import {Injectable} from '@angular/core'; import {hobaParseChallengeHeader} from '@src/assets/js/hoba.js'; import {signChallenge} from '@src/assets/js/hoba-pgp.js'; import {environment} from '@src/environments/environment'; import {LoggingService} from '@app/_services/logging.service'; import {MutableKeyStore, MutablePgpKeyStore} from '@app/_pgp'; import {ErrorDialogService} from '@app/_services/error-dialog.service'; import {HttpClient} from '@angular/common/http'; import {HttpError} from '@app/_helpers/global-error-handler'; @Injectable({ providedIn: 'root' }) export class AuthService { sessionToken: any; sessionLoginCount: number = 0; mutableKeyStore: MutableKeyStore; constructor( private httpClient: HttpClient, private loggingService: LoggingService, private errorDialogService: ErrorDialogService ) { this.mutableKeyStore = new MutablePgpKeyStore(); } async init(): Promise { await this.mutableKeyStore.loadKeyring(); // TODO setting these together should be atomic if (sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'))) { this.sessionToken = sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN')); } if (localStorage.getItem(btoa('CICADA_PRIVATE_KEY'))) { await this.mutableKeyStore.importPrivateKey(localStorage.getItem(btoa('CICADA_PRIVATE_KEY'))); } } setState(s): void { document.getElementById('state').innerHTML = s; } getWithToken(): void { const xhr: XMLHttpRequest = new XMLHttpRequest(); xhr.responseType = 'text'; xhr.open('GET', environment.cicMetaUrl + window.location.search.substring(1)); xhr.setRequestHeader('Authorization', 'Bearer ' + this.sessionToken); xhr.setRequestHeader('Content-Type', 'application/json'); xhr.setRequestHeader('x-cic-automerge', 'none'); xhr.addEventListener('load', (e) => { if (xhr.status === 401) { throw new Error('login rejected'); } this.sessionLoginCount++; this.setState('Click button to log in'); return; }); xhr.send(); } // TODO rename to send signed challenge and set session. Also separate these responsibilities sendResponse(hobaResponseEncoded: any): Promise { return new Promise((resolve, reject) => { const xhr: XMLHttpRequest = new XMLHttpRequest(); xhr.responseType = 'text'; xhr.open('GET', environment.cicMetaUrl + window.location.search.substring(1)); xhr.setRequestHeader('Authorization', 'HOBA ' + hobaResponseEncoded); xhr.setRequestHeader('Content-Type', 'application/json'); xhr.setRequestHeader('x-cic-automerge', 'none'); xhr.addEventListener('load', (e) => { if (xhr.status !== 200) { const error = new HttpError(xhr.statusText, xhr.status); return reject(error); } this.sessionToken = xhr.getResponseHeader('Token'); sessionStorage.setItem(btoa('CICADA_SESSION_TOKEN'), this.sessionToken); this.sessionLoginCount++; this.setState('Click button to log in'); return resolve(true); }); xhr.send(); }); } getChallenge(): void { const xhr: XMLHttpRequest = new XMLHttpRequest(); xhr.responseType = 'arraybuffer'; xhr.open('GET', environment.cicMetaUrl + window.location.search.substring(1)); xhr.onload = async (e) => { if (xhr.status === 401) { const authHeader = xhr.getResponseHeader('WWW-Authenticate'); const o = hobaParseChallengeHeader(authHeader); this.loginResponse(o); } }; xhr.send(); } login(): boolean { if (this.sessionToken !== undefined) { try { this.getWithToken(); return true; } catch (e) { this.loggingService.sendErrorLevelMessage('Login token failed', this, {error: e}); } } else { try { this.getChallenge(); } catch (e) { this.loggingService.sendErrorLevelMessage('Login challenge failed', this, {error: e}); } } return false; } async loginResponse(o: { challenge: string, realm: any }): Promise { return new Promise(async (resolve, reject) => { try { const r = await signChallenge(o.challenge, o.realm, environment.cicMetaUrl, this.mutableKeyStore); const sessionTokenResult: boolean = await this.sendResponse(r); } catch (error) { if (error instanceof HttpError) { if (error.status === 403) { this.errorDialogService.openDialog({ message: 'You are not authorized to use this system' }); } if (error.status === 401) { this.errorDialogService.openDialog({ message: 'Unable to authenticate with the service. ' + 'Please speak with the staff at Grassroots ' + 'Economics for requesting access ' + 'staff@grassrootseconomics.net.' }); } } // TODO define this error this.errorDialogService.openDialog({message: 'Incorrect key passphrase.'}); resolve(false); } }); } loginView(): void { document.getElementById('one').style.display = 'none'; document.getElementById('two').style.display = 'block'; this.setState('Click button to log in with PGP key ' + this.mutableKeyStore.getPrivateKeyId()); } async setKey(privateKeyArmored): Promise { try { const isValidKeyCheck = await this.mutableKeyStore.isValidKey(privateKeyArmored); if (!isValidKeyCheck) { throw Error('The private key is invalid'); } // TODO leaving this out for now. // const isEncryptedKeyCheck = await this.mutableKeyStore.isEncryptedPrivateKey(privateKeyArmored); // if (!isEncryptedKeyCheck) { // throw Error('The private key doesn\'t have a password!'); // } const key = await this.mutableKeyStore.importPrivateKey(privateKeyArmored); localStorage.setItem(btoa('CICADA_PRIVATE_KEY'), privateKeyArmored); } catch (err) { this.loggingService.sendErrorLevelMessage(`Failed to set key: ${err.message || err.statusText}`, this, {error: err}); this.errorDialogService.openDialog({ message: `Failed to set key: ${err.message || err.statusText}`, }); return false; } this.loginView(); return true; } logout(): void { sessionStorage.removeItem(btoa('CICADA_SESSION_TOKEN')); this.sessionToken = undefined; window.location.reload(true); } getTrustedUsers(): any { const trustedUsers: Array = []; this.mutableKeyStore.getPublicKeys().forEach(key => trustedUsers.push(key.users[0].userId)); return trustedUsers; } async getPublicKeys(): Promise { return await fetch(environment.publicKeysUrl) .then(res => { if (!res.ok) { // TODO does angular recommend an error interface? throw Error(`${res.statusText} - ${res.status}`); } return res.text(); }); } getPrivateKey(): any { return this.mutableKeyStore.getPrivateKey(); } }