mirror of
https://github.com/RoboSats/robosats.git
synced 2024-12-13 10:56:24 +00:00
Add pub_key and enc_priv_key fields. Store in cookies. Bug: misformed
This commit is contained in:
parent
191dfe0d3b
commit
789f9fbdb1
@ -425,6 +425,20 @@ def delete_lnpayment_at_order_deletion(sender, instance, **kwargs):
|
||||
class Profile(models.Model):
|
||||
user = models.OneToOneField(User, on_delete=models.CASCADE)
|
||||
|
||||
# PGP keys, used for E2E chat encrytion. Priv key is encrypted with user's passphrase (highEntropyToken)
|
||||
public_key = models.CharField(
|
||||
max_length=999,
|
||||
null=True,
|
||||
default=None,
|
||||
blank=True,
|
||||
)
|
||||
encrypted_private_key = models.CharField(
|
||||
max_length=999,
|
||||
null=True,
|
||||
default=None,
|
||||
blank=True,
|
||||
)
|
||||
|
||||
# Total trades
|
||||
total_contracts = models.PositiveIntegerField(null=False, default=0)
|
||||
|
||||
|
15
api/views.py
15
api/views.py
@ -597,7 +597,13 @@ class UserView(APIView):
|
||||
|
||||
# The new way. The token is never sent. Only its SHA256
|
||||
token_sha256 = request.GET.get("token_sha256") # New way to gen users and get credentials
|
||||
public_key = request.GET.get("pub")
|
||||
encrypted_private_key = request.GET.get("enc_priv")
|
||||
ref_code = request.GET.get("ref_code")
|
||||
|
||||
if not public_key or not encrypted_private_key:
|
||||
context["bad_request"] = "Must provide valid 'pub' and 'enc_priv' PGP keys"
|
||||
return Response(context, status.HTTP_400_BAD_REQUEST)
|
||||
|
||||
# Now the server only receives a hash of the token. So server trusts the client
|
||||
# with computing length, counts and unique_values to confirm the high entropy of the token
|
||||
@ -655,14 +661,19 @@ class UserView(APIView):
|
||||
context['referral_code'] = token_urlsafe(8)
|
||||
user.profile.referral_code = context['referral_code']
|
||||
user.profile.avatar = "static/assets/avatars/" + nickname + ".png"
|
||||
user.profile.public_key = public_key
|
||||
user.profile.encrypted_private_key = encrypted_private_key
|
||||
|
||||
# If the ref_code was created by another robot, this robot was referred.
|
||||
queryset = Profile.objects.filter(referral_code=ref_code)
|
||||
if len(queryset) == 1:
|
||||
user.profile.is_referred = True
|
||||
user.profile.referred_by = queryset[0]
|
||||
|
||||
|
||||
user.profile.save()
|
||||
|
||||
context["public_key"] = public_key
|
||||
context["encrypted_private_key"] = encrypted_private_key
|
||||
return Response(context, status=status.HTTP_201_CREATED)
|
||||
|
||||
else:
|
||||
@ -673,6 +684,8 @@ class UserView(APIView):
|
||||
if request.user.date_joined < (timezone.now() -
|
||||
timedelta(minutes=3)):
|
||||
context["found"] = "We found your Robot avatar. Welcome back!"
|
||||
context["public_key"] = request.user.profile.public_key
|
||||
context["encrypted_private_key"] = request.user.profile.encrypted_private_key
|
||||
return Response(context, status=status.HTTP_202_ACCEPTED)
|
||||
else:
|
||||
# It is unlikely, but maybe the nickname is taken (1 in 20 Billion change)
|
||||
|
@ -13,6 +13,7 @@ import { RoboSatsNoTextIcon } from "./Icons";
|
||||
|
||||
import { sha256 } from 'js-sha256';
|
||||
import { genBase62Token, tokenStrength } from "../utils/token";
|
||||
import { genKey } from "../utils/pgp";
|
||||
import { getCookie, writeCookie } from "../utils/cookies";
|
||||
|
||||
|
||||
@ -49,36 +50,46 @@ class UserGenPage extends Component {
|
||||
}
|
||||
|
||||
getGeneratedUser=(token)=>{
|
||||
var strength = tokenStrength(token)
|
||||
|
||||
fetch('/api/user' + '?token_sha256=' + sha256(token) + '&unique_values=' + strength.uniqueValues +'&counts=' + strength.counts +'&length=' + token.length + '&ref_code=' + this.refCode)
|
||||
.then((response) => response.json())
|
||||
.then((data) => {
|
||||
this.setState({
|
||||
var strength = tokenStrength(token);
|
||||
|
||||
genKey(token).then((key) =>
|
||||
fetch('/api/user' +
|
||||
'?token_sha256=' + sha256(token) +
|
||||
'&pub=' + key.publicKeyArmored +
|
||||
'&enc_priv=' + key.encryptedPrivateKeyArmored +
|
||||
'&unique_values=' + strength.uniqueValues +
|
||||
'&counts=' + strength.counts +
|
||||
'&length=' + token.length +
|
||||
'&ref_code=' + this.refCode)
|
||||
.then((response) => response.json())
|
||||
.then((data) => {
|
||||
this.setState({
|
||||
nickname: data.nickname,
|
||||
bit_entropy: data.token_bits_entropy,
|
||||
avatar_url: '/static/assets/avatars/' + data.nickname + '.png',
|
||||
shannon_entropy: data.token_shannon_entropy,
|
||||
bad_request: data.bad_request,
|
||||
found: data.found,
|
||||
loadingRobot:false,
|
||||
})
|
||||
&
|
||||
// Add nick and token to App state (token only if not a bad request)
|
||||
(data.bad_request ? this.props.setAppState({
|
||||
nickname: data.nickname,
|
||||
bit_entropy: data.token_bits_entropy,
|
||||
avatar_url: '/static/assets/avatars/' + data.nickname + '.png',
|
||||
shannon_entropy: data.token_shannon_entropy,
|
||||
bad_request: data.bad_request,
|
||||
found: data.found,
|
||||
loadingRobot:false,
|
||||
avatarLoaded: false,
|
||||
})
|
||||
:
|
||||
(this.props.setAppState({
|
||||
nickname: data.nickname,
|
||||
token: token,
|
||||
avatarLoaded: false,
|
||||
})) & writeCookie("robot_token",token) & writeCookie("pub_key",data.public_key) & writeCookie("enc_priv_key",data.encrypted_private_key))
|
||||
&
|
||||
// If the robot has been found (recovered) we assume the token is backed up
|
||||
(data.found ? this.props.setAppState({copiedToken:true}) : null)
|
||||
})
|
||||
&
|
||||
// Add nick and token to App state (token only if not a bad request)
|
||||
(data.bad_request ? this.props.setAppState({
|
||||
nickname: data.nickname,
|
||||
avatarLoaded: false,
|
||||
})
|
||||
:
|
||||
(this.props.setAppState({
|
||||
nickname: data.nickname,
|
||||
token: token,
|
||||
avatarLoaded: false,
|
||||
})) & writeCookie("robot_token",token))
|
||||
&
|
||||
// If the robot has been found (recovered) we assume the token is backed up
|
||||
(data.found ? this.props.setAppState({copiedToken:true}) : null)
|
||||
});
|
||||
);
|
||||
}
|
||||
|
||||
delGeneratedUser() {
|
||||
|
@ -1,7 +1,7 @@
|
||||
import * as openpgp from 'openpgp/lightweight';
|
||||
|
||||
// Generate KeyPair. Private Key is encrypted with the highEntropyToken
|
||||
export async function genKeys(highEntropyToken) {
|
||||
export async function genKey(highEntropyToken) {
|
||||
|
||||
const keyPair = await openpgp.generateKey({
|
||||
type: 'ecc', // Type of the key, defaults to ECC
|
||||
@ -10,13 +10,8 @@ export async function genKeys(highEntropyToken) {
|
||||
passphrase: highEntropyToken,
|
||||
format: 'armored'
|
||||
})
|
||||
|
||||
console.log(keyPair)
|
||||
|
||||
const publicKeyArmored = keyPair.publicKey;
|
||||
const privateKeyArmored = keyPair.privateKey; // encrypted private key
|
||||
|
||||
return {publicKeyArmored: publicKeyArmored, privateKeyArmored: privateKeyArmored}
|
||||
return {publicKeyArmored: keyPair.publicKey, encryptedPrivateKeyArmored: keyPair.privateKey}
|
||||
};
|
||||
|
||||
// Encrypt and sign a message
|
||||
|
Loading…
Reference in New Issue
Block a user