hummusRecipe icon indicating copy to clipboard operation
hummusRecipe copied to clipboard

Published 20 hours ago verified publisher icon chunyenHuang

ownerPassword not set if userPassword if not provided

Open rafikhamid opened this issue 4 years ago • 2 comments

https://github.com/chunyenHuang/hummusRecipe/blob/54d334f00f8c0740952a8bb11034bde39d5cc42c/lib/encrypt.js#L91

I need to protect my PDF that has a watermark from being removed, while the PDF should not require a password when opened for read, I achieved that in HummusJS by setting ownerPassword with an empty userPassword like this :

hummus.recrypt('in.pdf', 'out.pdf', {
    userPassword: '',
    ownerPassword: 'secret',
    userProtectionFlag: 4
    });

Now with hummusRecipe, when I try the following code, the out.pdf is not protected in modification

recipe
    .encrypt({
        userPassword: '',
        ownerPassword: 'secret',
        userProtectionFlag: 4
    })
    .endPDF();

because 'userPassword' is not being provided to hummus in 'encryption_' in encrypt.js line 106 :

// At this stage : this.encryption_ = { password: 'secret', ownerPassword: 'secret', userProtectionFlag: 4 }
hummus.recrypt(tmp, this.output, this.encryption_);

and on documentation of HummusJS it is clearly mentionned that ownerPassword is only used when we pass userPassword:

/*
    hummus.recrypt(
        inOriginalPath/inOriginalStream,
        inNewPath/inNewStream,
        [options])

    options = 
    {
        password:
        version:
        compress:
        log:
        userPassword:
        ownerPassword: // must pass userPassword!
        userProtectionFlag: // must pass userPassword!
    }
*/

A workaround is to pass the options as is to HummusJS and not use the _getEncryptOptions method

/**
 * Encrypt the pdf
 * @name encrypt
 * @function
 * @memberof Recipe
 * @param {Object} options - The options
 * @param {string} [options.password] - The permission password.
 * @param {string} [options.ownerPassword] - The password for editing.
 * @param {string} [options.userPassword] - The password for viewing & encryption.
 * @param {number} [options.userProtectionFlag] - The flag for the security level.
 */
exports.encrypt = function encrypt(options = {}) {
    this.needToEncrypt = true;
    this.encryption_ = options; //this._getEncryptOptions(options); // THE WORKAROUND

    return this;
};

Can you please fix. Thanks

rafikhamid avatar Apr 28 '20 13:04 rafikhamid

Would you mimd put a PR for this since you already have investigated, thanks! @rafikhamid

chunyenHuang avatar Apr 30 '20 15:04 chunyenHuang

Hi @chunyenHuang I did not want to create a PR for this because my fix is to completely remove the method _getEncryptOptions(options); and I am not sure about the purpose of it, so removing it might break something. If you want me to remove it I can create a PR for it.

rafikhamid avatar Apr 30 '20 15:04 rafikhamid