soutade/gPass
1
0
Fork 0
Code Issues Pull Requests Packages Releases 2 Activity

Use a variable (server_url) instead of document.documentURI

Browse Source
This commit is contained in:
Grégory Soutadé 2017-04-17 20:37:26 +02:00
parent b4b54ec57c
commit a180cb62d7
2 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
server/resources/gpass.js
View File

@ -121,16 +121,17 @@ function a2hex(str) {
async function derive_mkey(user, mkey) async function derive_mkey(user, mkey)
{ {
url = url_domain(document.URL) + "/" + user; url = url_domain(server_url) + "/" + user;
global_iv = simple_pbkdf2(url, mkey, pbkdf2_level); global_iv = simple_pbkdf2(url, mkey, pbkdf2_level);
return crypto_pbkdf2(mkey, url, pbkdf2_level); return crypto_pbkdf2(mkey, url, pbkdf2_level);
} }
var passwords; var passwords = null;
var current_user = ""; var current_user = "";
var current_mkey = ""; var current_mkey = "";
var clearTimer = null; var clearTimer = null;
var global_iv = null; var global_iv = null;
var server_url = document.documentURI;
function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) { function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
this.ciphered_login = ciphered_login; this.ciphered_login = ciphered_login;
@ -185,7 +186,7 @@ function PasswordEntry (ciphered_login, ciphered_password, salt, shadow_login) {
this.masterkey = masterkey; this.masterkey = masterkey;
if (use_shadow_logins) if (use_shadow_logins)
this.generate_access_token(masterkey); await this.generate_access_token(masterkey);
} }
this.decrypt = async function(masterkey) this.decrypt = async function(masterkey)
@ -320,7 +321,7 @@ function list_all_entries(user)
} }
} }
, false); , false);
req.open("POST", document.documentURI, false); req.open("POST", server_url, false);
req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8'); req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
req.send("get_passwords=1&user=" + user); req.send("get_passwords=1&user=" + user);
} }
@ -410,9 +411,9 @@ async function get_ciphered_credentials(masterkey)
} }
} }
}, false); }, false);
req.open("POST", document.documentURI, false); req.open("POST", server_url, false);
req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8'); req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
req.send("get_secure_passwords=1&user=" + user + "&access_tokens=" + access_tokens); req.send("get_secure_passwords=1&user=" + current_user + "&access_tokens=" + access_tokens);
} }
async function change_master_key(warning_unciphered) async function change_master_key(warning_unciphered)
@ -564,7 +565,7 @@ function update_master_key(warning_unciphered)
addon_address = document.getElementById("addon_address"); addon_address = document.getElementById("addon_address");
addon_address.removeAllChilds(); addon_address.removeAllChilds();
addon_address.appendChild(document.createTextNode("Current addon address is : " + document.documentURI + current_user)); addon_address.appendChild(document.createTextNode("Current addon address is : " + server_url + current_user));
warning_unciphered = false; warning_unciphered = false;
} }
@ -612,7 +613,7 @@ function add_password_server(user, pentry)
else else
alert(resp); alert(resp);
}, false); }, false);
req.open("POST", document.documentURI, false); req.open("POST", server_url, false);
req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8'); req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
req.send("add_entry=1&user=" + user + "&login=" + pentry.ciphered_login + "&password=" + pentry.ciphered_password + "&shadow_login=" + pentry.shadow_login + "&salt=" + pentry.salt + "&access_token=" + pentry.access_token); req.send("add_entry=1&user=" + user + "&login=" + pentry.ciphered_login + "&password=" + pentry.ciphered_password + "&shadow_login=" + pentry.shadow_login + "&salt=" + pentry.salt + "&access_token=" + pentry.access_token);
@ -648,7 +649,7 @@ async function construct_pentry(user, url, password, login, mkey, derive_masterk
} }
if (derive_masterkey) if (derive_masterkey)
mkey = derive_mkey(current_user, mkey); mkey = derive_mkey(user, mkey);
for(i=0; i<passwords.length; i++) for(i=0; i<passwords.length; i++)
{ {
@ -684,7 +685,7 @@ function remove_password_server(user, login, access_token)
else else
alert(resp); alert(resp);
}, false); }, false);
req.open("POST", document.documentURI, false); req.open("POST", server_url, false);
req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8'); req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded; charset=UTF-8');
req.send("delete_entry=1&user=" + user + "&login=" + login + "&access_token=" + access_token); req.send("delete_entry=1&user=" + user + "&login=" + login + "&access_token=" + access_token);
@ -951,7 +952,7 @@ function export_database()
if (text_link != null) window.URL.revokeObjectURL(text_link); if (text_link != null) window.URL.revokeObjectURL(text_link);
text = "<passwords user=\"" + current_user + "\" addon_address=\"" + document.documentURI + current_user + "\">\n"; text = "<passwords user=\"" + current_user + "\" addon_address=\"" + server_url + current_user + "\">\n";
for(i=0; i<passwords.length; i++) for(i=0; i<passwords.length; i++)
{ {
if (!passwords[i].unciphered) continue; if (!passwords[i].unciphered) continue;

4
server/resources/misc.js
View File

@ -20,7 +20,9 @@
var default_preferences = {"pbkdf2_level": 1000, var default_preferences = {"pbkdf2_level": 1000,
"account_url": "https://gpass-demo.soutade.fr/demo"}; "account_url": "https://gpass-demo.soutade.fr/demo"};
var browser = browser || chrome; var browser = browser;
if (typeof chrome !== 'undefined')
browser = chrome;
var crypto = crypto || window.crypto; var crypto = crypto || window.crypto;
// https://stackoverflow.com/questions/6965107/converting-between-strings-and-arraybuffers // https://stackoverflow.com/questions/6965107/converting-between-strings-and-arraybuffers