password

Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>
2024-01-08 10:36:59 +01:00 · 2024-01-08 10:36:59 +01:00 · 7fddefeb05
parent fa8cc59ec0
commit 7fddefeb05
1 changed files with 45 additions and 5 deletions
--- a/js/privatebin.js
+++ b/js/privatebin.js
@ -228,7 +228,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            '<': '&lt;',
            '>': '&gt;',
            '"': '&quot;',
-            "'": '&#39;',
+            '\'': '&#39;',
            '/': '&#x2F;',
            '`': '&#x60;',
            '=': '&#x3D;'
@ -2197,7 +2197,7 @@ jQuery.PrivateBin = (function($, RawDeflate) {
         * @function
         * @param  {Event} event
         */
-        function submitPasswordModal(event)
+        async function submitPasswordModal(event)
        {
            event.preventDefault();

@ -2207,6 +2207,19 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            // hide modal
            $passwordModal.modal('hide');

+            // check if protected pathname
+            const url = new URL(window.location);
+
+            // if protected request password
+            if(url.pathname === '/protected') {
+                const enc = CryptTool.base58decode(newKey).padStart(32, '\u0000');
+                const cipherdata = [enc.ct, enc.adata];
+
+                const plaindata = await CryptTool.decipher(enc.k, password, cipherdata);
+                window.location.replace(Helper.baseUri() + plaindata);
+                return; 
+            }
+
            PasteDecrypter.run();
        }

@ -4778,16 +4791,32 @@ jQuery.PrivateBin = (function($, RawDeflate) {
         * @param {int} status
         * @param {object} data
         */
-        function showCreatedPaste(status, data) {
+        async function showCreatedPaste(status, data) {
            Alert.hideLoading();
            Alert.hideMessages();

            // show notification
            const baseUri   = Helper.baseUri() + '?',
-                  url       = baseUri + data.id + '#' + CryptTool.base58encode(data.encryptionKey),
-                  deleteUrl = baseUri + 'pasteid=' + data.id + '&deletetoken=' + data.deletetoken;
+            deleteUrl = baseUri + 'pasteid=' + data.id + '&deletetoken=' + data.deletetoken;
            PasteStatus.createPasteNotification(url, deleteUrl);

+            const pw = TopNav.getPassword()
+            const sm =  CryptTool.getSymmetricKey();
+            
+            let openUri = + '?' + data.id + '#' + CryptTool.base58encode(data.encryptionKey);
+            let cipherResult = await CryptTool.cipher(sm, pw, openUri, []);
+
+            let dt = {}
+            dt['v'] = 2;
+            dt['ct'] = cipherResult[0];
+            dt['adata'] = cipherResult[1];
+            dt['k'] = sm;
+
+            const encUrl = CryptTool.base58encode(JSON.stringify(dt))
+
+            const url = baseUri +  'protected/#' + encUrl;
+
+
            // show new URL in browser bar
            history.pushState({type: 'newpaste'}, document.title, url);

@ -5518,6 +5547,17 @@ jQuery.PrivateBin = (function($, RawDeflate) {
            try {
                Model.getPasteId();
            } catch (e) {
+                    
+                // check if protected pathname
+                const url = new URL(window.location);
+
+                // if protected request password
+                if(url.pathname === '/protected') {
+                    const enc = CryptTool.base58decode(newKey).padStart(32, '\u0000');
+                    return Prompt.requestPassword();
+
+                }
+
                // otherwise create a new paste
                return me.newPaste();
            }