Clear master keys and reset passwords after 15 minutes of inactivity

This commit is contained in:
Grégory Soutadé 2016-08-20 13:23:36 +02:00
parent 9b9c36070b
commit 29e2c8337c
3 changed files with 60 additions and 0 deletions

View File

@ -79,4 +79,8 @@ $MAX_PASSWORDS_PER_REQUEST=10;
*/ */
$REQUESTS_MIN_DELAY=1000; $REQUESTS_MIN_DELAY=1000;
/*
Clear master keys and reset passwords after 15 minutes of inactivity
*/
$CLEAR_TIME=15*60*1000;
?> ?>

View File

@ -79,6 +79,7 @@ else
<script language="javascript"> <script language="javascript">
<?php <?php
echo "pkdbf2_level=$PKDBF2_LEVEL; use_shadow_logins=$USE_SHADOW_LOGINS;\n"; echo "pkdbf2_level=$PKDBF2_LEVEL; use_shadow_logins=$USE_SHADOW_LOGINS;\n";
echo "CLEAR_TIME=$CLEAR_TIME; // Clear master key after 15 minutes\n";
?> ?>
</script> </script>
<script src="resources/jsaes.js"></script> <script src="resources/jsaes.js"></script>

View File

@ -129,6 +129,7 @@ function derive_mkey(user, mkey)
var passwords; var passwords;
var current_user = ""; var current_user = "";
var current_mkey = ""; var current_mkey = "";
var clearTimer = null;
function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) { function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
this.ciphered_login = ciphered_login; this.ciphered_login = ciphered_login;
@ -142,6 +143,16 @@ function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
this.shadow_login = shadow_login; this.shadow_login = shadow_login;
this.access_token = ""; this.access_token = "";
this.reset = function()
{
this.unciphered = false;
this.clear_url = "";
this.clear_login = "";
this.clear_password = "";
this.masterkey = "";
this.salt = salt;
}
this.encrypt = function(masterkey) this.encrypt = function(masterkey)
{ {
if (masterkey == this.masterkey) if (masterkey == this.masterkey)
@ -231,6 +242,37 @@ function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
} }
} }
function clearMasterKey()
{
current_mkey = "";
for(i=0; i<passwords.length; i++)
{
passwords[i].reset();
}
}
function stopClearTimer()
{
if (clearTimer)
{
clearTimeout(clearTimer);
clearTimer = null;
}
}
function startClearTimer()
{
stopClearTimer();
clearTimer = setTimeout(
function()
{
clearMasterKey();
change_master_key(false);
}
, CLEAR_TIME);
}
function list_all_entries(user) function list_all_entries(user)
{ {
passwords = new Array(); passwords = new Array();
@ -500,10 +542,17 @@ function update_master_key(warning_unciphered)
current_mkey = document.getElementById("master_key").value; current_mkey = document.getElementById("master_key").value;
if (current_mkey != "") if (current_mkey != "")
{
current_mkey = derive_mkey(current_user, current_mkey); current_mkey = derive_mkey(current_user, current_mkey);
startClearTimer();
}
else else
{
// Disable warning on empty master key (clear passwords from others) // Disable warning on empty master key (clear passwords from others)
warning_unciphered = false; warning_unciphered = false;
stopClearTimer();
clearMasterKey();
}
change_master_key(warning_unciphered); change_master_key(warning_unciphered);
} }
@ -656,6 +705,8 @@ function add_password()
function delete_entry(entry_number) function delete_entry(entry_number)
{ {
startClearTimer();
entry = document.getElementById(entry_number); entry = document.getElementById(entry_number);
if (entry == null) { if (entry == null) {
@ -720,6 +771,8 @@ function update_entry(entry_number)
var mkey = ""; var mkey = "";
var ciphered_login; var ciphered_login;
startClearTimer();
entry = document.getElementById(entry_number); entry = document.getElementById(entry_number);
if (entry == null) { if (entry == null) {
@ -845,6 +898,8 @@ function makeText(text) {
var text_link = null; var text_link = null;
function export_database() function export_database()
{ {
startClearTimer();
link = document.getElementById("export_link"); link = document.getElementById("export_link");
if (text_link != null) window.URL.revokeObjectURL(text_link); if (text_link != null) window.URL.revokeObjectURL(text_link);