PC World Komputer 2010 April

home *** CD-ROM | disk | FTP | other *** search

/ PC World Komputer 2010 April / PCWorld0410.iso / pluginy Firefox / 8542 / 8542.xpi / chrome / lastpass.jar / content / q < prev next >

Wrap

Text File | 2009-10-13 | 72.0 KB | 1,659 lines

changeset: 15129:c4b07da1fb33 parent: 15126:79aa3d2f4ae5 user: joe@rodan.lastpass.com date: Thu Oct 08 11:32:33 2009 -0400 files: .tools/brute.php .tools/shrink_all.php firefox/Makefile firefox/content/basicauth.js firefox/content/comm.js firefox/content/commc.js firefox/content/fillforms.js firefox/content/fillformsc.js firefox/content/lastpass.js firefox/content/login.js firefox/content/loginlogic.js firefox/content/loginlogicc.js firefox/content/namedpipes.js firefox/content/varsc.js description: lots of changes to strip any parens out of the same line that includes lpdbg() and add it to make dev to catch it then and there. also now doing a strip_comments.php on all the shrink_all.php files so that they get their lpdbg()'s stripped too diff -r 79aa3d2f4ae5 -r c4b07da1fb33 firefox/content/lastpass.js --- a/firefox/content/lastpass.js Thu Oct 08 11:30:54 2009 -0400 +++ b/firefox/content/lastpass.js Thu Oct 08 11:32:33 2009 -0400 @@ -1344,7 +1344,7 @@ loginshown = true; } }else{ - lpdbg("checkadd","found tld match. basicauth="+(fi.basic_auth?"YES":"no")); + lpdbg("checkadd","found tld match. basicauth="+fi.basic_auth); LP.lpGetCurrentWindow().setTimeout(func, 100); return loginshown; } @@ -1376,7 +1376,7 @@ //------------------------------------ //Check for autologin failures. var pluginLoginFailure = lpcheckForLoginFailures(browser, doc, currenturl, urlparts); - lpdbg("checkpage", "checking for login failures...result="+(pluginLoginFailure?"YES":"no")); + lpdbg("checkpage", "checking for login failures - result="+pluginLoginFailure); //------------------------------------ //Check for manual logins @@ -1397,7 +1397,7 @@ if (true) { bShowedAutoLoginNote = lpCheckForAutoLogin(browser, doc, pluginLoginFailure); - lpdbg("checkpage","checking for autologin........result="+(bShowedAutoLoginNote?"YES":"no")); + lpdbg("checkpage","checking for autologin........result="+bShowedAutoLoginNote); } if(bShowedAutoLoginNote) { @@ -1639,7 +1639,7 @@ foundfieldnames = true; } } else { - lpdbg("autologin","Checking form (no fields)"); + lpdbg("autologin","Checking form -- no fields"); form = lpcheckpwfield(win,doc, lpaccts[i].logins[j].tld, p, o, multi); onlyfill_local = true; } @@ -1781,7 +1781,7 @@ if (!loginError) { if (!autofilled && lpAutomaticallyFill && !lpbLoginSitePrompt) { for (var i = 0; i < aids.length; i++) { - lpdbg("autofill", "autofilled: " + autofilled + " Checking " +aids[i].id + " : tldmatch: " + aids[i].tldmatch + " formmatch: " + aids[i].formmatch + " Method okay: " + aids[i].methodok + " never_autofil " + parseInt(lpaccts[aids[i].id].never_autofill)); + lpdbg("autofill", "autofilled: " + autofilled + " Checking " +aids[i].id + " : tldmatch: " + aids[i].tldmatch + " formmatch: " + aids[i].formmatch + " Method okay: " + aids[i].methodok + " never_autofil " + lpaccts[aids[i].id].never_autofill); if (parseInt(lpaccts[aids[i].id].never_autofill) != 1) { if((!lpbLoginSitePrompt && !lpaccts[aids[i].id].pwprotect) || recentlyprompted){ if (aids[i].tldmatch && aids[i].formmatch && aids[i].methodok) { @@ -3108,7 +3108,8 @@ if(''==doc.lastpass_recheck_fields[i]['f'].value) { if (doc.lastpass_recheck_fields[i]['f'].value != doc.lastpass_recheck_fields[i]['v']) { - lpdbg("redo", 'REDO: ' + getname(doc.lastpass_recheck_fields[i]['f']) + ' = ' + doc.lastpass_recheck_fields[i]['v']); + var rname = getname(doc.lastpass_recheck_fields[i]['f']); + lpdbg("redo", 'REDO: ' + rname + ' = ' + doc.lastpass_recheck_fields[i]['v']); doc.lastpass_recheck_fields[i]['f'].value = doc.lastpass_recheck_fields[i]['v']; fire_onchange(doc.lastpass_recheck_fields[i]['f']); } @@ -3765,8 +3766,9 @@ var goodform = false; for (var i=0 ; i<form.elements.length ; ++i) { - //lpdbg("formsubmit","element "+i+" of "+form.elements.length+" : name="+form.elements[i].name+" id="+form.elements[i].id+" type="+form.elements[i].type+" isvisable="+lpIsVisible(form.elements[i])); - if (form.elements[i].type!="hidden" && lpIsVisible(form.elements[i])) + var isVis = lpIsVisible(form.elements[i]); + //lpdbg("formsubmit","element "+i+" of "+form.elements.length+" : name="+form.elements[i].name+" id="+form.elements[i].id+" type="+form.elements[i].type+" isvisable="+isVis); + if (form.elements[i].type!="hidden" && isVis) { goodform = true; break; @@ -4057,8 +4059,10 @@ } // USEFUL FOR DEBUGGING - for (var e=0; e<formElements.length; e++) - lpdbg("formsubmit","element "+e+" : type="+formElements[e].type+" nameid="+getname(formElements[e])+" value="+formElements[e].value); + /*for (var e=0; e<formElements.length; e++) { + var fename = getname(formElements[e]); + lpdbg("formsubmit","element "+e+" : type="+formElements[e].type+" nameid="+fename+" value="+formElements[e].value); + }*/ var tld=lp_gettld(urlparts["host"]); @@ -4686,7 +4690,6 @@ typeof(lpusername)!="undefined" && lpusername!=null && lpusername!="" && typeof(lpusername_hash)!="undefined" && lpusername_hash!=null && lpusername_hash!="") { - //lpdbg("login","writing keyfile using lppwdeckeyhex="+lp_bin2hex(lppwdeckey)); var keydata = LPAES.Encrypt({pass:lppwdeckey, data:key, b64:true, mode:"ecb", bits:256}); var verificationdata = LPAES.Encrypt({pass:lp_local_key, data:"lastpass rocks", b64:true, mode:"ecb", bits:256}); lpWriteFile(lpusername_hash+"_lp.act.lps", keydata+"\n"+verificationdata); @@ -6826,7 +6829,8 @@ return; } } - lpdbg("writefile",filename+" val="+(val.length>20 ? (val.substring(0,20)+"...") : val)); + var shortVal = (val.length>20 ? (val.substring(0,20)+"...") : val); + lpdbg("writefile",filename+" val="+shortVal); try{ var file = null; @@ -8311,12 +8315,13 @@ if(lpautoauto && parseInt(lpaccts[id].autologin)==1 ) { var currTime = lp_get_gmt_timestamp(); - if((currTime - lpaccts[id].last_touch) > lpautoautoVal) { - lpdbg("autoauto", "DO autoauto on " + id + " difftime: " + (currTime - lpaccts[id].last_touch) + " autautoVal: " + lpautoautoVal + " lpaccts[id].autologin: " + lpaccts[id].autologin); + var diffTime = (currTime - lpaccts[id].last_touch); + if(diffTime > lpautoautoVal) { + lpdbg("autoauto", "DO autoauto on " + id + " difftime: " + diffTime + " autautoVal: " + lpautoautoVal + " lpaccts[id].autologin: " + lpaccts[id].autologin); LP.SetLastTouch(lpaccts[id]); return true; } else { - lpdbg("autoauto", "Too soon to autoauto " + id + " last_touch diff: " + (currTime - lpaccts[id].last_touch) + " which should be less than: " + lpautoautoVal ); + lpdbg("autoauto", "Too soon to autoauto " + id + " last_touch diff: " + diffTime + " which should be less than: " + lpautoautoVal ); } } return false; @@ -10060,7 +10065,6 @@ // Couldn't get this to work // var notification = event.target; - //lpdbg("js", "lp_notificationClose typeof:" + typeof(notification)); //notification.browser.contentDocument.LPlpshowednote=2; //notification.removeEventListener("command", lp_notificationClose, true); @@ -13832,12 +13836,8 @@ if (!decrypt) return data; - //lpdbg("sesame","before decryption : "+data.substring(0,30)); - //lpdbg("yubikey","before decryption : "+data.substring(0,30)); if (lpusexpcomencrypt()) data = lpdeccachemiss(data) - //lpdbg("sesame","after decryption : "+data.substring(0,30)); - //lpdbg("yubikey","after decryption : "+data.substring(0,30)); // If required, decrypt accounts file with offline password if (data && data!="") @@ -13929,11 +13929,7 @@ } if (offlinepasswordhex) { - //lpdbg("sesame","before encrypting data="+data.substring(0,xmlheaderlength)); - //lpdbg("yubikey","before encrypting data="+data.substring(0,xmlheaderlength)); data = lpenc(data,lp_hex2bin(offlinepasswordhex)) - //lpdbg("sesame","after encrypting data="+data.substring(0,xmlheaderlength)); - //lpdbg("yubikey","after encrypting data="+data.substring(0,xmlheaderlength)); if (!data || data=="") { lpdbg("error","Failed to encrypt data in save_accounts_fileraw"); changeset: 15122:ea855ca8741f user: Andrew Zitnay <drew@lastpass.com> date: Thu Oct 08 09:03:14 2009 -0400 files: IEToolband/LPToolBarCtrl.cpp firefox/content/basicauth.js firefox/content/lastpass.js description: noticed last night that basicauth didn't respect equivalent domains .. along the way found a few more spots we weren't diff -r 0fcbcdf9a99f -r ea855ca8741f firefox/content/lastpass.js --- a/firefox/content/lastpass.js Wed Oct 07 19:20:09 2009 -0400 +++ b/firefox/content/lastpass.js Thu Oct 08 09:03:14 2009 -0400 @@ -1855,7 +1855,7 @@ if(topleveldoc.aid.length > 1 || show_report_broken || autofilled==0 || have_multi){ - if(typeof(browser.lastautologintld)!="undefined" && browser.lastautologintld==tld){ + if(typeof(browser.lastautologintld)!="undefined" && LP.compare_tlds(browser.lastautologintld, tld)){ //Some sites have login forms on every page and we end up //showing this notification too much. So only show it when @@ -10714,7 +10714,7 @@ //----------------------------------------------- //First do the Generated Passwords for (var i in lpgenpws){ - if (current_time - lpaccts[i].last_touch <= 600 || lpaccts[i].tld == tld){ // 10 minutes + if (current_time - lpaccts[i].last_touch <= 600 || LP.compare_tlds(lpaccts[i].tld, tld)){ // 10 minutes if (first) { var tempItem = doc.createElement('menuseparator'); tempItem.setAttribute("id", "menudelim"); changeset: 15119:5b7160ccaeca user: Andrew Zitnay <drew@lastpass.com> date: Wed Oct 07 13:34:43 2009 -0400 files: IEToolband/Notification.cpp IEToolband/SiteInfo.cpp IEToolband/changePasswordDlg.cpp IEToolband/changePasswordDlg.h firefox/content/changepw.js firefox/content/lastpass.js firefox/content/siteinfo.js description: i noticed a slight problem with our password change dialogs when testing a password change on hiblia.com .. i have a domain equivalency for hiblia.com and wannaspeak.com, so the notification bar said hiblia.com but then the password change dialog said wannaspeak.com (which just happened to be the tld of the last site in the dialog) so, pass the correct tld into the dialog, so we can show it properly diff -r 3138639ea61d -r 5b7160ccaeca firefox/content/lastpass.js --- a/firefox/content/lastpass.js Wed Oct 07 12:46:49 2009 -0400 +++ b/firefox/content/lastpass.js Wed Oct 07 13:34:43 2009 -0400 @@ -9389,7 +9389,7 @@ function lp_changepwbtn(notification, description){ if (typeof(notification.extra['matchingaccts']) != 'undefined') { - LP.lpGetCurrentWindow().openDialog(lpchrome_base + "content/changepw.xul", '_blank', 'chrome,titlebar,toolbar,centerscreen,modal', notification.extra['matchingaccts'], notification.extra['password']); + LP.lpGetCurrentWindow().openDialog(lpchrome_base + "content/changepw.xul", '_blank', 'chrome,titlebar,toolbar,centerscreen,modal', notification.extra['matchingaccts'], notification.extra['password'], "0", notification.extra['tld']); } else { lpchangepw(notification.extra["username"], notification.extra["password"], notification.extra["id"]); } changeset: 15095:f7636c6c19a3 user: sameer <sameer@lastpass.com> date: Mon Oct 05 11:44:15 2009 -0400 files: firefox/content/lastpass.js firefox/content/loginlogic.js firefox/content/vars.js description: if we do manage to login online via the retry timer then cancel the timer also do this if we logout this is to prevent a user from logging out of one account and into another account and then have the previous user's timer fire diff -r 4b59f67c6470 -r f7636c6c19a3 firefox/content/lastpass.js --- a/firefox/content/lastpass.js Mon Oct 05 11:33:43 2009 -0400 +++ b/firefox/content/lastpass.js Mon Oct 05 11:44:15 2009 -0400 @@ -4538,6 +4538,17 @@ lpidentities = new Array(); lpequivdomains = new Array(); + if (lpnotifytimerid) + { + LP.mostRecent().clearTimeout(lpnotifytimerid); + lpnotifytimerid = null; + } + if (lpretryonlinetimerid) + { + LP.mostRecent().clearTimeout(lpretryonlinetimerid); + lpretryonlinetimerid = null; + } + lpisadmin = false; lploglogins = false; lpemail = ""; changeset: 15094:4b59f67c6470 user: sameer <sameer@lastpass.com> date: Mon Oct 05 11:33:43 2009 -0400 files: firefox/content/lastpass.js firefox/content/loginlogic.js description: if we login online successfully, we need to dismiss notifications diff -r e2955f0de924 -r 4b59f67c6470 firefox/content/lastpass.js --- a/firefox/content/lastpass.js Mon Oct 05 09:28:19 2009 -0400 +++ b/firefox/content/lastpass.js Mon Oct 05 11:33:43 2009 -0400 @@ -7590,6 +7590,9 @@ function set_secprompts(a,from) { if(!a || typeof(a.getAttribute)=='undefined') { + // SK: When I changed my password, this failed when from=="xml" + // ...not sure if this is expected and it's a backwards compatibility thingy + // So for now, just add a comment stating how to redup lpdbg("error", "set_secprompts on non-existant attribute from: " + from); return; } changeset: 15093:e2955f0de924 user: sameer <sameer@lastpass.com> date: Mon Oct 05 09:28:19 2009 -0400 files: firefox/content/lastpass.js firefox/content/loginlogic.js description: some FF fixes/changes diff -r d14f7522fcef -r e2955f0de924 firefox/content/lastpass.js --- a/firefox/content/lastpass.js Thu Oct 01 22:58:17 2009 -0400 +++ b/firefox/content/lastpass.js Mon Oct 05 09:28:19 2009 -0400 @@ -574,8 +574,8 @@ if (eventdata1 && eventdata1.value == 'settings') { //want to also do login check to update settings returned from login - var fromwebsite = ((eventdata2 && eventdata2.value=='2') ? "websiterefreshrsa" : "websiterefresh"); - lp_logincheckhelper(fromwebsite); + var from = (eventdata2 && eventdata2.value=='2') ? "websiterefreshrsa" : "websiterefresh"; + lp_logincheckhelper(from); } else LP.lpGetAccounts(); @@ -4668,13 +4668,6 @@ //settings override - leave this comment } -function OnAllLogins() -{ - LP.lpprefsSetBoolPref('ffhasloggedin', true, false); - LP.SetupUserPreferences(); - LP.lpSetupIdleTimer(); -} - function lpWriteKeyFile() { var key = lp_bin2hex(lp_local_key); changeset: 15092:d14f7522fcef parent: 15037:99481c851d8c user: sameer <sameer@lastpass.com> date: Thu Oct 01 22:58:17 2009 -0400 files: firefox/content/lastpass.js firefox/content/lastpassext.js firefox/content/login.js firefox/content/loginlogic.js firefox/content/namedpipes.js firefox/content/prefs.js firefox/content/rsakeys.js firefox/content/vars.js firefox/content/welcome.js description: some ff changes - gotta test still as i had a few conflicts diff -r 99481c851d8c -r d14f7522fcef firefox/content/lastpass.js --- a/firefox/content/lastpass.js Thu Oct 01 17:24:35 2009 -0400 +++ b/firefox/content/lastpass.js Thu Oct 01 22:58:17 2009 -0400 @@ -489,7 +489,7 @@ if (!lploggedin) { lpdbg("websiteevent","login : simple case : trying to login"); - LP.lplogincheck(true); + LP.lplogincheck("websitelogin"); } else lpdbg("websiteevent","login : simple case : already logged in => doing nothing"); @@ -544,7 +544,7 @@ // Webroot case - we get passed wxhash // - NOTE: forwarding wxhash to login_check causes our session to be recreated lpdbg("websiteevent","login : not logged in => setting key and trying login_check : webroot case"); - //lp_logincheckhelper(true,null,username,wxhash); + //lp_logincheckhelper("webrootwebsitelogin",null,username,wxhash); } else { @@ -552,7 +552,7 @@ lpdbg("websiteevent","login : not logged in => setting key and trying login_check : normal case"); } CHANGEKEY(keybin); - LP.lplogincheck(true); + LP.lplogincheck("websitelogin"); } } else @@ -571,11 +571,13 @@ if (lploggedin){ var eventdata1 = doc.getElementById('eventdata1'); var eventdata2 = doc.getElementById('eventdata2'); - if (eventdata1 && eventdata1.value == 'settings') { + if (eventdata1 && eventdata1.value == 'settings') + { //want to also do login check to update settings returned from login - var fromwebsite = (eventdata2 && eventdata2.value=='2' ? 2 : true); + var fromwebsite = ((eventdata2 && eventdata2.value=='2') ? "websiterefreshrsa" : "websiterefresh"); lp_logincheckhelper(fromwebsite); - } else + } + else LP.lpGetAccounts(); } break; @@ -603,7 +605,7 @@ // - we're resetting the key but not the user's username, is that ok? lpdbg("websiteevent","keyweb2plug : username or password change for username="+username+" => resetting key"); lprsa_userchangedpassword(); - CHANGEKEY(lp_hex2bin(eventdata1.value)); + CHANGEKEY(lp_hex2bin(localkey)); lpWriteKeyFile(); // this does nothing if we're not logged in } else @@ -4491,7 +4493,6 @@ fix_toolbar_mode(); LP.lphelpstats = null; lppd = 0; - lploggedinoffline = false; // Give the logout request a chance to start, then kill the session ID lp_phpsessid=''; @@ -4513,11 +4514,11 @@ lpdialogs[i].close(); lpdialogs = new Array(); lploggedin = false; + lploggedinoffline = false; if (!LP.lpprefsHasUserValue('ffhasloggedinsuccessfully', false)) { LP.lpprefsSetBoolPref('ffhasloggedinsuccessfully', true, false); LP.flush_prefs(); } - lploggedincached = false; CHANGEKEY(''); lpdeccache = new Array(); lpdeccachekey = null; @@ -7101,10 +7102,8 @@ // instead of an immediate logincheck, we now do an httptest first to // avoid the case where someone's at a hotel that takes over // lastpass.com's dns and causes cert errors - //LP.lplogincheck(); - if (lpdohttptest) { + if (lpdohttptest) LP.httptest(); - } } //Show release notes if upgraded @@ -12785,24 +12784,6 @@ LP.flush_prefs(); } -// Called when we login locally no network -this.lpset=function (key,username) { - CHANGEKEY(key); - lpusername = username; - lpusername_hash = lp_sha256(lpusername); - OnAllLogins(); - lpuid=""; - fix_toolbar_mode(); - lploggedin = true; - lploggedincached = true; - lpisadmin = false; - lploglogins = false; - lpemail = ""; - lp_local_accts_version = -1; - lp_server_accts_version = -1; - lpLastPwPrompt = 0; -} - this.isadmin = function() { return lpisadmin; changeset: 15035:23c5406388e0 parent: 15032:6fc8fcc1923d user: Andrew Zitnay <drew@lastpass.com> date: Thu Oct 01 17:08:39 2009 -0400 files: IEToolband/CommonHandlers.cpp IEToolband/LPToolBarCtrl.cpp IEToolband/Notification.cpp IEToolband/Preferences.cpp IEToolband/Preferences.h firefox/content/lastpass.js firefox/content/loginlogic.js firefox/content/vars.js firefox/make_webroot_wav firefox/make_webroot_wisc description: webroot doesn't want us to show any login notifications until we've been logged into successfully at least once .. i guess it's fine for them, since they don't have any notion of create account on their login dialog, but i'm leaving it as-is for us diff -r 6fc8fcc1923d -r 23c5406388e0 firefox/content/lastpass.js --- a/firefox/content/lastpass.js Thu Oct 01 16:11:28 2009 -0400 +++ b/firefox/content/lastpass.js Thu Oct 01 17:08:39 2009 -0400 @@ -4513,6 +4513,10 @@ lpdialogs[i].close(); lpdialogs = new Array(); lploggedin = false; + if (!LP.lpprefsHasUserValue('ffhasloggedinsuccessfully', false)) { + LP.lpprefsSetBoolPref('ffhasloggedinsuccessfully', true, false); + LP.flush_prefs(); + } lploggedincached = false; CHANGEKEY(''); lpdeccache = new Array(); @@ -8629,6 +8633,7 @@ if (!shownotifications) return; if (!lpShowNotifications) return; if (!lpShowLoginNotifications) return; + if (LP.NO_LOGIN_NOTIFICATION_UNTIL_LOGIN && !LP.lpprefsHasUserValue('ffhasloggedinsuccessfully', false)) return; buttons.push({ label: LP.lpgs("LastPassMasterLogin"), accessKey: null, changeset: 15002:68e962275e3b user: joe@joes-vostro-200.local date: Wed Sep 30 11:40:39 2009 -0400 files: firefox/content/lastpass.js description: Include the name of the site you're deleting -- somehow people are accidentally deleteing the wrong site diff -r a571f14ab270 -r 68e962275e3b firefox/content/lastpass.js --- a/firefox/content/lastpass.js Wed Sep 30 10:01:15 2009 -0400 +++ b/firefox/content/lastpass.js Wed Sep 30 11:40:39 2009 -0400 @@ -11789,7 +11789,7 @@ return; } - if (LP.lpConfirmYesNo(LP.lpgs('Are you sure you would like to delete this ' + (lpacct.isbookmark ? 'bookmark' : (lpacct.genpw ? 'generated password' : (lpacct.sn ? 'secure note' : 'site'))) + '?'), wino)) { + if (LP.lpConfirmYesNo(LP.lpgs('Are you sure you would like to delete this ' + (lpacct.isbookmark ? 'bookmark' : (lpacct.genpw ? 'generated password' : (lpacct.sn ? 'secure note' : 'site'))) + '?' + ' (' +lpacct.name +')'), wino)) { // update the local data structure before we make the request deleteIdLocally(id); @@ -13015,11 +13015,26 @@ } this.ConfirmMultipleDelete=function(tdoc, twin, group){ - var msg = (tdoc.selected_ids.length > 1 ? "Are you sure you would like to delete the selected sites?" : "Are you sure you would like to delete this site?"); + var extra = ""; + var msg = ""; + if(tdoc.selected_ids.length > 1) { + msg = "Are you sure you would like to delete the selected sites?"; + } else { + msg = "Are you sure you would like to delete this site?"; + extra = " ( "; + var selected_ids = tdoc.selected_ids; + for(var i = 0; i < selected_ids.length; i++){ + var id = selected_ids[i]; + var lpacct = lpaccts[id]; + extra += lpacct.name + ' ' ; + } + extra += ") "; + } if (group) { msg = 'Are you sure you would like to delete this group?'; - } - if (LP.lpConfirmYesNo(LP.lpgs(msg), twin)) { + extra = " (" + group + ") "; + } + if (LP.lpConfirmYesNo(LP.lpgs(msg) + extra, twin)) { // update the local data structure before we make the request LP.deleteSelectedSites(tdoc, twin, group); } changeset: 14965:62b063cfcdcb user: sameer <sameer@lastpass.com> date: Sat Sep 26 21:25:52 2009 -0400 files: create_account.php firefox/content/lastpass.js firefox/content/loginlogic.js firefox/content/vars.js indexheader.php js/otp.js webroot/frame_accounts.php description: Bug fixes for FF offline before online stuff. Along the way noticed that we were trying to write the keyfile when we weren't logged in, causing us to crate a "_lp.act.lps" file. Had to change the login processing stuff a bit...so simplified the keyweb2plug and login website events so the login logic could all be in the 'login' case and not duplicated. Made sure to maintain backwards compatibility though. So basically, keyweb2plug now only does stuff for the password change case. We pass some more params to the login to handle what keyweb2plug used to do. Have to do a bit more testing making sure i test all the spots where we call logincheck (named pipes, refresh, passwordchange, saveprefs, etc.) and then move on to IE. diff -r 30f81e462008 -r 62b063cfcdcb firefox/content/lastpass.js --- a/firefox/content/lastpass.js Fri Sep 25 20:01:35 2009 -0400 +++ b/firefox/content/lastpass.js Sat Sep 26 21:25:52 2009 -0400 @@ -466,46 +466,99 @@ function lpwebsiteevent(eventtype, doc, urlparts) { - lpdbg("websiteevent","eventtype="+eventtype); + var data1 = doc.getElementById('eventdata1') ? doc.getElementById('eventdata1').value : ""; + var data2 = doc.getElementById('eventdata2') ? doc.getElementById('eventdata2').value : ""; + var data3 = doc.getElementById('eventdata3') ? doc.getElementById('eventdata3').value : ""; + var data4 = doc.getElementById('eventdata4') ? doc.getElementById('eventdata4').value : ""; + var data5 = doc.getElementById('eventdata5') ? doc.getElementById('eventdata5').value : ""; + lpdbg("websiteevent","eventtype="+eventtype+"\ndata1="+data1+"\ndata2="+data2+"\ndata3="+data3+"\ndata4="+data4+"\ndata5="+data5); //var eventtype = evt.target.getAttribute("eventtype"); switch (eventtype) { case "login": - var wxusername = doc.getElementById('eventdata1') ? doc.getElementById('eventdata1').value : ""; - var keyhex = doc.getElementById('eventdata2') ? doc.getElementById('eventdata2').value : ""; - var wxhash = doc.getElementById('eventdata3') ? doc.getElementById('eventdata3').value : ""; - if (wxusername!="" && keyhex!="" && wxhash!="") - { + var username = data1.toLowerCase().replace(/\s*/g,''); + var keyhex = data2 + var wxhash = data3; + + if (username=="" && keyhex=="" && wxhash=="") + { + // indexheader.php : sessionid passed via ?lc=x passed + // or accts.js : inside createGrid() + + // Login if not already logged in + if (!lploggedin) + { + lpdbg("websiteevent","login : simple case : trying to login"); + LP.lplogincheck(true); + } + else + lpdbg("websiteevent","login : simple case : already logged in => doing nothing"); + } + else if (username!="" && keyhex!="") + { + // Normal login case or Webroot login case + var loginnow = false; + keybin = lp_hex2bin(keyhex); - keyhexold = lp_bin2hex(lp_local_key); - if (lploggedin && lpusername==wxusername && keyhexold==keyhex) - { - lpdbg("websiteevent","keyweb2plug : already logged in...doing nothing"); - } - else if (lploggedin && lpusername==wxusername) - { - lpdbg("websiteevent","keyweb2plug : already logged in...updating key from oldkey="+keyhexold+" to newkey="+keyhex); - CHANGEKEY(keybin); - } - else - { - if (lploggedin && lpusername!="") - { - lpdbg("websiteevent","keyweb2plug : logged in as different user...logging off, then logging in"); - lplogoff(); - } - else - lpdbg("websiteevent","keyweb2plug : not logged in as any user...logging in"); - + keyhexold = lp_bin2hex(lp_local_key?lp_local_key:""); + if (lploggedin && lpusername==username && keyhexold==keyhex) + { + lpdbg("websiteevent","login : already logged in => doing nothing"); + } + else if (lploggedin && lpusername==username) + { + lpdbg("websiteevent","login : already logged in but with different key => updating key from oldkey="+keyhexold+" to newkey="+keyhex); CHANGEKEY(keybin); lpWriteKeyFile(); - lp_logincheckhelper(true,null,wxusername,wxhash); + } + else if (lploggedin && lpusername!="") + { + lpdbg("websiteevent","login : already logged in as different user => logging off, then logging in"); + lplogoff(); + loginnow = true; + } + else if (lploggedin && lpusername=="") + { + lpdbg("error","login invalid state A"); + lpReportError("login invalid state A"); + } + else if (!lploggedin && lpusername!="") + { + lpdbg("error","login invalid state B"); + lpReportError("login invalid state B"); + } + else + loginnow = true; + + if (loginnow) + { + // If we reach here, then we're currently logged out and must try to login + + // Set the key + // - a successful login check will use this key instead of the one from the keyfile + // - we can't use the one in the keyfile because we can never decrypt it because the website login is a manual login and so therefore blows away our session and returns a new pwdeckey + // - note that for the same reason, we can't write the keyfile here...we dont have the correct pwdeckey to use to encrypt it + + if (wxhash!="") + { + // Webroot case - we get passed wxhash + // - NOTE: forwarding wxhash to login_check causes our session to be recreated + lpdbg("websiteevent","login : not logged in => setting key and trying login_check : webroot case"); + //lp_logincheckhelper(true,null,username,wxhash); + } + else + { + // Non-webroot case - we dont get passed wxhash + lpdbg("websiteevent","login : not logged in => setting key and trying login_check : normal case"); + } + CHANGEKEY(keybin); + LP.lplogincheck(true); } } else { - if (!lploggedin) - LP.lplogincheck(true); + lpdbg("error","login invalid params. username="+username+" wxhash="+wxhash+" keyhex="+keyhex); + lpReportError("login invalid params username="+username+" wxhash="+wxhash+" keyhex=xxx"); } break; @@ -535,34 +588,28 @@ lprsa_decrypt(eventtype,doc); break; - case "keyweb2plug": // whenever the website needs to send the user's encryption key to the plugin .. only two cases i can think of are login via website and changed password - var eventdata1 = doc.getElementById('eventdata1'); // user's local encryption key - var eventdata2 = doc.getElementById('eventdata2'); // user's username - var eventdata3 = doc.getElementById('eventdata3'); // 2=>rsa changed - if(eventdata1&&eventdata2){ - - if(eventdata3 && eventdata3.value == '2') { - lprsa_userchangedpassword(); - CHANGEKEY(lp_hex2bin(eventdata1.value)); - lpWriteKeyFile(); - } - else if(lpusername!=""&&eventdata2.value!=lpusername) - { - if (eventdata3.value == '1') { - CHANGEKEY(lp_hex2bin(eventdata1.value)); - lpWriteKeyFile(); - LP.lplogincheck(true); - } - else - { - //lpdbg("websiteevent","keyweb2plug : logging off"); - lplogoff(); - } - }else{ - //lpdbg("websiteevent","keyweb2plug : same username => updating key"); - CHANGEKEY(lp_hex2bin(eventdata1.value)); - lpWriteKeyFile(); - } + case "keyweb2plug": + var localkey = data1; + var username = data2.toLowerCase().replace(/\s*/g,''); + var cmd = data3; + if (username=="" || localkey=="") + { + lpdbg("error","keyweb2plug invalid params. cmd="+cmd+" username="+username+" localkey="+localkey); + lpReportError("keyweb2plug invalid params cmd="+cmd+" username="+username+" localkey=xxx"); + } + else if (cmd=="2") + { + // username or password change + // - we're resetting the key but not the user's username, is that ok? + lpdbg("websiteevent","keyweb2plug : username or password change for username="+username+" => resetting key"); + lprsa_userchangedpassword(); + CHANGEKEY(lp_hex2bin(eventdata1.value)); + lpWriteKeyFile(); // this does nothing if we're not logged in + } + else + { + // BACKWARDS COMPATIBLITY (see saveKey()) - do nothing...we now handle everything in 'login' + //lpdbg("websiteevent","keyweb2plug : backwards compatibility: do nothing"); } break; @@ -4626,7 +4673,11 @@ function lpWriteKeyFile() { var key = lp_bin2hex(lp_local_key); - if (typeof(lppwdeckey) != 'undefined' && lppwdeckey != null) { + if (typeof(lppwdeckey)!='undefined' && lppwdeckey!=null && lppwdeckey!="" && + typeof(lpusername)!="undefined" && lpusername!=null && lpusername!="" && + typeof(lpusername_hash)!="undefined" && lpusername_hash!=null && lpusername_hash!="") + { + //lpdbg("login","writing keyfile using lppwdeckeyhex="+lp_bin2hex(lppwdeckey)); var keydata = LPAES.Encrypt({pass:lppwdeckey, data:key, b64:true, mode:"ecb", bits:256}); var verificationdata = LPAES.Encrypt({pass:lp_local_key, data:"lastpass rocks", b64:true, mode:"ecb", bits:256}); lpWriteFile(lpusername_hash+"_lp.act.lps", keydata+"\n"+verificationdata); @@ -7354,7 +7405,7 @@ this.lpPopulateAccounts = function(req, ignorestatus, local) { - lpdbg("login","lpPopulateAccounts local="+local); + //lpdbg("login","lpPopulateAccounts local="+local); var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"] .getService(Components.interfaces.nsIWindowMediator); changeset: 14945:1bc2c282b23d user: sameer <sameer@lastpass.com> date: Thu Sep 24 16:58:04 2009 -0400 files: firefox/content/comm.js firefox/content/lastpass.js firefox/content/loginlogic.js description: do the offline login even before we do the http test so that if the http test hangs cuz we're down, the user can still access his data - moved/modified the httptest functions to loginlogic.js - reset our loggedinoffline flag on logoff diff -r 06b507607897 -r 1bc2c282b23d firefox/content/lastpass.js --- a/firefox/content/lastpass.js Thu Sep 24 15:01:36 2009 -0400 +++ b/firefox/content/lastpass.js Thu Sep 24 16:58:04 2009 -0400 @@ -4444,6 +4444,7 @@ fix_toolbar_mode(); LP.lphelpstats = null; lppd = 0; + lploggedinoffline = false; // Give the logout request a chance to start, then kill the session ID lp_phpsessid=''; changeset: 14943:55e5807f87dd user: sameer <sameer@lastpass.com> date: Thu Sep 24 14:02:40 2009 -0400 files: firefox/Makefile firefox/content/lastpass.js firefox/content/loginlogic.php firefox/content/vars.js description: FF login changes to do offline login before we issue any network requests - i still have to do a lot more testing cuz bunch of stuff changed and it touches lots of critical paths, but looks good initially - httptest also has to be changed as currently as we do that before we do the logincheck (since on browser start we can get the key from saved credentials) - we currently only notify the user that they are logged in offline AFTER login.php fails so if login.php hangs, the user would obviously never be notified....will see if changing it causes the notification bar "bounce" making it ugly... - i also still have to implement the xmlhttp timeout functionaltiy. took a quick look at it and there isn't an explicit timeout parameter you can pass. you have to use a setTimeout to determine if a request has hung and if so, call abort() works as follows: (this was never happening before) whenever something calls lplogincheck() we try to do an immediate offline login. to do an offline login, we need the user's key...sometimes the user is already logged in and we have it. if we dont have it, then we try to get it from the user's saved credentials - this is important as it handles the high freq case of the user simply starting up their browser. after offline login, we do a login_check login. if that fails, we do a login.php login. (this was happening before) when somethign calls lplogin() directly, then we again do an immediate offline login before issueing a request to login.php for the yubikey/sesame case, we don't do the offline login first and continue to do things as we did them yesterday. after finishing stuff, i'll revisit this and see how easy of a change it would be VS confusing for users. it would involve changing sesame and making it slightly less secure as currently sesame has a separate offline and online password, whereas yubikey sends your offline password in the clear via keystrokes and to our servers. - pulled all login logic out to a new file loginlock.php - revamped/rewrote the login handlers to handle offline first then online - split up logincheckhandler and loginhandler - fixed a bunch of issues where we'd show the incorrect (or no) notification bar on failures diff -r d696761758f7 -r 55e5807f87dd firefox/content/lastpass.js --- a/firefox/content/lastpass.js Thu Sep 24 13:19:19 2009 -0400 +++ b/firefox/content/lastpass.js Thu Sep 24 14:02:40 2009 -0400 @@ -4341,27 +4341,6 @@ e.returnValue = false; } -this.lplogin=function(username, password, interactive) -{ - LP.lpCloseNotifications(); - LP.mostRecent().setTimeout( - (function(){ - lp_loginhelper(username, password, interactive); - password='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; - }), 100); - // try to flush from ememory -} - -this.logincheck = function(sessionid) -{ - LP.lplogincheck(false, sessionid); -} - -this.lplogincheck = function(fromwebsite) -{ - LP.mostRecent().setTimeout( (function(){lp_logincheckhelper(fromwebsite);}), 100); -} - function lpcheckcookies(){ try{ var cb = LP.lpmainprefs.getIntPref("network.cookie.cookieBehavior"); @@ -4600,85 +4579,6 @@ } } -function lp_loginhelper(username, lppassword, interactive) -{ - lpSetupXHRIntercepts(); - - lpusername = username.toLowerCase().replace(/\s*/g, ''); - lpusername_hash = lp_sha256(lpusername); - lphash = lp_sha256(lp_sha256(lpusername+lppassword) + lppassword); - fix_toolbar_mode(); - CHANGEKEY(lp_hex2bin(lp_sha256(lpusername+lppassword))); - - - //login override - leave this comment - - - // try to kill the memory locations with passwords -- the few lines above used it a few times.... - lppassword='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; - lppassword='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'; - - LP.lp_handle_buttons_all('loggingin'); - - // Do the local file login here; we have the username+password key so it makes sense if we have it.... - // don't show the offline error, wait for our actual network request to do that. - // set server_accts_version to -1 to make sure that we don't attempt a network refresh immediately. - //lp_server_accts_version = -1; - //lpLoginErrorHandler(lpusername, false); - - var postdata="xml=2&username="+LP.en(lpusername)+"&method=ff&hash="+lphash+"&version="+LP.en(lpversion); - postdata += "&hp=" + (LP.IsHomePage() ? "1" : "0"); - postdata += "&encrypted_username=" + LP.en(lpenc(lpusername)); - - // Cache this data in case we have to reissue the login request for yubikey/sesame - sesame_cleardata(); - sesame_setdata("postdata",postdata); - sesame_setdata("interactive",interactive); - yubikey_cleardata(); - yubikey_setdata("postdata",postdata); - yubikey_setdata("interactive",interactive); - postdata += "&otp="; - postdata += "&sesameotp="; - - //Using a locally stored OTP as an account recovery option. - //Send up some data to ensure local data remains in sync with - //server data (eg, if pw is changed on diff machine - if(LP.lpdolostpwotp && (!LP.lpprefsHasUserValue("StoreLostPWOTP") || LP.lpprefsGetBoolPref("StoreLostPWOTP"))){ - postdata += "&lostpwotphash=" + LP.en(LP.GetOTPHash()); - }else{ - //Make sure we do not have a OTP stored - LP.DeleteOTP(); - } - - lpdbg("login","Issuing request to login.php"); - LP.lpMakeRequest(LP.lp_base + 'login.php', postdata, lpLoginResponse, function() { lpLoginErrorHandler(lpusername, true); }, interactive ? "interactive":0); -} - -function lp_logincheckhelper(fromwebsite, sessionid, wxusername, wxhash) -{ - lpSetupXHRIntercepts(); - - yubikey_cleardata(); - sesame_cleardata(); - - var postdata = "version="+LP.en(lpversion)+"&method=ff"; - if(sessionid) - postdata += "&sessionid="+LP.en(sessionid); - postdata += "&hp=" + (LP.IsHomePage() ? "1" : "0"); - - if (wxusername) - postdata += "&wxusername=" + LP.en(wxusername); - if (wxhash) - postdata += "&wxhash=" + LP.en(wxhash); - - if (!lploggedin) { - LP.lp_handle_buttons_all('loggingin'); - } - - lpdbg("login","Issuing request to login_check.php"); - LP.lpMakeRequest(LP.lp_base + 'login_check.php', postdata, lpLoginResponse, lpLoginCheckErrorHandler, fromwebsite); -} - // All the user preferences are read upfront so that we don't have to read them 17000 times per page // it's critical that this run in any path where the username changes this.SetupUserPreferences=function() @@ -4722,147 +4622,6 @@ LP.lpSetupIdleTimer(); } -function lpLoginResponse(req, customErrorHandler, fromwebsite) -{ - try { - if (req && req.readyState == 4 && typeof(customErrorHandler) == "function" && (req.status != 200 || req.responseXML == null || req.responseXML.documentElement == null)) { -lpdbg("error", "loginreponse failure running customErrorHandler"); - customErrorHandler(); - return; - } - LP.lpLoginResponse_win(req, fromwebsite); - - if (req && req.readyState == 4 && lploggedin) { - OnAllLogins(); - lppopulateaccountsfromlogin = true; - lpGetAccountsLocal(); - if (!fromwebsite || 'interactive'==fromwebsite) - lprefreshwindows(); - - var currtime = lp_get_gmt_timestamp(); - LP.lpprefsSetIntPref('lastpollcheck', currtime); - LP.flush_prefs(); - lastpoll = currtime; - if (LP.lpdopoll) { - LP.setupPollTimer(); - } - - if(login_from_welcome){ - login_from_welcome = false; - loginOkAfterCreate(); - } else { - // doubly used fromwebsite (it's a customParam for makeRequest) - // If we have an interactive login -- launch our home page - if('interactive'==fromwebsite) - if(!LP.lpprefsHasUserValue("showHomepageAfterLogin", false) || LP.lpprefsGetBoolPref("showHomepageAfterLogin", false)==true) - launchHomeIf(); - } - - // Only do local icons if we have xpcom - if (lpusexpcomencrypt()) - { - var versionff = lpgeticonsversion(); - if (versionff=="") - versionff = "0"; - //lplog("Making a geticons request with version=" + versionff); - LP.lpMakeRequest(LP.lp_base+"geticon.php","versionff="+LP.en(versionff),lpIconsResponse); - } - - LP.lpretryrequests(); - } - } catch (e) { - lpReportError("Failure in lpLoginResponse: " + e+ " ln: " + e.lineNumber); - } -} - -function lpLoginErrorHandler(username, showoffline) -{ - lpdbg("login","Trying to login offline"); - - // Blow away depreceated stuff - lpDeleteFile(username + "_lp.act.xml"); - lpDeleteFile(username + "_lps.act.xml"); - - // Read key file - var username_hash = lp_sha256(username); - lpRenameFile(username_hash + "_lp.key", username_hash + "_lp.act.key"); - lpRenameFile(username_hash + "_lp.act.key", username_hash + "_lp.act.lps"); - var data = lpReadFile(username_hash + "_lp.act.lps"); - if (data) { - var splitdata=data.split("\n"); - if (splitdata.length == 2) { - var verificationdata = lpdec(splitdata[1], lp_local_key, true); - if (verificationdata == "lastpass rocks") - { - // Read and decrypt accounts file - var data = load_accounts_file(username_hash,true,false) - - // Determine if the file is encrypted. - // - If yes, then ask the user for the password and set it so that it will be used to decrypt/encrypt all reads/writes to acount files moving forward - if (data.indexOf("type=sesameoffline\ndata=")==0) - { - lpdbg("sesame","Logging in offline and existing file is protected by sesameoffline => asking user for offline password"); - var otp = ""; - while (true) - { - otp = sesame_getotp(null); - if (otp=="" || otp.length!=64) - { - if (otp.length>64) - { - LP.alert(LP.lpgs("SesameWrongButton")); - continue; - } - lpdbg("sesame","User did not enter offline password - failing login"); - lplogoff(); - lpshowError("LoginError", false, true); - return; - } - break; - } - sesame_setdata("password_offline",otp); - } - else if (data.indexOf("type=yubikeyoffline\ndata=")==0) - { - lpdbg("yubikey","Logging in offline and existing file is protected by yubikeyoffline => asking user for offline password"); - var otp = yubikey_getotp(null); - if (otp=="" || otp.length!=44) - { - lpdbg("yubikey","User did not enter offline OTP - failing login"); - lplogoff(); - lpshowError("LoginError", false, true); - return; - } - - var otp12 = otp.substring(0,12); - otp = lp_sha256(lp_sha256(lp_sha256(fix_username("LastPassIsGreat")+otp12) + otp12)); - yubikey_setdata("password_offline",otp); - } - - LP.lp_handle_buttons_all('in'); - var key = lp_local_key; // todo ?? - LP.lpset(key,username); - lpGetAccountsLocal(); - if(showoffline) - lp_showNotification('LoggedInOffline', null, 0, 'offline'); - return; - } - } - } - if(showoffline) { - LP.lp_handle_buttons_all('off'); - lpshowError("ErrorLoginMsg"); - } -} - -function lpLoginCheckErrorHandler() -{ - lpdbg("login","Request to login_check.php failed -> trying login.php"); - LP.lp_handle_buttons_all('off'); - lpshowError("ErrorLoginMsg"); - lp_login_from_saved(); -} - function lpWriteKeyFile() { var key = lp_bin2hex(lp_local_key); @@ -4874,322 +4633,6 @@ } } -this.lpLoginResponse_win=function(req, fromwebsite) -{ - if (!req) - return; - - if (req.readyState==4) - { - if (req.status==200 && req.responseXML!=null && req.responseXML.documentElement!=null) - { - var resp = req.responseXML.documentElement; - var ok = resp.getElementsByTagName('ok'); - var loginok = true; - var silent = false; - if (ok.length>0) - { - // CASE: process response from login_check.php or login.php - - lppwdeckey = lp_hex2bin(lp_sha256(ok[0].getAttribute('pwdeckey'))); - lpusername = ok[0].getAttribute('lpusername'); - lpusername_hash = lp_sha256(lpusername); - lpuid = ok[0].getAttribute('uid'); - - // NOTE: For now, dont worry about using otpsecretkey to encrypt/decrypt as we instead rely on disableoffline -- this makes things more secure and greatly simplifies things - //sesame_setdata("password_online", ok[0].getAttribute('otpsecretkey')); // use to encrypt & decrypt sesameonline - //yubikey_setdata("password_online",ok[0].getAttribute('otpsecretkey')); // use to encrypt & decrypt yubikeyonline - sesame_setdata("password_offline", ok[0].getAttribute('sesamepassword')); // use to encrypt & decrypt sesameoffline - yubikey_setdata("password_offline",ok[0].getAttribute('yubikeyhash')); // use to encrypt & decrypt yubikeyoffline - - lpdisableoffline = ok[0].getAttribute('disableoffline')==1 ? 1 : 0; - if (lpdisableoffline) - { - lpdbg("disableoffline","enabled => clearing sensitive files"); - LP.lpClearCache(true,false,true); - } - - fix_toolbar_mode(); - - lprsa_setprivatekeyenchash(ok); - - LP.lphelpstats = new lpobjhelpstats(); - LP.lphelpstats.currentlyopen=false; - LP.lphelpstats.wino=null; - LP.lphelpstats.highlighthelp=(ok[0].getAttribute('hih')=="1"?true:false); - LP.lphelpstats.genpwhelp=(ok[0].getAttribute('genh')=="1"?true:false); - LP.lphelpstats.addsitehelp=(ok[0].getAttribute('addh')=="1"?true:false); - - set_secprompts(ok[0], 'login'); - - countryfromip = ok[0].getAttribute('country'); - lpbUpdateAvailable = (ok[0].getAttribute('upgrade')=="1"?true:false); - logoff_other_ses = (ok[0].getAttribute('logoff_other_ses')=="1"?true:false); - - //There is some duplication here if multiple firefox windows are open - - //Key management stuff... - if (""==lp_local_key) - { - // CASE: login_check.php => if we can't get the key from our local file, call lp_login_from_saved() - - // Get key from local file. - if (!fromwebsite && LP.lpprefsHasUserValue('logOffWhenCloseBrowser') && LP.lpprefsGetBoolPref('logOffWhenCloseBrowser')) { - var lastpollcheck = LP.lpprefsHasUserValue('lastpollcheck') ? LP.lpprefsGetIntPref('lastpollcheck') : 0; - var logOffWhenCloseBrowserVal = LP.lpprefsHasUserValue('logOffWhenCloseBrowserVal') ? LP.lpprefsGetIntPref('logOffWhenCloseBrowserVal') : 0; - var timesincelastpollcheck = lp_get_gmt_timestamp() - lastpollcheck; - if (timesincelastpollcheck >= logOffWhenCloseBrowserVal * 60) { - loginok = false; - silent = true; - lplogoff(); - } - } - var data = null; - if (loginok) { - lpRenameFile(lpusername_hash + "_lp.key", lpusername_hash + "_lp.act.key"); - lpRenameFile(lpusername_hash + "_lp.act.key", lpusername_hash + "_lp.act.lps"); - data = lpReadFile(lpusername_hash+"_lp.act.lps"); - if (!data) - { - data = lpReadFile(lpusername+"_lp.key"); - if (data){ - lpRenameFile(lpusername+"_lp.key",lpusername_hash+"_lp.act.lps"); - } - } - if (data==false) - loginok = false; - } - if (loginok) - { - var splitdata=data.split("\n"); - if (splitdata.length!=2) - loginok = false; - if (loginok) - { - var key = lp_hex2bin(lpdec(splitdata[0], lppwdeckey, true)); - var verificationdata = lpdec(splitdata[1], key, true); - if (verificationdata=="lastpass rocks") - CHANGEKEY(key); - else - loginok = false; - } - } - if (!loginok) - { - LP.lp_handle_buttons_all('off'); - if (!silent) { - lpshowError("LoginError",false,true); - } - lp_login_from_saved(); - return; - } - } - else - { - // CASE: login.php => if we can't get the key from our local file, call lp_login_from_saved() - - //Save the encrypted key to a file - lpWriteKeyFile(); - } - - if (loginok) - lprsa_login(fromwebsite,ok); - - - //Prompt existing users if they want to use OTP Account Recovery. - //Defaults to yes for new users - if(LP.lpdolostpwotp && ok[0].hasAttribute('lostpwotpresult')){ - var localdatapresent = lpFileExists(lpusername_hash+"_lps.act.xml"); - if(localdatapresent && !LP.lpprefsHasUserValue("StoreLostPWOTP")){ -// if (LP.lpConfirmYesNo(LP.lpgs('ExistingUsersOTPPrompt'))) { - LP.lpprefsSetBoolPref("StoreLostPWOTP", true); -// }else{ -// LP.lpprefsSetBoolPref("StoreLostPWOTP", false); -// } - }else if(!LP.lpprefsHasUserValue("StoreLostPWOTP")){ - LP.lpprefsSetBoolPref("StoreLostPWOTP", true); - } - } - - //check account recovery otp - if(LP.lpdolostpwotp && (!LP.lpprefsHasUserValue("StoreLostPWOTP") || LP.lpprefsGetBoolPref("StoreLostPWOTP"))){ - if(ok[0].hasAttribute('lostpwotpresult') && ok[0].getAttribute('lostpwotpresult')!="ok"){ - LP.DeleteOTP(); - LP.MakeOTP(); - } - } - - - //Remove all lastpass login notifications - LP.lpCloseNotifications("login"); - - lploggedin = true; - lploggedincached = false; - lpisadmin = parseInt(ok[0].getAttribute('isadmin')) == 1; - lploglogins = parseInt(ok[0].getAttribute('loglogins')) == 1; - lpemail = ok[0].getAttribute('email'); - lp_local_accts_version = -1; - lp_server_accts_version = parseInt(ok[0].getAttribute('accts_version')); - LP.lp_handle_buttons_all('in'); - - lp_phpsessid = lp_get_phpsessid(); - var newsessid = ok[0].getAttribute('sessionid'); - if(lp_phpsessid!=newsessid && newsessid!='') { - lpdbg("cookie", "New sessid: " + newsessid + " dropping old: " + lp_phpsessid); - lp_phpsessid = newsessid; - } - - if (loginok && ok[0].getAttribute('namedpipes_donotsendlogin')!="1") - { - ok[0].setAttribute("namedpipes_donotsendlogin","1"); - lpnp_sendall("login",{sessionid:newsessid,localkeyhex:lp_bin2hex(lp_local_key)}); - } - - try{ - var ignoreminor = (ok[0].getAttribute('ignoreminor')=="0" ? false : true); - var reqdversion = ok[0].getAttribute('reqdversion'); - if(lpversion!="" && reqdversion!="" && CompareLastPassVersions(lpversion, reqdversion, ignoreminor) < 0){ - lpdbg("state", "Update required: reqdversion " + reqdversion + " lpversion : " + lpversion + " ignoreminor: " + ignoreminor); - LP.alert(LP.lpgs("A required update is available for LastPass. Please press OK to begin download and installation.")); - LP.lpUpdate(); - } - }catch(uperr){ - lplog("Update failed to run: " + uperr); - } - } - else - { - // CASE: server did not return "ok" for login or login_check - - var error = resp.getElementsByTagName('error'); - LP.lp_handle_buttons_all('off'); - if (error.length>0){ - if(error[0].hasAttribute('invalidsession')){ - // CASE: login.php OR login_check.php - lpopen(LP.lp_base+"invalidsession.php", true); - lpshowError("LoginError", false, true); - lplogoff(); - LP.lpClearCache(true,false,false); - return; - }else{ - silent = parseInt(error[0].getAttribute('silent')) == 1; - } - } - if (!silent){ - - if(req.responseText.indexOf("blacklist") > 0) - { - // CASE: login.php - LP.lpClearCache(true,false,false); - lplogoff(); - lpshowError("Blacklist", false, true); - } - else if (req.responseText.indexOf("sesameotprequired") > 0) - { - // CASE: login.php - lpdbg("sesame","LOGIN RESPONSE: sesameotprequired => Asking user for OTP"); - - // We know the user has internet connectivity and that sesame is enabled, so make sure we dont allow offline login via lpLoginErrorHandler if login.php fails - // We do this to simplify things...it avoids the possibility of double prompting the user for the sesame otp to get the offline password - LP.lpClearCache(true,false,false); - - var otp = sesame_getotp(lpusername); - if (otp=="") - { - lpdbg("sesame","User did not enter OTP - failing login"); - lplogoff(); - lpshowError("LoginError", false, true); - return; - } - lpdbg("sesame","User entered sesameotp="+otp+" -- REISSUING LOGIN REQUEST"); - - var postdata = sesame_getdata("postdata") + "&sesameotp="+encodeURIComponent(otp); - var interactive = sesame_getdata("interactive"); - LP.lpMakeRequest(LP.lp_base + 'login.php', postdata, lpLoginResponse, function() { lpLoginErrorHandler(lpusername, true); }, interactive ? "interactive":0); - return; - } - else if (req.responseText.indexOf("sesameotpfailed") > 0) - { - // CASE: login.php - lpdbg("sesame","LOGIN RESPONSE: sesameotpfailed"); - LP.lpClearCache(true,false,false); - lplogoff(); - lpshowError("LoginError", false, true); - return; - } - else if (req.responseText.indexOf("otprequired") > 0) - { - // CASE: login.php - - // We know the user has internet connectivity and that yubikey is enabled, so make sure we dont allow offline login via lpLoginErrorHandler if login.php fails - // We do this to simplify things...it avoids the possibility of double prompting the user for the yubikey otp to get the offline password - LP.lpClearCache(true,false,false); - - lpdbg("yubikey","LOGIN RESPONSE: otprequired => Asking user for OTP"); - var otp = yubikey_getotp(lpusername); - if (otp=="") - { - lpdbg("yubikey","User did not enter OTP - failing login"); - lplogoff(); - lpshowError("LoginError", false, true); - return; - } - lpdbg("yubikey","User entered yubikeyotp="+otp+" -- REISSUING LOGIN REQUEST"); - - var postdata = yubikey_getdata("postdata") + "&otp="+encodeURIComponent(otp); - var interactive = yubikey_getdata("interactive"); - LP.lpMakeRequest(LP.lp_base + 'login.php', postdata, lpLoginResponse, function() { lpLoginErrorHandler(lpusername, true); }, interactive ? "interactive":0); - return; - } - else if (req.responseText.indexOf("otpfailed") > 0) - { - // CASE: login.php - lpdbg("yubikey","LOGIN RESPONSE: otpfailed"); - LP.lpClearCache(true,false,false); - lplogoff(); - lpshowError("LoginError", false, true); - return; - } - // I see this in IE but not in FF...not sure if it's supposed to be added or not... - //else if (req.responseText.indexOf("trialexpired") > 0) - //{ - //} - else - { - // CASE: login.php or login_check.php is returning an invalid response - // "unknownemail" is returned from login.php, not from login_check.php - var showcreate = error.length > 0 && error[0].getAttribute('cause') && error[0].getAttribute('cause') == 'unknownemail'; - lpshowError(error.length > 0 && error[0].getAttribute('message') ? error[0].getAttribute('message') : "LoginError", false, true, showcreate); - - // Not sure what's best to do here...we've gotten junk back from login_check.php or login.php meaning that the user doesn't have a valid session - // Should we try to log in offline? - } - } - else - { - // CASE: login_check.php returns <response><error silent=\"1\"/></response> => Call lp_login_from_saved to force a real login.php request - - // && !LP.lpprefsHasUserValue('ffimportdone') && !LP.lpprefsHasUserValue('ffimportdone', false) - if (!LP.lpprefsHasUserValue('ffhasloggedin', false)) { - LP.lpprefsSetBoolPref('ffhasloggedin', true, false); - LP.flush_prefs(); - - if(!lphidewelcome) - LP.OpenCreateAccount(); - } - - lp_login_from_saved(); - } - } - } else { - LP.lp_handle_buttons_all('off'); - var msg = "Problem with login response. status=" + req.status + " text= " + req.responseText; - lpReportError(msg, null); - lpshowError("ErrorLoginMsg"); - } - } -} - function CompareLastPassVersions(a, b, ignoreminor){ var amajor = 0, aminor = 0, arev = 0; @@ -7505,30 +6948,6 @@ lpopen(url); } -this.lpOpenLogin=function(action,sesameusername) -{ - var aA = {logincase:1}; - if (typeof(sesameusername)!="undefined" && sesameusername!=null && sesameusername!="") - aA.sesameusername = sesameusername; - - if(lploggedin) - lplogoff(); - else{ - //if(lpcheckcookies()==false){ - // LP.lpalert_ex(LP.lpgs('LastPass cannot login until cookies are allowed from lastpass.com')); - // return; - //} - if(action && typeof(action)=="function") - lpdelayedFunction = action; - else - lpdelayedFunction = null; - lpdbg("xulshow","lpOpenLogin opening dialog=login.xul"); - //This variable gets replaced - var mainloginxul = "content/login.xul"; - LP.lpGetCurrentWindow().openDialog(lpchrome_base + mainloginxul, '_blank', 'chrome,titlebar,toolbar,centerscreen,modal',aA); - } -} - this.lpCloseNotifications=function(type) { var wm = Components.classes["@mozilla.org/appshell/window-mediator;1"] @@ -9891,14 +9310,6 @@ return id; } -function lp_lpOpenLoginHelper(notification, description) -{ - //Need this close so that multiple login failures show up. - //notification.close(); - if (!lploggedin) - LP.lpGetCurrentWindow().setTimeout(function() { if (!lploggedin) LP.lpOpenLogin(notification.extra); }, 500); -} - function lp_neverShowLoginNotification(notification, description) { LP.lpprefsSetBoolPref('showLoginNotifications', false, false); @@ -12546,70 +11957,6 @@ LP.lpUpdateAllToolbars(bCompact); } -function lp_get_loginusers(passedinuser) -{ - var loginusers = ''; - if (LP.lpprefsHasUserValue('loginusers', false)) - loginusers = LP.lpprefsGetCharPref('loginusers', false); - var users = new Array(); - - var passedinuserencoded = encodeURIComponent(passedinuser); - if (typeof(passedinuser)!="undefined" && passedinuser!="" && loginusers.indexOf(passedinuserencoded)==-1) - loginusers = passedinuserencoded+"|"+loginusers; - - if (loginusers != '') { - users = loginusers.split('|'); - for (var i = 0; i < users.length; i++) - users[i] = decodeURIComponent(users[i]); - } - return users; -} - -function lp_get_loginpws() -{ - var loginpws = ''; - if (LP.lpprefsHasUserValue('loginpws', false)) { - //lplog("Pulling loginpws prefs: " + LP.lpprefsGetCharPref('loginpws', false)); - loginpws = lp_unprotect_data(LP.lpprefsGetCharPref('loginpws', false)) - } - var pws = new Array(); - var pwmap = new Array(); - if (loginpws != '') { - pws = loginpws.split('|'); - for (var i = 0; i < pws.length; i++) { - var userpw = pws[i].split('='); - if(typeof(userpw[1])!="undefined") { - var user = decodeURIComponent(userpw[0]); - var pw = decodeURIComponent(userpw[1]); - var use_key = lp_hex2bin(lp_sha256(user)); - pw = lpdec(pw, use_key); - //lplog("Setting up pwmap : " + user + " pw: " + pw); - pwmap[user] = pw; - } else { - lpdbg("error", "Failed to split up: " + pws[i]); - } - } - } - return pwmap; -} - -function lp_login_from_saved() -{ - var users = lp_get_loginusers(); - if (users.length > 0) { - var lastuser = users[0]; - var pwmap = lp_get_loginpws(); - if (typeof(pwmap[lastuser]) != 'undefined') { - var lastpass = pwmap[lastuser]; - LP.lplogin(lastuser, lastpass, 0); - return; - } - } - if(lpopenloginstart){ - LP.lpOpenLogin(); - } -} - this.lpshowHelpDlg=function(topic, wino){ if(!LP.lphelpstats) return; changeset: 14878:a06fb4815742 user: Andrew Zitnay <drew@lastpass.com> date: Thu Sep 17 11:04:09 2009 -0400 files: firefox/content/lastpass.js description: even though none of the other hotkeys get defaults for mac, we still need to set the prefs, lest we warn about restsrting to put new hotkeys into effect the first time preferences is submitted regardless of whether or not they actually changed hotkeys diff -r 595739c7a5aa -r a06fb4815742 firefox/content/lastpass.js --- a/firefox/content/lastpass.js Thu Sep 17 10:45:32 2009 -0400 +++ b/firefox/content/lastpass.js Thu Sep 17 11:04:09 2009 -0400 @@ -13346,28 +13346,37 @@ } flush = true; } - if(!LP.lpprefsHasUserValue("submitHkKeyCode", false)){ - LP.lpprefsSetIntPref("submitHkKeyCode", 0, false); - LP.lpprefsSetCharPref("submitHkMods", "", false); - flush = true; - } - if(!LP.lpprefsHasUserValue("saveallHkKeyCode", false)){ - //these were also added at the same time. so can lump together. - LP.lpprefsSetIntPref("saveallHkKeyCode", 0, false); - LP.lpprefsSetCharPref("saveallHkMods", "", false); - LP.lpprefsSetIntPref("logoffHkKeyCode", 0, false); - LP.lpprefsSetCharPref("logoffHkMods", "", false); - flush = true; - } - }else{ - if(!LP.lpprefsHasUserValue("nextHkKeyCode", false)){ + }else{ + if(!LP.lpprefsHasUserValue("generateHkKeyCode", false)){ + //can lump all of these together. they were added at the same time. + LP.lpprefsSetIntPref("generateHkKeyCode", 0, false); + LP.lpprefsSetCharPref("generateHkMods", "", false); + LP.lpprefsSetIntPref("recheckHkKeyCode", 0, false); + LP.lpprefsSetCharPref("recheckHkMods", "", false); + LP.lpprefsSetIntPref("searchHkKeyCode", 0, false); + LP.lpprefsSetCharPref("searchHkMods", "", false); LP.lpprefsSetIntPref("nextHkKeyCode", 33, false); LP.lpprefsSetCharPref("nextHkMods", "meta", false); LP.lpprefsSetIntPref("prevHkKeyCode", 34, false); LP.lpprefsSetCharPref("prevHkMods", "meta", false); + LP.lpprefsSetIntPref("homeHkKeyCode", 0, false); + LP.lpprefsSetCharPref("homeHkMods", "", false); flush = true; } } + if(!LP.lpprefsHasUserValue("submitHkKeyCode", false)){ + LP.lpprefsSetIntPref("submitHkKeyCode", 0, false); + LP.lpprefsSetCharPref("submitHkMods", "", false); + flush = true; + } + if(!LP.lpprefsHasUserValue("saveallHkKeyCode", false)){ + //these were also added at the same time. so can lump together. + LP.lpprefsSetIntPref("saveallHkKeyCode", 0, false); + LP.lpprefsSetCharPref("saveallHkMods", "", false); + LP.lpprefsSetIntPref("logoffHkKeyCode", 0, false); + LP.lpprefsSetCharPref("logoffHkMods", "", false); + flush = true; + } if(flush) LP.flush_prefs(); } changeset: 14865:9988465808d9 user: Andrew Zitnay <drew@lastpass.com> date: Tue Sep 15 21:43:00 2009 -0400 files: firefox/content/general.xul firefox/content/lastpass.js firefox/content/prefs.js firefox/locale/en-US/lang.properties firefox/make_webroot_wisc description: sick of people asking about this hidden pref diff -r d7f2228a6436 -r 9988465808d9 firefox/content/lastpass.js --- a/firefox/content/lastpass.js Tue Sep 15 21:34:53 2009 -0400 +++ b/firefox/content/lastpass.js Tue Sep 15 21:43:00 2009 -0400 @@ -16017,12 +16017,17 @@ this.hide_context = function(evt) { try { var doc = evt.target.ownerDocument ? evt.target.ownerDocument : LP.getBrowser().contentDocument; - if(lphidecontextmenu) { - if (doc.getElementById("lpt_lpcontentareacontextmenu")) { + if (doc.getElementById("lpt_lpcontentareacontextmenu")) { + if(lphidecontextmenu) { doc.getElementById("lpt_lpcontentareacontextmenu").setAttribute('hidden', true); doc.getElementById("lpt_lpcontentareacontextmenu").setAttribute('display', 'none'); doc.getElementById("lpt_lpcontentareacontextmenuseparator").setAttribute('hidden', true); doc.getElementById("lpt_lpfillformsmenu4").setAttribute('hidden', true); + } else { + doc.getElementById("lpt_lpcontentareacontextmenu").setAttribute('hidden', false); + doc.getElementById("lpt_lpcontentareacontextmenu").setAttribute('display', ''); + doc.getElementById("lpt_lpcontentareacontextmenuseparator").setAttribute('hidden', false); + doc.getElementById("lpt_lpfillformsmenu4").setAttribute('hidden', false); } } } catch(e) { changeset: 14828:dca8e4aab3a2 parent: 14826:c2951d13a97b user: Bob Billingslea <robert.billingslea@gmail.com> date: Fri Sep 11 13:54:31 2009 -0400 files: firefox/content/lastpass.js firefox/content/util.js firefox/content/utilc.js description: Pull lp_init_tlds into util so it can be reused. Definitely not something that we should duplicate. diff -r c2951d13a97b -r dca8e4aab3a2 firefox/content/lastpass.js --- a/firefox/content/lastpass.js Fri Sep 11 12:48:44 2009 -0400 +++ b/firefox/content/lastpass.js Fri Sep 11 13:54:31 2009 -0400 @@ -12933,181 +12933,6 @@ return currnot && typeof(currnot.choices) != 'undefined' && currnot.choices == choices && (ignoreold || typeof(currnot.lpoldnotification) == 'undefined') ? true : false; } -function lp_init_tlds() -{ - if (typeof(lp_all_tlds) == 'undefined' || lp_all_tlds == null) { - lp_all_tlds = new Array(); - lp_all_tlds['hu'] = new Array('2000', 'agrar', 'bolt', 'casino', 'city', 'co', 'com', 'erotica', 'erotika', 'film', 'forum', 'games', 'hotel', 'info', 'ingatlan', 'jogasz', 'konyvelo', 'lakas', 'media', 'news', 'nui', 'org', 'priv', 'reklam', 'sex', 'shop', 'sport', 'suli', 'szex', 'tm', 'tozsde', 'utazas', 'video'); - lp_all_tlds['nl'] = new Array('752'); - lp_all_tlds['ca'] = new Array('ab', 'bc', 'gc', 'mb', 'nb', 'nf', 'nl', 'ns', 'nt', 'nu', 'on', 'pe', 'qc', 'sk', 'yk'); - lp_all_tlds['pa'] = new Array('abo', 'ac', 'com', 'edu', 'gob', 'ing', 'med', 'net', 'nom', 'org', 'sld'); - lp_all_tlds['se'] = new Array('ab', 'ac', 'bd', 'brand', 'com', 'c', 'd', 'e', 'fh', 'fhsk', 'fhv', 'f', 'g', 'h', 'i', 'komforb', 'kommunalforbund', 'komvux', 'k', 'lanarb', 'lanbib', 'mil', 'm', 'naturbruksgymn', 'net', 'n', 'org', 'o', 'parti', 'pp', 'press', 's', 'sshn', 'tm', 't', 'u', 'w', 'x', 'y', 'z'); - lp_all_tlds['ac'] = new Array('ac', 'co', 'com', 'edu', 'gov', 'gv', 'mil', 'net', 'or', 'org'); - lp_all_tlds['ae'] = new Array('ac', 'com', 'gov', 'mil', 'name', 'net', 'org', 'pro', 'sch'); - lp_all_tlds['at'] = new Array('ac', 'co', 'gv', 'or', 'priv'); - lp_all_tlds['be'] = new Array('ac', 'ap', 'co', 'com', 'fgov', 'to', 'xa'); - lp_all_tlds['cn'] = new Array('ac', 'ah', 'bj', 'com', 'cq', 'edu', 'fj', 'gd', 'gov', 'gs', 'gx', 'gz', 'ha', 'hb', 'he', 'hi', 'hk', 'hl', 'hn', 'jl', 'js', 'jx', 'ln', 'mo', 'net', 'nm', 'nx', 'org', 'qh', 'sc', 'sd', 'sh', 'sn', 'sx', 'tj', 'tw', 'xj', 'xz', 'yn', 'zj'); - lp_all_tlds['cr'] = new Array('ac', 'co', 'ed', 'fi', 'go', 'or', 'sa'); - lp_all_tlds['cy'] = new Array('ac', 'biz', 'com', 'ekloges', 'gov', 'info', 'ltd', 'name', 'net', 'org', 'parliament', 'press', 'pro', 'tm'); - lp_all_tlds['fj'] = new Array('ac', 'biz', 'com', 'gov', 'id', 'info', 'mil', 'name', 'net', 'org', 'pro', 'school'); - lp_all_tlds['fk'] = new Array('ac', 'co', 'gov', 'net', 'nom', 'org'); - lp_all_tlds['gg'] = new Array('ac', 'alderney', 'co', 'gov', 'guernsey', 'ind', 'ltd', 'net', 'org', 'sark', 'sch'); - lp_all_tlds['gn'] = new Array('ac', 'com', 'gov', 'net', 'org'); - lp_all_tlds['id'] = new Array('ac', 'co', 'go', 'mil', 'net', 'or', 'sch', 'web'); - lp_all_tlds['il'] = new Array('ac', 'co', 'gov', 'idf', 'k12', 'muni', 'net', 'org'); - lp_all_tlds['im'] = new Array('ac', 'co', 'gov', 'net', 'nic', 'org'); - lp_all_tl