selfhosted
/
padloc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Apply requested changes, tweaking text, adding alert, adding and removing awaits.

This commit is contained in:
Bruno Bernardino 2022-08-02 07:49:15 +01:00
parent 8d0a255ce7
commit df18e71e6a
No known key found for this signature in database
GPG Key ID: D1B0A69ADD114ECE
5 changed files with 42 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
assets/email/failed-login-attempt.html
View File

@ -220,6 +220,19 @@
to remove potentially compromised devices from your trusted list
inside the app.
</p>
<p
style="
font-family: sans-serif;
font-size: 14px;
font-weight: normal;
margin: 0;
margin-bottom: 15px;
"
>
Note that if this happened on a trusted device, it was already
removed from the trusted devices list, automatically.
</p>
</td>
</tr>
</table>

2
assets/email/failed-login-attempt.txt
View File

@ -4,4 +4,6 @@ This is just an email to warn you that there was a failed attempt to login to yo
If this was you, there's no action necessary, otherwise you might want to make sure your trusted devices haven't been compromised, or to remove potentially compromised devices from your trusted list inside the app.
Note that if this happened on a trusted device, it was already removed from the trusted devices list, automatically.
This email was sent to you by Padloc (https://padloc.app). If you have any questions, please don't hesitate to contact us at support@padloc.app!

18
packages/app/src/elements/settings-security.ts
View File

@ -147,12 +147,12 @@ export class SettingsSecurity extends StateMixin(Routing(LitElement)) {
}
}
private _updateSettings() {
app.setSettings({
private async _updateSettings() {
await app.setSettings({
autoLock: (this.renderRoot.querySelector("#autoLockButton") as ToggleButton).active,
autoLockDelay: (this.renderRoot.querySelector("#autoLockDelaySlider") as Slider).value,
});
app.updateAccount(async (account) => {
await app.updateAccount(async (account) => {
account.settings.securityReport.weakPasswords = (
this.renderRoot.querySelector("#securityReportWeakToggle") as ToggleButton
).active;
@ -169,7 +169,7 @@ export class SettingsSecurity extends StateMixin(Routing(LitElement)) {
this.renderRoot.querySelector("#newLoginsNotificationsToggle") as ToggleButton
).active;
});
auditVaults();
await auditVaults();
}
private async _addAuthenticator() {
@ -705,7 +705,7 @@ export class SettingsSecurity extends StateMixin(Routing(LitElement)) {
.label=${html`<div class="horizontal center-aligning spacing layout">
<pl-icon icon="weak"></pl-icon>
<div>${$l("Weak Passwords")}</div>
</div>` as TemplateResult}
</div>`}
reverse
>
</pl-toggle-button>
@ -719,7 +719,7 @@ export class SettingsSecurity extends StateMixin(Routing(LitElement)) {
.label=${html`<div class="horizontal center-aligning spacing layout">
<pl-icon icon="reused"></pl-icon>
<div>${$l("Reused Passwords")}</div>
</div>` as TemplateResult}
</div>`}
reverse
>
</pl-toggle-button>
@ -733,7 +733,7 @@ export class SettingsSecurity extends StateMixin(Routing(LitElement)) {
.label=${html`<div class="horizontal center-aligning spacing layout">
<pl-icon icon="compromised"></pl-icon>
<div>${$l("Compromised Passwords")}</div>
</div>` as TemplateResult}
</div>`}
reverse
>
</pl-toggle-button>
@ -755,7 +755,7 @@ export class SettingsSecurity extends StateMixin(Routing(LitElement)) {
.label=${html`<div class="horizontal center-aligning spacing layout">
<pl-icon icon="weak"></pl-icon>
<div>${$l("Failed Login Attempts")}</div>
</div>` as TemplateResult}
</div>`}
reverse
>
</pl-toggle-button>
@ -769,7 +769,7 @@ export class SettingsSecurity extends StateMixin(Routing(LitElement)) {
.label=${html`<div class="horizontal center-aligning spacing layout">
<pl-icon icon="weak"></pl-icon>
<div>${$l("New Logins (on new or untrusted devices)")}</div>
</div>` as TemplateResult}
</div>`}
reverse
>
</pl-toggle-button>

4
packages/app/src/elements/unlock.ts
View File

@ -218,6 +218,10 @@ export class Unlock extends StartForm {
if (this._failedCount > 3) {
await this.app.logout();
router.go("login");
alert($l("Failed to unlock too many times. You will have to login again."), {
title: $l("Failed To Unlock"),
type: "warning",
});
return;
}
this._errorMessage = $l("Wrong password! Please try again.");

25
packages/core/src/server.ts
View File

@ -600,17 +600,20 @@ export class Controller extends API {
this.log("account.createSession", { success: false });
++srpState.failedAttempts;
await this.storage.save(auth);
if (srpState.failedAttempts >= 5 && acc.settings.notifications.failedLoginAttempts) {
try {
const location = this._buildLocationAndDeviceString(this.context.location, this.context.device);
await this.messenger.send(acc.email, new FailedLoginAttemptMessage({ location }));
// Remove trusted device, if it was (after email as this can throw if the device was already removed)
if (this.context.device) {
if (srpState.failedAttempts >= 5) {
if (this.context.device) {
try {
await this.removeTrustedDevice(this.context.device.id);
}
} catch (e) {}
} catch (e) {}
}
if (acc.settings.notifications.failedLoginAttempts) {
try {
const location = this._buildLocationAndDeviceString(this.context.location, this.context.device);
this.messenger.send(acc.email, new FailedLoginAttemptMessage({ location }));
} catch (e) {}
}
}
throw new Err(ErrorCode.INVALID_CREDENTIALS);
}
@ -644,7 +647,7 @@ export class Controller extends API {
try {
const location = this._buildLocationAndDeviceString(this.context.location, this.context.device);
await this.messenger.send(acc.email, new NewLoginMessage({ location }));
this.messenger.send(acc.email, new NewLoginMessage({ location }));
} catch (e) {}
}
}