lots of changes to strip any parens out of the same line that includes lpdbg() and add it to make dev to catch it then and there. also now doing a strip_comments.php on all the shrink_all.php files so that they get their lpdbg()'s stripped too
- lpdbg("autoauto", "Too soon to autoauto " + id + " last_touch diff: " + (currTime - lpaccts[id].last_touch) + " which should be less than: " + lpautoautoVal );
+ lpdbg("autoauto", "Too soon to autoauto " + id + " last_touch diff: " + diffTime + " which should be less than: " + lpautoautoVal );
- if (LP.lpConfirmYesNo(LP.lpgs('Are you sure you would like to delete this ' + (lpacct.isbookmark ? 'bookmark' : (lpacct.genpw ? 'generated password' : (lpacct.sn ? 'secure note' : 'site'))) + '?'), wino)) {
+ if (LP.lpConfirmYesNo(LP.lpgs('Are you sure you would like to delete this ' + (lpacct.isbookmark ? 'bookmark' : (lpacct.genpw ? 'generated password' : (lpacct.sn ? 'secure note' : 'site'))) + '?' + ' (' +lpacct.name +')'), wino)) {
// update the local data structure before we make the request
- var msg = (tdoc.selected_ids.length > 1 ? "Are you sure you would like to delete the selected sites?" : "Are you sure you would like to delete this site?");
+ var extra = "";
+ var msg = "";
+ if(tdoc.selected_ids.length > 1) {
+ msg = "Are you sure you would like to delete the selected sites?";
+ } else {
+ msg = "Are you sure you would like to delete this site?";
+ extra = " ( ";
+ var selected_ids = tdoc.selected_ids;
+ for(var i = 0; i < selected_ids.length; i++){
+ var id = selected_ids[i];
+ var lpacct = lpaccts[id];
+ extra += lpacct.name + ' ' ;
+ }
+ extra += ") ";
+ }
if (group) {
msg = 'Are you sure you would like to delete this group?';
- }
- if (LP.lpConfirmYesNo(LP.lpgs(msg), twin)) {
+ extra = " (" + group + ") ";
+ }
+ if (LP.lpConfirmYesNo(LP.lpgs(msg) + extra, twin)) {
// update the local data structure before we make the request
+ lpdbg("websiteevent","login : already logged in as different user => logging off, then logging in");
+ lplogoff();
+ loginnow = true;
+ }
+ else if (lploggedin && lpusername=="")
+ {
+ lpdbg("error","login invalid state A");
+ lpReportError("login invalid state A");
+ }
+ else if (!lploggedin && lpusername!="")
+ {
+ lpdbg("error","login invalid state B");
+ lpReportError("login invalid state B");
+ }
+ else
+ loginnow = true;
+
+ if (loginnow)
+ {
+ // If we reach here, then we're currently logged out and must try to login
+
+ // Set the key
+ // - a successful login check will use this key instead of the one from the keyfile
+ // - we can't use the one in the keyfile because we can never decrypt it because the website login is a manual login and so therefore blows away our session and returns a new pwdeckey
+ // - note that for the same reason, we can't write the keyfile here...we dont have the correct pwdeckey to use to encrypt it
+
+ if (wxhash!="")
+ {
+ // Webroot case - we get passed wxhash
+ // - NOTE: forwarding wxhash to login_check causes our session to be recreated
+ lpdbg("websiteevent","login : not logged in => setting key and trying login_check : webroot case");
- case "keyweb2plug": // whenever the website needs to send the user's encryption key to the plugin .. only two cases i can think of are login via website and changed password
- var eventdata1 = doc.getElementById('eventdata1'); // user's local encryption key
- var eventdata2 = doc.getElementById('eventdata2'); // user's username
- var eventdata3 = doc.getElementById('eventdata3'); // 2=>rsa changed
FF login changes to do offline login before we issue any network requests
- i still have to do a lot more testing cuz bunch of stuff changed and it touches lots of critical paths, but looks good initially
- httptest also has to be changed as currently as we do that before we do the logincheck (since on browser start we can get the key from saved credentials)
- we currently only notify the user that they are logged in offline AFTER login.php fails so if login.php hangs, the user
would obviously never be notified....will see if changing it causes the notification bar "bounce" making it ugly...
- i also still have to implement the xmlhttp timeout functionaltiy.
took a quick look at it and there isn't an explicit timeout parameter you can pass.
you have to use a setTimeout to determine if a request has hung and if so, call abort()
works as follows:
(this was never happening before)
whenever something calls lplogincheck() we try to do an immediate offline login.
to do an offline login, we need the user's key...sometimes the user is already logged in and we have it.
if we dont have it, then we try to get it from the user's saved credentials - this is important as it
handles the high freq case of the user simply starting up their browser.
after offline login, we do a login_check login. if that fails, we do a login.php login.
(this was happening before)
when somethign calls lplogin() directly, then we again do an immediate offline login
before issueing a request to login.php
for the yubikey/sesame case, we don't do the offline login first and continue to do things
as we did them yesterday. after finishing stuff, i'll revisit this and see how easy of a change
it would be VS confusing for users. it would involve changing sesame and making it slightly less
secure as currently sesame has a separate offline and online password, whereas yubikey sends
your offline password in the clear via keystrokes and to our servers.
- pulled all login logic out to a new file loginlock.php
- revamped/rewrote the login handlers to handle offline first then online
- split up logincheckhandler and loginhandler
- fixed a bunch of issues where we'd show the incorrect (or no) notification bar on failures
- var data = lpReadFile(username_hash + "_lp.act.lps");
- if (data) {
- var splitdata=data.split("\n");
- if (splitdata.length == 2) {
- var verificationdata = lpdec(splitdata[1], lp_local_key, true);
- if (verificationdata == "lastpass rocks")
- {
- // Read and decrypt accounts file
- var data = load_accounts_file(username_hash,true,false)
-
- // Determine if the file is encrypted.
- // - If yes, then ask the user for the password and set it so that it will be used to decrypt/encrypt all reads/writes to acount files moving forward
- if (data.indexOf("type=sesameoffline\ndata=")==0)
- {
- lpdbg("sesame","Logging in offline and existing file is protected by sesameoffline => asking user for offline password");
- var otp = "";
- while (true)
- {
- otp = sesame_getotp(null);
- if (otp=="" || otp.length!=64)
- {
- if (otp.length>64)
- {
- LP.alert(LP.lpgs("SesameWrongButton"));
- continue;
- }
- lpdbg("sesame","User did not enter offline password - failing login");
- lplogoff();
- lpshowError("LoginError", false, true);
- return;
- }
- break;
- }
- sesame_setdata("password_offline",otp);
- }
- else if (data.indexOf("type=yubikeyoffline\ndata=")==0)
- {
- lpdbg("yubikey","Logging in offline and existing file is protected by yubikeyoffline => asking user for offline password");
- var otp = yubikey_getotp(null);
- if (otp=="" || otp.length!=44)
- {
- lpdbg("yubikey","User did not enter offline OTP - failing login");
- // NOTE: For now, dont worry about using otpsecretkey to encrypt/decrypt as we instead rely on disableoffline -- this makes things more secure and greatly simplifies things
- //sesame_setdata("password_online", ok[0].getAttribute('otpsecretkey')); // use to encrypt & decrypt sesameonline
- //yubikey_setdata("password_online",ok[0].getAttribute('otpsecretkey')); // use to encrypt & decrypt yubikeyonline
- sesame_setdata("password_offline", ok[0].getAttribute('sesamepassword')); // use to encrypt & decrypt sesameoffline
- yubikey_setdata("password_offline",ok[0].getAttribute('yubikeyhash')); // use to encrypt & decrypt yubikeyoffline
- else if (req.responseText.indexOf("sesameotprequired") > 0)
- {
- // CASE: login.php
- lpdbg("sesame","LOGIN RESPONSE: sesameotprequired => Asking user for OTP");
-
- // We know the user has internet connectivity and that sesame is enabled, so make sure we dont allow offline login via lpLoginErrorHandler if login.php fails
- // We do this to simplify things...it avoids the possibility of double prompting the user for the sesame otp to get the offline password
- LP.lpClearCache(true,false,false);
-
- var otp = sesame_getotp(lpusername);
- if (otp=="")
- {
- lpdbg("sesame","User did not enter OTP - failing login");
- else if (req.responseText.indexOf("otprequired") > 0)
- {
- // CASE: login.php
-
- // We know the user has internet connectivity and that yubikey is enabled, so make sure we dont allow offline login via lpLoginErrorHandler if login.php fails
- // We do this to simplify things...it avoids the possibility of double prompting the user for the yubikey otp to get the offline password
- LP.lpClearCache(true,false,false);
-
- lpdbg("yubikey","LOGIN RESPONSE: otprequired => Asking user for OTP");
- var otp = yubikey_getotp(lpusername);
- if (otp=="")
- {
- lpdbg("yubikey","User did not enter OTP - failing login");
- //lplog("Setting up pwmap : " + user + " pw: " + pw);
- pwmap[user] = pw;
- } else {
- lpdbg("error", "Failed to split up: " + pws[i]);
- }
- }
- }
- return pwmap;
-}
-
-function lp_login_from_saved()
-{
- var users = lp_get_loginusers();
- if (users.length > 0) {
- var lastuser = users[0];
- var pwmap = lp_get_loginpws();
- if (typeof(pwmap[lastuser]) != 'undefined') {
- var lastpass = pwmap[lastuser];
- LP.lplogin(lastuser, lastpass, 0);
- return;
- }
- }
- if(lpopenloginstart){
- LP.lpOpenLogin();
- }
-}
-
this.lpshowHelpDlg=function(topic, wino){
if(!LP.lphelpstats) return;
changeset: 14878:a06fb4815742
user: Andrew Zitnay <drew@lastpass.com>
date: Thu Sep 17 11:04:09 2009 -0400
files: firefox/content/lastpass.js
description:
even though none of the other hotkeys get defaults for mac, we still need to set the prefs, lest we warn about restsrting to put new hotkeys into effect the first time preferences is submitted regardless of whether or not they actually changed hotkeys
