do not allow unencrypted 3rd party backups

Authenticator-Extension · Jul 28, 2024 · 967d265 · 967d265
1 parent 3ea0d9b
commit 967d265
Show file tree

Hide file tree

Showing 10 changed files with 575 additions and 661 deletions.
diff --git a/_locales/en/messages.json b/_locales/en/messages.json
diff --git a/src/components/Popup/DrivePage.vue b/src/components/Popup/DrivePage.vue
@@ -1,29 +1,24 @@
 <template>
   <div>
     <div>
-      <div class="text warning" v-show="!isEncrypted || !defaultEncryption">
-        {{ i18n.dropbox_risk }}
+      <div class="text warning" v-show="needEncryption">
+        {{ i18n.encryption_required }}
       </div>
       <div v-show="backupToken">
         <div style="margin: 10px 0px 0px 20px; overflow-wrap: break-word">
           {{ i18n.account }} - {{ email }}
         </div>
       </div>
-      <a-select-input
-        v-show="!!defaultEncryption && backupToken"
-        :label="i18n.encrypted"
-        v-model="isEncrypted"
-      >
-        <option value="true">{{ i18n.yes }}</option>
-        <option value="false">{{ i18n.no }}</option>
-      </a-select-input>
       <a-button v-show="backupToken" @click="backupLogout()">
         {{ i18n.log_out }}
       </a-button>
-      <a-button v-show="!backupToken" @click="getBackupToken()">
+      <a-button
+        v-show="!backupToken && !needEncryption"
+        @click="getBackupToken()"
+      >
         {{ i18n.sign_in }}
       </a-button>
-      <a-button v-show="backupToken" @click="backupUpload()">
+      <a-button v-show="backupToken && !needEncryption" @click="backupUpload()">
         {{ i18n.manual_dropbox }}
       </a-button>
     </div>
@@ -50,25 +45,15 @@ export default Vue.extend({
     defaultEncryption: function () {
       return this.$store.state.accounts.defaultEncryption;
     },
-    isEncrypted: {
-      get(): boolean {
-        if (UserSettings.items[`${service}Encrypted`] === null) {
-          this.$store.commit("backup/setEnc", { service, value: true });
-          UserSettings.items[`${service}Encrypted`] = true;
-          UserSettings.commitItems();
-          return true;
-        }
-        return this.$store.state.backup.driveEncrypted;
-      },
-      set(newValue: string) {
-        UserSettings.items.driveEncrypted = newValue === "true";
-        UserSettings.commitItems();
-        this.$store.commit("backup/setEnc", { service, value: newValue });
-      },
+    allEntriesEncrypted: function (): boolean {
+      return this.$store.getters["accounts/allEntriesEncrypted"];
     },
-    backupToken: function () {
+    backupToken: function (): string | undefined {
       return this.$store.state.backup.driveToken;
     },
+    needEncryption: function (): boolean {
+      return !this.defaultEncryption || !this.allEntriesEncrypted;
+    },
   },
   methods: {
     getBackupToken() {

diff --git a/src/components/Popup/DropboxPage.vue b/src/components/Popup/DropboxPage.vue
@@ -1,29 +1,24 @@
 <template>
   <div>
     <div>
-      <div class="text warning" v-show="!isEncrypted || !defaultEncryption">
-        {{ i18n.dropbox_risk }}
+      <div class="text warning" v-show="needEncryption">
+        {{ i18n.encryption_required }}
       </div>
       <div v-show="backupToken">
         <div style="margin: 10px 0px 0px 20px; overflow-wrap: break-word">
           {{ i18n.account }} - {{ email }}
         </div>
       </div>
-      <a-select-input
-        v-show="!!defaultEncryption && backupToken"
-        :label="i18n.encrypted"
-        v-model="isEncrypted"
-      >
-        <option value="true">{{ i18n.yes }}</option>
-        <option value="false">{{ i18n.no }}</option>
-      </a-select-input>
       <a-button v-show="backupToken" @click="backupLogout()">
         {{ i18n.log_out }}
       </a-button>
-      <a-button v-show="!backupToken" @click="getBackupToken()">
+      <a-button
+        v-show="!backupToken && !needEncryption"
+        @click="getBackupToken()"
+      >
         {{ i18n.sign_in }}
       </a-button>
-      <a-button v-show="backupToken" @click="backupUpload()">
+      <a-button v-show="backupToken && !needEncryption" @click="backupUpload()">
         {{ i18n.manual_dropbox }}
       </a-button>
     </div>
@@ -49,25 +44,15 @@ export default Vue.extend({
     defaultEncryption: function () {
       return this.$store.state.accounts.defaultEncryption;
     },
-    isEncrypted: {
-      get(): boolean {
-        if (UserSettings.items[`${service}Encrypted`] === null) {
-          this.$store.commit("backup/setEnc", { service, value: true });
-          UserSettings.items[`${service}Encrypted`] = true;
-          UserSettings.commitItems();
-          return true;
-        }
-        return this.$store.state.backup.dropboxEncrypted;
-      },
-      set(newValue: string) {
-        UserSettings.items.dropboxEncrypted = newValue === "true";
-        UserSettings.commitItems();
-        this.$store.commit("backup/setEnc", { service, value: newValue });
-      },
+    allEntriesEncrypted: function (): boolean {
+      return this.$store.getters["accounts/allEntriesEncrypted"];
     },
-    backupToken: function () {
+    backupToken: function (): string | undefined {
       return this.$store.state.backup.dropboxToken;
     },
+    needEncryption: function (): boolean {
+      return !this.defaultEncryption || !this.allEntriesEncrypted;
+    },
   },
   methods: {
     getBackupToken() {

diff --git a/src/components/Popup/OneDrivePage.vue b/src/components/Popup/OneDrivePage.vue
@@ -1,39 +1,37 @@
 <template>
   <div>
     <div>
-      <div class="text warning" v-show="!isEncrypted || !defaultEncryption">
-        {{ i18n.dropbox_risk }}
+      <div class="text warning" v-show="needEncryption">
+        {{ i18n.encryption_required }}
       </div>
       <div v-show="backupToken">
         <div style="margin: 10px 0px 0px 20px; overflow-wrap: break-word">
           {{ i18n.account }} - {{ email }}
         </div>
       </div>
-      <a-select-input
-        v-show="!!defaultEncryption && backupToken"
-        :label="i18n.encrypted"
-        v-model="isEncrypted"
-      >
-        <option value="true">{{ i18n.yes }}</option>
-        <option value="false">{{ i18n.no }}</option>
-      </a-select-input>
       <a-button v-show="backupToken" @click="backupLogout()">
         {{ i18n.log_out }}
       </a-button>
-      <a-button v-show="!backupToken" @click="getBackupToken()">
+      <a-button
+        v-show="!backupToken && !needEncryption"
+        @click="getBackupToken()"
+      >
         {{ i18n.sign_in }}
       </a-button>
-      <a-button v-show="!backupToken" @click="getBackupToken(true)">
+      <a-button
+        v-show="!backupToken && !needEncryption"
+        @click="getBackupToken(true)"
+      >
         {{ i18n.sign_in_business }}
       </a-button>
-      <div class="text" v-show="!backupToken">
+      <div class="text" v-show="!backupToken && !needEncryption">
         <a
           v-on:click="openLink('https://otp.ee/onedriveperms')"
           href="https://otp.ee/onedriveperms"
           >{{ i18n.onedrive_business_perms }}</a
         >
       </div>
-      <a-button v-show="backupToken" @click="backupUpload()">
+      <a-button v-show="backupToken && !needEncryption" @click="backupUpload()">
         {{ i18n.manual_dropbox }}
       </a-button>
     </div>
@@ -59,23 +57,13 @@ export default Vue.extend({
     defaultEncryption: function () {
       return this.$store.state.accounts.defaultEncryption;
     },
-    isEncrypted: {
-      get(): boolean {
-        if (UserSettings.items.oneDriveEncrypted === null) {
-          this.$store.commit("backup/setEnc", { service, value: true });
-          UserSettings.items.oneDriveEncrypted = true;
-          UserSettings.commitItems();
-          return true;
-        }
-        return this.$store.state.backup.driveEncrypted;
-      },
-      set(newValue: string) {
-        UserSettings.items.driveEncrypted = newValue === "true";
-        UserSettings.commitItems();
-        this.$store.commit("backup/setEnc", { service, value: newValue });
-      },
+    allEntriesEncrypted: function (): boolean {
+      return this.$store.getters["accounts/allEntriesEncrypted"];
+    },
+    needEncryption: function (): boolean {
+      return !this.defaultEncryption || !this.allEntriesEncrypted;
     },
-    backupToken: function () {
+    backupToken: function (): string | undefined {
       return this.$store.state.backup.oneDriveToken;
     },
   },

diff --git a/src/definitions/module-interface.d.ts b/src/definitions/module-interface.d.ts
@@ -76,6 +76,7 @@ interface AccountsState {
   keys: OldKey | Key[];
   wrongPassword: boolean;
   initComplete: boolean;
+  allEntriesEncrypted: boolean;
 }
 
 interface NotificationState {
@@ -86,9 +87,6 @@ interface NotificationState {
 }
 
 interface BackupState {
-  dropboxEncrypted: boolean;
-  driveEncrypted: boolean;
-  oneDriveEncrypted: boolean;
   dropboxToken: boolean;
   driveToken: boolean;
   oneDriveToken: boolean;

diff --git a/src/models/backup.ts b/src/models/backup.ts
@@ -12,15 +12,7 @@ export class Dropbox implements BackupProvider {
   async upload(encryption: Encryption) {
     await UserSettings.updateItems();
 
-    if (UserSettings.items.dropboxEncrypted === undefined) {
-      // Encrypt by default if user hasn't set yet
-      UserSettings.items.dropboxEncrypted = true;
-      UserSettings.commitItems();
-    }
-    const exportData = await EntryStorage.backupGetExport(
-      encryption,
-      UserSettings.items.dropboxEncrypted === true
-    );
+    const exportData = await EntryStorage.backupGetExport(encryption, true);
     const backup = JSON.stringify(exportData, null, 2);
 
     const url = "https://content.dropboxapi.com/2/files/upload";
@@ -352,14 +344,8 @@ export class Drive implements BackupProvider {
 
   async upload(encryption: Encryption) {
     await UserSettings.updateItems();
-    if (UserSettings.items.driveEncrypted === undefined) {
-      UserSettings.items.driveEncrypted = true;
-      UserSettings.commitItems();
-    }
-    const exportData = await EntryStorage.backupGetExport(
-      encryption,
-      UserSettings.items.driveEncrypted === true
-    );
+
+    const exportData = await EntryStorage.backupGetExport(encryption, true);
     const backup = JSON.stringify(exportData, null, 2);
 
     const token = await this.getToken();
@@ -581,13 +567,8 @@ export class OneDrive implements BackupProvider {
 
   async upload(encryption: Encryption) {
     await UserSettings.updateItems();
-    if (UserSettings.items.oneDriveEncrypted === undefined) {
-      UserSettings.items.oneDriveEncrypted = true;
-    }
-    const exportData = await EntryStorage.backupGetExport(
-      encryption,
-      UserSettings.items.oneDriveEncrypted === true
-    );
+
+    const exportData = await EntryStorage.backupGetExport(encryption, true);
     const backup = JSON.stringify(exportData, null, 2);
 
     const token = await this.getToken();

diff --git a/src/models/settings.ts b/src/models/settings.ts
@@ -5,18 +5,15 @@ export enum StorageLocation {
 
 interface UserSettingsData {
   // local settings
-  driveEncrypted?: boolean;
   driveFolder?: string;
   driveRefreshToken?: string;
   driveRevoked?: boolean;
   driveToken?: string;
-  dropboxEncrypted?: boolean;
   dropboxRevoked?: boolean;
   dropboxToken?: string;
   lastRemindingBackupTime?: number;
   offset?: number;
   oneDriveBusiness?: boolean;
-  oneDriveEncrypted?: boolean;
   oneDriveRevoked?: boolean;
   oneDriveRefreshToken?: string;
   oneDriveToken?: string;
@@ -35,18 +32,15 @@ interface UserSettingsData {
 
 // Maybe we can have a better way to define this
 const LocalUserSettingsDataKeys = [
-  "driveEncrypted",
   "driveFolder",
   "driveRefreshToken",
   "driveRevoked",
   "driveToken",
-  "dropboxEncrypted",
   "dropboxRevoked",
   "dropboxToken",
   "lastRemindingBackupTime",
   "offset",
   "oneDriveBusiness",
-  "oneDriveEncrypted",
   "oneDriveRevoked",
   "oneDriveRefreshToken",
   "oneDriveToken",
@@ -70,13 +64,10 @@ export class UserSettings {
       if (
         [
           "autofill",
-          "driveEncrypted",
           "driveRevoked",
-          "dropboxEncrypted",
           "dropboxRevoked",
           "enableContextMenu",
           "oneDriveBusiness",
-          "oneDriveEncrypted",
           "oneDriveRevoked",
           "smartFilter",
           "enableContextMenu",
@@ -85,13 +76,10 @@ export class UserSettings {
         settings[
           key as
             | "autofill"
-            | "driveEncrypted"
             | "driveRevoked"
-            | "dropboxEncrypted"
             | "dropboxRevoked"
             | "enableContextMenu"
             | "oneDriveBusiness"
-            | "oneDriveEncrypted"
             | "oneDriveRevoked"
             | "smartFilter"
             | "enableContextMenu"

diff --git a/src/popup.ts b/src/popup.ts
@@ -201,6 +201,11 @@ async function init() {
 init();
 
 async function runScheduledBackup(clientTime: number, instance: Vue) {
+  if (!instance.$store.getters["accounts/allEntriesEncrypted"]) {
+    // Don't ever upload an unencrypted secret
+    return;
+  }
+
   if (instance.$store.state.backup.dropboxToken) {
     chrome.permissions.contains(
       { origins: ["https://*.dropboxapi.com/*"] },

diff --git a/src/store/Accounts.ts b/src/store/Accounts.ts
@@ -75,6 +75,11 @@ export class Accounts implements Module {
           );
           return [...pinnedEntries, ...unpinnedEntries];
         },
+        allEntriesEncrypted(state: AccountsState) {
+          return state.entries.every((entry) => {
+            return Boolean(entry.encryption?.getEncryptionStatus());
+          });
+        },
       },
       mutations: {
         stopFilter(state: AccountsState) {