infra
/
cryptpad
2
1
Fork 0
Code Issues Pull Requests Projects Releases 1 Activity

Update rights in inner

pull/1/head
yflory 2019-10-14 12:01:44 +02:00
parent d443c93893
commit a3d273ec47
8 changed files with 141 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
www/common/drive-ui.js
View File

@ -544,7 +544,8 @@ define([
Object.keys(folders).forEach(function (id) {
var f = folders[id];
var sfData = files.sharedFolders[id] || {};
var parsed = Hash.parsePadUrl(sfData.href || sfData.roHref);
var href = manager.user.userObject.getHref(sfData);
var parsed = Hash.parsePadUrl(href);
var secret = Hash.getSecrets('drive', parsed.hash, sfData.password);
manager.addProxy(id, {proxy: f}, null, secret.keys.secondaryKey);
});

2
www/common/outer/mailbox-handlers.js
View File

@ -431,7 +431,7 @@ define([
var team;
Object.keys(myTeams).some(function (k) {
var _team = myTeams[k];
if (_team.channel === content.teamChannel) {
if (_team.channel === content.teamData.channel) {
teamId = k;
team = _team;
return true;

9
www/common/outer/team.js
View File

@ -990,6 +990,7 @@ define([
uo.setReadOnly(!secret.keys.secondaryKey, secret.keys.secondaryKey);
}
});
ctx.updateMetadata();
ctx.emit('ROSTER_CHANGE_RIGHTS', teamId, team.clients);
};
@ -1006,10 +1007,14 @@ define([
teamData.hash = data.hash;
teamData.keys.drive.edPrivate = data.keys.drive.edPrivate;
teamData.keys.chat.edit = data.keys.chat.edit;
var secret = Hash.getSecrets('team', data.hash, teamData.password);
team.secondaryKey = secret && secret.keys.secondaryKey;
} else {
delete teamData.hash;
delete teamData.keys.drive.edPrivate;
delete teamData.keys.chat.edit;
delete team.secondaryKey;
}
updateMyRights(ctx, teamId, data.hash);
@ -1055,14 +1060,14 @@ define([
// Viewer to editor
if (user.role === "VIEWER" && data.data.role !== "VIEWER") {
return void changeEditRights(ctx, teamId, user, true, function (err) {
changeEditRights(ctx, teamId, user, true, function (err) {
return void cb({error: err});
});
}
// Editor to viewer
if (user.role !== "VIEWER" && data.data.role === "VIEWER") {
return void changeEditRights(ctx, teamId, user, false, function (err) {
changeEditRights(ctx, teamId, user, false, function (err) {
return void cb({error: err});
});
}

32
www/common/proxy-manager.js
View File

@ -172,6 +172,22 @@ define([
return data;
};
var getSharedFolderData = function (Env, id) {
if (!Env.folders[id]) { return {}; }
var obj = Env.folders[id].proxy.metadata || {};
for (var k in Env.user.proxy[UserObject.SHARED_FOLDERS][id] || {}) {
var data = JSON.parse(JSON.stringify(Env.user.proxy[UserObject.SHARED_FOLDERS][id][k]));
if (data.href && data.href.indexOf('#') === -1) {
try {
data.href = Env.user.userObject.cryptor.decrypt(data.href);
} catch (e) {}
}
obj[k] = data;
}
return obj;
};
// Transform an absolute path into a path relative to the correct shared folder
var _resolvePath = function (Env, path) {
var res = {
@ -979,6 +995,7 @@ define([
setPadAttribute: callWithEnv(setPadAttribute),
getTagsList: callWithEnv(getTagsList),
getSecureFilesList: callWithEnv(getSecureFilesList),
getSharedFolderData: callWithEnv(getSharedFolderData),
// Store
getChannelsList: callWithEnv(getChannelsList),
addPad: callWithEnv(addPad),
@ -1149,21 +1166,6 @@ define([
return Env.user.userObject.getOwnedPads(Env.edPublic);
};
var getSharedFolderData = function (Env, id) {
if (!Env.folders[id]) { return {}; }
var obj = Env.folders[id].proxy.metadata || {};
for (var k in Env.user.proxy[UserObject.SHARED_FOLDERS][id] || {}) {
var data = JSON.parse(JSON.stringify(Env.user.proxy[UserObject.SHARED_FOLDERS][id][k]));
if (data.href && data.href.indexOf('#') === -1) {
try {
data.href = Env.user.userObject.cryptor.decrypt(data.href);
} catch (e) {}
}
obj[k] = data;
}
return obj;
};
var getFolderData = function (Env, path) {
var resolved = _resolvePath(Env, path);
if (!resolved || !resolved.userObject) { return {}; }

8
www/common/sframe-common-outer.js
View File

@ -433,6 +433,10 @@ define([
Cryptpad.mailbox.execCommand(data, cb);
});
sframeChan.on('Q_STORE_IN_TEAM', function (data, cb) {
Cryptpad.storeInTeam(data, cb);
});
};
addCommonRpc(sframeChan);
@ -465,10 +469,6 @@ define([
setDocumentTitle();
});
sframeChan.on('Q_STORE_IN_TEAM', function (data, cb) {
Cryptpad.storeInTeam(data, cb);
});
sframeChan.on('EV_SET_HASH', function (hash) {
window.location.hash = hash;
});

71
www/common/userObject.js
View File

@ -29,29 +29,46 @@ define([
return name;
};
var createCryptor = module.createCryptor = function (key) {
var cryptor = {};
if (!key) {
cryptor.encrypt = function (x) { return x; };
cryptor.decrypt = function (x) { return x; };
return cryptor;
}
try {
var c = Crypto.createEncryptor(key);
cryptor.encrypt = function (href) {
// Never encrypt blob href, they are always read-only
if (href.slice(0,7) === '/file/#') { return href; }
return c.encrypt(href);
};
cryptor.decrypt = c.decrypt;
} catch (e) {
console.error(e);
}
return cryptor;
};
module.getHref = function (pad, cryptor) {
if (pad.href && pad.href.indexOf('#') !== -1) {
// Href exists and is not encrypted: return href
return pad.href;
}
if (pad.href) {
// Href exists and is encrypted
var d = cryptor.decrypt(pad.href);
// If we can decrypt, return the decrypted value, otherwise continue and return roHref
if (d.indexOf('#') !== -1) {
return d;
}
}
return pad.roHref;
};
module.init = function (files, config) {
var exp = {};
exp.cryptor = {};
var createCryptor = function (key) {
if (!key) {
exp.cryptor.encrypt = function (x) { return x; };
exp.cryptor.decrypt = function (x) { return x; };
return;
}
try {
var c = Crypto.createEncryptor(key);
exp.cryptor.encrypt = function (href) {
// Never encrypt blob href, they are always read-only
if (href.slice(0,7) === '/file/#') { return href; }
return c.encrypt(href);
};
exp.cryptor.decrypt = c.decrypt;
} catch (e) {
console.error(e);
}
};
createCryptor(config.editKey);
exp.cryptor = createCryptor(config.editKey);
exp.setReadOnly = function (state, key) {
config.editKey = key;
@ -124,19 +141,7 @@ define([
};
var getHref = exp.getHref = function (pad) {
if (pad.href && pad.href.indexOf('#') !== -1) {
// Href exists and is not encrypted: return href
return pad.href;
}
if (pad.href) {
// Href exists and is encrypted
var d = exp.cryptor.decrypt(pad.href);
// If we can decrypt, return the decrypted value, otherwise continue and return roHref
if (d.indexOf('#') !== -1) {
return d;
}
}
return pad.roHref;
return module.getHref(pad, exp.cryptor);
};
var type = function (dat) {

3
www/drive/inner.js
View File

@ -44,7 +44,8 @@ define([
nThen(function (waitFor) {
Object.keys(drive.sharedFolders).forEach(function (fId) {
var sfData = drive.sharedFolders[fId] || {};
var parsed = Hash.parsePadUrl(sfData.href || sfData.roHref);
var href = (sfData.href && sfData.href.indexOf('#') !== -1) ? sfData.href : sfData.roHref;
var parsed = Hash.parsePadUrl(href);
var secret = Hash.getSecrets('drive', parsed.hash, sfData.password);
sframeChan.query('Q_DRIVE_GETOBJECT', {
sharedFolder: fId

103
www/teams/inner.js
View File

@ -11,6 +11,7 @@ define([
'/bower_components/nthen/index.js',
'/common/sframe-common.js',
'/common/proxy-manager.js',
'/common/userObject.js',
'/common/hyperscript.js',
'/customize/application_config.js',
'/common/messenger-ui.js',
@ -32,6 +33,7 @@ define([
nThen,
SFCommon,
ProxyManager,
UserObject,
h,
AppConfig,
MessengerUI,
@ -53,7 +55,8 @@ define([
nThen(function (waitFor) {
Object.keys(drive.sharedFolders).forEach(function (fId) {
var sfData = drive.sharedFolders[fId] || {};
var parsed = Hash.parsePadUrl(sfData.href || sfData.roHref);
var href = UserObject.getHref(sfData, APP.cryptor);
var parsed = Hash.parsePadUrl(href);
var secret = Hash.getSecrets('drive', parsed.hash, sfData.password);
sframeChan.query('Q_DRIVE_GETOBJECT', {
sharedFolder: fId
@ -78,6 +81,30 @@ define([
var setEditable = DriveUI.setEditable;
var closeTeam = function (common, cb) {
var sframeChan = common.getSframeChannel();
APP.module.execCommand('SUBSCRIBE', null, function () {
sframeChan.query('Q_SET_TEAM', null, function (err) {
if (err) { return void console.error(err); }
if (APP.drive && APP.drive.close) { APP.drive.close(); }
$('.cp-toolbar-title-value').text(Messages.type.teams);
sframeChan.event('EV_SET_TAB_TITLE', Messages.type.teams);
APP.team = null;
APP.teamEdPublic = null;
APP.drive = null;
APP.cryptor = null;
APP.buildUI(common);
if (APP.usageBar) {
APP.usageBar.stop();
APP.usageBar = null;
}
if (cb) {
cb(common);
}
});
});
};
var mainCategories = {
'list': [
'cp-team-list',
@ -92,23 +119,7 @@ define([
var teamCategories = {
'back': {
onClick: function (common) {
var sframeChan = common.getSframeChannel();
APP.module.execCommand('SUBSCRIBE', null, function () {
sframeChan.query('Q_SET_TEAM', null, function (err) {
if (err) { return void console.error(err); }
if (APP.drive && APP.drive.close) { APP.drive.close(); }
$('.cp-toolbar-title-value').text(Messages.type.teams);
sframeChan.event('EV_SET_TAB_TITLE', Messages.type.teams);
APP.team = null;
APP.teamEdPublic = null;
APP.drive = null;
APP.buildUI(common);
if (APP.usageBar) {
APP.usageBar.stop();
APP.usageBar = null;
}
});
});
closeTeam(common);
}
},
'drive': [
@ -311,8 +322,26 @@ define([
});
var MAX_TEAMS_SLOTS = Constants.MAX_TEAMS_SLOTS;
var refreshList = function (common, cb) {
var openTeam = function (common, id, team) {
var sframeChan = common.getSframeChannel();
APP.module.execCommand('SUBSCRIBE', id, function () {
var t = Messages._getKey('team_title', [Util.fixHTML(team.metadata.name)]);
sframeChan.query('Q_SET_TEAM', id, function (err) {
if (err) { return void console.error(err); }
// Change title
$('.cp-toolbar-title-value').text(t);
sframeChan.event('EV_SET_TAB_TITLE', t);
// Get secondary key
var secret = Hash.getSecrets('team', team.hash || team.roHash, team.password);
APP.cryptor = UserObject.createCryptor(secret.keys.secondaryKey);
// Load data
APP.team = id;
APP.teamEdPublic = Util.find(team, ['keys', 'drive', 'edPublic']);
buildUI(common, true, team.owner);
});
});
};
var refreshList = function (common, cb) {
var content = [];
APP.module.execCommand('LIST_TEAMS', null, function (obj) {
if (!obj) { return; }
@ -348,19 +377,7 @@ define([
]));
common.displayAvatar($(avatar), team.metadata.avatar, team.metadata.name);
$(btn).click(function () {
APP.module.execCommand('SUBSCRIBE', id, function () {
var t = Messages._getKey('team_title', [Util.fixHTML(team.metadata.name)]);
sframeChan.query('Q_SET_TEAM', id, function (err) {
if (err) { return void console.error(err); }
// Change title
$('.cp-toolbar-title-value').text(t);
sframeChan.event('EV_SET_TAB_TITLE', t);
// Load data
APP.team = id;
APP.teamEdPublic = Util.find(team, ['keys', 'drive', 'edPublic']);
buildUI(common, true, team.owner);
});
});
openTeam(common, id, team);
});
});
content.push(h('div.cp-team-list-container', list));
@ -506,7 +523,7 @@ define([
var $actions = $(actions);
var isMe = me && me.curvePublic === data.curvePublic;
var myRole = me ? (ROLES.indexOf(me.role) || 1) : -1;
var theirRole = ROLES.indexOf(data.role) || 1;
var theirRole = ROLES.indexOf(data.role);
var ADMIN = ROLES.indexOf('ADMIN');
// If they're an admin and I am an owner, I can promote them to owner
if (!isMe && myRole > theirRole && theirRole === ADMIN && !data.pending) {
@ -895,6 +912,22 @@ define([
]);
}, true);
var redrawTeam = function (common) {
if (!APP.team) { return; }
var teamId = APP.team;
var name = $('.cp-toolbar-title-value').text();
APP.module.execCommand('LIST_TEAMS', null, function (obj) {
if (!obj) { return; }
if (obj.error) { return void console.error(obj.error); }
var team = obj[teamId];
if (!team) { return; }
closeTeam(common, function () {
openTeam(common, teamId, team);
});
});
};
var main = function () {
var common;
var readOnly;
@ -961,6 +994,10 @@ define([
}
return;
}
if (ev === 'ROSTER_CHANGE_RIGHTS') {
redrawTeam(common);
return;
}
};
APP.module = common.makeUniversal('team', {