add option for incomplete share links

unverbuggt · unverbuggt · commit 9173c5812b57 · 2024-01-14T21:40:25.000+01:00
diff --git a/README.md b/README.md
@@ -467,7 +467,7 @@ plugins:
 ### Share link generation
 
 It is possible to share valid credentials by adding them to the hash part of the URL.
-The plugin can also generate share links for certain pages if the metag tag `sharelink: true`
+The plugin can also generate share links for certain pages if the meta tag `sharelink: true`
 is defined in markdown.
 It will use the first credential for the pages level or the pages password.
 The credentials for auto-generated links are base64url encoded.
@@ -487,6 +487,17 @@ However if `sharelinks: True` is enabled in the plugin configuration you can gen
 > Then another condition applies: If non-aphanumeric characters are used in user/password,
 > they need to be URLencoded (f.ex. %20 = space character). Some browsers may do that automatically (Do a copy/paste from the browsers address bar then).
 
+#### Incomplete Share links
+
+Since version 3.0.3 it is possible to leave out one part of the password when share links are generated via meta tag.
+To do this use the ":" character in a password to divide the part that is incorporated to the share link and the part that remains secret,
+like "PartThatIsEncodedToTheShareLink:PartThatRemainsSecret". 
+The feature is enabled by setting the option `sharelinks_incomplete: true`.
+If the password that is read from the share link ends with the ":" character, then an additional password input field is displayed for entering the secret part.
+
+> If the feature is used, then passwords must not end with the ":" character.
+
+
 ### Storage of additional variables in keystore
 
 Since version 3.0.3 it is possible to set arbitrary session store variables after decryption.
diff --git a/documentation/docs/features/index.md b/documentation/docs/features/index.md
@@ -124,7 +124,7 @@ plugins:
 ### Share link generation
 
 It is possible to share valid credentials by adding them to the hash part of the URL.
-The plugin can also generate share links for certain pages if the metag tag `sharelink: true`
+The plugin can also generate share links for certain pages if the meta tag `sharelink: true`
 is defined in markdown.
 It will use the first credential for the pages level or the pages password.
 The credentials for auto-generated links are base64url encoded.
@@ -144,6 +144,17 @@ However if `sharelinks: True` is enabled in the plugin configuration you can gen
 > Then another condition applies: If non-aphanumeric characters are used in user/password,
 > they need to be URLencoded (f.ex. %20 = space character). Some browsers may do that automatically (Do a copy/paste from the browsers address bar then).
 
+#### Incomplete Share links
+
+Since version 3.0.3 it is possible to leave out one part of the password when share links are generated via meta tag.
+To do this use the ":" character in a password to divide the part that is incorporated to the share link and the part that remains secret,
+like "PartThatIsEncodedToTheShareLink:PartThatRemainsSecret". 
+The feature is enabled by setting the option `sharelinks_incomplete: true`.
+If the password that is read from the share link ends with the ":" character, then an additional password input field is displayed for entering the secret part.
+
+> If the feature is used, then passwords must not end with the ":" character.
+
+
 ### Storage of additional variables in keystore
 
 Since version 3.0.3 it is possible to set arbitrary session store variables after decryption.
diff --git a/documentation/docs/testbench/userpass1.de.md b/documentation/docs/testbench/userpass1.de.md
@@ -9,7 +9,7 @@ sharelink: true
 Es ist möglich diese Seite mit einem der folgenden Benutzername/Passwort Kombinationen zu entschlüsseln:
 
   - alice: Racoon Superstore obnoxious23
-  - bob: AbidingScooterRuinedCCCactus
+  - bob: AbidingScooterRuinedCC:Cactus
   - carol: Worry-Bony-Glide-Mace!
   - carlos: Arre5tConfused Pentagon
   - charlie: gear.code.blonde.at0ll
@@ -27,7 +27,7 @@ Wenn einer der unteren vier Benutzer eingegeben wird, dann wird auch [Benutzerna
 Eines dieser Benutzername/Passwort Kombinationen **wurde** verwendet um diese Seite zu entschlüsseln:
 
   - alice: Racoon Superstore obnoxious23
-  - bob: AbidingScooterRuinedCCCactus
+  - bob: AbidingScooterRuinedCC:Cactus
   - carol: Worry-Bony-Glide-Mace!
   - carlos: Arre5tConfused Pentagon
   - charlie: gear.code.blonde.at0ll
diff --git a/documentation/docs/testbench/userpass1.md b/documentation/docs/testbench/userpass1.md
@@ -8,7 +8,7 @@ delete_id: teaser
 The following user/passwords are valid to decrypt this page:
 
   - alice: Racoon Superstore obnoxious23
-  - bob: AbidingScooterRuinedCCCactus
+  - bob: AbidingScooterRuinedCC:Cactus
   - carol: Worry-Bony-Glide-Mace!
   - carlos: Arre5tConfused Pentagon
   - charlie: gear.code.blonde.at0ll
@@ -26,7 +26,7 @@ If you use one of the last four users, you'd also be able to decrypt [User/Passw
 One of the following user/passwords **were** used to decrypt this page:
 
   - alice: Racoon Superstore obnoxious23
-  - bob: AbidingScooterRuinedCCCactus
+  - bob: AbidingScooterRuinedCC:Cactus
   - carol: Worry-Bony-Glide-Mace!
   - carlos: Arre5tConfused Pentagon
   - charlie: gear.code.blonde.at0ll
diff --git a/documentation/encryptcontent.cache b/documentation/encryptcontent.cache
@@ -12,8 +12,7 @@ password:
   SpotChestOilCycle22: 0155d08357940a620f4048ffcd66a3aa3be257d46e52d20098b026e2e2348f47;e1f147135505838c5e8d4bebd144c66f;6f166999fdb5968851efd563c9231546c349da41281db994ec67cc1eeef05c5e
   "TeGhD9aq\xDFQnHujmLdsa": a624d0f0390ac17556fa18cabc07fefc262641651e1b669448d19ab10a0f87f3;a5406e022938a90a7a4799fc641f2bbf;46ac08a4fdc9e7dcfd21bc4645e036d42bcf8c7c497a13d5e95f38aa67e29e1a
   "WOgh0\xDCwyKHoc*I_das": 9962c6b45cf7e0405304113014c15edc34f9d09538121e790089f7954a953961;53875d959cd9e911dcf442085c176353;2a9afc1fa2f32b7eb75c9052cc0c9978c4808763118afdb6e1baa2e1f365f04d
-  "[Qw1=s.GK}:LuJ}sd\xF6dsa": d5570bb9ef13babc4ed053d335b702fc8f5e99a70d7975d78664c4573c537540;4341d368a8773909284dba2a4e5e32eb;b9d817f5c19914000dc0d2a23a7092da41eb37ff52869850d6ec0ec9f7711d9c
-  "gncku\xE4shfliglkffhbvrG": 23cbb6650d67cb3ef3ef10f9cb87a3d10e066eef77a50a0e881a45d0e027b659;c934236bb1cb958d0a0a997061d7b1a0;c812e6cdd92c6db897b4382007c625c476df60a756b751b685440729c4cbaaca
+  "gncku\xE4shfliglkffhbvrG:Wurst": 96cc0e8b569ce4fa9031d1c2f1bf541c7f89f14029d636cfd52d9d522ace5935;61b1f50904c93f99f75d94a07310cd9f;ccda65e51e9b4643dc381fae28c25dc882989da4fdcbdeb0807479a7b7b25231
   m00dy#augmented#Arsonist: ec59d0f5889f8a91ec6a5a4cf9de9c1e1c91af08e4b80822a763cc8a23fc30ec;73a844548f0eac55ffc5e3a293e42c0e;afe95398efc93acd6e37c1bb185e6b07d7ab944aea5a60c6187c717db8673bd5
   moist:W00l:kept:royal: 4e85a7361fcb8c8f9f0aebc4bae5506eb465b6b1ad115020956073fb8d7c7d4c;dd0d280832d255fb65d6a0c440c235f8;4bb6ed11fa82cb2f1c9b3ad5dd092e740adfa356fb49102793979fdb7181d1ac
   "yDAHKmYjmCsA\xE9kUChasd": c04d21a4eaad20c990773f9e2ec2f0525e762f9339145a7108e23e6a1538ed26;15f36cd61fcd1f72582aa424c3277675;0859304b34a323dd4388e6a7ff248f51dd8ca88d49804cb05dca84d92d2383dd
diff --git a/documentation/mkdocs.yml b/documentation/mkdocs.yml
@@ -127,7 +127,7 @@ plugins:
           myToc: [div, id]
           myTocButton: [div, id]
         search_index: 'dynamically' #dynamically
-        password_button: True
+        password_button: true
         selfhost: true
         selfhost_download: true
         selfhost_dir: 'theme_override'
@@ -137,6 +137,7 @@ plugins:
         password_file: 'passwords.yml'
         additional_storage_file: 'additional_storage.yaml'
         sharelinks: true
+        sharelinks_incomplete: true
         #kdf_pow: 4
         webcrypto: true
         sign_files: 'encryptcontent-plugin.json'
diff --git a/documentation/passwords.yml b/documentation/passwords.yml
@@ -17,7 +17,7 @@ onlypasswords2:
 
 user_and_passwords1:
   alice: 'Racoon Superstore obnoxious23'
-  bob: 'AbidingScooterRuinedCCCactus'
+  bob: 'AbidingScooterRuinedCC:Cactus'
   carol: 'Worry-Bony-Glide-Mace!'
   carlos: 'Arre5tConfused Pentagon'
   charlie: 'gear.code.blonde.at0ll'
@@ -31,8 +31,9 @@ user_and_passwords2:
   dave: 'nuClear_lullaby_unveiled_g4rlic'
   david: 'establishRelishBlushV3nus'
 
-test1: '[Qw1=s.GK}:LuJ}sdödsa'
-test2: 'gnckuäshfliglkffhbvrG'
+test1:
+  bob: 'AbidingScooterRuinedCC:Cactus'
+test2: 'gnckuäshfliglkffhbvrG:Wurst'
 test3: 'yDAHKmYjmCsAékUChasd'
 test4: 'TeGhD9aqßQnHujmLdsa'
 test5: 'WOgh0ÜwyKHoc*I_das'
diff --git a/documentation/sharelinks.txt b/documentation/sharelinks.txt
@@ -1,12 +1,12 @@
 https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/obfuscate/#ITpDcmF3bGVyIGJlIGdvbmUh
 https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/onlypasswords1/#ITpDbGlxdWUuU2hhbXBvby5WZTU1ZWw
-https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/test1/#ITpbUXcxPXMuR0t9Okx1Sn1zZMO2ZHNh
-https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/test2/#ITpnbmNrdcOkc2hmbGlnbGtmZmhidnJH
+https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/test1/#IWJvYjpBYmlkaW5nU2Nvb3RlclJ1aW5lZENDOg
+https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/test2/#ITpnbmNrdcOkc2hmbGlnbGtmZmhidnJHOg
 https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/test3/#ITp5REFIS21Zam1Dc0HDqWtVQ2hhc2Q
 https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/test4/#ITpUZUdoRDlhccOfUW5IdWptTGRzYQ
 https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/testbench/test5/#ITpXT2doMMOcd3lLSG9jKklfZGFz
-https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/de/testbench/test1/#ITpbUXcxPXMuR0t9Okx1Sn1zZMO2ZHNh
-https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/de/testbench/test2/#ITpnbmNrdcOkc2hmbGlnbGtmZmhidnJH
+https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/de/testbench/test1/#IWJvYjpBYmlkaW5nU2Nvb3RlclJ1aW5lZENDOg
+https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/de/testbench/test2/#ITpnbmNrdcOkc2hmbGlnbGtmZmhidnJHOg
 https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/de/testbench/test3/#ITp5REFIS21Zam1Dc0HDqWtVQ2hhc2Q
 https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/de/testbench/test4/#ITpUZUdoRDlhccOfUW5IdWptTGRzYQ
 https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/de/testbench/test5/#ITpXT2doMMOcd3lLSG9jKklfZGFz
diff --git a/encryptcontent/decrypt-contents.tpl.js b/encryptcontent/decrypt-contents.tpl.js
@@ -540,10 +540,29 @@ function base64url_decode(input) {
                     username_input.value = sharestring.substring(0,pass_sep);
                 }
                 password_input.value = sharestring.substring(pass_sep+1);
+        {%- if sharelinks_incomplete %}
+                if (password_input.value.endsWith(':')) {
+                    if (username_input) {
+                        username_input.style.display = "none";
+                    }
+                    let password_input_sharelink = password_input.cloneNode()
+                    password_input_sharelink.id = "mkdocs-content-password-sharelink";
+                    password_input_sharelink.style.display = "none";
+                    password_input_sharelink.value = password_input.value;
+                    password_input.value = "";
+                    password_input.insertAdjacentElement('beforebegin', password_input_sharelink);
+                } else {
+                    content_decrypted = {% if webcrypto %}await {% endif %}decrypt_action(
+                        username_input, password_input, encrypted_content, decrypted_content
+                    );
+                    decryptor_reaction(content_decrypted, password_input, decrypted_content);
+                }
+        {%- else %}
                 content_decrypted = {% if webcrypto %}await {% endif %}decrypt_action(
                     username_input, password_input, encrypted_content, decrypted_content
                 );
                 decryptor_reaction(content_decrypted, password_input, decrypted_content);
+        {%- endif %}
             }
         }
     }
@@ -554,6 +573,12 @@ function base64url_decode(input) {
     if (decrypt_button) {
         decrypt_button.onclick = {% if webcrypto %}async {% endif %}function(event) {
             event.preventDefault();
+    {%- if sharelinks_incomplete %}
+            let password_input_sharelink = document.getElementById('mkdocs-content-password-sharelink');
+            if (password_input_sharelink) {
+                password_input.value = password_input_sharelink.value + password_input.value;
+            }
+    {%- endif %}
             content_decrypted = {% if webcrypto %}await {% endif %}decrypt_action(
                 username_input, password_input, encrypted_content, decrypted_content
             );
@@ -565,6 +590,12 @@ function base64url_decode(input) {
     password_input.addEventListener('keypress', {% if webcrypto %}async {% endif %}function(event) {
         if (event.key === "Enter") {
             event.preventDefault();
+    {%- if sharelinks_incomplete %}
+            let password_input_sharelink = document.getElementById('mkdocs-content-password-sharelink');
+            if (password_input_sharelink) {
+                password_input.value = password_input_sharelink.value + password_input.value;
+            }
+    {%- endif %}
             content_decrypted = {% if webcrypto %}await {% endif %}decrypt_action(
                 username_input, password_input, encrypted_content, decrypted_content
             );
diff --git a/encryptcontent/plugin.py b/encryptcontent/plugin.py
@@ -83,6 +83,7 @@ class encryptContentPlugin(BasePlugin):
         ('additional_storage_file', config_options.Type(string_types, default=None)),
         ('cache_file', config_options.Type(string_types, default='encryptcontent.cache')),
         ('sharelinks', config_options.Type(bool, default=False)),
+        ('sharelinks_incomplete', config_options.Type(bool, default=False)),
         ('sharelinks_output', config_options.Type(string_types, default='sharelinks.txt')),
         # default features enabled
         ('arithmatex', config_options.Type(bool, default=None)),
@@ -368,6 +369,7 @@ def __generate_decrypt_js__(self):
             'webcrypto' : self.config['webcrypto'],
             'remember_prefix': quote(self.config['remember_prefix'], safe='~()*!\''),
             'sharelinks' : self.config['sharelinks'],
+            'sharelinks_incomplete' : self.config['sharelinks_incomplete'],
             'material' : self.setup['theme'] == 'material',
             # add extra vars
             'extra': self.config['js_extra_vars']
@@ -1164,6 +1166,8 @@ def on_post_build(self, config, **kwargs):
             sharelinks = []
             for page in self.setup['sharelinks']:
                 username, password = self.setup['sharelinks'][page]
+                if self.config['sharelinks_incomplete'] and ':' in password:
+                    password = password.rsplit(':',1)[0] + ":" # don't add the remaining part after the last ":" to the sharelink
                 sharelinks.append(config.data["site_url"] + page + '#' + self.__b64url_encode__('!' + username + ':' + password))
             with open(self.setup['sharelinks_output'], 'w') as stream:
                 stream.write('\n'.join(sharelinks))
