Server side :

* Add $ADMIN_MODE to enable create users
	* Add protocol version (1 for now)
	* Give priority to letters in password generator

Client side :
	* Don't still use global variable to get document after loading
	* Add email type in possible values for username (used by gmail)
This commit is contained in:
Gregory Soutade 2013-10-16 18:40:06 +02:00
parent 6099b39329
commit a994074db0
4 changed files with 47 additions and 32 deletions

View File

@ -26,8 +26,6 @@ var pkdbf2 = require("pkdbf2").pkdbf2;
var aes = require("jsaes").aes;
var parseURI = require("parseuri").parseURI;
var prefSet = require("simple-prefs");
// Global document
var doc;
var DEBUG = false;
@ -68,13 +66,13 @@ function on_sumbit()
salt = parseURI.parseUri(prefSet.prefs["account_url"]);
salt = salt["host"] + salt["path"];
console.log("salt " + salt);
debug("salt " + salt);
// Get all <input type="text">
for (i=0; i<fields.length; i++)
{
var field = fields[i];
if (field.getAttribute("type") == "text")
if (field.getAttribute("type") == "text" || field.getAttribute("type") == "email")
{
if (field.hasAttribute("name"))
my_map.put(field.getAttribute("name"), field.value);
@ -131,31 +129,44 @@ function on_sumbit()
gPassRequest.addEventListener("load", function(evt) {
r = this.responseText.split("\n");
debug("resp " + r);
if (r[0] != "<end>" && r[0].startsWith("pass="))
{
ciphered_password = r[0].split("=");
ciphered_password = ciphered_password[1];
debug("Ciphered password : " + ciphered_password);
clear_password = aes.decryptLongString(hex2a(ciphered_password), aes.init(mkey));
aes.finish();
// Remove salt
clear_password = clear_password.replace(/\0*$/, "");
clear_password = clear_password.substr(0, clear_password.length-3);
debug("Clear password " + clear_password);
field.value = clear_password;
}
else
protocol = r[0].split("=");
if (protocol[1] != "1")
{
debug("No password found");
ret = false;
notifications.notify({
title: "gPasss",
text: "No password found in database",
data: "No password found in database",
text: "Protocol version not supported, please upgrade your addon",
data: "Protocol version not supported, please upgrade your addon",
});
}
else
{
if (r[1] != "<end>" && r[1].startsWith("pass="))
{
ciphered_password = r[1].split("=");
ciphered_password = ciphered_password[1];
debug("Ciphered password : " + ciphered_password);
clear_password = aes.decryptLongString(hex2a(ciphered_password), aes.init(mkey));
aes.finish();
// Remove salt
clear_password = clear_password.replace(/\0*$/, "");
clear_password = clear_password.substr(0, clear_password.length-3);
debug("Clear password " + clear_password);
field.value = clear_password;
}
else
{
debug("No password found");
ret = false;
notifications.notify({
title: "gPasss",
text: "No password found in database",
data: "No password found in database",
});
}
}
}, false);
gPassRequest.addEventListener("error", function(evt) {
debug("error");
@ -179,10 +190,11 @@ function on_sumbit()
function document_loaded(event)
{
doc = event.target;
// If there is a password in the form, add a "submit" listener
for(i=0; i<doc.document.forms.length; i++)
for(i=0; i<doc.forms.length; i++)
{
var form = doc.document.forms[i];
var form = doc.forms[i];
var fields = form.getElementsByTagName("input");
for (a=0; a<fields.length; a++)
{
@ -202,8 +214,7 @@ var httpRequestObserver =
{
if (topic == "content-document-global-created")
{
doc = subject;
doc.addEventListener("DOMContentLoaded", document_loaded, false);
subject.addEventListener("DOMContentLoaded", document_loaded, false);
}
}
};

View File

@ -23,6 +23,7 @@ include('functions.php');
session_start();
$VIEW_CIPHERED_PASSWORDS=true;
$ADMIN_MODE=true;
$mkey = (isset($_POST['mkey'])) ? $_POST['mkey'] : "";
$user = (isset($_POST['user'])) ? $_POST['user'] : "";
@ -48,7 +49,7 @@ else
<?php
global $mkey;
if (isset($_POST['create_user']))
if ($ADMIN_MODE && isset($_POST['create_user']))
{
if (create_user($_POST['user']))
$user = $_POST['user'];
@ -68,7 +69,7 @@ else
<a href="http://indefero.soutade.fr/p/gpass"><img src="ressources/gpass.png" alt="logo"/></a>
</div>
<div id="admin">
<div id="admin" <?php if (!$ADMIN_MODE) echo "style=\"display:none\"";?> >
<form method="post">
<input type="text" name="user"/> <input type="submit" name="create_user" value="Create user" onclick="return confirm('Are you sure want to create this user ?');"/>
</form>

View File

@ -31,12 +31,16 @@ function load_database()
return $db;
}
$PROTOCOL_VERSION = 1;
$db = load_database();
$res = "";
$statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
echo "protocol=$PROTOCOL_VERSION\n";
for ($i=0; isset($_POST["k$i"]); $i++)
{
$statement->bindValue(":login", $_POST["k$i"]);

View File

@ -37,13 +37,12 @@ function generate_password()
// numbers 48 - 57
// upper 65 - 90
// lower 97 - 122
var symbols = new Array(40, 47, 48, 57, 65, 90, 97, 122, 123, 126);
// var symbols = new Array(32, 47, 58, 64, 91, 96, 123, 126, 48, 57, 65, 90, 97, 122);
// Give priority to letters (65 - 122 duplicated in front and end of array)
var symbols = new Array(65, 90, 97, 122, 40, 47, 48, 57, 65, 90, 97, 122, 123, 126, 65, 90, 97, 122);
field = document.getElementById("new_password");
var res = "";
//for(i=0; i<16; i++)
while (res.length < 16)
{
a = Math.round(Math.random() * (symbols.length/2) * 2);