From 50f4577074c903ce08da88dda5d7bc012f3f63b2 Mon Sep 17 00:00:00 2001
From: wwwredfish <wwwredfish@gmail.com>
Date: Mon, 8 Feb 2016 17:13:15 +0600
Subject: [PATCH] Don't show password hash in the settings page

---
 app/locales/en/translation.json                       |  2 ++
 .../apps/settings/show/templates/encryption.html      |  2 +-
 app/scripts/apps/settings/show/views/encryption.js    | 11 +++++++++--
 app/scripts/collections/modules/configs.js            |  5 +++--
 4 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/app/locales/en/translation.json b/app/locales/en/translation.json
index 0fd19e172..e0fddde5c 100644
--- a/app/locales/en/translation.json
+++ b/app/locales/en/translation.json
@@ -106,6 +106,8 @@
     "Download": "Download",
     "Everything": "Everything",
     "encryption": {
+        "provide password": "Please, provide your password",
+        "change password": "Type your password here to change it",
         "wait": "Please wait until the encryption is completed",
         "error": "Encryption error",
         "errorConfirm": "Error while decrypting data.\r\r If you changed encryption settings in another browser, **update your settings** in this browser too. Or try to import settings.\r\r And if you did not change anything, **try to login** again.",
diff --git a/app/scripts/apps/settings/show/templates/encryption.html b/app/scripts/apps/settings/show/templates/encryption.html
index 9f4502ea6..492cbde4c 100644
--- a/app/scripts/apps/settings/show/templates/encryption.html
+++ b/app/scripts/apps/settings/show/templates/encryption.html
@@ -12,7 +12,7 @@
     <div class="form-group">
         <label class="col-sm-2 control-label" for="encryptPass">{{ i18n('Encryption Password') }}</label>
         <div class="col-sm-10">
-            <input type="password" id="encryptPass" name="encryptPass" value="{{models.encryptPass.toString()}}" class="form-control" >
+            <input type="password" id="encryptPass" name="encryptPass" value="" placeholder="{{passwordText()}}" class="form-control" />
         </div>
     </div>
     <div class="form-group">
diff --git a/app/scripts/apps/settings/show/views/encryption.js b/app/scripts/apps/settings/show/views/encryption.js
index 95b9f94ca..03d40eb62 100644
--- a/app/scripts/apps/settings/show/views/encryption.js
+++ b/app/scripts/apps/settings/show/views/encryption.js
@@ -68,7 +68,14 @@ define([
                     }
 
                     return sjcl.codec.hex.fromBits(str);
-                }
+                },
+
+                passwordText: function() {
+                    if (this.models.encryptPass.length !== 0) {
+                        return $.t('encryption.change password');
+                    }
+                    return $.t('encryption.provide password');
+                },
             };
         },
 
@@ -93,7 +100,7 @@ define([
          * changed.
          */
         randomizeOnPassword: function() {
-            if (this.ui.password.val().trim() === this.collection.get('encryptPass').get('value').toString()) {
+            if (!this.ui.password.val().trim().length) {
                 return;
             }
 
diff --git a/app/scripts/collections/modules/configs.js b/app/scripts/collections/modules/configs.js
index 65fbad27a..76e838b6e 100644
--- a/app/scripts/collections/modules/configs.js
+++ b/app/scripts/collections/modules/configs.js
@@ -11,9 +11,10 @@ define([
     'q',
     'marionette',
     'backbone.radio',
+    'sjcl',
     'collections/modules/module',
     'collections/configs'
-], function(_, Q, Marionette, Radio, ModuleObject, Configs) {
+], function(_, Q, Marionette, Radio, sjcl, ModuleObject, Configs) {
     'use strict';
 
     /**
@@ -398,7 +399,7 @@ define([
             }
 
             // Additional check to make sure it's not the same password
-            var salt = Radio.request('encrypt', 'sha256', object.value);
+            var salt = sjcl.hash.sha256.hash(object.value);
             return (salt.toString() !== pass);
         },