self-hosted/joplin
1
0
Fork 0
mirror of https://github.com/laurent22/joplin.git synced 2024-12-24 10:27:10 +02:00
Code Issues Releases Activity

All: Fixes #6645: Do not encrypt non-owned note if it was not shared encrypted

Browse Source
This commit is contained in:
Laurent Cozic 2022-07-12 11:28:48 +01:00
parent 0b3c4edb92
commit 06d5feaa63
4 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/lib/models/BaseItem.ts
View File

@ -418,7 +418,7 @@ export default class BaseItem extends BaseModel {
const share = item.share_id ? await this.shareService().shareById(item.share_id) : null; const share = item.share_id ? await this.shareService().shareById(item.share_id) : null;
const serialized = await ItemClass.serialize(item, shownKeys); const serialized = await ItemClass.serialize(item, shownKeys);
if (!getEncryptionEnabled() || !ItemClass.encryptionSupported() || !itemCanBeEncrypted(item)) { if (!getEncryptionEnabled() || !ItemClass.encryptionSupported() || !itemCanBeEncrypted(item, share)) {
// Normally not possible since itemsThatNeedSync should only return decrypted items // Normally not possible since itemsThatNeedSync should only return decrypted items
if (item.encryption_applied) throw new JoplinError('Item is encrypted but encryption is currently disabled', 'cannotSyncEncrypted'); if (item.encryption_applied) throw new JoplinError('Item is encrypted but encryption is currently disabled', 'cannotSyncEncrypted');
return serialized; return serialized;

2
packages/lib/models/Resource.ts
View File

@ -207,7 +207,7 @@ export default class Resource extends BaseItem {
const share = resource.share_id ? await this.shareService().shareById(resource.share_id) : null; const share = resource.share_id ? await this.shareService().shareById(resource.share_id) : null;
if (!getEncryptionEnabled() || !itemCanBeEncrypted(resource as any)) { if (!getEncryptionEnabled() || !itemCanBeEncrypted(resource as any, share)) {
// Normally not possible since itemsThatNeedSync should only return decrypted items // Normally not possible since itemsThatNeedSync should only return decrypted items
if (resource.encryption_blob_encrypted) throw new Error('Trying to access encrypted resource but encryption is currently disabled'); if (resource.encryption_blob_encrypted) throw new Error('Trying to access encrypted resource but encryption is currently disabled');
return { path: plainTextPath, resource: resource }; return { path: plainTextPath, resource: resource };

13
packages/lib/models/utils/itemCanBeEncrypted.ts
View File

@ -1,5 +1,14 @@
import { BaseItemEntity } from '../../services/database/types'; import { BaseItemEntity } from '../../services/database/types';
import { StateShare } from '../../services/share/reducer';
export default function(resource: BaseItemEntity): boolean { export default function(item: BaseItemEntity, share: StateShare): boolean {
return !resource.is_shared; // Note has been published - currently we don't encrypt
if (item.is_shared) return false;
// Item has been shared with user, but sharee is not encrypting his notes,
// so we shouldn't encrypt it either. Otherwise sharee will not be able to
// view the note anymore. https://github.com/laurent22/joplin/issues/6645
if (item.share_id && (!share || !share.master_key_id)) return false;
return true;
} }

1
packages/lib/services/share/ShareService.test.ts
View File

@ -140,6 +140,7 @@ describe('ShareService', function() {
expect(await MasterKey.count()).toBe(1); expect(await MasterKey.count()).toBe(1);
let { folder, note, resource } = await testShareFolder(shareService); let { folder, note, resource } = await testShareFolder(shareService);
await Folder.updateAllShareIds(resourceService());
// The share service should automatically create a new encryption key // The share service should automatically create a new encryption key
// specifically for that shared folder // specifically for that shared folder