2021-05-10 18:15:25 +02:00
|
|
|
import { Injectable } from '@angular/core';
|
|
|
|
import { hobaParseChallengeHeader } from '@src/assets/js/hoba.js';
|
|
|
|
import { signChallenge } from '@src/assets/js/hoba-pgp.js';
|
|
|
|
import { environment } from '@src/environments/environment';
|
|
|
|
import { LoggingService } from '@app/_services/logging.service';
|
2021-06-11 15:57:16 +02:00
|
|
|
import { MutableKeyStore } from '@app/_pgp';
|
2021-05-10 18:15:25 +02:00
|
|
|
import { ErrorDialogService } from '@app/_services/error-dialog.service';
|
|
|
|
import { HttpClient } from '@angular/common/http';
|
2021-05-17 08:06:07 +02:00
|
|
|
import { HttpError, rejectBody } from '@app/_helpers/global-error-handler';
|
2021-06-02 09:48:02 +02:00
|
|
|
import { Staff } from '@app/_models';
|
|
|
|
import { BehaviorSubject, Observable } from 'rxjs';
|
2021-06-11 15:57:16 +02:00
|
|
|
import { KeystoreService } from '@app/_services/keystore.service';
|
2020-12-28 10:09:11 +01:00
|
|
|
|
|
|
|
@Injectable({
|
2021-05-10 18:15:25 +02:00
|
|
|
providedIn: 'root',
|
2020-12-28 10:09:11 +01:00
|
|
|
})
|
|
|
|
export class AuthService {
|
2021-04-29 07:29:54 +02:00
|
|
|
mutableKeyStore: MutableKeyStore;
|
2021-06-02 09:48:02 +02:00
|
|
|
trustedUsers: Array<Staff> = [];
|
|
|
|
private trustedUsersList: BehaviorSubject<Array<Staff>> = new BehaviorSubject<Array<Staff>>(
|
|
|
|
this.trustedUsers
|
|
|
|
);
|
|
|
|
trustedUsersSubject: Observable<Array<Staff>> = this.trustedUsersList.asObservable();
|
2020-12-28 10:09:11 +01:00
|
|
|
|
2021-02-16 08:10:52 +01:00
|
|
|
constructor(
|
2021-03-19 17:05:15 +01:00
|
|
|
private httpClient: HttpClient,
|
2021-03-16 11:08:18 +01:00
|
|
|
private loggingService: LoggingService,
|
|
|
|
private errorDialogService: ErrorDialogService
|
2021-06-11 15:57:16 +02:00
|
|
|
) {}
|
2021-04-25 12:32:23 +02:00
|
|
|
|
2021-04-29 07:29:54 +02:00
|
|
|
async init(): Promise<void> {
|
2021-06-11 15:57:16 +02:00
|
|
|
this.mutableKeyStore = await KeystoreService.getKeystore();
|
2021-01-18 14:04:16 +01:00
|
|
|
if (localStorage.getItem(btoa('CICADA_PRIVATE_KEY'))) {
|
2021-04-29 19:10:39 +02:00
|
|
|
await this.mutableKeyStore.importPrivateKey(localStorage.getItem(btoa('CICADA_PRIVATE_KEY')));
|
2021-01-18 14:04:16 +01:00
|
|
|
}
|
|
|
|
}
|
2021-06-11 15:57:16 +02:00
|
|
|
|
2021-06-09 02:59:01 +02:00
|
|
|
getSessionToken(): string {
|
2021-06-10 02:07:25 +02:00
|
|
|
return sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'));
|
2021-06-09 02:59:01 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
setSessionToken(token): void {
|
2021-06-10 02:07:25 +02:00
|
|
|
sessionStorage.setItem(btoa('CICADA_SESSION_TOKEN'), token);
|
2021-06-09 02:59:01 +02:00
|
|
|
}
|
2020-12-28 10:09:11 +01:00
|
|
|
|
|
|
|
setState(s): void {
|
2021-03-16 11:08:18 +01:00
|
|
|
document.getElementById('state').innerHTML = s;
|
2020-12-28 10:09:11 +01:00
|
|
|
}
|
|
|
|
|
2021-05-15 12:42:46 +02:00
|
|
|
getWithToken(): Promise<boolean> {
|
2021-06-11 15:57:16 +02:00
|
|
|
const headers = {
|
|
|
|
Authorization: 'Bearer ' + this.getSessionToken,
|
|
|
|
'Content-Type': 'application/json;charset=utf-8',
|
|
|
|
'x-cic-automerge': 'none',
|
|
|
|
};
|
|
|
|
const options = {
|
|
|
|
headers,
|
|
|
|
};
|
|
|
|
return fetch(environment.cicMetaUrl, options).then((response) => {
|
|
|
|
if (!response.ok) {
|
|
|
|
this.loggingService.sendErrorLevelMessage('failed to get with auth token.', this, {
|
|
|
|
error: '',
|
|
|
|
});
|
2021-06-10 02:07:25 +02:00
|
|
|
|
2021-06-11 15:57:16 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
});
|
2020-12-28 10:09:11 +01:00
|
|
|
}
|
|
|
|
|
2021-04-29 19:10:39 +02:00
|
|
|
// TODO rename to send signed challenge and set session. Also separate these responsibilities
|
2021-06-09 02:59:01 +02:00
|
|
|
sendSignedChallenge(hobaResponseEncoded: any): Promise<any> {
|
2021-06-11 15:57:16 +02:00
|
|
|
const headers = {
|
|
|
|
Authorization: 'HOBA ' + hobaResponseEncoded,
|
|
|
|
'Content-Type': 'application/json;charset=utf-8',
|
|
|
|
'x-cic-automerge': 'none',
|
|
|
|
};
|
|
|
|
const options = {
|
|
|
|
headers,
|
|
|
|
};
|
|
|
|
return fetch(environment.cicMetaUrl, options);
|
2020-12-28 10:09:11 +01:00
|
|
|
}
|
|
|
|
|
2021-05-15 12:42:46 +02:00
|
|
|
getChallenge(): Promise<any> {
|
2021-06-11 15:57:16 +02:00
|
|
|
return fetch(environment.cicMetaUrl).then((response) => {
|
|
|
|
if (response.status === 401) {
|
|
|
|
const authHeader: string = response.headers.get('WWW-Authenticate');
|
|
|
|
return hobaParseChallengeHeader(authHeader);
|
|
|
|
}
|
|
|
|
});
|
2020-12-28 10:09:11 +01:00
|
|
|
}
|
|
|
|
|
2021-05-15 12:42:46 +02:00
|
|
|
async login(): Promise<boolean> {
|
2021-06-09 02:59:01 +02:00
|
|
|
if (this.getSessionToken()) {
|
2021-06-11 15:57:16 +02:00
|
|
|
sessionStorage.removeItem(btoa('CICADA_SESSION_TOKEN'));
|
2020-12-28 10:09:11 +01:00
|
|
|
} else {
|
2021-06-11 15:57:16 +02:00
|
|
|
const o = await this.getChallenge();
|
|
|
|
|
|
|
|
const r = await signChallenge(
|
|
|
|
o.challenge,
|
|
|
|
o.realm,
|
|
|
|
environment.cicMetaUrl,
|
|
|
|
this.mutableKeyStore
|
|
|
|
);
|
|
|
|
|
|
|
|
const tokenResponse = await this.sendSignedChallenge(r).then((response) => {
|
|
|
|
const token = response.headers.get('Token');
|
|
|
|
if (token) {
|
|
|
|
return token;
|
|
|
|
}
|
|
|
|
if (response.status === 401) {
|
|
|
|
throw new HttpError('You are not authorized to use this system', response.status);
|
|
|
|
}
|
|
|
|
if (!response.ok) {
|
|
|
|
throw new HttpError('Unknown error from authentication server', response.status);
|
2021-06-09 02:59:01 +02:00
|
|
|
}
|
2021-06-11 15:57:16 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
if (tokenResponse) {
|
|
|
|
this.setSessionToken(tokenResponse);
|
|
|
|
this.setState('Click button to log in');
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
return false;
|
2020-12-28 10:09:11 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
loginView(): void {
|
|
|
|
document.getElementById('one').style.display = 'none';
|
|
|
|
document.getElementById('two').style.display = 'block';
|
2021-03-16 11:08:18 +01:00
|
|
|
this.setState('Click button to log in with PGP key ' + this.mutableKeyStore.getPrivateKeyId());
|
2020-12-28 10:09:11 +01:00
|
|
|
}
|
|
|
|
|
2021-05-12 08:16:38 +02:00
|
|
|
/**
|
|
|
|
* @throws
|
|
|
|
* @param privateKeyArmored - Private key.
|
|
|
|
*/
|
2020-12-28 10:09:11 +01:00
|
|
|
async setKey(privateKeyArmored): Promise<boolean> {
|
|
|
|
try {
|
2021-03-21 17:27:54 +01:00
|
|
|
const isValidKeyCheck = await this.mutableKeyStore.isValidKey(privateKeyArmored);
|
2021-03-21 03:23:50 +01:00
|
|
|
if (!isValidKeyCheck) {
|
2021-03-21 12:02:18 +01:00
|
|
|
throw Error('The private key is invalid');
|
2021-03-21 03:23:50 +01:00
|
|
|
}
|
2021-04-29 07:29:54 +02:00
|
|
|
// TODO leaving this out for now.
|
2021-04-29 19:10:39 +02:00
|
|
|
// const isEncryptedKeyCheck = await this.mutableKeyStore.isEncryptedPrivateKey(privateKeyArmored);
|
|
|
|
// if (!isEncryptedKeyCheck) {
|
|
|
|
// throw Error('The private key doesn\'t have a password!');
|
|
|
|
// }
|
2021-03-21 03:23:50 +01:00
|
|
|
const key = await this.mutableKeyStore.importPrivateKey(privateKeyArmored);
|
2021-02-17 12:13:08 +01:00
|
|
|
localStorage.setItem(btoa('CICADA_PRIVATE_KEY'), privateKeyArmored);
|
2021-03-16 11:08:18 +01:00
|
|
|
} catch (err) {
|
2021-05-10 18:15:25 +02:00
|
|
|
this.loggingService.sendErrorLevelMessage(
|
|
|
|
`Failed to set key: ${err.message || err.statusText}`,
|
|
|
|
this,
|
|
|
|
{ error: err }
|
|
|
|
);
|
2021-03-16 11:08:18 +01:00
|
|
|
this.errorDialogService.openDialog({
|
2021-03-21 03:23:50 +01:00
|
|
|
message: `Failed to set key: ${err.message || err.statusText}`,
|
2021-03-16 11:08:18 +01:00
|
|
|
});
|
2020-12-28 10:09:11 +01:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
this.loginView();
|
|
|
|
return true;
|
|
|
|
}
|
2021-01-18 14:04:16 +01:00
|
|
|
|
|
|
|
logout(): void {
|
|
|
|
sessionStorage.removeItem(btoa('CICADA_SESSION_TOKEN'));
|
2021-05-15 12:42:46 +02:00
|
|
|
localStorage.removeItem(btoa('CICADA_PRIVATE_KEY'));
|
2021-05-10 18:15:25 +02:00
|
|
|
window.location.reload();
|
2021-01-18 14:04:16 +01:00
|
|
|
}
|
2021-02-16 08:10:52 +01:00
|
|
|
|
2021-06-02 09:48:02 +02:00
|
|
|
addTrustedUser(user: Staff): void {
|
|
|
|
const savedIndex = this.trustedUsers.findIndex((staff) => staff.userid === user.userid);
|
|
|
|
if (savedIndex === 0) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (savedIndex > 0) {
|
|
|
|
this.trustedUsers.splice(savedIndex, 1);
|
|
|
|
}
|
|
|
|
this.trustedUsers.unshift(user);
|
|
|
|
this.trustedUsersList.next(this.trustedUsers);
|
|
|
|
}
|
|
|
|
|
2021-06-04 10:01:20 +02:00
|
|
|
getTrustedUsers(): void {
|
2021-06-02 09:48:02 +02:00
|
|
|
this.mutableKeyStore.getPublicKeys().forEach((key) => {
|
|
|
|
this.addTrustedUser(key.users[0].userId);
|
|
|
|
});
|
2021-03-16 18:13:48 +01:00
|
|
|
}
|
|
|
|
|
2021-04-29 07:29:54 +02:00
|
|
|
async getPublicKeys(): Promise<any> {
|
2021-05-17 08:06:07 +02:00
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
fetch(environment.publicKeysUrl).then((res) => {
|
|
|
|
if (!res.ok) {
|
|
|
|
// TODO does angular recommend an error interface?
|
|
|
|
return reject(rejectBody(res));
|
|
|
|
}
|
|
|
|
return resolve(res.text());
|
|
|
|
});
|
2021-05-10 18:15:25 +02:00
|
|
|
});
|
2021-03-21 03:23:50 +01:00
|
|
|
}
|
|
|
|
|
2021-04-29 07:29:54 +02:00
|
|
|
getPrivateKey(): any {
|
2021-05-10 18:15:25 +02:00
|
|
|
return this.mutableKeyStore.getPrivateKey();
|
2021-02-16 08:10:52 +01:00
|
|
|
}
|
2021-05-18 09:33:38 +02:00
|
|
|
|
|
|
|
getPrivateKeyInfo(): any {
|
|
|
|
return this.getPrivateKey().users[0].userId;
|
|
|
|
}
|
2020-12-28 10:09:11 +01:00
|
|
|
}
|