Changeset View
Changeset View
Standalone View
Standalone View
keyserver/src/responders/user-responders.js
| // @flow | // @flow | ||||
| import invariant from 'invariant'; | import invariant from 'invariant'; | ||||
| import { getRustAPI } from 'rust-node-addon'; | |||||
| import { ErrorTypes, SiweMessage } from 'siwe'; | import { ErrorTypes, SiweMessage } from 'siwe'; | ||||
| import t from 'tcomb'; | import t from 'tcomb'; | ||||
| import bcrypt from 'twin-bcrypt'; | import bcrypt from 'twin-bcrypt'; | ||||
| import { baseLegalPolicies, policies } from 'lib/facts/policies.js'; | import { baseLegalPolicies, policies } from 'lib/facts/policies.js'; | ||||
| import { hasMinCodeVersion } from 'lib/shared/version-utils.js'; | import { hasMinCodeVersion } from 'lib/shared/version-utils.js'; | ||||
| import type { | import type { | ||||
| ResetPasswordRequest, | ResetPasswordRequest, | ||||
| ▲ Show 20 Lines • Show All 47 Lines • ▼ Show 20 Lines | |||||
| } from 'lib/utils/validation-utils.js'; | } from 'lib/utils/validation-utils.js'; | ||||
| import { | import { | ||||
| entryQueryInputValidator, | entryQueryInputValidator, | ||||
| newEntryQueryInputValidator, | newEntryQueryInputValidator, | ||||
| normalizeCalendarQuery, | normalizeCalendarQuery, | ||||
| verifyCalendarQueryThreadIDs, | verifyCalendarQueryThreadIDs, | ||||
| } from './entry-responders.js'; | } from './entry-responders.js'; | ||||
| import { handleAsyncPromise } from './handlers.js'; | |||||
| import { | import { | ||||
| createAccount, | createAccount, | ||||
| processSIWEAccountCreation, | processSIWEAccountCreation, | ||||
| } from '../creators/account-creator.js'; | } from '../creators/account-creator.js'; | ||||
| import { dbQuery, SQL } from '../database/database.js'; | import { dbQuery, SQL } from '../database/database.js'; | ||||
| import { deleteAccount } from '../deleters/account-deleters.js'; | import { deleteAccount } from '../deleters/account-deleters.js'; | ||||
| import { deleteCookie } from '../deleters/cookie-deleters.js'; | import { deleteCookie } from '../deleters/cookie-deleters.js'; | ||||
| import { checkAndInvalidateSIWENonceEntry } from '../deleters/siwe-nonce-deleters.js'; | import { checkAndInvalidateSIWENonceEntry } from '../deleters/siwe-nonce-deleters.js'; | ||||
| ▲ Show 20 Lines • Show All 282 Lines • ▼ Show 20 Lines | |||||
| async function logInResponder( | async function logInResponder( | ||||
| viewer: Viewer, | viewer: Viewer, | ||||
| input: any, | input: any, | ||||
| ): Promise<LogInResponse> { | ): Promise<LogInResponse> { | ||||
| await validateInput(viewer, logInRequestInputValidator, input); | await validateInput(viewer, logInRequestInputValidator, input); | ||||
| const request: LogInRequest = input; | const request: LogInRequest = input; | ||||
| let identityKeys: ?IdentityKeysBlob; | |||||
| const { signedIdentityKeysBlob } = request; | const { signedIdentityKeysBlob } = request; | ||||
| if (signedIdentityKeysBlob) { | if (signedIdentityKeysBlob) { | ||||
| const identityKeys: IdentityKeysBlob = JSON.parse( | identityKeys = JSON.parse(signedIdentityKeysBlob.payload); | ||||
| signedIdentityKeysBlob.payload, | |||||
| ); | |||||
| const olmUtil: OLMUtility = getOLMUtility(); | const olmUtil: OLMUtility = getOLMUtility(); | ||||
| try { | try { | ||||
| olmUtil.ed25519_verify( | olmUtil.ed25519_verify( | ||||
| identityKeys.primaryIdentityPublicKeys.ed25519, | identityKeys.primaryIdentityPublicKeys.ed25519, | ||||
| signedIdentityKeysBlob.payload, | signedIdentityKeysBlob.payload, | ||||
| signedIdentityKeysBlob.signature, | signedIdentityKeysBlob.signature, | ||||
| ); | ); | ||||
| Show All 19 Lines | if (!username) { | ||||
| } | } | ||||
| } | } | ||||
| const userQuery = SQL` | const userQuery = SQL` | ||||
| SELECT id, hash, username | SELECT id, hash, username | ||||
| FROM users | FROM users | ||||
| WHERE LCASE(username) = LCASE(${username}) | WHERE LCASE(username) = LCASE(${username}) | ||||
| `; | `; | ||||
| promises.userQuery = dbQuery(userQuery); | promises.userQuery = dbQuery(userQuery); | ||||
| promises.rustAPI = getRustAPI(); | |||||
| const { | const { | ||||
| userQuery: [userResult], | userQuery: [userResult], | ||||
| rustAPI, | |||||
| } = await promiseAll(promises); | } = await promiseAll(promises); | ||||
| if (userResult.length === 0) { | if (userResult.length === 0) { | ||||
| if (hasMinCodeVersion(viewer.platformDetails, 150)) { | if (hasMinCodeVersion(viewer.platformDetails, 150)) { | ||||
| throw new ServerError('invalid_credentials'); | throw new ServerError('invalid_credentials'); | ||||
| } else { | } else { | ||||
| throw new ServerError('invalid_parameters'); | throw new ServerError('invalid_parameters'); | ||||
| } | } | ||||
| } | } | ||||
| const userRow = userResult[0]; | const userRow = userResult[0]; | ||||
| if (!userRow.hash || !bcrypt.compareSync(request.password, userRow.hash)) { | if (!userRow.hash || !bcrypt.compareSync(request.password, userRow.hash)) { | ||||
| throw new ServerError('invalid_credentials'); | throw new ServerError('invalid_credentials'); | ||||
| } | } | ||||
| const id = userRow.id.toString(); | const id = userRow.id.toString(); | ||||
| if (identityKeys && signedIdentityKeysBlob) { | |||||
| handleAsyncPromise( | |||||
| rustAPI.loginUserPake( | |||||
| id, | |||||
| identityKeys.primaryIdentityPublicKeys.ed25519, | |||||
| request.password, | |||||
| signedIdentityKeysBlob, | |||||
| ), | |||||
| ); | |||||
| } | |||||
| return await processSuccessfulLogin({ | return await processSuccessfulLogin({ | ||||
| viewer, | viewer, | ||||
| input, | input, | ||||
| userID: id, | userID: id, | ||||
| calendarQuery, | calendarQuery, | ||||
| signedIdentityKeysBlob, | signedIdentityKeysBlob, | ||||
| }); | }); | ||||
| } | } | ||||
| ▲ Show 20 Lines • Show All 201 Lines • Show Last 20 Lines | |||||