move pbkdf2 to web crypto with shim fallback

2025-12-17 00:33:44 +00:00 · 2017-07-08 23:41:02 -04:00
parent b62950fa2b
commit bc8892a237
21 changed files with 284 additions and 192 deletions
--- a/src/app/settings/settingsChangeEmailController.js
+++ b/src/app/settings/settingsChangeEmailController.js
@@ -11,22 +11,25 @@

        $scope.token = function (model) {
            _masterPassword = model.masterPassword;
-            _masterPasswordHash = cryptoService.hashPassword(_masterPassword);
            _newEmail = model.newEmail.toLowerCase();

-            var encKey = cryptoService.getEncKey();
-            if (encKey) {
-                $scope.tokenPromise = requestToken(model);
-            }
-            else {
-                // User is not using an enc key, let's make them one
-                $scope.tokenPromise = cipherService.updateKey(_masterPasswordHash, function () {
-                    return requestToken(model);
-                }, processError);
-            }
+            cryptoService.hashPassword(_masterPassword).then(function (hash) {
+                _masterPasswordHash = hash;
+
+                var encKey = cryptoService.getEncKey();
+                if (encKey) {
+                    $scope.tokenPromise = requestToken();
+                }
+                else {
+                    // User is not using an enc key, let's make them one
+                    $scope.tokenPromise = cipherService.updateKey(_masterPasswordHash, function () {
+                        return requestToken();
+                    }, processError);
+                }
+            });
        };

-        function requestToken(model) {
+        function requestToken() {
            var request = {
                newEmail: _newEmail,
                masterPasswordHash: _masterPasswordHash
@@ -40,33 +43,31 @@
        $scope.confirm = function (model) {
            $scope.processing = true;

-            var newKey = cryptoService.makeKey(_masterPassword, _newEmail);
-            var encKey = cryptoService.getEncKey();
-            var newEncKey = cryptoService.encrypt(encKey.key, newKey, 'raw');
+            $scope.confirmPromise = cryptoService.makeKeyAndHash(_newEmail, _masterPassword).then(function (result) {
+                var encKey = cryptoService.getEncKey();
+                var newEncKey = cryptoService.encrypt(encKey.key, result.key, 'raw');
+                var request = {
+                    token: model.token,
+                    newEmail: _newEmail,
+                    masterPasswordHash: _masterPasswordHash,
+                    newMasterPasswordHash: result.hash,
+                    key: newEncKey
+                };

-            var request = {
-                token: model.token,
-                newEmail: _newEmail,
-                masterPasswordHash: _masterPasswordHash,
-                newMasterPasswordHash: cryptoService.hashPassword(_masterPassword, newKey),
-                key: newEncKey
-            };
-
-            $scope.confirmPromise = apiService.accounts.email(request).$promise.then(function () {
+                return apiService.accounts.email(request).$promise;
+            }).then(function () {
                $uibModalInstance.dismiss('cancel');
                authService.logOut();
                $analytics.eventTrack('Changed Email');
                return $state.go('frontend.login.info');
-            }, processError).then(function () {
+            }).then(function () {
                toastr.success('Please log back in.', 'Email Changed');
-            }, processError);
+            }, function () {
+                $uibModalInstance.dismiss('cancel');
+                toastr.error('Something went wrong. Try again.', 'Oh No!');
+            });
        };

-        function processError() {
-            $uibModalInstance.dismiss('cancel');
-            toastr.error('Something went wrong. Try again.', 'Oh No!');
-        }
-
        $scope.close = function () {
            $uibModalInstance.dismiss('cancel');
        };