From 1d209c5064021d00a3c74521b142f4ccc47ae763 Mon Sep 17 00:00:00 2001 From: David Baker Date: Thu, 10 Jan 2019 14:12:43 +0000 Subject: [PATCH 1/2] Set backup niggles: 2 Don't tell the user their pasphrase doesn't match if it's correct so far --- .../keybackup/CreateKeyBackupDialog.js | 21 ++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/src/async-components/views/dialogs/keybackup/CreateKeyBackupDialog.js b/src/async-components/views/dialogs/keybackup/CreateKeyBackupDialog.js index c5a7ff558d..10b587b779 100644 --- a/src/async-components/views/dialogs/keybackup/CreateKeyBackupDialog.js +++ b/src/async-components/views/dialogs/keybackup/CreateKeyBackupDialog.js @@ -294,14 +294,21 @@ export default React.createClass({ _renderPhasePassPhraseConfirm: function() { const AccessibleButton = sdk.getComponent('elements.AccessibleButton'); + let matchText; + if (this.state.passPhraseConfirm === this.state.passPhrase) { + matchText = _t("That matches!"); + } else if (!this.state.passPhrase.startsWith(this.state.passPhraseConfirm)) { + // only tell them they're wrong if they've actually gone wrong. + // Security concious readers will note that if you left riot-web unattended + // on this screen, this would make it easy for a malicious person to guess + // your passphrase one letter at a time, but they could get this faster by + // just opening the browser's developer tools and reading it. + // Note that this includes not having typed anything at all. + matchText = _t("That doesn't match."); + } + let passPhraseMatch = null; - if (this.state.passPhraseConfirm.length > 0) { - let matchText; - if (this.state.passPhraseConfirm === this.state.passPhrase) { - matchText = _t("That matches!"); - } else { - matchText = _t("That doesn't match."); - } + if (matchText) { passPhraseMatch =
{matchText}
From b7252a0db997fc198e4a521c7b9108861ae53136 Mon Sep 17 00:00:00 2001 From: David Baker Date: Thu, 10 Jan 2019 18:13:04 +0000 Subject: [PATCH 2/2] Rephrase comment to make more sense --- .../views/dialogs/keybackup/CreateKeyBackupDialog.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/async-components/views/dialogs/keybackup/CreateKeyBackupDialog.js b/src/async-components/views/dialogs/keybackup/CreateKeyBackupDialog.js index 10b587b779..43c7f4bd69 100644 --- a/src/async-components/views/dialogs/keybackup/CreateKeyBackupDialog.js +++ b/src/async-components/views/dialogs/keybackup/CreateKeyBackupDialog.js @@ -303,7 +303,8 @@ export default React.createClass({ // on this screen, this would make it easy for a malicious person to guess // your passphrase one letter at a time, but they could get this faster by // just opening the browser's developer tools and reading it. - // Note that this includes not having typed anything at all. + // Note that not having typed anything at all will not hit this clause and + // fall through so empty box === no hint. matchText = _t("That doesn't match."); }