From bf5565799386643324189bf12e3bfa334123bb12 Mon Sep 17 00:00:00 2001 From: yflory Date: Fri, 5 Oct 2018 18:06:11 +0200 Subject: [PATCH] Password-protected shared folders --- www/common/common-ui-elements.js | 2 +- www/common/cryptpad-common.js | 1 + www/common/proxy-manager.js | 21 +++++++++++++++------ www/common/sframe-common-outer.js | 4 ++++ www/common/userObject.js | 12 ++++++++++++ www/drive/inner.js | 10 +++++----- www/drive/main.js | 23 ++++++----------------- 7 files changed, 44 insertions(+), 29 deletions(-) diff --git a/www/common/common-ui-elements.js b/www/common/common-ui-elements.js index 1f7884110..6eaa82aae 100644 --- a/www/common/common-ui-elements.js +++ b/www/common/common-ui-elements.js @@ -156,7 +156,7 @@ define([ } var parsed = Hash.parsePadUrl(data.href || data.roHref); - if (owned && parsed.hashData.type === 'pad') { + if (!data.noEditPassword && owned && parsed.hashData.type === 'pad') { var sframeChan = common.getSframeChannel(); var changePwTitle = Messages.properties_changePassword; var changePwConfirm = Messages.properties_confirmChange; diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js index 6ccbf2a81..cabab6ca4 100644 --- a/www/common/cryptpad-common.js +++ b/www/common/cryptpad-common.js @@ -128,6 +128,7 @@ define([ href: '/drive/#' + Hash.getEditHashFromKeys(secret), roHref: '/drive/#' + Hash.getViewHashFromKeys(secret), channel: secret.channel, + password: secret.password, ctime: +new Date() } }, cb); diff --git a/www/common/proxy-manager.js b/www/common/proxy-manager.js index f035c96b5..98dc48c23 100644 --- a/www/common/proxy-manager.js +++ b/www/common/proxy-manager.js @@ -386,14 +386,14 @@ define([ if (data.folderData) { return; } // Folder creation - var hash = Hash.createRandomHash('drive'); - var href = '/drive/#' + hash; - var secret = Hash.getSecrets('drive', hash); + var hash = Hash.createRandomHash('drive', data.password); + var secret = Hash.getSecrets('drive', hash, data.password); + var hashes = Hash.getHashes(secret); folderData = { - href: href, - roHref: '/drive/#' + Hash.getViewHashFromKeys(secret), + href: '/drive/#' + hashes.editHash, + roHref: '/drive/#' + hashes.viewHash, channel: secret.channel, - ctime: +new Date() + ctime: +new Date(), }; if (data.password) { folderData.password = data.password; } if (data.owned) { folderData.owners = [Env.edPublic]; } @@ -541,6 +541,11 @@ define([ // Set the value everywhere the given pad is stored (main and shared folders) var setPadAttribute = function (Env, data, cb) { cb = cb || function () {}; + if (!data.attr || !data.attr.trim()) { return void cb("E_INVAL_ATTR"); } + var sfId = Env.user.userObject.getSFIdFromHref(data.href); + if (sfId) { + Env.user.proxy[UserObject.SHARED_FOLDERS][sfId][data.attr] = data.value; + } var datas = findHref(Env, data.href); var nt = nThen; datas.forEach(function (d) { @@ -557,6 +562,10 @@ define([ // correct one. var getPadAttribute = function (Env, data, cb) { cb = cb || function () {}; + var sfId = Env.user.userObject.getSFIdFromHref(data.href); + if (sfId) { + return void cb(null, Env.user.proxy[UserObject.SHARED_FOLDERS][sfId][data.attr]); + } var datas = findHref(Env, data.href); var nt = nThen; var res = {}; diff --git a/www/common/sframe-common-outer.js b/www/common/sframe-common-outer.js index e07bc7558..7960e596c 100644 --- a/www/common/sframe-common-outer.js +++ b/www/common/sframe-common-outer.js @@ -204,6 +204,10 @@ define([ // If no password, continue... todo(); } + }).nThen(function (waitFor) { + if (cfg.afterSecrets) { + cfg.afterSecrets(Cryptpad, Utils, secret, waitFor()); + } }).nThen(function (waitFor) { // Check if the pad exists on server if (!window.location.hash) { isNewFile = true; return; } diff --git a/www/common/userObject.js b/www/common/userObject.js index b44eefc23..ce6a3168d 100644 --- a/www/common/userObject.js +++ b/www/common/userObject.js @@ -320,6 +320,18 @@ define([ return result; }; + exp.getSFIdFromHref = function (href) { + var result; + getFiles([SHARED_FOLDERS]).some(function (id) { + if (files[SHARED_FOLDERS][id].href === href || + files[SHARED_FOLDERS][id].roHref === href) { + result = id; + return true; + } + }); + return result; + }; + // SEARCH var _findFileInRoot = function (path, file) { if (!isPathIn(path, [ROOT, TRASH])) { return []; } diff --git a/www/drive/inner.js b/www/drive/inner.js index 7b908536e..b8e8fe4d0 100644 --- a/www/drive/inner.js +++ b/www/drive/inner.js @@ -1763,8 +1763,8 @@ define([ h('h4', Messages.sharedFolders_create), h('label', {for: 'cp-app-drive-sf-name'}, Messages.sharedFolders_create_name), h('input#cp-app-drive-sf-name', {type: 'text', placeholder: Messages.fm_newFolder}), - //h('label', {for: 'cp-app-drive-sf-password'}, Messages.sharedFolders_create_password), - //UI.passwordInput({id: 'cp-app-drive-sf-password'}), + h('label', {for: 'cp-app-drive-sf-password'}, Messages.sharedFolders_create_password), + UI.passwordInput({id: 'cp-app-drive-sf-password'}), h('span', { style: 'display:flex;align-items:center;justify-content:space-between' }, [ @@ -1784,8 +1784,7 @@ define([ // Get the values var newName = $(content).find('#cp-app-drive-sf-name').val(); - //var password = $(content).find('#cp-app-drive-sf-password').val() || undefined; - var password; + var password = $(content).find('#cp-app-drive-sf-password').val() || undefined; var owned = $(content).find('#cp-app-drive-sf-owned').is(':checked'); cb({ @@ -3067,7 +3066,8 @@ define([ if (manager.isSharedFolder(el)) { delete data.roHref; - data.noPassword = true; + //data.noPassword = true; + data.noEditPassword = true; data.noExpiration = true; } diff --git a/www/drive/main.js b/www/drive/main.js index aff51b5ec..998a0b9fd 100644 --- a/www/drive/main.js +++ b/www/drive/main.js @@ -36,21 +36,13 @@ define([ }; window.addEventListener('message', onMsg); }).nThen(function (/*waitFor*/) { - var getSecrets = function (Cryptpad, Utils, cb) { + var afterSecrets = function (Cryptpad, Utils, secret, cb) { var hash = window.location.hash.slice(1); - var secret = Utils.Hash.getSecrets('drive', hash); if (hash && Utils.LocalStore.isLoggedIn()) { // Add a shared folder! - // TODO password? Cryptpad.addSharedFolder(secret, function (id) { window.CryptPad_newSharedFolder = id; - // Update the hash in the address bar - var ohc = window.onhashchange; - window.onhashchange = function () {}; - window.location.hash = ""; - window.onhashchange = ohc; - ohc({reset:true}); - cb(null, secret); + cb(); }); return; } else if (hash) { @@ -58,14 +50,11 @@ define([ window.CryptPad_newSharedFolder = id; var data = { href: Utils.Hash.getRelativeHref(window.location.href), + password: secret.password }; - Cryptpad.loadSharedFolder(id, data, function () { - cb(null, secret); - }); - return; + return void Cryptpad.loadSharedFolder(id, data, cb); } - // No password for drive - cb(null, secret); + cb(); }; var addRpc = function (sframeChan, Cryptpad, Utils) { sframeChan.on('EV_BURN_ANON_DRIVE', function () { @@ -123,7 +112,7 @@ define([ }); }; SFCommonO.start({ - getSecrets: getSecrets, + afterSecrets: afterSecrets, noHash: true, noRealtime: true, driveEvents: true,