فهرست منبع

When adding encryption key to existing site, ask for master password before session saving starts

Source commit: fa2498f0922c26bccad292cb91a1cd63f14dce11
Martin Prikryl 6 سال پیش
والد
کامیت
333ef767b0
4فایلهای تغییر یافته به همراه17 افزوده شده و 4 حذف شده
  1. 11 3
      source/core/SessionData.cpp
  2. 3 0
      source/forms/Custom.cpp
  3. 1 0
      source/forms/Login.cpp
  4. 2 1
      source/windows/WinConfiguration.cpp

+ 11 - 3
source/core/SessionData.cpp

@@ -1587,20 +1587,27 @@ bool __fastcall TSessionData::HasPassword()
 //---------------------------------------------------------------------
 bool __fastcall TSessionData::HasAnySessionPassword()
 {
-  return HasPassword() || !FTunnelPassword.IsEmpty();
+  // Keep in sync with ClearSessionPasswords
+  return
+    HasPassword() ||
+    !FTunnelPassword.IsEmpty()  ||
+    // will probably be never used
+    !FNewPassword.IsEmpty();
 }
 //---------------------------------------------------------------------
 bool __fastcall TSessionData::HasAnyPassword()
 {
+  // Keep in sync with MaskPasswords
   return
     HasAnySessionPassword() ||
     !FProxyPassword.IsEmpty() ||
-    // will probably be never used
-    !FNewPassword.IsEmpty();
+    !FEncryptKey.IsEmpty() ||
+    !FPassphrase.IsEmpty();
 }
 //---------------------------------------------------------------------
 void __fastcall TSessionData::ClearSessionPasswords()
 {
+  // Keep in sync with HasAnySessionPassword
   FPassword = L"";
   FNewPassword = L"";
   FTunnelPassword = L"";
@@ -1763,6 +1770,7 @@ bool __fastcall TSessionData::MaskPasswordInOptionParameter(const UnicodeString
 //---------------------------------------------------------------------
 void __fastcall TSessionData::MaskPasswords()
 {
+  // Keep in sync with HasAnyPassword
   if (!Password.IsEmpty())
   {
     Password = PasswordMask;

+ 3 - 0
source/forms/Custom.cpp

@@ -562,6 +562,9 @@ TSessionData * __fastcall DoSaveSession(TSessionData * SessionData,
   bool CreateShortcut = false;
   if (!ForceDialog && ((PSavePassword == NULL) || SavePassword))
   {
+    // This is probably here to ask before session is started saving.
+    // Otherwise we would ask implicitly, when saving passwords, but at that moment,
+    // part of the site is already saved and when the user cancel the prompt it's too late.
     CustomWinConfiguration->AskForMasterPasswordIfNotSetAndNeededToPersistSessionData(SessionData);
     Result = true;
   }

+ 1 - 0
source/forms/Login.cpp

@@ -1648,6 +1648,7 @@ void __fastcall TLoginDialog::SetDefaultSessionActionExecute(
   {
     std::unique_ptr<TSessionData> SessionData(new TSessionData(L""));
     SaveSession(SessionData.get());
+    // See the comment to the other use of the method in DoSaveSession.
     CustomWinConfiguration->AskForMasterPasswordIfNotSetAndNeededToPersistSessionData(SessionData.get());
     StoredSessions->DefaultSettings = SessionData.get();
 

+ 2 - 1
source/windows/WinConfiguration.cpp

@@ -1724,7 +1724,8 @@ RawByteString __fastcall TWinConfiguration::StronglyRecryptPassword(RawByteStrin
       TCustomWinConfiguration::DecryptPassword(Password, Key);
     if (!PasswordText.IsEmpty())
     {
-      // can be not set for instance, when editing=>saving site with no prior password
+      // Can be not set for instance, when editing=>saving site with no prior password.
+      // Though it should not actually happen, as we call AskForMasterPasswordIfNotSetAndNeededToPersistSessionData in DoSaveSession.
       AskForMasterPasswordIfNotSet();
       Password = ScramblePassword(PasswordText);
       AES256EncyptWithMAC(Password, FPlainMasterPasswordEncrypt, Result);