })); }).nThen(done); } + }).nThen(function (waitFor) { + if (!burnAfterReading) { return; } + + // This is a burn after reading URL: make sure our owner key is still valid + try { + var publicKey = Utils.Hash.getSignPublicFromPrivate(burnAfterReading); + Cryptpad.getPadMetadata({ + channel: secret.channel + }, waitFor(function (md) { + if (md && md.error) { return console.error(md.error); } + // If our key is not valid anymore, don't show BAR warning + if (!(md && Array.isArray(md.owners)) || md.owners.indexOf(publicKey) === -1) { + burnAfterReading = null; + } + })); + } catch (e) { + console.error(e); + } }).nThen(function (waitFor) { if (cfg.afterSecrets) { cfg.afterSecrets(Cryptpad, Utils, secret, waitFor(), sframeChan); @@ -402,7 +423,6 @@ define([ } Utils.crypto = Utils.Crypto.createEncryptor(Utils.secret.keys); var parsed = Utils.Hash.parsePadUrl(currentPad.href); - var burnAfterReading = parsed && parsed.hashData && parsed.hashData.ownerKey; if (!parsed.type) { throw new Error(); } var defaultTitle = Utils.UserObject.getDefaultName(parsed); var edPublic, curvePublic, notifications, isTemplate;