Fix Destroy and change password when pad not stored

4 years ago · c6b8b11dc3
parent c168393c21
commit c6b8b11dc3
6 changed files with 37 additions and 9 deletions
--- a/www/common/cryptpad-common.js
+++ b/www/common/cryptpad-common.js
@ -1095,6 +1095,7 @@ define([

    common.changePadPassword = function (Crypt, Crypto, data, cb) {
        var href = data.href;
+        var oldPassword = data.oldPassword;
        var newPassword = data.password;
        var teamId = data.teamId;
        if (!href) { return void cb({ error: 'EINVAL_HREF' }); }
@ -1123,7 +1124,9 @@ define([

        var isSharedFolder = parsed.type === 'drive';

-        var optsGet = {};
+        var optsGet = {
+            password: oldPassword
+        };
        var optsPut = {
            password: newPassword,
            metadata: {},
@ -1133,7 +1136,7 @@ define([
        var cryptgetVal;

        Nthen(function (waitFor) {
-            if (parsed.hashData && parsed.hashData.password) {
+            if (parsed.hashData && parsed.hashData.password && !oldPassword) {
                common.getPadAttribute('password', waitFor(function (err, password) {
                    optsGet.password = password;
                }), href);
@ -1418,6 +1421,7 @@ define([
    common.changeOOPassword = function (data, _cb) {
        var cb = Util.once(Util.mkAsync(_cb));
        var href = data.href;
+        var oldPassword = data.oldPassword;
        var newPassword = data.password;
        var teamId = data.teamId;
        if (!href) { return void cb({ error: 'EINVAL_HREF' }); }
@ -1452,12 +1456,16 @@ define([
                validateKey: newSecret.keys.validateKey
            },
        };
-        var optsGet = {};
+        var optsGet = {
+            password: oldPassword
+        };

        Nthen(function (waitFor) {
            common.getPadAttribute('', waitFor(function (err, _data) {
                padData = _data;
-                optsGet.password = padData.password;
+                if (!oldPassword) {
+                    optsGet.password = padData.password;
+                }
            }), href);
            common.getAccessKeys(waitFor(function (keys) {
                optsGet.accessKeys = keys;
--- a/www/common/inner/access.js
+++ b/www/common/inner/access.js
@ -888,9 +888,16 @@ define([
                            });
                        }

+                        var href = data.href;
+                        var hashes = priv.hashes || {};
+                        var bestHash = hashes.editHash || hashes.viewHash || hashes.fileHash;
+                        if (data.fakeHref) {
+                            href = Hash.hashToHref(bestHash, priv.app);
+                        }
                        sframeChan.query(q, {
                            teamId: typeof(owned) !== "boolean" ? owned : undefined,
-                            href: data.href,
+                            href: href,
+                            oldPassword: priv.password,
                            password: newPass
                        }, function (err, data) {
                            $(passwordOk).text(Messages.properties_changePasswordButton);
@ -956,7 +963,7 @@ define([
                    spinner.spin();
                    sframeChan.query('Q_DELETE_OWNED', {
                        teamId: typeof(owned) !== "boolean" ? owned : undefined,
-                        channel: data.channel
+                        channel: data.channel || priv.channel
                    }, function (err, obj) {
                        spinner.done();
                        UI.findCancelButton().click();
--- a/www/common/outer/async-store.js
+++ b/www/common/outer/async-store.js
@ -331,6 +331,8 @@ define([
                teamId = data.teamId;
            }

+            // XXX CLEAR CACHE
+
            if (channel === store.driveChannel && !force) {
                return void cb({error: 'User drive removal blocked!'});
            }
--- a/www/common/proxy-manager.js
+++ b/www/common/proxy-manager.js
@ -868,7 +868,6 @@ define([
                    if (fId && Env.folders[fId] && Env.folders[fId].deleting) {
                        delete Env.folders[fId].deleting;
                    }
-                    console.error(obj.error, chan);
                    Feedback.send('ERROR_DELETING_OWNED_PAD=' + chan + '|' + obj.error, true);
                    return void cb();
                }
@ -881,6 +880,11 @@ define([
                    ids.push(fId);
                }

+                if (!ids.length) {
+                    toDelete = undefined;
+                    return void cb();
+                }
+
                ids.forEach(function (id) {
                    var paths = findFile(Env, id);
                    var _resolved = _resolvePaths(Env, paths);
@ -912,8 +916,13 @@ define([
                });
            });
        }).nThen(function () {
-            // Remove deleted pads from the drive
-            _delete(Env, { resolved: toDelete }, cb);
+            if (!toDelete) {
+                // Nothing to delete
+                cb();
+            } else {
+                // Remove deleted pads from the drive
+                _delete(Env, { resolved: toDelete }, cb);
+            }
            // If we were using the access modal, send a refresh command
            if (data.channel) {
                Env.Store.refreshDriveUI();
--- a/www/common/sframe-common-outer.js
+++ b/www/common/sframe-common-outer.js
@ -1407,6 +1407,7 @@ define([
                    };
                    config.data = {
                        app: parsed.type,
+                        channel: secret.channel,
                        hashes: hashes,
                        password: password,
                        isTemplate: isTemplate,
--- a/www/secureiframe/main.js
+++ b/www/secureiframe/main.js
@ -101,6 +101,7 @@ define([
                            origin: window.location.origin,
                            pathname: window.location.pathname,
                            feedbackAllowed: Utils.Feedback.state,
+                            channel: config.data.channel,
                            hashes: config.data.hashes,
                            password: config.data.password,
                            propChannels: config.data.getPropChannels(),