From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 plugins/enigma/enigma.js |  114 +++++++++++++++++++++++++++++++++++++++++++++++++++------
 1 files changed, 102 insertions(+), 12 deletions(-)

diff --git a/plugins/enigma/enigma.js b/plugins/enigma/enigma.js
index 21551e3..a5497f4 100644
--- a/plugins/enigma/enigma.js
+++ b/plugins/enigma/enigma.js
@@ -3,13 +3,10 @@
 window.rcmail && rcmail.addEventListener('init', function(evt) {
     if (rcmail.env.task == 'settings') {
         rcmail.register_command('plugin.enigma', function() { rcmail.goto_url('plugin.enigma') }, true);
-        rcmail.register_command('plugin.enigma-key-import', function() { rcmail.enigma_key_import() }, true);
-//        rcmail.register_command('plugin.enigma-key-export', function() { rcmail.enigma_key_export() }, true);
-        rcmail.register_command('plugin.enigma-key-delete', function(props) { return rcmail.enigma_key_delete(); });
 
         if (rcmail.gui_objects.keyslist) {
             rcmail.keys_list = new rcube_list_widget(rcmail.gui_objects.keyslist,
-                {multiselect:false, draggable:false, keyboard:false});
+                {multiselect:true, draggable:false, keyboard:false});
             rcmail.keys_list
                 .addEventListener('select', function(o) { rcmail.enigma_keylist_select(o); })
                 .addEventListener('keypress', function(o) { rcmail.enigma_keylist_keypress(o); })
@@ -28,7 +25,16 @@
             rcmail.register_command('search', function(props) {return rcmail.enigma_search(props); }, true);
             rcmail.register_command('reset-search', function(props) {return rcmail.enigma_search_reset(props); }, true);
             rcmail.register_command('plugin.enigma-import', function() { rcmail.enigma_import(); }, true);
-//            rcmail.register_command('plugin.enigma-export', function() { rcmail.enigma_export(); }, true);
+            rcmail.register_command('plugin.enigma-key-export', function() { rcmail.enigma_export(); });
+            rcmail.register_command('plugin.enigma-key-export-selected', function() { rcmail.enigma_export(true); });
+            rcmail.register_command('plugin.enigma-key-import', function() { rcmail.enigma_key_import(); }, true);
+            rcmail.register_command('plugin.enigma-key-delete', function(props) { return rcmail.enigma_delete(); });
+            rcmail.register_command('plugin.enigma-key-create', function(props) { return rcmail.enigma_key_create(); }, true);
+            rcmail.register_command('plugin.enigma-key-save', function(props) { return rcmail.enigma_key_create_save(); }, true);
+
+            rcmail.addEventListener('responseafterplugin.enigmakeys', function() {
+                rcmail.enable_command('plugin.enigma-key-export', rcmail.env.rowcount > 0);
+            });
         }
     }
     else if (rcmail.env.task == 'mail') {
@@ -41,6 +47,11 @@
                 e.stopPropagation();
             });
         }
+
+        $.each(['encrypt', 'sign'], function() {
+            if (rcmail.env['enigma_force_' + this])
+                $('[name="_enigma_' + this + '"]').prop('checked', true);
+        });
 
         if (rcmail.env.enigma_password_request) {
             rcmail.enigma_password_request(rcmail.env.enigma_password_request);
@@ -59,8 +70,72 @@
     this.enigma_loadframe('&_action=plugin.enigmakeys&_a=import');
 };
 
+// Display key(s) generation form
+rcube_webmail.prototype.enigma_key_create = function()
+{
+    this.enigma_loadframe('&_action=plugin.enigmakeys&_a=create');
+};
+
+// Generate key(s) and submit them
+rcube_webmail.prototype.enigma_key_create_save = function()
+{
+    var options, lock,
+        user = $('#key-ident > option').filter(':selected').text(),
+        password = $('#key-pass').val(),
+        confirm = $('#key-pass-confirm').val(),
+        size = $('#key-size').val();
+
+    // validate the form
+    if (!password || !confirm)
+        return alert(this.get_label('enigma.formerror'));
+
+    if (password != confirm)
+        return alert(this.get_label('enigma.passwordsdiffer'));
+
+    if (user.match(/^<[^>]+>$/))
+        return alert(this.get_label('enigma.nonameident'));
+
+    // generate keys
+    // use OpenPGP.js if browser supports required features
+    if (window.openpgp && window.crypto && (window.crypto.getRandomValues || window.crypto.subtle)) {
+        lock = this.set_busy(true, 'enigma.keygenerating');
+        options = {
+            numBits: size,
+            userId: user,
+            passphrase: password
+        };
+
+        openpgp.generateKeyPair(options).then(function(keypair) {
+            // success
+            var post = {_a: 'import', _keys: keypair.privateKeyArmored};
+
+            // send request to server
+            rcmail.http_post('plugin.enigmakeys', post, lock);
+        }, function(error) {
+            // failure
+            rcmail.set_busy(false, null, lock);
+            rcmail.display_message(rcmail.get_label('enigma.keygenerateerror'), 'error');
+        });
+    }
+    // generate keys on the server
+    else if (rcmail.env.enigma_keygen_server) {
+        lock = this.set_busy(true, 'enigma.keygenerating');
+        options = {_a: 'generate', _user: user, _password: password, _size: size};
+        rcmail.http_post('plugin.enigmakeys', options, lock);
+    }
+    else {
+        rcmail.display_message(rcmail.get_label('enigma.keygennosupport'), 'error');
+    }
+};
+
+// Action executed after successful key generation and import
+rcube_webmail.prototype.enigma_key_create_success = function()
+{
+    parent.rcmail.enigma_list(1);
+};
+
 // Delete key(s)
-rcube_webmail.prototype.enigma_key_delete = function()
+rcube_webmail.prototype.enigma_delete = function()
 {
     var keys = this.keys_list.get_selection();
 
@@ -72,6 +147,17 @@
 
     // send request to server
     this.http_post('plugin.enigmakeys', post, lock);
+};
+
+// Export key(s)
+rcube_webmail.prototype.enigma_export = function(selected)
+{
+    var keys = selected ? this.keys_list.get_selection().join(',') : '*';
+
+    if (!keys.length)
+        return;
+
+    this.goto_url('plugin.enigmakeys', {_a: 'export', _keys: keys}, false, true);
 };
 
 // Submit key(s) import form
@@ -98,11 +184,13 @@
 // list row selection handler
 rcube_webmail.prototype.enigma_keylist_select = function(list)
 {
-    var id;
-    if (id = list.get_single_selection())
-        this.enigma_loadframe('&_action=plugin.enigmakeys&_a=info&_id=' + id);
+    var id = list.get_single_selection(), url;
 
-    this.enable_command('plugin.enigma-key-delete', list.selection.length > 0);
+    if (id)
+        url = '&_action=plugin.enigmakeys&_a=info&_id=' + id;
+
+    this.enigma_loadframe(url);
+    this.enable_command('plugin.enigma-key-delete', 'plugin.enigma-key-export-selected', list.selection.length > 0);
 };
 
 rcube_webmail.prototype.enigma_keylist_keypress = function(list)
@@ -130,8 +218,8 @@
             return;
         }
 
-        this.set_busy(true);
-        frm.location.href = this.env.comm_path + '&_framed=1' + url;
+        this.env.frame_lock = this.set_busy(true, 'loading');
+        frm.location.href = this.env.comm_path + '&_framed=1&' + url;
     }
 };
 
@@ -210,6 +298,8 @@
     this.enigma_loadframe();
     if (this.keys_list)
         this.keys_list.clear(true);
+
+    this.enable_command('plugin.enigma-key-delete', 'plugin.enigma-key-delete-selected', false);
 }
 
 // Adds a row to the list

--
Gitblit v1.9.1