keejef
/
session-desktop
mirror of https://github.com/oxen-io/session-desktop
2
0
Fork 0
Code Issues 8 Projects Releases Wiki Activity

Merge pull request #77 from Mikunj/password-protection

Browse Source 
Password protection
pull/85/head
sachaaaaa 6 years ago committed by GitHub
parent cd54661378 1303603db9
commit a1255dd31e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
26 changed files with 1105 additions and 108 deletions
Show Stats Download Patch File Download Diff File

72
_locales/en/messages.json
Unescape Escape View File

@ -1684,5 +1684,77 @@
"copiedMnemonic": {
"message": "Copied mnemonic to clipboard",
"description": "A toast message telling the user that the mnemonic was copied"
},
"passwordViewTitle": {
"message": "Type in your password",
"description": "The title shown when user needs to type in a password to unlock the messenger"
},
"unlock": {
"message": "Unlock"
},
"setPassword": {
"message": "Set Password",
"description": "Button action that the user can click to set a password"
},
"changePassword": {
"message": "Change Password",
"description": "Button action that the user can click to change a password"
},
"removePassword": {
"message": "Remove Password",
"description": "Button action that the user can click to remove a password"
},
"typeInOldPassword": {
"message": "Please type in your old password"
},
"invalidOldPassword": {
"message": "Old password is invalid"
},
"invalidPassword": {
"message": "Invalid password"
},
"passwordsDoNotMatch": {
"message": "Passwords do not match"
},
"setPasswordFail": {
"message": "Failed to set password"
},
"removePasswordFail": {
"message": "Failed to remove password"
},
"changePasswordFail": {
"message": "Failed to change password"
},
"setPasswordSuccess": {
"message": "Password set"
},
"removePasswordSuccess": {
"message": "Password removed"
},
"changePasswordSuccess": {
"message": "Password changed"
},
"passwordLengthError": {
"message": "Password must be between 6 and 50 characters long",
"description": "Error string shown to the user when password doesn't meet length criteria"
},
"passwordTypeError": {
"message": "Password must be a string",
"description": "Error string shown to the user when password is not a string"
},
"passwordCharacterError": {
"message": "Password must only contain letters, numbers and symbols",
"description": "Error string shown to the user when password contains an invalid character"
},
"change": {
"message": "Change"
},
"set": {
"message": "Set"
},
"remove": {
"message": "Remove"
}
}

35
app/password_util.js
Unescape Escape View File

@ -0,0 +1,35 @@
const { sha512 } = require('js-sha512');
const ERRORS = {
TYPE: 'Password must be a string',
LENGTH: 'Password must be between 6 and 50 characters long',
CHARACTER: 'Password must only contain letters, numbers and symbols',
};
const generateHash = (phrase) => phrase && sha512(phrase.trim());
const matchesHash = (phrase, hash) => phrase && sha512(phrase.trim()) === hash.trim();
const validatePassword = (phrase, i18n) => {
if (!phrase || typeof phrase !== 'string') {
return i18n ? i18n('passwordTypeError') : ERRORS.TYPE;
}
const trimmed = phrase.trim();
if (trimmed.length < 6 || trimmed.length > 50) {
return i18n ? i18n('passwordLengthError') : ERRORS.LENGTH;
}
// Restrict characters to letters, numbers and symbols
const characterRegex = /^[a-zA-Z0-9-!()._`~@#$%^&*+=[\]{}|<>,;:]+$/
if (!characterRegex.test(trimmed)) {
return i18n ? i18n('passwordCharacterError') : ERRORS.CHARACTER;
}
return null;
}
module.exports = {
generateHash,
matchesHash,
validatePassword,
};

50
app/sql.js
Unescape Escape View File

@ -1,10 +1,11 @@
const fs = require('fs');
const path = require('path');
const mkdirp = require('mkdirp');
const rimraf = require('rimraf');
const sql = require('@journeyapps/sqlcipher');
const pify = require('pify');
const uuidv4 = require('uuid/v4');
const { map, isString, fromPairs, forEach, last } = require('lodash');
const { map, isString, fromPairs, forEach, last, isEmpty } = require('lodash');
// To get long stack traces
// https://github.com/mapbox/node-sqlite3/wiki/API#sqlite3verbose
@ -15,6 +16,11 @@ module.exports = {
close,
removeDB,
removeIndexedDBFiles,
setSQLPassword,
getPasswordHash,
savePasswordHash,
removePasswordHash,
createOrUpdateGroup,
getGroupById,
@ -181,15 +187,25 @@ async function getSQLCipherVersion(instance) {
}
}
const INVALID_KEY = /[^0-9A-Fa-f]/;
const HEX_KEY = /[^0-9A-Fa-f]/;
async function setupSQLCipher(instance, { key }) {
const match = INVALID_KEY.exec(key);
if (match) {
throw new Error(`setupSQLCipher: key '${key}' is not valid`);
}
// If the key isn't hex then we need to derive a hex key from it
const deriveKey = HEX_KEY.test(key);
// https://www.zetetic.net/sqlcipher/sqlcipher-api/#key
await instance.run(`PRAGMA key = "x'${key}'";`);
const value = deriveKey ? `'${key}'` : `"x'${key}'"`;
await instance.run(`PRAGMA key = ${value};`);
}
async function setSQLPassword(password) {
if (!db) {
throw new Error('setSQLPassword: db is not initialized');
}
// If the password isn't hex then we need to derive a key from it
const deriveKey = HEX_KEY.test(password);
const value = deriveKey ? `'${password}'` : `"x'${password}'"`;
await db.run(`PRAGMA rekey = ${value};`);
}
async function updateToSchemaVersion1(currentVersion, instance) {
@ -621,6 +637,26 @@ async function removeIndexedDBFiles() {
indexedDBPath = null;
}
// Password hash
const PASS_HASH_ID = 'passHash';
async function getPasswordHash() {
const item = await getItemById(PASS_HASH_ID);
return item && item.value;
}
async function savePasswordHash(hash) {
if (isEmpty(hash)) {
return removePasswordHash();
}
const data = { id: PASS_HASH_ID, value: hash };
return createOrUpdateItem(data);
}
async function removePasswordHash() {
return removeItemById(PASS_HASH_ID);
}
// Groups
const GROUPS_TABLE = 'groups';
async function createOrUpdateGroup(data) {
return createOrUpdate(GROUPS_TABLE, data);

44
background.html
Unescape Escape View File

@ -170,6 +170,35 @@
<span class='time'>0:00</span>
<button class='close'><span class='icon'></span></button>
</script>
<script type='text/x-tmpl-mustache' id='password-dialog'>
<div class="content">
{{ #title }}
<h4>{{ title }}</h4>
{{ /title }}
<input type='password' id='password' placeholder='Password' autofocus>
<input type='password' id='password-confirmation' placeholder='Type in your password again' autofocus>
<div class='error'></div>
<div class='buttons'>
<button class='cancel' tabindex='2'>{{ cancel }}</button>
<button class='ok' tabindex='1'>{{ ok }}</button>
</div>
</div>
</script>
<script type='text/x-tmpl-mustache' id='password-change-dialog'>
<div class="content">
{{ #title }}
<h4>{{ title }}</h4>
{{ /title }}
<input type='password' id='old-password' placeholder='Old password' autofocus>
<input type='password' id='new-password' placeholder='New password' autofocus>
<input type='password' id='new-password-confirmation' placeholder='Type in your new password again' autofocus>
<div class='error'></div>
<div class='buttons'>
<button class='cancel' tabindex='2'>{{ cancel }}</button>
<button class='ok' tabindex='1'>{{ ok }}</button>
</div>
</div>
</script>
<script type='text/x-tmpl-mustache' id='nickname-dialog'>
<div class="content">
{{ #title }}
@ -603,13 +632,21 @@
</script>
<script type='text/x-tmpl-mustache' id='standalone'>
<div id='standalone' class='step'>
<div class='step standalone'>
<div class='inner'>
<div class='step-body'>
<div class='header'>Create your Loki Messenger Account</div>
<div class='display-name-header'>Enter a name that will be shown to all your contacts</div>
<input class='form-control' type='text' id='display-name' placeholder='Display Name (optional)' autocomplete='off' spellcheck='false' maxlength='25'>
<div class='display-name-input'>
<div class='input-header'>Enter a name that will be shown to all your contacts</div>
<input class='form-control' type='text' id='display-name' placeholder='Display Name (optional)' autocomplete='off' spellcheck='false' maxlength='25'>
</div>
<div class='password-inputs'>
<div class='input-header'>Type an optional password for added security</div>
<input class='form-control' type='password' id='password' placeholder='Password (optional)' autocomplete='off' spellcheck='false'>
<input class='form-control' type='password' id='password-confirmation' placeholder='Retype your password' autocomplete='off' spellcheck='false'>
<div class='error'></div>
</div>
<h4 class='section-toggle'>Restore using seed</h4>
<div class='standalone-mnemonic section-content'>
@ -703,6 +740,7 @@
<script type='text/javascript' src='js/views/network_status_view.js'></script>
<script type='text/javascript' src='js/views/confirmation_dialog_view.js'></script>
<script type='text/javascript' src='js/views/nickname_dialog_view.js'></script>
<script type='text/javascript' src='js/views/password_dialog_view.js'></script>
<script type='text/javascript' src='js/views/identicon_svg_view.js'></script>
<script type='text/javascript' src='js/views/install_view.js'></script>
<script type='text/javascript' src='js/views/banner_view.js'></script>

12
js/background.js
Unescape Escape View File

@ -602,6 +602,12 @@
}
});
Whisper.events.on('showPasswordDialog', options => {
if (appView) {
appView.showPasswordDialog(options);
}
});
Whisper.events.on('calculatingPoW', ({ pubKey, timestamp }) => {
try {
const conversation = ConversationController.get(pubKey);
@ -610,6 +616,12 @@
window.log.error('Error showing PoW cog');
}
});
Whisper.events.on('password-updated', () => {
if (appView && appView.inboxView) {
appView.inboxView.trigger('password-updated');
}
});
}
window.getSyncRequest = () =>

8
js/modules/data.js
Unescape Escape View File

@ -47,6 +47,8 @@ module.exports = {
removeDB,
removeIndexedDBFiles,
getPasswordHash,
createOrUpdateGroup,
getGroupById,
getAllGroupIds,
@ -405,6 +407,12 @@ async function removeIndexedDBFiles() {
await channels.removeIndexedDBFiles();
}
// Password hash
async function getPasswordHash() {
return channels.getPasswordHash();
}
// Groups
async function createOrUpdateGroup(data) {

7
js/password_start.js
Unescape Escape View File

@ -0,0 +1,7 @@
/* global $, Whisper */
const $body = $(document.body);
// eslint-disable-next-line strict
window.view = new Whisper.PasswordView();
$body.html('');
window.view.$el.prependTo($body);

4
js/views/app_view.js
Unescape Escape View File

@ -187,5 +187,9 @@
});
this.el.append(dialog.el);
},
showPasswordDialog({ type, resolve, reject }) {
const dialog = Whisper.getPasswordDialogView(type, resolve, reject);
this.el.append(dialog.el);
},
});
})();

45
js/views/inbox_view.js
Unescape Escape View File

@ -6,6 +6,7 @@
/* global Whisper: false */
/* global textsecure: false */
/* global clipboard: false */
/* global Signal: false */
// eslint-disable-next-line func-names
(function() {
@ -106,6 +107,8 @@
el: this.$('.main-header-placeholder'),
items: this.getMainHeaderItems(),
});
this.onPasswordUpdated();
this.on('password-updated', () => this.onPasswordUpdated());
this.conversation_stack = new Whisper.ConversationStack({
el: this.$('.conversation-stack'),
@ -350,17 +353,42 @@
const ourNumber = textsecure.storage.user.getNumber();
clipboard.writeText(ourNumber);
const toast = new Whisper.MessageToastView({
message: i18n('copiedPublicKey'),
});
toast.$el.appendTo(this.$('.gutter'));
toast.render();
this.showToastMessageInGutter(i18n('copiedPublicKey'));
}),
this._mainHeaderItem('editDisplayName', () => {
window.Whisper.events.trigger('onEditProfile');
}),
];
},
async onPasswordUpdated() {
const hasPassword = await Signal.Data.getPasswordHash();
const items = this.getMainHeaderItems();
const showPasswordDialog = (type, resolve) => Whisper.events.trigger('showPasswordDialog', {
type,
resolve,
});
const passwordItem = (textKey, type) => this._mainHeaderItem(
textKey,
() => showPasswordDialog(type, () => {
this.showToastMessageInGutter(i18n(`${textKey}Success`));
})
);
if (hasPassword) {
items.push(
passwordItem('changePassword', 'change'),
passwordItem('removePassword', 'remove')
);
} else {
items.push(
passwordItem('setPassword', 'set')
);
}
this.mainHeaderView.updateItems(items);
},
_mainHeaderItem(textKey, onClick) {
return {
id: textKey,
@ -368,6 +396,13 @@
onClick,
};
},
showToastMessageInGutter(message) {
const toast = new Whisper.MessageToastView({
message,
});
toast.$el.appendTo(this.$('.gutter'));
toast.render();
},
});
Whisper.ExpiredAlertBanner = Whisper.View.extend({

17
js/views/main_header_view.js
Unescape Escape View File

@ -1,4 +1,4 @@
/* global Whisper, textsecure, ConversationController, Signal, i18n */
/* global Whisper, textsecure, ConversationController, Signal */
// eslint-disable-next-line func-names
(function() {
@ -14,8 +14,6 @@
'click .copy-key': 'onCopyKey',
},
initialize(options) {
this.items = options.items || [];
this.ourNumber = textsecure.storage.user.getNumber();
const me = ConversationController.getOrCreate(this.ourNumber, 'private');
@ -34,14 +32,19 @@
this.$content = this.$('.main-header-content-wrapper');
this.$content.hide();
this.registerCallbacks();
this.updateItems(options.items);
},
registerCallbacks() {
this.items.forEach(item => {
updateItems(items) {
this.$content.html('');
(items || []).forEach(item => {
// Add the item
this.$content.append(`<div role='button' id='${item.id}'>${item.text}</div>`);
// Register its callback
if (item.onClick) {
this.$(`#${item.id}`).click(item.onClick);
}
})
});
},
render_attributes() {
return {

2
js/views/nickname_dialog_view.js
Unescape Escape View File

@ -7,7 +7,7 @@
window.Whisper = window.Whisper || {};
Whisper.NicknameDialogView = Whisper.View.extend({
className: 'nickname-dialog modal',
className: 'loki-dialog nickname-dialog modal',
templateName: 'nickname-dialog',
initialize(options) {
this.message = options.message;

214
js/views/password_dialog_view.js
Unescape Escape View File

@ -0,0 +1,214 @@
/* global Whisper, i18n, _, Signal, passwordUtil */
// eslint-disable-next-line func-names
(function() {
'use strict';
window.Whisper = window.Whisper || {};
const PasswordDialogView = Whisper.View.extend({
className: 'loki-dialog password-dialog modal',
templateName: 'password-dialog',
initialize(options) {
this.type = options.type;
this.resolve = options.resolve;
this.okText = options.okText || i18n('ok');
this.reject = options.reject;
this.cancelText = options.cancelText || i18n('cancel');
this.title = options.title;
this.render();
this.updateUI();
},
events: {
keyup: 'onKeyup',
'click .ok': 'ok',
'click .cancel': 'cancel',
},
render_attributes() {
return {
showCancel: !this.hideCancel,
cancel: this.cancelText,
ok: this.okText,
title: this.title,
};
},
async updateUI() {
if (this.disableOkButton()) {
this.$('.ok').prop('disabled', true);
} else {
this.$('.ok').prop('disabled', false);
}
},
disableOkButton() {
const password = this.$('#password').val();
return _.isEmpty(password);
},
async validate() {
const password = this.$('#password').val();
const passwordConfirmation = this.$('#password-confirmation').val();
const pairValidation = this.validatePasswordPair(password, passwordConfirmation);
const hashValidation = await this.validatePasswordHash(password);
return (pairValidation || hashValidation);
},
async validatePasswordHash(password) {
// Check if the password matches the hash we have stored
const hash = await Signal.Data.getPasswordHash();
if (hash && !passwordUtil.matchesHash(password, hash)) {
return i18n('invalidPassword');
}
return null;
},
validatePasswordPair(password, passwordConfirmation) {
if (!_.isEmpty(password)) {
// Check if the password is first valid
const passwordValidation = passwordUtil.validatePassword(password, i18n);
if (passwordValidation) {
return passwordValidation;
}
// Check if the confirmation password is the same
if (!passwordConfirmation || password.trim() !== passwordConfirmation.trim()) {
return i18n('passwordsDoNotMatch');
}
}
return null;
},
okPressed() {
const password = this.$('#password').val();
if (this.type === 'set') {
window.setPassword(password.trim());
} else if (this.type === 'remove') {
window.setPassword(null, password.trim());
}
},
okErrored() {
if (this.type === 'set') {
this.showError(i18n('setPasswordFail'));
} else if (this.type === 'remove') {
this.showError(i18n('removePasswordFail'));
}
},
async ok() {
const error = await this.validate();
if (error) {
this.showError(error);
return;
}
// Clear any errors
this.showError(null);
try {
this.okPressed();
this.remove();
if (this.resolve) {
this.resolve();
}
} catch (e) {
this.okErrored();
}
},
cancel() {
this.remove();
if (this.reject) {
this.reject();
}
},
onKeyup(event) {
this.updateUI();
switch (event.key) {
case 'Enter':
this.ok();
break;
case 'Escape':
case 'Esc':
this.cancel();
break;
default:
return;
}
event.preventDefault();
},
focusCancel() {
this.$('.cancel').focus();
},
showError(message) {
if (_.isEmpty(message)) {
this.$('.error').text('');
this.$('.error').hide();
} else {
this.$('.error').text(`Error: ${message}`);
this.$('.error').show();
}
},
});
const ChangePasswordDialogView = PasswordDialogView.extend({
templateName: 'password-change-dialog',
disableOkButton() {
const oldPassword = this.$('#old-password').val();
const newPassword = this.$('#new-password').val();
return _.isEmpty(oldPassword) || _.isEmpty(newPassword);
},
async validate() {
const oldPassword = this.$('#old-password').val();
// Validate the old password
if (!_.isEmpty(oldPassword) ) {
const oldPasswordValidation = passwordUtil.validatePassword(oldPassword, i18n);
if (oldPasswordValidation) {
return oldPasswordValidation;
}
} else {
return i18n('typeInOldPassword');
}
const password = this.$('#new-password').val();
const passwordConfirmation = this.$('#new-password-confirmation').val();
const pairValidation = this.validatePasswordPair(password, passwordConfirmation);
const hashValidation = await this.validatePasswordHash(oldPassword);
return pairValidation || hashValidation;
},
okPressed() {
const oldPassword = this.$('#old-password').val();
const newPassword = this.$('#new-password').val();
window.setPassword(newPassword.trim(), oldPassword.trim());
},
okErrored() {
this.showError(i18n('changePasswordFail'));
},
});
Whisper.getPasswordDialogView = (type, resolve, reject) => {
// This is a differently styled dialog
if (type === 'change') {
return new ChangePasswordDialogView({
title: i18n('changePassword'),
okTitle: i18n('change'),
resolve,
reject,
});
}
// Set and Remove is basically the same UI
const title = type === 'remove' ? i18n('removePassword') : i18n('setPassword');
const okTitle = type === 'remove' ? i18n('remove') : i18n('set');
return new PasswordDialogView({
title,
okTitle,
type,
resolve,
reject,
});
};
})();

42
js/views/password_view.js
Unescape Escape View File

@ -0,0 +1,42 @@
/* global i18n: false */
/* global Whisper: false */
/* eslint-disable no-new */
// eslint-disable-next-line func-names
(function() {
'use strict';
window.Whisper = window.Whisper || {};
Whisper.PasswordView = Whisper.View.extend({
className: 'password full-screen-flow standalone-fullscreen',
templateName: 'password',
events: {
'click #unlock-button': 'onLogin',
},
initialize() {
this.render();
},
render_attributes() {
return {
title: i18n('passwordViewTitle'),
buttonText: i18n('unlock'),
};
},
async onLogin() {
const passPhrase = this.$('#passPhrase').val();
const trimmed = passPhrase ? passPhrase.trim() : passPhrase;
this.setError('');
try {
await window.onLogin(trimmed);
} catch (e) {
this.setError(`Error: ${e}`);
}
},
setError(string) {
this.$('.error').text(string);
},
});
})();

110
js/views/standalone_registration_view.js
Unescape Escape View File

@ -1,4 +1,4 @@
/* global Whisper, $, getAccountManager, textsecure, i18n, storage, ConversationController */
/* global Whisper, $, getAccountManager, textsecure, i18n, passwordUtil, ConversationController */
/* eslint-disable more/no-then */
@ -35,6 +35,13 @@
});
this.$('#mnemonic-language').append(options);
this.$('#mnemonic-display-language').append(options);
this.$passwordInput = this.$('#password');
this.$passwordConfirmationInput = this.$('#password-confirmation');
this.$passwordConfirmationInput.hide();
this.$passwordInputError = this.$('.password-inputs .error');
this.onValidatePassword();
},
events: {
'validation input.number': 'onValidation',
@ -48,18 +55,32 @@
'change #mnemonic-display-language': 'onGenerateMnemonic',
'click #copy-mnemonic': 'onCopyMnemonic',
'click .section-toggle': 'toggleSection',
'keyup #password': 'onPasswordChange',
'keyup #password-confirmation': 'onValidatePassword',
},
register(mnemonic) {
this.accountManager
.registerSingleDevice(
async register(mnemonic) {
// Make sure the password is valid
if (this.validatePassword()) {
this.showToast('Invalid password');
return;
}
const input = this.trim(this.$passwordInput.val());
try {
await window.setPassword(input);
await this.accountManager.registerSingleDevice(
mnemonic,
this.$('#mnemonic-language').val(),
this.$('#display-name').val()
)
.then(() => {
this.$el.trigger('openInbox');
})
.catch(this.log.bind(this));
);
this.$el.trigger('openInbox');
} catch (e) {
if (typeof e === 'string') {
this.showToast(e);
}
this.log(e);
}
},
registerWithoutMnemonic() {
const mnemonic = this.$('#mnemonic-display').text();
@ -158,5 +179,76 @@
this.$('.section-toggle').not($target).removeClass('section-toggle-visible')
this.$('.section-content').not($next).slideUp('fast');
},
onPasswordChange() {
const input = this.$passwordInput.val();
if (!input || input.length === 0) {
this.$passwordConfirmationInput.val('');
this.$passwordConfirmationInput.hide();
} else {
this.$passwordConfirmationInput.show();
}
this.onValidatePassword();
},
validatePassword() {
const input = this.trim(this.$passwordInput.val());
const confirmationInput = this.trim(this.$passwordConfirmationInput.val());
// If user hasn't set a value then skip
if (!input && !confirmationInput) {
return null;
}
const error = passwordUtil.validatePassword(input, i18n);
if (error) {
return error;
}
if (input !== confirmationInput) {
return 'Password don\'t match';
}
return null;
},
onValidatePassword() {
const passwordValidation = this.validatePassword();
if (passwordValidation) {
this.$passwordInput.addClass('error-input');
this.$passwordConfirmationInput.addClass('error-input');
this.$passwordInput.removeClass('match-input');
this.$passwordConfirmationInput.removeClass('match-input');
this.$passwordInputError.text(passwordValidation);
this.$passwordInputError.show();
} else {
this.$passwordInput.removeClass('error-input');
this.$passwordConfirmationInput.removeClass('error-input');
this.$passwordInputError.text('');
this.$passwordInputError.hide();
// Show green box around inputs that match
const input = this.trim(this.$passwordInput.val());
const confirmationInput = this.trim(this.$passwordConfirmationInput.val());
if (input && input === confirmationInput) {
this.$passwordInput.addClass('match-input');
this.$passwordConfirmationInput.addClass('match-input');
} else {
this.$passwordInput.removeClass('match-input');
this.$passwordConfirmationInput.removeClass('match-input');
}
}
},
trim(value) {
return value ? value.trim() : value;
},
showToast(message) {
const toast = new Whisper.MessageToastView({
message,
});
toast.$el.appendTo(this.$el);
toast.render();
},
});
})();

152
main.js
Unescape Escape View File

@ -51,6 +51,7 @@ const config = require('./app/config');
// Very important to put before the single instance check, since it is based on the
// userData directory.
const userConfig = require('./app/user_config');
const passwordUtil = require('./app/password_util');
const importMode =
process.argv.some(arg => arg === '--import') || config.get('import');
@ -170,7 +171,7 @@ function captureClicks(window) {
}
const DEFAULT_WIDTH = 800;
const DEFAULT_HEIGHT = 610;
const DEFAULT_HEIGHT = 710;
const MIN_WIDTH = 640;
const MIN_HEIGHT = 360;
const BOUNDS_BUFFER = 100;
@ -306,12 +307,6 @@ function createWindow() {
mainWindow.flashFrame(false);
});
// Ingested in preload.js via a sendSync call
ipc.on('locale-data', event => {
// eslint-disable-next-line no-param-reassign
event.returnValue = locale.messages;
});
if (config.environment === 'test') {
mainWindow.loadURL(prepareURL([__dirname, 'test', 'index.html']));
} else if (config.environment === 'test-lib') {
@ -425,6 +420,73 @@ function setupAsStandalone() {
}
}
let passwordWindow;
function showPasswordWindow() {
if (passwordWindow) {
passwordWindow.show();
return;
}
const windowOptions = {
show: true, // allow to start minimised in tray
width: DEFAULT_WIDTH,
height: DEFAULT_HEIGHT,
minWidth: MIN_WIDTH,
minHeight: MIN_HEIGHT,
autoHideMenuBar: false,
webPreferences: {
nodeIntegration: false,
nodeIntegrationInWorker: false,
// sandbox: true,
preload: path.join(__dirname, 'password_preload.js'),
nativeWindowOpen: true,
},
icon: path.join(__dirname, 'images', 'icon_256.png'),
};
passwordWindow = new BrowserWindow(windowOptions);
passwordWindow.loadURL(prepareURL([__dirname, 'password.html']));
captureClicks(passwordWindow);
passwordWindow.on('close', e => {
// If the application is terminating, just do the default
if (
config.environment === 'test' ||
config.environment === 'test-lib' ||
(windowState.shouldQuit())
) {
return;
}
// Prevent the shutdown
e.preventDefault();
passwordWindow.hide();
// On Mac, or on other platforms when the tray icon is in use, the window
// should be only hidden, not closed, when the user clicks the close button
if (
!windowState.shouldQuit() &&
(usingTrayIcon || process.platform === 'darwin')
) {
// toggle the visibility of the show/hide tray icon menu entries
if (tray) {
tray.updateContextMenu();
}
return;
}
passwordWindow.readyForShutdown = true;
app.quit();
});
passwordWindow.on('closed', () => {
passwordWindow = null;
});
}
let aboutWindow;
function showAbout() {
if (aboutWindow) {
@ -654,6 +716,18 @@ app.on('ready', async () => {
locale = loadLocale({ appLocale, logger });
}
const key = getDefaultSQLKey();
// Try to show the main window with the default key
// If that fails then show the password window
try {
await showMainWindow(key);
} catch (e) {
showPasswordWindow();
}
});
function getDefaultSQLKey() {
let key = userConfig.get('key');
if (!key) {
console.log(
@ -663,7 +737,14 @@ app.on('ready', async () => {
key = crypto.randomBytes(32).toString('hex');
userConfig.set('key', key);
}
await sql.initialize({ configDir: userDataPath, key });
return key;
}
async function showMainWindow(sqlKey) {
const userDataPath = await getRealPath(app.getPath('userData'));
await sql.initialize({ configDir: userDataPath, key: sqlKey });
await sqlChannels.initialize();
try {
@ -707,7 +788,7 @@ app.on('ready', async () => {
}
setupMenu();
});
}
function setupMenu(options) {
const { platform } = process;
@ -817,6 +898,12 @@ app.on('web-contents-created', (createEvent, contents) => {
});
});
// Ingested in preload.js via a sendSync call
ipc.on('locale-data', event => {
// eslint-disable-next-line no-param-reassign
event.returnValue = locale.messages;
});
ipc.on('set-badge-count', (event, count) => {
app.setBadgeCount(count);
});
@ -870,6 +957,53 @@ ipc.on('update-tray-icon', (event, unreadCount) => {
}
});
// Password screen related IPC calls
ipc.on('password-window-login', async (event, passPhrase) => {
const sendResponse = (e) => event.sender.send('password-window-login-response', e);
try {
await showMainWindow(passPhrase);
sendResponse();
if (passwordWindow) {
passwordWindow.close();
passwordWindow = null;
}
} catch (e) {
const localisedError = locale.messages.invalidPassword.message;
sendResponse(localisedError || 'Invalid password');
}
});
ipc.on('set-password', async (event, passPhrase, oldPhrase) => {
const sendResponse = (e) => event.sender.send('set-password-response', e);
try {
// Check if the hash we have stored matches the hash of the old passphrase.
const hash = await sql.getPasswordHash();
const hashMatches = oldPhrase && passwordUtil.matchesHash(oldPhrase, hash);
if (hash && !hashMatches) {
const incorrectOldPassword = locale.messages.invalidOldPassword.message;
sendResponse(incorrectOldPassword || 'Failed to set password: Old password provided is invalid');
return;
}
if (_.isEmpty(passPhrase)) {
const defaultKey = getDefaultSQLKey();
await sql.setSQLPassword(defaultKey);
await sql.removePasswordHash();
} else {
await sql.setSQLPassword(passPhrase);
const newHash = passwordUtil.generateHash(passPhrase);
await sql.savePasswordHash(newHash);
}
sendResponse();
} catch (e) {
const localisedError = locale.messages.setPasswordFail.message;
sendResponse(localisedError || 'Failed to set password');
}
});
// Debug Log-related IPC calls
ipc.on('show-debug-log', showDebugLogWindow);

1
package.json
Unescape Escape View File

@ -227,6 +227,7 @@
"background.html",
"about.html",
"settings.html",
"password.html",
"permissions_popup.html",
"debug_log.html",
"_locales/**",

50
password.html
Unescape Escape View File

@ -0,0 +1,50 @@
<html>
<head>
<meta http-equiv="Content-Security-Policy"
content="default-src 'none';
child-src 'self';
connect-src 'self' https: wss:;
font-src 'self';
form-action 'self';
frame-src 'none';
img-src 'self' blob: data:;
media-src 'self' blob:;
object-src 'none';
script-src 'self';
style-src 'self' 'unsafe-inline';"
>
<link href="stylesheets/manifest.css" rel="stylesheet" type="text/css" />
<style>
</style>
<script type='text/x-tmpl-mustache' id='password'>
<div class='content-wrapper standalone'>
<div class='content'>
<h2>{{ title }}</h2>
<div class='inputs'>
<input class='form-control' type='password' id='passPhrase' placeholder='Password' autocomplete='off' spellcheck='false' />
<a class='button' id='unlock-button'>{{ buttonText }}</a>
<div class='error'></div>
</div>
</div>
</div>
</script>
<script type='text/javascript' src='js/components.js'></script>
<script type='text/javascript' src='js/views/whisper_view.js'></script>
<script type='text/javascript' src='js/views/password_view.js'></script>
</head>
<body>
<div class='app-loading-screen'>
<div class='content'>
<img src='images/loki/loki_icon_128.png'>
<div class='container'>
<span class='dot'></span>
<span class='dot'></span>
<span class='dot'></span>
</div>
<div class='message'></div>
</div>
</div>
<script type='text/javascript' src='js/password_start.js'></script>
</body>
</html>

39
password_preload.js
Unescape Escape View File

@ -0,0 +1,39 @@
/* global window */
const { ipcRenderer } = require('electron');
const url = require('url');
const i18n = require('./js/modules/i18n');
const config = url.parse(window.location.toString(), true).query;
const { locale } = config;
const localeMessages = ipcRenderer.sendSync('locale-data');
window.theme = config.theme;
window.i18n = i18n.setup(locale, localeMessages);
// So far we're only using this for Signal.Types
const Signal = require('./js/modules/signal');
window.Signal = Signal.setup({
Attachments: null,
userDataPath: null,
getRegionCode: () => null,
});
window.getEnvironment = () => config.environment;
window.getVersion = () => config.version;
window.getAppInstance = () => config.appInstance;
window.passwordUtil = require('./app/password_util');
window.onLogin = (passPhrase) => new Promise((resolve, reject) => {
ipcRenderer.once('password-window-login-response', (event, error) => {
if (error) {
return reject(error);
}
return resolve();
});
ipcRenderer.send('password-window-login', passPhrase);
});
require('./js/logging');

13
preload.js
Unescape Escape View File

@ -49,6 +49,18 @@ const localeMessages = ipc.sendSync('locale-data');
window.setBadgeCount = count => ipc.send('set-badge-count', count);
// Set the password for the database
window.setPassword = (passPhrase, oldPhrase) => new Promise((resolve, reject) => {
ipc.once('set-password-response', (event, error) => {
if (error) {
return reject(error);
}
Whisper.events.trigger('password-updated');
return resolve();
});
ipc.send('set-password', passPhrase, oldPhrase);
});
// We never do these in our code, so we'll prevent it everywhere
window.open = () => null;
// eslint-disable-next-line no-eval, no-multi-assign
@ -273,6 +285,7 @@ window.libphonenumber.PhoneNumberFormat = require('google-libphonenumber').Phone
window.loadImage = require('blueimp-load-image');
window.getGuid = require('uuid/v4');
window.profileImages = require('./app/profile_images');
window.passwordUtil = require('./app/password_util');
window.React = require('react');
window.ReactDOM = require('react-dom');

91
stylesheets/_conversation.scss
Unescape Escape View File

@ -353,7 +353,7 @@
}
}
.nickname-dialog {
.loki-dialog {
display: flex;
align-items: center;
justify-content: center;
@ -366,55 +366,62 @@
border-radius: $border-radius;
overflow: auto;
box-shadow: 0px 0px 15px 0px rgba(0, 0, 0, 0.3);
}
.buttons {
button {
float: right;
margin-left: 10px;
background-color: $color-loki-green;
border-radius: 100px;
padding: 5px 15px;
border: 1px solid $color-loki-green;
color: white;
outline: none;
button {
float: right;
margin-left: 10px;
background-color: $color-loki-green;
border-radius: 100px;
padding: 5px 15px;
border: 1px solid $color-loki-green;
color: white;
outline: none;
&:hover, &:disabled {
background-color: $color-loki-green-dark;
border-color: $color-loki-green-dark;
}
&:hover {
background-color: $color-loki-green-dark;
border-color: $color-loki-green-dark;
}
}
&:disabled {
cursor: not-allowed;
}
}
input {
width: 100%;
padding: 8px;
margin-bottom: 15px;
border: 0;
outline: none;
border-radius: 4px;
background-color: $color-loki-light-gray;
input {
width: 100%;
padding: 8px;
margin-bottom: 15px;
border: 0;
&:focus {
outline: none;
border-radius: 4px;
background-color: $color-loki-light-gray;
}
}
h4 {
margin-top: 8px;
margin-bottom: 16px;
white-space: -moz-pre-wrap; /* Mozilla */
white-space: -hp-pre-wrap; /* HP printers */
white-space: -o-pre-wrap; /* Opera 7 */
white-space: -pre-wrap; /* Opera 4-6 */
white-space: pre-wrap; /* CSS 2.1 */
white-space: pre-line; /* CSS 3 (and 2.1 as well, actually) */
word-wrap: break-word; /* IE */
word-break: break-all;
}
h4 {
margin-top: 8px;
margin-bottom: 16px;
white-space: -moz-pre-wrap; /* Mozilla */
white-space: -hp-pre-wrap; /* HP printers */
white-space: -o-pre-wrap; /* Opera 7 */
white-space: -pre-wrap; /* Opera 4-6 */
white-space: pre-wrap; /* CSS 2.1 */
white-space: pre-line; /* CSS 3 (and 2.1 as well, actually) */
word-wrap: break-word; /* IE */
word-break: break-all;
}
}
.message {
font-style: italic;
color: $grey;
font-size: 12px;
margin-bottom: 16px;
}
.nickname-dialog {
.message {
font-style: italic;
color: $grey;
font-size: 12px;
margin-bottom: 16px;
}
}

42
stylesheets/_global.scss
Unescape Escape View File

@ -637,9 +637,12 @@ textarea {
width: 100%;
}
.step {
height: 100%;
width: 100%;
padding: 70px 0 50px;
display: flex;
align-items: center;
min-width: 100%;
min-height: 100%;
margin: auto;
padding: 10px 0;
}
.step-body {
margin-left: auto;
@ -653,6 +656,7 @@ textarea {
justify-content: center;
flex-direction: column;
height: 100%;
width: 100%;
}
.banner-image {
@ -805,7 +809,7 @@ textarea {
overflow-y: auto;
}
#standalone {
.standalone {
color: $color-dark-05;
height: auto;
padding: 0;
@ -915,7 +919,7 @@ textarea {
}
}
.display-name-header {
.input-header {
margin-bottom: 8px;
font-size: 14px;
}
@ -973,8 +977,34 @@ textarea {
}
}
.password-inputs {
input {
margin-bottom: 0.5em;
}
.error {
margin-bottom: 1em;
}
.error-input {
border: 3px solid $color-vermilion;
&:focus {
outline: none;
}
}
.match-input {
border: 3px solid $color-loki-green;
&:focus {
outline: none;
}
}
}
@media (min-height: 750px) and (min-width: 700px) {
.display-name-header {
.input-header {
font-size: 18px;
}

29
stylesheets/_password.scss
Unescape Escape View File

@ -0,0 +1,29 @@
.password {
.content-wrapper {
display: flex;
align-items: center;
justify-content: center;
color: $color-dark-05;
width: 100%;
height: 100%;
}
.content {
margin: 3em;
}
.inputs {
display: flex;
flex-direction: column;
}
input {
width: 30em;
}
.error {
font-weight: bold;
font-size: 16px;
margin-top: 1em;
}
}

38
stylesheets/_theme_dark.scss
Unescape Escape View File

@ -93,34 +93,34 @@ body.dark-theme {
}
}
.nickname-dialog {
.loki-dialog {
.content {
background: $color-black;
color: $color-dark-05;
}
.buttons {
button {
background-color: $color-dark-85;
border-radius: $border-radius;
border: 1px solid $color-dark-60;
color: $color-dark-05;
&:hover {
background-color: $color-dark-70;
border-color: $color-dark-55;
}
}
}
button {
background-color: $color-dark-85;
border-radius: $border-radius;
border: 1px solid $color-dark-60;
color: $color-dark-05;
input {
color: $color-dark-05;
&:hover {
background-color: $color-dark-70;
border-color: $color-dark-55;
}
}
.message {
color: $color-light-35;
}
input {
color: $color-dark-05;
background-color: $color-dark-70;
border-color: $color-dark-55;
}
}
.nickname-dialog {
.message {
color: $color-light-35;
}
}

1
stylesheets/manifest.scss
Unescape Escape View File

@ -11,6 +11,7 @@
@import 'recorder';
@import 'emoji';
@import 'settings';
@import 'password';
// Build the main view
@import 'index';

94
test/app/password_util_test.js
Unescape Escape View File

@ -0,0 +1,94 @@
const { assert } = require('chai');
const passwordUtil = require('../../app/password_util');
describe('Password Util', () => {
describe('hash generation', () => {
it('generates the same hash for the same phrase', () => {
const first = passwordUtil.generateHash('phrase');
const second = passwordUtil.generateHash('phrase');
assert.strictEqual(first, second);
});
it('generates different hashes for different phrases', () => {
const first = passwordUtil.generateHash('0');
const second = passwordUtil.generateHash('1');
assert.notStrictEqual(first, second);
});
});
describe('hash matching', () => {
it('returns true for the same hash', () => {
const phrase = 'phrase';
const hash = passwordUtil.generateHash(phrase);
assert.isTrue(passwordUtil.matchesHash(phrase, hash));
});
it('returns false for different hashes', () => {
const hash = passwordUtil.generateHash('phrase');
assert.isFalse(passwordUtil.matchesHash('phrase2', hash));
});
});
describe('password validation', () => {
it('should return nothing if password is valid', () => {
const valid = [
'123456',
'1a5b3C6g',
')CZcy@ccHa',
'C$D--M;Xv+',
'X8-;!47IW|',
'Oi74ZpoSx,p',
'>]K1*g^swHW0]F6}{',
'TiJf@lk^jsO^z8MUn%)[Sd~UPQ)ci9CGS@jb<^',
'$u&%{r]apg#G@3dQdCkB_p8)gxhNFr=K&yfM_M8O&2Z.vQyvx',
'bf^OMnYku*iX;{Piw_0zvz',
'#'.repeat(50),
];
valid.forEach(pass => {
assert.isNull(passwordUtil.validatePassword(pass));
});
});
it('should return an error if password is not a string', () => {
const invalid = [
0,
123456,
[],
{},
null,
undefined,
];
invalid.forEach(pass => {
assert.strictEqual(passwordUtil.validatePassword(pass), 'Password must be a string');
});
});
it('should return an error if password is not between 6 and 50 characters',() => {
const invalid = [
'a',
'abcde',
'#'.repeat(51),
'#'.repeat(100),
];
invalid.forEach(pass => {
assert.strictEqual(passwordUtil.validatePassword(pass), 'Password must be between 6 and 50 characters long');
});
});
it('should return an error if password has invalid characters', () => {
const invalid = [
'ʍʪց3Wͪ݌bΉf',
')É{b)͎ÔȩҜ٣',
'ߓܑ˿G֖=3¤)P',
'ݴ`ԚfĬ8ӝrH(',
'e̹ωͻܺȬۺ#dӄ',
'谀뤼筎笟ꅅ栗塕카ꭴ',
'俈꛷࿩迭䰡钑럭䛩銛뤙',
'봟㉟ⓓ༭꽫㊡䶷쒨⻯颰',
'<@ȦƘΉوۉaҋ<',
];
invalid.forEach(pass => {
assert.strictEqual(passwordUtil.validatePassword(pass), 'Password must only contain letters, numbers and symbols');
});
});
});
});

1
test/index.html
Unescape Escape View File

@ -403,6 +403,7 @@
<script type='text/javascript' src='../js/views/network_status_view.js'></script>
<script type='text/javascript' src='../js/views/confirmation_dialog_view.js' data-cover></script>
<script type='text/javascript' src='../js/views/nickname_dialog_view.js' data-cover></script>
<script type='text/javascript' src='../js/views/password_dialog_view.js' data-cover></script>
<script type='text/javascript' src='../js/views/identicon_svg_view.js' data-cover></script>
<script type='text/javascript' src='../js/views/last_seen_indicator_view.js' data-cover></script>
<script type='text/javascript' src='../js/views/scroll_down_button_view.js' data-cover></script>

Write Preview
Loading…
Cancel
Save