Display a password prompt when an unprotected pad is not found on the server

customize.dist/loading.js

@@ -118,6 +118,16 @@ define([], function () {
 #cp-loading-password-prompt .cp-password-form button:hover {
     background-color: #326599;
 }
+#cp-loading-password-prompt ::placeholder {
+    color: #d9d9d9;
+    opacity: 1;
+}
+#cp-loading-password-prompt :-ms-input-placeholder {
+    color: #d9d9d9;
+}
+#cp-loading-password-prompt ::-ms-input-placeholder {
+    color: #d9d9d9;
+}
 #cp-loading .cp-loading-spinner-container {
   position: relative;
   height: 100px;

www/common/notifications.js

@@ -95,9 +95,7 @@ define([
                 if (msg.content.isTemplate) {
                     common.sessionStorage.put(Constants.newPadPathKey, ['template'], waitFor());
                 }
-                if (msg.content.password) {
-                    common.sessionStorage.put('newPadPassword', msg.content.password, waitFor());
-                }
+                common.sessionStorage.put('newPadPassword', msg.content.password || '', waitFor());
             }).nThen(function () {
                 todo();
             });

www/common/sframe-common-outer.js

@@ -177,13 +177,26 @@ define([
                     Cryptpad.getShareHashes(secret, waitFor(function (err, h) { hashes = h; }));
                 };
 
-                // Prompt the password here if we have a hash containing /p/
-                // or get it from the pad attributes
-                var needPassword = parsed.hashData && parsed.hashData.password;
-                if (needPassword) {
-                    // Check if we have a password, and check if it is correct (file exists).
-                    // It we don't have a correct password, display the password prompt.
-                    // Maybe the file has been deleted from the server or the password has been changed.
+                if (!parsed.hashData) { // No hash, no need to check for a password
+                    return void todo();
+                }
+
+                // We now need to check if there is a password and if we know the correct password.
+                // We'll use getFileSize and isNewChannel to detect incorrect passwords.
+
+                // First we'll get the password value from our drive (getPadAttribute), and we'll check
+                // if the channel is valid. If the pad is not stored in our drive, we'll test with an
+                // empty password instead.
+
+                // If this initial check returns a valid channel, open the pad.
+                // If the channel is invalid:
+                // Option 1: this is a password-protected pad not stored in our drive --> password prompt
+                // Option 2: this is a pad stored in our drive
+                //        2a: 'edit' pad or file --> password-prompt
+                //        2b: 'view' pad no '/p/' --> the seed is incorrect
+                //        2c: 'view' pad and '/p/' and a wrong password stored --> the seed is incorrect
+                //        2d: 'view' pad and '/p/' and password never stored (security feature) --> password-prompt
+
                 Cryptpad.getPadAttribute('password', waitFor(function (err, val) {
                     var askPassword = function (wrongPasswordStored) {
                         // Ask for the password and check if the pad exists
@@ -201,9 +214,10 @@ define([
                                     todo();
                                     if (wrongPasswordStored) {
                                         // Store the correct password
-                                            Cryptpad.setPadAttribute('password', password, function () {
-                                                correctPassword();
-                                            }, parsed.getUrl());
+                                        nThen(function (w) {
+                                            Cryptpad.setPadAttribute('password', password, w(), parsed.getUrl());
+                                            Cryptpad.setPadAttribute('channel', secret.channel, w(), parsed.getUrl());
+                                        }).nThen(correctPassword);
                                     } else {
                                         correctPassword();
                                     }
@@ -229,23 +243,22 @@ define([
                         delete sessionStorage.newPadPassword;
                     }
 
-                        if (val) {
                     password = val;
                     Cryptpad.getFileSize(window.location.href, password, waitFor(function (e, size) {
                         if (size !== 0) {
                             return void todo();
                         }
+                        if (parsed.hashData.mode === 'view' && (val || !parsed.hashData.password)) {
+                            // Error, wrong password stored, the view seed has changed with the password
+                            // password will never work
+                            sframeChan.event("EV_PAD_PASSWORD_ERROR");
+                            waitFor.abort();
+                            return;
+                        }
                         // Wrong password or deleted file?
                         askPassword(true);
                     }));
-                        } else {
-                            askPassword();
-                        }
                 }), parsed.getUrl());
-                    return;
-                }
-                // If no password, continue...
-                todo();
             }
         }).nThen(function (waitFor) {
             if (cfg.afterSecrets) {

www/common/sframe-common.js

@@ -599,6 +599,10 @@ define([
                 UIElements.displayPasswordPrompt(funcs);
             });
 
+            ctx.sframeChan.on("EV_PAD_PASSWORD_ERROR", function () {
+                UI.errorLoadingScreen(Messages.password_error_seed);
+            });
+
             ctx.sframeChan.on('EV_LOADING_INFO', function (data) {
                 UI.updateLoadingProgress(data, 'drive');
             });