From 4f675086d3f729b039c7be12ac2c93ef1440d3bf Mon Sep 17 00:00:00 2001 From: Mo Bitar Date: Mon, 6 Nov 2017 09:43:22 -0600 Subject: [PATCH] Allow encrypted backups when using passcode --- .../app/services/desktopManager.js | 20 ++++++++--- .../services/directives/views/accountMenu.js | 36 +++++++++++++++---- .../app/services/passcodeManager.js | 8 +++-- .../directives/account-menu.html.haml | 6 ++-- 4 files changed, 55 insertions(+), 15 deletions(-) diff --git a/app/assets/javascripts/app/services/desktopManager.js b/app/assets/javascripts/app/services/desktopManager.js index 9240ccdf3..1cb28506c 100644 --- a/app/assets/javascripts/app/services/desktopManager.js +++ b/app/assets/javascripts/app/services/desktopManager.js @@ -2,7 +2,8 @@ class DesktopManager { - constructor($rootScope, modelManager, authManager) { + constructor($rootScope, modelManager, authManager, passcodeManager) { + this.passcodeManager = passcodeManager; this.modelManager = modelManager; this.authManager = authManager; this.$rootScope = $rootScope; @@ -29,10 +30,21 @@ class DesktopManager { } desktop_requestBackupFile() { + var keys, authParams, protocolVersion; + if(this.authManager.offline() && this.passcodeManager.hasPasscode()) { + keys = this.passcodeManager.keys(); + authParams = this.passcodeManager.passcodeAuthParams(); + protocolVersion = authParams.version; + } else { + keys = this.authManager.keys(); + authParams = this.authManager.getAuthParams(); + protocolVersion = this.authManager.protocolVersion(); + } + let data = this.modelManager.getAllItemsJSONData( - this.authManager.keys(), - this.authManager.getAuthParams(), - this.authManager.protocolVersion(), + keys, + authParams, + protocolVersion, true /* return null on empty */ ); return data; diff --git a/app/assets/javascripts/app/services/directives/views/accountMenu.js b/app/assets/javascripts/app/services/directives/views/accountMenu.js index 32e9cbf4f..68806f322 100644 --- a/app/assets/javascripts/app/services/directives/views/accountMenu.js +++ b/app/assets/javascripts/app/services/directives/views/accountMenu.js @@ -8,13 +8,17 @@ class AccountMenu { }; } - controller($scope, authManager, modelManager, syncManager, dbManager, passcodeManager, $timeout, storageManager) { + controller($scope, $rootScope, authManager, modelManager, syncManager, dbManager, passcodeManager, $timeout, storageManager) { 'ngInject'; $scope.formData = {mergeLocal: true, url: syncManager.serverURL, ephemeral: false}; $scope.user = authManager.user; $scope.server = syncManager.serverURL; + $scope.encryptedBackupsAvailable = function() { + return authManager.user || passcodeManager.hasPasscode(); + } + $scope.syncStatus = syncManager.syncStatus; $scope.encryptionKey = function() { @@ -153,6 +157,9 @@ class AccountMenu { syncManager.markAllItemsDirtyAndSaveOffline(function(){ block(); }, true) + + // Allows desktop to make backup file + $rootScope.$broadcast("major-data-change"); } else { modelManager.resetLocalMemory(); storageManager.clearAllModels(function(){ @@ -174,7 +181,7 @@ class AccountMenu { /* Import/Export */ - $scope.archiveFormData = {encrypted: $scope.user ? true : false}; + $scope.archiveFormData = {encrypted: $scope.encryptedBackupsAvailable() ? true : false}; $scope.user = authManager.user; $scope.submitImportPassword = function() { @@ -361,8 +368,19 @@ class AccountMenu { $scope.downloadDataArchive = function() { // download in Standard File format - var keys = $scope.archiveFormData.encrypted ? authManager.keys() : null; - var data = $scope.itemsData(keys); + var keys, authParams, protocolVersion; + if($scope.archiveFormData.encrypted) { + if(authManager.offline() && passcodeManager.hasPasscode()) { + keys = passcodeManager.keys(); + authParams = passcodeManager.passcodeAuthParams(); + protocolVersion = authParams.version; + } else { + keys = authManager.keys(); + authParams = authManager.getAuthParams(); + protocolVersion = authManager.protocolVersion(); + } + } + var data = $scope.itemsData(keys, authParams, protocolVersion); downloadData(data, `SN Archive - ${new Date()}.txt`); // download as zipped plain text files @@ -372,8 +390,8 @@ class AccountMenu { } } - $scope.itemsData = function(keys) { - let data = modelManager.getAllItemsJSONData(keys, authManager.getAuthParams(), authManager.protocolVersion()); + $scope.itemsData = function(keys, authParams, protocolVersion) { + let data = modelManager.getAllItemsJSONData(keys, authParams, protocolVersion); let blobData = new Blob([data], {type: 'text/json'}); return blobData; } @@ -516,6 +534,8 @@ class AccountMenu { if(offline) { syncManager.markAllItemsDirtyAndSaveOffline(); + // Allows desktop to make backup file + $rootScope.$broadcast("major-data-change"); } }) }) @@ -529,8 +549,12 @@ class AccountMenu { } if(confirm(message)) { passcodeManager.clearPasscode(); + if(authManager.offline()) { syncManager.markAllItemsDirtyAndSaveOffline(); + // Don't create backup here, as if the user is temporarily removing the passcode to change it, + // we don't want to write unencrypted data to disk. + // $rootScope.$broadcast("major-data-change"); } } } diff --git a/app/assets/javascripts/app/services/passcodeManager.js b/app/assets/javascripts/app/services/passcodeManager.js index 2124b6363..e4862fbe6 100644 --- a/app/assets/javascripts/app/services/passcodeManager.js +++ b/app/assets/javascripts/app/services/passcodeManager.js @@ -22,8 +22,12 @@ angular.module('app.frontend') return this._keys; } + this.passcodeAuthParams = function() { + return JSON.parse(storageManager.getItem("offlineParams", StorageManager.Fixed)); + } + this.unlock = function(passcode, callback) { - var params = JSON.parse(storageManager.getItem("offlineParams", StorageManager.Fixed)); + var params = this.passcodeAuthParams(); Neeto.crypto.computeEncryptionKeysForUser(_.merge({password: passcode}, params), function(keys){ if(keys.pw !== params.hash) { callback(false); @@ -40,7 +44,7 @@ angular.module('app.frontend') this.setPasscode = function(passcode, callback) { var cost = Neeto.crypto.defaultPasswordGenerationCost(); var salt = Neeto.crypto.generateRandomKey(512); - var defaultParams = {pw_cost: cost, pw_salt: salt}; + var defaultParams = {pw_cost: cost, pw_salt: salt, version: "002"}; Neeto.crypto.computeEncryptionKeysForUser(_.merge({password: passcode}, defaultParams), function(keys) { defaultParams.hash = keys.pw; diff --git a/app/assets/templates/frontend/directives/account-menu.html.haml b/app/assets/templates/frontend/directives/account-menu.html.haml index d0b5ba927..87ca42432 100644 --- a/app/assets/templates/frontend/directives/account-menu.html.haml +++ b/app/assets/templates/frontend/directives/account-menu.html.haml @@ -141,15 +141,15 @@ .mt-25{"ng-if" => "!importData.loading"} %h4 Data Archives - .mt-5{"ng-if" => "user"} - %label.normal.inline{"ng-if" => "user"} + .mt-5{"ng-if" => "encryptedBackupsAvailable()"} + %label.normal.inline %input{"type" => "radio", "ng-model" => "archiveFormData.encrypted", "ng-value" => "true", "ng-change" => "archiveFormData.encrypted = true"} Encrypted %label.normal.inline %input{"type" => "radio", "ng-model" => "archiveFormData.encrypted", "ng-value" => "false", "ng-change" => "archiveFormData.encrypted = false"} Decrypted - %a.block.mt-5{"ng-click" => "downloadDataArchive()", "ng-class" => "{'mt-5' : !user}"} Export Data Archive + %a.block.mt-5{"ng-click" => "downloadDataArchive()", "ng-class" => "{'mt-5' : !user}"} Download Data Archive %label.block.mt-5 %input{"type" => "file", "style" => "display: none;", "file-change" => "->", "handler" => "importFileSelected(files)"}