rmorawski/standardnotes-app-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

password cost check

Browse Source
This commit is contained in:
Mo Bitar
2017-01-15 10:29:02 -06:00
parent 3a92c2a2a5
commit 8bdc9b674b
2 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/assets/javascripts/app/frontend/controllers/header.js
View File

@@ -146,7 +146,9 @@ angular.module('app.frontend')
if(!response || response.error) { if(!response || response.error) {
var error = response ? response.error : {message: "An unknown error occured."} var error = response ? response.error : {message: "An unknown error occured."}
this.loginData.status = null; this.loginData.status = null;
alert(error.message); if(!response.didDisplayAlert) {
alert(error.message);
}
} else { } else {
this.onAuthSuccess(response.user); this.onAuthSuccess(response.user);
} }

22
app/assets/javascripts/app/services/apiController.js
View File

@@ -84,12 +84,34 @@ angular.module('app.frontend')
}) })
} }
this.supportsPasswordDerivationCost = function(cost) {
// some passwords are created on platforms with stronger pbkdf2 capabilities, like iOS,
// which accidentally used 60,000 iterations (now adjusted), which CryptoJS can't handle here (WebCrypto can however).
// if user has high password cost and is using browser that doesn't support WebCrypto,
// we want to tell them that they can't login with this browser.
if(cost > 5000) {
return window.crypto.subtle ? true : false;
} else {
return true;
}
}
this.login = function(email, password, callback) { this.login = function(email, password, callback) {
this.getAuthParamsForEmail(email, function(authParams){ this.getAuthParamsForEmail(email, function(authParams){
if(!authParams) { if(!authParams) {
callback(null); callback(null);
return; return;
} }
if(!this.supportsPasswordDerivationCost(authParams.pw_cost)) {
var string = "Your account was created on a platform with higher security capabilities than this browser supports. " +
"If we attempted to generate your login keys here, it would take hours. " +
"Please use a browser with more up to date security capabilities, like Google Chrome or Firefox, to login."
alert(string)
callback({didDisplayAlert: true});
return;
}
Neeto.crypto.computeEncryptionKeysForUser(_.merge({password: password}, authParams), function(keys){ Neeto.crypto.computeEncryptionKeysForUser(_.merge({password: password}, authParams), function(keys){
this.setMk(keys.mk); this.setMk(keys.mk);
var request = Restangular.one("auth/sign_in"); var request = Restangular.one("auth/sign_in");