blocking access on 401/403

This commit is contained in:
Blair Vanderlugt 2021-04-29 05:29:54 +00:00
parent 77e0e9ff94
commit fb1c53946b
10 changed files with 173 additions and 123 deletions

View File

@ -22,6 +22,9 @@ Run `ng generate module module-name --route module-name --module app.module` to
## Build
set you environment variables - set these via environment variables as found in set-env.ts
// TODO create a .env file so people don't have to set these one-by-one
Run `npm run build:dev` to build the project. The build artifacts will be stored in the `dist/` directory. Use the `build:prod` script for a production build.
## Running unit tests

View File

@ -1,6 +1,7 @@
// @ts-ignore
import * as registry from '@src/assets/js/block-sync/data/Registry.json';
import {environment} from '@src/environments/environment';
import {LoggingService} from '@app/_services/logging.service';
const Web3 = require('web3');
const web3 = new Web3(environment.web3Provider);
@ -27,6 +28,12 @@ export class Registry {
public async addressOf(identifier: string): Promise<string> {
const id = '0x' + web3.utils.padRight(new Buffer(identifier).toString('hex'), 64);
try {
return await this.contract.methods.addressOf(id).call();
} catch (error) {
// TODO logger service
// this.loggingService.sendInfoLevelMessage
console.log('Unable to fetch addressOf', error)
}
}
}

View File

@ -12,10 +12,9 @@ export class AuthGuard implements CanActivate {
canActivate(
route: ActivatedRouteSnapshot,
state: RouterStateSnapshot): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree {
if (sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'))) {
if (localStorage.getItem(btoa('CICADA_PRIVATE_KEY'))) {
return true;
}
this.router.navigate(['/auth']);
return false;
}

View File

@ -3,6 +3,16 @@ import {LoggingService} from '@app/_services/logging.service';
import {HttpErrorResponse} from '@angular/common/http';
import {Router} from '@angular/router';
// A generalized http repsonse error
export class HttpError extends Error {
public status: number
constructor(message, status) {
super(message);
this.status = status;
this.name = 'HttpError';
}
}
@Injectable()
export class GlobalErrorHandler extends ErrorHandler {
private sentencesForWarningLogging: string[] = [];
@ -14,13 +24,13 @@ export class GlobalErrorHandler extends ErrorHandler {
super();
}
handleError(error: any): void {
handleError(error: Error): void {
this.logError(error);
const message = error.message ? error.message : error.toString();
if (error.status) {
error = new Error(message);
}
// if (error.status) {
// error = new Error(message);
// }
const errorTraceString = `Error message:\n${message}.\nStack trace: ${error.stack}`;

View File

@ -44,5 +44,6 @@ export class ErrorInterceptor implements HttpInterceptor {
return throwError(err);
})
);
return next.handle(request);
}
}

View File

@ -18,20 +18,21 @@ export class LoggingInterceptor implements HttpInterceptor {
) {}
intercept(request: HttpRequest<unknown>, next: HttpHandler): Observable<HttpEvent<unknown>> {
this.loggingService.sendInfoLevelMessage(request);
const startTime = Date.now();
let status: string;
return next.handle(request);
// this.loggingService.sendInfoLevelMessage(request);
// const startTime = Date.now();
// let status: string;
return next.handle(request).pipe(tap(event => {
status = '';
if (event instanceof HttpResponse) {
status = 'succeeded';
}
}, error => status = 'failed'),
finalize(() => {
const elapsedTime = Date.now() - startTime;
const message = `${request.method} request for ${request.urlWithParams} ${status} in ${elapsedTime} ms`;
this.loggingService.sendInfoLevelMessage(message);
}));
// return next.handle(request).pipe(tap(event => {
// status = '';
// if (event instanceof HttpResponse) {
// status = 'succeeded';
// }
// }, error => status = 'failed'),
// finalize(() => {
// const elapsedTime = Date.now() - startTime;
// const message = `${request.method} request for ${request.urlWithParams} ${status} in ${elapsedTime} ms`;
// this.loggingService.sendInfoLevelMessage(message);
// }));
}
}

View File

@ -7,6 +7,7 @@ import {MutableKeyStore, MutablePgpKeyStore} from '@app/_pgp';
import { ErrorDialogService } from '@app/_services/error-dialog.service';
import { HttpClient } from '@angular/common/http';
import { Observable } from 'rxjs';
import { HttpError } from '@app/_helpers/global-error-handler';
@Injectable({
providedIn: 'root'
@ -14,20 +15,25 @@ import {Observable } from 'rxjs';
export class AuthService {
sessionToken: any;
sessionLoginCount = 0;
privateKey: any;
mutableKeyStore: MutableKeyStore = new MutablePgpKeyStore();
mutableKeyStore: MutableKeyStore;
constructor(
private httpClient: HttpClient,
private loggingService: LoggingService,
private errorDialogService: ErrorDialogService
) {
this.mutableKeyStore = new MutablePgpKeyStore()
}
async init(): Promise<void> {
this.mutableKeyStore.loadKeyring();
// TODO setting these together shoulds be atomic
if (sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'))) {
this.sessionToken = sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'));
}
if (localStorage.getItem(btoa('CICADA_PRIVATE_KEY'))) {
this.privateKey = localStorage.getItem(btoa('CICADA_PRIVATE_KEY'));
this.mutableKeyStore.importPrivateKey(localStorage.getItem(btoa('CICADA_PRIVATE_KEY')))
// this.privateKey = localStorage.getItem(btoa('CICADA_PRIVATE_KEY'));
}
}
@ -53,7 +59,9 @@ export class AuthService {
xhr.send();
}
sendResponse(hobaResponseEncoded): void {
//TODO renmae to send signed challenge and set session. Also seperate these responsibilities
sendResponse(hobaResponseEncoded): Promise<boolean> {
return new Promise((resolve, reject) => {
const xhr = new XMLHttpRequest();
xhr.responseType = 'text';
xhr.open('GET', environment.cicMetaUrl + window.location.search.substring(1));
@ -61,16 +69,18 @@ export class AuthService {
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.setRequestHeader('x-cic-automerge', 'none');
xhr.addEventListener('load', (e) => {
if (xhr.status === 401) {
throw new Error('login rejected');
if (xhr.status !== 200) {
const error = new HttpError(xhr.statusText, xhr.status);
return reject(error);
}
this.sessionToken = xhr.getResponseHeader('Token');
sessionStorage.setItem(btoa('CICADA_SESSION_TOKEN'), this.sessionToken);
this.sessionLoginCount++;
this.setState('Click button to log in');
return;
return resolve(true);
});
xhr.send();
})
}
getChallenge(): void {
@ -81,39 +91,38 @@ export class AuthService {
if (xhr.status === 401) {
const authHeader = xhr.getResponseHeader('WWW-Authenticate');
const o = hobaParseChallengeHeader(authHeader);
await this.loginResponse(o);
this.loginResponse(o);
}
};
xhr.send();
}
login(): boolean {
if (this.sessionToken !== undefined) {
try {
this.getWithToken();
return true;
} catch (e) {
this.loggingService.sendErrorLevelMessage('Login token failed', this, {error: e});
}
} else {
try {
this.getChallenge();
} catch (e) {
this.loggingService.sendErrorLevelMessage('Login challenge failed', this, {error: e});
}
}
return false;
}
async loginResponse(o): Promise<any> {
return new Promise(async(resolve, reject) => {
try {
const r = await signChallenge(o.challenge, o.realm, environment.cicMetaUrl, this.mutableKeyStore);
this.sendResponse(r);
const r = await signChallenge(o.challenge,
o.realm,
environment.cicMetaUrl,
this.mutableKeyStore);
const sessionTokenResult = await this.sendResponse(r);
} catch (error) {
this.errorDialogService.openDialog({message: 'Incorrect key passphrase.'});
if (error instanceof HttpError) {
if (error.status === 403) {
this.errorDialogService.openDialog({ message: 'You are not authorized to use this system' })
}
if (error.status === 401) {
this.errorDialogService.openDialog({ message: 'Unable to authenticate with the service. ' +
'Please speak with the staff at Grassroots ' +
'Economics for requesting access ' +
'staff@grassrootseconomics.net.' })
}
}
// TODO define this error
this.errorDialogService.openDialog({message: 'Incorrect key passphrase.'});
resolve(false);
}
});
}
loginView(): void {
@ -128,10 +137,11 @@ export class AuthService {
if (!isValidKeyCheck) {
throw Error('The private key is invalid');
}
const isEncryptedKeyCheck = await this.mutableKeyStore.isEncryptedPrivateKey(privateKeyArmored);
if (!isEncryptedKeyCheck) {
throw Error('The private key doesn\'t have a password!');
}
// TODO leaving this out for now.
//const isEncryptedKeyCheck = await this.mutableKeyStore.isEncryptedPrivateKey(privateKeyArmored);
//if (!isEncryptedKeyCheck) {
// throw Error('The private key doesn\'t have a password!');
//}
const key = await this.mutableKeyStore.importPrivateKey(privateKeyArmored);
localStorage.setItem(btoa('CICADA_PRIVATE_KEY'), privateKeyArmored);
} catch (err) {
@ -157,13 +167,19 @@ export class AuthService {
return trustedUsers;
}
getPublicKeys(): Observable<any> {
return this.httpClient.get(`${environment.publicKeysUrl}`, {responseType: 'text'});
async getPublicKeys(): Promise<any> {
const data = await fetch(environment.publicKeysUrl)
.then(res => {
if (!res.ok) {
//TODO does angular recommend an error interface?
throw Error(`${res.statusText} - ${res.status}`);
}
return res.text();
})
return data;
}
async getPrivateKeys(): Promise<void> {
if (this.privateKey !== undefined) {
await this.mutableKeyStore.importPrivateKey(this.privateKey);
}
getPrivateKey(): any {
return this.mutableKeyStore.getPrivateKey();
}
}

View File

@ -21,12 +21,20 @@ export class AppComponent {
private errorDialogService: ErrorDialogService
) {
(async () => {
try {
await this.authService.mutableKeyStore.loadKeyring();
this.authService.getPublicKeys()
.pipe(catchError(async (error) => {
this.loggingService.sendErrorLevelMessage('Unable to load trusted public keys.', this, {error});
// this.authService.getPublicKeys()
// .pipe(catchError(async (error) => {
// this.loggingService.sendErrorLevelMessage('Unable to load trusted public keys.', this, {error});
// this.errorDialogService.openDialog({message: 'Trusted keys endpoint can\'t be reached. Please try again later.'});
// })).subscribe(this.authService.mutableKeyStore.importPublicKey);
const publicKeys = await this.authService.getPublicKeys()
await this.authService.mutableKeyStore.importPublicKey(publicKeys);
} catch(error) {
this.errorDialogService.openDialog({message: 'Trusted keys endpoint can\'t be reached. Please try again later.'});
})).subscribe(this.authService.mutableKeyStore.importPublicKey);
// TODO do something to halt user progress...show a sad cicada page 🦗?
}
})();
this.mediaQuery.addListener(this.onResize);
this.onResize(this.mediaQuery);

View File

@ -26,12 +26,11 @@ export class AuthComponent implements OnInit {
this.keyForm = this.formBuilder.group({
key: ['', Validators.required],
});
if (this.authService.privateKey !== undefined) {
const setKey = await this.authService.setKey(this.authService.privateKey);
if (setKey && this.authService.sessionToken !== undefined) {
this.authService.setState('Click button to log in');
}
}
await this.authService.init();
//if (this.authService.privateKey !== undefined) {
// const setKey = await this.authService.setKey(this.authService.privateKey);
// }
//}
}
get keyFormStub(): any { return this.keyForm.controls; }
@ -47,8 +46,12 @@ export class AuthComponent implements OnInit {
}
login(): void {
const loginStatus = this.authService.login();
if (loginStatus) {
// TODO check if we have privatekey
// Send us to home if we have a private key
// talk to meta somehow
// in the error interceptor if 401/403 handle it
// if 200 go /home
if (this.authService.getPrivateKey()) {
this.router.navigate(['/home']);
}
}

View File

@ -27,9 +27,11 @@ export class AccountsComponent implements OnInit {
private userService: UserService,
private loggingService: LoggingService,
private router: Router
) {
)
{
(async () => {
try {
// TODO it feels like this shuold be in the onInit handler
await this.userService.loadAccounts(100);
} catch (error) {
this.loggingService.sendErrorLevelMessage('Failed to load accounts', this, {error});