Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-05-08 09:26:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: Don't log SecureJoin QRs

Browse Source 
Delta Chat mustn't write sensitive information to unencrypted log files in local storage.
This commit is contained in:
iequidoo
2024-02-11 22:09:54 -03:00
committed by link2xt
parent 3a787519b3
commit 794596ec69
3 changed files with 12 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/qr.rs
View File

@@ -249,8 +249,6 @@ fn starts_with_ignore_case(string: &str, pattern: &str) -> bool {
/// The function should be called after a QR code is scanned. /// The function should be called after a QR code is scanned.
/// The function takes the raw text scanned and checks what can be done with it. /// The function takes the raw text scanned and checks what can be done with it.
pub async fn check_qr(context: &Context, qr: &str) -> Result<Qr> { pub async fn check_qr(context: &Context, qr: &str) -> Result<Qr> {
info!(context, "Scanned QR code: {}", qr);
let qrcode = if starts_with_ignore_case(qr, OPENPGP4FPR_SCHEME) { let qrcode = if starts_with_ignore_case(qr, OPENPGP4FPR_SCHEME) {
decode_openpgp(context, qr) decode_openpgp(context, qr)
.await .await
@@ -474,8 +472,7 @@ fn decode_account(qr: &str) -> Result<Qr> {
let payload = qr let payload = qr
.get(DCACCOUNT_SCHEME.len()..) .get(DCACCOUNT_SCHEME.len()..)
.context("invalid DCACCOUNT payload")?; .context("invalid DCACCOUNT payload")?;
let url = let url = url::Url::parse(payload).context("Invalid account URL")?;
url::Url::parse(payload).with_context(|| format!("Invalid account URL: {payload:?}"))?;
if url.scheme() == "http" || url.scheme() == "https" { if url.scheme() == "http" || url.scheme() == "https" {
Ok(Qr::Account { Ok(Qr::Account {
domain: url domain: url
@@ -484,7 +481,7 @@ fn decode_account(qr: &str) -> Result<Qr> {
.to_string(), .to_string(),
}) })
} else { } else {
bail!("Bad scheme for account URL: {:?}.", payload); bail!("Bad scheme for account URL: {:?}.", url.scheme());
} }
} }
@@ -495,8 +492,7 @@ fn decode_webrtc_instance(_context: &Context, qr: &str) -> Result<Qr> {
.context("invalid DCWEBRTC payload")?; .context("invalid DCWEBRTC payload")?;
let (_type, url) = Message::parse_webrtc_instance(payload); let (_type, url) = Message::parse_webrtc_instance(payload);
let url = let url = url::Url::parse(&url).context("Invalid WebRTC instance")?;
url::Url::parse(&url).with_context(|| format!("Invalid WebRTC instance: {payload:?}"))?;
if url.scheme() == "http" || url.scheme() == "https" { if url.scheme() == "http" || url.scheme() == "https" {
Ok(Qr::WebrtcInstance { Ok(Qr::WebrtcInstance {
@@ -507,7 +503,7 @@ fn decode_webrtc_instance(_context: &Context, qr: &str) -> Result<Qr> {
instance_pattern: payload.to_string(), instance_pattern: payload.to_string(),
}) })
} else { } else {
bail!("Bad URL scheme for WebRTC instance: {:?}", payload); bail!("Bad URL scheme for WebRTC instance: {:?}", url.scheme());
} }
} }
@@ -549,16 +545,15 @@ async fn set_account_from_qr(context: &Context, qr: &str) -> Result<()> {
.send() .send()
.await?; .await?;
let response_status = response.status(); let response_status = response.status();
let response_text = response.text().await.with_context(|| { let response_text = response
format!("Cannot create account, request to {url_str:?} failed: empty response") .text()
})?; .await
.context("Cannot create account, request failed: empty response")?;
if response_status.is_success() { if response_status.is_success() {
let CreateAccountSuccessResponse { password, email } = serde_json::from_str(&response_text) let CreateAccountSuccessResponse { password, email } = serde_json::from_str(&response_text)
.with_context(|| { .with_context(|| {
format!( format!("Cannot create account, response is malformed:\n{response_text:?}")
"Cannot create account, response from {url_str:?} is malformed:\n{response_text:?}"
)
})?; })?;
context context
.set_config_internal(Config::Addr, Some(&email)) .set_config_internal(Config::Addr, Some(&email))
@@ -653,7 +648,7 @@ pub async fn set_config_from_qr(context: &Context, qr: &str) -> Result<()> {
Qr::Login { address, options } => { Qr::Login { address, options } => {
configure_from_login_qr(context, &address, options).await? configure_from_login_qr(context, &address, options).await?
} }
_ => bail!("qr code {:?} does not contain config", qr), _ => bail!("QR code does not contain config"),
} }
Ok(()) Ok(())

3
src/securejoin.rs
View File

@@ -124,8 +124,7 @@ pub async fn get_securejoin_qr(context: &Context, group: Option<ChatId>) -> Resu
) )
}; };
info!(context, "Generated QR code: {}", qr); info!(context, "Generated QR code.");
Ok(qr) Ok(qr)
} }

2
src/securejoin/qrinvite.rs
View File

@@ -97,7 +97,7 @@ impl TryFrom<Qr> for QrInvite {
invitenumber, invitenumber,
authcode, authcode,
}), }),
_ => bail!("Unsupported QR type {:?}", qr), _ => bail!("Unsupported QR type"),
} }
} }
} }