crypto-pouch
crypto-pouch copied to clipboard
calvinmetcalf
Check if key is correct, throw exception if not.
I wanted a way to determine whether the provided password / key was correct, so I took a stab at it.
This is the general idea of what I'm looking for, but if there is an obviously better way to do it, then, by all means...
a couple things
- the decryption process will actually throw an error if the password is wrong because it will be unable to authenticate the document, a more descriptive error when decryption might be the way forward, this could then be done in userland with the app writter adding a special document for purposes of checking the password.
- thats not a very good way to handle errors in javascript, it looks like you wanted to create a custom error but you didn't inherit from an error class, last I checked subclassing errors in a cross platform way which preserves stack traces was more trouble then it was worth so your better off just doing
new Error('Invalid Password')
I will revisit this and see what I can get out of the decryption error. I'll see if I can post a recipe for doing this in userland.
I come from C++ land, and haven't learned the best way to do some of this stuff in JS, so thanks for the suggestion. I am finding that what constitutes "conventional best practice" in JS is all over the board, there seems to be rather less consensus than I am used to, so it's hard to judge from examples, etc. found while trying to teach myself.
yeah np one problem is that there are different browsers and such that have different capabiliteis, especially for errors.
If you use the wrong key, the error would get thrown here so that would be where you'd want to catch it and possibly deal with it.
What I'm seeing is: SyntaxError: Unexpected token �, which I had figured was coming from JSON.parse() there.
Where index.js:105 is the JSON.parse(out) call:
Err getting doc with wrong PW: [SyntaxError: Unexpected token �]
Stack: SyntaxError: Unexpected token �
at Object.parse (native)
at Object.decrypt [as outgoing] (/Users/aschamp/projects/crypto-pouch/index.js:105:16)
at outgoing (/Users/aschamp/projects/crypto-pouch/node_modules/transform-pouch/index.js:23:21)
at /Users/aschamp/projects/crypto-pouch/node_modules/transform-pouch/index.js:58:15
at process._tickCallback (node.js:402:9)
✗ opened database with bad password
---
operator: fail
Using this test case:
test('wrong_pass', function (t) {
t.plan(1);
var dbName = 'one';
var db = new PouchDB(dbName, {db: memdown});
db.crypto('bad_password').then(function (resp) {
return db.get('baz');
}).then(function (doc) {
console.log("Got doc with wrong password:", doc)
}).catch(function (err) {
console.log("Err getting doc with wrong PW:", err)
console.log("Stack:", err.stack)
}).then( function() {
t.fail('opened database with bad password')
}).catch(function (r) {
t.equals(r.name, 'InvalidPasswordException', ' fails setting up invalid password.')
})
});
ah so that is a bug that was just fixed in chacha-native so if you reinstall your deps it should throw the error in the correct place
Just fixed, indeed. : )
That did it, I get "Error: unable to authenticate" now, which I should be able to use in userland to confirm successful password.
I’ve created a PR (#32) that adds a "wrong password" so that you can use the error message to check if a given password is correct. You could then build a function yourself that adds a check document and looks for it. I’d say this is better solved in your app than in crypto-pouch core
