Add pub_key and enc_priv_key fields. Store in cookies. Bug: misformed

This commit is contained in:
Reckless_Satoshi 2022-05-22 15:12:25 -07:00
parent 191dfe0d3b
commit 789f9fbdb1
No known key found for this signature in database
GPG Key ID: 9C4585B561315571
4 changed files with 68 additions and 35 deletions

View File

@ -425,6 +425,20 @@ def delete_lnpayment_at_order_deletion(sender, instance, **kwargs):
class Profile(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
# PGP keys, used for E2E chat encrytion. Priv key is encrypted with user's passphrase (highEntropyToken)
public_key = models.CharField(
max_length=999,
null=True,
default=None,
blank=True,
)
encrypted_private_key = models.CharField(
max_length=999,
null=True,
default=None,
blank=True,
)
# Total trades
total_contracts = models.PositiveIntegerField(null=False, default=0)

View File

@ -597,8 +597,14 @@ class UserView(APIView):
# The new way. The token is never sent. Only its SHA256
token_sha256 = request.GET.get("token_sha256") # New way to gen users and get credentials
public_key = request.GET.get("pub")
encrypted_private_key = request.GET.get("enc_priv")
ref_code = request.GET.get("ref_code")
if not public_key or not encrypted_private_key:
context["bad_request"] = "Must provide valid 'pub' and 'enc_priv' PGP keys"
return Response(context, status.HTTP_400_BAD_REQUEST)
# Now the server only receives a hash of the token. So server trusts the client
# with computing length, counts and unique_values to confirm the high entropy of the token
# In any case, it is up to the client if they want to create a bad high entropy token.
@ -655,6 +661,8 @@ class UserView(APIView):
context['referral_code'] = token_urlsafe(8)
user.profile.referral_code = context['referral_code']
user.profile.avatar = "static/assets/avatars/" + nickname + ".png"
user.profile.public_key = public_key
user.profile.encrypted_private_key = encrypted_private_key
# If the ref_code was created by another robot, this robot was referred.
queryset = Profile.objects.filter(referral_code=ref_code)
@ -663,6 +671,9 @@ class UserView(APIView):
user.profile.referred_by = queryset[0]
user.profile.save()
context["public_key"] = public_key
context["encrypted_private_key"] = encrypted_private_key
return Response(context, status=status.HTTP_201_CREATED)
else:
@ -673,6 +684,8 @@ class UserView(APIView):
if request.user.date_joined < (timezone.now() -
timedelta(minutes=3)):
context["found"] = "We found your Robot avatar. Welcome back!"
context["public_key"] = request.user.profile.public_key
context["encrypted_private_key"] = request.user.profile.encrypted_private_key
return Response(context, status=status.HTTP_202_ACCEPTED)
else:
# It is unlikely, but maybe the nickname is taken (1 in 20 Billion change)

View File

@ -13,6 +13,7 @@ import { RoboSatsNoTextIcon } from "./Icons";
import { sha256 } from 'js-sha256';
import { genBase62Token, tokenStrength } from "../utils/token";
import { genKey } from "../utils/pgp";
import { getCookie, writeCookie } from "../utils/cookies";
@ -49,9 +50,18 @@ class UserGenPage extends Component {
}
getGeneratedUser=(token)=>{
var strength = tokenStrength(token)
fetch('/api/user' + '?token_sha256=' + sha256(token) + '&unique_values=' + strength.uniqueValues +'&counts=' + strength.counts +'&length=' + token.length + '&ref_code=' + this.refCode)
var strength = tokenStrength(token);
genKey(token).then((key) =>
fetch('/api/user' +
'?token_sha256=' + sha256(token) +
'&pub=' + key.publicKeyArmored +
'&enc_priv=' + key.encryptedPrivateKeyArmored +
'&unique_values=' + strength.uniqueValues +
'&counts=' + strength.counts +
'&length=' + token.length +
'&ref_code=' + this.refCode)
.then((response) => response.json())
.then((data) => {
this.setState({
@ -74,11 +84,12 @@ class UserGenPage extends Component {
nickname: data.nickname,
token: token,
avatarLoaded: false,
})) & writeCookie("robot_token",token))
})) & writeCookie("robot_token",token) & writeCookie("pub_key",data.public_key) & writeCookie("enc_priv_key",data.encrypted_private_key))
&
// If the robot has been found (recovered) we assume the token is backed up
(data.found ? this.props.setAppState({copiedToken:true}) : null)
});
})
);
}
delGeneratedUser() {

View File

@ -1,7 +1,7 @@
import * as openpgp from 'openpgp/lightweight';
// Generate KeyPair. Private Key is encrypted with the highEntropyToken
export async function genKeys(highEntropyToken) {
export async function genKey(highEntropyToken) {
const keyPair = await openpgp.generateKey({
type: 'ecc', // Type of the key, defaults to ECC
@ -11,12 +11,7 @@ export async function genKeys(highEntropyToken) {
format: 'armored'
})
console.log(keyPair)
const publicKeyArmored = keyPair.publicKey;
const privateKeyArmored = keyPair.privateKey; // encrypted private key
return {publicKeyArmored: publicKeyArmored, privateKeyArmored: privateKeyArmored}
return {publicKeyArmored: keyPair.publicKey, encryptedPrivateKeyArmored: keyPair.privateKey}
};
// Encrypt and sign a message