set password WIP

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "trilium",
-  "version": "0.48.8",
+  "version": "0.49.1-beta",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "trilium",
-      "version": "0.48.8",
+      "version": "0.49.1-beta",
       "license": "AGPL-3.0-only",
       "dependencies": {
         "@electron/remote": "2.0.1",

src/public/app/dialogs/options/credentials.js

@@ -3,10 +3,6 @@ import protectedSessionHolder from "../../services/protected_session_holder.js";
 import toastService from "../../services/toast.js";
 
 const TPL = `
-<h3>Username</h3>
-
-<p>Your username is <strong id="credentials-username"></strong>.</p>
-
 <h3>Change password</h3>
 
 <div class="alert alert-warning" role="alert" style="font-weight: bold; color: red !important;">
@@ -36,7 +32,6 @@ export default class ChangePasswordOptions {
     constructor() {
         $("#options-credentials").html(TPL);
 
-        this.$username = $("#credentials-username");
         this.$form = $("#change-password-form");
         this.$oldPassword = $("#old-password");
         this.$newPassword1 = $("#new-password1");
@@ -46,7 +41,6 @@ export default class ChangePasswordOptions {
     }
 
     optionsLoaded(options) {
-        this.$username.text(options.username);
     }
 
     save() {

src/routes/login.js

@@ -9,6 +9,10 @@ function loginPage(req, res) {
     res.render('login', { failedAuth: false });
 }
 
+function setPasswordPage(req, res) {
+    res.render('set_password', { failed: false });
+}
+
 function login(req, res) {
     const userName = optionService.getOption('username');
 
@@ -55,6 +59,7 @@ function logout(req, res) {
 
 module.exports = {
     loginPage,
+    setPasswordPage,
     login,
     logout
 };

src/routes/routes.js

@@ -182,7 +182,8 @@ const uploadMiddleware = multer.single('upload');
 
 function register(app) {
     route(GET, '/', [auth.checkAuth, csrfMiddleware], indexRoute.index);
-    route(GET, '/login', [auth.checkAppInitialized], loginRoute.loginPage);
+    route(GET, '/login', [auth.checkAppInitialized, auth.checkPasswordSet], loginRoute.loginPage);
+    route(GET, '/set_password', [auth.checkAppInitialized], loginRoute.setPasswordPage);
 
     const loginRateLimiter = rateLimit({
         windowMs: 15 * 60 * 1000, // 15 minutes

src/services/auth.js

@@ -15,7 +15,11 @@ function checkAuth(req, res, next) {
         res.redirect("setup");
     }
     else if (!req.session.loggedIn && !utils.isElectron() && !noAuthentication) {
+        if (sqlInit.isPasswordSet()) {
             res.redirect("login");
+        } else {
+            res.redirect("set_password");
+        }
     }
     else {
         next();
@@ -51,6 +55,14 @@ function checkAppInitialized(req, res, next) {
     }
 }
 
+function checkPasswordSet(req, res, next) {
+    if (!utils.isElectron() && !sqlInit.isPasswordSet()) {
+        res.redirect("set_password");
+    } else {
+        next();
+    }
+}
+
 function checkAppNotInitialized(req, res, next) {
     if (sqlInit.isDbInitialized()) {
         reject(req, res, "App already initialized.");
@@ -101,6 +113,7 @@ module.exports = {
     checkAuth,
     checkApiAuth,
     checkAppInitialized,
+    checkPasswordSet,
     checkAppNotInitialized,
     checkApiAuthOrElectron,
     checkToken,

src/services/sql.js

@@ -14,6 +14,8 @@ const cls = require('./cls');
 const dbConnection = new Database(dataDir.DOCUMENT_PATH);
 dbConnection.pragma('journal_mode = WAL');
 
+const LOG_ALL_QUERIES = false;
+
 [`exit`, `SIGINT`, `SIGUSR1`, `SIGUSR2`, `SIGTERM`].forEach(eventType => {
     process.on(eventType, () => {
         if (dbConnection) {
@@ -135,6 +137,10 @@ function getRawRows(query, params = []) {
 }
 
 function iterateRows(query, params = []) {
+    if (LOG_ALL_QUERIES) {
+        console.log(query);
+    }
+
     return stmt(query).iterate(params);
 }
 
@@ -157,11 +163,11 @@ function execute(query, params = []) {
     return wrap(query, s => s.run(params));
 }
 
-function executeWithoutTransaction(query, params = []) {
+function executeMany(query, params) {
-    dbConnection.run(query, params);
+    if (LOG_ALL_QUERIES) {
+        console.log(query);
     }
 
-function executeMany(query, params) {
     while (params.length > 0) {
         const curParams = params.slice(0, Math.min(params.length, PARAM_LIMIT));
         params = params.slice(curParams.length);
@@ -182,6 +188,10 @@ function executeMany(query, params) {
 }
 
 function executeScript(query) {
+    if (LOG_ALL_QUERIES) {
+        console.log(query);
+    }
+
     return dbConnection.exec(query);
 }
 
@@ -189,6 +199,10 @@ function wrap(query, func) {
     const startTimestamp = Date.now();
     let result;
 
+    if (LOG_ALL_QUERIES) {
+        console.log(query);
+    }
+
     try {
         result = func(stmt(query));
     }
@@ -331,7 +345,6 @@ module.exports = {
      * @param {object[]} [params] - array of params if needed
      */
     execute,
-    executeWithoutTransaction,
     executeMany,
     executeScript,
     transactional,

src/services/sql_init.js

@@ -30,6 +30,14 @@ function isDbInitialized() {
     return initialized === 'true';
 }
 
+function isPasswordSet() {
+    const value = sql.getValue("SELECT value FROM options WHERE name = 'passwordVerificationHash'");
+
+    console.log("AAAAAAAAAAAAEEEEEEEEE", value);
+
+    return !!value;
+}
+
 async function initDbConnection() {
     if (!isDbInitialized()) {
         log.info(`DB not initialized, please visit setup page` +
@@ -169,8 +177,8 @@ module.exports = {
     dbReady,
     schemaExists,
     isDbInitialized,
-    initDbConnection,
     createInitialDatabase,
     createDatabaseForSync,
-    setDbAsInitialized
+    setDbAsInitialized,
+    isPasswordSet
 };

src/views/set_password.ejs

@@ -0,0 +1,50 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
+    <title>Login</title>
+    <link rel="apple-touch-icon" sizes="180x180" href="images/app-icons/ios/apple-touch-icon.png">
+    <link rel="shortcut icon" href="favicon.ico">
+</head>
+<body>
+<div class="container">
+    <div class="col-xs-12 col-sm-10 col-md-6 col-lg-4 col-xl-4 mx-auto" style="padding-top: 25px;">
+        <h1>Set password</h1>
+
+        <% if (failed) { %>
+            <div class="alert alert-warning">
+                Err
+            </div>
+        <% } %>
+
+        <p>Before you can start using Trilium from web, you need to set a password first. You will then use this password to login.</p>
+
+        <form action="login" method="POST">
+            <div class="form-group">
+                <label for="password">Password</label>
+                <div class="controls">
+                    <input id="password" name="password1" placeholder="" class="form-control" type="password">
+                </div>
+            </div>
+            <div class="form-group">
+                <label for="password">Password confirmation</label>
+                <div class="controls">
+                    <input id="password" name="password2" placeholder="" class="form-control" type="password">
+                </div>
+            </div>
+            <div class="form-group">
+                <button class="btn btn-success">Set password</button>
+            </div>
+        </form>
+    </div>
+</div>
+
+<script>
+    // Required for correct loading of scripts in Electron
+    if (typeof module === 'object') {window.module = module; module = undefined;}
+</script>
+
+<link href="libraries/bootstrap/css/bootstrap.min.css" rel="stylesheet">
+</body>
+</html>