Server side :

* Add $ADMIN_MODE to enable create users
	* Add protocol version (1 for now)
	* Give priority to letters in password generator

Client side :
	* Don't still use global variable to get document after loading
	* Add email type in possible values for username (used by gmail)
This commit is contained in:
Gregory Soutade 2013-10-16 18:40:06 +02:00
parent 6099b39329
commit a994074db0
4 changed files with 47 additions and 32 deletions

View File

@ -26,8 +26,6 @@ var pkdbf2 = require("pkdbf2").pkdbf2;
var aes = require("jsaes").aes; var aes = require("jsaes").aes;
var parseURI = require("parseuri").parseURI; var parseURI = require("parseuri").parseURI;
var prefSet = require("simple-prefs"); var prefSet = require("simple-prefs");
// Global document
var doc;
var DEBUG = false; var DEBUG = false;
@ -68,13 +66,13 @@ function on_sumbit()
salt = parseURI.parseUri(prefSet.prefs["account_url"]); salt = parseURI.parseUri(prefSet.prefs["account_url"]);
salt = salt["host"] + salt["path"]; salt = salt["host"] + salt["path"];
console.log("salt " + salt); debug("salt " + salt);
// Get all <input type="text"> // Get all <input type="text">
for (i=0; i<fields.length; i++) for (i=0; i<fields.length; i++)
{ {
var field = fields[i]; var field = fields[i];
if (field.getAttribute("type") == "text") if (field.getAttribute("type") == "text" || field.getAttribute("type") == "email")
{ {
if (field.hasAttribute("name")) if (field.hasAttribute("name"))
my_map.put(field.getAttribute("name"), field.value); my_map.put(field.getAttribute("name"), field.value);
@ -131,31 +129,44 @@ function on_sumbit()
gPassRequest.addEventListener("load", function(evt) { gPassRequest.addEventListener("load", function(evt) {
r = this.responseText.split("\n"); r = this.responseText.split("\n");
debug("resp " + r); debug("resp " + r);
if (r[0] != "<end>" && r[0].startsWith("pass=")) protocol = r[0].split("=");
{ if (protocol[1] != "1")
ciphered_password = r[0].split("=");
ciphered_password = ciphered_password[1];
debug("Ciphered password : " + ciphered_password);
clear_password = aes.decryptLongString(hex2a(ciphered_password), aes.init(mkey));
aes.finish();
// Remove salt
clear_password = clear_password.replace(/\0*$/, "");
clear_password = clear_password.substr(0, clear_password.length-3);
debug("Clear password " + clear_password);
field.value = clear_password;
}
else
{ {
debug("No password found");
ret = false; ret = false;
notifications.notify({ notifications.notify({
title: "gPasss", title: "gPasss",
text: "No password found in database", text: "Protocol version not supported, please upgrade your addon",
data: "No password found in database", data: "Protocol version not supported, please upgrade your addon",
}); });
} }
else
{
if (r[1] != "<end>" && r[1].startsWith("pass="))
{
ciphered_password = r[1].split("=");
ciphered_password = ciphered_password[1];
debug("Ciphered password : " + ciphered_password);
clear_password = aes.decryptLongString(hex2a(ciphered_password), aes.init(mkey));
aes.finish();
// Remove salt
clear_password = clear_password.replace(/\0*$/, "");
clear_password = clear_password.substr(0, clear_password.length-3);
debug("Clear password " + clear_password);
field.value = clear_password;
}
else
{
debug("No password found");
ret = false;
notifications.notify({
title: "gPasss",
text: "No password found in database",
data: "No password found in database",
});
}
}
}, false); }, false);
gPassRequest.addEventListener("error", function(evt) { gPassRequest.addEventListener("error", function(evt) {
debug("error"); debug("error");
@ -179,10 +190,11 @@ function on_sumbit()
function document_loaded(event) function document_loaded(event)
{ {
doc = event.target;
// If there is a password in the form, add a "submit" listener // If there is a password in the form, add a "submit" listener
for(i=0; i<doc.document.forms.length; i++) for(i=0; i<doc.forms.length; i++)
{ {
var form = doc.document.forms[i]; var form = doc.forms[i];
var fields = form.getElementsByTagName("input"); var fields = form.getElementsByTagName("input");
for (a=0; a<fields.length; a++) for (a=0; a<fields.length; a++)
{ {
@ -202,8 +214,7 @@ var httpRequestObserver =
{ {
if (topic == "content-document-global-created") if (topic == "content-document-global-created")
{ {
doc = subject; subject.addEventListener("DOMContentLoaded", document_loaded, false);
doc.addEventListener("DOMContentLoaded", document_loaded, false);
} }
} }
}; };

View File

@ -23,6 +23,7 @@ include('functions.php');
session_start(); session_start();
$VIEW_CIPHERED_PASSWORDS=true; $VIEW_CIPHERED_PASSWORDS=true;
$ADMIN_MODE=true;
$mkey = (isset($_POST['mkey'])) ? $_POST['mkey'] : ""; $mkey = (isset($_POST['mkey'])) ? $_POST['mkey'] : "";
$user = (isset($_POST['user'])) ? $_POST['user'] : ""; $user = (isset($_POST['user'])) ? $_POST['user'] : "";
@ -48,7 +49,7 @@ else
<?php <?php
global $mkey; global $mkey;
if (isset($_POST['create_user'])) if ($ADMIN_MODE && isset($_POST['create_user']))
{ {
if (create_user($_POST['user'])) if (create_user($_POST['user']))
$user = $_POST['user']; $user = $_POST['user'];
@ -68,7 +69,7 @@ else
<a href="http://indefero.soutade.fr/p/gpass"><img src="ressources/gpass.png" alt="logo"/></a> <a href="http://indefero.soutade.fr/p/gpass"><img src="ressources/gpass.png" alt="logo"/></a>
</div> </div>
<div id="admin"> <div id="admin" <?php if (!$ADMIN_MODE) echo "style=\"display:none\"";?> >
<form method="post"> <form method="post">
<input type="text" name="user"/> <input type="submit" name="create_user" value="Create user" onclick="return confirm('Are you sure want to create this user ?');"/> <input type="text" name="user"/> <input type="submit" name="create_user" value="Create user" onclick="return confirm('Are you sure want to create this user ?');"/>
</form> </form>

View File

@ -31,12 +31,16 @@ function load_database()
return $db; return $db;
} }
$PROTOCOL_VERSION = 1;
$db = load_database(); $db = load_database();
$res = ""; $res = "";
$statement = $db->prepare("SELECT password FROM gpass WHERE login=:login"); $statement = $db->prepare("SELECT password FROM gpass WHERE login=:login");
echo "protocol=$PROTOCOL_VERSION\n";
for ($i=0; isset($_POST["k$i"]); $i++) for ($i=0; isset($_POST["k$i"]); $i++)
{ {
$statement->bindValue(":login", $_POST["k$i"]); $statement->bindValue(":login", $_POST["k$i"]);

View File

@ -37,13 +37,12 @@ function generate_password()
// numbers 48 - 57 // numbers 48 - 57
// upper 65 - 90 // upper 65 - 90
// lower 97 - 122 // lower 97 - 122
var symbols = new Array(40, 47, 48, 57, 65, 90, 97, 122, 123, 126); // Give priority to letters (65 - 122 duplicated in front and end of array)
// var symbols = new Array(32, 47, 58, 64, 91, 96, 123, 126, 48, 57, 65, 90, 97, 122); var symbols = new Array(65, 90, 97, 122, 40, 47, 48, 57, 65, 90, 97, 122, 123, 126, 65, 90, 97, 122);
field = document.getElementById("new_password"); field = document.getElementById("new_password");
var res = ""; var res = "";
//for(i=0; i<16; i++)
while (res.length < 16) while (res.length < 16)
{ {
a = Math.round(Math.random() * (symbols.length/2) * 2); a = Math.round(Math.random() * (symbols.length/2) * 2);