Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-11-02 03:16:11 +01:00
Code Issues Packages Projects Releases Activity

data key is not encrypted with aes-cbc as well

Browse Source
This commit is contained in:
azivner
2017-11-15 23:39:50 -05:00
parent 5313ac47e6
commit c190c738a2
13 changed files with 109 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
services/change_password.js
View File

@@ -18,12 +18,10 @@ async function changePassword(currentPassword, newPassword, req) {
const newPasswordVerificationKey = utils.toBase64(await my_scrypt.getVerificationHash(newPassword));
const newPasswordDerivedKey = await my_scrypt.getPasswordDerivedKey(newPassword);
const decryptedDataKey = await password_encryption.getDecryptedDataKey(currentPassword);
const newEncryptedDataKey = password_encryption.encryptDataKey(newPasswordDerivedKey, decryptedDataKey);
const decryptedDataKey = await password_encryption.getDecryptedDataKeyCbc(currentPassword);
await sql.doInTransaction(async () => {
await options.setOption('encrypted_data_key', newEncryptedDataKey);
await password_encryption.setDataKey(newPasswordDerivedKey, decryptedDataKey);
await options.setOption('password_verification_hash', newPasswordVerificationKey);