better welcome page; password-forgotten-feature; refs #32

9 years ago · 7977b29d2d
parent c8f4c8494c
commit 7977b29d2d
7 changed files with 102 additions and 17 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+2015-09-22 18:09  marc
+
+	* ChangeLog, cordova/config.xml.in,
+	  cordova/platforms/android/AndroidManifest.xml,
+	  cordova/platforms/android/res/xml/config.xml: fixed android
+	  problems; uninstall before update; closes #29
+
 2015-09-21 19:46  marc

 	* cordova/makefile.am: fix build error message
--- a/cordova/makefile.am
+++ b/cordova/makefile.am
@ -35,10 +35,10 @@ distclean-local:
 	-rm -r platforms/android/.gradle
 	for file in ${cordova_sources}; do \
 	  if test "@srcdir@/$${file}" != "$${file}" \
-	          -a -f "$${file}" \
-                  -a "@srcdir@" != "." \
-                  -a "@srcdir@" != "./"; then \
-	      chmod -R u+w "$${file}" && rm -r "$${file}"; \
+	          -a -e "$${file}" \
+	          -a "@srcdir@" != "." \
+	          -a "@srcdir@" != "./"; then \
+	    chmod -R u+w "$${file}" && rm -r "$${file}"; \
 	  fi; \
 	done

--- a/html/index.html.in
+++ b/html/index.html.in
@ -14,11 +14,11 @@

 <body>

-<div id="header">
+<div id="header" class="header">
  <h1>Safe Chat @PACKAGE_VERSION@</h1>
  <div id="togglemenu">
    <span id="username">[unknown]</span>
-    <img onclick="togglemenu()" src="menu.svg" />
+    <img id="menuicon" onclick="togglemenu()" src="menu.svg" />
  </div>
 </div>

@ -26,8 +26,9 @@
  <li onclick="backup()">Download Backup</li>
  <li class="toolbutton"><label for="restore">Restore Backup</label><input autocomplete="off" type="file" accept="*.bak" id="restore" /></li>
  <li id="groups" onclick="groups()">Edit Groups</li>
+  <li id="removeKey" style="display: none" onclick="removeKey()">Password Forgotten</li>
  <li id="android-download" href="safechat.apk"><a href="safechat.apk">Download Android-App</a></li>
-  <li href="https://dev.marc.waeckerlin.org/redmine/projects/safechat/embedded/index.html" target="_blank"><a href="https://dev.marc.waeckerlin.org/redmine/projects/safechat/embedded/index.html" target="_blank">About SafeChat</a></li>
+  <li href="https://dev.marc.waeckerlin.org/redmine/projects/safechat/embedded/index.html" target="_blank"><a href="https://dev.marc.waeckerlin.org/redmine/projects/safechat/embedded/index.html" target="_blank">About Safe Chat</a></li>
 </ul>
 <script type="text/javascript">
  $(function() { // on load: without cordova, remove andoid-download
--- a/html/login.php
+++ b/html/login.php
@ -34,11 +34,11 @@ try {
  if (!$verify) error("wrong identity");
  $q = $db->query("select * from user where name='$user' and pubkey='$pubkey';");
  if ($q->num_rows==1) {
-    success("user verified");
+    success("user $user found on server");
  } elseif ($q->num_rows==0) {
    $q = $db->query("insert into user (name, pubkey) values ('$user', '$pubkey');");
    if (!q) error("creation of user failed");
-    success("user created");
+    success("user $user created on server");
  } else {
    error("server database defect");
  }
--- a/html/newuser.html
+++ b/html/newuser.html
@ -1,8 +1,15 @@
-<h2>Register User (Step 1 of 1)</h2>
+<h2>Register User</h2>
+<p>All you need to start is a username and a password:</p>
 <form id="register" onsubmit="createkeypair(this.elements['user'].value, this.elements['pwd'].value)">
-  <input placeholder="user name" type="text" id="user" oninput="checkuser(this.value)"/>
+  <input placeholder="username" type="text" id="user" oninput="checkuser(this.value)"/>
  <input placeholder="password" type="password" id="pwd" oninput="checkpwd(this.value, document.getElementById('pwd2').value)"/>
  <input placeholder="repeat password" type="password" id="pwd2" oninput="checkpwd(document.getElementById('pwd').value, this.value)"/>
  <input id="createuser" type="submit" disabled/>
 </form>
 <p>Please chose any username, e.g. a pseudonym, your e-mail, your phone number, your real name, and chose a safe password.</p>
+<h2>What is Safe Chat?</h2>
+<p>Safe Chat is a chat program to protect your privacy. It is designed to be extremely easy to use, with all cool features, but with highest security through strong encryption. For more information, open «About Safe Chat» in the menu (<img style="height: 1em; border: 2px solid green; vertical-align: text-bottom; background-color: green" src="menu.svg" />) above.</p>
+<h2>Never forget your Password!</h2>
+<p>This messenger is absolutely secure. But on the other hand, that means, no one except you knows your password. No one can read your messages exept you, not even our administrator. It is technically impossible to restore a password. You would have to delete your account and create a new one. In that case, all messages are lost.</p>
+<h3>Keys and Password</h3>
+<p>Safe Chat internally uses OpenPGP for public/private-key encryption. Your password is not transfered to the server and not stored, it is used only to create and encrypt your private key. There are two keys, a secret private key, that is stored in the browser (or app) on your computer, encrypted with your password and not sent to the server. There is also public key, which is sent to the server and used by other users to encrypt messages that only you can read. You can backup and restore your keys and setings to and from a file. This is the only way to transfer your account to another browser or to computer. Do not delete your browser's local storage unless you have backed up your keys.</p>
--- a/html/safechat.css
+++ b/html/safechat.css
@ -20,6 +20,10 @@ form {
  flex-wrap: nowrap;
 }

+ul li {
+  margin-left: 1em;
+}
+
@media (max-width: 45em) {
  form {
    flex-direction: column;
@ -45,7 +49,10 @@ form input#msg {
 }
 .buttongroup .toolbutton {
  flex-grow: 1;
+  flex-basis: 0;
+  text-align: center;
  text-align: center;
+  cursor: pointer;
 }
 .toolbutton label img {
  height: 1.5em;
@ -53,6 +60,18 @@ form input#msg {
 .toolbutton input {
  display:none;
 }
+.toolbutton.bad:first-line,
+.toolbutton.good:first-line {
+  font-weight: bold;
+}
+.toolbutton.bad {
+  background-color: #f77;
+  border: 1px solid black;
+}
+.toolbutton.good {
+  background-color: #7f7;
+  border: 1px solid black;
+}

 table {
  width: 100%;
@ -65,6 +84,15 @@ td:last-child {
  flex:1; /* last td to fill remaining width */
 }

+.warning {
+  padding: 1em;
+  margin: 1em;
+  background-color: red;
+  color: yellow;
+  font-size: large;
+  border: 2px inset yellow;
+}
+
 #header {
  position: fixed;
  left: 0;
@ -112,6 +140,10 @@ td:last-child {
  color: black;
 }

+#menuicon {
+  cursor: pointer;
+}
+
 #menu {
  clear: both;
  padding: 2em 0em 1em 0em;
@ -121,6 +153,9 @@ td:last-child {
  list-style-type: none;
  border: 1px solid black;
 }
+#menu li {
+  margin-left: 0;
+}
 #menu a {
  text-decoration: inherit;
  color: inherit;
--- a/html/safechat.js
+++ b/html/safechat.js
@ -112,7 +112,8 @@ function success(text) {
 function status(text, msg) {
    $("#main").fadeOut("slow", function() {
        $("#main").html(text);
-        success(msg);
+        if (msg) success(msg);
+        else setTimeout("$('#status').fadeOut('slow')", 5000);
        $("#main").fadeIn("slow", function() {
            $("form input:first-child").focus();
        })
@ -154,7 +155,7 @@ function togglemenu() {
 /// Download Profile Backup
 function backup() {
    getLoopStop();
-    status("<p>Starting backup download ...</p>");
+    status("<p>Starting backup download ...</p>", "");
    var download = document.createElement('a');
    download.href = 'data:attachment/text,'+encodeURI(JSON.stringify(localStorage));
    download.target = '_blank';
@ -162,7 +163,7 @@ function backup() {
    var now = new Date();
    download.download =
        pad(now.getFullYear())+pad(now.getMonth()+1)+pad(now.getDate())+
-        "-safechat.bak";
+        "-"+userid()+"@"+window.location.hostname+".bak";
    var clickEvent = new MouseEvent("click", {
        "view": window,
        "bubbles": true,
@ -176,7 +177,7 @@ function backup() {
 /// Upload Profile Backup
 function restore(evt) {
    getLoopStop();
-    status("<p>Starting backup restore ...</p>");
+    status("<p>Starting backup restore ...</p>", "");
    if (!window.FileReader)
        return error("your browser dows not support file upload", true);
    for (var i=0, f; f=evt.target.files[i]; ++i) {
@ -532,8 +533,12 @@ function sendmessage(recv, txt) {
    @param pwd The password to check. */
 function setpw(pwd) {
    if (privateKey().keys[0].decrypt(pwd)) {
+        success("password matches");
+        $("#removeKey").hide();
        password = pwd;
        chat();
+    } else {
+        notice("password does not match");
    }
 }

@ -543,18 +548,47 @@ function setpw(pwd) {
    setpw() continues automatically. No submit is required by the
    user. */
 function getpwd() {
+    $("#removeKey").show();
    status('<form>'+
-           '    <input placeholder="password for '+userid()+
+           '    <input placeholder="please enter password for user '+userid()+
           '" id="pwd" oninput="setpw(this.value)" type="password" />'+
           '</form>');
 }

+function deleteUser() {
+    var uid = userid();
+    localStorage.pubKey = null;
+    localStorage.privKey = null;
+    error("user "+uid+" permanentely lost");
+    status("Deleted User: "+uid);
+}
+
+function removeKey() {
+    togglemenu();
+    $("#removeKey").hide();
+    status('<h2>Password Forgotten</h2>'+
+           '<div class="warning"><strong>Warning!</strong>'+
+           '<ul><li>You loose all messages.</li>'+
+           '<li>You loose your account name <em>«'+userid()+'»</em>.</li>'+
+           '<li>You should backup now, before you continue!</li></ul></div>'+
+           '<p>You can only remove your local data. '+
+           'You will have to create a new account with a new name on the server. '+
+           'This means, you loose all your messages and you loose your account '+
+           'name <em>«'+userid()+'»</em> forever. '+
+           'This chat program is secure, nobody can restore your password. '+
+           'Without password, you can\'t prove, that you are <em>«'+userid()+'»</em>.</p>'+
+           '<div class="buttongroup"><p class="toolbutton bad" onclick="deleteUser()">'+
+           'Yes, I really forgot my password.<br/>I want to loose my data to get a new account.</p>'+
+           '<p class="toolbutton good" onclick="start()">'+
+           'No, bring me back!.<br/>I\'ll try to remember my password.</p></div>', "");
+}
+
 /// Main Chat Window
 /** Gets chat widgets from server and displays them. Starts timer for
    get() which polls for new messages. */
 function chat() {
+    $("#username").html(userid()+"@"+window.location.hostname);
    if (!password) return getpwd();
-    $("#username").html(userid()+"@safechat.ch");
    $.ajax({url: "chat.html", success: function(res) {
        status(res);
        getLoop(2000);
@ -607,6 +641,7 @@ function newuser() {
 /// Initial Function: Startup
 /** Decide whether to login or to create a new user */
 function start() {
+    $("#menu").hide();
    try {
        status("Starting up ...");
        if (!userid()) {