From da0bb6f95b7de4263ce1d4cb9a9207436f1b41e0 Mon Sep 17 00:00:00 2001 From: yflory Date: Tue, 23 Jun 2020 13:27:31 +0200 Subject: [PATCH] Fix 'change user password' overriding existing data --- www/common/cryptpad-common.js | 20 ++++++++++++++++++++ www/settings/inner.js | 1 + 2 files changed, 21 insertions(+) diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js index 19faf940b..6b09656a0 100644 --- a/www/common/cryptpad-common.js +++ b/www/common/cryptpad-common.js @@ -1604,6 +1604,26 @@ define([ var allocated = Login.allocateBytes(bytes); blockKeys = allocated.blockKeys; })); + }).nThen(function (waitFor) { + var blockUrl = Block.getBlockUrl(blockKeys); + // Check whether there is a block at that location + Util.fetch(blockUrl, waitFor(function (err, block) { + // If there is no block or the block is invalid, continue. + if (err) { + console.log("no block found"); + return; + } + + var decryptedBlock = Block.decrypt(block, blockKeys); + if (!decryptedBlock) { + console.error("Found a login block but failed to decrypt"); + return; + } + + // If there is already a valid block, abort! We risk overriding another user's data + waitFor.abort(); + cb({ error: 'EEXISTS' }); + })); }).nThen(function (waitFor) { // Write the new login block var temp = { diff --git a/www/settings/inner.js b/www/settings/inner.js index f66e1d002..67f35efc3 100644 --- a/www/settings/inner.js +++ b/www/settings/inner.js @@ -488,6 +488,7 @@ define([ UI.removeLoadingScreen(); if (obj && obj.error) { // TODO + // XXX EEXISTS error message? UI.alert(Messages.settings_changePasswordError); } });