From baf71a3c0475e6553825fe04f520e7541d430edb Mon Sep 17 00:00:00 2001 From: yflory Date: Fri, 16 Oct 2020 14:16:09 +0200 Subject: [PATCH] Check if a team's pinning keys are valid --- www/common/outer/team.js | 12 +++++++++++- www/support/ui.js | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/www/common/outer/team.js b/www/common/outer/team.js index 2ba4e30ee..16c439315 100644 --- a/www/common/outer/team.js +++ b/www/common/outer/team.js @@ -1683,6 +1683,16 @@ define([ team.getTeam = function (id) { return ctx.teams[id]; }; + var checkKeyPair = function (edPrivate, edPublic) { + if (!edPrivate || !edPublic) { return true; } + try { + var secretKey = Nacl.util.decodeBase64(edPrivate); + var pair = Nacl.sign.keyPair.fromSecretKey(secretKey); + return Nacl.util.encodeBase64(pair.publicKey) === edPublic; + } catch (e) { + return false; + } + }; team.getTeamsData = function (app) { var t = {}; var safe = false; @@ -1697,7 +1707,7 @@ define([ viewer: !Util.find(teams[id], ['keys', 'drive', 'edPrivate']), notifications: Util.find(teams[id], ['keys', 'mailbox', 'channel']), curvePublic: Util.find(teams[id], ['keys', 'mailbox', 'keys', 'curvePublic']), - + validKeys: checkKeyPair(Util.find(teams[id], ['keys', 'drive', 'edPrivate']), Util.find(teams[id], ['keys', 'drive', 'edPublic'])) }; if (safe && ctx.teams[id]) { t[id].secondaryKey = ctx.teams[id].secondaryKey; diff --git a/www/support/ui.js b/www/support/ui.js index 1cc1ee90e..9b86d6f20 100644 --- a/www/support/ui.js +++ b/www/support/ui.js @@ -46,7 +46,7 @@ define([ var team = teams[key]; if (!teams) { return; } var ret = {}; - ['edPublic', 'owner', 'viewer', 'hasSecondaryKey'].forEach(function (k) { + ['edPublic', 'owner', 'viewer', 'hasSecondaryKey', 'validKeys'].forEach(function (k) { ret[k] = team[k]; }); return ret;