From 0f81f96259a7c216e20d1eabae87746d92bc3c71 Mon Sep 17 00:00:00 2001 From: yflory Date: Thu, 9 Jul 2020 15:10:46 +0200 Subject: [PATCH 1/2] Don't show burn after reading messages if your link isn't valid anymore --- www/common/sframe-common-outer.js | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/www/common/sframe-common-outer.js b/www/common/sframe-common-outer.js index 27aade357..b6f2f72d5 100644 --- a/www/common/sframe-common-outer.js +++ b/www/common/sframe-common-outer.js @@ -28,6 +28,7 @@ define([ var Test; var password; var initialPathInDrive; + var burnAfterReading; var currentPad = window.CryptPad_location = { app: '', @@ -171,6 +172,8 @@ define([ }); var parsed = Utils.Hash.parsePadUrl(currentPad.href); + burnAfterReading = parsed && parsed.hashData && parsed.hashData.ownerKey; + currentPad.app = parsed.type; if (cfg.getSecrets) { var w = waitFor(); @@ -376,6 +379,27 @@ define([ })); }).nThen(done); } + }).nThen(function (waitFor) { + if (!burnAfterReading) { return; } + + // This is a burn after reading URL: make sure our owner key is still valid + try { + var nacl = window.nacl; + var key = nacl.util.decodeBase64(Crypto.b64AddSlashes(burnAfterReading)); + var kp = nacl.sign.keyPair.fromSecretKey(key); + var publicKey = nacl.util.encodeBase64(kp.publicKey); + Cryptpad.getPadMetadata({ + channel: secret.channel + }, waitFor(function (md) { + if (md && md.error) { return console.error(md.error); } + // If our key is not valid anymore, don't show BAR warning + if (!(md && Array.isArray(md.owners)) || md.owners.indexOf(publicKey) === -1) { + burnAfterReading = null; + } + })); + } catch (e) { + console.error(e); + } }).nThen(function (waitFor) { if (cfg.afterSecrets) { cfg.afterSecrets(Cryptpad, Utils, secret, waitFor(), sframeChan); @@ -402,7 +426,6 @@ define([ } Utils.crypto = Utils.Crypto.createEncryptor(Utils.secret.keys); var parsed = Utils.Hash.parsePadUrl(currentPad.href); - var burnAfterReading = parsed && parsed.hashData && parsed.hashData.ownerKey; if (!parsed.type) { throw new Error(); } var defaultTitle = Utils.UserObject.getDefaultName(parsed); var edPublic, curvePublic, notifications, isTemplate; From 476d968660150ef548027584e1b9999af147baff Mon Sep 17 00:00:00 2001 From: yflory Date: Thu, 9 Jul 2020 17:09:52 +0200 Subject: [PATCH 2/2] Move the 'signing key' code for BAR into common-hash --- www/common/common-hash.js | 7 +++++++ www/common/sframe-common-outer.js | 5 +---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/www/common/common-hash.js b/www/common/common-hash.js index cc4344413..f335d011b 100644 --- a/www/common/common-hash.js +++ b/www/common/common-hash.js @@ -28,6 +28,13 @@ var factory = function (Util, Crypto, Keys, Nacl) { }; }; + Hash.getSignPublicFromPrivate = function (edPrivateSafeStr) { + var edPrivateStr = Crypto.b64AddSlashes(edPrivateSafeStr); + var privateKey = Nacl.util.decodeBase64(edPrivateStr); + var keyPair = Nacl.sign.keyPair.fromSecretKey(privateKey); + return Nacl.util.encodeBase64(keyPair.publicKey); + }; + var getEditHashFromKeys = Hash.getEditHashFromKeys = function (secret) { var version = secret.version; var data = secret.keys; diff --git a/www/common/sframe-common-outer.js b/www/common/sframe-common-outer.js index b6f2f72d5..7253d8f1a 100644 --- a/www/common/sframe-common-outer.js +++ b/www/common/sframe-common-outer.js @@ -384,10 +384,7 @@ define([ // This is a burn after reading URL: make sure our owner key is still valid try { - var nacl = window.nacl; - var key = nacl.util.decodeBase64(Crypto.b64AddSlashes(burnAfterReading)); - var kp = nacl.sign.keyPair.fromSecretKey(key); - var publicKey = nacl.util.encodeBase64(kp.publicKey); + var publicKey = Utils.Hash.getSignPublicFromPrivate(burnAfterReading); Cryptpad.getPadMetadata({ channel: secret.channel }, waitFor(function (md) {