cic-staff-client/src/app/_services/auth.service.ts

import { Injectable } from '@angular/core';
import { hobaParseChallengeHeader } from '@src/assets/js/hoba.js';
import { signChallenge } from '@src/assets/js/hoba-pgp.js';
import { environment } from '@src/environments/environment';
import { LoggingService } from '@app/_services/logging.service';
import { MutableKeyStore, MutablePgpKeyStore } from '@app/_pgp';
import { ErrorDialogService } from '@app/_services/error-dialog.service';
import { HttpClient } from '@angular/common/http';
import { Observable } from 'rxjs';
import { HttpError } from '@app/_helpers/global-error-handler';

@Injectable({
  providedIn: 'root'
})
export class AuthService {
  sessionToken: any;
  sessionLoginCount = 0;
  mutableKeyStore: MutableKeyStore;

  constructor(
    private httpClient: HttpClient,
    private loggingService: LoggingService,
    private errorDialogService: ErrorDialogService
  ) {
    this.mutableKeyStore = new MutablePgpKeyStore()
  }

  async init(): Promise<void> {
    this.mutableKeyStore.loadKeyring();
    // TODO setting these together should be atomic
    if (sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'))) {
      this.sessionToken = sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'));
    }
    if (localStorage.getItem(btoa('CICADA_PRIVATE_KEY'))) {
      this.mutableKeyStore.importPrivateKey(localStorage.getItem(btoa('CICADA_PRIVATE_KEY')))
      // this.privateKey = localStorage.getItem(btoa('CICADA_PRIVATE_KEY'));
    }
  }

  setState(s): void {
    document.getElementById('state').innerHTML = s;
  }

  getWithToken(): void {
    const xhr = new XMLHttpRequest();
    xhr.responseType = 'text';
    xhr.open('GET', environment.cicMetaUrl + window.location.search.substring(1));
    xhr.setRequestHeader('Authorization', 'Bearer ' + this.sessionToken);
    xhr.setRequestHeader('Content-Type', 'application/json');
    xhr.setRequestHeader('x-cic-automerge', 'none');
    xhr.addEventListener('load', (e) => {
      if (xhr.status === 401) {
        throw new Error('login rejected');
      }
      this.sessionLoginCount++;
      this.setState('Click button to log in');
      return;
    });
    xhr.send();
  }

  //TODO renmae to send signed challenge and set session. Also seperate these responsibilities
  sendResponse(hobaResponseEncoded): Promise<boolean> {
    return new Promise((resolve, reject) => {
      const xhr = new XMLHttpRequest();
      xhr.responseType = 'text';
      xhr.open('GET', environment.cicMetaUrl + window.location.search.substring(1));
      xhr.setRequestHeader('Authorization', 'HOBA ' + hobaResponseEncoded);
      xhr.setRequestHeader('Content-Type', 'application/json');
      xhr.setRequestHeader('x-cic-automerge', 'none');
      xhr.addEventListener('load', (e) => {
        if (xhr.status !== 200) {
            const error = new HttpError(xhr.statusText, xhr.status);
            return reject(error);
        }
        this.sessionToken = xhr.getResponseHeader('Token');
        sessionStorage.setItem(btoa('CICADA_SESSION_TOKEN'), this.sessionToken);
        this.sessionLoginCount++;
        this.setState('Click button to log in');
        return resolve(true);
      });
      xhr.send();
    })
  }

  getChallenge(): void {
    const xhr = new XMLHttpRequest();
    xhr.responseType = 'arraybuffer';
    xhr.open('GET', environment.cicMetaUrl + window.location.search.substring(1));
    xhr.onload = async (e) => {
      if (xhr.status === 401) {
        const authHeader = xhr.getResponseHeader('WWW-Authenticate');
        const o = hobaParseChallengeHeader(authHeader);
        this.loginResponse(o);
      }
    };
    xhr.send();
  }


  login(): boolean {
    if (this.sessionToken !== undefined) {
      try {
        this.getWithToken();
        return true;
      } catch (e) {
        this.loggingService.sendErrorLevelMessage('Login token failed', this, {error: e});
      }
    } else {
      try {
        this.getChallenge();
      } catch (e) {
        this.loggingService.sendErrorLevelMessage('Login challenge failed', this, {error: e});
      }
    }
    return false;
  }


  async loginResponse(o): Promise<any> {
    return new Promise(async(resolve, reject) => {
      try {
        const r = await signChallenge(o.challenge,
                                      o.realm,
                                      environment.cicMetaUrl,
                                      this.mutableKeyStore);
        const sessionTokenResult = await this.sendResponse(r);
      } catch (error) {
        if (error instanceof HttpError) {
          if (error.status === 403) {
            this.errorDialogService.openDialog({ message: 'You are not authorized to use this system' })
          }
          if (error.status === 401) {
            this.errorDialogService.openDialog({ message: 'Unable to authenticate with the service. ' +
                                                        'Please speak with the staff at Grassroots ' +
                                                        'Economics for requesting access ' +
                                                        'staff@grassrootseconomics.net.' })

          }
        }
        // TODO define this error
        this.errorDialogService.openDialog({message: 'Incorrect key passphrase.'});
        resolve(false);
      }
    });
  }

  loginView(): void {
    document.getElementById('one').style.display = 'none';
    document.getElementById('two').style.display = 'block';
    this.setState('Click button to log in with PGP key ' + this.mutableKeyStore.getPrivateKeyId());
  }

  async setKey(privateKeyArmored): Promise<boolean> {
    try {
      const isValidKeyCheck = await this.mutableKeyStore.isValidKey(privateKeyArmored);
      if (!isValidKeyCheck) {
        throw Error('The private key is invalid');
      }
      // TODO leaving this out for now.
      //const isEncryptedKeyCheck = await this.mutableKeyStore.isEncryptedPrivateKey(privateKeyArmored);
      //if (!isEncryptedKeyCheck) {
      //  throw Error('The private key doesn\'t have a password!');
      //}
      const key = await this.mutableKeyStore.importPrivateKey(privateKeyArmored);
      localStorage.setItem(btoa('CICADA_PRIVATE_KEY'), privateKeyArmored);
    } catch (err) {
      this.loggingService.sendErrorLevelMessage(`Failed to set key: ${err.message || err.statusText}`, this, {error: err});
      this.errorDialogService.openDialog({
        message: `Failed to set key: ${err.message || err.statusText}`,
      });
      return false;
    }
    this.loginView();
    return true;
  }

  logout(): void {
    sessionStorage.removeItem(btoa('CICADA_SESSION_TOKEN'));
    this.sessionToken = undefined;
    window.location.reload(true);
  }

  getTrustedUsers(): any {
    let trustedUsers = [];
    this.mutableKeyStore.getPublicKeys().forEach(key => trustedUsers.push(key.users[0].userId));
    return trustedUsers;
  }

  async getPublicKeys(): Promise<any> {
    const data = await fetch(environment.publicKeysUrl)
      .then(res => {
        if (!res.ok) {
          //TODO does angular recommend an error interface?
          throw Error(`${res.statusText} - ${res.status}`);
        }
        return res.text();
      })
    return data;
  }

  getPrivateKey(): any {
      return this.mutableKeyStore.getPrivateKey();
  }
}
Add authentication service. 2020-12-28 10:09:11 +01:00			`import { Injectable } from '@angular/core';`
Add method for loading public keys into keyring. 2021-02-16 08:10:52 +01:00			`import { hobaParseChallengeHeader } from '@src/assets/js/hoba.js';`
			`import { signChallenge } from '@src/assets/js/hoba-pgp.js';`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`import { environment } from '@src/environments/environment';`
			`import { LoggingService } from '@app/_services/logging.service';`
			`import { MutableKeyStore, MutablePgpKeyStore } from '@app/_pgp';`
			`import { ErrorDialogService } from '@app/_services/error-dialog.service';`
Move error handler to error interceptor. 2021-03-21 14:11:05 +01:00			`import { HttpClient } from '@angular/common/http';`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`import { Observable } from 'rxjs';`
			`import { HttpError } from '@app/_helpers/global-error-handler';`
Add authentication service. 2020-12-28 10:09:11 +01:00
			`@Injectable({`
			`providedIn: 'root'`
			`})`
			`export class AuthService {`
Add session token to session storage. 2021-01-18 14:04:16 +01:00			`sessionToken: any;`
Add authentication service. 2020-12-28 10:09:11 +01:00			`sessionLoginCount = 0;`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`mutableKeyStore: MutableKeyStore;`
Add authentication service. 2020-12-28 10:09:11 +01:00
Add method for loading public keys into keyring. 2021-02-16 08:10:52 +01:00			`constructor(`
riffin 2021-03-19 17:05:15 +01:00			`private httpClient: HttpClient,`
Refactor auth module. - Switch from form to text field for passphrase input. - Refactor error dialog format. - Send dialog on incorrect parsing of private key. - Refactor block sync service to take parameters. 2021-03-16 11:08:18 +01:00			`private loggingService: LoggingService,`
			`private errorDialogService: ErrorDialogService`
Add method for loading public keys into keyring. 2021-02-16 08:10:52 +01:00			`) {`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`this.mutableKeyStore = new MutablePgpKeyStore()`
Refactor update of data on meta service. 2021-04-25 12:32:23 +02:00			`}`

blocking access on 401/403 2021-04-29 07:29:54 +02:00			`async init(): Promise<void> {`
			`this.mutableKeyStore.loadKeyring();`
Refactor update of data on meta service. 2021-04-25 12:32:23 +02:00			`// TODO setting these together should be atomic`
Add session token to session storage. 2021-01-18 14:04:16 +01:00			`if (sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'))) {`
			`this.sessionToken = sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'));`
			`}`
			`if (localStorage.getItem(btoa('CICADA_PRIVATE_KEY'))) {`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`this.mutableKeyStore.importPrivateKey(localStorage.getItem(btoa('CICADA_PRIVATE_KEY')))`
			`// this.privateKey = localStorage.getItem(btoa('CICADA_PRIVATE_KEY'));`
Add session token to session storage. 2021-01-18 14:04:16 +01:00			`}`
			`}`
Add authentication service. 2020-12-28 10:09:11 +01:00
			`setState(s): void {`
Refactor auth module. - Switch from form to text field for passphrase input. - Refactor error dialog format. - Send dialog on incorrect parsing of private key. - Refactor block sync service to take parameters. 2021-03-16 11:08:18 +01:00			`document.getElementById('state').innerHTML = s;`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`

			`getWithToken(): void {`
			`const xhr = new XMLHttpRequest();`
			`xhr.responseType = 'text';`
Refactor environment variables. 2021-03-16 16:32:26 +01:00			`xhr.open('GET', environment.cicMetaUrl + window.location.search.substring(1));`
Add authentication service. 2020-12-28 10:09:11 +01:00			`xhr.setRequestHeader('Authorization', 'Bearer ' + this.sessionToken);`
			`xhr.setRequestHeader('Content-Type', 'application/json');`
			`xhr.setRequestHeader('x-cic-automerge', 'none');`
			`xhr.addEventListener('load', (e) => {`
			`if (xhr.status === 401) {`
			`throw new Error('login rejected');`
			`}`
			`this.sessionLoginCount++;`
Add user logout. 2021-03-24 17:41:11 +01:00			`this.setState('Click button to log in');`
Add authentication service. 2020-12-28 10:09:11 +01:00			`return;`
			`});`
			`xhr.send();`
			`}`

blocking access on 401/403 2021-04-29 07:29:54 +02:00			`//TODO renmae to send signed challenge and set session. Also seperate these responsibilities`
			`sendResponse(hobaResponseEncoded): Promise<boolean> {`
			`return new Promise((resolve, reject) => {`
			`const xhr = new XMLHttpRequest();`
			`xhr.responseType = 'text';`
			`xhr.open('GET', environment.cicMetaUrl + window.location.search.substring(1));`
			`xhr.setRequestHeader('Authorization', 'HOBA ' + hobaResponseEncoded);`
			`xhr.setRequestHeader('Content-Type', 'application/json');`
			`xhr.setRequestHeader('x-cic-automerge', 'none');`
			`xhr.addEventListener('load', (e) => {`
			`if (xhr.status !== 200) {`
			`const error = new HttpError(xhr.statusText, xhr.status);`
			`return reject(error);`
			`}`
			`this.sessionToken = xhr.getResponseHeader('Token');`
			`sessionStorage.setItem(btoa('CICADA_SESSION_TOKEN'), this.sessionToken);`
			`this.sessionLoginCount++;`
			`this.setState('Click button to log in');`
			`return resolve(true);`
			`});`
			`xhr.send();`
			`})`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`

Add session token to session storage. 2021-01-18 14:04:16 +01:00			`getChallenge(): void {`
Add authentication service. 2020-12-28 10:09:11 +01:00			`const xhr = new XMLHttpRequest();`
			`xhr.responseType = 'arraybuffer';`
Refactor environment variables. 2021-03-16 16:32:26 +01:00			`xhr.open('GET', environment.cicMetaUrl + window.location.search.substring(1));`
Switch to async/await schema for all asynchronous function calls. 2021-03-18 10:10:55 +01:00			`xhr.onload = async (e) => {`
Add authentication service. 2020-12-28 10:09:11 +01:00			`if (xhr.status === 401) {`
			`const authHeader = xhr.getResponseHeader('WWW-Authenticate');`
			`const o = hobaParseChallengeHeader(authHeader);`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`this.loginResponse(o);`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`
			`};`
			`xhr.send();`
			`}`


			`login(): boolean {`
			`if (this.sessionToken !== undefined) {`
			`try {`
			`this.getWithToken();`
			`return true;`
			`} catch (e) {`
Refactor requests to utilize http wrapper service. 2021-03-14 09:19:25 +01:00			`this.loggingService.sendErrorLevelMessage('Login token failed', this, {error: e});`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`
			`} else {`
			`try {`
Refactor auth module. - Switch from form to text field for passphrase input. - Refactor error dialog format. - Send dialog on incorrect parsing of private key. - Refactor block sync service to take parameters. 2021-03-16 11:08:18 +01:00			`this.getChallenge();`
Add authentication service. 2020-12-28 10:09:11 +01:00			`} catch (e) {`
Refactor requests to utilize http wrapper service. 2021-03-14 09:19:25 +01:00			`this.loggingService.sendErrorLevelMessage('Login challenge failed', this, {error: e});`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`
			`}`
			`return false;`
			`}`


Add session token to session storage. 2021-01-18 14:04:16 +01:00			`async loginResponse(o): Promise<any> {`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`return new Promise(async(resolve, reject) => {`
Add authentication service. 2020-12-28 10:09:11 +01:00			`try {`
Merge branch 'master' into spencer/accounts-search # Conflicts: # src/app/_eth/registry.ts # src/app/_interceptors/error.interceptor.ts # src/app/_services/auth.service.ts 2021-04-29 10:21:22 +02:00			`const r = await signChallenge(o.challenge,`
			`o.realm,`
			`environment.cicMetaUrl,`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`this.mutableKeyStore);`
			`const sessionTokenResult = await this.sendResponse(r);`
			`} catch (error) {`
			`if (error instanceof HttpError) {`
			`if (error.status === 403) {`
			`this.errorDialogService.openDialog({ message: 'You are not authorized to use this system' })`
			`}`
			`if (error.status === 401) {`
Merge branch 'master' into spencer/accounts-search # Conflicts: # src/app/_eth/registry.ts # src/app/_interceptors/error.interceptor.ts # src/app/_services/auth.service.ts 2021-04-29 10:21:22 +02:00			`this.errorDialogService.openDialog({ message: 'Unable to authenticate with the service. ' +`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`'Please speak with the staff at Grassroots ' +`
			`'Economics for requesting access ' +`
			`'staff@grassrootseconomics.net.' })`
Merge branch 'master' into spencer/accounts-search # Conflicts: # src/app/_eth/registry.ts # src/app/_interceptors/error.interceptor.ts # src/app/_services/auth.service.ts 2021-04-29 10:21:22 +02:00
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`}`
			`}`
			`// TODO define this error`
			`this.errorDialogService.openDialog({message: 'Incorrect key passphrase.'});`
			`resolve(false);`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`});`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`

			`loginView(): void {`
			`document.getElementById('one').style.display = 'none';`
			`document.getElementById('two').style.display = 'block';`
Refactor auth module. - Switch from form to text field for passphrase input. - Refactor error dialog format. - Send dialog on incorrect parsing of private key. - Refactor block sync service to take parameters. 2021-03-16 11:08:18 +01:00			`this.setState('Click button to log in with PGP key ' + this.mutableKeyStore.getPrivateKeyId());`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`

			`async setKey(privateKeyArmored): Promise<boolean> {`
			`try {`
Bug fix. - Handle error for incorrect passphrase entry. 2021-03-21 17:27:54 +01:00			`const isValidKeyCheck = await this.mutableKeyStore.isValidKey(privateKeyArmored);`
private key loading error handling 2021-03-21 03:23:50 +01:00			`if (!isValidKeyCheck) {`
Scrap HttpWrapperService. 2021-03-21 12:02:18 +01:00			`throw Error('The private key is invalid');`
private key loading error handling 2021-03-21 03:23:50 +01:00			`}`
blocking access on 401/403 2021-04-29 07:29:54 +02:00			`// TODO leaving this out for now.`
			`//const isEncryptedKeyCheck = await this.mutableKeyStore.isEncryptedPrivateKey(privateKeyArmored);`
			`//if (!isEncryptedKeyCheck) {`
			`// throw Error('The private key doesn\'t have a password!');`
			`//}`
private key loading error handling 2021-03-21 03:23:50 +01:00			`const key = await this.mutableKeyStore.importPrivateKey(privateKeyArmored);`
Bug fix. - Remove unsafe keystore. - Refactor functionality from unsafe keystore into mutable keystore. 2021-02-17 12:13:08 +01:00			`localStorage.setItem(btoa('CICADA_PRIVATE_KEY'), privateKeyArmored);`
Refactor auth module. - Switch from form to text field for passphrase input. - Refactor error dialog format. - Send dialog on incorrect parsing of private key. - Refactor block sync service to take parameters. 2021-03-16 11:08:18 +01:00			`} catch (err) {`
Bug fix. - Add handling of errors from getPublicKeys function. - Check if added private keys are encrypted. 2021-03-21 20:05:00 +01:00			this.loggingService.sendErrorLevelMessage(`Failed to set key: ${err.message \|\| err.statusText}`, this, {error: err});
Refactor auth module. - Switch from form to text field for passphrase input. - Refactor error dialog format. - Send dialog on incorrect parsing of private key. - Refactor block sync service to take parameters. 2021-03-16 11:08:18 +01:00			`this.errorDialogService.openDialog({`
private key loading error handling 2021-03-21 03:23:50 +01:00			message: `Failed to set key: ${err.message \|\| err.statusText}`,
Refactor auth module. - Switch from form to text field for passphrase input. - Refactor error dialog format. - Send dialog on incorrect parsing of private key. - Refactor block sync service to take parameters. 2021-03-16 11:08:18 +01:00			`});`
Add authentication service. 2020-12-28 10:09:11 +01:00			`return false;`
			`}`
			`this.loginView();`
			`return true;`
			`}`
Add session token to session storage. 2021-01-18 14:04:16 +01:00
			`logout(): void {`
			`sessionStorage.removeItem(btoa('CICADA_SESSION_TOKEN'));`
Add user logout. 2021-03-24 17:41:11 +01:00			`this.sessionToken = undefined;`
Add session token to session storage. 2021-01-18 14:04:16 +01:00			`window.location.reload(true);`
			`}`
Add method for loading public keys into keyring. 2021-02-16 08:10:52 +01:00
Add list of users from public keys. 2021-03-16 18:13:48 +01:00			`getTrustedUsers(): any {`
			`let trustedUsers = [];`
			`this.mutableKeyStore.getPublicKeys().forEach(key => trustedUsers.push(key.users[0].userId));`
			`return trustedUsers;`
			`}`

blocking access on 401/403 2021-04-29 07:29:54 +02:00			`async getPublicKeys(): Promise<any> {`
			`const data = await fetch(environment.publicKeysUrl)`
			`.then(res => {`
			`if (!res.ok) {`
			`//TODO does angular recommend an error interface?`
			throw Error(`${res.statusText} - ${res.status}`);
			`}`
			`return res.text();`
			`})`
			`return data;`
private key loading error handling 2021-03-21 03:23:50 +01:00			`}`

blocking access on 401/403 2021-04-29 07:29:54 +02:00			`getPrivateKey(): any {`
			`return this.mutableKeyStore.getPrivateKey();`
Add method for loading public keys into keyring. 2021-02-16 08:10:52 +01:00			`}`
Add authentication service. 2020-12-28 10:09:11 +01:00			`}`