rmorawski/standardnotes-app-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

002 + verification updates

Browse Source
This commit is contained in:
Mo Bitar
2017-07-12 16:20:13 -05:00
parent 3219de9801
commit f9a5603633
14 changed files with 280 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
app/assets/javascripts/app/services/authManager.js
View File

@@ -7,11 +7,11 @@ angular.module('app.frontend')
return domain;
}
this.$get = function($rootScope, httpManager, modelManager, dbManager) {
return new AuthManager($rootScope, httpManager, modelManager, dbManager);
this.$get = function($rootScope, $timeout, httpManager, modelManager, dbManager) {
return new AuthManager($rootScope, $timeout, httpManager, modelManager, dbManager);
}
function AuthManager($rootScope, httpManager, modelManager, dbManager) {
function AuthManager($rootScope, $timeout, httpManager, modelManager, dbManager) {
var userData = localStorage.getItem("user");
if(userData) {
@@ -45,17 +45,19 @@ angular.module('app.frontend')
if(!mk) {
return null;
}
var keys = {mk: mk};
if(!localStorage.getItem("encryptionKey")) {
_.merge(keys, Neeto.crypto.generateKeysFromMasterKey(keys.mk));
localStorage.setItem("encryptionKey", keys.encryptionKey);
localStorage.setItem("authKey", keys.authKey);
} else {
_.merge(keys, {encryptionKey: localStorage.getItem("encryptionKey"), authKey: localStorage.getItem("authKey")});
}
var keys = {mk: mk, ak: localStorage.getItem("ak")};
return keys;
}
this.encryptionVersion = function() {
var keys = this.keys();
if(keys && keys.ak) {
return "002";
} else {
return "001";
}
}
this.getAuthParamsForEmail = function(url, email, callback) {
var requestUrl = url + "/auth/params";
httpManager.getAbsolute(requestUrl, {email: email}, function(response){
@@ -80,7 +82,7 @@ angular.module('app.frontend')
this.login = function(url, email, password, callback) {
this.getAuthParamsForEmail(url, email, function(authParams){
if(!authParams) {
if(!authParams.pw_cost) {
callback({error : {message: "Unable to get authentication parameters."}});
return;
}
@@ -94,12 +96,41 @@ angular.module('app.frontend')
return;
}
Neeto.crypto.computeEncryptionKeysForUser(_.merge({password: password}, authParams), function(keys){
var uploadVTagOnCompletion = false;
var localVTag = Neeto.crypto.calculateVerificationTag(authParams.pw_cost, authParams.pw_salt, keys.ak);
if(authParams.pw_auth) {
// verify auth params
if(localVTag !== authParams.pw_auth) {
alert("Invalid server verification tag; aborting login. Learn more at standardnotes.org/verification.");
$timeout(function(){
callback({error: true, didDisplayAlert: true});
})
return;
} else {
console.log("Verification tag success.");
}
} else {
// either user has not uploaded pw_auth, or server is attempting to bypass authentication
if(confirm("Unable to locate verification tag for server. If this is your first time seeing this message and your account was created before July 2017, press OK to upload verification tag. If your account was created after July 2017, or if you've already seen this message, press cancel to abort login. Learn more at standardnotes.org/verification.")) {
// upload verification tag on completion
uploadVTagOnCompletion = true;
} else {
return;
}
}
var requestUrl = url + "/auth/sign_in";
var params = {password: keys.pw, email: email};
httpManager.postAbsolute(requestUrl, params, function(response){
this.handleAuthResponse(response, email, url, authParams, keys.mk, keys.pw);
this.handleAuthResponse(response, email, url, authParams, keys);
callback(response);
if(uploadVTagOnCompletion) {
this.uploadVerificationTag(localVTag, authParams);
}
}.bind(this), function(response){
console.error("Error logging in", response);
callback(response);
@@ -109,28 +140,46 @@ angular.module('app.frontend')
}.bind(this))
}
this.handleAuthResponse = function(response, email, url, authParams, mk, pw) {
this.uploadVerificationTag = function(tag, authParams) {
var requestUrl = localStorage.getItem("server") + "/auth/update";
var params = {pw_auth: tag};
httpManager.postAbsolute(requestUrl, params, function(response){
_.merge(authParams, params);
localStorage.setItem("auth_params", JSON.stringify(authParams));
alert("Your verification tag was successfully uploaded.");
}.bind(this), function(response){
alert("There was an error uploading your verification tag.");
})
}
this.handleAuthResponse = function(response, email, url, authParams, keys) {
try {
if(url) {
localStorage.setItem("server", url);
}
localStorage.setItem("user", JSON.stringify(response.user));
localStorage.setItem("auth_params", JSON.stringify(_.omit(authParams, ["pw_nonce"])));
localStorage.setItem("mk", mk);
localStorage.setItem("pw", pw);
localStorage.setItem("auth_params", JSON.stringify(authParams));
localStorage.setItem("jwt", response.token);
this.saveKeys(keys);
} catch(e) {
dbManager.displayOfflineAlert();
}
}
this.saveKeys = function(keys) {
localStorage.setItem("pw", keys.pw);
localStorage.setItem("mk", keys.mk);
localStorage.setItem("ak", keys.ak);
}
this.register = function(url, email, password, callback) {
Neeto.crypto.generateInitialEncryptionKeysForUser({password: password, email: email}, function(keys, authParams){
var requestUrl = url + "/auth";
var params = _.merge({password: keys.pw, email: email}, authParams);
httpManager.postAbsolute(requestUrl, params, function(response){
this.handleAuthResponse(response, email, url, authParams, keys.mk, keys.pw);
this.handleAuthResponse(response, email, url, authParams, keys);
callback(response);
}.bind(this), function(response){
console.error("Registration error", response);
@@ -144,8 +193,8 @@ angular.module('app.frontend')
var requestUrl = localStorage.getItem("server") + "/auth/change_pw";
var params = _.merge({new_password: keys.pw}, authParams);
httpManager.postAbsolute(requestUrl, params, function(response){
this.handleAuthResponse(response, email, null, authParams, keys.mk, keys.pw);
httpManager.postAbsolute(requestUrl, params, function(response) {
this.handleAuthResponse(response, email, null, authParams, keys);
callback(response);
}.bind(this), function(response){
var error = response;