restoring password protection

This commit is contained in:
El RIDO 2017-03-12 16:06:17 +01:00
parent 651e38acbe
commit 1649ff34f5
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
3 changed files with 20 additions and 54 deletions

View File

@ -1419,14 +1419,11 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
$passwordForm, $passwordForm,
$passwordModal; $passwordModal;
var password = '', var password = '';
passwordCallback = null;
/** /**
* ask the user for the password and set it * ask the user for the password and set it
* *
* the callback set via setPasswordCallback is executed
*
* @name Prompt.requestPassword() * @name Prompt.requestPassword()
* @function * @function
*/ */
@ -1438,7 +1435,6 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
backdrop: 'static', backdrop: 'static',
keyboard: false keyboard: false
}); });
return; return;
} }
@ -1453,10 +1449,6 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
} }
password = newPassword; password = newPassword;
if (passwordCallback !== null) {
passwordCallback();
}
} }
/** /**
@ -1474,18 +1466,6 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
return password; return password;
} }
/**
* setsthe callback called when password is entered
*
* @name Prompt.setPasswordCallback
* @function
* @param {functions} setPasswordCallback
*/
me.setPasswordCallback = function(callback)
{
passwordCallback = callback;
}
/** /**
* submit a password in the modal dialog * submit a password in the modal dialog
* *
@ -1495,17 +1475,15 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
*/ */
function submitPasswordModal(event) function submitPasswordModal(event)
{ {
event.preventDefault();
// get input // get input
password = $passwordDecrypt.val(); password = $passwordDecrypt.val();
// hide modal // hide modal
$passwordModal.modal('hide'); $passwordModal.modal('hide');
if (passwordCallback !== null) { PasteDecrypter.run();
passwordCallback();
}
event.preventDefault();
} }
@ -3613,19 +3591,14 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
password = Prompt.getPassword(); password = Prompt.getPassword();
// if password is there, re-try // if password is there, re-try
if (password.length !== 0) { if (password.length == 0) {
password = Prompt.requestPassword();
}
// recursive // recursive
// note: an infinite loop is prevented as the previous if // note: an infinite loop is prevented as the previous if
// clause checks whether a password is already set and ignores // clause checks whether a password is already set and ignores
// errors when a password has been passed // errors when a password has been passed
return decryptOrPromptPassword.apply(arguments); return decryptOrPromptPassword.apply(key, password, cipherdata);
}
// trigger password request
Prompt.requestPassword();
// the callback (via setPasswordCallback()) should have been set
// by a parent function
return false;
} }
// if all tries failed, we can only return an error // if all tries failed, we can only return an error
@ -3700,7 +3673,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
var attachmentName; var attachmentName;
if (paste.attachmentname) { if (paste.attachmentname) {
try { try {
var attachmentName = decryptOrPromptPassword(key, password, paste.attachmentname); attachmentName = decryptOrPromptPassword(key, password, paste.attachmentname);
} catch (err) { } catch (err) {
throw 'failed to decipher attachment name: ' + err throw 'failed to decipher attachment name: ' + err
} }
@ -3755,6 +3728,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
*/ */
me.run = function(paste) me.run = function(paste)
{ {
Alert.hideMessages();
Alert.showLoading('Decrypting paste…', 0, 'cloud-download'); // @TODO icon maybe rotation-lock, but needs full Glyphicons Alert.showLoading('Decrypting paste…', 0, 'cloud-download'); // @TODO icon maybe rotation-lock, but needs full Glyphicons
if (typeof paste === 'undefined') { if (typeof paste === 'undefined') {
@ -3771,10 +3745,6 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
// try to decrypt the paste // try to decrypt the paste
try { try {
Prompt.setPasswordCallback(function () {
me.run(paste);
});
// decrypt attachments // decrypt attachments
if (paste.attachment) { if (paste.attachment) {
// try to decrypt paste and if it fails (because the password is // try to decrypt paste and if it fails (because the password is
@ -3782,15 +3752,11 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) {
if (!decryptAttachment(paste, key, password)) { if (!decryptAttachment(paste, key, password)) {
return; return;
} }
} // ignore empty paste, as this is allowed when pasting attachments
// Deliberately ignores non-critical errors as this decryption
// can also return an empty string and when this is done, the
// decryption routine cannot differenciate this to an error.
// As, however, the attachment could already be decrypted we
// can continue here without showing an error, but just an empty
// paste text.
decryptPaste(paste, key, password, true); decryptPaste(paste, key, password, true);
} else {
decryptPaste(paste, key, password);
}
} catch(err) { } catch(err) {
Alert.hideLoading(); Alert.hideLoading();

View File

@ -69,7 +69,7 @@ if ($MARKDOWN):
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-Np6M1TYAhyN/c5SaNYsTnQW+yLyMW3zr/TuiJipi77GxWdayOxcc/3CqCodtm5YPxxdyIwhjjJTclMOdwjdBKQ==" crossorigin="anonymous"></script> <script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-Twits2in/YkEGNmhvYLmBl6zBKLtymFOzwAqxcJHQ0zJBpXCvxxmbIoW0LUWnzTq2hUtPgjAMZznSU2xkMPjjQ==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->
@ -94,7 +94,7 @@ endif;
<form id="passwordform" role="form"> <form id="passwordform" role="form">
<div class="form-group"> <div class="form-group">
<label for="passworddecrypt"><span class="glyphicon glyphicon-eye-open"></span> <?php echo I18n::_('Please enter the password for this paste:') ?></label> <label for="passworddecrypt"><span class="glyphicon glyphicon-eye-open"></span> <?php echo I18n::_('Please enter the password for this paste:') ?></label>
<input id="passworddecrypt" type="password" class="form-control" placeholder="<?php echo I18n::_('Enter password') ?>" autofocus> <input id="passworddecrypt" type="password" class="form-control" placeholder="<?php echo I18n::_('Enter password') ?>">
</div> </div>
<button type="submit" class="btn btn-success btn-block"><span class="glyphicon glyphicon-off"></span> <?php echo I18n::_('Decrypt') ?></button> <button type="submit" class="btn btn-success btn-block"><span class="glyphicon glyphicon-off"></span> <?php echo I18n::_('Decrypt') ?></button>
</form> </form>

View File

@ -47,7 +47,7 @@ if ($MARKDOWN):
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-Np6M1TYAhyN/c5SaNYsTnQW+yLyMW3zr/TuiJipi77GxWdayOxcc/3CqCodtm5YPxxdyIwhjjJTclMOdwjdBKQ==" crossorigin="anonymous"></script> <script type="text/javascript" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-Twits2in/YkEGNmhvYLmBl6zBKLtymFOzwAqxcJHQ0zJBpXCvxxmbIoW0LUWnzTq2hUtPgjAMZznSU2xkMPjjQ==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->