Diffstat (limited to 'frontend/beta/js/Clipperz/PM') (more/less context) (ignore whitespace changes)
5 files changed, 56 insertions, 21 deletions
diff --git a/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js b/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js index 2295d3f..369b9ce 100644 --- a/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js +++ b/frontend/beta/js/Clipperz/PM/BookmarkletProcessor.js @@ -135,13 +135,13 @@ Clipperz.PM.BookmarkletProcessor.prototype = MochiKit.Base.update(null, { //------------------------------------------------------------------------- 'hostname': function() { if (this._hostname == null) { var actionUrl; - actionUrl = this.configuration()['form']['attributes']['action']; + actionUrl = Clipperz.Base.sanitizeUrl(this.configuration()['form']['attributes']['action']); //MochiKit.Logging.logDebug("+++ actionUrl: " + actionUrl); this._hostname = actionUrl.replace(/^https?:\/\/([^\/]*)\/.*/, '$1'); } return this._hostname; }, diff --git a/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js b/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js index 0e4640e..a5a4697 100644 --- a/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js +++ b/frontend/beta/js/Clipperz/PM/Components/RecordDetail/DirectLoginBindingComponent.js @@ -97,13 +97,13 @@ YAHOO.extendX(Clipperz.PM.Components.RecordDetail.DirectLoginBindingComponent, C recordFields = this.directLoginBinding().directLogin().record().currentVersion().fields(); result = []; option = {tag:'option', value:null, html:'---'}; result.push(option); for (recordFieldKey in recordFields) { // TODO: remove the value: field and replace it with element.dom.value = <some value> - option = {tag:'option', value:recordFieldKey, html:recordFields[recordFieldKey].label()} + option = {tag:'option', value:recordFieldKey, html:Clipperz.Base.sanitizeString(recordFields[recordFieldKey].label())} if (recordFieldKey == this.directLoginBinding().fieldKey()) { option['selected'] = true; } result.push(option); } //MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.recordFieldOptions"); @@ -147,13 +147,13 @@ YAHOO.extendX(Clipperz.PM.Components.RecordDetail.DirectLoginBindingComponent, C 'updateViewMode': function() { //MochiKit.Logging.logDebug(">>> DirectLoginBindingComponent.updateViewMode"); this.getElement('editModeBox').hide(); this.getElement('viewModeBox').show(); - this.getElement('viewValue').update(this.directLoginBinding().field().label()); + this.getElement('viewValue').update(Clipperz.Base.sanitizeString(this.directLoginBinding().field().label())); //MochiKit.Logging.logDebug("<<< DirectLoginBindingComponent.updateViewMode"); }, //------------------------------------------------------------------------- 'synchronizeComponentValues': function() { diff --git a/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js b/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js index c0cfa3c..56d9d59 100644 --- a/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js +++ b/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js @@ -35,13 +35,13 @@ Clipperz.PM.DataModel.DirectLogin = function(args) { args = args || {}; //MochiKit.Logging.logDebug("--- new Clipperz.PM.DataModel.DirectLogin - args: " + Clipperz.Base.serializeJSON(MochiKit.Base.keys(args))); this._record = args.record || null; this._label = args.label || "unnamed record" this._reference = args.reference || Clipperz.PM.Crypto.randomKey(); - this._favicon = args.favicon || null; + this._favicon = Clipperz.Base.sanitizeFavicon(args.favicon) || null; this._bookmarkletVersion = args.bookmarkletVersion || "0.1"; this._directLoginInputs = null; this._formValues = args.formValues || {}; this.setFormData(args.formData || null); @@ -99,15 +99,15 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, { 'favicon': function() { if (this._favicon == null) { var actionUrl; var hostname; - actionUrl = this.formData()['attributes']['action']; + actionUrl = this.action(); hostname = actionUrl.replace(/^https?:\/\/([^\/]*)\/.*/, '$1'); - this._favicon = "http://" + hostname + "/favicon.ico"; + this._favicon = Clipperz.Base.sanitizeFavicon("http://" + hostname + "/favicon.ico"); } return this._favicon; }, //------------------------------------------------------------------------- @@ -134,12 +134,20 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, { }, 'setFixedFavicon': function(aValue) { this._fixedFavicon = aValue; }, + 'action': function () { + var result; + + result = Clipperz.Base.sanitizeUrl(this.formData()['attributes']['action']); + + return result; + }, + //------------------------------------------------------------------------- 'bookmarkletVersion': function() { return this._bookmarkletVersion; }, @@ -439,13 +447,13 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, { // MochiKit.DOM.currentDocument().write('<html><head><title>' + this.label() + '</title><META http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body></body></html>') //MochiKit.Logging.logDebug("### runDirectLogin - 3.1"); MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, MochiKit.DOM.H3(null, "Loading " + this.label() + " ...")); //MochiKit.Logging.logDebug("### runDirectLogin - 4"); //console.log(this.formData()['attributes']); formElement = MochiKit.DOM.FORM(MochiKit.Base.update({id:'directLoginForm'}, { 'method':this.formData()['attributes']['method'], - 'action':this.formData()['attributes']['action']})); + 'action': this.action()})); //MochiKit.Logging.logDebug("### runDirectLogin - 5"); formSubmitFunction = MochiKit.Base.method(formElement, 'submit'); //MochiKit.Logging.logDebug("### runDirectLogin - 6"); MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, MochiKit.DOM.DIV({style:'display:none; visibility:hidden;'}, formElement) @@ -484,15 +492,15 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, { 'runDirectLogin': function(aNewWindow) { var newWindow; //console.log("formData.attributes", this.formData()['attributes']); // if (/^javascript/.test(this.formData()['attributes']['action'])) { - if ((/^(https?|webdav|ftp)\:/.test(this.formData()['attributes']['action']) == false) && - (this.formData()['attributes']['type'] != 'http_auth')) - { + if ((/^(https?|webdav|ftp)\:/.test(this.action()) == false) && + (this.formData()['attributes']['type'] != 'http_auth') + ) { var messageBoxConfiguration; if (typeof(aNewWindow) != 'undefined') { aNewWindow.close(); } diff --git a/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js b/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js index 236d7c9..ba302da 100644 --- a/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js +++ b/frontend/beta/js/Clipperz/PM/DataModel/DirectLoginReference.js @@ -44,13 +44,13 @@ Clipperz.PM.DataModel.DirectLoginReference = function(args) { this._directLogin = args.directLogin; this._record = args.directLogin.record(); } else { this._reference = args.reference; this._recordReference = args.record; this._label = args.label; - this._favicon = args.favicon || null; + this._favicon = Clipperz.Base.sanitizeFavicon(args.favicon) || null; this._directLogin = null; this._record = null; } this._fixedFavicon = null; diff --git a/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js b/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js index 1a5caff..b0b9b63 100644 --- a/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js +++ b/frontend/beta/js/Clipperz/PM/Proxy/Proxy.Offline.DataStore.js @@ -34,12 +34,13 @@ Clipperz.PM.Proxy.Offline.DataStore = function(args) { this._isReadOnly = (typeof(args.readOnly) == 'undefined' ? true : args.readOnly); this._shouldPayTolls = args.shouldPayTolls || false; this._tolls = {}; this._connections = {}; + this._C = null; this._b = null; this._B = null; this._A = null; this._userData = null; return this; @@ -141,12 +142,22 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { return deferredResult; }, //========================================================================= + 'C': function() { + return this._C; + }, + + 'set_C': function(aValue) { + this._C = aValue; + }, + + //------------------------------------------------------------------------- + 'b': function() { return this._b; }, 'set_b': function(aValue) { this._b = aValue; @@ -233,14 +244,14 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { throw "Missing toll"; } } }, //========================================================================= - - 'processMessage': function(aFunctionName, someParameters) { + + 'processMessage': function (aFunctionName, someParameters) { var result; switch(aFunctionName) { case 'knock': result = this._knock(someParameters); break; @@ -300,20 +311,20 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { 'records': {} } } else { throw "user already exists"; } } else { - throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly; + throw Clipperz.PM.Proxy.Offline.DataStore.exception.ReadOnly; } result = { result: { 'lock': this.data()['users'][someParameters['credentials']['C']]['lock'], 'result': 'done' - }, + }, toll: this.getTollForRequestType('CONNECT') } return MochiKit.Async.succeed(result); }, @@ -337,38 +348,54 @@ Clipperz.PM.Proxy.Offline.DataStore.prototype = MochiKit.Base.update(null, { this.setUserData(userData); } else { this.setUserData(this.data()['users']['catchAllUser']); } randomBytes = Clipperz.Crypto.Base.generateRandomSeed(); + this.set_C(someParameters.parameters.C); this.set_b(new Clipperz.Crypto.BigInt(randomBytes, 16)); v = new Clipperz.Crypto.BigInt(this.userData()['v'], 16); - this.set_B(v.add(Clipperz.Crypto.SRP.g().powerModule(this.b(), Clipperz.Crypto.SRP.n()))); + this.set_B((Clipperz.Crypto.SRP.k().multiply(v)).add(Clipperz.Crypto.SRP.g().powerModule(this.b(), Clipperz.Crypto.SRP.n()))); this.set_A(someParameters.parameters.A); result['s'] = this.userData()['s']; result['B'] = this.B().asString(16); nextTollRequestType = 'CONNECT'; } else if (someParameters.message == "credentialCheck") { - var v, u, S, A, K, M1; + var v, u, s, S, A, K, M1; + var stringHash = function (aValue) { + return Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(aValue)).toHexString().substring(2); + }; //console.log(">>> Proxy.Offline.DataStore._handshake.credentialCheck", someParameters); v = new Clipperz.Crypto.BigInt(this.userData()['v'], 16); - u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(this.B().asString(10))).toHexString(), 16); A = new Clipperz.Crypto.BigInt(this.A(), 16); + u = new Clipperz.Crypto.BigInt(Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + this.B().asString(10))).toHexString(), 16); + s = new Clipperz.Crypto.BigInt(this.userData()['s'], 16); S = (A.multiply(v.powerModule(u, Clipperz.Crypto.SRP.n()))).powerModule(this.b(), Clipperz.Crypto.SRP.n()); - K = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(S.asString(10))).toHexString().slice(2); + K = stringHash(S.asString(10)); - M1 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + this.B().asString(10) + K)).toHexString().slice(2); + M1 = stringHash( + "597626870978286801440197562148588907434001483655788865609375806439877501869636875571920406529" + + stringHash(this.C()) + + s.asString(10) + + A.asString(10) + + this.B().asString(10) + + K + ); if (someParameters.parameters.M1 == M1) { var M2; - M2 = Clipperz.PM.Crypto.encryptingFunctions.versions[someParameters.version].hash(new Clipperz.ByteArray(A.asString(10) + someParameters.parameters.M1 + K)).toHexString().slice(2); + M2 = stringHash( + A.asString(10) + + someParameters.parameters.M1 + + K + ); result['M2'] = M2; } else { throw new Error("Client checksum verification failed! Expected <" + M1 + ">, received <" + someParameters.parameters.M1 + ">.", "Error"); } nextTollRequestType = 'MESSAGE'; |