Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-30 00:01:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bug 545725 - Changing passphrase should prevent other clients from syncing, r=Mardak

Browse Source
This commit is contained in:
Mike Connor 2010-03-31 21:58:07 -04:00
parent 084907c53f
commit ca58a97947
5 changed files with 42 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
services/sync/locales/en-US/fx-prefs.dtd
View File

@ -53,7 +53,7 @@
<!ENTITY passphraseDesc.label "Please enter a secret phrase. This will be used to encrypt all your data so only you can access it. It is never stored on the server, so don't lose this!">
<!ENTITY passphraseDesc2.label "This must be at least 12 characters long and cannot match your account password.">
<!ENTITY passphraseDesc3.label "Please enter your secret phrase. This must be the same secret phrase that you used to encrypt your data.">
<!ENTITY passphraseHelp.label "Your secret phrase is at least 12 characters long and is not your password. You can find your saved secret phrase by going to your other computer and checking the Saved Passwords under Security. If you still cannot get the correct secret phrase, you can choose to reset it, but you will need to enter this new secret phrase on your other computer.">
<!ENTITY passphraseHelp.label "Your secret phrase is at least 12 characters long and is not your password. You can find your saved secret phrase by going to your other computer and checking the Saved Passwords under Security. If you still cannot get the correct secret phrase, you can choose to reset it, but you will lose any data stored on the server.">
<!ENTITY connecting.label "Connecting…">
<!ENTITY verifying.label "Verifying…">
@ -87,7 +87,6 @@
<!ENTITY changePassword.label "Change Password">
<!ENTITY recoverPassword.label "Recover Password">
<!ENTITY changePassphrase.label "Change Secret Phrase">
<!ENTITY resetPassphrase.label "Reset Secret Phrase">
<!ENTITY resetSync.label "Reset Sync">
<!ENTITY differentAccount.label "Use a Different Account">
<!ENTITY startOver.label "Start Over">

44
services/sync/locales/en-US/generic-change.properties
View File

@ -1,33 +1,29 @@
noPassword.alert = You must enter a password.
noPassphrase.alert = You must enter a passphrase.
passwordNoMatch.alert = Your passwords do not match. Try again!
passphraseNoMatch.alert = Your passphrases do not match. Try again!
incorrectPassword.alert = Your current password is incorrect!
incorrectPassphrase.alert = Your current passphrase is incorrect!
change.password.title = Change your Password
change.password.acceptButton = Change Password
change.password.status.active = Changing your password…
change.password.status.success = Your password has been changed.
change.password.status.error = There was an error changing your password.
change.password.status.passwordSameAsPassphrase = The password cannot be the same as the passphrase.
change.password.status.passwordSameAsUsername = The password cannot be the same as the username.
change.password.status.passwordsDoNotMatch = The passwords you entered do not match.
change.password.status.badOldPassword = Your current password is incorrect.
change.password.status.pwSameAsPassphrase = The password cannot be the same as your secret phrase.
change.password.status.pwSameAsUsername = The password cannot be the same as the username.
change.passphrase.title = Change your Passphrase
change.passphrase.label = Changing passphrase, please wait…
change.passphrase.error = There was an error while changing your passphrase!
change.passphrase.success = Your passphrase was successfully changed!
change.password.introText = Your password must be at least 12 characters long. It cannot be the same as either your user name or your secret phrase.
change.password.warningText = Note: All of your other devices will be unable to connect to your account once you change this password.
reset.passphrase.title = Reset your Passphrase
reset.passphrase.label = Resetting passphrase, please wait…
reset.passphrase.error = There was an error while resetting your passphrase!
reset.passphrase.success = Your passphrase was successfully reset!
new.passphrase.old = Enter your current passphrase
new.passphrase.label = Enter your new passphrase
new.passphrase.confirm = Confirm your new passphrase
new.password.old = Enter your current password
change.passphrase.title = Change your Secret Phrase
change.passphrase.acceptButton = Change Secret Phrase
change.passphrase.label = Changing secret phrase and uploading local data, please wait…
change.passphrase.error = There was an error while changing your secret phrase!
change.passphrase.success = Your secret phrase was successfully changed!
change.passphrase.status.ppSameAsPassword = The secret phrase cannot be the same as your password.
change.passphrase.status.ppSameAsUsername = The secret phrase cannot be the same as the username.
new.passphrase.label = New secret phrase
new.passphrase.confirm = Confirm secret phrase
change.passphrase.introText = Your secret phrase must be at least 12 characters long. Weave uses this phrase as part of encrypting your data.
change.passphrase.introText2 = You may wish to write this down, as this is never sent over the Internet and is not backed up or synced by Weave for your security.
change.passphrase.warningText = Note: This will erase all data stored on the Weave server and upload new data secured by this phrase. Your other devices will not sync until the secret phrase is entered for that device.
new.password.label = Enter your new password
new.password.confirm = Confirm your new password

6
services/sync/locales/en-US/sync.properties
View File

@ -24,10 +24,12 @@ remote.opened.label = All remote tabs are already open
remote.notification.label = Recent desktop tabs will be available once they sync
error.login.title = Error While Signing In
error.login.description = Weave encountered an error while signing you in: %1$S. Please try again.
error.login.description = Weave encountered an error while connecting: %1$S. Please try again.
error.login.prefs.label = Preferences…
error.login.prefs.accesskey = P
# should decide if we're going to show this
error.logout.title = Error While Signing Out
error.logout.description = Weave encountered an error while signing you out. It's probably ok, and you don't have to do anything about it.
error.logout.description = Weave encountered an error while connecting. It's probably ok, and you don't have to do anything about it.
error.sync.title = Error While Syncing
error.sync.description = Weave encountered an error while syncing: %1$S. Weave will automatically retry this action.
error.sync.no_node_found = The Weave server is a little busy right now, but you don't need to do anything about it. We'll start syncing your data as soon as we can!

7
services/sync/modules/constants.js
View File

@ -107,6 +107,7 @@ KEYS_DOWNLOAD_FAIL: "error.sync.reason.keys_download_fail",
NO_KEYS_NO_KEYGEN: "error.sync.reason.no_keys_no_keygen",
KEYS_UPLOAD_FAIL: "error.sync.reason.keys_upload_fail",
SETUP_FAILED_NO_PASSPHRASE: "error.sync.reason.setup_failed_no_passphrase",
CREDENTIALS_CHANGED: "error.sync.reason.credentials_changed",
ABORT_SYNC_COMMAND: "aborting sync, process commands said so",
NO_SYNC_NODE_FOUND: "error.sync.reason.no_node_found",
@ -128,9 +129,7 @@ FIREFOX_ID: "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}",
FENNEC_ID: "{a23983c0-fd0e-11dc-95ff-0800200c9a66}",
SEAMONKEY_ID: "{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}",
// UI constants
// How many data types (bookmarks, history, etc) to display per row
UI_DATA_TYPES_PER_ROW: 3,
MIN_PP_LENGTH: 12,
MIN_PASS_LENGTH: 8
}))];

48
services/sync/modules/service.js
View File

@ -387,6 +387,10 @@ WeaveSvc.prototype = {
break;
case "weave:service:sync:error":
this._handleSyncError();
if (Status.sync == CREDENTIALS_CHANGED) {
this.logout();
Utils.delay(function() this.login(), 0, this);
}
break;
case "weave:service:sync:finish":
this._scheduleNextSync();
@ -557,29 +561,6 @@ WeaveSvc.prototype = {
}
}))(),
changePassphrase: function WeaveSvc_changePassphrase(newphrase)
this._catch(this._notify("changepph", "", function() {
let pubkey = PubKeys.getDefaultKey();
let privkey = PrivKeys.get(pubkey.privateKeyUri);
/* Re-encrypt with new passphrase.
* FIXME: verifyPassphrase first!
*/
let newkey = Svc.Crypto.rewrapPrivateKey(privkey.payload.keyData,
this.passphrase, privkey.payload.salt,
privkey.payload.iv, newphrase);
privkey.payload.keyData = newkey;
let resp = new Resource(privkey.uri).put(privkey);
if (!resp.success)
throw resp;
// Save the new passphrase to the login manager for it to sync
this.passphrase = newphrase;
this.persistLogin();
return true;
}))(),
changePassword: function WeaveSvc_changePassword(newpass)
this._notify("changepwd", "", function() {
let url = this.userAPI + this.username + "/password";
@ -602,28 +583,20 @@ WeaveSvc.prototype = {
return true;
})(),
resetPassphrase: function WeaveSvc_resetPassphrase(newphrase)
this._catch(this._notify("resetpph", "", function() {
/* Make remote commands ready so we have a list of clients beforehand */
this.prepCommand("logout", []);
let clientsBackup = Clients._store.clients;
changePassphrase: function WeaveSvc_changePassphrase(newphrase)
this._catch(this._notify("changepph", "", function() {
/* Wipe */
this.wipeServer();
PubKeys.clearCache();
PrivKeys.clearCache();
/* Set remote commands before syncing */
Clients._store.clients = clientsBackup;
let username = this.username;
let password = this.password;
this.logout();
/* Set this so UI is updated on next run */
this.passphrase = newphrase;
/* Login in sync: this also generates new keys */
this.login(username, password, newphrase);
this.login();
this.sync(true);
return true;
}))(),
@ -892,6 +865,13 @@ WeaveSvc.prototype = {
// XXX Bug 531005 Wait long enough to allow potentially another concurrent
// sync to finish generating the keypair and uploading them
Sync.sleep(15000);
// bug 545725 - re-verify creds and fail sanely
if (!this._verifyLogin()) {
Status.sync = CREDENTIALS_CHANGED;
this._log.info("Credentials have changed, aborting sync and forcing re-login.");
return false;
}
}
let needKeys = true;