cic-staff-client/src/app/_services/auth.service.ts

import { Injectable } from '@angular/core';
import { hobaParseChallengeHeader } from '@src/assets/js/hoba.js';
import { signChallenge } from '@src/assets/js/hoba-pgp.js';
import { environment } from '@src/environments/environment';
import { LoggingService } from '@app/_services/logging.service';
import { MutableKeyStore, MutablePgpKeyStore } from '@app/_pgp';
import { ErrorDialogService } from '@app/_services/error-dialog.service';
import { HttpClient } from '@angular/common/http';
import { HttpError, rejectBody } from '@app/_helpers/global-error-handler';

@Injectable({
  providedIn: 'root',
})
export class AuthService {
  sessionToken: any;
  mutableKeyStore: MutableKeyStore;

  constructor(
    private httpClient: HttpClient,
    private loggingService: LoggingService,
    private errorDialogService: ErrorDialogService
  ) {
    this.mutableKeyStore = new MutablePgpKeyStore();
  }

  async init(): Promise<void> {
    await this.mutableKeyStore.loadKeyring();
    // TODO setting these together should be atomic
    if (sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'))) {
      this.sessionToken = sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'));
    }
    if (localStorage.getItem(btoa('CICADA_PRIVATE_KEY'))) {
      await this.mutableKeyStore.importPrivateKey(localStorage.getItem(btoa('CICADA_PRIVATE_KEY')));
    }
  }

  setState(s): void {
    document.getElementById('state').innerHTML = s;
  }

  getWithToken(): Promise<boolean> {
    return new Promise((resolve, reject) => {
      const headers = {
        Authorization: 'Bearer ' + this.sessionToken,
        'Content-Type': 'application/json;charset=utf-8',
        'x-cic-automerge': 'none',
      };
      const options = {
        headers,
      };
      fetch(environment.cicMetaUrl, options).then((response) => {
        if (response.status === 401) {
          return reject(rejectBody(response));
        }
        return resolve(true);
      });
    });
  }

  // TODO rename to send signed challenge and set session. Also separate these responsibilities
  sendResponse(hobaResponseEncoded: any): Promise<boolean> {
    return new Promise((resolve, reject) => {
      const headers = {
        Authorization: 'HOBA ' + hobaResponseEncoded,
        'Content-Type': 'application/json;charset=utf-8',
        'x-cic-automerge': 'none',
      };
      const options = {
        headers,
      };
      fetch(environment.cicMetaUrl, options).then((response) => {
        if (response.status === 401) {
          return reject(rejectBody(response));
        }
        this.sessionToken = response.headers.get('Token');
        sessionStorage.setItem(btoa('CICADA_SESSION_TOKEN'), this.sessionToken);
        this.setState('Click button to log in');
        return resolve(true);
      });
    });
  }

  getChallenge(): Promise<any> {
    return new Promise((resolve, reject) => {
      fetch(environment.cicMetaUrl).then(async (response) => {
        if (response.status === 401) {
          const authHeader: string = response.headers.get('WWW-Authenticate');
          return resolve(hobaParseChallengeHeader(authHeader));
        }
        if (!response.ok) {
          return reject(rejectBody(response));
        }
      });
    });
  }

  async login(): Promise<boolean> {
    if (this.sessionToken !== undefined) {
      try {
        const response: boolean = await this.getWithToken();
        return response === true;
      } catch (e) {
        this.loggingService.sendErrorLevelMessage('Login token failed', this, { error: e });
      }
    } else {
      try {
        const o = await this.getChallenge();
        const response: boolean = await this.loginResponse(o);
        return response === true;
      } catch (e) {
        this.loggingService.sendErrorLevelMessage('Login challenge failed', this, { error: e });
      }
    }
    return false;
  }

  async loginResponse(o: { challenge: string; realm: any }): Promise<any> {
    return new Promise(async (resolve, reject) => {
      try {
        const r = await signChallenge(
          o.challenge,
          o.realm,
          environment.cicMetaUrl,
          this.mutableKeyStore
        );
        const response: boolean = await this.sendResponse(r);
        resolve(response);
      } catch (error) {
        if (error instanceof HttpError) {
          if (error.status === 403) {
            this.errorDialogService.openDialog({
              message: 'You are not authorized to use this system',
            });
          } else if (error.status === 401) {
            this.errorDialogService.openDialog({
              message:
                'Unable to authenticate with the service. ' +
                'Please speak with the staff at Grassroots ' +
                'Economics for requesting access ' +
                'staff@grassrootseconomics.net.',
            });
          }
        } else {
          // TODO define this error
          this.errorDialogService.openDialog({ message: 'Incorrect key passphrase.' });
        }
        resolve(false);
      }
    });
  }

  loginView(): void {
    document.getElementById('one').style.display = 'none';
    document.getElementById('two').style.display = 'block';
    this.setState('Click button to log in with PGP key ' + this.mutableKeyStore.getPrivateKeyId());
  }

  async setKey(privateKeyArmored): Promise<boolean> {
    try {
      const isValidKeyCheck = await this.mutableKeyStore.isValidKey(privateKeyArmored);
      if (!isValidKeyCheck) {
        throw Error('The private key is invalid');
      }
      // TODO leaving this out for now.
      // const isEncryptedKeyCheck = await this.mutableKeyStore.isEncryptedPrivateKey(privateKeyArmored);
      // if (!isEncryptedKeyCheck) {
      //   throw Error('The private key doesn\'t have a password!');
      // }
      const key = await this.mutableKeyStore.importPrivateKey(privateKeyArmored);
      localStorage.setItem(btoa('CICADA_PRIVATE_KEY'), privateKeyArmored);
    } catch (err) {
      this.loggingService.sendErrorLevelMessage(
        `Failed to set key: ${err.message || err.statusText}`,
        this,
        { error: err }
      );
      this.errorDialogService.openDialog({
        message: `Failed to set key: ${err.message || err.statusText}`,
      });
      return false;
    }
    this.loginView();
    return true;
  }

  logout(): void {
    sessionStorage.removeItem(btoa('CICADA_SESSION_TOKEN'));
    localStorage.removeItem(btoa('CICADA_PRIVATE_KEY'));
    this.sessionToken = undefined;
    window.location.reload();
  }

  getTrustedUsers(): any {
    const trustedUsers: Array<any> = [];
    this.mutableKeyStore.getPublicKeys().forEach((key) => trustedUsers.push(key.users[0].userId));
    return trustedUsers;
  }

  async getPublicKeys(): Promise<any> {
    return new Promise((resolve, reject) => {
      fetch(environment.publicKeysUrl).then((res) => {
        if (!res.ok) {
          // TODO does angular recommend an error interface?
          return reject(rejectBody(res));
        }
        return resolve(res.text());
      });
    });
  }

  getPrivateKey(): any {
    return this.mutableKeyStore.getPrivateKey();
  }

  getPrivateKeyInfo(): any {
    return this.getPrivateKey().users[0].userId;
  }
}
Format files with prettier. 2021-05-10 18:15:25 +02:00			`import { Injectable } from '@angular/core';`
			`import { hobaParseChallengeHeader } from '@src/assets/js/hoba.js';`
			`import { signChallenge } from '@src/assets/js/hoba-pgp.js';`
			`import { environment } from '@src/environments/environment';`
			`import { LoggingService } from '@app/_services/logging.service';`
			`import { MutableKeyStore, MutablePgpKeyStore } from '@app/_pgp';`
			`import { ErrorDialogService } from '@app/_services/error-dialog.service';`
			`import { HttpClient } from '@angular/common/http';`
Add reject body interface. 2021-05-17 08:06:07 +02:00			`import { HttpError, rejectBody } from '@app/_helpers/global-error-handler';`
Add authentication service. 2020-12-28 10:09:11 +01:00
			`@Injectable({`
Format files with prettier. 2021-05-10 18:15:25 +02:00			`providedIn: 'root',`
Add authentication service. 2020-12-28 10:09:11 +01:00			`})`
			`export class AuthService {`
Add session token to session storage. 2021-01-18 14:04:16 +01:00			`sessionToken: any;`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`mutableKeyStore: MutableKeyStore;`
Add authentication service. 2020-12-28 10:09:11 +01:00
Add method for loading public keys into keyring. 2021-02-16 08:10:52 +01:00			`constructor(`
riffin 2021-03-19 17:05:15 +01:00			`private httpClient: HttpClient,`
Refactor auth module. - Switch from form to text field for passphrase input. - Refactor error dialog format. - Send dialog on incorrect parsing of private key. - Refactor block sync service to take parameters. 2021-03-16 11:08:18 +01:00			`private loggingService: LoggingService,`
			`private errorDialogService: ErrorDialogService`
Add method for loading public keys into keyring. 2021-02-16 08:10:52 +01:00			`) {`
Add strong typing to variables and functions. 2021-04-29 19:10:39 +02:00			`this.mutableKeyStore = new MutablePgpKeyStore();`
Refactor update of data on meta service. 2021-04-25 12:32:23 +02:00			`}`

blocking access on 401/403 2021-04-29 07:29:54 +02:00			`async init(): Promise<void> {`
Add strong typing to variables and functions. 2021-04-29 19:10:39 +02:00			`await this.mutableKeyStore.loadKeyring();`
Refactor update of data on meta service. 2021-04-25 12:32:23 +02:00			`// TODO setting these together should be atomic`
Add session token to session storage. 2021-01-18 14:04:16 +01:00			`if (sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'))) {`
			`this.sessionToken = sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'));`
			`}`
			`if (localStorage.getItem(btoa('CICADA_PRIVATE_KEY'))) {`
Add strong typing to variables and functions. 2021-04-29 19:10:39 +02:00			`await this.mutableKeyStore.importPrivateKey(localStorage.getItem(btoa('CICADA_PRIVATE_KEY')));`
Add session token to session storage. 2021-01-18 14:04:16 +01:00			`}`
			`}`
Add authentication service. 2020-12-28 10:09:11 +01:00
			`setState(s): void {`
Refactor auth module. - Switch from form to text field for passphrase input. - Refactor error dialog format. - Send dialog on incorrect parsing of private key. - Refactor block sync service to take parameters. 2021-03-16 11:08:18 +01:00			`document.getElementById('state').innerHTML = s;`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`

Refactor auth http requests. 2021-05-15 12:42:46 +02:00			`getWithToken(): Promise<boolean> {`
			`return new Promise((resolve, reject) => {`
			`const headers = {`
			`Authorization: 'Bearer ' + this.sessionToken,`
			`'Content-Type': 'application/json;charset=utf-8',`
			`'x-cic-automerge': 'none',`
			`};`
			`const options = {`
			`headers,`
			`};`
			`fetch(environment.cicMetaUrl, options).then((response) => {`
			`if (response.status === 401) {`
Add reject body interface. 2021-05-17 08:06:07 +02:00			`return reject(rejectBody(response));`
Refactor auth http requests. 2021-05-15 12:42:46 +02:00			`}`
			`return resolve(true);`
			`});`
Add authentication service. 2020-12-28 10:09:11 +01:00			`});`
			`}`

Add strong typing to variables and functions. 2021-04-29 19:10:39 +02:00			`// TODO rename to send signed challenge and set session. Also separate these responsibilities`
			`sendResponse(hobaResponseEncoded: any): Promise<boolean> {`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`return new Promise((resolve, reject) => {`
Refactor auth http requests. 2021-05-15 12:42:46 +02:00			`const headers = {`
			`Authorization: 'HOBA ' + hobaResponseEncoded,`
			`'Content-Type': 'application/json;charset=utf-8',`
			`'x-cic-automerge': 'none',`
			`};`
			`const options = {`
			`headers,`
			`};`
			`fetch(environment.cicMetaUrl, options).then((response) => {`
			`if (response.status === 401) {`
Add reject body interface. 2021-05-17 08:06:07 +02:00			`return reject(rejectBody(response));`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`}`
Refactor auth http requests. 2021-05-15 12:42:46 +02:00			`this.sessionToken = response.headers.get('Token');`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`sessionStorage.setItem(btoa('CICADA_SESSION_TOKEN'), this.sessionToken);`
			`this.setState('Click button to log in');`
			`return resolve(true);`
			`});`
Add strong typing to variables and functions. 2021-04-29 19:10:39 +02:00			`});`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`

Refactor auth http requests. 2021-05-15 12:42:46 +02:00			`getChallenge(): Promise<any> {`
			`return new Promise((resolve, reject) => {`
			`fetch(environment.cicMetaUrl).then(async (response) => {`
			`if (response.status === 401) {`
			`const authHeader: string = response.headers.get('WWW-Authenticate');`
			`return resolve(hobaParseChallengeHeader(authHeader));`
			`}`
			`if (!response.ok) {`
Add reject body interface. 2021-05-17 08:06:07 +02:00			`return reject(rejectBody(response));`
Refactor auth http requests. 2021-05-15 12:42:46 +02:00			`}`
			`});`
			`});`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`

Refactor auth http requests. 2021-05-15 12:42:46 +02:00			`async login(): Promise<boolean> {`
Add authentication service. 2020-12-28 10:09:11 +01:00			`if (this.sessionToken !== undefined) {`
			`try {`
Refactor auth http requests. 2021-05-15 12:42:46 +02:00			`const response: boolean = await this.getWithToken();`
			`return response === true;`
Add authentication service. 2020-12-28 10:09:11 +01:00			`} catch (e) {`
Format files with prettier. 2021-05-10 18:15:25 +02:00			`this.loggingService.sendErrorLevelMessage('Login token failed', this, { error: e });`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`
			`} else {`
			`try {`
Refactor auth http requests. 2021-05-15 12:42:46 +02:00			`const o = await this.getChallenge();`
			`const response: boolean = await this.loginResponse(o);`
			`return response === true;`
Add authentication service. 2020-12-28 10:09:11 +01:00			`} catch (e) {`
Format files with prettier. 2021-05-10 18:15:25 +02:00			`this.loggingService.sendErrorLevelMessage('Login challenge failed', this, { error: e });`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`
			`}`
			`return false;`
			`}`

Format files with prettier. 2021-05-10 18:15:25 +02:00			`async loginResponse(o: { challenge: string; realm: any }): Promise<any> {`
Add strong typing to variables and functions. 2021-04-29 19:10:39 +02:00			`return new Promise(async (resolve, reject) => {`
Add authentication service. 2020-12-28 10:09:11 +01:00			`try {`
Format files with prettier. 2021-05-10 18:15:25 +02:00			`const r = await signChallenge(`
			`o.challenge,`
			`o.realm,`
			`environment.cicMetaUrl,`
			`this.mutableKeyStore`
			`);`
Refactor auth http requests. 2021-05-15 12:42:46 +02:00			`const response: boolean = await this.sendResponse(r);`
			`resolve(response);`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`} catch (error) {`
			`if (error instanceof HttpError) {`
			`if (error.status === 403) {`
Format files with prettier. 2021-05-10 18:15:25 +02:00			`this.errorDialogService.openDialog({`
			`message: 'You are not authorized to use this system',`
			`});`
Refactor auth http requests. 2021-05-15 12:42:46 +02:00			`} else if (error.status === 401) {`
Add strong typing to variables and functions. 2021-04-29 19:10:39 +02:00			`this.errorDialogService.openDialog({`
Format files with prettier. 2021-05-10 18:15:25 +02:00			`message:`
			`'Unable to authenticate with the service. ' +`
Add strong typing to variables and functions. 2021-04-29 19:10:39 +02:00			`'Please speak with the staff at Grassroots ' +`
			`'Economics for requesting access ' +`
Format files with prettier. 2021-05-10 18:15:25 +02:00			`'staff@grassrootseconomics.net.',`
Add strong typing to variables and functions. 2021-04-29 19:10:39 +02:00			`});`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`}`
Refactor auth http requests. 2021-05-15 12:42:46 +02:00			`} else {`
			`// TODO define this error`
			`this.errorDialogService.openDialog({ message: 'Incorrect key passphrase.' });`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`}`
			`resolve(false);`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`});`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`

			`loginView(): void {`
			`document.getElementById('one').style.display = 'none';`
			`document.getElementById('two').style.display = 'block';`
Refactor auth module. - Switch from form to text field for passphrase input. - Refactor error dialog format. - Send dialog on incorrect parsing of private key. - Refactor block sync service to take parameters. 2021-03-16 11:08:18 +01:00			`this.setState('Click button to log in with PGP key ' + this.mutableKeyStore.getPrivateKeyId());`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`

			`async setKey(privateKeyArmored): Promise<boolean> {`
			`try {`
Bug fix. - Handle error for incorrect passphrase entry. 2021-03-21 17:27:54 +01:00			`const isValidKeyCheck = await this.mutableKeyStore.isValidKey(privateKeyArmored);`
private key loading error handling 2021-03-21 03:23:50 +01:00			`if (!isValidKeyCheck) {`
Scrap HttpWrapperService. 2021-03-21 12:02:18 +01:00			`throw Error('The private key is invalid');`
private key loading error handling 2021-03-21 03:23:50 +01:00			`}`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`// TODO leaving this out for now.`
Add strong typing to variables and functions. 2021-04-29 19:10:39 +02:00			`// const isEncryptedKeyCheck = await this.mutableKeyStore.isEncryptedPrivateKey(privateKeyArmored);`
			`// if (!isEncryptedKeyCheck) {`
			`// throw Error('The private key doesn\'t have a password!');`
			`// }`
private key loading error handling 2021-03-21 03:23:50 +01:00			`const key = await this.mutableKeyStore.importPrivateKey(privateKeyArmored);`
Bug fix. - Remove unsafe keystore. - Refactor functionality from unsafe keystore into mutable keystore. 2021-02-17 12:13:08 +01:00			`localStorage.setItem(btoa('CICADA_PRIVATE_KEY'), privateKeyArmored);`
Refactor auth module. - Switch from form to text field for passphrase input. - Refactor error dialog format. - Send dialog on incorrect parsing of private key. - Refactor block sync service to take parameters. 2021-03-16 11:08:18 +01:00			`} catch (err) {`
Format files with prettier. 2021-05-10 18:15:25 +02:00			`this.loggingService.sendErrorLevelMessage(`
			`Failed to set key: ${err.message \|\| err.statusText}`,
			`this,`
			`{ error: err }`
			`);`
Refactor auth module. - Switch from form to text field for passphrase input. - Refactor error dialog format. - Send dialog on incorrect parsing of private key. - Refactor block sync service to take parameters. 2021-03-16 11:08:18 +01:00			`this.errorDialogService.openDialog({`
private key loading error handling 2021-03-21 03:23:50 +01:00			message: `Failed to set key: ${err.message \|\| err.statusText}`,
Refactor auth module. - Switch from form to text field for passphrase input. - Refactor error dialog format. - Send dialog on incorrect parsing of private key. - Refactor block sync service to take parameters. 2021-03-16 11:08:18 +01:00			`});`
Add authentication service. 2020-12-28 10:09:11 +01:00			`return false;`
			`}`
			`this.loginView();`
			`return true;`
			`}`
Add session token to session storage. 2021-01-18 14:04:16 +01:00
			`logout(): void {`
			`sessionStorage.removeItem(btoa('CICADA_SESSION_TOKEN'));`
Refactor auth http requests. 2021-05-15 12:42:46 +02:00			`localStorage.removeItem(btoa('CICADA_PRIVATE_KEY'));`
Add user logout. 2021-03-24 17:41:11 +01:00			`this.sessionToken = undefined;`
Format files with prettier. 2021-05-10 18:15:25 +02:00			`window.location.reload();`
Add session token to session storage. 2021-01-18 14:04:16 +01:00			`}`
Add method for loading public keys into keyring. 2021-02-16 08:10:52 +01:00
Add list of users from public keys. 2021-03-16 18:13:48 +01:00			`getTrustedUsers(): any {`
Add strong typing to variables and functions. 2021-04-29 19:10:39 +02:00			`const trustedUsers: Array<any> = [];`
Format files with prettier. 2021-05-10 18:15:25 +02:00			`this.mutableKeyStore.getPublicKeys().forEach((key) => trustedUsers.push(key.users[0].userId));`
Add list of users from public keys. 2021-03-16 18:13:48 +01:00			`return trustedUsers;`
			`}`

blocking access on 401/403 2021-04-29 07:29:54 +02:00			`async getPublicKeys(): Promise<any> {`
Add reject body interface. 2021-05-17 08:06:07 +02:00			`return new Promise((resolve, reject) => {`
			`fetch(environment.publicKeysUrl).then((res) => {`
			`if (!res.ok) {`
			`// TODO does angular recommend an error interface?`
			`return reject(rejectBody(res));`
			`}`
			`return resolve(res.text());`
			`});`
Format files with prettier. 2021-05-10 18:15:25 +02:00			`});`
private key loading error handling 2021-03-21 03:23:50 +01:00			`}`

blocking access on 401/403 2021-04-29 07:29:54 +02:00			`getPrivateKey(): any {`
Format files with prettier. 2021-05-10 18:15:25 +02:00			`return this.mutableKeyStore.getPrivateKey();`
Add method for loading public keys into keyring. 2021-02-16 08:10:52 +01:00			`}`
Add private key user info to settings page. 2021-05-18 09:33:38 +02:00
			`getPrivateKeyInfo(): any {`
			`return this.getPrivateKey().users[0].userId;`
			`}`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`