From 8a4929bf14aed7631fbf5797b3e1b4ab2b35717d Mon Sep 17 00:00:00 2001 From: Mo Bitar Date: Sun, 15 Jan 2017 16:55:24 -0600 Subject: [PATCH 1/7] crypto safety check --- app/assets/javascripts/app/app.frontend.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/assets/javascripts/app/app.frontend.js b/app/assets/javascripts/app/app.frontend.js index 7159af495..901287ace 100644 --- a/app/assets/javascripts/app/app.frontend.js +++ b/app/assets/javascripts/app/app.frontend.js @@ -2,7 +2,7 @@ var Neeto = Neeto || {}; -if(window.crypto.subtle) { +if(window.crypto && window.crypto.subtle) { Neeto.crypto = new SNCryptoWeb(); } else { Neeto.crypto = new SNCryptoJS(); From 6838a20e866736c82ee692388a29ee4fa71feea3 Mon Sep 17 00:00:00 2001 From: Mo Bitar Date: Sun, 15 Jan 2017 17:00:19 -0600 Subject: [PATCH 2/7] crypto safety check --- app/assets/javascripts/app/services/apiController.js | 2 +- app/views/application/frontend.html.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/assets/javascripts/app/services/apiController.js b/app/assets/javascripts/app/services/apiController.js index 07e5bffcc..23c198ed6 100644 --- a/app/assets/javascripts/app/services/apiController.js +++ b/app/assets/javascripts/app/services/apiController.js @@ -90,7 +90,7 @@ angular.module('app.frontend') // if user has high password cost and is using browser that doesn't support WebCrypto, // we want to tell them that they can't login with this browser. if(cost > 5000) { - return window.crypto.subtle ? true : false; + return (window.crypto && window.crypto.subtle) ? true : false; } else { return true; } diff --git a/app/views/application/frontend.html.erb b/app/views/application/frontend.html.erb index 429187e7f..5e965dc17 100644 --- a/app/views/application/frontend.html.erb +++ b/app/views/application/frontend.html.erb @@ -1,4 +1,4 @@ - + From e8ace18e280fbf776a9e62666c113c1ac09702eb Mon Sep 17 00:00:00 2001 From: Mo Bitar Date: Sun, 15 Jan 2017 17:04:14 -0600 Subject: [PATCH 3/7] crypto safety check --- app/assets/javascripts/app/services/helpers/webcrypto.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/assets/javascripts/app/services/helpers/webcrypto.js b/app/assets/javascripts/app/services/helpers/webcrypto.js index e72fbca02..2601f72c3 100644 --- a/app/assets/javascripts/app/services/helpers/webcrypto.js +++ b/app/assets/javascripts/app/services/helpers/webcrypto.js @@ -1,4 +1,4 @@ -var subtleCrypto = window.crypto.subtle; +var subtleCrypto = window.crypto ? window.crypto.subtle : null; class SNCryptoWeb extends SNCrypto { From 13cf04c7c198c37078b4b9de9a8c4303a910290c Mon Sep 17 00:00:00 2001 From: Mo Bitar Date: Sun, 15 Jan 2017 17:33:54 -0600 Subject: [PATCH 4/7] remove textencoder dependency --- .../javascripts/app/services/helpers/webcrypto.js | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/app/assets/javascripts/app/services/helpers/webcrypto.js b/app/assets/javascripts/app/services/helpers/webcrypto.js index 2601f72c3..d4c015942 100644 --- a/app/assets/javascripts/app/services/helpers/webcrypto.js +++ b/app/assets/javascripts/app/services/helpers/webcrypto.js @@ -89,8 +89,16 @@ class SNCryptoWeb extends SNCrypto { } stringToArrayBuffer(string) { - var encoder = new TextEncoder("utf-8"); - return encoder.encode(string); + // not available on Edge/IE + // var encoder = new TextEncoder("utf-8"); + // var result = encoder.encode(string); + + var buf = new ArrayBuffer(string.length); + var bufView = new Uint8Array(buf); + for (var i=0, strLen=string.length; i Date: Sun, 15 Jan 2017 17:56:24 -0600 Subject: [PATCH 5/7] edge detect wip --- app/assets/javascripts/app/app.frontend.js | 10 ++++++++-- app/assets/javascripts/app/services/apiController.js | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/app/assets/javascripts/app/app.frontend.js b/app/assets/javascripts/app/app.frontend.js index 901287ace..bd2995417 100644 --- a/app/assets/javascripts/app/app.frontend.js +++ b/app/assets/javascripts/app/app.frontend.js @@ -2,11 +2,17 @@ var Neeto = Neeto || {}; -if(window.crypto && window.crypto.subtle) { +// detect IE8 and above, and edge. +// IE and Edge do not support pbkdf2 in WebCrypto, therefore we need to use CryptoJS +var IEOrEdge = document.documentMode || /Edge/.test(navigator.userAgent); + +if(!IEOrEdge && (window.crypto && window.crypto.subtle)) { + console.log("Using webcrypto"); Neeto.crypto = new SNCryptoWeb(); } else { - Neeto.crypto = new SNCryptoJS(); + console.log("Using CryptoJS"); } +Neeto.crypto = new SNCryptoJS(); angular.module('app.frontend', [ 'ui.router', diff --git a/app/assets/javascripts/app/services/apiController.js b/app/assets/javascripts/app/services/apiController.js index 23c198ed6..7a1843512 100644 --- a/app/assets/javascripts/app/services/apiController.js +++ b/app/assets/javascripts/app/services/apiController.js @@ -90,7 +90,7 @@ angular.module('app.frontend') // if user has high password cost and is using browser that doesn't support WebCrypto, // we want to tell them that they can't login with this browser. if(cost > 5000) { - return (window.crypto && window.crypto.subtle) ? true : false; + return Neeto.crypto instanceof SNCryptoWeb ? true : false; } else { return true; } From bbedad0fc58e13d3b6633c062c14fd41c6fecfc4 Mon Sep 17 00:00:00 2001 From: Mo Bitar Date: Sun, 15 Jan 2017 18:10:10 -0600 Subject: [PATCH 6/7] json parse exception handling --- app/assets/javascripts/app/app.frontend.js | 4 +--- app/assets/javascripts/app/frontend/models/api/item.js | 7 ++++++- app/assets/javascripts/app/services/apiController.js | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/app/assets/javascripts/app/app.frontend.js b/app/assets/javascripts/app/app.frontend.js index bd2995417..f19dfe4fd 100644 --- a/app/assets/javascripts/app/app.frontend.js +++ b/app/assets/javascripts/app/app.frontend.js @@ -7,12 +7,10 @@ var Neeto = Neeto || {}; var IEOrEdge = document.documentMode || /Edge/.test(navigator.userAgent); if(!IEOrEdge && (window.crypto && window.crypto.subtle)) { - console.log("Using webcrypto"); Neeto.crypto = new SNCryptoWeb(); } else { - console.log("Using CryptoJS"); + Neeto.crypto = new SNCryptoJS(); } -Neeto.crypto = new SNCryptoJS(); angular.module('app.frontend', [ 'ui.router', diff --git a/app/assets/javascripts/app/frontend/models/api/item.js b/app/assets/javascripts/app/frontend/models/api/item.js index e54468388..90c180943 100644 --- a/app/assets/javascripts/app/frontend/models/api/item.js +++ b/app/assets/javascripts/app/frontend/models/api/item.js @@ -27,7 +27,12 @@ class Item { return this.content; } - return JSON.parse(this.content); + try { + return JSON.parse(this.content); + } catch (e) { + console.log("Error parsing json", e); + return {}; + } } updateFromJSON(json) { diff --git a/app/assets/javascripts/app/services/apiController.js b/app/assets/javascripts/app/services/apiController.js index 7a1843512..edd90c0db 100644 --- a/app/assets/javascripts/app/services/apiController.js +++ b/app/assets/javascripts/app/services/apiController.js @@ -566,7 +566,7 @@ angular.module('app.frontend') item.content = Neeto.crypto.base64Decode(item.content.substring(3, item.content.length)) } } catch (e) { - console.log("Error decrypting item", item); + console.log("Error decrypting item", item, e); continue; } } From fbbfccdfe6c492ac1a4d9f1b3cca47d3001c4aed Mon Sep 17 00:00:00 2001 From: Mo Bitar Date: Sun, 15 Jan 2017 20:32:43 -0600 Subject: [PATCH 7/7] replace includes with lodash --- app/assets/javascripts/app/services/extensionManager.js | 6 +++--- app/assets/javascripts/app/services/modelManager.js | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/assets/javascripts/app/services/extensionManager.js b/app/assets/javascripts/app/services/extensionManager.js index b31997fda..e06aa527b 100644 --- a/app/assets/javascripts/app/services/extensionManager.js +++ b/app/assets/javascripts/app/services/extensionManager.js @@ -13,7 +13,7 @@ class ExtensionManager { ext.encrypted = this.extensionUsesEncryptedData(ext); for (var action of ext.actions) { - if(this.enabledRepeatActionUrls.includes(action.url)) { + if(_.includes(this.enabledRepeatActionUrls, action.url)) { this.enableRepeatAction(action, ext); } } @@ -38,7 +38,7 @@ class ExtensionManager { } extensionUsesEncryptedData(extension) { - return !this.decryptedExtensions.includes(extension.url); + return !_.includes(this.decryptedExtensions, extension.url); } changeExtensionEncryptionFormat(encrypted, extension) { @@ -174,7 +174,7 @@ class ExtensionManager { } isRepeatActionEnabled(action) { - return this.enabledRepeatActionUrls.includes(action.url); + return _.includes(this.enabledRepeatActionUrls, action.url); } disableRepeatAction(action, extension) { diff --git a/app/assets/javascripts/app/services/modelManager.js b/app/assets/javascripts/app/services/modelManager.js index 06d2cedd0..3291eb98f 100644 --- a/app/assets/javascripts/app/services/modelManager.js +++ b/app/assets/javascripts/app/services/modelManager.js @@ -24,7 +24,7 @@ class ModelManager { allItemsMatchingTypes(contentTypes) { return this.items.filter(function(item){ - return (contentTypes.includes(item.content_type) || contentTypes.includes("*")) && !item.dummy; + return (_.includes(contentTypes, item.content_type) || _.includes(contentTypes, "*")) && !item.dummy; }) } @@ -83,7 +83,7 @@ class ModelManager { notifyItemChangeObserversOfModels(models) { for(var observer of this.itemChangeObservers) { var relevantItems = models.filter(function(item){ - return observer.content_types.includes(item.content_type) || observer.content_types.includes("*"); + return _.includes(observer.content_types, item.content_type) || _.includes(observer.content_types, "*"); }); if(relevantItems.length > 0) {