From a462a02f56d14593a2ed8d337b7601f5cfb45bcc Mon Sep 17 00:00:00 2001
From: thecodrr <thecodrr@protonmail.com>
Date: Mon, 13 Apr 2020 15:36:51 +0500
Subject: [PATCH] user: use fixed salt to derive key for encryption

---
 packages/core/database/storage.js | 4 ++--
 packages/core/models/user.js      | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/packages/core/database/storage.js b/packages/core/database/storage.js
index 0db6b662e..eaf9bb07e 100644
--- a/packages/core/database/storage.js
+++ b/packages/core/database/storage.js
@@ -23,7 +23,7 @@ export default class Storage {
   decrypt(password, cipher) {
     return this.storage.decrypt(password, cipher);
   }
-  deriveKey(password) {
-    return this.storage.deriveKey(password, null, true);
+  deriveKey(password, salt) {
+    return this.storage.deriveKey(password, salt, true);
   }
 }
diff --git a/packages/core/models/user.js b/packages/core/models/user.js
index fe8b17269..4300bdf7d 100644
--- a/packages/core/models/user.js
+++ b/packages/core/models/user.js
@@ -16,7 +16,7 @@ export default class User {
 
   async key() {
     const user = await this.get();
-    return user.key;
+    return { key: user.key, salt: user.salt };
   }
 
   async set(user) {
@@ -31,7 +31,7 @@ export default class User {
       password,
       grant_type: "password",
     });
-    const key = await this.context.deriveKey(password);
+    const key = await this.context.deriveKey(password, response.payload.salt);
     let user = userFromResponse(response, key);
     await this.context.write("user", user);
   }
@@ -69,7 +69,7 @@ export default class User {
       password,
       email,
     });
-    const key = await this.context.deriveKey(password);
+    const key = await this.context.deriveKey(password, response.payload.salt);
     let user = userFromResponse(response, key);
     await this.context.write("user", user);
   }