Skip to content
Snippets Groups Projects
Commit 8405bcc0 authored by Benoit Lavenier's avatar Benoit Lavenier
Browse files

Merge branch 'fix_search' into 'master' 

Remove CS+ attacks from list result.

Closes #978 et #959

See merge request clients/cesium-grp/cesium!646
parents def29a0e 2c4ed271
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
www/js/controllers/wot-controllers.js
+ 20
2
View file @ 8405bcc0
...@@ -162,7 +162,7 @@ angular.module('cesium.wot.controllers', ['cesium.services']) ...@@ -162,7 +162,7 @@ angular.module('cesium.wot.controllers', ['cesium.services'])
; ;
function WotLookupController($scope, $state, $q, $timeout, $focus, $location, $ionicPopover, $ionicHistory, function WotLookupController($scope, $state, $q, $timeout, $focus, $location, $ionicPopover, $ionicHistory,
UIUtils, csConfig, csCurrency, csSettings, Device, BMA, csWallet, csWot) { UIUtils, csConfig, csCurrency, csSettings, Device, BMA, csWallet, csWot, csCrypto) {
'ngInject'; 'ngInject';
var defaultSearchLimit = 10; var defaultSearchLimit = 10;
...@@ -293,10 +293,28 @@ function WotLookupController($scope, $state, $q, $timeout, $focus, $location, $i ...@@ -293,10 +293,28 @@ function WotLookupController($scope, $state, $q, $timeout, $focus, $location, $i
$scope.search.loading = true; $scope.search.loading = true;
$scope.search.type = 'text'; $scope.search.type = 'text';
// If checksum is correct, search on simple pubkey
let pubkeyWithCk;
if (BMA.regexp.PUBKEY_WITH_CHECKSUM.test(text)) {
console.debug("[wot] Validating pubkey checksum... ");
let matches = BMA.regexp.PUBKEY_WITH_CHECKSUM.exec(text);
console.log(matches)
pubkey = matches[1];
let checksum = matches[2];
let expectedChecksum = csCrypto.util.pkChecksum(pubkey);
if (checksum === expectedChecksum) {
console.debug("[wot] checksum {" + checksum + "} valid for pubkey {" + pubkey + "}")
text = pubkey
pubkeyWithCk = pubkey + ':' + checksum
}
}
return csWot.search(text) return csWot.search(text)
.then(function(idties){ .then(function(idties){
if ($scope.search.type !== 'text') return; // could have change if ($scope.search.type !== 'text') return; // could have change
if ($scope.search.text.trim() !== text) return; // search text has changed before received response originText = $scope.search.text.trim();
if (originText !== text && originText !== pubkeyWithCk) return; // search text has changed before received response
if ((!idties || !idties.length) && (BMA.regexp.PUBKEY.test(text) || BMA.regexp.PUBKEY_WITH_CHECKSUM.test(text))) { if ((!idties || !idties.length) && (BMA.regexp.PUBKEY.test(text) || BMA.regexp.PUBKEY_WITH_CHECKSUM.test(text))) {
return BMA.uri.parse(text) return BMA.uri.parse(text)
......
www/js/services/wot-services.js
+ 9
0
View file @ 8405bcc0
...@@ -856,6 +856,15 @@ angular.module('cesium.wot.services', ['ngApi', 'cesium.bma.services', 'cesium.c ...@@ -856,6 +856,15 @@ angular.module('cesium.wot.services', ['ngApi', 'cesium.bma.services', 'cesium.c
return api.data.raisePromise.search(text, idties, 'pubkey') return api.data.raisePromise.search(text, idties, 'pubkey')
.then(function() { .then(function() {
// remove CS+ ids that match pubkey regex (considered attacks) - fix #959
idties = idties.filter(function(idty) {
if (BMA.regexp.PUBKEY.test(text) || BMA.regexp.PUBKEY_WITH_CHECKSUM.test(text)) {
text_pk = text.split(':')[0]
return idty.pubkey == text_pk
}
return true;
})
// Make sure to add uid to new results - fix #488 // Make sure to add uid to new results - fix #488
if (idties.length > lookupResultCount) { if (idties.length > lookupResultCount) {
var idtiesWithoutUid = _.filter(idties, function(idty) { var idtiesWithoutUid = _.filter(idties, function(idty) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment