mirror of
https://github.com/etesync/android
synced 2025-01-23 14:10:54 +00:00
Implementing changing encryption password.
The way it's done is by changing the password and adding ourselves as journal members with our public keys. Same way shared journals works. This should not be used if you believe your encryption password has been compromised. That would require a much more intrusive action (as the note there indicates).
This commit is contained in:
parent
6e2ab7d972
commit
5c894e001f
@ -236,6 +236,7 @@
|
||||
<activity android:name=".ui.JournalItemActivity"/>
|
||||
<activity android:name=".ui.importlocal.ImportActivity"/>
|
||||
<activity android:name=".ui.AccountSettingsActivity"/>
|
||||
<activity android:name=".ui.ChangeEncryptionPasswordActivity"/>
|
||||
<activity android:name=".ui.CreateCollectionActivity"/>
|
||||
<activity android:name=".ui.EditCollectionActivity"/>
|
||||
|
||||
|
@ -83,6 +83,8 @@ class UserInfoManager(httpClient: OkHttpClient, remote: HttpUrl) : BaseManager()
|
||||
class UserInfo {
|
||||
@Transient
|
||||
var owner: String? = null
|
||||
@Transient
|
||||
val plan: String? = null
|
||||
val version: Byte?
|
||||
val pubkey: ByteArray?
|
||||
private var content: ByteArray? = null
|
||||
|
@ -95,6 +95,13 @@ class AccountSettingsActivity : BaseActivity() {
|
||||
false
|
||||
}
|
||||
|
||||
// Category: encryption
|
||||
val prefEncryptionPassword = findPreference("encryption_password")
|
||||
prefEncryptionPassword.onPreferenceClickListener = Preference.OnPreferenceClickListener { _ ->
|
||||
startActivity(ChangeEncryptionPasswordActivity.newIntent(activity!!, account))
|
||||
true
|
||||
}
|
||||
|
||||
// category: synchronization
|
||||
val prefSyncContacts = findPreference("sync_interval_contacts") as ListPreference
|
||||
val syncIntervalContacts = settings.getSyncInterval(App.addressBooksAuthority)
|
||||
|
@ -0,0 +1,194 @@
|
||||
/*
|
||||
* Copyright © 2013 – 2016 Ricki Hirner (bitfire web engineering).
|
||||
* All rights reserved. This program and the accompanying materials
|
||||
* are made available under the terms of the GNU Public License v3.0
|
||||
* which accompanies this distribution, and is available at
|
||||
* http://www.gnu.org/licenses/gpl.html
|
||||
*/
|
||||
|
||||
package com.etesync.syncadapter.ui
|
||||
|
||||
import android.accounts.Account
|
||||
import android.app.ProgressDialog
|
||||
import android.content.Context
|
||||
import android.content.Intent
|
||||
import android.os.Bundle
|
||||
import android.support.design.widget.TextInputLayout
|
||||
import android.support.v7.app.AlertDialog
|
||||
import android.view.View
|
||||
import com.etesync.syncadapter.AccountSettings
|
||||
import com.etesync.syncadapter.App
|
||||
import com.etesync.syncadapter.HttpClient
|
||||
import com.etesync.syncadapter.R
|
||||
import com.etesync.syncadapter.journalmanager.Crypto
|
||||
import com.etesync.syncadapter.journalmanager.JournalManager
|
||||
import com.etesync.syncadapter.journalmanager.UserInfoManager
|
||||
import okhttp3.HttpUrl
|
||||
import org.jetbrains.anko.doAsync
|
||||
import org.jetbrains.anko.uiThread
|
||||
import java.util.*
|
||||
|
||||
open class ChangeEncryptionPasswordActivity : BaseActivity() {
|
||||
|
||||
protected lateinit var account: Account
|
||||
lateinit var progress: ProgressDialog
|
||||
|
||||
override fun onCreate(savedInstanceState: Bundle?) {
|
||||
super.onCreate(savedInstanceState)
|
||||
|
||||
account = intent.extras!!.getParcelable(EXTRA_ACCOUNT)!!
|
||||
|
||||
supportActionBar!!.setDisplayHomeAsUpEnabled(true)
|
||||
|
||||
setContentView(R.layout.change_encryption_password)
|
||||
}
|
||||
|
||||
fun onCancelClicked(v: View) {
|
||||
finish()
|
||||
}
|
||||
|
||||
fun changePasswordError(e: Exception) {
|
||||
progress.dismiss()
|
||||
AlertDialog.Builder(this)
|
||||
.setTitle(R.string.wrong_encryption_password)
|
||||
.setIcon(R.drawable.ic_error_dark)
|
||||
.setMessage(getString(R.string.wrong_encryption_password_content, e.localizedMessage))
|
||||
.setPositiveButton(android.R.string.ok) { _, _ ->
|
||||
// dismiss
|
||||
}.show()
|
||||
}
|
||||
|
||||
fun changePasswordDo(old_password: String, new_password: String) {
|
||||
val settings = AccountSettings(this, account)
|
||||
val httpClient = HttpClient.create(this, settings)
|
||||
|
||||
doAsync {
|
||||
App.log.info("Started deriving old key")
|
||||
val old_key = Crypto.deriveKey(account.name, old_password)
|
||||
App.log.info("Finished deriving old key")
|
||||
|
||||
var cryptoManager: Crypto.CryptoManager
|
||||
val principal = HttpUrl.get(settings.uri!!)!!
|
||||
|
||||
try {
|
||||
val userInfoManager = UserInfoManager(httpClient, principal)
|
||||
val userInfo = userInfoManager.fetch(account.name)!!
|
||||
App.log.info("Fetched userInfo for " + account.name)
|
||||
cryptoManager = Crypto.CryptoManager(userInfo.version!!.toInt(), old_key, "userInfo")
|
||||
userInfo.verify(cryptoManager)
|
||||
|
||||
App.log.info("Started deriving new key")
|
||||
val new_key = Crypto.deriveKey(account.name, new_password)
|
||||
App.log.info("Finished deriving new key")
|
||||
|
||||
val userInfoContent = userInfo.getContent(cryptoManager)!!
|
||||
cryptoManager = Crypto.CryptoManager(userInfo.version.toInt(), new_key, "userInfo")
|
||||
userInfo.setContent(cryptoManager, userInfoContent)
|
||||
|
||||
App.log.info("Fetching journal list")
|
||||
val membersToAdd = LinkedList<Pair<JournalManager.Journal, ByteArray?>>()
|
||||
val journalManager = JournalManager(httpClient, principal)
|
||||
val journals = journalManager.list()
|
||||
for (journal in journals) {
|
||||
if (journal.owner != account.name) {
|
||||
continue
|
||||
}
|
||||
|
||||
if (journal.key != null) {
|
||||
// We don't need to handle those cases, as they are already encrypted using pubkey
|
||||
continue
|
||||
} else {
|
||||
cryptoManager = Crypto.CryptoManager(journal.version, old_key, journal.uid!!)
|
||||
}
|
||||
|
||||
App.log.info("Converting journal ${journal.uid}")
|
||||
journal.verify(cryptoManager)
|
||||
|
||||
membersToAdd.add(Pair(journal, cryptoManager.getEncryptedKey(settings.keyPair!!, userInfo.pubkey!!)))
|
||||
}
|
||||
|
||||
App.log.info("Finished converting account. Uploading changes")
|
||||
userInfoManager.update(userInfo)
|
||||
|
||||
for ((journal, encryptedKey) in membersToAdd) {
|
||||
if (journal.owner != account.name) {
|
||||
continue
|
||||
}
|
||||
|
||||
App.log.info("Uploading journal ${journal.uid}")
|
||||
val member = JournalManager.Member(account.name, encryptedKey!!)
|
||||
journalManager.addMember(journal, member)
|
||||
}
|
||||
|
||||
settings.password(new_key)
|
||||
App.log.info("Finished uploading changes. Encryption password changed successfully.")
|
||||
|
||||
uiThread {
|
||||
progress.dismiss()
|
||||
AlertDialog.Builder(this@ChangeEncryptionPasswordActivity)
|
||||
.setTitle(R.string.change_encryption_password_success_title)
|
||||
.setMessage(R.string.change_encryption_password_success_body)
|
||||
.setPositiveButton(android.R.string.ok) { _, _ ->
|
||||
this@ChangeEncryptionPasswordActivity.finish()
|
||||
}.show()
|
||||
}
|
||||
} catch (e: Exception) {
|
||||
uiThread {
|
||||
changePasswordError(e)
|
||||
}
|
||||
return@doAsync
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
fun changePasswordClicked(v: View) {
|
||||
val old_password_view = findViewById<TextInputLayout>(R.id.encryption_password)
|
||||
val new_password_view = findViewById<TextInputLayout>(R.id.new_encryption_password)
|
||||
|
||||
var valid = true
|
||||
val old_password = old_password_view.editText?.text.toString()
|
||||
if (old_password.isEmpty()) {
|
||||
old_password_view.error = getString(R.string.login_password_required)
|
||||
valid = false
|
||||
} else {
|
||||
old_password_view.error = null
|
||||
}
|
||||
val new_password = new_password_view.editText?.text.toString()
|
||||
if (new_password.isEmpty()) {
|
||||
new_password_view.error = getString(R.string.login_password_required)
|
||||
valid = false
|
||||
} else {
|
||||
new_password_view.error = null
|
||||
}
|
||||
|
||||
if (!valid) {
|
||||
return
|
||||
}
|
||||
|
||||
AlertDialog.Builder(this)
|
||||
.setTitle(R.string.delete_collection_confirm_title)
|
||||
.setMessage(R.string.change_encryption_password_are_you_sure)
|
||||
.setPositiveButton(android.R.string.yes) { _, _ ->
|
||||
changePasswordDo(old_password, new_password)
|
||||
progress = ProgressDialog(this)
|
||||
progress.setTitle(R.string.login_encryption_setup_title)
|
||||
progress.setMessage(getString(R.string.login_encryption_setup))
|
||||
progress.isIndeterminate = true
|
||||
progress.setCanceledOnTouchOutside(false)
|
||||
progress.setCancelable(false)
|
||||
progress.show()
|
||||
}
|
||||
.setNegativeButton(android.R.string.no) { _, _ -> }
|
||||
.create().show()
|
||||
}
|
||||
|
||||
companion object {
|
||||
internal val EXTRA_ACCOUNT = "account"
|
||||
|
||||
fun newIntent(context: Context, account: Account): Intent {
|
||||
val intent = Intent(context, ChangeEncryptionPasswordActivity::class.java)
|
||||
intent.putExtra(CreateCollectionActivity.EXTRA_ACCOUNT, account)
|
||||
return intent
|
||||
}
|
||||
}
|
||||
}
|
104
app/src/main/res/layout/change_encryption_password.xml
Normal file
104
app/src/main/res/layout/change_encryption_password.xml
Normal file
@ -0,0 +1,104 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!--
|
||||
~ Copyright © 2013 – 2016 Ricki Hirner (bitfire web engineering).
|
||||
~ All rights reserved. This program and the accompanying materials
|
||||
~ are made available under the terms of the GNU Public License v3.0
|
||||
~ which accompanies this distribution, and is available at
|
||||
~ http://www.gnu.org/licenses/gpl.html
|
||||
-->
|
||||
|
||||
<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
|
||||
xmlns:app="http://schemas.android.com/apk/res-auto"
|
||||
android:orientation="vertical"
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="match_parent">
|
||||
|
||||
<ScrollView
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="0dp"
|
||||
android:layout_weight="1"
|
||||
android:layout_margin="@dimen/activity_margin">
|
||||
|
||||
<LinearLayout
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
android:orientation="vertical">
|
||||
|
||||
<TextView
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
style="@style/login_type_headline"
|
||||
android:text="@string/change_encryption_password_title"
|
||||
android:layout_marginBottom="14dp"/>
|
||||
|
||||
<TextView
|
||||
android:id="@+id/account_name"
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"/>
|
||||
|
||||
<android.support.design.widget.TextInputLayout
|
||||
android:id="@+id/encryption_password"
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
app:passwordToggleEnabled="true">
|
||||
<android.support.design.widget.TextInputEditText
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
android:fontFamily="monospace"
|
||||
android:inputType="textPassword"
|
||||
android:hint="@string/login_encryption_password"/>
|
||||
</android.support.design.widget.TextInputLayout>
|
||||
|
||||
<android.support.design.widget.TextInputLayout
|
||||
android:id="@+id/new_encryption_password"
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
app:passwordToggleEnabled="true">
|
||||
<android.support.design.widget.TextInputEditText
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
android:fontFamily="monospace"
|
||||
android:inputType="textPassword"
|
||||
android:hint="@string/change_encryption_password_new_password"/>
|
||||
</android.support.design.widget.TextInputLayout>
|
||||
|
||||
<TextView
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
android:layout_marginBottom="10dp"
|
||||
android:text="@string/login_encryption_check_password"/>
|
||||
<TextView
|
||||
android:id="@+id/encryption_extra_info"
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
android:autoLink="web"
|
||||
android:text="@string/change_encryption_password_extra_info"/>
|
||||
</LinearLayout>
|
||||
</ScrollView>
|
||||
|
||||
<LinearLayout
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
style="@style/stepper_nav_bar">
|
||||
|
||||
<Button
|
||||
android:id="@+id/back"
|
||||
android:layout_width="0dp"
|
||||
android:layout_weight="1"
|
||||
android:layout_gravity="center"
|
||||
android:text="@android:string/cancel"
|
||||
android:onClick="onCancelClicked"
|
||||
style="@style/stepper_nav_button"/>
|
||||
|
||||
<Button
|
||||
android:id="@+id/set_password"
|
||||
android:layout_width="0dp"
|
||||
android:layout_weight="1"
|
||||
android:layout_gravity="center"
|
||||
android:text="@string/login_finish"
|
||||
android:onClick="changePasswordClicked"
|
||||
style="@style/stepper_nav_button"/>
|
||||
|
||||
</LinearLayout>
|
||||
|
||||
</LinearLayout>
|
@ -126,7 +126,7 @@
|
||||
<string name="settings_password_summary">Ihr Anmelde-Passwort</string>
|
||||
<string name="settings_enter_password">Passwort eingeben:</string>
|
||||
<string name="settings_encryption_password">Verschlüsselungs-Passwort</string>
|
||||
<string name="settings_encryption_password_summary">Verschlüsselungs-Passwort ändern (nicht implementiert)</string>
|
||||
<string name="settings_encryption_password_summary">Verschlüsselungs-Passwort ändern</string>
|
||||
<string name="settings_enter_encryption_password">Verschlüsselungs-Passwort eingeben:</string>
|
||||
<string name="settings_sync">Synchronisation</string>
|
||||
<string name="settings_sync_interval_contacts">Häufigkeit der Kontakte-Synchronisation</string>
|
||||
|
@ -205,7 +205,7 @@
|
||||
<string name="settings_password_summary">Zmień hasło weryfikacji</string>
|
||||
<string name="settings_enter_password">Wprowadź obecne hasło:</string>
|
||||
<string name="settings_encryption_password">Hasło szyfrowania</string>
|
||||
<string name="settings_encryption_password_summary">Zmień swoje hasło szyfrowania (niezaimpletowane)</string>
|
||||
<string name="settings_encryption_password_summary">Zmień swoje hasło szyfrowania</string>
|
||||
<string name="settings_enter_encryption_password">Wprowadź obecne hasło szyfrowania:</string>
|
||||
<string name="settings_sync">Synchronizacja</string>
|
||||
<string name="settings_sync_interval_contacts">Okres synchronizacji kontaktów</string>
|
||||
|
@ -184,7 +184,7 @@
|
||||
<string name="login_custom_server_error">Invalid URL found, did you forget to include https://?</string>
|
||||
<string name="login_toggle_advanced">Show advanced settings</string>
|
||||
<string name="login_encryption_password">Encryption Password</string>
|
||||
<string name="login_encryption_check_password">* Please double-check the password, as it can\'t be changed if wrong.</string>
|
||||
<string name="login_encryption_check_password">* Please double-check the password, as it can\'t be recovered if wrong!</string>
|
||||
<string name="login_encryption_extra_info">This password is used to encrypt your data, unlike the previous one, which is used to log into the service.\nYou are asked to choose a separate encryption password for security reasons. For more information, plesae refer to the FAQ at: %s</string>
|
||||
<string name="login_password_required">Password required</string>
|
||||
<string name="login_login">Log In</string>
|
||||
@ -207,12 +207,19 @@
|
||||
|
||||
<string name="account_creation_failed">Account creation failed</string>
|
||||
<string name="wrong_encryption_password">Wrong encryption password</string>
|
||||
<string name="wrong_encryption_password_content">Got an integrity error while accessing your account, which most likely means you put in the wrong encryption password.\n\n%s</string>
|
||||
<string name="wrong_encryption_password_content">Got an integrity error while accessing your account, which most likely means you put in the wrong encryption password.\n\nError: %s</string>
|
||||
|
||||
<!-- ChangeEncryptionPasswordActivity -->
|
||||
<string name="change_encryption_password_title">Change Encryption Password</string>
|
||||
<string name="change_encryption_password_extra_info">Please don\'t use this tool if you believe your encryption password has been comporomised. Contact support instead.</string>
|
||||
<string name="change_encryption_password_new_password">New encryption Password</string>
|
||||
<string name="change_encryption_password_are_you_sure">Are you sure you would like to continue? The process can not be stopped half way or be undone, and may take a while to complete.</string>
|
||||
<string name="change_encryption_password_success_title">Encryption Password Change</string>
|
||||
<string name="change_encryption_password_success_body">Encryption password has been successfully changed!</string>
|
||||
|
||||
<!-- SetupUserInfoFragment -->
|
||||
<string name="login_user_info_error_title">Error Setting User Info</string>
|
||||
|
||||
|
||||
<!-- ImportFragment -->
|
||||
<string name="import_dialog_title">Import</string>
|
||||
<string name="import_dialog_failed_title">Import Failed</string>
|
||||
@ -230,7 +237,7 @@
|
||||
<string name="settings_password_summary">Change your authentication password</string>
|
||||
<string name="settings_enter_password">Enter your password:</string>
|
||||
<string name="settings_encryption_password">Encryption Password</string>
|
||||
<string name="settings_encryption_password_summary">Change your encryption password (not implemented)</string>
|
||||
<string name="settings_encryption_password_summary">Change your encryption password</string>
|
||||
<string name="settings_enter_encryption_password">Enter your encryption password:</string>
|
||||
<string name="settings_sync">Synchronization</string>
|
||||
<string name="settings_sync_interval_contacts">Contacts sync. interval</string>
|
||||
|
@ -23,14 +23,12 @@
|
||||
|
||||
<PreferenceCategory android:title="@string/settings_encryption">
|
||||
|
||||
<EditTextPreference
|
||||
android:key="encryption_password"
|
||||
<Preference
|
||||
android:title="@string/settings_encryption_password"
|
||||
android:persistent="false"
|
||||
android:inputType="textPassword"
|
||||
android:enabled="false"
|
||||
android:key="encryption_password"
|
||||
android:summary="@string/settings_encryption_password_summary"
|
||||
android:dialogTitle="@string/settings_enter_encryption_password" />
|
||||
android:persistent="false"
|
||||
/>
|
||||
|
||||
</PreferenceCategory>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user