Ailur-Archives
/
burgernotes-web
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

Made changing passwords work correctly and made the legacy password migration set the migrate flag serverside

This commit is contained in:
Tracker-Friendly 2024-07-21 09:09:48 +01:00
parent 1a94acba76
commit 60b58143e7
2 changed files with 41 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
static/js/login.js
View File

@ -41,6 +41,7 @@ async function migrateLegacyPassword(secretKey, password) {
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretKey, secretKey: secretKey,
newPassword: password, newPassword: password,
migration: true
}), }),
headers: { headers: {
"Content-Type": "application/json; charset=UTF-8", "Content-Type": "application/json; charset=UTF-8",
@ -179,10 +180,17 @@ signupButton.addEventListener("click", () => {
hashLength: 32, hashLength: 32,
outputType: "hex" outputType: "hex"
})) }))
await migrateLegacyPassword(loginDataOld["key"], hashedPass) statusBox.innerText = "Migrating password..."
statusBox.innerText = "Welcome back!" let status = await migrateLegacyPassword(loginDataOld["key"], hashedPass)
await new Promise(r => setTimeout(r, 200)) if (status.status === 200) {
window.location.href = "/app/" statusBox.innerText = "Welcome back!"
await new Promise(r => setTimeout(r, 200))
window.location.href = "/app/"
} else {
statusBox.innerText = (await status.json())["error"]
showInput(1)
showElements(true)
}
} else { } else {
statusBox.innerText = loginDataOld["error"] statusBox.innerText = loginDataOld["error"]
showInput(1) showInput(1)

37
static/js/main.js
View File

@ -416,11 +416,15 @@ document.addEventListener("DOMContentLoaded", function() {
} }
async function hashpass(pass) { async function hashpass(pass) {
let key = pass return await hashwasm.argon2id({
for (let i = 0; i < 128; i++) { password: pass,
key = await hashwasm.sha3(key) salt: new TextEncoder().encode("I munch Burgers!!"),
} parallelism: 1,
return key iterations: 32,
memorySize: 19264,
hashLength: 32,
outputType: "hex"
})
} }
changePasswordButton.addEventListener("click", () => { changePasswordButton.addEventListener("click", () => {
@ -435,7 +439,8 @@ document.addEventListener("DOMContentLoaded", function() {
method: "POST", method: "POST",
body: JSON.stringify({ body: JSON.stringify({
secretKey: secretkey, secretKey: secretkey,
newPassword: await hashpass(oldPass) newPassword: await hashpass(oldPass),
migration: false
}), }),
headers: { headers: {
"Content-Type": "application/json; charset=UTF-8", "Content-Type": "application/json; charset=UTF-8",
@ -466,7 +471,15 @@ document.addEventListener("DOMContentLoaded", function() {
await waitForConfirm() await waitForConfirm()
const oldPass = errorInput.value const oldPass = errorInput.value
errorInput.classList.add("hidden") errorInput.classList.add("hidden")
if (await hashwasm.sha512(oldPass) !== password) { if (await hashwasm.argon2id({
password: password,
salt: new TextEncoder().encode("I love Burgernotes!"),
parallelism: 1,
iterations: 32,
memorySize: 19264,
hashLength: 32,
outputType: "hex"
}) !== password) {
displayError("Incorrect password!") displayError("Incorrect password!")
} else { } else {
errorInput.value = "" errorInput.value = ""
@ -496,7 +509,15 @@ document.addEventListener("DOMContentLoaded", function() {
if (response.status === 200) { if (response.status === 200) {
let notes = await exportNotes() let notes = await exportNotes()
let passwordBackup = password let passwordBackup = password
password = await hashwasm.sha512(newPass) password = await hashwasm.argon2id({
password: password,
salt: new TextEncoder().encode("I love Burgernotes!"),
parallelism: 1,
iterations: 32,
memorySize: 19264,
hashLength: 32,
outputType: "hex"
})
localStorage.setItem("DONOTSHARE-password", password) localStorage.setItem("DONOTSHARE-password", password)
let purgeNotes = await fetch(remote + "/api/purgenotes", { let purgeNotes = await fetch(remote + "/api/purgenotes", {
method: "POST", method: "POST",