gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-06-06 18:08:33 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed changing password

Browse Source
This commit is contained in:
azivner 2017-09-17 00:18:03 -04:00
parent 1d395badfa
commit 0fc604e7b4
4 changed files with 35 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/change_password.py
View File

@ -1,15 +1,16 @@
import hashlib
import src.config_provider
import src.sql
import base64
from Crypto.Cipher import AES
from Crypto.Util import Counter
import binascii
import src.my_scrypt
def change_password(current_password, new_password):
current_password_hash = binascii.hexlify(src.my_scrypt.getVerificationHash(current_password))
current_password_hash = base64.b64encode(src.my_scrypt.getVerificationHash(current_password))
if current_password_hash != src.sql.getOption('password_verification_hash'):
return {
@ -17,41 +18,42 @@ def change_password(current_password, new_password):
'message': "Given current password doesn't match hash"
}
current_password_encryption_key = src.my_scrypt.getPasswordDerivedKey(current_password)
current_password_derived_key = src.my_scrypt.getPasswordDerivedKey(current_password)
new_password_verification_key = binascii.hexlify(src.my_scrypt.getVerificationHash(new_password))
new_password_verification_key = base64.b64encode(src.my_scrypt.getVerificationHash(new_password))
new_password_encryption_key = src.my_scrypt.getPasswordDerivedKey(new_password)
encrypted_notes = src.sql.getResults("select note_id, note_title, note_text from notes where encryption = 1")
def decrypt(encrypted_base64):
encrypted_bytes = base64.b64decode(encrypted_base64)
aes = get_aes(current_password_encryption_key)
return aes.decrypt(encrypted_bytes)
aes = get_aes(current_password_derived_key)
return aes.decrypt(encrypted_bytes)[4:]
def encrypt(plain_text):
aes = get_aes(new_password_encryption_key)
encryptedBytes = aes.encrypt(plain_text)
return base64.b64encode(encryptedBytes)
digest = hashlib.sha256(plain_text).digest()[:4]
encrypted_bytes = aes.encrypt(digest + plain_text)
return base64.b64encode(encrypted_bytes)
def get_aes(key):
return AES.new(key, AES.MODE_CTR, counter=Counter.new(128, initial_value=5))
for note in encrypted_notes:
decrypted_title = decrypt(note['note_title'])
decrypted_text = decrypt(note['note_text'])
encrypted_data_key = src.sql.getOption('encrypted_data_key')
re_encrypted_title = encrypt(decrypted_title)
re_encrypted_text = encrypt(decrypted_text)
decrypted_data_key = decrypt(encrypted_data_key)
src.sql.execute("update notes set note_title = ?, note_text = ? where note_id = ?",
[re_encrypted_title, re_encrypted_text, note['note_id']])
new_encrypted_data_key = encrypt(decrypted_data_key)
src.sql.setOption('encrypted_data_key', new_encrypted_data_key)
src.sql.setOption('password_verification_hash', new_password_verification_key)
src.sql.commit()
return {
'success': True
'success': True,
'new_encrypted_data_key': new_encrypted_data_key
}

15
src/password_api.py
View File

@ -7,21 +7,6 @@ import change_password
password_api = Blueprint('password_api', __name__)
@password_api.route('/password/verify', methods = ['POST'])
@login_required
def verifyPassword():
req = request.get_json(force=True)
hashedPassword = sql.getOption('password_verification_hash')
hashedPasswordBytes = binascii.unhexlify(hashedPassword)
hashedPasswordSha = hashlib.sha256(hashedPasswordBytes).hexdigest()
isValid = req['password'] == hashedPasswordSha
return jsonify({
'valid': isValid
})
@password_api.route('/password/change', methods = ['POST'])
@login_required
def changePassword():

20
static/js/encryption.js
View File

@ -1,7 +1,7 @@
let globalEncryptionCallback = null;
function handleEncryption(requireEncryption, modal, callback) {
if (requireEncryption && globalEncryptionKey === null) {
if (requireEncryption && globalDataKey === null) {
globalEncryptionCallback = callback;
if (!modal) {
@ -24,10 +24,10 @@ function handleEncryption(requireEncryption, modal, callback) {
}
}
let globalEncryptionKey = null;
let globalDataKey = null;
let globalLastEncryptionOperationDate = null;
function deriveEncryptionKey(password) {
function getDataKey(password) {
return computeScrypt(password, globalEncryptionSalt, (key, resolve, reject) => {
const dataKeyAes = getDataKeyAes(key);
@ -37,7 +37,7 @@ function deriveEncryptionKey(password) {
reject("Wrong password.");
}
return decryptedDataKey;
resolve(decryptedDataKey);
});
}
@ -76,11 +76,13 @@ $("#encryptionPasswordForm").submit(function() {
const password = $("#encryptionPassword").val();
$("#encryptionPassword").val("");
deriveEncryptionKey(password).then(key => {
getDataKey(password).then(key => {
$("#noteDetailWrapper").show();
$("#encryptionPasswordDialog").dialog("close");
globalEncryptionKey = key;
globalDataKey = key;
console.log("got the key", key);
for (const noteId of globalAllNoteIds) {
const note = getNodeByKey(noteId);
@ -104,7 +106,7 @@ $("#encryptionPasswordForm").submit(function() {
});
function resetEncryptionSession() {
globalEncryptionKey = null;
globalDataKey = null;
if (globalCurrentNote.detail.encryption > 0) {
loadNote(globalCurrentNote.detail.note_id);
@ -126,13 +128,13 @@ setInterval(function() {
}, 5000);
function isEncryptionAvailable() {
return globalEncryptionKey !== null;
return globalDataKey !== null;
}
function getDataAes() {
globalLastEncryptionOperationDate = new Date();
return new aesjs.ModeOfOperation.ctr(globalEncryptionKey, new aesjs.Counter(5));
return new aesjs.ModeOfOperation.ctr(globalDataKey, new aesjs.Counter(5));
}
function getDataKeyAes(key) {

4
static/js/settings.js
View File

@ -43,7 +43,11 @@ $("#changePasswordForm").submit(() => {
// encryption password changed so current encryption session is invalid and needs to be cleared
resetEncryptionSession();
globalEncryptedDataKey = result.new_encrypted_data_key;
alert("Password has been changed.");
$("#settingsDialog").dialog('close');
}
else {
alert(result.message);