working browser password

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>
2024-03-22 13:10:41 +08:00 · 2024-01-08 12:28:41 +01:00 · 2024-01-08 12:28:41 +01:00 · 2cc2cf0de7
commit 2cc2cf0de7
parent e1e8618015
1 changed files with 56 additions and 24 deletions
--- a/js/privatebin.js
+++ b/js/privatebin.js
@ -1512,7 +1512,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
        me.getPasteKey = function()
        {
            if (symmetricKey === null) {
-                let newKey = window.location.hash.substring(1);
+                let pos = 1;
+                const pt = '#protected/';
+                if(window.location.hash.startsWith(pt)) {
+                    pos = pt.length;
+                }
+                let newKey = window.location.hash.substring(pos);
                if (newKey === '') {
                    throw 'no encryption key given';
                }
@ -2229,13 +2234,28 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            const url = new URL(window.location);

            // if protected request password
-            if(url.pathname === '/protected') {
-                const enc = CryptTool.base58decode(newKey).padStart(32, '\u0000');
-                const cipherdata = [enc.ct, enc.adata];
+            if(url.hash.startsWith('#protected/')) {
+                const pt = '#protected/';
+                let pos = pt.length;
+                let newKey = window.location.hash.substring(pos);
+                if (newKey === '') {
+                    throw 'no encryption key given';
+                }

-                const plaindata = await CryptTool.decipher(enc.k, password, cipherdata);
+                // Some web 2.0 services and redirectors add data AFTER the anchor
+                // (such as &utm_source=...). We will strip any additional data.
+                let ampersandPos = newKey.indexOf('&');
+                if (ampersandPos > -1)
+                {
+                    newKey = newKey.substring(0, ampersandPos);
+                }
+                const enc = CryptTool.base58decode(newKey).padStart(32, '\u0000');
+                const dt = JSON.parse(enc);
+                const cipherdata = [dt.ct, dt.adata]
+
+                const plaindata = await CryptTool.decipher(dt.k, password, cipherdata);
                window.location.replace(Helper.baseUri() + plaindata);
-                return; 
+                return;
            }

            PasteDecrypter.run();
@ -4814,25 +4834,36 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            Alert.hideMessages();

            // show notification
-            const baseUri   = Helper.baseUri() + '?',
-            deleteUrl = baseUri + 'pasteid=' + data.id + '&deletetoken=' + data.deletetoken;
-            PasteStatus.createPasteNotification(url, deleteUrl);
+            const baseUri   = Helper.baseUri(),
+            deleteUrl = baseUri + '?pasteid=' + data.id + '&deletetoken=' + data.deletetoken;
+            let url;

            const pw = TopNav.getPassword()
-            const sm =  CryptTool.getSymmetricKey();
-            
-            let openUri = + '?' + data.id + '#' + CryptTool.base58encode(data.encryptionKey);
-            let cipherResult = await CryptTool.cipher(sm, pw, openUri, []);

-            let dt = {}
-            dt['v'] = 2;
-            dt['ct'] = cipherResult[0];
-            dt['adata'] = cipherResult[1];
-            dt['k'] = sm;
+            if(pw && pw.length) {
+
+                const sm =  CryptTool.getSymmetricKey();
+
+                let openUri = '?' + data.id + '#' + CryptTool.base58encode(data.encryptionKey);
+                let cipherResult = await CryptTool.cipher(sm, pw, openUri, []);
+
+                let dt = {}
+                dt['v'] = 2;
+                dt['ct'] = cipherResult[0];
+                dt['adata'] = cipherResult[1];
+                dt['k'] = sm;
+
+                const encUrl = CryptTool.base58encode(JSON.stringify(dt))
+
+                url = baseUri +  '#protected/' + encUrl;
+            } else {
+                url       = baseUri + '?' + data.id + '#' + CryptTool.base58encode(data.encryptionKey);
+            }
+
+            PasteStatus.createPasteNotification(url, deleteUrl);
+

-            const encUrl = CryptTool.base58encode(JSON.stringify(dt))

-            const url = baseUri +  'protected/#' + encUrl;


            // show new URL in browser bar
@ -4979,7 +5010,9 @@ jQuery.PrivateBin = (function($, RawDeflate) {

            // prepare server interaction
            ServerInteraction.prepare();
-            ServerInteraction.setCryptParameters(TopNav.getPassword());
+            // This is not needed when encrypting browser side
+            // ServerInteraction.setCryptParameters(TopNav.getPassword());
+            ServerInteraction.setCryptParameters('');

            // set success/fail functions
            ServerInteraction.setSuccess(showCreatedPaste);
@ -5565,13 +5598,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            try {
                Model.getPasteId();
            } catch (e) {
-                    
+
                // check if protected pathname
                const url = new URL(window.location);

                // if protected request password
-                if(url.pathname === '/protected') {
-                    const enc = CryptTool.base58decode(newKey).padStart(32, '\u0000');
+                if(url.hash.startsWith('#protected/')) {
                    return Prompt.requestPassword();

                }