From eb7f7aaa89c9c27f6d1750bec1dd999f534d14b4 Mon Sep 17 00:00:00 2001 From: yflory Date: Tue, 2 Mar 2021 17:47:05 +0100 Subject: [PATCH] Delete block when deleting account --- www/common/cryptpad-common.js | 119 +++++++++++++++++++++----------- www/common/outer/async-store.js | 6 +- www/settings/app-settings.less | 2 +- www/settings/inner.js | 103 +++++++++++++-------------- www/settings/main.js | 2 +- 5 files changed, 137 insertions(+), 95 deletions(-) diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js index e33c5f429..665464e16 100644 --- a/www/common/cryptpad-common.js +++ b/www/common/cryptpad-common.js @@ -232,17 +232,6 @@ define([ }; postMessage("MIGRATE_ANON_DRIVE", data, cb); }; - // Settings - common.deleteAccount = function (cb) { - postMessage("DELETE_ACCOUNT", null, function (obj) { - if (obj.state) { - Feedback.send('DELETE_ACCOUNT_AUTOMATIC'); - } else { - Feedback.send('DELETE_ACCOUNT_MANUAL'); - } - cb(obj); - }); - }; // Drive common.userObjectCommand = function (data, cb) { postMessage("DRIVE_USEROBJECT", data, cb); @@ -1674,30 +1663,16 @@ define([ }; - common.changeUserPassword = function (Crypt, edPublic, data, cb) { - if (!edPublic) { - return void cb({ - error: 'E_NOT_LOGGED_IN' - }); - } + var getBlockKeys = function (data, cb) { var accountName = LocalStore.getAccountName(); - var hash = LocalStore.getUserHash(); - if (!hash) { - return void cb({ - error: 'E_NOT_LOGGED_IN' - }); - } - - var password = data.password; // To remove your old block - var newPassword = data.newPassword; // To create your new block - var secret = Hash.getSecrets('drive', hash); - var newHash, newHref, newSecret, blockKeys; - var oldIsOwned = false; + var password = data.password; + var Cred, Block, Login; + var blockKeys; + var hash = LocalStore.getUserHash(); + if (!hash) { return void cb({ error: 'E_NOT_LOGGED_IN' }); } var blockHash = LocalStore.getBlockHash(); - var oldBlockKeys; - var Cred, Block, Login; Nthen(function (waitFor) { require([ '/common/common-credential.js', @@ -1710,30 +1685,92 @@ define([ })); }).nThen(function (waitFor) { // confirm that the provided password is correct - Cred.deriveFromPassphrase(accountName, password, Login.requiredBytes, waitFor(function (bytes) { + Cred.deriveFromPassphrase(accountName, password, Login.requiredBytes, + waitFor(function (bytes) { var allocated = Login.allocateBytes(bytes); - oldBlockKeys = allocated.blockKeys; + blockKeys = allocated.blockKeys; if (blockHash) { if (blockHash !== allocated.blockHash) { + // incorrect password console.log("provided password did not yield the correct blockHash"); - // incorrect password probably waitFor.abort(); - return void cb({ - error: 'INVALID_PASSWORD', - }); + return void cb({ error: 'INVALID_PASSWORD', }); } - // the user has already created a block, so you should compare against that } else { // otherwise they're a legacy user, and we should check against the User_hash if (hash !== allocated.userHash) { + // incorrect password console.log("provided password did not yield the correct userHash"); waitFor.abort(); - return void cb({ - error: 'INVALID_PASSWORD', - }); + return void cb({ error: 'INVALID_PASSWORD', }); } } })); + }).nThen(function () { + cb({ + Cred: Cred, + Block: Block, + Login: Login, + blockKeys: blockKeys + }); + }); + }; + common.deleteAccount = function (data, cb) { + data = data || {}; + + // Confirm that the provided password is corrct and get the block keys + getBlockKeys(data, function (obj) { + if (obj && obj.error) { return void cb(obj); } + var blockKeys = obj.blockKeys; + var removeData = obj.Block.remove(blockKeys); + + postMessage("DELETE_ACCOUNT", { + removeData: removeData + }, function (obj) { + if (obj.state) { + Feedback.send('DELETE_ACCOUNT_AUTOMATIC'); + } else { + Feedback.send('DELETE_ACCOUNT_MANUAL'); + } + cb(obj); + }); + }); + }; + common.changeUserPassword = function (Crypt, edPublic, data, cb) { + if (!edPublic) { + return void cb({ + error: 'E_NOT_LOGGED_IN' + }); + } + var accountName = LocalStore.getAccountName(); + var hash = LocalStore.getUserHash(); + if (!hash) { + return void cb({ + error: 'E_NOT_LOGGED_IN' + }); + } + + var password = data.password; // To remove your old block + var newPassword = data.newPassword; // To create your new block + var secret = Hash.getSecrets('drive', hash); + var newHash, newHref, newSecret, blockKeys; + var oldIsOwned = false; + + var blockHash = LocalStore.getBlockHash(); + var oldBlockKeys; + + var Cred, Block, Login; + Nthen(function (waitFor) { + getBlockKeys(data, waitFor(function (obj) { + if (obj && obj.error) { + waitFor.abort(); + return void cb(obj); + } + oldBlockKeys = obj.blockKeys; + Cred = obj.Cred; + Login = obj.Login; + Block = obj.Block; + })); }).nThen(function (waitFor) { // Check if our drive is already owned console.log("checking if old drive is owned"); diff --git a/www/common/outer/async-store.js b/www/common/outer/async-store.js index 63a7fc352..553a72225 100644 --- a/www/common/outer/async-store.js +++ b/www/common/outer/async-store.js @@ -741,6 +741,7 @@ define([ Store.deleteAccount = function (clientId, data, cb) { var edPublic = store.proxy.edPublic; + var removeData = data && data.removeData; Store.anonRpcMsg(clientId, { msg: 'GET_METADATA', data: store.driveChannel @@ -769,8 +770,11 @@ define([ channel: store.driveChannel, force: true }, waitFor()); + }).nThen(function (waitFor) { + if (!removeData) { return; } + // Delete the block. Don't abort if it fails, it doesn't leak any data. + store.rpc.removeLoginBlock(removeData, waitFor()); }).nThen(function () { - // TODO delete block // Log out current worker postMessage(clientId, "DELETE_ACCOUNT", token, function () {}); store.network.disconnect(); diff --git a/www/settings/app-settings.less b/www/settings/app-settings.less index a789ad3e4..3d4577e99 100644 --- a/www/settings/app-settings.less +++ b/www/settings/app-settings.less @@ -85,7 +85,7 @@ } } - .cp-settings-change-password, .cp-settings-own-drive { + .cp-settings-change-password, .cp-settings-own-drive, .cp-settings-delete { [type="password"], [type="text"] { width: @sidebar_button-width; flex: unset; diff --git a/www/settings/inner.js b/www/settings/inner.js index 8feef06e4..0139ab2b4 100644 --- a/www/settings/inner.js +++ b/www/settings/inner.js @@ -469,63 +469,64 @@ define([ }); }, true); - create['delete'] = function() { - if (!common.isLoggedIn()) { return; } - var $div = $('
', { 'class': 'cp-settings-delete cp-sidebarlayout-element' }); - - $('', { 'class': 'label' }).text(Messages.settings_deleteTitle).appendTo($div); - - $('', { 'class': 'cp-sidebarlayout-description' }) - .append(Messages.settings_deleteHint).appendTo($div); - - var $ok = $('', { 'class': 'fa fa-check', title: Messages.saved }); - var $spinner = $('', { 'class': 'fa fa-spinner fa-pulse' }); + makeBlock('delete', function(cb) { // Msg.settings_deleteHint, .settings_deleteTitle + if (!common.isLoggedIn()) { return cb(false); } - var $button = $('