Mirrors/notesnook
1
0
Fork 0
mirror of https://github.com/streetwriters/notesnook.git synced 2025-12-17 04:07:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

core: fix user keys re-encryption when updating password

Browse Source 
Signed-off-by: 01zulfi <85733202+01zulfi@users.noreply.github.com>
This commit is contained in:
01zulfi
2025-11-05 14:02:48 +05:00
parent 015453a40b
commit 7190207e5c
1 changed files with 25 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
packages/core/src/api/user-manager.ts
View File

@@ -666,6 +666,15 @@ class UserManager {
usesFallback: await this.usesFallbackPWHash(old_password) usesFallback: await this.usesFallbackPWHash(old_password)
}); });
// retrieve user keys before deriving a new encryption key
const oldUserKeys = {
attachmentsKey: await this.getAttachmentsKey(),
monographPasswordsKey: await this.getMonographPasswordsKey(),
inboxKeys: (await this.hasInboxKeys())
? await this.getInboxKeys()
: undefined
} as const;
await this.db.storage().deriveCryptoKey({ await this.db.storage().deriveCryptoKey({
password: new_password, password: new_password,
salt salt
@@ -678,27 +687,33 @@ class UserManager {
const userEncryptionKey = await this.getEncryptionKey(); const userEncryptionKey = await this.getEncryptionKey();
if (userEncryptionKey) { if (userEncryptionKey) {
const updateUserPayload: Partial<User> = {}; const updateUserPayload: Partial<User> = {};
const attachmentsKey = await this.getAttachmentsKey(); if (oldUserKeys.attachmentsKey) {
if (attachmentsKey) {
user.attachmentsKey = await this.db user.attachmentsKey = await this.db
.storage() .storage()
.encrypt(userEncryptionKey, JSON.stringify(attachmentsKey)); .encrypt(
userEncryptionKey,
JSON.stringify(oldUserKeys.attachmentsKey)
);
updateUserPayload.attachmentsKey = user.attachmentsKey; updateUserPayload.attachmentsKey = user.attachmentsKey;
} }
const monographPasswordsKey = await this.getMonographPasswordsKey(); if (oldUserKeys.monographPasswordsKey) {
if (monographPasswordsKey) {
user.monographPasswordsKey = await this.db user.monographPasswordsKey = await this.db
.storage() .storage()
.encrypt(userEncryptionKey, JSON.stringify(monographPasswordsKey)); .encrypt(
userEncryptionKey,
JSON.stringify(oldUserKeys.monographPasswordsKey)
);
updateUserPayload.monographPasswordsKey = user.monographPasswordsKey; updateUserPayload.monographPasswordsKey = user.monographPasswordsKey;
} }
const inboxKeys = await this.getInboxKeys(); if (oldUserKeys.inboxKeys) {
if (inboxKeys) {
user.inboxKeys = { user.inboxKeys = {
public: inboxKeys.publicKey, public: oldUserKeys.inboxKeys.publicKey,
private: await this.db private: await this.db
.storage() .storage()
.encrypt(userEncryptionKey, JSON.stringify(inboxKeys.privateKey)) .encrypt(
userEncryptionKey,
JSON.stringify(oldUserKeys.inboxKeys.privateKey)
)
}; };
updateUserPayload.inboxKeys = user.inboxKeys; updateUserPayload.inboxKeys = user.inboxKeys;
} }