gaschz/trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-06-06 18:08:33 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed changing password

Browse Source
This commit is contained in:
azivner 2017-09-17 00:18:03 -04:00
parent 1d395badfa
commit 0fc604e7b4
4 changed files with 35 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/change_password.py
View File

@ -1,15 +1,16 @@
import hashlib
import src.config_provider import src.config_provider
import src.sql import src.sql
import base64 import base64
from Crypto.Cipher import AES from Crypto.Cipher import AES
from Crypto.Util import Counter from Crypto.Util import Counter
import binascii
import src.my_scrypt import src.my_scrypt
def change_password(current_password, new_password): def change_password(current_password, new_password):
current_password_hash = binascii.hexlify(src.my_scrypt.getVerificationHash(current_password)) current_password_hash = base64.b64encode(src.my_scrypt.getVerificationHash(current_password))
if current_password_hash != src.sql.getOption('password_verification_hash'): if current_password_hash != src.sql.getOption('password_verification_hash'):
return { return {
@ -17,41 +18,42 @@ def change_password(current_password, new_password):
'message': "Given current password doesn't match hash" 'message': "Given current password doesn't match hash"
} }
current_password_encryption_key = src.my_scrypt.getPasswordDerivedKey(current_password) current_password_derived_key = src.my_scrypt.getPasswordDerivedKey(current_password)
new_password_verification_key = binascii.hexlify(src.my_scrypt.getVerificationHash(new_password)) new_password_verification_key = base64.b64encode(src.my_scrypt.getVerificationHash(new_password))
new_password_encryption_key = src.my_scrypt.getPasswordDerivedKey(new_password) new_password_encryption_key = src.my_scrypt.getPasswordDerivedKey(new_password)
encrypted_notes = src.sql.getResults("select note_id, note_title, note_text from notes where encryption = 1")
def decrypt(encrypted_base64): def decrypt(encrypted_base64):
encrypted_bytes = base64.b64decode(encrypted_base64) encrypted_bytes = base64.b64decode(encrypted_base64)
aes = get_aes(current_password_encryption_key) aes = get_aes(current_password_derived_key)
return aes.decrypt(encrypted_bytes) return aes.decrypt(encrypted_bytes)[4:]
def encrypt(plain_text): def encrypt(plain_text):
aes = get_aes(new_password_encryption_key) aes = get_aes(new_password_encryption_key)
encryptedBytes = aes.encrypt(plain_text)
return base64.b64encode(encryptedBytes) digest = hashlib.sha256(plain_text).digest()[:4]
encrypted_bytes = aes.encrypt(digest + plain_text)
return base64.b64encode(encrypted_bytes)
def get_aes(key): def get_aes(key):
return AES.new(key, AES.MODE_CTR, counter=Counter.new(128, initial_value=5)) return AES.new(key, AES.MODE_CTR, counter=Counter.new(128, initial_value=5))
for note in encrypted_notes: encrypted_data_key = src.sql.getOption('encrypted_data_key')
decrypted_title = decrypt(note['note_title'])
decrypted_text = decrypt(note['note_text'])
re_encrypted_title = encrypt(decrypted_title) decrypted_data_key = decrypt(encrypted_data_key)
re_encrypted_text = encrypt(decrypted_text)
src.sql.execute("update notes set note_title = ?, note_text = ? where note_id = ?", new_encrypted_data_key = encrypt(decrypted_data_key)
[re_encrypted_title, re_encrypted_text, note['note_id']])
src.sql.setOption('encrypted_data_key', new_encrypted_data_key)
src.sql.setOption('password_verification_hash', new_password_verification_key) src.sql.setOption('password_verification_hash', new_password_verification_key)
src.sql.commit() src.sql.commit()
return { return {
'success': True 'success': True,
'new_encrypted_data_key': new_encrypted_data_key
} }

15
src/password_api.py
View File

@ -7,21 +7,6 @@ import change_password
password_api = Blueprint('password_api', __name__) password_api = Blueprint('password_api', __name__)
@password_api.route('/password/verify', methods = ['POST'])
@login_required
def verifyPassword():
req = request.get_json(force=True)
hashedPassword = sql.getOption('password_verification_hash')
hashedPasswordBytes = binascii.unhexlify(hashedPassword)
hashedPasswordSha = hashlib.sha256(hashedPasswordBytes).hexdigest()
isValid = req['password'] == hashedPasswordSha
return jsonify({
'valid': isValid
})
@password_api.route('/password/change', methods = ['POST']) @password_api.route('/password/change', methods = ['POST'])
@login_required @login_required
def changePassword(): def changePassword():

20
static/js/encryption.js
View File

@ -1,7 +1,7 @@
let globalEncryptionCallback = null; let globalEncryptionCallback = null;
function handleEncryption(requireEncryption, modal, callback) { function handleEncryption(requireEncryption, modal, callback) {
if (requireEncryption && globalEncryptionKey === null) { if (requireEncryption && globalDataKey === null) {
globalEncryptionCallback = callback; globalEncryptionCallback = callback;
if (!modal) { if (!modal) {
@ -24,10 +24,10 @@ function handleEncryption(requireEncryption, modal, callback) {
} }
} }
let globalEncryptionKey = null; let globalDataKey = null;
let globalLastEncryptionOperationDate = null; let globalLastEncryptionOperationDate = null;
function deriveEncryptionKey(password) { function getDataKey(password) {
return computeScrypt(password, globalEncryptionSalt, (key, resolve, reject) => { return computeScrypt(password, globalEncryptionSalt, (key, resolve, reject) => {
const dataKeyAes = getDataKeyAes(key); const dataKeyAes = getDataKeyAes(key);
@ -37,7 +37,7 @@ function deriveEncryptionKey(password) {
reject("Wrong password."); reject("Wrong password.");
} }
return decryptedDataKey; resolve(decryptedDataKey);
}); });
} }
@ -76,11 +76,13 @@ $("#encryptionPasswordForm").submit(function() {
const password = $("#encryptionPassword").val(); const password = $("#encryptionPassword").val();
$("#encryptionPassword").val(""); $("#encryptionPassword").val("");
deriveEncryptionKey(password).then(key => { getDataKey(password).then(key => {
$("#noteDetailWrapper").show(); $("#noteDetailWrapper").show();
$("#encryptionPasswordDialog").dialog("close"); $("#encryptionPasswordDialog").dialog("close");
globalEncryptionKey = key; globalDataKey = key;
console.log("got the key", key);
for (const noteId of globalAllNoteIds) { for (const noteId of globalAllNoteIds) {
const note = getNodeByKey(noteId); const note = getNodeByKey(noteId);
@ -104,7 +106,7 @@ $("#encryptionPasswordForm").submit(function() {
}); });
function resetEncryptionSession() { function resetEncryptionSession() {
globalEncryptionKey = null; globalDataKey = null;
if (globalCurrentNote.detail.encryption > 0) { if (globalCurrentNote.detail.encryption > 0) {
loadNote(globalCurrentNote.detail.note_id); loadNote(globalCurrentNote.detail.note_id);
@ -126,13 +128,13 @@ setInterval(function() {
}, 5000); }, 5000);
function isEncryptionAvailable() { function isEncryptionAvailable() {
return globalEncryptionKey !== null; return globalDataKey !== null;
} }
function getDataAes() { function getDataAes() {
globalLastEncryptionOperationDate = new Date(); globalLastEncryptionOperationDate = new Date();
return new aesjs.ModeOfOperation.ctr(globalEncryptionKey, new aesjs.Counter(5)); return new aesjs.ModeOfOperation.ctr(globalDataKey, new aesjs.Counter(5));
} }
function getDataKeyAes(key) { function getDataKeyAes(key) {

4
static/js/settings.js
View File

@ -43,7 +43,11 @@ $("#changePasswordForm").submit(() => {
// encryption password changed so current encryption session is invalid and needs to be cleared // encryption password changed so current encryption session is invalid and needs to be cleared
resetEncryptionSession(); resetEncryptionSession();
globalEncryptedDataKey = result.new_encrypted_data_key;
alert("Password has been changed."); alert("Password has been changed.");
$("#settingsDialog").dialog('close');
} }
else { else {
alert(result.message); alert(result.message);