working browser password

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>
This commit is contained in:
Tobias Gurtzick 2024-01-08 12:28:41 +01:00
parent e1e8618015
commit 2cc2cf0de7
No known key found for this signature in database
GPG Key ID: 6C56E4E3D2EAC901

View File

@ -1512,7 +1512,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
me.getPasteKey = function() me.getPasteKey = function()
{ {
if (symmetricKey === null) { if (symmetricKey === null) {
let newKey = window.location.hash.substring(1); let pos = 1;
const pt = '#protected/';
if(window.location.hash.startsWith(pt)) {
pos = pt.length;
}
let newKey = window.location.hash.substring(pos);
if (newKey === '') { if (newKey === '') {
throw 'no encryption key given'; throw 'no encryption key given';
} }
@ -2229,13 +2234,28 @@ jQuery.PrivateBin = (function($, RawDeflate) {
const url = new URL(window.location); const url = new URL(window.location);
// if protected request password // if protected request password
if(url.pathname === '/protected') { if(url.hash.startsWith('#protected/')) {
const enc = CryptTool.base58decode(newKey).padStart(32, '\u0000'); const pt = '#protected/';
const cipherdata = [enc.ct, enc.adata]; let pos = pt.length;
let newKey = window.location.hash.substring(pos);
if (newKey === '') {
throw 'no encryption key given';
}
const plaindata = await CryptTool.decipher(enc.k, password, cipherdata); // Some web 2.0 services and redirectors add data AFTER the anchor
// (such as &utm_source=...). We will strip any additional data.
let ampersandPos = newKey.indexOf('&');
if (ampersandPos > -1)
{
newKey = newKey.substring(0, ampersandPos);
}
const enc = CryptTool.base58decode(newKey).padStart(32, '\u0000');
const dt = JSON.parse(enc);
const cipherdata = [dt.ct, dt.adata]
const plaindata = await CryptTool.decipher(dt.k, password, cipherdata);
window.location.replace(Helper.baseUri() + plaindata); window.location.replace(Helper.baseUri() + plaindata);
return; return;
} }
PasteDecrypter.run(); PasteDecrypter.run();
@ -4814,25 +4834,36 @@ jQuery.PrivateBin = (function($, RawDeflate) {
Alert.hideMessages(); Alert.hideMessages();
// show notification // show notification
const baseUri = Helper.baseUri() + '?', const baseUri = Helper.baseUri(),
deleteUrl = baseUri + 'pasteid=' + data.id + '&deletetoken=' + data.deletetoken; deleteUrl = baseUri + '?pasteid=' + data.id + '&deletetoken=' + data.deletetoken;
PasteStatus.createPasteNotification(url, deleteUrl); let url;
const pw = TopNav.getPassword() const pw = TopNav.getPassword()
const sm = CryptTool.getSymmetricKey();
let openUri = + '?' + data.id + '#' + CryptTool.base58encode(data.encryptionKey);
let cipherResult = await CryptTool.cipher(sm, pw, openUri, []);
let dt = {} if(pw && pw.length) {
dt['v'] = 2;
dt['ct'] = cipherResult[0]; const sm = CryptTool.getSymmetricKey();
dt['adata'] = cipherResult[1];
dt['k'] = sm; let openUri = '?' + data.id + '#' + CryptTool.base58encode(data.encryptionKey);
let cipherResult = await CryptTool.cipher(sm, pw, openUri, []);
let dt = {}
dt['v'] = 2;
dt['ct'] = cipherResult[0];
dt['adata'] = cipherResult[1];
dt['k'] = sm;
const encUrl = CryptTool.base58encode(JSON.stringify(dt))
url = baseUri + '#protected/' + encUrl;
} else {
url = baseUri + '?' + data.id + '#' + CryptTool.base58encode(data.encryptionKey);
}
PasteStatus.createPasteNotification(url, deleteUrl);
const encUrl = CryptTool.base58encode(JSON.stringify(dt))
const url = baseUri + 'protected/#' + encUrl;
// show new URL in browser bar // show new URL in browser bar
@ -4979,7 +5010,9 @@ jQuery.PrivateBin = (function($, RawDeflate) {
// prepare server interaction // prepare server interaction
ServerInteraction.prepare(); ServerInteraction.prepare();
ServerInteraction.setCryptParameters(TopNav.getPassword()); // This is not needed when encrypting browser side
// ServerInteraction.setCryptParameters(TopNav.getPassword());
ServerInteraction.setCryptParameters('');
// set success/fail functions // set success/fail functions
ServerInteraction.setSuccess(showCreatedPaste); ServerInteraction.setSuccess(showCreatedPaste);
@ -5565,13 +5598,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
try { try {
Model.getPasteId(); Model.getPasteId();
} catch (e) { } catch (e) {
// check if protected pathname // check if protected pathname
const url = new URL(window.location); const url = new URL(window.location);
// if protected request password // if protected request password
if(url.pathname === '/protected') { if(url.hash.startsWith('#protected/')) {
const enc = CryptTool.base58decode(newKey).padStart(32, '\u0000');
return Prompt.requestPassword(); return Prompt.requestPassword();
} }