Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: e2e password visible on always-on alert message. #12139

Merged
merged 4 commits into from
Sep 26, 2018
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 11 additions & 21 deletions packages/rocketchat-e2e/client/rocketchat.e2e.js
Original file line number Diff line number Diff line change
Expand Up @@ -140,36 +140,26 @@ class E2E {

const randomPassword = localStorage.getItem('e2e.randomPassword');
if (randomPassword) {
const passwordRevealText = TAPi18n.__('E2E_password_reveal_text', {
postProcess: 'sprintf',
sprintf: [randomPassword],
});

alerts.open({
title: TAPi18n.__('Save your encryption password'),
html: `<div><span style="font-weight: bold;">${ randomPassword }</span><br/>This password will only show up this time. Click here to learn more.</div>`,
title: TAPi18n.__('Save_your_encryption_password'),
html: TAPi18n.__('Click_here_to_view_and_copy_your_password'),
modifiers: ['large'],
closable: false,
icon: 'key',
action() {
modal.open({
title: TAPi18n.__('Save your encryption password'),
title: TAPi18n.__('Save_your_encryption_password'),
html: true,
text: `
<div>
You can now create encrypted private groups and direct messages. You may also change existing private groups or DMs to encrypted.
<br/>
This is end to end encryption so the key to encode/decode your messages will not be saved on the server.
For that reason you need to store this password somewhere safe. You will be required to enter it on other devices you wish to use e2e encryption on.
<br/>
<br/>
Your password is: <span style="font-weight: bold;">${ randomPassword }</span>
<br/>
<br/>
This is an auto generated password, you can setup a new password for your encryption key any time from any browser you have entered the existing password.
<br/>
This password is only stored on this browser until you store the password and dismiss this message.
</div>
`,
text: `<div>${ passwordRevealText }</div>`,
showConfirmButton: true,
showCancelButton: true,
confirmButtonText: TAPi18n.__('I saved my password, close this message'),
cancelButtonText: TAPi18n.__('I\'ll do it later'),
confirmButtonText: TAPi18n.__('I_saved_my_password_close_this_message'),
cancelButtonText: TAPi18n.__('I_ll_do_it_later'),
}, (confirm) => {
if (!confirm) {
return;
Expand Down
1 change: 1 addition & 0 deletions packages/rocketchat-e2e/server/settings.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ RocketChat.settings.addGroup('E2E Encryption', function() {
this.add('E2E_Enable', false, {
type: 'boolean',
i18nLabel: 'Enabled',
i18nDescription: 'E2E_Enable_description',
public: true,
});
});
6 changes: 6 additions & 0 deletions packages/rocketchat-i18n/i18n/en.i18n.json
Original file line number Diff line number Diff line change
Expand Up @@ -547,6 +547,7 @@
"clear_history": "Clear History",
"Click_here": "Click here",
"Click_here_for_more_info": "Click here for more info",
"Click_here_to_view_and_copy_your_password": "Click here to view and copy your password.",
"Click_the_messages_you_would_like_to_send_by_email": "Click the messages you would like to send by e-mail",
"Click_to_join": "Click to Join!",
"Client_ID": "Client ID",
Expand Down Expand Up @@ -976,6 +977,8 @@
"Duplicate_channel_name": "A Channel with name '%s' exists",
"Duplicate_private_group_name": "A Private Group with name '%s' exists",
"Duration": "Duration",
"E2E_Enable_description": "This feature is still on BETA state.<br/>Encrypted messages will not be found by search operations.<br/> Notifications may also not work.",
"E2E_password_reveal_text": "You can now create encrypted private groups and direct messages. You may also change existing private groups or DMs to encrypted.<br/>This is end to end encryption so the key to encode/decode your messages will not be saved on the server. For that reason you need to store this password somewhere safe. You will be required to enter it on other devices you wish to use e2e encryption on.<br/><br/>Your password is: <span style=\"font-weight: bold;\">%s</span><br/><br/>This is an auto generated password, you can setup a new password for your encryption key any time from any browser you have entered the existing password.<br/>This password is only stored on this browser until you store the password and dismiss this message.",
"Edit": "Edit",
"edit-message": "Edit Message",
"edit-message_description": "Permission to edit a message within a room",
Expand Down Expand Up @@ -1324,6 +1327,8 @@
"How_responsive_was_the_chat_agent": "How responsive was the chat agent?",
"How_satisfied_were_you_with_this_chat": "How satisfied were you with this chat?",
"How_to_handle_open_sessions_when_agent_goes_offline": "How to Handle Open Sessions When Agent Goes Offline",
"I_ll_do_it_later": "I'll do it later",
"I_saved_my_password_close_this_message": "I saved my password, close this message",
"Idle_Time_Limit": "Idle Time Limit",
"Idle_Time_Limit_Description": "Period of time until status changes to away. Value needs to be in seconds.",
"if_they_are_from": "(if they are from %s)",
Expand Down Expand Up @@ -2279,6 +2284,7 @@
"Save_changes": "Save changes",
"Save_Mobile_Bandwidth": "Save Mobile Bandwidth",
"Save_to_enable_this_action": "Save to enable this action",
"Save_your_encryption_password": "Save your encryption password",
"Saved": "Saved",
"Saving": "Saving",
"Scan_QR_code": "Using an authenticator app like Google Authenticator, Authy or Duo, scan the QR code. It will display a 6 digit code which you need to enter below.",
Expand Down