src/app/_services/auth.service.ts
Properties |
Methods |
|
constructor(httpClient: HttpClient, loggingService: LoggingService, errorDialogService: ErrorDialogService)
|
||||||||||||
Defined in src/app/_services/auth.service.ts:17
|
||||||||||||
Parameters :
|
getChallenge |
getChallenge()
|
Defined in src/app/_services/auth.service.ts:84
|
Returns :
void
|
getPrivateKey |
getPrivateKey()
|
Defined in src/app/_services/auth.service.ts:204
|
Returns :
any
|
Async getPublicKeys |
getPublicKeys()
|
Defined in src/app/_services/auth.service.ts:193
|
Returns :
Promise<any>
|
getTrustedUsers |
getTrustedUsers()
|
Defined in src/app/_services/auth.service.ts:187
|
Returns :
any
|
getWithToken |
getWithToken()
|
Defined in src/app/_services/auth.service.ts:42
|
Returns :
void
|
Async init |
init()
|
Defined in src/app/_services/auth.service.ts:27
|
Returns :
Promise<void>
|
login |
login()
|
Defined in src/app/_services/auth.service.ts:99
|
Returns :
boolean
|
Async loginResponse | ||||||
loginResponse(o: literal type)
|
||||||
Defined in src/app/_services/auth.service.ts:118
|
||||||
Parameters :
Returns :
Promise<any>
|
loginView |
loginView()
|
Defined in src/app/_services/auth.service.ts:147
|
Returns :
void
|
logout |
logout()
|
Defined in src/app/_services/auth.service.ts:181
|
Returns :
void
|
sendResponse | ||||||
sendResponse(hobaResponseEncoded: any)
|
||||||
Defined in src/app/_services/auth.service.ts:61
|
||||||
Parameters :
Returns :
Promise<boolean>
|
Async setKey | ||||
setKey(privateKeyArmored)
|
||||
Defined in src/app/_services/auth.service.ts:157
|
||||
Parameters :
Returns :
Promise<boolean>
|
setState | ||||
setState(s)
|
||||
Defined in src/app/_services/auth.service.ts:38
|
||||
Parameters :
Returns :
void
|
mutableKeyStore |
Type : MutableKeyStore
|
Defined in src/app/_services/auth.service.ts:17
|
sessionLoginCount |
Type : number
|
Default value : 0
|
Defined in src/app/_services/auth.service.ts:16
|
sessionToken |
Type : any
|
Defined in src/app/_services/auth.service.ts:15
|
import {Injectable} from '@angular/core';
import {hobaParseChallengeHeader} from '@src/assets/js/hoba.js';
import {signChallenge} from '@src/assets/js/hoba-pgp.js';
import {environment} from '@src/environments/environment';
import {LoggingService} from '@app/_services/logging.service';
import {MutableKeyStore, MutablePgpKeyStore} from '@app/_pgp';
import {ErrorDialogService} from '@app/_services/error-dialog.service';
import {HttpClient} from '@angular/common/http';
import {HttpError} from '@app/_helpers/global-error-handler';
@Injectable({
providedIn: 'root'
})
export class AuthService {
sessionToken: any;
sessionLoginCount: number = 0;
mutableKeyStore: MutableKeyStore;
constructor(
private httpClient: HttpClient,
private loggingService: LoggingService,
private errorDialogService: ErrorDialogService
) {
this.mutableKeyStore = new MutablePgpKeyStore();
}
async init(): Promise<void> {
await this.mutableKeyStore.loadKeyring();
// TODO setting these together should be atomic
if (sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'))) {
this.sessionToken = sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'));
}
if (localStorage.getItem(btoa('CICADA_PRIVATE_KEY'))) {
await this.mutableKeyStore.importPrivateKey(localStorage.getItem(btoa('CICADA_PRIVATE_KEY')));
}
}
setState(s): void {
document.getElementById('state').innerHTML = s;
}
getWithToken(): void {
const xhr: XMLHttpRequest = new XMLHttpRequest();
xhr.responseType = 'text';
xhr.open('GET', environment.cicMetaUrl + window.location.search.substring(1));
xhr.setRequestHeader('Authorization', 'Bearer ' + this.sessionToken);
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.setRequestHeader('x-cic-automerge', 'none');
xhr.addEventListener('load', (e) => {
if (xhr.status === 401) {
throw new Error('login rejected');
}
this.sessionLoginCount++;
this.setState('Click button to log in');
return;
});
xhr.send();
}
// TODO rename to send signed challenge and set session. Also separate these responsibilities
sendResponse(hobaResponseEncoded: any): Promise<boolean> {
return new Promise((resolve, reject) => {
const xhr: XMLHttpRequest = new XMLHttpRequest();
xhr.responseType = 'text';
xhr.open('GET', environment.cicMetaUrl + window.location.search.substring(1));
xhr.setRequestHeader('Authorization', 'HOBA ' + hobaResponseEncoded);
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.setRequestHeader('x-cic-automerge', 'none');
xhr.addEventListener('load', (e) => {
if (xhr.status !== 200) {
const error = new HttpError(xhr.statusText, xhr.status);
return reject(error);
}
this.sessionToken = xhr.getResponseHeader('Token');
sessionStorage.setItem(btoa('CICADA_SESSION_TOKEN'), this.sessionToken);
this.sessionLoginCount++;
this.setState('Click button to log in');
return resolve(true);
});
xhr.send();
});
}
getChallenge(): void {
const xhr: XMLHttpRequest = new XMLHttpRequest();
xhr.responseType = 'arraybuffer';
xhr.open('GET', environment.cicMetaUrl + window.location.search.substring(1));
xhr.onload = async (e) => {
if (xhr.status === 401) {
const authHeader = xhr.getResponseHeader('WWW-Authenticate');
const o = hobaParseChallengeHeader(authHeader);
this.loginResponse(o);
}
};
xhr.send();
}
login(): boolean {
if (this.sessionToken !== undefined) {
try {
this.getWithToken();
return true;
} catch (e) {
this.loggingService.sendErrorLevelMessage('Login token failed', this, {error: e});
}
} else {
try {
this.getChallenge();
} catch (e) {
this.loggingService.sendErrorLevelMessage('Login challenge failed', this, {error: e});
}
}
return false;
}
async loginResponse(o: { challenge: string, realm: any }): Promise<any> {
return new Promise(async (resolve, reject) => {
try {
const r = await signChallenge(o.challenge,
o.realm,
environment.cicMetaUrl,
this.mutableKeyStore);
const sessionTokenResult: boolean = await this.sendResponse(r);
} catch (error) {
if (error instanceof HttpError) {
if (error.status === 403) {
this.errorDialogService.openDialog({ message: 'You are not authorized to use this system' });
}
if (error.status === 401) {
this.errorDialogService.openDialog({
message: 'Unable to authenticate with the service. ' +
'Please speak with the staff at Grassroots ' +
'Economics for requesting access ' +
'staff@grassrootseconomics.net.'
});
}
}
// TODO define this error
this.errorDialogService.openDialog({message: 'Incorrect key passphrase.'});
resolve(false);
}
});
}
loginView(): void {
document.getElementById('one').style.display = 'none';
document.getElementById('two').style.display = 'block';
this.setState('Click button to log in with PGP key ' + this.mutableKeyStore.getPrivateKeyId());
}
/**
* @throws
* @param privateKeyArmored
*/
async setKey(privateKeyArmored): Promise<boolean> {
try {
const isValidKeyCheck = await this.mutableKeyStore.isValidKey(privateKeyArmored);
if (!isValidKeyCheck) {
throw Error('The private key is invalid');
}
// TODO leaving this out for now.
// const isEncryptedKeyCheck = await this.mutableKeyStore.isEncryptedPrivateKey(privateKeyArmored);
// if (!isEncryptedKeyCheck) {
// throw Error('The private key doesn\'t have a password!');
// }
const key = await this.mutableKeyStore.importPrivateKey(privateKeyArmored);
localStorage.setItem(btoa('CICADA_PRIVATE_KEY'), privateKeyArmored);
} catch (err) {
this.loggingService.sendErrorLevelMessage(`Failed to set key: ${err.message || err.statusText}`, this, {error: err});
this.errorDialogService.openDialog({
message: `Failed to set key: ${err.message || err.statusText}`,
});
return false;
}
this.loginView();
return true;
}
logout(): void {
sessionStorage.removeItem(btoa('CICADA_SESSION_TOKEN'));
this.sessionToken = undefined;
window.location.reload(true);
}
getTrustedUsers(): any {
const trustedUsers: Array<any> = [];
this.mutableKeyStore.getPublicKeys().forEach(key => trustedUsers.push(key.users[0].userId));
return trustedUsers;
}
async getPublicKeys(): Promise<any> {
return await fetch(environment.publicKeysUrl)
.then(res => {
if (!res.ok) {
// TODO does angular recommend an error interface?
throw Error(`${res.statusText} - ${res.status}`);
}
return res.text();
});
}
getPrivateKey(): any {
return this.mutableKeyStore.getPrivateKey();
}
}