github.com/cozy/cozy-stack@v0.0.0-20240603063001-31110fa4cae1/assets/scripts/new-password.js (about) 1 ;(function (w, d) { 2 if (!w.fetch || !w.Headers) return 3 4 const form = d.getElementById('new-pass-form') 5 const passField = d.getElementById('password-field') 6 const passInput = d.getElementById('password') 7 const hintField = d.getElementById('hint-field') 8 const hintInput = d.getElementById('hint') 9 const fromInput = d.getElementById('from') 10 const strength = d.getElementById('password-strength') 11 const submit = form.querySelector('[type=submit]') 12 const iterationsInput = d.getElementById('iterations') 13 const registerTokenInput = d.getElementById('register-token') 14 const resetTokenInput = d.getElementById('reset-token') 15 const csrfTokenInput = d.getElementById('csrf_token') 16 17 const querystring = new URLSearchParams(w.location.search) 18 const redirection = querystring.get('redirection') 19 20 form.addEventListener('submit', function (event) { 21 event.preventDefault() 22 23 const pass = passInput.value 24 const hint = hintInput.value 25 const salt = form.dataset.salt 26 const iterations = parseInt(iterationsInput.value, 10) 27 28 const tooltips = form.querySelectorAll('.invalid-tooltip') 29 for (const tooltip of tooltips) { 30 tooltip.classList.add('d-none') 31 } 32 33 if (hint === pass) { 34 w.showError(hintField, form.dataset.hintError) 35 return 36 } 37 38 if (strength.classList.contains('pass-weak')) { 39 w.showError(passField, form.dataset.passError) 40 return 41 } 42 43 submit.setAttribute('disabled', true) 44 45 let hashed, protectedKey 46 let headers = new Headers() 47 headers.append('Content-Type', 'application/x-www-form-urlencoded') 48 headers.append('Accept', 'application/json') 49 50 w.password 51 .hash(pass, salt, iterations) 52 .then((result) => { 53 hashed = result.hashed 54 return w.password.makeEncKey(result.masterKey) 55 }) 56 .then((key) => { 57 protectedKey = key.cipherString 58 return w.password.makeKeyPair(key.key) 59 }) 60 .then((pair) => { 61 const data = new URLSearchParams() 62 data.append('passphrase', hashed) 63 if (hint) { 64 data.append('hint', hint) 65 } 66 data.append('iterations', '' + iterations) 67 data.append('key', protectedKey) 68 data.append('public_key', pair.publicKey) 69 data.append('private_key', pair.privateKey) 70 if (registerTokenInput) { 71 data.append('register_token', registerTokenInput.value) 72 } 73 if (resetTokenInput) { 74 data.append('passphrase_reset_token', resetTokenInput.value) 75 } 76 if (fromInput) { 77 data.append('from', fromInput.value) 78 } 79 if (csrfTokenInput) { 80 data.append('csrf_token', csrfTokenInput.value) 81 } 82 if (redirection) { 83 data.append('redirection', redirection) 84 } 85 86 return fetch(form.action, { 87 method: 'POST', 88 headers: headers, 89 body: data, 90 credentials: 'same-origin', 91 }) 92 }) 93 .then((response) => { 94 return response.json().then((body) => { 95 if (response.status < 400) { 96 submit.innerHTML = '<span class="icon icon-check"></span>' 97 submit.classList.add('btn-done') 98 w.location = body.redirect 99 } else { 100 w.showError(passField, body.error) 101 } 102 }) 103 }) 104 .catch((err) => w.showError(passField, err)) 105 }) 106 107 submit.removeAttribute('disabled') 108 })(window, document)