From f620ec086d0cf755f0921fbc82b0971698473697 Mon Sep 17 00:00:00 2001
From: Martin Kleinschrodt <martin@maklesoft.com>
Date: Thu, 28 Jul 2022 13:50:55 +0200
Subject: [PATCH] Force-logout older clients and reject any future requests

---
 packages/core/src/server.ts | 18 +++++++++++++++++-
 packages/core/src/util.ts   | 14 ++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/packages/core/src/server.ts b/packages/core/src/server.ts
index 7c4ea431..44555767 100644
--- a/packages/core/src/server.ts
+++ b/packages/core/src/server.ts
@@ -52,7 +52,7 @@ import {
 } from "./messenger";
 import { Server as SRPServer, SRPSession } from "./srp";
 import { DeviceInfo, getCryptoProvider } from "./platform";
-import { getIdFromEmail, uuid, removeTrailingSlash } from "./util";
+import { getIdFromEmail, uuid, removeTrailingSlash, compareVersions } from "./util";
 import { loadLanguage } from "@padloc/locale/src/translate";
 import { Logger, VoidLogger } from "./logging";
 import { PBES2Container } from "./container";
@@ -86,6 +86,9 @@ export class ServerConfig extends Config {
     @ConfigParam()
     scimServerUrl = "http://localhost:5000";
 
+    @ConfigParam()
+    oldestAllowedVersion = "4.0.0";
+
     constructor(init: Partial<ServerConfig> = {}) {
         super();
         Object.assign(this, init);
@@ -176,6 +179,11 @@ export class Controller extends API {
             }
         }
 
+        // Force-logout v3 clients
+        if (compareVersions(session.device?.appVersion || "", this.config.oldestAllowedVersion) < 0) {
+            throw new Err(ErrorCode.SESSION_EXPIRED);
+        }
+
         // Reject expired sessions
         if (session.expires && session.expires < new Date()) {
             throw new Err(ErrorCode.SESSION_EXPIRED);
@@ -1956,6 +1964,14 @@ export class Server {
             const controller = this.makeController(context);
             await controller.authenticate(req, context);
 
+            // Reject requests from older clients
+            if (compareVersions(req.device?.appVersion || "", this.config.oldestAllowedVersion) < 0) {
+                throw new Err(
+                    ErrorCode.UNSUPPORTED_VERSION,
+                    "This version of Padloc is no longer supported. Please download the latest version from https://docs.padloc.app/downloads. We appologize for the inconvenience!"
+                );
+            }
+
             const done = await this._addToQueue(context);
 
             try {
diff --git a/packages/core/src/util.ts b/packages/core/src/util.ts
index 82b1a14d..5e1955cd 100644
--- a/packages/core/src/util.ts
+++ b/packages/core/src/util.ts
@@ -231,3 +231,17 @@ export function setPath(obj: any, path: string, value: any) {
         obj[path] = value;
     }
 }
+
+export function compareVersions(a: string, b: string) {
+    function norm(version: string): string {
+        return version
+            .split(".")
+            .map((part) => part.padStart(3, "0"))
+            .join();
+    }
+
+    const normedA = norm(a);
+    const normedB = norm(b);
+
+    return normedA < normedB ? -1 : normedA > normedB ? 1 : 0;
+}