lbry-desktop/ui/util/saved-passwords.js

// @flow
import { ipcRenderer } from 'electron';
import { DOMAIN } from 'config';

const isProduction = process.env.NODE_ENV === 'production';
const maxExpiration = 2147483647;
let sessionPassword;

function setCookie(name: string, value: string, expirationDaysOnWeb: number) {
  let expires = '';
  if (expirationDaysOnWeb) {
    let date = new Date();
    date.setTime(date.getTime() + expirationDaysOnWeb * 24 * 60 * 60 * 1000);
    // If on PC, set to not expire (max)
    expires = `expires=${IS_WEB ? date.toUTCString() : maxExpiration};`;
  }

  let cookie = `${name}=${value || ''}; ${expires} path=/; SameSite=Lax;`;
  if (isProduction) {
    cookie += ` domain=.${DOMAIN}; Secure;`;
  }

  document.cookie = cookie;
}

function getCookie(name: string) {
  const nameEQ = name + '=';
  const cookies = document.cookie.split(';');

  for (var i = 0; i < cookies.length; i++) {
    let cookie = cookies[i];
    while (cookie.charAt(0) === ' ') {
      cookie = cookie.substring(1, cookie.length);
    }

    if (cookie.indexOf(nameEQ) === 0) {
      return cookie.substring(nameEQ.length, cookie.length);
    }
  }
  return null;
}

function deleteCookie(name: string) {
  document.cookie = name + `=; Max-Age=-99999999; domain=.${DOMAIN}; path=/;`;

  // Legacy
  // Adding this here to delete any old cookies before we switched to . + DOMAIN
  // Remove this if you see it after July 1st, 2020
  document.cookie = name + `=; Max-Age=-99999999; domain=${DOMAIN}; path=/;`;
}

export const setSavedPassword = (value?: string, saveToDisk: boolean) => {
  return new Promise<*>(resolve => {
    const password = value === undefined || value === null ? '' : value;
    sessionPassword = password;

    if (saveToDisk) {
      if (password) {
        setCookie('saved-password', password, 14);
      } else {
        deleteSavedPassword();
      }
    }
  });
};

export const getSavedPassword = () => {
  return new Promise<*>(resolve => {
    if (sessionPassword) {
      resolve(sessionPassword);
    }

    return getKeychainPassword().then(p => resolve(p));
  });
};

export const getKeychainPassword = () => {
  return new Promise<*>(resolve => {
    let password;
    // @if TARGET='web'
    // In the future, this will be the only code in this function
    // Handling keytar stuff separately so we can easily rip it out later
    password = getCookie('saved-password');
    resolve(password);
    // @endif

    // @if TARGET='app'
    password = getCookie('saved-password');

    if (password) {
      resolve(password);
    } else {
      // No password saved in a cookie, get it from the keychain, then delete the value in the keychain
      ipcRenderer.once('get-password-response', (event, keychainPassword) => {
        resolve(keychainPassword);

        if (keychainPassword) {
          setSavedPassword(keychainPassword, true);
          ipcRenderer.send('delete-password');
        }
      });

      ipcRenderer.send('get-password');
    }
    // @endif
  });
};

export const deleteSavedPassword = () => {
  return new Promise<*>(resolve => {
    deleteCookie('saved-password');
    resolve();
  });
};

export const getAuthToken = () => {
  return getCookie('auth_token');
};

export const setAuthToken = (value: string) => {
  return setCookie('auth_token', value, 365);
};

export const deleteAuthToken = () => {
  return new Promise<*>(resolve => {
    deleteCookie('auth_token');
    resolve();
  });
};

export const doSignOutCleanup = () => {
  return new Promise<*>(resolve => {
    deleteCookie('auth_token');
    deleteCookie('saved-password');
    resolve();

    // @if TARGET='app'
    ipcRenderer.send('delete-auth-token');
    ipcRenderer.send('delete-password');
    // @endif;
  });
};

export const testKeychain = () => {
  // we should make sure it works on startup
};
don't lose subs/tags for existing users and don't opt them into sync automatically 2019-10-17 17:27:41 +02:00			`// @flow`
password saving 2019-08-28 04:35:07 +02:00			`import { ipcRenderer } from 'electron';`
use SameSite=Lax instead of Strict so cookies aren't lost when opening links 2019-11-20 21:57:38 +01:00			`import { DOMAIN } from 'config';`
recommit 2019-08-20 14:29:59 +02:00
fix: auth_cookie on localhost now being set 2019-11-27 16:18:43 +01:00			`const isProduction = process.env.NODE_ENV === 'production';`
feat: app image + cookie fix: password stuff 2020-01-15 05:34:28 +01:00			`const maxExpiration = 2147483647;`
first pass at sync for everyone 2019-10-15 23:23:51 +02:00			`let sessionPassword;`

cleanup 2020-01-16 23:03:41 +01:00			`function setCookie(name: string, value: string, expirationDaysOnWeb: number) {`
don't lose subs/tags for existing users and don't opt them into sync automatically 2019-10-17 17:27:41 +02:00			`let expires = '';`
cleanup 2020-01-16 23:03:41 +01:00			`if (expirationDaysOnWeb) {`
don't lose subs/tags for existing users and don't opt them into sync automatically 2019-10-17 17:27:41 +02:00			`let date = new Date();`
cleanup 2020-01-16 23:03:41 +01:00			`date.setTime(date.getTime() + expirationDaysOnWeb * 24 * 60 * 60 * 1000);`
feat: app image + cookie fix: password stuff 2020-01-15 05:34:28 +01:00			`// If on PC, set to not expire (max)`
			expires = `expires=${IS_WEB ? date.toUTCString() : maxExpiration};`;
don't lose subs/tags for existing users and don't opt them into sync automatically 2019-10-17 17:27:41 +02:00			`}`

fix: auth_cookie on localhost now being set 2019-11-27 16:18:43 +01:00			let cookie = `${name}=${value \|\| ''}; ${expires} path=/; SameSite=Lax;`;
			`if (isProduction) {`
			cookie += ` domain=.${DOMAIN}; Secure;`;
			`}`

			`document.cookie = cookie;`
don't lose subs/tags for existing users and don't opt them into sync automatically 2019-10-17 17:27:41 +02:00			`}`

			`function getCookie(name: string) {`
			`const nameEQ = name + '=';`
			`const cookies = document.cookie.split(';');`

			`for (var i = 0; i < cookies.length; i++) {`
			`let cookie = cookies[i];`
			`while (cookie.charAt(0) === ' ') {`
			`cookie = cookie.substring(1, cookie.length);`
			`}`

			`if (cookie.indexOf(nameEQ) === 0) {`
			`return cookie.substring(nameEQ.length, cookie.length);`
			`}`
			`}`
			`return null;`
			`}`

			`function deleteCookie(name: string) {`
add domain to deleteCookie function 2019-11-22 16:06:23 +01:00			document.cookie = name + `=; Max-Age=-99999999; domain=.${DOMAIN}; path=/;`;
try to delete old cookies too 2019-11-22 16:32:25 +01:00
			`// Legacy`
			`// Adding this here to delete any old cookies before we switched to . + DOMAIN`
			`// Remove this if you see it after July 1st, 2020`
			document.cookie = name + `=; Max-Age=-99999999; domain=${DOMAIN}; path=/;`;
don't lose subs/tags for existing users and don't opt them into sync automatically 2019-10-17 17:27:41 +02:00			`}`

			`export const setSavedPassword = (value?: string, saveToDisk: boolean) => {`
			`return new Promise<*>(resolve => {`
delete password if it's an empty string 2019-10-17 18:34:35 +02:00			`const password = value === undefined \|\| value === null ? '' : value;`
			`sessionPassword = password;`

			`if (saveToDisk) {`
			`if (password) {`
sync support on lbry.tv 2019-10-22 19:57:32 +02:00			`setCookie('saved-password', password, 14);`
delete password if it's an empty string 2019-10-17 18:34:35 +02:00			`} else {`
			`deleteSavedPassword();`
			`}`
redirect to password screen if toggling sync from settings page 2019-10-16 07:01:18 +02:00			`}`
onboarding + youtube transfer + channel page 2019-09-26 18:28:08 +02:00			`});`
recommit 2019-08-20 14:29:59 +02:00			`};`

password saving 2019-08-28 04:35:07 +02:00			`export const getSavedPassword = () => {`
don't lose subs/tags for existing users and don't opt them into sync automatically 2019-10-17 17:27:41 +02:00			`return new Promise<*>(resolve => {`
first pass at sync for everyone 2019-10-15 23:23:51 +02:00			`if (sessionPassword) {`
			`resolve(sessionPassword);`
			`}`
fix sign up not completing because it's waiting for the password 2019-12-21 01:07:59 +01:00
			`return getKeychainPassword().then(p => resolve(p));`
correctly checks savedPassword based on keychain 2019-12-19 23:35:12 +01:00			`});`
			`};`
first pass at sync for everyone 2019-10-15 23:23:51 +02:00
correctly checks savedPassword based on keychain 2019-12-19 23:35:12 +01:00			`export const getKeychainPassword = () => {`
			`return new Promise<*>(resolve => {`
cleanup 2020-01-16 23:03:41 +01:00			`let password;`
			`// @if TARGET='web'`
			`// In the future, this will be the only code in this function`
			`// Handling keytar stuff separately so we can easily rip it out later`
			`password = getCookie('saved-password');`
			`resolve(password);`
			`// @endif`

			`// @if TARGET='app'`
			`password = getCookie('saved-password');`

feat: app image + cookie fix: password stuff 2020-01-15 05:34:28 +01:00			`if (password) {`
onboarding + youtube transfer + channel page 2019-09-26 18:28:08 +02:00			`resolve(password);`
cleanup 2020-01-16 23:03:41 +01:00			`} else {`
			`// No password saved in a cookie, get it from the keychain, then delete the value in the keychain`
			`ipcRenderer.once('get-password-response', (event, keychainPassword) => {`
			`resolve(keychainPassword);`

			`if (keychainPassword) {`
			`setSavedPassword(keychainPassword, true);`
			`ipcRenderer.send('delete-password');`
			`}`
feat: app image + cookie fix: password stuff 2020-01-15 05:34:28 +01:00			`});`
cleanup 2020-01-16 23:03:41 +01:00
feat: app image + cookie fix: password stuff 2020-01-15 05:34:28 +01:00			`ipcRenderer.send('get-password');`
			`}`
use sdk preference endpoints 2019-10-15 06:20:12 +02:00			`// @endif`
onboarding + youtube transfer + channel page 2019-09-26 18:28:08 +02:00			`});`
			`};`

			`export const deleteSavedPassword = () => {`
don't lose subs/tags for existing users and don't opt them into sync automatically 2019-10-17 17:27:41 +02:00			`return new Promise<*>(resolve => {`
sync support on lbry.tv 2019-10-22 19:57:32 +02:00			`deleteCookie('saved-password');`
			`resolve();`
onboarding + youtube transfer + channel page 2019-09-26 18:28:08 +02:00			`});`
better flow 2019-08-26 22:18:30 +02:00			`};`
recommit 2019-08-20 14:29:59 +02:00
don't lose subs/tags for existing users and don't opt them into sync automatically 2019-10-17 17:27:41 +02:00			`export const getAuthToken = () => {`
			`return getCookie('auth_token');`
			`};`

			`export const setAuthToken = (value: string) => {`
			`return setCookie('auth_token', value, 365);`
			`};`

initial onboarding commit 2019-09-26 18:07:11 +02:00			`export const deleteAuthToken = () => {`
don't lose subs/tags for existing users and don't opt them into sync automatically 2019-10-17 17:27:41 +02:00			`return new Promise<*>(resolve => {`
add path when deleting cookie so logout always works 2019-10-24 17:00:36 +02:00			`deleteCookie('auth_token');`
onboarding + youtube transfer + channel page 2019-09-26 18:28:08 +02:00			`resolve();`
			`});`
password saving 2019-08-28 04:35:07 +02:00			`};`

only sign user out during sign in flow on the password prompt 2019-11-01 17:19:28 +01:00			`export const doSignOutCleanup = () => {`
delete wallet password too when logging out 2019-10-31 16:27:15 +01:00			`return new Promise<*>(resolve => {`
			`deleteCookie('auth_token');`
			`deleteCookie('saved-password');`
			`resolve();`
cleanup 2020-01-16 23:03:41 +01:00
			`// @if TARGET='app'`
			`ipcRenderer.send('delete-auth-token');`
			`ipcRenderer.send('delete-password');`
			`// @endif;`
delete wallet password too when logging out 2019-10-31 16:27:15 +01:00			`});`
			`};`

password saving 2019-08-28 04:35:07 +02:00			`export const testKeychain = () => {`
			`// we should make sure it works on startup`
rebase and comment out keytar 2019-08-27 21:11:56 +02:00			`};`