session.rb in rmega-0.2.7

- old
+ new
@@ -84,15 +84,34 @@
 
     # If the user_hash is found on the server it returns:
     # * The user master_key (128 bit for AES) encrypted with the password_hash
     # * The RSA private key ecrypted with the master_key
     # * A brand new session_id encrypted with the RSA private key
-    def login(email, password)
+    def login(email, password)      
+      # discover the version of the account (1: old accounts, >=2: newer accouts)
+      resp = request(a: 'us0', user: email.strip)
+      account_version = resp["v"].to_i
+
       # Derive an hash from the user password
-      password_hash = hash_password(password)
-      u_hash = user_hash(password_hash, email.strip.downcase)
+      if account_version == 1
+        password_hash = hash_password(password)
+        u_hash = user_hash(password_hash, email.strip.downcase)
+      else
+        df2 = PBKDF2.new(
+          :password      => password,
+          :salt          => Utils.base64urldecode(resp['s']),
+          :iterations    => 100000,
+          :hash_function => :sha512,
+          :key_length    => 16 * 2,
+        ).bin_string
+        password_hash = df2[0,16]
+        u_hash = Utils.base64urlencode(df2[16,32])
+      end
 
-      resp = request(a: 'us', user: email.strip, uh: u_hash)
+      # Send the login request
+      req = {a: 'us', user: email.strip, uh: u_hash}
+      req[:sek] = Utils.base64urlencode(SecureRandom.random_bytes(16)) if account_version != 1
+      resp = request(req)
 
       @master_key = aes_cbc_decrypt(password_hash, Utils.base64urldecode(resp['k']))
       @rsa_privk = decrypt_rsa_private_key(resp['privk'])
       @sid = decrypt_session_id(resp['csid'])
       @shared_keys = {}