search

tannercollin / standardnotes-fs

Mount your Standard Notes as a filesystem.
GNU General Public License v3.0
148 stars 12 forks source link

suspected break when upgrading to SN 2.3.1 #8

Closed nickAtWybar closed 6 years ago

nickAtWybar commented 6 years ago

Hey Tanner, Logging an issue here. I believe that the only thing that's changed on my computer is an upgrade from SN 2.25 to 2.31. When I try mount SNFS, I encounter this now: image Wondering if you're able to replicate on your end with the latest update? Cheers - Nick

moughxyz commented 6 years ago

@tannercollin sorry, I've added another component to the end of each item. It's the JSON auth_params in base64 format. The reason was that if a user changed their password, or did a security update, and not all their items were resynced, it would be impossible to recover those items because the account's auth_params now no longer represent those old items. This is also safer since every item is now self-decryptable given a password, rather than relying on changing account auth_params.

Note that an item may or may not have these params. It's a "going forward" type thing, but not retrospectively applied to old items.

tannercollin commented 6 years ago

@mobitar thanks for the hint! I'm seeing the json: {"identifier":"standardnotes-fs@domain.com","pw_salt":null,"pw_cost":110000,"pw_nonce":"57b07c774dc29466858aceeef2eb8c181bf702ade1141ed8a817037d67f4db70","version":"003"}

So does this mean that if I detect that field, I should generate the encryption_key and auth_key locally and use those instead?

Won't this require me saving the user's password? Because the salt is generated from that nonce and then used with the password to generate the keys.

Would it be okay if I just ignored this new field entirely? If they have problems, they can just run a resync in an official client, right?

moughxyz commented 6 years ago

Yeah you can ignore it. SN clients aren't currently using them either. But we will most likely in the future, which is why it was safer to add them now.

The SN clients save your auth_params to disk after login/registration, so you don't need to save the password or recompute the params on the fly.

tannercollin commented 6 years ago

@nickAtWybar should be fixed in be58f5cad922a88db78d0efa885dc45a755f688b. Can you test it?

nickAtWybar commented 6 years ago

@tannercollin @mobitar great collab gents, works perfectly. Used (sudo pip3 install --upgrade ....). Thanks once again for your responsiveness and diligence.