working browser password
Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>
This commit is contained in:
parent
e1e8618015
commit
2cc2cf0de7
@ -1512,7 +1512,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||
me.getPasteKey = function()
|
||||
{
|
||||
if (symmetricKey === null) {
|
||||
let newKey = window.location.hash.substring(1);
|
||||
let pos = 1;
|
||||
const pt = '#protected/';
|
||||
if(window.location.hash.startsWith(pt)) {
|
||||
pos = pt.length;
|
||||
}
|
||||
let newKey = window.location.hash.substring(pos);
|
||||
if (newKey === '') {
|
||||
throw 'no encryption key given';
|
||||
}
|
||||
@ -2229,11 +2234,26 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||
const url = new URL(window.location);
|
||||
|
||||
// if protected request password
|
||||
if(url.pathname === '/protected') {
|
||||
const enc = CryptTool.base58decode(newKey).padStart(32, '\u0000');
|
||||
const cipherdata = [enc.ct, enc.adata];
|
||||
if(url.hash.startsWith('#protected/')) {
|
||||
const pt = '#protected/';
|
||||
let pos = pt.length;
|
||||
let newKey = window.location.hash.substring(pos);
|
||||
if (newKey === '') {
|
||||
throw 'no encryption key given';
|
||||
}
|
||||
|
||||
const plaindata = await CryptTool.decipher(enc.k, password, cipherdata);
|
||||
// Some web 2.0 services and redirectors add data AFTER the anchor
|
||||
// (such as &utm_source=...). We will strip any additional data.
|
||||
let ampersandPos = newKey.indexOf('&');
|
||||
if (ampersandPos > -1)
|
||||
{
|
||||
newKey = newKey.substring(0, ampersandPos);
|
||||
}
|
||||
const enc = CryptTool.base58decode(newKey).padStart(32, '\u0000');
|
||||
const dt = JSON.parse(enc);
|
||||
const cipherdata = [dt.ct, dt.adata]
|
||||
|
||||
const plaindata = await CryptTool.decipher(dt.k, password, cipherdata);
|
||||
window.location.replace(Helper.baseUri() + plaindata);
|
||||
return;
|
||||
}
|
||||
@ -4814,14 +4834,17 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||
Alert.hideMessages();
|
||||
|
||||
// show notification
|
||||
const baseUri = Helper.baseUri() + '?',
|
||||
deleteUrl = baseUri + 'pasteid=' + data.id + '&deletetoken=' + data.deletetoken;
|
||||
PasteStatus.createPasteNotification(url, deleteUrl);
|
||||
const baseUri = Helper.baseUri(),
|
||||
deleteUrl = baseUri + '?pasteid=' + data.id + '&deletetoken=' + data.deletetoken;
|
||||
let url;
|
||||
|
||||
const pw = TopNav.getPassword()
|
||||
|
||||
if(pw && pw.length) {
|
||||
|
||||
const sm = CryptTool.getSymmetricKey();
|
||||
|
||||
let openUri = + '?' + data.id + '#' + CryptTool.base58encode(data.encryptionKey);
|
||||
let openUri = '?' + data.id + '#' + CryptTool.base58encode(data.encryptionKey);
|
||||
let cipherResult = await CryptTool.cipher(sm, pw, openUri, []);
|
||||
|
||||
let dt = {}
|
||||
@ -4832,7 +4855,15 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||
|
||||
const encUrl = CryptTool.base58encode(JSON.stringify(dt))
|
||||
|
||||
const url = baseUri + 'protected/#' + encUrl;
|
||||
url = baseUri + '#protected/' + encUrl;
|
||||
} else {
|
||||
url = baseUri + '?' + data.id + '#' + CryptTool.base58encode(data.encryptionKey);
|
||||
}
|
||||
|
||||
PasteStatus.createPasteNotification(url, deleteUrl);
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
// show new URL in browser bar
|
||||
@ -4979,7 +5010,9 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||
|
||||
// prepare server interaction
|
||||
ServerInteraction.prepare();
|
||||
ServerInteraction.setCryptParameters(TopNav.getPassword());
|
||||
// This is not needed when encrypting browser side
|
||||
// ServerInteraction.setCryptParameters(TopNav.getPassword());
|
||||
ServerInteraction.setCryptParameters('');
|
||||
|
||||
// set success/fail functions
|
||||
ServerInteraction.setSuccess(showCreatedPaste);
|
||||
@ -5570,8 +5603,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
||||
const url = new URL(window.location);
|
||||
|
||||
// if protected request password
|
||||
if(url.pathname === '/protected') {
|
||||
const enc = CryptTool.base58decode(newKey).padStart(32, '\u0000');
|
||||
if(url.hash.startsWith('#protected/')) {
|
||||
return Prompt.requestPassword();
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user