Clear master keys and reset passwords after 15 minutes of inactivity

2016-08-20 13:23:36 +02:00 · 2016-08-20 13:23:36 +02:00 · 29e2c8337c
commit 29e2c8337c
parent 9b9c36070b
3 changed files with 60 additions and 0 deletions
--- a/server/conf.php
+++ b/server/conf.php
@ -79,4 +79,8 @@ $MAX_PASSWORDS_PER_REQUEST=10;
 */
 $REQUESTS_MIN_DELAY=1000;

+/*
+  Clear master keys and reset passwords after 15 minutes of inactivity
+ */
+$CLEAR_TIME=15*60*1000;
 ?>
--- a/server/index.php
+++ b/server/index.php
@ -79,6 +79,7 @@ else
    <script language="javascript">
    <?php
    echo "pkdbf2_level=$PKDBF2_LEVEL; use_shadow_logins=$USE_SHADOW_LOGINS;\n";
+    echo "CLEAR_TIME=$CLEAR_TIME; // Clear master key after 15 minutes\n";
    ?>
    </script>
    <script src="resources/jsaes.js"></script>
--- a/server/resources/gpass.js
+++ b/server/resources/gpass.js
@ -129,6 +129,7 @@ function derive_mkey(user, mkey)
 var passwords;
 var current_user = "";
 var current_mkey = "";
+var clearTimer = null;

 function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
    this.ciphered_login = ciphered_login;
@ -142,6 +143,16 @@ function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
    this.shadow_login = shadow_login;
    this.access_token = "";

+    this.reset = function()
+    {
+	this.unciphered = false;
+	this.clear_url = "";
+	this.clear_login = "";
+	this.clear_password = "";
+	this.masterkey = "";
+	this.salt = salt;
+    }
+
    this.encrypt = function(masterkey)
    {
 	if (masterkey == this.masterkey)
@ -231,6 +242,37 @@ function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
    }
 }

+function clearMasterKey()
+{
+    current_mkey = "";
+
+    for(i=0; i<passwords.length; i++)
+    {
+	passwords[i].reset();
+    }
+}
+
+function stopClearTimer()
+{
+    if (clearTimer)
+    {
+	clearTimeout(clearTimer);
+	clearTimer = null;
+    }
+}
+
+function startClearTimer()
+{
+    stopClearTimer();
+    clearTimer = setTimeout(
+	function()
+	{
+	    clearMasterKey();
+	    change_master_key(false);
+	}
+	, CLEAR_TIME);
+}
+
 function list_all_entries(user)
 {
    passwords = new Array();
@ -500,10 +542,17 @@ function update_master_key(warning_unciphered)
    current_mkey = document.getElementById("master_key").value;

    if (current_mkey != "")
+    {
 	current_mkey = derive_mkey(current_user, current_mkey);
+	startClearTimer();
+    }
    else
+    {
 	// Disable warning on empty master key (clear passwords from others)
 	warning_unciphered = false;
+	stopClearTimer();
+	clearMasterKey();
+    }

    change_master_key(warning_unciphered);
 }
@ -656,6 +705,8 @@ function add_password()

 function delete_entry(entry_number)
 {
+    startClearTimer();
+
    entry = document.getElementById(entry_number);

    if (entry == null) {
@ -720,6 +771,8 @@ function update_entry(entry_number)
    var mkey = "";
    var ciphered_login;

+    startClearTimer();
+
    entry = document.getElementById(entry_number);

    if (entry == null) {
@ -845,6 +898,8 @@ function makeText(text) {
 var text_link = null;
 function export_database()
 {
+    startClearTimer();
+
    link = document.getElementById("export_link");

    if (text_link != null) window.URL.revokeObjectURL(text_link);