Made changing passwords work correctly and made the legacy password migration set the migrate flag serverside

This commit is contained in:
Tracker-Friendly 2024-07-21 09:09:48 +01:00
parent 1a94acba76
commit 60b58143e7
2 changed files with 41 additions and 12 deletions

View File

@ -41,6 +41,7 @@ async function migrateLegacyPassword(secretKey, password) {
body: JSON.stringify({
secretKey: secretKey,
newPassword: password,
migration: true
}),
headers: {
"Content-Type": "application/json; charset=UTF-8",
@ -179,10 +180,17 @@ signupButton.addEventListener("click", () => {
hashLength: 32,
outputType: "hex"
}))
await migrateLegacyPassword(loginDataOld["key"], hashedPass)
statusBox.innerText = "Welcome back!"
await new Promise(r => setTimeout(r, 200))
window.location.href = "/app/"
statusBox.innerText = "Migrating password..."
let status = await migrateLegacyPassword(loginDataOld["key"], hashedPass)
if (status.status === 200) {
statusBox.innerText = "Welcome back!"
await new Promise(r => setTimeout(r, 200))
window.location.href = "/app/"
} else {
statusBox.innerText = (await status.json())["error"]
showInput(1)
showElements(true)
}
} else {
statusBox.innerText = loginDataOld["error"]
showInput(1)

View File

@ -416,11 +416,15 @@ document.addEventListener("DOMContentLoaded", function() {
}
async function hashpass(pass) {
let key = pass
for (let i = 0; i < 128; i++) {
key = await hashwasm.sha3(key)
}
return key
return await hashwasm.argon2id({
password: pass,
salt: new TextEncoder().encode("I munch Burgers!!"),
parallelism: 1,
iterations: 32,
memorySize: 19264,
hashLength: 32,
outputType: "hex"
})
}
changePasswordButton.addEventListener("click", () => {
@ -435,7 +439,8 @@ document.addEventListener("DOMContentLoaded", function() {
method: "POST",
body: JSON.stringify({
secretKey: secretkey,
newPassword: await hashpass(oldPass)
newPassword: await hashpass(oldPass),
migration: false
}),
headers: {
"Content-Type": "application/json; charset=UTF-8",
@ -466,7 +471,15 @@ document.addEventListener("DOMContentLoaded", function() {
await waitForConfirm()
const oldPass = errorInput.value
errorInput.classList.add("hidden")
if (await hashwasm.sha512(oldPass) !== password) {
if (await hashwasm.argon2id({
password: password,
salt: new TextEncoder().encode("I love Burgernotes!"),
parallelism: 1,
iterations: 32,
memorySize: 19264,
hashLength: 32,
outputType: "hex"
}) !== password) {
displayError("Incorrect password!")
} else {
errorInput.value = ""
@ -496,7 +509,15 @@ document.addEventListener("DOMContentLoaded", function() {
if (response.status === 200) {
let notes = await exportNotes()
let passwordBackup = password
password = await hashwasm.sha512(newPass)
password = await hashwasm.argon2id({
password: password,
salt: new TextEncoder().encode("I love Burgernotes!"),
parallelism: 1,
iterations: 32,
memorySize: 19264,
hashLength: 32,
outputType: "hex"
})
localStorage.setItem("DONOTSHARE-password", password)
let purgeNotes = await fetch(remote + "/api/purgenotes", {
method: "POST",