From a994074db066dd32ae7df6bd7dbbf5375181bc08 Mon Sep 17 00:00:00 2001
From: Gregory Soutade <gregory@soutade.fr>
Date: Wed, 16 Oct 2013 18:40:06 +0200
Subject: [PATCH] Server side : 	* Add $ADMIN_MODE to enable create users 
 * Add protocol version (1 for now) 	* Give priority to letters in password
 generator

Client side :
	* Don't still use global variable to get document after loading
	* Add email type in possible values for username (used by gmail)
---
 firefox_addon/lib/main.js  | 65 ++++++++++++++++++++++----------------
 server/index.php           |  5 +--
 server/ref/index.php       |  4 +++
 server/ressources/gpass.js |  5 ++-
 4 files changed, 47 insertions(+), 32 deletions(-)

diff --git a/firefox_addon/lib/main.js b/firefox_addon/lib/main.js
index d71e45d..9b49a4d 100644
--- a/firefox_addon/lib/main.js
+++ b/firefox_addon/lib/main.js
@@ -26,8 +26,6 @@ var pkdbf2 = require("pkdbf2").pkdbf2;
 var aes = require("jsaes").aes;
 var parseURI = require("parseuri").parseURI;
 var prefSet = require("simple-prefs");
-// Global document
-var doc;
 var DEBUG = false;
 
 
@@ -68,13 +66,13 @@ function on_sumbit()
     salt = parseURI.parseUri(prefSet.prefs["account_url"]);
     salt = salt["host"] + salt["path"];
 
-    console.log("salt " + salt);
+    debug("salt " + salt);
 
     // Get all <input type="text">
     for (i=0; i<fields.length; i++)
     {
 	var field = fields[i];
-	if (field.getAttribute("type") == "text")
+	if (field.getAttribute("type") == "text" || field.getAttribute("type") == "email")
 	{
 	    if (field.hasAttribute("name"))
 		my_map.put(field.getAttribute("name"), field.value);
@@ -131,31 +129,44 @@ function on_sumbit()
 	    gPassRequest.addEventListener("load", function(evt) { 
 	    	r = this.responseText.split("\n");
 		debug("resp " + r);
-	    	if (r[0] != "<end>" && r[0].startsWith("pass="))
-	    	{
-		    ciphered_password = r[0].split("=");
-		    ciphered_password = ciphered_password[1];
-		    debug("Ciphered password : " + ciphered_password);
-		    clear_password = aes.decryptLongString(hex2a(ciphered_password), aes.init(mkey));
-		    aes.finish();
-		    // Remove salt
-		    clear_password = clear_password.replace(/\0*$/, "");
-		    clear_password = clear_password.substr(0, clear_password.length-3);
-	    	    debug("Clear password " + clear_password);
-	    	    field.value = clear_password;
-	    	}
-		else
+		protocol = r[0].split("=");
+		if (protocol[1] != "1")
 		{
-		    debug("No password found");
-
 		    ret = false;
-
 		    notifications.notify({
 			title: "gPasss",
-			text: "No password found in database",
-			data: "No password found in database",
+			text: "Protocol version not supported, please upgrade your addon",
+			data: "Protocol version not supported, please upgrade your addon",
 		    });
 		}
+		else
+		{
+	    	    if (r[1] != "<end>" && r[1].startsWith("pass="))
+	    	    {
+			ciphered_password = r[1].split("=");
+			ciphered_password = ciphered_password[1];
+			debug("Ciphered password : " + ciphered_password);
+			clear_password = aes.decryptLongString(hex2a(ciphered_password), aes.init(mkey));
+			aes.finish();
+			// Remove salt
+			clear_password = clear_password.replace(/\0*$/, "");
+			clear_password = clear_password.substr(0, clear_password.length-3);
+	    		debug("Clear password " + clear_password);
+	    		field.value = clear_password;
+	    	    }
+		    else
+		    {
+			debug("No password found");
+
+			ret = false;
+
+			notifications.notify({
+			    title: "gPasss",
+			    text: "No password found in database",
+			    data: "No password found in database",
+			});
+		    }
+		}
 		}, false);
 	    gPassRequest.addEventListener("error", function(evt) { 
 		debug("error"); 
@@ -179,10 +190,11 @@ function on_sumbit()
 
 function document_loaded(event)
 {
+    doc = event.target;
     // If there is a password in the form, add a "submit" listener
-    for(i=0; i<doc.document.forms.length; i++)
+    for(i=0; i<doc.forms.length; i++)
     {
-	var form = doc.document.forms[i];
+	var form = doc.forms[i];
 	var fields = form.getElementsByTagName("input");
 	for (a=0; a<fields.length; a++)
 	{
@@ -202,8 +214,7 @@ var httpRequestObserver =
 	{
 	    if (topic == "content-document-global-created")
 	    {
-		doc = subject;
-		doc.addEventListener("DOMContentLoaded", document_loaded, false);
+		subject.addEventListener("DOMContentLoaded", document_loaded, false);
 	    }
 	}
     };
diff --git a/server/index.php b/server/index.php
index b06d6c9..a2c2bc9 100755
--- a/server/index.php
+++ b/server/index.php
@@ -23,6 +23,7 @@ include('functions.php');
 session_start();
 
 $VIEW_CIPHERED_PASSWORDS=true;
+$ADMIN_MODE=true;
 
 $mkey = (isset($_POST['mkey'])) ? $_POST['mkey'] : "";
 $user = (isset($_POST['user'])) ? $_POST['user'] : "";
@@ -48,7 +49,7 @@ else
 
 <?php
 global $mkey;
-if (isset($_POST['create_user']))
+if ($ADMIN_MODE && isset($_POST['create_user']))
 {
     if (create_user($_POST['user']))
         $user = $_POST['user'];
@@ -68,7 +69,7 @@ else
 <a href="http://indefero.soutade.fr/p/gpass"><img src="ressources/gpass.png" alt="logo"/></a>
 </div>
 
-<div id="admin">
+    <div id="admin" <?php if (!$ADMIN_MODE) echo "style=\"display:none\"";?> >
 <form method="post">
 <input type="text" name="user"/> <input type="submit" name="create_user" value="Create user" onclick="return confirm('Are you sure want to create this user ?');"/>
 </form>
diff --git a/server/ref/index.php b/server/ref/index.php
index d0300d3..bf19044 100755
--- a/server/ref/index.php
+++ b/server/ref/index.php
@@ -31,12 +31,16 @@ function load_database()
     return $db;
 }
 
+$PROTOCOL_VERSION = 1;
+
 $db = load_database();
 
 $res = "";
 
 $statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
 
+echo "protocol=$PROTOCOL_VERSION\n";
+
 for ($i=0; isset($_POST["k$i"]); $i++)
 {
     $statement->bindValue(":login", $_POST["k$i"]);
diff --git a/server/ressources/gpass.js b/server/ressources/gpass.js
index 4dc90ea..61bf4ff 100755
--- a/server/ressources/gpass.js
+++ b/server/ressources/gpass.js
@@ -37,13 +37,12 @@ function generate_password()
     // numbers 48 - 57
     // upper 65 - 90
     // lower 97 - 122
-    var symbols = new Array(40, 47, 48, 57, 65, 90, 97, 122, 123, 126);
-    // var symbols = new Array(32, 47, 58, 64, 91, 96, 123, 126, 48, 57, 65, 90, 97, 122);
+    // Give priority to letters (65 - 122 duplicated in front and end of array)
+    var symbols = new Array(65, 90, 97, 122, 40, 47, 48, 57, 65, 90, 97, 122, 123, 126, 65, 90, 97, 122);
 
     field = document.getElementById("new_password");
 
     var res = "";
-    //for(i=0; i<16; i++)
     while (res.length < 16)
     {
 	a = Math.round(Math.random() * (symbols.length/2) * 2);