diff --git a/www/common/common-hash.js b/www/common/common-hash.js index 48d0e622f..3a58a24b6 100644 --- a/www/common/common-hash.js +++ b/www/common/common-hash.js @@ -418,7 +418,7 @@ Version 1 }); return weaker; }; - var findStronger = Hash.findStronger = function (href, recents, password) { + Hash.findStronger = function (href, recents, password) { var rHref = href || getRelativeHref(window.location.href); var parsed = parsePadUrl(rHref, password); if (!parsed.hash) { return false; } diff --git a/www/common/common-ui-elements.js b/www/common/common-ui-elements.js index 9cfe64076..3cf902a1a 100644 --- a/www/common/common-ui-elements.js +++ b/www/common/common-ui-elements.js @@ -180,7 +180,7 @@ define([ if (common.isLoggedIn() && AppConfig.enablePinning) { // check the size of this file... - common.getFileSize(data.href, function (e, bytes) { + common.getFileSize(data.href, data.password, function (e, bytes) { if (e) { // there was a problem with the RPC console.error(e); @@ -1146,7 +1146,8 @@ define([ var cryptKey = secret.keys && secret.keys.fileKeyStr; var hexFileName = Util.base64ToHex(secret.channel); var src = Hash.getBlobPathFromHex(hexFileName); - Common.getFileSize(href, function (e, data) { + // No password for avatars + Common.getFileSize(href, null, function (e, data) { if (e) { displayDefault(); return void console.error(e); @@ -2219,12 +2220,8 @@ define([ } }); }; - $(input).on('keydown', function (e) { - if (e.which === 13) { submit(); } - }) - $(button).on('click', function () { - submit(); - }) + $(input).on('keydown', function (e) { if (e.which === 13) { submit(); } }); + $(button).on('click', function () { submit(); }); var block = h('div#cp-loading-password-prompt', [ diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js index dbc69198b..cbc469610 100644 --- a/www/common/cryptpad-common.js +++ b/www/common/cryptpad-common.js @@ -246,8 +246,8 @@ define([ }); }; - common.getFileSize = function (href, cb) { - postMessage("GET_FILE_SIZE", {href: href}, function (obj) { + common.getFileSize = function (href, password, cb) { + postMessage("GET_FILE_SIZE", {href: href, password: password}, function (obj) { if (obj && obj.error) { return void cb(obj.error); } cb(undefined, obj.size); }); @@ -447,7 +447,7 @@ define([ optsPut.password = password; })); } - }).nThen(function (waitFor) { + }).nThen(function () { Crypt.get(parsed.hash, function (err, val) { if (err) { throw new Error(err); } Crypt.put(parsed2.hash, val, cb, optsPut); @@ -843,18 +843,21 @@ define([ window.onhashchange = function (ev) { if (ev && ev.reset) { oldHref = document.location.href; return; } var newHref = document.location.href; - var parsedOld = Hash.parsePadUrl(oldHref).hashData; - var parsedNew = Hash.parsePadUrl(newHref).hashData; - if (parsedOld && parsedNew && ( + // Password not needed here since we don't access hashData + var parsedOld = Hash.parsePadUrl(oldHref); + var parsedNew = Hash.parsePadUrl(newHref); + if (parsedOld.hashData && parsedNew.hashData && + parsedOld.getUrl() !== parsedNew.getUrl()) { + /*parseOld && parsedNew && ( parsedOld.type !== parsedNew.type || parsedOld.channel !== parsedNew.channel || parsedOld.mode !== parsedNew.mode - || parsedOld.key !== parsedNew.key)) { - if (!parsedOld.channel) { oldHref = newHref; return; } + || parsedOld.key !== parsedNew.key)) {*/ + if (!parsedOld.hashData.channel) { oldHref = newHref; return; } document.location.reload(); return; } - if (parsedNew) { oldHref = newHref; } + if (parsedNew.hashData) { oldHref = newHref; } }; // Listen for login/logout in other tabs window.addEventListener('storage', function (e) { diff --git a/www/common/diffMarked.js b/www/common/diffMarked.js index 47e869fc9..80c9c4b79 100644 --- a/www/common/diffMarked.js +++ b/www/common/diffMarked.js @@ -41,6 +41,7 @@ define([ }; renderer.image = function (href, title, text) { if (href.slice(0,6) === '/file/') { + // PASSWORD_FILES var parsed = Hash.parsePadUrl(href); var hexFileName = Util.base64ToHex(parsed.hashData.channel); var src = '/blob/' + hexFileName.slice(0,2) + '/' + hexFileName; diff --git a/www/common/outer/async-store.js b/www/common/outer/async-store.js index 2ce6d58f2..e6cb10955 100644 --- a/www/common/outer/async-store.js +++ b/www/common/outer/async-store.js @@ -81,16 +81,17 @@ define([ var d = store.userObject.getFileData(id); if (d.owners && d.owners.length && edPublic && d.owners.indexOf(edPublic) === -1) { return; } - return Hash.hrefToHexChannelId(d.href); + return Hash.hrefToHexChannelId(d.href, d.password); }) .filter(function (x) { return x; }); // Get the avatar var profile = store.proxy.profile; if (profile) { - var profileChan = profile.edit ? Hash.hrefToHexChannelId('/profile/#' + profile.edit) : null; + // No password for profile or avatar + var profileChan = profile.edit ? Hash.hrefToHexChannelId('/profile/#' + profile.edit, null) : null; if (profileChan) { list.push(profileChan); } - var avatarChan = profile.avatar ? Hash.hrefToHexChannelId(profile.avatar) : null; + var avatarChan = profile.avatar ? Hash.hrefToHexChannelId(profile.avatar, null) : null; if (avatarChan) { list.push(avatarChan); } } @@ -115,7 +116,7 @@ define([ // because of the expiration time if ((data.owners && data.owners.length && data.owners.indexOf(edPublic) === -1) || (data.expire && data.expire < (+new Date()))) { - list.push(Hash.hrefToHexChannelId(data.href)); + list.push(Hash.hrefToHexChannelId(data.href, data.password)); } }); return list; @@ -303,7 +304,7 @@ define([ Store.getFileSize = function (data, cb) { if (!store.anon_rpc) { return void cb({error: 'ANON_RPC_NOT_READY'}); } - var channelId = Hash.hrefToHexChannelId(data.href); + var channelId = Hash.hrefToHexChannelId(data.href, data.password); store.anon_rpc.send("GET_FILE_SIZE", channelId, function (e, response) { if (e) { return void cb({error: e}); } if (response && response.length && typeof(response[0]) === 'number') { @@ -403,6 +404,7 @@ define([ var makePad = function (href, title) { var now = +new Date(); + // Password not needed here since we only need the type return { href: href, atime: now, @@ -434,14 +436,16 @@ define([ // Push channels owned by someone else or channel that should have expired // because of the expiration time if (data.owners && data.owners.length === 1 && data.owners.indexOf(edPublic) !== -1) { - list.push(Hash.hrefToHexChannelId(data.href)); + list.push(Hash.hrefToHexChannelId(data.href, data.password)); } }); if (store.proxy.todo) { - list.push(Hash.hrefToHexChannelId('/todo/#' + store.proxy.todo)); + // No password for todo + list.push(Hash.hrefToHexChannelId('/todo/#' + store.proxy.todo, null)); } if (store.proxy.profile && store.proxy.profile.edit) { - list.push(Hash.hrefToHexChannelId('/profile/#' + store.proxy.profile.edit)); + // No password for todo + list.push(Hash.hrefToHexChannelId('/profile/#' + store.proxy.profile.edit, null)); } return list; }; @@ -615,6 +619,7 @@ define([ }); }; Store.getPadAttribute = function (data, cb) { + console.log(data.href, data.attr); store.userObject.getPadAttribute(data.href, data.attr, function (err, val) { if (err) { return void cb({error: err}); } cb(val); @@ -680,7 +685,8 @@ define([ Store.setPadTitle = function (data, cb) { var title = data.title; var href = data.href; - var p = Hash.parsePadUrl(href); + var padData = store.userObject.getFileData(store.userObject.getIdFromHref(href)); + var p = Hash.parsePadUrl(href, padData && padData.password); var h = p.hashData; if (AppConfig.disableAnonymousStore && !store.loggedIn) { return void cb(); } @@ -707,7 +713,7 @@ define([ var pad = allPads[id]; if (!pad.href) { continue; } - var p2 = Hash.parsePadUrl(pad.href); + var p2 = Hash.parsePadUrl(pad.href, pad.password); var h2 = p2.hashData; // Different types, proceed to the next one @@ -788,7 +794,7 @@ define([ }; store.userObject.getFiles(where).forEach(function (id) { var data = store.userObject.getFileData(id); - var parsed = Hash.parsePadUrl(data.href); + var parsed = Hash.parsePadUrl(data.href, data.password); if ((!types || types.length === 0 || types.indexOf(parsed.type) !== -1) && hashes.indexOf(parsed.hash) === -1 && !isFiltered(parsed.type, data)) { diff --git a/www/common/outer/userObject.js b/www/common/outer/userObject.js index dadbfb463..0fc4099ec 100644 --- a/www/common/outer/userObject.js +++ b/www/common/outer/userObject.js @@ -75,7 +75,7 @@ define([ return void todo(); } if (!pinPads) { return; } - pinPads([Hash.hrefToHexChannelId(data.href)], function (obj) { + pinPads([Hash.hrefToHexChannelId(data.href, data.password)], function (obj) { if (obj && obj.error) { return void cb(obj.error); } todo(); }); @@ -98,7 +98,7 @@ define([ exp.getFiles([FILES_DATA]).forEach(function (id) { if (filesList.indexOf(id) === -1) { var fd = exp.getFileData(id); - var channelId = fd && fd.href && Hash.hrefToHexChannelId(fd.href); + var channelId = fd && fd.href && Hash.hrefToHexChannelId(fd.href, fd.password); // If trying to remove an owned pad, remove it from server also if (!isOwnPadRemoved && fd.owners && fd.owners.indexOf(edPublic) !== -1 && channelId) { @@ -565,6 +565,7 @@ define([ if (/^https*:\/\//.test(el.href)) { el.href = Hash.getRelativeHref(el.href); } if (!el.ctime) { el.ctime = el.atime; } + // Password not needed here since we only need the type and hash var parsed = Hash.parsePadUrl(el.href); if (!el.title) { el.title = Hash.getDefaultName(parsed); } if (!parsed.hash) { diff --git a/www/common/sframe-app-framework.js b/www/common/sframe-app-framework.js index b7fb0b286..274069507 100644 --- a/www/common/sframe-app-framework.js +++ b/www/common/sframe-app-framework.js @@ -315,7 +315,7 @@ define([ privateDat.availableHashes.viewHash; var href = privateDat.pathname + '#' + hash; if (AppConfig.textAnalyzer && textContentGetter) { - var channelId = Hash.hrefToHexChannelId(href); + var channelId = Hash.hrefToHexChannelId(href, privateDat.password); AppConfig.textAnalyzer(textContentGetter, channelId); } diff --git a/www/common/sframe-common-codemirror.js b/www/common/sframe-common-codemirror.js index 4386e22f0..19b4c7ae0 100644 --- a/www/common/sframe-common-codemirror.js +++ b/www/common/sframe-common-codemirror.js @@ -332,6 +332,7 @@ define([ //var cursor = editor.getCursor(); //var cleanName = data.name.replace(/[\[\]]/g, ''); //var text = '!['+cleanName+']('+data.url+')'; + // PASSWORD_FILES var parsed = Hash.parsePadUrl(data.url); var hexFileName = Util.base64ToHex(parsed.hashData.channel); var src = '/blob/' + hexFileName.slice(0,2) + '/' + hexFileName; diff --git a/www/common/sframe-common-outer.js b/www/common/sframe-common-outer.js index 990208ee3..6ab878a27 100644 --- a/www/common/sframe-common-outer.js +++ b/www/common/sframe-common-outer.js @@ -122,6 +122,7 @@ define([ }); })); } else { + // Password not needed here since we only want to know if we need a password var parsed = Utils.Hash.parsePadUrl(window.location.href); var todo = function () { secret = Utils.Hash.getSecrets(parsed.type, void 0, password); @@ -133,6 +134,7 @@ define([ var needPassword = parsed.hashData && parsed.hashData.password; if (needPassword) { Cryptpad.getPadAttribute('password', waitFor(function (err, val) { + console.log(val); if (val) { // We already know the password, use it! password = val; @@ -158,7 +160,7 @@ define([ }); sframeChan.event("EV_PAD_PASSWORD"); } - })); + }), parsed.getUrl()); return; } // If no password, continue... @@ -182,7 +184,7 @@ define([ secret.keys = secret.key; readOnly = false; } - var parsed = Utils.Hash.parsePadUrl(window.location.href); + var parsed = Utils.Hash.parsePadUrl(window.location.href, password); if (!parsed.type) { throw new Error(); } var defaultTitle = Utils.Hash.getDefaultName(parsed); var edPublic; @@ -224,7 +226,8 @@ define([ }, isNewFile: isNewFile, isDeleted: isNewFile && window.location.hash.length > 0, - forceCreationScreen: forceCreationScreen + forceCreationScreen: forceCreationScreen, + password: password }; for (var k in additionalPriv) { metaObj.priv[k] = additionalPriv[k]; } @@ -292,6 +295,7 @@ define([ sframeChan.on('Q_SET_PAD_TITLE_IN_DRIVE', function (newTitle, cb) { currentTitle = newTitle; setDocumentTitle(); + Cryptpad.setNewPadPassword(password); Cryptpad.setPadTitle(newTitle, undefined, undefined, function (err) { cb(err); }); @@ -414,10 +418,12 @@ define([ // Present mode URL sframeChan.on('Q_PRESENT_URL_GET_VALUE', function (data, cb) { + // Password not needed here since we only need something directly in the hash var parsed = Utils.Hash.parsePadUrl(window.location.href); cb(parsed.hashData && parsed.hashData.present); }); sframeChan.on('EV_PRESENT_URL_SET_VALUE', function (data) { + // Password not needed here var parsed = Utils.Hash.parsePadUrl(window.location.href); window.location.href = parsed.getUrl({ embed: parsed.hashData.embed, @@ -510,6 +516,7 @@ define([ }); }); var getKey = function (href) { + // Password not needed here. We use the fake channel id for thumbnails at the moment var parsed = Utils.Hash.parsePadUrl(href); return 'thumbnail-' + parsed.type + '-' + parsed.hashData.channel; }; @@ -707,7 +714,7 @@ define([ sframeChan.on('Q_CREATE_PAD', function (data, cb) { if (!isNewFile || rtStarted) { return; } // Create a new hash - var password = data.password; + password = data.password; var newHash = Utils.Hash.createRandomHash(parsed.type, password); secret = Utils.Hash.getSecrets(parsed.type, newHash, password); @@ -721,7 +728,7 @@ define([ ohc({reset: true}); // Update metadata values and send new metadata inside - parsed = Utils.Hash.parsePadUrl(window.location.href); + parsed = Utils.Hash.parsePadUrl(window.location.href, password); defaultTitle = Utils.Hash.getDefaultName(parsed); hashes = Utils.Hash.getHashes(secret); readOnly = false; diff --git a/www/common/sframe-common.js b/www/common/sframe-common.js index 444ee40e7..77308aacd 100644 --- a/www/common/sframe-common.js +++ b/www/common/sframe-common.js @@ -113,8 +113,8 @@ define([ return ''; }; funcs.getMediatagFromHref = function (href) { + // PASSWORD_FILES var parsed = Hash.parsePadUrl(href); - // FILE_HASHES2 var secret = Hash.getSecrets('file', parsed.hash); var data = ctx.metadataMgr.getPrivateData(); if (secret.keys && secret.channel) { @@ -127,8 +127,8 @@ define([ } return; }; - funcs.getFileSize = function (href, cb) { - var channelId = Hash.hrefToHexChannelId(href); + funcs.getFileSize = function (href, password, cb) { + var channelId = Hash.hrefToHexChannelId(href, password); funcs.sendAnonRpcMsg("GET_FILE_SIZE", channelId, function (data) { if (!data) { return void cb("No response"); } if (data.error) { return void cb(data.error); } @@ -431,12 +431,8 @@ define([ UI.log(data.logText); }); - ctx.sframeChan.on("EV_PAD_PASSWORD", function (data) { + ctx.sframeChan.on("EV_PAD_PASSWORD", function () { UIElements.displayPasswordPrompt(funcs); - /*UI.prompt("Password?", "", function (val) { - ctx.sframeChan.event("EV_PAD_PASSWORD_VALUE", val); - }); - $('div.alertify').last().css("z-index", Number.MAX_SAFE_INTEGER);*/ }); ctx.metadataMgr.onReady(waitFor()); diff --git a/www/common/toolbar3.js b/www/common/toolbar3.js index 905551d77..54cc6df6c 100644 --- a/www/common/toolbar3.js +++ b/www/common/toolbar3.js @@ -578,7 +578,7 @@ define([ var o = pd.origin; var hashes = pd.availableHashes; var url = pd.origin + pd.pathname + '#' + (hashes.editHash || hashes.viewHash); - var cid = Hash.hrefToHexChannelId(url); + var cid = Hash.hrefToHexChannelId(url, pd.password); Common.sendAnonRpcMsg('IS_CHANNEL_PINNED', cid, function (x) { if (x.error || !Array.isArray(x.response)) { return void console.log(x); } if (x.response[0] === true) { diff --git a/www/common/userObject.js b/www/common/userObject.js index 4f7f03b23..f38c7d219 100644 --- a/www/common/userObject.js +++ b/www/common/userObject.js @@ -78,6 +78,7 @@ define([ exp.isReadOnlyFile = function (element) { if (!isFile(element)) { return false; } var data = exp.getFileData(element); + // Password not needed var parsed = Hash.parsePadUrl(data.href); if (!parsed) { return false; } var pHash = parsed.hashData; @@ -387,7 +388,7 @@ define([ var channels64 = channels.slice().map(Util.hexToBase64); return getFiles([FILES_DATA]).filter(function (k) { var data = allFilesList[k]; - var parsed = Hash.parsePadUrl(data.href); + var parsed = Hash.parsePadUrl(data.href, data.password); return parsed.hashData && channels64.indexOf(parsed.hashData.channel) !== -1; }); }; diff --git a/www/drive/inner.js b/www/drive/inner.js index 08c067183..5ec1cf901 100644 --- a/www/drive/inner.js +++ b/www/drive/inner.js @@ -1264,6 +1264,7 @@ define([ var data = filesOp.getFileData(element); if (!data) { return void logError("No data for the file", element); } + // Password not needed var hrefData = Hash.parsePadUrl(data.href); if (hrefData.type) { $span.addClass('cp-border-color-'+hrefData.type); @@ -1835,6 +1836,7 @@ define([ var data = filesOp.getFileData(id); if (!data) { return ''; } if (prop === 'type') { + // Password not needed var hrefData = Hash.parsePadUrl(data.href); return hrefData.type; } @@ -1870,6 +1872,7 @@ define([ }; } if (prop === 'type') { + // Password not needed var hrefData = Hash.parsePadUrl(e.href); return hrefData.type; } @@ -2093,6 +2096,7 @@ define([ filesList.forEach(function (r) { r.paths.forEach(function (path) { var href = r.data.href; + // Password not needed var parsed = Hash.parsePadUrl(href); var $table = $(''); var $icon = $('
', {'rowspan': '3', 'class': 'cp-app-drive-search-icon'}) @@ -2649,6 +2653,7 @@ define([ if (!filesOp.isFile(id)) { return; } var data = filesOp.getFileData(id); if (!data) { return; } + // Password not needed var parsed = Hash.parsePadUrl(data.href); if (parsed.hashData.type !== "pad") { return; } var i = data.href.indexOf('#') + 1; diff --git a/www/file/inner.js b/www/file/inner.js index 98a77f647..e7cedab71 100644 --- a/www/file/inner.js +++ b/www/file/inner.js @@ -232,7 +232,8 @@ define([ $dlform.find('#cp-app-file-dlfile, #cp-app-file-dlprogress').click(onClick); }; var href = priv.origin + priv.pathname + priv.filehash; - common.getFileSize(href, function (e, data) { + // PASSWORD_FILES + common.getFileSize(href, null, function (e, data) { if (e) { return void UI.errorLoadingScreen(e); } diff --git a/www/filepicker/inner.js b/www/filepicker/inner.js index fa844ab27..194b56bd0 100644 --- a/www/filepicker/inner.js +++ b/www/filepicker/inner.js @@ -40,6 +40,7 @@ define([ var parsed = Hash.parsePadUrl(data.url); hideFileDialog(); if (parsed.type === 'file') { + // PASSWORD_FILES var hexFileName = Util.base64ToHex(parsed.hashData.channel); var src = '/blob/' + hexFileName.slice(0,2) + '/' + hexFileName; sframeChan.event("EV_FILE_PICKED", { diff --git a/www/pad/inner.js b/www/pad/inner.js index d77770ce9..b144c0462 100644 --- a/www/pad/inner.js +++ b/www/pad/inner.js @@ -459,6 +459,7 @@ define([ ckeditor: editor, body: $('body'), onUploaded: function (ev, data) { + // PASSWORD_FILES var parsed = Hash.parsePadUrl(data.url); var hexFileName = Util.base64ToHex(parsed.hashData.channel); var src = '/blob/' + hexFileName.slice(0,2) + '/' + hexFileName; diff --git a/www/profile/main.js b/www/profile/main.js index 90557d793..1d6e2974d 100644 --- a/www/profile/main.js +++ b/www/profile/main.js @@ -79,7 +79,7 @@ define([ var addRpc = function (sframeChan, Cryptpad, Utils) { // Adding a new avatar from the profile: pin it and store it in the object sframeChan.on('Q_PROFILE_AVATAR_ADD', function (data, cb) { - var chanId = Utils.Hash.hrefToHexChannelId(data); + var chanId = Utils.Hash.hrefToHexChannelId(data, null); Cryptpad.pinPads([chanId], function (e) { if (e) { return void cb(e); } Cryptpad.setAvatar(data, cb); @@ -87,7 +87,7 @@ define([ }); // Removing the avatar from the profile: unpin it sframeChan.on('Q_PROFILE_AVATAR_REMOVE', function (data, cb) { - var chanId = Utils.Hash.hrefToHexChannelId(data); + var chanId = Utils.Hash.hrefToHexChannelId(data, null); Cryptpad.unpinPads([chanId], function () { Cryptpad.setAvatar(undefined, cb); }); diff --git a/www/slide/inner.js b/www/slide/inner.js index 76dfeceda..18b7da4e3 100644 --- a/www/slide/inner.js +++ b/www/slide/inner.js @@ -500,9 +500,7 @@ define([ dropArea: $('.CodeMirror'), body: $('body'), onUploaded: function (ev, data) { - //var cursor = editor.getCursor(); - //var cleanName = data.name.replace(/[\[\]]/g, ''); - //var text = '!['+cleanName+']('+data.url+')'; + // PASSWORD_FILES var parsed = Hash.parsePadUrl(data.url); var hexFileName = Util.base64ToHex(parsed.hashData.channel); var src = '/blob/' + hexFileName.slice(0,2) + '/' + hexFileName;