160 lines
5.2 KiB
TypeScript
160 lines
5.2 KiB
TypeScript
import { Injectable } from '@angular/core';
|
|
import { hobaParseChallengeHeader } from '@src/assets/js/hoba.js';
|
|
import { signChallenge } from '@src/assets/js/hoba-pgp.js';
|
|
import {environment} from '@src/environments/environment';
|
|
import {LoggingService} from '@app/_services/logging.service';
|
|
import {MutableKeyStore, MutablePgpKeyStore} from '@app/_pgp';
|
|
import {ErrorDialogService} from '@app/_services/error-dialog.service';
|
|
import { HttpClient } from '@angular/common/http';
|
|
import {Observable } from 'rxjs';
|
|
|
|
@Injectable({
|
|
providedIn: 'root'
|
|
})
|
|
export class AuthService {
|
|
sessionToken: any;
|
|
privateKey: any;
|
|
mutableKeyStore: MutableKeyStore = new MutablePgpKeyStore();
|
|
|
|
constructor(
|
|
private httpClient: HttpClient,
|
|
private loggingService: LoggingService,
|
|
private errorDialogService: ErrorDialogService
|
|
) {
|
|
// TODO setting these together shoulds be atomic
|
|
if (sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'))) {
|
|
this.sessionToken = sessionStorage.getItem(btoa('CICADA_SESSION_TOKEN'));
|
|
}
|
|
if (localStorage.getItem(btoa('CICADA_PRIVATE_KEY'))) {
|
|
this.privateKey = localStorage.getItem(btoa('CICADA_PRIVATE_KEY'));
|
|
}
|
|
}
|
|
|
|
setState(s): void {
|
|
document.getElementById('state').innerHTML = s;
|
|
}
|
|
|
|
getWithToken(): void {
|
|
const headers = {
|
|
Authorization: 'Bearer ' + this.sessionToken,
|
|
'Content-Type': 'application/json;charset=utf-8',
|
|
'x-cic-automerge': 'none'
|
|
};
|
|
const options = {
|
|
headers,
|
|
};
|
|
fetch(environment.cicMetaUrl, options).then(response => {
|
|
if (response.status === 401) {
|
|
return Promise.reject({ statusText: response.statusText });
|
|
}
|
|
return;
|
|
}).catch(error => this.loggingService.sendErrorLevelMessage('Login rejected', this, {error}));
|
|
}
|
|
|
|
sendResponse(hobaResponseEncoded): void {
|
|
const headers = {
|
|
Authorization: 'HOBA ' + hobaResponseEncoded,
|
|
'Content-Type': 'application/json;charset=utf-8',
|
|
'x-cic-automerge': 'none'
|
|
};
|
|
const options = {
|
|
headers,
|
|
};
|
|
fetch(environment.cicMetaUrl, options).then(response => {
|
|
if (response.status === 401) {
|
|
return Promise.reject({ statusText: response.statusText });
|
|
}
|
|
this.sessionToken = response.headers.get('Token');
|
|
sessionStorage.setItem(btoa('CICADA_SESSION_TOKEN'), this.sessionToken);
|
|
this.setState('Click button to log in');
|
|
return;
|
|
}).catch(error => this.loggingService.sendErrorLevelMessage('Login rejected', this, {error}));
|
|
}
|
|
|
|
getChallenge(password: string): void {
|
|
fetch(environment.cicMetaUrl).then(async response => {
|
|
if (response.status === 401) {
|
|
const authHeader = response.headers.get('WWW-Authenticate');
|
|
const o = hobaParseChallengeHeader(authHeader);
|
|
await this.loginResponse(o, password);
|
|
}
|
|
}).catch(error => this.loggingService.sendErrorLevelMessage('Fetching challenge failed', this, {error}));
|
|
}
|
|
|
|
passwordLogin(password: string): boolean {
|
|
try {
|
|
this.getChallenge(password);
|
|
return true;
|
|
} catch (e) {
|
|
this.loggingService.sendErrorLevelMessage('Login challenge failed', this, {error: e});
|
|
}
|
|
return false;
|
|
}
|
|
|
|
login(): boolean {
|
|
if (this.sessionToken !== undefined) {
|
|
try {
|
|
this.getWithToken();
|
|
return true;
|
|
} catch (e) {
|
|
this.loggingService.sendErrorLevelMessage('Login token failed', this, {error: e});
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
|
|
async loginResponse(o: any, password: string): Promise<any> {
|
|
try {
|
|
const r = await signChallenge(o.challenge, o.realm, environment.cicMetaUrl, this.mutableKeyStore, password);
|
|
this.sendResponse(r);
|
|
} catch (error) {
|
|
this.errorDialogService.openDialog({message: 'Incorrect key passphrase.'});
|
|
}
|
|
}
|
|
|
|
async setKey(privateKeyArmored): Promise<boolean> {
|
|
try {
|
|
const isValidKeyCheck = await this.mutableKeyStore.isValidKey(privateKeyArmored);
|
|
if (!isValidKeyCheck) {
|
|
throw Error('The private key is invalid');
|
|
}
|
|
const isEncryptedKeyCheck = await this.mutableKeyStore.isEncryptedPrivateKey(privateKeyArmored);
|
|
if (!isEncryptedKeyCheck) {
|
|
throw Error('The private key doesn\'t have a password!');
|
|
}
|
|
const key = await this.mutableKeyStore.importPrivateKey(privateKeyArmored);
|
|
localStorage.setItem(btoa('CICADA_PRIVATE_KEY'), privateKeyArmored);
|
|
} catch (err) {
|
|
this.loggingService.sendErrorLevelMessage(`Failed to set key: ${err.message || err.statusText}`, this, {error: err});
|
|
this.errorDialogService.openDialog({
|
|
message: `Failed to set key: ${err.message || err.statusText}`,
|
|
});
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
logout(): void {
|
|
sessionStorage.removeItem(btoa('CICADA_SESSION_TOKEN'));
|
|
this.sessionToken = undefined;
|
|
window.location.reload(true);
|
|
}
|
|
|
|
getTrustedUsers(): any {
|
|
let trustedUsers = [];
|
|
this.mutableKeyStore.getPublicKeys().forEach(key => trustedUsers.push(key.users[0].userId));
|
|
return trustedUsers;
|
|
}
|
|
|
|
getPublicKeys(): Observable<any> {
|
|
return this.httpClient.get(`${environment.publicKeysUrl}`, {responseType: 'text'});
|
|
}
|
|
|
|
async getPrivateKeys(): Promise<void> {
|
|
if (this.privateKey !== undefined) {
|
|
await this.mutableKeyStore.importPrivateKey(this.privateKey);
|
|
}
|
|
}
|
|
}
|