Mirrors/notesnook
1
0
Fork 0
mirror of https://github.com/streetwriters/notesnook.git synced 2025-12-16 11:47:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8918 from streetwriters/core/fix-keys-reencryption-on-update-password

Browse Source 
core: fix user keys re-encryption when updating password
This commit is contained in:
Abdullah Atta
2025-11-12 11:29:03 +05:00
committed by GitHub
parent 6343212d7e 7190207e5c
commit 3beb60d8b6
1 changed files with 25 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
packages/core/src/api/user-manager.ts
View File

@@ -666,6 +666,15 @@ class UserManager {
usesFallback: await this.usesFallbackPWHash(old_password) usesFallback: await this.usesFallbackPWHash(old_password)
}); });
// retrieve user keys before deriving a new encryption key
const oldUserKeys = {
attachmentsKey: await this.getAttachmentsKey(),
monographPasswordsKey: await this.getMonographPasswordsKey(),
inboxKeys: (await this.hasInboxKeys())
? await this.getInboxKeys()
: undefined
} as const;
await this.db.storage().deriveCryptoKey({ await this.db.storage().deriveCryptoKey({
password: new_password, password: new_password,
salt salt
@@ -678,27 +687,33 @@ class UserManager {
const userEncryptionKey = await this.getEncryptionKey(); const userEncryptionKey = await this.getEncryptionKey();
if (userEncryptionKey) { if (userEncryptionKey) {
const updateUserPayload: Partial<User> = {}; const updateUserPayload: Partial<User> = {};
const attachmentsKey = await this.getAttachmentsKey(); if (oldUserKeys.attachmentsKey) {
if (attachmentsKey) {
user.attachmentsKey = await this.db user.attachmentsKey = await this.db
.storage() .storage()
.encrypt(userEncryptionKey, JSON.stringify(attachmentsKey)); .encrypt(
userEncryptionKey,
JSON.stringify(oldUserKeys.attachmentsKey)
);
updateUserPayload.attachmentsKey = user.attachmentsKey; updateUserPayload.attachmentsKey = user.attachmentsKey;
} }
const monographPasswordsKey = await this.getMonographPasswordsKey(); if (oldUserKeys.monographPasswordsKey) {
if (monographPasswordsKey) {
user.monographPasswordsKey = await this.db user.monographPasswordsKey = await this.db
.storage() .storage()
.encrypt(userEncryptionKey, JSON.stringify(monographPasswordsKey)); .encrypt(
userEncryptionKey,
JSON.stringify(oldUserKeys.monographPasswordsKey)
);
updateUserPayload.monographPasswordsKey = user.monographPasswordsKey; updateUserPayload.monographPasswordsKey = user.monographPasswordsKey;
} }
const inboxKeys = await this.getInboxKeys(); if (oldUserKeys.inboxKeys) {
if (inboxKeys) {
user.inboxKeys = { user.inboxKeys = {
public: inboxKeys.publicKey, public: oldUserKeys.inboxKeys.publicKey,
private: await this.db private: await this.db
.storage() .storage()
.encrypt(userEncryptionKey, JSON.stringify(inboxKeys.privateKey)) .encrypt(
userEncryptionKey,
JSON.stringify(oldUserKeys.inboxKeys.privateKey)
)
}; };
updateUserPayload.inboxKeys = user.inboxKeys; updateUserPayload.inboxKeys = user.inboxKeys;
} }