Duplicati/Server/webroot/login/login.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

$(document).ready(function() {
    var processing = false;

    $('#login-button').click(function() {

        if (processing)
            return;

        processing = true;

        // First we grab the nonce and salt
        $.ajax({
            url: '/login.cgi',
            type: 'GET',
            dataType: 'json',
            data: {'get-nonce': 1}
        })
        .done(function(data) {
            var saltedpwd = CryptoJS.SHA256(CryptoJS.enc.Hex.parse(CryptoJS.enc.Utf8.parse($('#login-password').val()) + CryptoJS.enc.Base64.parse(data.Salt)));

            var noncedpwd = CryptoJS.SHA256(CryptoJS.enc.Hex.parse(CryptoJS.enc.Base64.parse(data.Nonce) + saltedpwd)).toString(CryptoJS.enc.Base64);

            $.ajax({
                url: '/login.cgi',
                type: 'GET',
                dataType: 'json',
                data: {'password': noncedpwd }
            })
            .done(function(data) {
                window.location = '/';
            })
            .fail(function(data) {
                var txt = data;
                if (txt && txt.statusText)
                    txt = txt.statusText;
                alert('Login failed: ' + txt);
                processing = false;
            });
        })
        .fail(function(data) {
            var txt = data;
            if (txt && txt.statusText)
                txt = txt.statusText;

            alert('Failed to get nonce: ' + txt);
            processing = false;
        });


        return false;
    });

});