Changeset View
Changeset View
Standalone View
Standalone View
keyserver/src/responders/user-responders.js
// @flow | // @flow | ||||
import invariant from 'invariant'; | import invariant from 'invariant'; | ||||
import { getRustAPI } from 'rust-node-addon'; | |||||
import { ErrorTypes, SiweMessage } from 'siwe'; | import { ErrorTypes, SiweMessage } from 'siwe'; | ||||
import t from 'tcomb'; | import t from 'tcomb'; | ||||
import bcrypt from 'twin-bcrypt'; | import bcrypt from 'twin-bcrypt'; | ||||
import { baseLegalPolicies, policies } from 'lib/facts/policies.js'; | import { baseLegalPolicies, policies } from 'lib/facts/policies.js'; | ||||
import { hasMinCodeVersion } from 'lib/shared/version-utils.js'; | import { hasMinCodeVersion } from 'lib/shared/version-utils.js'; | ||||
import type { | import type { | ||||
ResetPasswordRequest, | ResetPasswordRequest, | ||||
▲ Show 20 Lines • Show All 47 Lines • ▼ Show 20 Lines | |||||
} from 'lib/utils/validation-utils.js'; | } from 'lib/utils/validation-utils.js'; | ||||
import { | import { | ||||
entryQueryInputValidator, | entryQueryInputValidator, | ||||
newEntryQueryInputValidator, | newEntryQueryInputValidator, | ||||
normalizeCalendarQuery, | normalizeCalendarQuery, | ||||
verifyCalendarQueryThreadIDs, | verifyCalendarQueryThreadIDs, | ||||
} from './entry-responders.js'; | } from './entry-responders.js'; | ||||
import { handleAsyncPromise } from './handlers.js'; | |||||
import { | import { | ||||
createAccount, | createAccount, | ||||
processSIWEAccountCreation, | processSIWEAccountCreation, | ||||
} from '../creators/account-creator.js'; | } from '../creators/account-creator.js'; | ||||
import { dbQuery, SQL } from '../database/database.js'; | import { dbQuery, SQL } from '../database/database.js'; | ||||
import { deleteAccount } from '../deleters/account-deleters.js'; | import { deleteAccount } from '../deleters/account-deleters.js'; | ||||
import { deleteCookie } from '../deleters/cookie-deleters.js'; | import { deleteCookie } from '../deleters/cookie-deleters.js'; | ||||
import { checkAndInvalidateSIWENonceEntry } from '../deleters/siwe-nonce-deleters.js'; | import { checkAndInvalidateSIWENonceEntry } from '../deleters/siwe-nonce-deleters.js'; | ||||
▲ Show 20 Lines • Show All 282 Lines • ▼ Show 20 Lines | |||||
async function logInResponder( | async function logInResponder( | ||||
viewer: Viewer, | viewer: Viewer, | ||||
input: any, | input: any, | ||||
): Promise<LogInResponse> { | ): Promise<LogInResponse> { | ||||
await validateInput(viewer, logInRequestInputValidator, input); | await validateInput(viewer, logInRequestInputValidator, input); | ||||
const request: LogInRequest = input; | const request: LogInRequest = input; | ||||
let identityKeys: ?IdentityKeysBlob; | |||||
const { signedIdentityKeysBlob } = request; | const { signedIdentityKeysBlob } = request; | ||||
if (signedIdentityKeysBlob) { | if (signedIdentityKeysBlob) { | ||||
const identityKeys: IdentityKeysBlob = JSON.parse( | identityKeys = JSON.parse(signedIdentityKeysBlob.payload); | ||||
signedIdentityKeysBlob.payload, | |||||
); | |||||
const olmUtil: OLMUtility = getOLMUtility(); | const olmUtil: OLMUtility = getOLMUtility(); | ||||
try { | try { | ||||
olmUtil.ed25519_verify( | olmUtil.ed25519_verify( | ||||
identityKeys.primaryIdentityPublicKeys.ed25519, | identityKeys.primaryIdentityPublicKeys.ed25519, | ||||
signedIdentityKeysBlob.payload, | signedIdentityKeysBlob.payload, | ||||
signedIdentityKeysBlob.signature, | signedIdentityKeysBlob.signature, | ||||
); | ); | ||||
Show All 19 Lines | if (!username) { | ||||
} | } | ||||
} | } | ||||
const userQuery = SQL` | const userQuery = SQL` | ||||
SELECT id, hash, username | SELECT id, hash, username | ||||
FROM users | FROM users | ||||
WHERE LCASE(username) = LCASE(${username}) | WHERE LCASE(username) = LCASE(${username}) | ||||
`; | `; | ||||
promises.userQuery = dbQuery(userQuery); | promises.userQuery = dbQuery(userQuery); | ||||
promises.rustAPI = getRustAPI(); | |||||
const { | const { | ||||
userQuery: [userResult], | userQuery: [userResult], | ||||
rustAPI, | |||||
} = await promiseAll(promises); | } = await promiseAll(promises); | ||||
if (userResult.length === 0) { | if (userResult.length === 0) { | ||||
if (hasMinCodeVersion(viewer.platformDetails, 150)) { | if (hasMinCodeVersion(viewer.platformDetails, 150)) { | ||||
throw new ServerError('invalid_credentials'); | throw new ServerError('invalid_credentials'); | ||||
} else { | } else { | ||||
throw new ServerError('invalid_parameters'); | throw new ServerError('invalid_parameters'); | ||||
} | } | ||||
} | } | ||||
const userRow = userResult[0]; | const userRow = userResult[0]; | ||||
if (!userRow.hash || !bcrypt.compareSync(request.password, userRow.hash)) { | if (!userRow.hash || !bcrypt.compareSync(request.password, userRow.hash)) { | ||||
throw new ServerError('invalid_credentials'); | throw new ServerError('invalid_credentials'); | ||||
} | } | ||||
const id = userRow.id.toString(); | const id = userRow.id.toString(); | ||||
if (identityKeys && signedIdentityKeysBlob) { | |||||
handleAsyncPromise( | |||||
rustAPI.loginUserPake( | |||||
id, | |||||
identityKeys.primaryIdentityPublicKeys.ed25519, | |||||
request.password, | |||||
signedIdentityKeysBlob, | |||||
), | |||||
); | |||||
} | |||||
return await processSuccessfulLogin({ | return await processSuccessfulLogin({ | ||||
viewer, | viewer, | ||||
input, | input, | ||||
userID: id, | userID: id, | ||||
calendarQuery, | calendarQuery, | ||||
signedIdentityKeysBlob, | signedIdentityKeysBlob, | ||||
}); | }); | ||||
} | } | ||||
▲ Show 20 Lines • Show All 201 Lines • Show Last 20 Lines |