fix: prevent apostrophe and quotes from being used until <m4heshd/bet…

…ter-sqlite3-multiple-ciphers#78> is resolved

config/phrases.js

@@ -164,6 +164,8 @@ module.exports = {
     'You cannot have more than <span class="notranslate">%d</span> catch-all passwords generated at once',
   INVALID_PASSWORD_CONFIRM: 'Password confirmation did not match new password.',
   INVALID_PASSWORD_STRENGTH: 'Password strength was not strong enough.',
+  INVALID_PASSWORD_CHARACTERS:
+    'Quotes and apostrophes cannot be used as password characters.',
   INVALID_PORT: 'Invalid port number.',
   INVALID_PROVIDER: 'We do not support this authentication provider.',
   INVALID_RECOVERY_KEY: 'Invalid recovery key.',

helpers/create-password.js

@@ -27,6 +27,17 @@ async function createPassword(existingPassword, userInputs = []) {
       throw err;
     }
 
+    //
+    // do not allow sqlite restricted characters (easier than having to escape everywhere)
+    // (e.g. `"` and `'`)
+    // <https://github.com/m4heshd/better-sqlite3-multiple-ciphers/issues/78>
+    //
+    if (existingPassword.includes("'") || existingPassword.includes('"')) {
+      const err = Boom.badRequest(phrases.INVALID_PASSWORD_CHARACTERS);
+      err.no_translate = true;
+      throw err;
+    }
+
     const { score, feedback } = zxcvbn(existingPassword, userInputs);
 
     if (score < 3) {

helpers/setup-pragma.js

@@ -31,6 +31,8 @@ async function setupPragma(db, session, cipher = 'chacha20') {
   db.pragma(`cipher='${cipher}'`);
   if (typeof db.key === 'function')
     db.key(Buffer.from(decrypt(session.user.password)));
+  // <https://github.com/m4heshd/better-sqlite3-multiple-ciphers/issues/78>
+  // <https://www.zetetic.net/sqlcipher/sqlcipher-api/#example-2-raw-key-data-without-key-derivation>
   else db.pragma(`key="${decrypt(session.user.password)}"`);
   try {
     db.pragma('journal_mode=WAL');

locales/ar.json

@@ -6277,5 +6277,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "صناديق بريد SQLite المشفرة الآمنة",
   "Enter a strong new password:": "أدخل كلمة مرور جديدة قوية:",
   "New Password": "كلمة المرور الجديدة",
-  "Leave blank to use our strong and random 24-character password generator.": "اتركه فارغًا لاستخدام مولد كلمات المرور القوي والعشوائي المكون من 24 حرفًا."
+  "Leave blank to use our strong and random 24-character password generator.": "اتركه فارغًا لاستخدام مولد كلمات المرور القوي والعشوائي المكون من 24 حرفًا.",
+  "Quotes and apostrophes cannot be used as password characters.": "لا يمكن استخدام علامات الاقتباس والفواصل العليا كأحرف كلمة المرور."
 }

locales/cs.json

@@ -6277,5 +6277,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Kvantově bezpečné šifrované poštovní schránky SQLite",
   "Enter a strong new password:": "Zadejte nové silné heslo:",
   "New Password": "nové heslo",
-  "Leave blank to use our strong and random 24-character password generator.": "Chcete-li použít náš generátor silných a náhodných 24znakových hesel, ponechte prázdné."
+  "Leave blank to use our strong and random 24-character password generator.": "Chcete-li použít náš generátor silných a náhodných 24znakových hesel, ponechte prázdné.",
+  "Quotes and apostrophes cannot be used as password characters.": "Uvozovky a apostrofy nelze použít jako znaky hesla."
 }

locales/da.json

@@ -6014,5 +6014,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Quantum Safe Krypterede SQLite-postkasser",
   "Enter a strong new password:": "Indtast en stærk ny adgangskode:",
   "New Password": "nyt kodeord",
-  "Leave blank to use our strong and random 24-character password generator.": "Lad stå tomt for at bruge vores stærke og tilfældige 24-tegns adgangskodegenerator."
+  "Leave blank to use our strong and random 24-character password generator.": "Lad stå tomt for at bruge vores stærke og tilfældige 24-tegns adgangskodegenerator.",
+  "Quotes and apostrophes cannot be used as password characters.": "Citater og apostrof kan ikke bruges som kodeord."
 }

locales/de.json

@@ -5312,5 +5312,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Quantum Safe verschlüsselte SQLite-Postfächer",
   "Enter a strong new password:": "Geben Sie ein sicheres neues Passwort ein:",
   "New Password": "Neues Kennwort",
-  "Leave blank to use our strong and random 24-character password generator.": "Lassen Sie das Feld leer, um unseren starken und zufälligen Passwortgenerator mit 24 Zeichen zu verwenden."
+  "Leave blank to use our strong and random 24-character password generator.": "Lassen Sie das Feld leer, um unseren starken und zufälligen Passwortgenerator mit 24 Zeichen zu verwenden.",
+  "Quotes and apostrophes cannot be used as password characters.": "Anführungszeichen und Apostrophe können nicht als Passwortzeichen verwendet werden."
 }

locales/es.json

@@ -6275,5 +6275,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Buzones de correo SQLite cifrados Quantum Safe",
   "Enter a strong new password:": "Ingrese una nueva contraseña segura:",
   "New Password": "Nueva contraseña",
-  "Leave blank to use our strong and random 24-character password generator.": "Déjelo en blanco para utilizar nuestro generador de contraseñas seguro y aleatorio de 24 caracteres."
+  "Leave blank to use our strong and random 24-character password generator.": "Déjelo en blanco para utilizar nuestro generador de contraseñas seguro y aleatorio de 24 caracteres.",
+  "Quotes and apostrophes cannot be used as password characters.": "No se pueden utilizar comillas ni apóstrofes como caracteres de contraseña."
 }

locales/fi.json

@@ -6123,5 +6123,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Kvanttiturvalliset salatut SQLite-postilaatikot",
   "Enter a strong new password:": "Anna vahva uusi salasana:",
   "New Password": "uusi salasana",
-  "Leave blank to use our strong and random 24-character password generator.": "Jätä tyhjäksi, jos haluat käyttää vahvaa ja satunnaista 24-merkkistä salasanageneraattoriamme."
+  "Leave blank to use our strong and random 24-character password generator.": "Jätä tyhjäksi, jos haluat käyttää vahvaa ja satunnaista 24-merkkistä salasanageneraattoriamme.",
+  "Quotes and apostrophes cannot be used as password characters.": "Lainausmerkkejä ja heittomerkkejä ei voi käyttää salasanamerkkeinä."
 }

locales/fr.json

@@ -6277,5 +6277,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Boîtes aux lettres SQLite chiffrées Quantum Safe",
   "Enter a strong new password:": "Saisissez un nouveau mot de passe fort :",
   "New Password": "nouveau mot de passe",
-  "Leave blank to use our strong and random 24-character password generator.": "Laissez ce champ vide pour utiliser notre générateur de mot de passe fort et aléatoire de 24 caractères."
+  "Leave blank to use our strong and random 24-character password generator.": "Laissez ce champ vide pour utiliser notre générateur de mot de passe fort et aléatoire de 24 caractères.",
+  "Quotes and apostrophes cannot be used as password characters.": "Les guillemets et les apostrophes ne peuvent pas être utilisés comme caractères de mot de passe."
 }

locales/he.json

@@ -3807,5 +3807,13 @@
   "You can optionally include the string \"FROM_EMAIL\" and/or \"TO_EMAIL\" to insert the forwarding \"From\" address and the forwarding \"To\" address to give the user context.": "אתה יכול לכלול את המחרוזת \"FROM_EMAIL\" ו/או \"TO_EMAIL\" כדי להוסיף את כתובת \"מאת\" להעברה ואת כתובת \"אל\" להעברה כדי לתת הקשר למשתמש.",
   "HTML Preview": "תצוגה מקדימה של HTML",
   "Delete Domain": "מחק דומיין",
-  "Deleting your domain is irreversible.  Please take extreme caution when deleting your domain.": "מחיקת הדומיין שלך היא בלתי הפיכה. נא לנקוט משנה זהירות בעת מחיקת הדומיין שלך."
+  "Deleting your domain is irreversible.  Please take extreme caution when deleting your domain.": "מחיקת הדומיין שלך היא בלתי הפיכה. נא לנקוט משנה זהירות בעת מחיקת הדומיין שלך.",
+  "Switch domain plan": "החלף תוכנית דומיין",
+  "One or more of your domains are not on the <span class=\"notranslate\">%s</span> plan.": "אחד או יותר מהדומיינים שלך אינם בתוכנית <span class=\"notranslate\">%s</span> .",
+  "Click \"Change Plan\" &rarr; \"<span class=\"notranslate\">%s</span>\" to resolve if needed.": "לחץ על &quot;שנה תוכנית&quot; → &quot; <span class=\"notranslate\">%s</span> &quot; כדי לפתור במידת הצורך.",
+  "Switch domain plan?": "להחליף תוכנית דומיין?",
+  "To unlock the alias manager for this domain, you need to switch its plan. Don't worry &ndash; there is no extra cost.": "כדי לבטל את הנעילה של מנהל הכינוי עבור הדומיין הזה, עליך לשנות את התוכנית שלו. אל תדאג &ndash; אין עלות נוספת.",
+  "To unlock outbound SMTP email for this domain, you need to switch its plan.": "כדי לבטל את הנעילה של דוא\"ל SMTP יוצא עבור הדומיין הזה, עליך לשנות את התוכנית שלו.",
+  "To unlock logs for this domain, you need to switch its plan. Don't worry &ndash; there is no extra cost.": "כדי לפתוח יומנים עבור הדומיין הזה, עליך לשנות את התוכנית שלו. אל תדאג &ndash; אין עלות נוספת.",
+  "Quotes and apostrophes cannot be used as password characters.": "לא ניתן להשתמש במרכאות ובאגרות כתווי סיסמה."
 }

locales/hu.json

@@ -6277,5 +6277,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Quantum Safe titkosított SQLite postafiókok",
   "Enter a strong new password:": "Adjon meg egy erős új jelszót:",
   "New Password": "új jelszó",
-  "Leave blank to use our strong and random 24-character password generator.": "Hagyja üresen az erős és véletlenszerű, 24 karakteres jelszógenerátorunk használatához."
+  "Leave blank to use our strong and random 24-character password generator.": "Hagyja üresen az erős és véletlenszerű, 24 karakteres jelszógenerátorunk használatához.",
+  "Quotes and apostrophes cannot be used as password characters.": "Idézőjel és aposztróf nem használható jelszó karakterként."
 }

locales/id.json

@@ -6277,5 +6277,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Kotak Surat SQLite Terenkripsi Quantum Safe",
   "Enter a strong new password:": "Masukkan kata sandi baru yang kuat:",
   "New Password": "kata sandi baru",
-  "Leave blank to use our strong and random 24-character password generator.": "Biarkan kosong untuk menggunakan pembuat kata sandi 24 karakter kami yang kuat dan acak."
+  "Leave blank to use our strong and random 24-character password generator.": "Biarkan kosong untuk menggunakan pembuat kata sandi 24 karakter kami yang kuat dan acak.",
+  "Quotes and apostrophes cannot be used as password characters.": "Kutipan dan apostrof tidak dapat digunakan sebagai karakter kata sandi."
 }

locales/it.json

@@ -6277,5 +6277,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Caselle di posta SQLite crittografate Quantum Safe",
   "Enter a strong new password:": "Inserisci una nuova password complessa:",
   "New Password": "nuova password",
-  "Leave blank to use our strong and random 24-character password generator.": "Lascia vuoto per utilizzare il nostro generatore di password forte e casuale di 24 caratteri."
+  "Leave blank to use our strong and random 24-character password generator.": "Lascia vuoto per utilizzare il nostro generatore di password forte e casuale di 24 caratteri.",
+  "Quotes and apostrophes cannot be used as password characters.": "Le virgolette e gli apostrofi non possono essere utilizzati come caratteri della password."
 }

locales/ja.json

@@ -6277,5 +6277,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "量子安全な暗号化された SQLite メールボックス",
   "Enter a strong new password:": "強力な新しいパスワードを入力してください:",
   "New Password": "新しいパスワード",
-  "Leave blank to use our strong and random 24-character password generator.": "強力でランダムな 24 文字のパスワード ジェネレーターを使用するには、空白のままにします。"
+  "Leave blank to use our strong and random 24-character password generator.": "強力でランダムな 24 文字のパスワード ジェネレーターを使用するには、空白のままにします。",
+  "Quotes and apostrophes cannot be used as password characters.": "引用符とアポストロフィはパスワード文字として使用できません。"
 }

locales/ko.json

@@ -6277,5 +6277,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Quantum Safe 암호화된 SQLite 메일박스",
   "Enter a strong new password:": "강력한 새 비밀번호를 입력하세요.",
   "New Password": "새 비밀번호",
-  "Leave blank to use our strong and random 24-character password generator.": "강력하고 임의의 24자 비밀번호 생성기를 사용하려면 공백으로 남겨두세요."
+  "Leave blank to use our strong and random 24-character password generator.": "강력하고 임의의 24자 비밀번호 생성기를 사용하려면 공백으로 남겨두세요.",
+  "Quotes and apostrophes cannot be used as password characters.": "따옴표와 아포스트로피는 암호 문자로 사용할 수 없습니다."
 }

locales/nl.json

@@ -6277,5 +6277,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Quantum Safe gecodeerde SQLite-mailboxen",
   "Enter a strong new password:": "Voer een sterk nieuw wachtwoord in:",
   "New Password": "nieuw paswoord",
-  "Leave blank to use our strong and random 24-character password generator.": "Laat dit veld leeg om onze sterke en willekeurige wachtwoordgenerator van 24 tekens te gebruiken."
+  "Leave blank to use our strong and random 24-character password generator.": "Laat dit veld leeg om onze sterke en willekeurige wachtwoordgenerator van 24 tekens te gebruiken.",
+  "Quotes and apostrophes cannot be used as password characters.": "Aanhalingstekens en apostrofs kunnen niet als wachtwoordtekens worden gebruikt."
 }

locales/no.json

@@ -6282,5 +6282,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Quantum Safe Krypterte SQLite-postbokser",
   "Enter a strong new password:": "Skriv inn et sterkt nytt passord:",
   "New Password": "Nytt passord",
-  "Leave blank to use our strong and random 24-character password generator.": "La stå tomt for å bruke vår sterke og tilfeldige passordgenerator med 24 tegn."
+  "Leave blank to use our strong and random 24-character password generator.": "La stå tomt for å bruke vår sterke og tilfeldige passordgenerator med 24 tegn.",
+  "Quotes and apostrophes cannot be used as password characters.": "Sitater og apostrof kan ikke brukes som passordtegn."
 }

locales/pl.json

@@ -6277,5 +6277,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Zaszyfrowane skrzynki pocztowe SQLite Quantum Safe",
   "Enter a strong new password:": "Wprowadź nowe, silne hasło:",
   "New Password": "nowe hasło",
-  "Leave blank to use our strong and random 24-character password generator.": "Pozostaw puste, aby skorzystać z naszego silnego i losowego generatora haseł składających się z 24 znaków."
+  "Leave blank to use our strong and random 24-character password generator.": "Pozostaw puste, aby skorzystać z naszego silnego i losowego generatora haseł składających się z 24 znaków.",
+  "Quotes and apostrophes cannot be used as password characters.": "Cudzysłów i apostrofów nie można używać jako znaków hasła."
 }

locales/pt.json

@@ -6277,5 +6277,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Caixas de correio SQLite criptografadas do Quantum Safe",
   "Enter a strong new password:": "Digite uma nova senha forte:",
   "New Password": "Nova Senha",
-  "Leave blank to use our strong and random 24-character password generator.": "Deixe em branco para usar nosso gerador de senha forte e aleatório de 24 caracteres."
+  "Leave blank to use our strong and random 24-character password generator.": "Deixe em branco para usar nosso gerador de senha forte e aleatório de 24 caracteres.",
+  "Quotes and apostrophes cannot be used as password characters.": "Aspas e apóstrofos não podem ser usados como caracteres de senha."
 }

locales/ru.json

@@ -6277,5 +6277,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Почтовые ящики SQLite с шифрованием Quantum Safe",
   "Enter a strong new password:": "Введите новый надежный пароль:",
   "New Password": "Новый пароль",
-  "Leave blank to use our strong and random 24-character password generator.": "Оставьте поле пустым, чтобы использовать наш генератор надежных и случайных 24-значных паролей."
+  "Leave blank to use our strong and random 24-character password generator.": "Оставьте поле пустым, чтобы использовать наш генератор надежных и случайных 24-значных паролей.",
+  "Quotes and apostrophes cannot be used as password characters.": "В качестве символов пароля нельзя использовать кавычки и апострофы."
 }

locales/sv.json

@@ -6277,5 +6277,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "Quantum Safe Krypterade SQLite-postlådor",
   "Enter a strong new password:": "Ange ett starkt nytt lösenord:",
   "New Password": "nytt lösenord",
-  "Leave blank to use our strong and random 24-character password generator.": "Lämna tomt för att använda vår starka och slumpmässiga lösenordsgenerator med 24 tecken."
+  "Leave blank to use our strong and random 24-character password generator.": "Lämna tomt för att använda vår starka och slumpmässiga lösenordsgenerator med 24 tecken.",
+  "Quotes and apostrophes cannot be used as password characters.": "Citat och apostrof kan inte användas som lösenordstecken."
 }

locales/th.json

@@ -6277,5 +6277,6 @@
   "Quantum Safe Encrypted SQLite Mailboxes": "กล่องจดหมาย SQLite ที่เข้ารหัส Quantum Safe",
   "Enter a strong new password:": "ป้อนรหัสผ่านใหม่ที่แข็งแกร่ง:",
   "New Password": "รหัสผ่านใหม่",
-  "Leave blank to use our strong and random 24-character password generator.": "เว้นว่างไว้เพื่อใช้เครื่องมือสร้างรหัสผ่านที่แข็งแกร่งและสุ่ม 24 ตัวอักษรของเรา"
+  "Leave blank to use our strong and random 24-character password generator.": "เว้นว่างไว้เพื่อใช้เครื่องมือสร้างรหัสผ่านที่แข็งแกร่งและสุ่ม 24 ตัวอักษรของเรา",
+  "Quotes and apostrophes cannot be used as password characters.": "เครื่องหมายคำพูดและเครื่องหมายอะพอสทรอฟีไม่สามารถใช้เป็นอักขระรหัสผ่านได้"
 }