dnrops
/
cryptpad
mirror of https://github.com/xwiki-labs/cryptpad
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't return channel in parsePadUrl

This commit is contained in:
yflory 2018-04-27 17:23:23 +02:00
parent 43d046406f
commit 64c85fe548
24 changed files with 135 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
customize.dist/translations/messages.fr.js
View File

@ -1081,6 +1081,7 @@ define(function () {
out.creation_expireMonths = "Mois"; out.creation_expireMonths = "Mois";
out.creation_expire1 = "Un pad <b>illimité</b> ne sera pas supprimé du serveur à moins que son propriétaire ne le décide."; out.creation_expire1 = "Un pad <b>illimité</b> ne sera pas supprimé du serveur à moins que son propriétaire ne le décide.";
out.creation_expire2 = "Un pad <b>à durée de vie</b> sera supprimé automatiquement du serveur et du CryptDrive des utilisateurs lorsque cette durée sera dépassée."; out.creation_expire2 = "Un pad <b>à durée de vie</b> sera supprimé automatiquement du serveur et du CryptDrive des utilisateurs lorsque cette durée sera dépassée.";
out.creation_password = "Ajouter un mot de passe";
out.creation_noTemplate = "Pas de modèle"; out.creation_noTemplate = "Pas de modèle";
out.creation_newTemplate = "Nouveau modèle"; out.creation_newTemplate = "Nouveau modèle";
out.creation_create = "Créer"; out.creation_create = "Créer";

1
customize.dist/translations/messages.js
View File

@ -1127,6 +1127,7 @@ define(function () {
out.creation_expireMonths = "Month(s)"; out.creation_expireMonths = "Month(s)";
out.creation_expire1 = "An <b>unlimited</b> pad will not be removed from the server until its owner deletes it."; out.creation_expire1 = "An <b>unlimited</b> pad will not be removed from the server until its owner deletes it.";
out.creation_expire2 = "An <b>expiring</b> pad has a set lifetime, after which it will be automatically removed from the server and other users' CryptDrives."; out.creation_expire2 = "An <b>expiring</b> pad has a set lifetime, after which it will be automatically removed from the server and other users' CryptDrives.";
out.creation_password = "Add a password";
out.creation_noTemplate = "No template"; out.creation_noTemplate = "No template";
out.creation_newTemplate = "New template"; out.creation_newTemplate = "New template";
out.creation_create = "Create"; out.creation_create = "Create";

39
www/assert/main.js
View File

@ -225,26 +225,29 @@ define([
// test support for V2 // test support for V2
assert(function (cb) { assert(function (cb) {
var secret = Hash.parsePadUrl('/pad/#/2/pad/edit/oRE0oLCtEXusRDyin7GyLGcS/'); var parsed = Hash.parsePadUrl('/pad/#/2/pad/edit/oRE0oLCtEXusRDyin7GyLGcS/');
return cb(secret.hashData.version === 2 && var secret = Hash.getSecrets('pad', '/2/pad/edit/oRE0oLCtEXusRDyin7GyLGcS/');
secret.hashData.mode === "edit" && return cb(parsed.hashData.version === 2 &&
secret.hashData.type === "pad" && parsed.hashData.mode === "edit" &&
secret.hashData.channel === "2NUbSuqGPz8FD0f4rSYXUw" && parsed.hashData.type === "pad" &&
secret.hashData.key === "oRE0oLCtEXusRDyin7GyLGcS" && parsed.hashData.key === "oRE0oLCtEXusRDyin7GyLGcS" &&
window.nacl.util.encodeBase64(secret.hashData.cryptKey) === "0Ts1M6VVEozErV2Nx/LTv6Im5SCD7io2LlhasyyBPQo=" && secret.channel === "d8d51b4aea863f3f050f47f8ad261753" &&
secret.hashData.validateKey === "f5A1FM9Gp55tnOcM75RyHD1oxBG9ZPh9WDA7qe2Fvps=" && window.nacl.util.encodeBase64(secret.keys.cryptKey) === "0Ts1M6VVEozErV2Nx/LTv6Im5SCD7io2LlhasyyBPQo=" &&
!secret.hashData.present); secret.keys.validateKey === "f5A1FM9Gp55tnOcM75RyHD1oxBG9ZPh9WDA7qe2Fvps=" &&
!parsed.hashData.present);
}, "test support for version 2 hash failed to parse"); }, "test support for version 2 hash failed to parse");
assert(function (cb) { assert(function (cb) {
var secret = Hash.parsePadUrl('/pad/#/2/pad/edit/HGu0tK2od-2BBnwAz2ZNS-t4/p/embed', 'pewpew'); var parsed = Hash.parsePadUrl('/pad/#/2/pad/edit/HGu0tK2od-2BBnwAz2ZNS-t4/p/embed');
return cb(secret.hashData.version === 2 && var secret = Hash.getSecrets('pad', '/2/pad/edit/HGu0tK2od-2BBnwAz2ZNS-t4/p/embed', 'pewpew');
secret.hashData.mode === "edit" && return cb(parsed.hashData.version === 2 &&
secret.hashData.type === "pad" && parsed.hashData.mode === "edit" &&
secret.hashData.channel === "P7bck4B9kDr-OQtfeYySyQ" && parsed.hashData.type === "pad" &&
secret.hashData.key === "HGu0tK2od-2BBnwAz2ZNS-t4" && parsed.hashData.key === "HGu0tK2od-2BBnwAz2ZNS-t4" &&
window.nacl.util.encodeBase64(secret.hashData.cryptKey) === "EeCkGJra8eJgVu7v4Yl2Hc3yUjrgpKpxr0Lcc3bSWVs=" && secret.channel === "3fb6dc93807d903aff390b5f798c92c9" &&
secret.hashData.validateKey === "WGkBczJf2V6vQZfAScz8V1KY6jKdoxUCckrD+E75gGE=" && window.nacl.util.encodeBase64(secret.keys.cryptKey) === "EeCkGJra8eJgVu7v4Yl2Hc3yUjrgpKpxr0Lcc3bSWVs=" &&
secret.hashData.embed); secret.keys.validateKey === "WGkBczJf2V6vQZfAScz8V1KY6jKdoxUCckrD+E75gGE=" &&
parsed.hashData.embed &&
parsed.hashData.password);
}, "test support for password in version 2 hash failed to parse"); }, "test support for password in version 2 hash failed to parse");
assert(function (cb) { assert(function (cb) {

104
www/common/common-hash.js
View File

@ -96,7 +96,6 @@ define([
Hash.createRandomHash = function (type, password) { Hash.createRandomHash = function (type, password) {
var cryptor = Crypto.createEditCryptor2(void 0, void 0, password); var cryptor = Crypto.createEditCryptor2(void 0, void 0, password);
console.log(cryptor);
return getEditHashFromKeys({ return getEditHashFromKeys({
password: Boolean(password), password: Boolean(password),
version: 2, version: 2,
@ -112,7 +111,7 @@ Version 1
/code/#/1/edit/3Ujt4F2Sjnjbis6CoYWpoQ/usn4+9CqVja8Q7RZOGTfRgqI /code/#/1/edit/3Ujt4F2Sjnjbis6CoYWpoQ/usn4+9CqVja8Q7RZOGTfRgqI
*/ */
var parseTypeHash = Hash.parseTypeHash = function (type, hash, password) { var parseTypeHash = Hash.parseTypeHash = function (type, hash) {
if (!hash) { return; } if (!hash) { return; }
var parsed = {}; var parsed = {};
var hashArr = fixDuplicateSlashes(hash).split('/'); var hashArr = fixDuplicateSlashes(hash).split('/');
@ -123,6 +122,7 @@ Version 1
parsed.channel = hash.slice(0, 32); parsed.channel = hash.slice(0, 32);
parsed.key = hash.slice(32, 56); parsed.key = hash.slice(32, 56);
parsed.version = 0; parsed.version = 0;
parsed.getHash = function () { return hash; };
return parsed; return parsed;
} }
var options; var options;
@ -135,6 +135,13 @@ Version 1
options = hashArr.slice(5); options = hashArr.slice(5);
parsed.present = options.indexOf('present') !== -1; parsed.present = options.indexOf('present') !== -1;
parsed.embed = options.indexOf('embed') !== -1; parsed.embed = options.indexOf('embed') !== -1;
parsed.getHash = function (opts) {
var hash = hashArr.slice(0, 5).join('/') + '/';
if (opts.embed) { hash += 'embed/'; }
if (opts.present) { hash += 'present/'; }
return hash;
};
return parsed; return parsed;
} }
if (hashArr[1] && hashArr[1] === '2') { // Version 2 if (hashArr[1] && hashArr[1] === '2') { // Version 2
@ -143,24 +150,23 @@ Version 1
parsed.mode = hashArr[3]; parsed.mode = hashArr[3];
parsed.key = hashArr[4]; parsed.key = hashArr[4];
var cryptor;
if (parsed.mode === "edit") {
cryptor = Crypto.createEditCryptor2(parsed.key, void 0, password);
} else if (parsed.mode === "view") {
cryptor = Crypto.createViewCryptor2(parsed.key, password);
}
parsed.channel = cryptor.chanId;
parsed.cryptKey = cryptor.cryptKey;
parsed.validateKey = cryptor.validateKey;
options = hashArr.slice(5); options = hashArr.slice(5);
parsed.password = options.indexOf('p') !== -1; parsed.password = options.indexOf('p') !== -1;
parsed.present = options.indexOf('present') !== -1; parsed.present = options.indexOf('present') !== -1;
parsed.embed = options.indexOf('embed') !== -1; parsed.embed = options.indexOf('embed') !== -1;
parsed.getHash = function (opts) {
var hash = hashArr.slice(0, 5).join('/') + '/';
if (parsed.password) { hash += 'p/'; }
if (opts.embed) { hash += 'embed/'; }
if (opts.present) { hash += 'present/'; }
return hash;
};
return parsed; return parsed;
} }
return parsed; return parsed;
} }
parsed.getHash = function () { return hashArr.join('/'); };
if (['media', 'file'].indexOf(type) !== -1) { if (['media', 'file'].indexOf(type) !== -1) {
parsed.type = 'file'; parsed.type = 'file';
if (hashArr[1] && hashArr[1] === '1') { if (hashArr[1] && hashArr[1] === '1') {
@ -193,7 +199,7 @@ Version 1
} }
return; return;
}; };
var parsePadUrl = Hash.parsePadUrl = function (href, password) { var parsePadUrl = Hash.parsePadUrl = function (href) {
var patt = /^https*:\/\/([^\/]*)\/(.*?)\//i; var patt = /^https*:\/\/([^\/]*)\/(.*?)\//i;
var ret = {}; var ret = {};
@ -212,31 +218,8 @@ Version 1
if (!ret.hashData) { return url; } if (!ret.hashData) { return url; }
if (ret.hashData.type !== 'pad') { return url + '#' + ret.hash; } if (ret.hashData.type !== 'pad') { return url + '#' + ret.hash; }
if (ret.hashData.version === 0) { return url + '#' + ret.hash; } if (ret.hashData.version === 0) { return url + '#' + ret.hash; }
var hash; var hash = ret.hashData.getHash(options);
if (typeof (options.readOnly === "undefined") && ret.hashData.mode === "view") {
hash = getViewHashFromKeys({
version: ret.hashData.version,
type: ret.hashData.app,
channel: base64ToHex(ret.hashData.channel || ''),
password: ret.hashData.password,
keys: {
viewKeyStr: ret.hashData.key
}
});
} else {
hash = getEditHashFromKeys({
version: ret.hashData.version,
type: ret.hashData.app,
channel: base64ToHex(ret.hashData.channel || ''),
password: ret.hashData.password,
keys: {
editKeyStr: ret.hashData.key
}
});
}
url += '#' + hash; url += '#' + hash;
if (options.embed) { url += 'embed/'; }
if (options.present) { url += 'present/'; }
return url; return url;
}; };
@ -244,7 +227,7 @@ Version 1
idx = href.indexOf('/#'); idx = href.indexOf('/#');
ret.type = href.slice(1, idx); ret.type = href.slice(1, idx);
ret.hash = href.slice(idx + 2); ret.hash = href.slice(idx + 2);
ret.hashData = parseTypeHash(ret.type, ret.hash, password); ret.hashData = parseTypeHash(ret.type, ret.hash);
return ret; return ret;
} }
@ -254,15 +237,15 @@ Version 1
return ''; return '';
}); });
idx = href.indexOf('/#'); idx = href.indexOf('/#');
if (idx === -1) { return ret; }
ret.hash = href.slice(idx + 2); ret.hash = href.slice(idx + 2);
ret.hashData = parseTypeHash(ret.type, ret.hash, password); ret.hashData = parseTypeHash(ret.type, ret.hash);
return ret; return ret;
}; };
var getRelativeHref = Hash.getRelativeHref = function (href) { var getRelativeHref = Hash.getRelativeHref = function (href) {
if (!href) { return; } if (!href) { return; }
if (href.indexOf('#') === -1) { return; } if (href.indexOf('#') === -1) { return; }
// Password not needed to get the type or the hash
var parsed = parsePadUrl(href); var parsed = parsePadUrl(href);
return '/' + parsed.type + '/#' + parsed.hash; return '/' + parsed.type + '/#' + parsed.hash;
}; };
@ -288,11 +271,9 @@ Version 1
var hash; var hash;
if (secretHash) { if (secretHash) {
if (!type) { throw new Error("getSecrets with a hash requires a type parameter"); } if (!type) { throw new Error("getSecrets with a hash requires a type parameter"); }
// Password not needed here, we only use the hash key
parsed = parseTypeHash(type, secretHash); parsed = parseTypeHash(type, secretHash);
hash = secretHash; hash = secretHash;
} else { } else {
// Password not needed here, we only use the hash key
var pHref = parsePadUrl(window.location.href); var pHref = parsePadUrl(window.location.href);
parsed = pHref.hashData; parsed = pHref.hashData;
hash = pHref.hash; hash = pHref.hash;
@ -390,16 +371,17 @@ Version 1
}; };
// STORAGE // STORAGE
Hash.findWeaker = function (href, recents, password) { Hash.findWeaker = function (href, channel, recents) {
var rHref = href || getRelativeHref(window.location.href); var parsed = parsePadUrl(href);
var parsed = parsePadUrl(rHref, password);
if (!parsed.hash) { return false; } if (!parsed.hash) { return false; }
var weaker; var weaker;
Object.keys(recents).some(function (id) { Object.keys(recents).some(function (id) {
var pad = recents[id]; var pad = recents[id];
var p = parsePadUrl(pad.href, pad.password); var p = parsePadUrl(pad.href);
if (p.type !== parsed.type) { return; } // Not the same type if (p.type !== parsed.type) { return; } // Not the same type
if (p.hash === parsed.hash) { return; } // Same hash, not stronger if (p.hash === parsed.hash) { return; } // Same hash, not stronger
if (channel !== pad.channel) { return; } // Not the same channel
var pHash = p.hashData; var pHash = p.hashData;
var parsedHash = parsed.hashData; var parsedHash = parsed.hashData;
if (!parsedHash || !pHash) { return; } if (!parsedHash || !pHash) { return; }
@ -408,7 +390,6 @@ Version 1
if (pHash.type !== 'pad' && parsedHash.type !== 'pad') { return; } if (pHash.type !== 'pad' && parsedHash.type !== 'pad') { return; }
if (pHash.version !== parsedHash.version) { return; } if (pHash.version !== parsedHash.version) { return; }
if (pHash.channel !== parsedHash.channel) { return; }
if (pHash.mode === 'view' && parsedHash.mode === 'edit') { if (pHash.mode === 'view' && parsedHash.mode === 'edit') {
weaker = pad; weaker = pad;
return true; return true;
@ -417,18 +398,19 @@ Version 1
}); });
return weaker; return weaker;
}; };
Hash.findStronger = function (href, recents, password) { Hash.findStronger = function (href, channel, recents) {
var rHref = href || getRelativeHref(window.location.href); var parsed = parsePadUrl(href);
var parsed = parsePadUrl(rHref, password);
if (!parsed.hash) { return false; } if (!parsed.hash) { return false; }
// We can't have a stronger hash if we're already in edit mode // We can't have a stronger hash if we're already in edit mode
if (parsed.hashData && parsed.hashData.mode === 'edit') { return; } if (parsed.hashData && parsed.hashData.mode === 'edit') { return; }
var stronger; var stronger;
Object.keys(recents).some(function (id) { Object.keys(recents).some(function (id) {
var pad = recents[id]; var pad = recents[id];
var p = parsePadUrl(pad.href, pad.password); var p = parsePadUrl(pad.href);
if (p.type !== parsed.type) { return; } // Not the same type if (p.type !== parsed.type) { return; } // Not the same type
if (p.hash === parsed.hash) { return; } // Same hash, not stronger if (p.hash === parsed.hash) { return; } // Same hash, not stronger
if (channel !== pad.channel) { return; } // Not the same channel
var pHash = p.hashData; var pHash = p.hashData;
var parsedHash = parsed.hashData; var parsedHash = parsed.hashData;
if (!parsedHash || !pHash) { return; } if (!parsedHash || !pHash) { return; }
@ -437,7 +419,6 @@ Version 1
if (pHash.type !== 'pad' && parsedHash.type !== 'pad') { return; } if (pHash.type !== 'pad' && parsedHash.type !== 'pad') { return; }
if (pHash.version !== parsedHash.version) { return; } if (pHash.version !== parsedHash.version) { return; }
if (pHash.channel !== parsedHash.channel) { return; }
if (pHash.mode === 'edit' && parsedHash.mode === 'view') { if (pHash.mode === 'edit' && parsedHash.mode === 'view') {
stronger = pad; stronger = pad;
return true; return true;
@ -448,23 +429,10 @@ Version 1
}; };
Hash.hrefToHexChannelId = function (href, password) { Hash.hrefToHexChannelId = function (href, password) {
var parsed = Hash.parsePadUrl(href, password); var parsed = Hash.parsePadUrl(href);
if (!parsed || !parsed.hash) { return; } if (!parsed || !parsed.hash) { return; }
var secret = Hash.getSecrets(parsed.type, parsed.hash, password);
parsed = parsed.hashData; return secret.channel;
if (parsed.version === 0) {
return parsed.channel;
} else if (!parsed.version) {
console.error("parsed href had no version");
console.error(parsed);
return;
}
var channel = parsed.channel;
if (!channel) { return; }
var hex = base64ToHex(channel);
return hex;
}; };
Hash.getBlobPathFromHex = function (id) { Hash.getBlobPathFromHex = function (id) {

1
www/common/common-interface.js
View File

@ -629,7 +629,6 @@ define([
var type = data.type; var type = data.type;
if (!href && !type) { return $icon; } if (!href && !type) { return $icon; }
// Password not needed to get the type
if (!type) { type = Hash.parsePadUrl(href).type; } if (!type) { type = Hash.parsePadUrl(href).type; }
$icon = UI.getIcon(type); $icon = UI.getIcon(type);

6
www/common/common-messaging.js
View File

@ -99,7 +99,7 @@ define([
try { try {
var parsed = Hash.parsePadUrl(window.location.href); var parsed = Hash.parsePadUrl(window.location.href);
if (!parsed.hashData) { return; } if (!parsed.hashData) { return; }
var chan = parsed.hashData.channel; var chan = Hash.hrefToHexChannelId(data.href);
// Decrypt // Decrypt
var keyStr = parsed.hashData.key; var keyStr = parsed.hashData.key;
var cryptor = Crypto.createEditCryptor(keyStr); var cryptor = Crypto.createEditCryptor(keyStr);
@ -113,7 +113,7 @@ define([
if (!decryptMsg) { return; } if (!decryptMsg) { return; }
// Parse // Parse
msg = JSON.parse(decryptMsg); msg = JSON.parse(decryptMsg);
if (msg[1] !== parsed.hashData.channel) { return; } if (msg[1] !== chan) { return; }
var msgData = msg[2]; var msgData = msg[2];
var msgStr; var msgStr;
if (msg[0] === "FRIEND_REQ") { if (msg[0] === "FRIEND_REQ") {
@ -199,7 +199,7 @@ define([
var parsed = Hash.parsePadUrl(data.href); var parsed = Hash.parsePadUrl(data.href);
if (!parsed.hashData) { return; } if (!parsed.hashData) { return; }
// Message // Message
var chan = parsed.hashData.channel; var chan = Hash.hrefToHexChannelId(data.href);
var myData = createData(cfg.proxy); var myData = createData(cfg.proxy);
var msg = ["FRIEND_REQ", chan, myData]; var msg = ["FRIEND_REQ", chan, myData];
// Encryption // Encryption

20
www/common/common-thumbnail.js
View File

@ -205,7 +205,7 @@ define([
if (content === oldThumbnailState) { return; } if (content === oldThumbnailState) { return; }
oldThumbnailState = content; oldThumbnailState = content;
Thumb.fromDOM(opts, function (err, b64) { Thumb.fromDOM(opts, function (err, b64) {
Thumb.setPadThumbnail(common, opts.href, b64); Thumb.setPadThumbnail(common, opts.href, null, b64);
}); });
}; };
var nafa = Util.notAgainForAnother(mkThumbnail, Thumb.UPDATE_INTERVAL); var nafa = Util.notAgainForAnother(mkThumbnail, Thumb.UPDATE_INTERVAL);
@ -240,20 +240,22 @@ define([
Thumb.addThumbnail = function(thumb, $span, cb) { Thumb.addThumbnail = function(thumb, $span, cb) {
return addThumbnail(null, thumb, $span, cb); return addThumbnail(null, thumb, $span, cb);
}; };
var getKey = function (href) { var getKey = function (type, channel) {
var parsed = Hash.parsePadUrl(href); return 'thumbnail-' + type + '-' + channel;
return 'thumbnail-' + parsed.type + '-' + parsed.hashData.channel;
}; };
Thumb.setPadThumbnail = function (common, href, b64, cb) { Thumb.setPadThumbnail = function (common, href, channel, b64, cb) {
cb = cb || function () {}; cb = cb || function () {};
var k = getKey(href); var parsed = Hash.parsePadUrl(href);
var channel = channel || common.getMetadataMgr().getPrivateData().channel;
var k = getKey(parsed.type, channel);
common.setThumbnail(k, b64, cb); common.setThumbnail(k, b64, cb);
}; };
Thumb.displayThumbnail = function (common, href, $container, cb) { Thumb.displayThumbnail = function (common, href, channel, $container, cb) {
cb = cb || function () {}; cb = cb || function () {};
var parsed = Hash.parsePadUrl(href); var parsed = Hash.parsePadUrl(href);
var k = getKey(href); var k = getKey(parsed.type, channel);
var whenNewThumb = function () { var whenNewThumb = function () {
// PASSWORD_FILES
var secret = Hash.getSecrets('file', parsed.hash); var secret = Hash.getSecrets('file', parsed.hash);
var hexFileName = Util.base64ToHex(secret.channel); var hexFileName = Util.base64ToHex(secret.channel);
var src = Hash.getBlobPathFromHex(hexFileName); var src = Hash.getBlobPathFromHex(hexFileName);
@ -270,7 +272,7 @@ define([
if (!v) { if (!v) {
v = 'EMPTY'; v = 'EMPTY';
} }
Thumb.setPadThumbnail(common, href, v, function (err) { Thumb.setPadThumbnail(common, href, hexFileName, v, function (err) {
if (!metadata.thumbnail) { return; } if (!metadata.thumbnail) { return; }
addThumbnail(err, metadata.thumbnail, $container, cb); addThumbnail(err, metadata.thumbnail, $container, cb);
}); });

18
www/common/common-ui-elements.js
View File

@ -67,7 +67,7 @@ define([
common.getPadAttribute('href', waitFor(function (err, val) { common.getPadAttribute('href', waitFor(function (err, val) {
var base = common.getMetadataMgr().getPrivateData().origin; var base = common.getMetadataMgr().getPrivateData().origin;
var parsed = Hash.parsePadUrl(val, data.password); var parsed = Hash.parsePadUrl(val);
if (parsed.hashData.mode === "view") { if (parsed.hashData.mode === "view") {
data.roHref = base + val; data.roHref = base + val;
return; return;
@ -75,6 +75,7 @@ define([
// We're not in a read-only pad // We're not in a read-only pad
data.href = base + val; data.href = base + val;
// Get Read-only href // Get Read-only href
if (parsed.hashData.type !== "pad") { return; } if (parsed.hashData.type !== "pad") { return; }
var i = data.href.indexOf('#') + 1; var i = data.href.indexOf('#') + 1;
@ -84,6 +85,9 @@ define([
var viewHash = Hash.getViewHashFromKeys(hrefsecret); var viewHash = Hash.getViewHashFromKeys(hrefsecret);
data.roHref = hBase + viewHash; data.roHref = hBase + viewHash;
})); }));
common.getPadAttribute('channel', waitFor(function (err, val) {
data.channel = val;
}));
common.getPadAttribute('atime', waitFor(function (err, val) { common.getPadAttribute('atime', waitFor(function (err, val) {
data.atime = val; data.atime = val;
})); }));
@ -180,7 +184,7 @@ define([
if (common.isLoggedIn() && AppConfig.enablePinning) { if (common.isLoggedIn() && AppConfig.enablePinning) {
// check the size of this file... // check the size of this file...
common.getFileSize(data.href, data.password, function (e, bytes) { common.getFileSize(data.channel, function (e, bytes) {
if (e) { if (e) {
// there was a problem with the RPC // there was a problem with the RPC
console.error(e); console.error(e);
@ -285,7 +289,6 @@ define([
var hash = (edit && hashes.editHash) ? hashes.editHash : hashes.viewHash; var hash = (edit && hashes.editHash) ? hashes.editHash : hashes.viewHash;
var href = origin + pathname + '#' + hash; var href = origin + pathname + '#' + hash;
// Password not needed here since we don't access hashData
var parsed = Hash.parsePadUrl(href); var parsed = Hash.parsePadUrl(href);
return origin + parsed.getUrl({embed: embed, present: present}); return origin + parsed.getUrl({embed: embed, present: present});
}; };
@ -323,7 +326,6 @@ define([
var getEmbedValue = function () { var getEmbedValue = function () {
var hash = hashes.viewHash || hashes.editHash; var hash = hashes.viewHash || hashes.editHash;
var href = origin + pathname + '#' + hash; var href = origin + pathname + '#' + hash;
// Password not needed here since we don't access hashData
var parsed = Hash.parsePadUrl(href); var parsed = Hash.parsePadUrl(href);
var url = origin + parsed.getUrl({embed: true, present: true}); var url = origin + parsed.getUrl({embed: true, present: true});
return '<iframe src="' + url + '"></iframe>'; return '<iframe src="' + url + '"></iframe>';
@ -1141,13 +1143,13 @@ define([
}; };
return; return;
} }
// No password for avatars
var secret = Hash.getSecrets('file', parsed.hash); var secret = Hash.getSecrets('file', parsed.hash);
if (secret.keys && secret.channel) { if (secret.keys && secret.channel) {
var cryptKey = secret.keys && secret.keys.fileKeyStr; var cryptKey = secret.keys && secret.keys.fileKeyStr;
var hexFileName = Util.base64ToHex(secret.channel); var hexFileName = Util.base64ToHex(secret.channel);
var src = Hash.getBlobPathFromHex(hexFileName); var src = Hash.getBlobPathFromHex(hexFileName);
// No password for avatars Common.getFileSize(hexFileName, function (e, data) {
Common.getFileSize(href, null, function (e, data) {
if (e) { if (e) {
displayDefault(); displayDefault();
return void console.error(e); return void console.error(e);
@ -1916,13 +1918,13 @@ define([
// Password // Password
var password = h('div.cp-creation-password', [ var password = h('div.cp-creation-password', [
UI.createCheckbox('cp-creation-password', 'TODO Add a password', false), //XXX UI.createCheckbox('cp-creation-password', Messages.creation_password, false),
h('span.cp-creation-password-picker.cp-creation-slider', [ h('span.cp-creation-password-picker.cp-creation-slider', [
h('input#cp-creation-password-val', { h('input#cp-creation-password-val', {
type: "text" // TODO type password with click to show type: "text" // TODO type password with click to show
}), }),
]), ]),
createHelper('#', "TODO: password protection adds another layer of security ........") // TODO //createHelper('#', "TODO: password protection adds another layer of security ........") // TODO
]); ]);
var right = h('span.fa.fa-chevron-right.cp-creation-template-more'); var right = h('span.fa.fa-chevron-right.cp-creation-template-more');

20
www/common/cryptpad-common.js
View File

@ -385,7 +385,6 @@ define([
if (!type) { return void cb(null, obj); } if (!type) { return void cb(null, obj); }
var templates = obj.filter(function (f) { var templates = obj.filter(function (f) {
// Password not needed here since we don't access hashData
var parsed = Hash.parsePadUrl(f.href); var parsed = Hash.parsePadUrl(f.href);
return parsed.type === type; return parsed.type === type;
}); });
@ -394,13 +393,12 @@ define([
}; };
common.saveAsTemplate = function (Cryptput, data, cb) { common.saveAsTemplate = function (Cryptput, data, cb) {
// Password not needed here since we don't access hashData
var p = Hash.parsePadUrl(window.location.href); var p = Hash.parsePadUrl(window.location.href);
if (!p.type) { return; } if (!p.type) { return; }
// XXX PPP // PPP: password for the new template?
var hash = Hash.createRandomHash(p.type); var hash = Hash.createRandomHash(p.type);
var href = '/' + p.type + '/#' + hash; var href = '/' + p.type + '/#' + hash;
// XXX PPP // PPP: add password as cryptput option
Cryptput(hash, data.toSave, function (e) { Cryptput(hash, data.toSave, function (e) {
if (e) { throw new Error(e); } if (e) { throw new Error(e); }
postMessage("ADD_PAD", { postMessage("ADD_PAD", {
@ -427,8 +425,6 @@ define([
// opts is used to overrides options for chainpad-netflux in cryptput // opts is used to overrides options for chainpad-netflux in cryptput
// it allows us to add owners and expiration time if it is a new file // it allows us to add owners and expiration time if it is a new file
// Password not needed here, we only need the hash and to know if
// we need to get the password
var parsed = Hash.parsePadUrl(href); var parsed = Hash.parsePadUrl(href);
var parsed2 = Hash.parsePadUrl(window.location.href); var parsed2 = Hash.parsePadUrl(window.location.href);
if(!parsed) { throw new Error("Cannot get template hash"); } if(!parsed) { throw new Error("Cannot get template hash"); }
@ -576,7 +572,6 @@ define([
hashes = Hash.getHashes(secret); hashes = Hash.getHashes(secret);
return void cb(null, hashes); return void cb(null, hashes);
} }
// Password not needed here since only want the type
var parsed = Hash.parsePadUrl(window.location.href); var parsed = Hash.parsePadUrl(window.location.href);
if (!parsed.type || !parsed.hashData) { return void cb('E_INVALID_HREF'); } if (!parsed.type || !parsed.hashData) { return void cb('E_INVALID_HREF'); }
if (parsed.type === 'file') { secret.channel = Util.base64ToHex(secret.channel); } if (parsed.type === 'file') { secret.channel = Util.base64ToHex(secret.channel); }
@ -832,17 +827,14 @@ define([
window.onhashchange = function (ev) { window.onhashchange = function (ev) {
if (ev && ev.reset) { oldHref = document.location.href; return; } if (ev && ev.reset) { oldHref = document.location.href; return; }
var newHref = document.location.href; var newHref = document.location.href;
// Password not needed here since we don't access hashData
// Compare the URLs without /embed and /present
var parsedOld = Hash.parsePadUrl(oldHref); var parsedOld = Hash.parsePadUrl(oldHref);
var parsedNew = Hash.parsePadUrl(newHref); var parsedNew = Hash.parsePadUrl(newHref);
if (parsedOld.hashData && parsedNew.hashData && if (parsedOld.hashData && parsedNew.hashData &&
parsedOld.getUrl() !== parsedNew.getUrl()) { parsedOld.getUrl() !== parsedNew.getUrl()) {
/*parseOld && parsedNew && ( if (!parsedOld.hashData.key) { oldHref = newHref; return; }
parsedOld.type !== parsedNew.type // If different, reload
|| parsedOld.channel !== parsedNew.channel
|| parsedOld.mode !== parsedNew.mode
|| parsedOld.key !== parsedNew.key)) {*/
if (!parsedOld.hashData.channel) { oldHref = newHref; return; }
document.location.reload(); document.location.reload();
return; return;
} }

4
www/common/mergeDrive.js
View File

@ -122,10 +122,10 @@ define([
// Do not migrate a pad if we already have it, it would create a duplicate in the drive // Do not migrate a pad if we already have it, it would create a duplicate in the drive
if (newHrefs.indexOf(href) !== -1) { return; } if (newHrefs.indexOf(href) !== -1) { return; }
// If we have a stronger version, do not add the current href // If we have a stronger version, do not add the current href
if (Hash.findStronger(href, newRecentPads, oldRecentPads[id].password)) { return; } if (Hash.findStronger(href, oldRecentPads[id].channel, newRecentPads)) { return; }
// If we have a weaker version, replace the href by the new one // If we have a weaker version, replace the href by the new one
// NOTE: if that weaker version is in the trash, the strong one will be put in unsorted // NOTE: if that weaker version is in the trash, the strong one will be put in unsorted
var weaker = Hash.findWeaker(href, newRecentPads, oldRecentPads[id].password); var weaker = Hash.findWeaker(href, oldRecentPads[id].channel, newRecentPads);
if (weaker) { if (weaker) {
// Update RECENTPADS // Update RECENTPADS
weaker.href = href; weaker.href = href;

45
www/common/outer/async-store.js
View File

@ -68,8 +68,9 @@ define([
var userHash = storeHash; var userHash = storeHash;
if (!userHash) { return null; } if (!userHash) { return null; }
var userParsedHash = Hash.parseTypeHash('drive', userHash); // No password for drive
var userChannel = userParsedHash && userParsedHash.channel; var secret = Hash.getSecrets('drive', userHash);
var userChannel = secret.channel;
if (!userChannel) { return null; } if (!userChannel) { return null; }
// Get the list of pads' channel ID in your drive // Get the list of pads' channel ID in your drive
@ -81,14 +82,13 @@ define([
var d = store.userObject.getFileData(id); var d = store.userObject.getFileData(id);
if (d.owners && d.owners.length && edPublic && if (d.owners && d.owners.length && edPublic &&
d.owners.indexOf(edPublic) === -1) { return; } d.owners.indexOf(edPublic) === -1) { return; }
return Hash.hrefToHexChannelId(d.href, d.password); return d.channel;
}) })
.filter(function (x) { return x; }); .filter(function (x) { return x; });
// Get the avatar // Get the avatar
var profile = store.proxy.profile; var profile = store.proxy.profile;
if (profile) { if (profile) {
// No password for profile or avatar
var profileChan = profile.edit ? Hash.hrefToHexChannelId('/profile/#' + profile.edit, null) : null; var profileChan = profile.edit ? Hash.hrefToHexChannelId('/profile/#' + profile.edit, null) : null;
if (profileChan) { list.push(profileChan); } if (profileChan) { list.push(profileChan); }
var avatarChan = profile.avatar ? Hash.hrefToHexChannelId(profile.avatar, null) : null; var avatarChan = profile.avatar ? Hash.hrefToHexChannelId(profile.avatar, null) : null;
@ -100,7 +100,7 @@ define([
list = list.concat(fList); list = list.concat(fList);
} }
list.push(Util.base64ToHex(userChannel)); list.push(userChannel);
list.sort(); list.sort();
return list; return list;
@ -116,7 +116,7 @@ define([
// because of the expiration time // because of the expiration time
if ((data.owners && data.owners.length && data.owners.indexOf(edPublic) === -1) || if ((data.owners && data.owners.length && data.owners.indexOf(edPublic) === -1) ||
(data.expire && data.expire < (+new Date()))) { (data.expire && data.expire < (+new Date()))) {
list.push(Hash.hrefToHexChannelId(data.href, data.password)); list.push(data.channel);
} }
}); });
return list; return list;
@ -404,7 +404,6 @@ define([
var makePad = function (href, title) { var makePad = function (href, title) {
var now = +new Date(); var now = +new Date();
// Password not needed here since we only need the type
return { return {
href: href, href: href,
atime: now, atime: now,
@ -419,6 +418,7 @@ define([
if (data.owners) { pad.owners = data.owners; } if (data.owners) { pad.owners = data.owners; }
if (data.expire) { pad.expire = data.expire; } if (data.expire) { pad.expire = data.expire; }
if (data.password) { pad.password = data.password; } if (data.password) { pad.password = data.password; }
if (data.channel) { pad.channel = data.channel; }
store.userObject.pushData(pad, function (e, id) { store.userObject.pushData(pad, function (e, id) {
if (e) { return void cb({error: "Error while adding a template:"+ e}); } if (e) { return void cb({error: "Error while adding a template:"+ e}); }
var path = data.path || ['root']; var path = data.path || ['root'];
@ -436,7 +436,7 @@ define([
// Push channels owned by someone else or channel that should have expired // Push channels owned by someone else or channel that should have expired
// because of the expiration time // because of the expiration time
if (data.owners && data.owners.length === 1 && data.owners.indexOf(edPublic) !== -1) { if (data.owners && data.owners.length === 1 && data.owners.indexOf(edPublic) !== -1) {
list.push(Hash.hrefToHexChannelId(data.href, data.password)); list.push(data.channel);
} }
}); });
if (store.proxy.todo) { if (store.proxy.todo) {
@ -444,7 +444,7 @@ define([
list.push(Hash.hrefToHexChannelId('/todo/#' + store.proxy.todo, null)); list.push(Hash.hrefToHexChannelId('/todo/#' + store.proxy.todo, null));
} }
if (store.proxy.profile && store.proxy.profile.edit) { if (store.proxy.profile && store.proxy.profile.edit) {
// No password for todo // No password for profile
list.push(Hash.hrefToHexChannelId('/profile/#' + store.proxy.profile.edit, null)); list.push(Hash.hrefToHexChannelId('/profile/#' + store.proxy.profile.edit, null));
} }
return list; return list;
@ -466,6 +466,7 @@ define([
Store.deleteAccount = function (data, cb) { Store.deleteAccount = function (data, cb) {
var edPublic = store.proxy.edPublic; var edPublic = store.proxy.edPublic;
// No password for drive
var secret = Hash.getSecrets('drive', storeHash); var secret = Hash.getSecrets('drive', storeHash);
Store.anonRpcMsg({ Store.anonRpcMsg({
msg: 'GET_METADATA', msg: 'GET_METADATA',
@ -535,19 +536,13 @@ define([
return void cb({ error: "Error while creating the default pad:"+ e}); return void cb({ error: "Error while creating the default pad:"+ e});
} }
var href = '/pad/#' + hash; var href = '/pad/#' + hash;
var channel = Hash.hrefToHexChannelId(href, null);
var fileData = { var fileData = {
href: href, href: href,
channel: channel,
title: data.driveReadmeTitle, title: data.driveReadmeTitle,
atime: +new Date(),
ctime: +new Date()
}; };
store.userObject.pushData(fileData, function (e, id) { addPad(fileData, cb);
if (e) {
return void cb({ error: "Error while creating the default pad:"+ e});
}
store.userObject.add(id);
onSync(cb);
});
}); });
}); });
}; };
@ -619,7 +614,6 @@ define([
}); });
}; };
Store.getPadAttribute = function (data, cb) { Store.getPadAttribute = function (data, cb) {
console.log(data.href, data.attr);
store.userObject.getPadAttribute(data.href, data.attr, function (err, val) { store.userObject.getPadAttribute(data.href, data.attr, function (err, val) {
if (err) { return void cb({error: err}); } if (err) { return void cb({error: err}); }
cb(val); cb(val);
@ -689,18 +683,18 @@ define([
var p = Hash.parsePadUrl(href); var p = Hash.parsePadUrl(href);
var h = p.hashData; var h = p.hashData;
console.log(channel, data);
if (AppConfig.disableAnonymousStore && !store.loggedIn) { return void cb(); } if (AppConfig.disableAnonymousStore && !store.loggedIn) { return void cb(); }
var owners; var owners;
if (Store.channel && Store.channel.wc && Util.base64ToHex(h.channel) === Store.channel.wc.id) { if (Store.channel && Store.channel.wc && channel === Store.channel.wc.id) {
owners = Store.channel.data.owners || undefined; owners = Store.channel.data.owners || undefined;
} }
var expire; var expire;
if (Store.channel && Store.channel.wc && Util.base64ToHex(h.channel) === Store.channel.wc.id) { if (Store.channel && Store.channel.wc && channel === Store.channel.wc.id) {
expire = +Store.channel.data.expire || undefined; expire = +Store.channel.data.expire || undefined;
} }
console.log(owners, expire);
var allPads = Util.find(store.proxy, ['drive', 'filesData']) || {}; var allPads = Util.find(store.proxy, ['drive', 'filesData']) || {};
var isStronger; var isStronger;
@ -795,7 +789,7 @@ define([
}; };
store.userObject.getFiles(where).forEach(function (id) { store.userObject.getFiles(where).forEach(function (id) {
var data = store.userObject.getFileData(id); var data = store.userObject.getFileData(id);
var parsed = Hash.parsePadUrl(data.href, data.password); var parsed = Hash.parsePadUrl(data.href);
if ((!types || types.length === 0 || types.indexOf(parsed.type) !== -1) && if ((!types || types.length === 0 || types.indexOf(parsed.type) !== -1) &&
hashes.indexOf(parsed.hash) === -1 && hashes.indexOf(parsed.hash) === -1 &&
!isFiltered(parsed.type, data)) { !isFiltered(parsed.type, data)) {
@ -840,9 +834,9 @@ define([
var allPads = Util.find(store.proxy, ['drive', 'filesData']) || {}; var allPads = Util.find(store.proxy, ['drive', 'filesData']) || {};
// If we have a stronger version in drive, add it and add a redirect button // If we have a stronger version in drive, add it and add a redirect button
var stronger = Hash.findStronger(data.href, allPads, data.password); var stronger = Hash.findStronger(data.href, data.channel, allPads);
if (stronger) { if (stronger) {
var parsed2 = Hash.parsePadUrl(stronger.href, stronger.password); var parsed2 = Hash.parsePadUrl(stronger.href);
return void cb(parsed2.hash); return void cb(parsed2.hash);
} }
cb(); cb();
@ -1135,6 +1129,7 @@ define([
if (!hash) { if (!hash) {
throw new Error('[Store.init] Unable to find or create a drive hash. Aborting...'); throw new Error('[Store.init] Unable to find or create a drive hash. Aborting...');
} }
// No password for drive
var secret = Hash.getSecrets('drive', hash); var secret = Hash.getSecrets('drive', hash);
var listmapConfig = { var listmapConfig = {
data: {}, data: {},

4
www/common/outer/userObject.js
View File

@ -75,7 +75,7 @@ define([
return void todo(); return void todo();
} }
if (!pinPads) { return; } if (!pinPads) { return; }
pinPads([Hash.hrefToHexChannelId(data.href, data.password)], function (obj) { pinPads([data.channel], function (obj) {
if (obj && obj.error) { return void cb(obj.error); } if (obj && obj.error) { return void cb(obj.error); }
todo(); todo();
}); });
@ -98,7 +98,7 @@ define([
exp.getFiles([FILES_DATA]).forEach(function (id) { exp.getFiles([FILES_DATA]).forEach(function (id) {
if (filesList.indexOf(id) === -1) { if (filesList.indexOf(id) === -1) {
var fd = exp.getFileData(id); var fd = exp.getFileData(id);
var channelId = fd && fd.href && Hash.hrefToHexChannelId(fd.href, fd.password); var channelId = fd.channel;
// If trying to remove an owned pad, remove it from server also // If trying to remove an owned pad, remove it from server also
if (!isOwnPadRemoved && if (!isOwnPadRemoved &&
fd.owners && fd.owners.indexOf(edPublic) !== -1 && channelId) { fd.owners && fd.owners.indexOf(edPublic) !== -1 && channelId) {

3
www/common/sframe-app-framework.js
View File

@ -315,8 +315,7 @@ define([
privateDat.availableHashes.viewHash; privateDat.availableHashes.viewHash;
var href = privateDat.pathname + '#' + hash; var href = privateDat.pathname + '#' + hash;
if (AppConfig.textAnalyzer && textContentGetter) { if (AppConfig.textAnalyzer && textContentGetter) {
var channelId = Hash.hrefToHexChannelId(href, privateDat.password); AppConfig.textAnalyzer(textContentGetter, privateDat.channel);
AppConfig.textAnalyzer(textContentGetter, channelId);
} }
if (options.thumbnail && privateDat.thumbnails) { if (options.thumbnail && privateDat.thumbnails) {

19
www/common/sframe-common-outer.js
View File

@ -115,6 +115,7 @@ define([
if (cfg.getSecrets) { if (cfg.getSecrets) {
var w = waitFor(); var w = waitFor();
// No password for drive, profile and todo
cfg.getSecrets(Cryptpad, Utils, waitFor(function (err, s) { cfg.getSecrets(Cryptpad, Utils, waitFor(function (err, s) {
secret = s; secret = s;
Cryptpad.getShareHashes(secret, function (err, h) { Cryptpad.getShareHashes(secret, function (err, h) {
@ -123,7 +124,6 @@ define([
}); });
})); }));
} else { } else {
// Password not needed here since we only want to know if we need a password
var parsed = Utils.Hash.parsePadUrl(window.location.href); var parsed = Utils.Hash.parsePadUrl(window.location.href);
var todo = function () { var todo = function () {
secret = Utils.Hash.getSecrets(parsed.type, void 0, password); secret = Utils.Hash.getSecrets(parsed.type, void 0, password);
@ -135,7 +135,6 @@ define([
var needPassword = parsed.hashData && parsed.hashData.password; var needPassword = parsed.hashData && parsed.hashData.password;
if (needPassword) { if (needPassword) {
Cryptpad.getPadAttribute('password', waitFor(function (err, val) { Cryptpad.getPadAttribute('password', waitFor(function (err, val) {
console.log(val);
if (val) { if (val) {
// We already know the password, use it! // We already know the password, use it!
password = val; password = val;
@ -185,7 +184,7 @@ define([
secret.keys = secret.key; secret.keys = secret.key;
readOnly = false; readOnly = false;
} }
var parsed = Utils.Hash.parsePadUrl(window.location.href, password); var parsed = Utils.Hash.parsePadUrl(window.location.href);
if (!parsed.type) { throw new Error(); } if (!parsed.type) { throw new Error(); }
var defaultTitle = Utils.Hash.getDefaultName(parsed); var defaultTitle = Utils.Hash.getDefaultName(parsed);
var edPublic; var edPublic;
@ -228,7 +227,8 @@ define([
isNewFile: isNewFile, isNewFile: isNewFile,
isDeleted: isNewFile && window.location.hash.length > 0, isDeleted: isNewFile && window.location.hash.length > 0,
forceCreationScreen: forceCreationScreen, forceCreationScreen: forceCreationScreen,
password: password password: password,
channel: secret.channel
}; };
for (var k in additionalPriv) { metaObj.priv[k] = additionalPriv[k]; } for (var k in additionalPriv) { metaObj.priv[k] = additionalPriv[k]; }
@ -424,12 +424,10 @@ define([
// Present mode URL // Present mode URL
sframeChan.on('Q_PRESENT_URL_GET_VALUE', function (data, cb) { sframeChan.on('Q_PRESENT_URL_GET_VALUE', function (data, cb) {
// Password not needed here since we only need something directly in the hash
var parsed = Utils.Hash.parsePadUrl(window.location.href); var parsed = Utils.Hash.parsePadUrl(window.location.href);
cb(parsed.hashData && parsed.hashData.present); cb(parsed.hashData && parsed.hashData.present);
}); });
sframeChan.on('EV_PRESENT_URL_SET_VALUE', function (data) { sframeChan.on('EV_PRESENT_URL_SET_VALUE', function (data) {
// Password not needed here
var parsed = Utils.Hash.parsePadUrl(window.location.href); var parsed = Utils.Hash.parsePadUrl(window.location.href);
window.location.href = parsed.getUrl({ window.location.href = parsed.getUrl({
embed: parsed.hashData.embed, embed: parsed.hashData.embed,
@ -521,10 +519,9 @@ define([
cb(templates.length > 0); cb(templates.length > 0);
}); });
}); });
var getKey = function (href) { var getKey = function (href, channel) {
// Password not needed here. We use the fake channel id for thumbnails at the moment
var parsed = Utils.Hash.parsePadUrl(href); var parsed = Utils.Hash.parsePadUrl(href);
return 'thumbnail-' + parsed.type + '-' + parsed.hashData.channel; return 'thumbnail-' + parsed.type + '-' + channel;
}; };
sframeChan.on('Q_CREATE_TEMPLATES', function (type, cb) { sframeChan.on('Q_CREATE_TEMPLATES', function (type, cb) {
Cryptpad.getSecureFilesList({ Cryptpad.getSecureFilesList({
@ -537,7 +534,7 @@ define([
var res = []; var res = [];
nThen(function (waitFor) { nThen(function (waitFor) {
Object.keys(data).map(function (el) { Object.keys(data).map(function (el) {
var k = getKey(data[el].href); var k = getKey(data[el].href, data[el].channel);
Utils.LocalStore.getThumbnail(k, waitFor(function (e, thumb) { Utils.LocalStore.getThumbnail(k, waitFor(function (e, thumb) {
res.push({ res.push({
id: el, id: el,
@ -732,7 +729,7 @@ define([
ohc({reset: true}); ohc({reset: true});
// Update metadata values and send new metadata inside // Update metadata values and send new metadata inside
parsed = Utils.Hash.parsePadUrl(window.location.href, password); parsed = Utils.Hash.parsePadUrl(window.location.href);
defaultTitle = Utils.Hash.getDefaultName(parsed); defaultTitle = Utils.Hash.getDefaultName(parsed);
hashes = Utils.Hash.getHashes(secret); hashes = Utils.Hash.getHashes(secret);
readOnly = false; readOnly = false;

3
www/common/sframe-common.js
View File

@ -127,8 +127,7 @@ define([
} }
return; return;
}; };
funcs.getFileSize = function (href, password, cb) { funcs.getFileSize = function (channelId, cb) {
var channelId = Hash.hrefToHexChannelId(href, password);
funcs.sendAnonRpcMsg("GET_FILE_SIZE", channelId, function (data) { funcs.sendAnonRpcMsg("GET_FILE_SIZE", channelId, function (data) {
if (!data) { return void cb("No response"); } if (!data) { return void cb("No response"); }
if (data.error) { return void cb(data.error); } if (data.error) { return void cb(data.error); }

2
www/common/toolbar3.js
View File

@ -578,7 +578,7 @@ define([
var o = pd.origin; var o = pd.origin;
var hashes = pd.availableHashes; var hashes = pd.availableHashes;
var url = pd.origin + pd.pathname + '#' + (hashes.editHash || hashes.viewHash); var url = pd.origin + pd.pathname + '#' + (hashes.editHash || hashes.viewHash);
var cid = Hash.hrefToHexChannelId(url, pd.password); var cid = pd.channel;
Common.sendAnonRpcMsg('IS_CHANNEL_PINNED', cid, function (x) { Common.sendAnonRpcMsg('IS_CHANNEL_PINNED', cid, function (x) {
if (x.error || !Array.isArray(x.response)) { return void console.log(x); } if (x.error || !Array.isArray(x.response)) { return void console.log(x); }
if (x.response[0] === true) { if (x.response[0] === true) {

5
www/common/userObject.js
View File

@ -78,7 +78,6 @@ define([
exp.isReadOnlyFile = function (element) { exp.isReadOnlyFile = function (element) {
if (!isFile(element)) { return false; } if (!isFile(element)) { return false; }
var data = exp.getFileData(element); var data = exp.getFileData(element);
// Password not needed
var parsed = Hash.parsePadUrl(data.href); var parsed = Hash.parsePadUrl(data.href);
if (!parsed) { return false; } if (!parsed) { return false; }
var pHash = parsed.hashData; var pHash = parsed.hashData;
@ -385,11 +384,9 @@ define([
// Get drive ids of files from their channel ids // Get drive ids of files from their channel ids
exp.findChannels = function (channels) { exp.findChannels = function (channels) {
var allFilesList = files[FILES_DATA]; var allFilesList = files[FILES_DATA];
var channels64 = channels.slice().map(Util.hexToBase64);
return getFiles([FILES_DATA]).filter(function (k) { return getFiles([FILES_DATA]).filter(function (k) {
var data = allFilesList[k]; var data = allFilesList[k];
var parsed = Hash.parsePadUrl(data.href, data.password); return channels.indexOf(data.channel) !== -1;
return parsed.hashData && channels64.indexOf(parsed.hashData.channel) !== -1;
}); });
}; };

7
www/drive/inner.js
View File

@ -1264,7 +1264,6 @@ define([
var data = filesOp.getFileData(element); var data = filesOp.getFileData(element);
if (!data) { return void logError("No data for the file", element); } if (!data) { return void logError("No data for the file", element); }
// Password not needed
var hrefData = Hash.parsePadUrl(data.href); var hrefData = Hash.parsePadUrl(data.href);
if (hrefData.type) { if (hrefData.type) {
$span.addClass('cp-border-color-'+hrefData.type); $span.addClass('cp-border-color-'+hrefData.type);
@ -1297,7 +1296,7 @@ define([
$span.attr('title', name); $span.attr('title', name);
var type = Messages.type[hrefData.type] || hrefData.type; var type = Messages.type[hrefData.type] || hrefData.type;
common.displayThumbnail(data.href, $span, function ($thumb) { common.displayThumbnail(data.href, data.channel, $span, function ($thumb) {
// Called only if the thumbnail exists // Called only if the thumbnail exists
// Remove the .hide() added by displayThumnail() because it hides the icon in // Remove the .hide() added by displayThumnail() because it hides the icon in
// list mode too // list mode too
@ -1836,7 +1835,6 @@ define([
var data = filesOp.getFileData(id); var data = filesOp.getFileData(id);
if (!data) { return ''; } if (!data) { return ''; }
if (prop === 'type') { if (prop === 'type') {
// Password not needed
var hrefData = Hash.parsePadUrl(data.href); var hrefData = Hash.parsePadUrl(data.href);
return hrefData.type; return hrefData.type;
} }
@ -1872,7 +1870,6 @@ define([
}; };
} }
if (prop === 'type') { if (prop === 'type') {
// Password not needed
var hrefData = Hash.parsePadUrl(e.href); var hrefData = Hash.parsePadUrl(e.href);
return hrefData.type; return hrefData.type;
} }
@ -2096,7 +2093,6 @@ define([
filesList.forEach(function (r) { filesList.forEach(function (r) {
r.paths.forEach(function (path) { r.paths.forEach(function (path) {
var href = r.data.href; var href = r.data.href;
// Password not needed
var parsed = Hash.parsePadUrl(href); var parsed = Hash.parsePadUrl(href);
var $table = $('<table>'); var $table = $('<table>');
var $icon = $('<td>', {'rowspan': '3', 'class': 'cp-app-drive-search-icon'}) var $icon = $('<td>', {'rowspan': '3', 'class': 'cp-app-drive-search-icon'})
@ -2653,7 +2649,6 @@ define([
if (!filesOp.isFile(id)) { return; } if (!filesOp.isFile(id)) { return; }
var data = filesOp.getFileData(id); var data = filesOp.getFileData(id);
if (!data) { return; } if (!data) { return; }
// Password not needed
var parsed = Hash.parsePadUrl(data.href); var parsed = Hash.parsePadUrl(data.href);
if (parsed.hashData.type !== "pad") { return; } if (parsed.hashData.type !== "pad") { return; }
var i = data.href.indexOf('#') + 1; var i = data.href.indexOf('#') + 1;

1
www/drive/main.js
View File

@ -39,6 +39,7 @@ define([
var getSecrets = function (Cryptpad, Utils, cb) { var getSecrets = function (Cryptpad, Utils, cb) {
var hash = window.location.hash.slice(1) || Utils.LocalStore.getUserHash() || var hash = window.location.hash.slice(1) || Utils.LocalStore.getUserHash() ||
Utils.LocalStore.getFSHash(); Utils.LocalStore.getFSHash();
// No password for drive
cb(null, Utils.Hash.getSecrets('drive', hash)); cb(null, Utils.Hash.getSecrets('drive', hash));
}; };
var addRpc = function (sframeChan, Cryptpad, Utils) { var addRpc = function (sframeChan, Cryptpad, Utils) {

5
www/file/inner.js
View File

@ -61,7 +61,7 @@ define([
if (!priv.filehash) { if (!priv.filehash) {
uploadMode = true; uploadMode = true;
} else { } else {
// FILE_HASHES2 // PASSWORD_FILES
secret = Hash.getSecrets('file', priv.filehash); secret = Hash.getSecrets('file', priv.filehash);
if (!secret.keys) { throw new Error("You need a hash"); } if (!secret.keys) { throw new Error("You need a hash"); }
hexFileName = Util.base64ToHex(secret.channel); hexFileName = Util.base64ToHex(secret.channel);
@ -232,8 +232,7 @@ define([
$dlform.find('#cp-app-file-dlfile, #cp-app-file-dlprogress').click(onClick); $dlform.find('#cp-app-file-dlfile, #cp-app-file-dlprogress').click(onClick);
}; };
var href = priv.origin + priv.pathname + priv.filehash; var href = priv.origin + priv.pathname + priv.filehash;
// PASSWORD_FILES common.getFileSize(hexFileName, function (e, data) {
common.getFileSize(href, null, function (e, data) {
if (e) { if (e) {
return void UI.errorLoadingScreen(e); return void UI.errorLoadingScreen(e);
} }

2
www/filepicker/inner.js
View File

@ -139,7 +139,7 @@ define([
}); });
// Add thumbnail if it exists // Add thumbnail if it exists
common.displayThumbnail(data.href, $span); common.displayThumbnail(data.href, data.channel, $span);
}); });
$input.focus(); $input.focus();
}; };

3
www/profile/main.js
View File

@ -40,6 +40,7 @@ define([
var Hash = Utils.Hash; var Hash = Utils.Hash;
// 1st case: visiting someone else's profile with hash in the URL // 1st case: visiting someone else's profile with hash in the URL
if (window.location.hash) { if (window.location.hash) {
// No password for profiles
return void cb(null, Hash.getSecrets('profile', window.location.hash.slice(1))); return void cb(null, Hash.getSecrets('profile', window.location.hash.slice(1)));
} }
var editHash; var editHash;
@ -50,6 +51,7 @@ define([
})); }));
}).nThen(function () { }).nThen(function () {
if (editHash) { if (editHash) {
// No password for profile
return void cb(null, Hash.getSecrets('profile', editHash)); return void cb(null, Hash.getSecrets('profile', editHash));
} }
// 3rd case: profile creation (create a new random hash, store it later if needed) // 3rd case: profile creation (create a new random hash, store it later if needed)
@ -58,6 +60,7 @@ define([
window.location.href = '/drive'; window.location.href = '/drive';
return void cb(); return void cb();
} }
// No password for profile
var hash = Hash.createRandomHash('profile'); var hash = Hash.createRandomHash('profile');
var secret = Hash.getSecrets('profile', hash); var secret = Hash.getSecrets('profile', hash);
Cryptpad.pinPads([secret.channel], function (e) { Cryptpad.pinPads([secret.channel], function (e) {

1
www/todo/main.js
View File

@ -38,6 +38,7 @@ define([
}).nThen(function (/*waitFor*/) { }).nThen(function (/*waitFor*/) {
var getSecrets = function (Cryptpad, Utils, cb) { var getSecrets = function (Cryptpad, Utils, cb) {
Cryptpad.getTodoHash(function (hash) { Cryptpad.getTodoHash(function (hash) {
// No password for todo
var nHash = hash || Utils.Hash.createRandomHash('todo'); var nHash = hash || Utils.Hash.createRandomHash('todo');
if (!hash) { Cryptpad.setTodoHash(nHash); } if (!hash) { Cryptpad.setTodoHash(nHash); }
cb(null, Utils.Hash.getSecrets('todo', nHash)); cb(null, Utils.Hash.getSecrets('todo', nHash));

2
www/whiteboard/inner.js
View File

@ -389,7 +389,7 @@ define([
var D = Thumb.getResizedDimensions($canvas[0], 'pad'); var D = Thumb.getResizedDimensions($canvas[0], 'pad');
Thumb.fromCanvas($canvas[0], D, function (err, b64) { Thumb.fromCanvas($canvas[0], D, function (err, b64) {
oldThumbnailState = content; oldThumbnailState = content;
Thumb.setPadThumbnail(common, href, b64); Thumb.setPadThumbnail(common, href, privateDat.channel, b64);
}); });
}; };
window.setInterval(mkThumbnail, Thumb.UPDATE_INTERVAL); window.setInterval(mkThumbnail, Thumb.UPDATE_INTERVAL);