diff options
| author | Marvin Borner | 2018-05-11 15:41:23 +0200 |
|---|---|---|
| committer | Marvin Borner | 2018-05-11 15:41:23 +0200 |
| commit | 80b9827a0576ef36ff08f8b9c6e3ef647c965781 (patch) | |
| tree | 0f4b8a806145949990dfe25bfcdb7e5aa644ee52 /main | |
| parent | a8d37fab30ccbced5ec8819510ee84893460bb5e (diff) | |
More chat encryption...
Diffstat (limited to 'main')
10 files changed, 174 insertions, 119 deletions
diff --git a/main/app/sprinkles/account/assets/userfrosting/js/pages/register.js b/main/app/sprinkles/account/assets/userfrosting/js/pages/register.js index 97870a7..a311305 100644 --- a/main/app/sprinkles/account/assets/userfrosting/js/pages/register.js +++ b/main/app/sprinkles/account/assets/userfrosting/js/pages/register.js @@ -85,39 +85,7 @@ $(document).ready(function () { msgTarget: $("#alerts-page"), keyupDelay: 500 }).on("submitSuccess.ufForm", function () { - // GENERATE KEYS - var openpgp = window.openpgp; - var options; - var randomString = Math.random().toString(36).substr(2, 11); // PRIVKEY ENCRYPTION KEY - openpgp.initWorker({path: '/assets-raw/core/assets/SiteAssets/js/openpgp.worker.js'}); - options = { - userIds: [{name: $("#r-form-username").val(), email: $("#r-form-email").val()}], - curve: "curve25519", - passphrase: randomString - }; - openpgp.generateKey(options).then(function (key) { - localStorage.setItem("PrivateKey", key.privateKeyArmored); - localStorage.setItem("🔒", randomString); - - console.log(key.publicKeyArmored); - console.log(key.privateKeyArmored); - // SAVE PUBLIC KEY TO DATABASE - var data = { - csrf_name: site.csrf.name, - csrf_value: site.csrf.value, - PublicKey: key.publicKeyArmored - }; - $.ajax({ - type: 'POST', - url: site.uri.public + '/api/users/u/' + $("#r-form-username").val() + '/publickey', - data: data, - success: function (response) { - console.log(response); - //window.location.reload(); - } - }); - - }); + window.location.reload(); }).on("submitError.ufForm", function () { // Reload captcha $("#captcha").captcha(); diff --git a/main/app/sprinkles/account/assets/userfrosting/js/pages/sign-in.js b/main/app/sprinkles/account/assets/userfrosting/js/pages/sign-in.js index b627f2d..97f19e9 100644 --- a/main/app/sprinkles/account/assets/userfrosting/js/pages/sign-in.js +++ b/main/app/sprinkles/account/assets/userfrosting/js/pages/sign-in.js @@ -34,19 +34,40 @@ $(document).ready(function() { validators: page.validators.login, msgTarget: $("#alerts-page") }).on("submitSuccess.ufForm", function(event, data, textStatus, jqXHR) { - /* GENERATE KEYS - var openpgp = window.openpgp; - var options, PublicKey, PrivateKey; - openpgp.initWorker({path: '/assets-raw/core/assets/SiteAssets/js/openpgp.worker.js'}); - options = { - userIds: [{user_id: current_user_id}], - curve: "curve25519", - passphrase: $("input[name='password']") // only local - }; - openpgp.generateKey(options).then(function (key) { - PrivateKey = key.privateKeyArmored; - PublicKey = key.publicKeyArmored; - });*/ - redirectOnLogin(jqXHR); + if (localStorage.getItem("PrivateKey") === null && localStorage.getItem("🔒") === null) { + // GENERATE KEYS + var openpgp = window.openpgp; + var options; + var randomString = Math.random().toString(36).substr(2, 11); // PRIVKEY ENCRYPTION KEY + openpgp.initWorker({path: '/assets-raw/core/assets/SiteAssets/js/openpgp.worker.js'}); + options = { + userIds: [{name: $("input[name=user_name]").val()}], + curve: "curve25519", + passphrase: randomString + }; + openpgp.generateKey(options).then(function (key) { + localStorage.setItem("PrivateKey", key.privateKeyArmored); + localStorage.setItem("🔒", randomString); + + console.log(key.publicKeyArmored); + console.log(key.privateKeyArmored); + // SAVE PUBLIC KEY TO DATABASE + var data = { + csrf_name: site.csrf.name, + csrf_value: site.csrf.value, + PublicKey: key.publicKeyArmored + }; + $.ajax({ + type: 'POST', + dataType : "json", + url: site.uri.public + '/api/users/u/' + $("input[name=user_name]").val() + '/publickey', + data: data, + async: false + }); + redirectOnLogin(jqXHR); + }); + } else { + redirectOnLogin(jqXHR); + } }); }); diff --git a/main/app/sprinkles/account/templates/pages/sign-in.html.twig b/main/app/sprinkles/account/templates/pages/sign-in.html.twig index 083d170..2fb6e1c 100644 --- a/main/app/sprinkles/account/templates/pages/sign-in.html.twig +++ b/main/app/sprinkles/account/templates/pages/sign-in.html.twig @@ -62,7 +62,6 @@ {% endblock %} {% block scripts_page %} - <script>var current_user_id = {{ current_user.id }};</script> <!-- Include validation rules --> <script> {% include "pages/partials/page.js.twig" %} diff --git a/main/app/sprinkles/admin/routes/users.php b/main/app/sprinkles/admin/routes/users.php index 76e372c..aec99bd 100644 --- a/main/app/sprinkles/admin/routes/users.php +++ b/main/app/sprinkles/admin/routes/users.php @@ -31,6 +31,8 @@ $app->group('/api/users', function () { $this->get('/u/{user_name}/permissions', 'UserFrosting\Sprinkle\Admin\Controller\UserController:getPermissions'); + $this->get('/u/{user_name}/publickey', 'UserFrosting\Sprinkle\Admin\Controller\UserController:getPublicKey'); + $this->post('', 'UserFrosting\Sprinkle\Admin\Controller\UserController:create'); $this->post('/u/{user_name}/password-reset', 'UserFrosting\Sprinkle\Admin\Controller\UserController:createPasswordReset'); diff --git a/main/app/sprinkles/admin/src/Controller/UserController.php b/main/app/sprinkles/admin/src/Controller/UserController.php index 30a8d30..be98f02 100644 --- a/main/app/sprinkles/admin/src/Controller/UserController.php +++ b/main/app/sprinkles/admin/src/Controller/UserController.php @@ -237,20 +237,24 @@ class UserController extends SimpleController * Request type: POST */ public function setPublicKey($request, $response, $args) { - $user = $this->getUserFromParams($args); + $requestedUser = $this->getUserFromParams($args); - if (!$user) { + if (!$requestedUser) { throw new NotFoundException($request, $response); } - $classMapper = $this->ci->classMapper; - $requestedUser = $classMapper->staticMethod('user', 'where', 'user_name', $args['user_name']) - ->first(); + $PublicKey = $request->getParsedBody()["PublicKey"]; - if ($user->id === $requestedUser->id) { - $PublicKey = $request->getParsedBody()["PublicKey"]; + if ($this->ci->currentUser->id === $requestedUser->id && (Capsule::table('public_keys') + ->where('UserID', "=", $requestedUser->id) + ->exists()) === FALSE) { + Capsule::table('public_keys') + ->insert(['UserID' => $requestedUser->id, 'Key' => substr(substr($PublicKey, 100), 0,-40)]); + return $response->withStatus(200); + } else if ($this->ci->currentUser->id === $requestedUser->id) { Capsule::table('public_keys') - ->insert(['UserID' => $requestedUser->id, 'Key' => $PublicKey]); + ->where('UserID', $requestedUser->id) + ->update(['Key' => substr(substr($PublicKey, 100), 0,-40)]); return $response->withStatus(200); } else { throw new ForbiddenException(); @@ -258,6 +262,43 @@ class UserController extends SimpleController } /** + * Gets the users public key + * Request type: GET + */ + public function getPublicKey($request, $response, $args) { + $requestedUser = $this->getUserFromParams($args); + + if (!$requestedUser) { + throw new NotFoundException($request, $response); + } + + if ((Capsule::table('public_keys') + ->where('UserID', "=", $requestedUser->id) + ->exists()) === TRUE) { + + $RawPublicKey = Capsule::table('public_keys') + ->where('UserID', "=", $requestedUser->id) + ->value('Key'); + $PublicKey = "-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: OpenPGP.js v3.0.9\nComment: https://openpgpjs.org\n\n" . $RawPublicKey . "\n-----END PGP PUBLIC KEY BLOCK-----"; + + $ContentType = explode(',', $request->getHeaderLine('Accept'))[0]; + switch ($ContentType) { + case 'application/json': + $response->write(json_encode(array('user_id' => $requestedUser->id, 'PublicKey' => $PublicKey))); + break; + case 'text/html': + $response->write("<pre>" . $PublicKey); + break; + default: + $response->write($PublicKey); + } + return $response->withStatus(200); + } else { + throw new NotFoundException(); + } + } + + /** * Processes the request to delete an existing user. * * Deletes the specified user, removing any existing associations. diff --git a/main/app/sprinkles/core/assets/SiteAssets/js/chat.js b/main/app/sprinkles/core/assets/SiteAssets/js/chat.js index 91afc16..ac3f3f7 100644 --- a/main/app/sprinkles/core/assets/SiteAssets/js/chat.js +++ b/main/app/sprinkles/core/assets/SiteAssets/js/chat.js @@ -1,6 +1,25 @@ /** * GENERAL CHAT */ +var ReceiversUsername = "marvinborner"; // HARD +var openpgp = window.openpgp; +var options, EncryptedText; +var PublicKey = []; +openpgp.initWorker({path: '/assets-raw/core/assets/SiteAssets/js/openpgp.worker.js'}); +var privKeyObj = openpgp.key.readArmored(localStorage.getItem("PrivateKey")).keys[0]; +privKeyObj.decrypt(localStorage.getItem("🔒")); +$.ajax({ + type: 'GET', + url: site.uri.public + '/api/users/u/' + ReceiversUsername + '/publickey', + dataType: "json", + success: function (response) { + //if (response.user_id === ReceiversUsername->id) { + PublicKey[ReceiversUsername] = response.PublicKey; + console.log(PublicKey[ReceiversUsername]) + //} + } +}); + function InitializeChatServer() { var ChatTextInput = $("#ChatTextInput"); var SubscribeTextInput = $("#SubscribeTextInput"); @@ -187,18 +206,27 @@ function InitializeChatServer() { // SEND MESSAGE FROM INPUT FIELD ChatTextInput.keyup(function (e) { if (e.keyCode === 13 && ChatTextInput.val().length > 0) { - // USER USUALLY STOPS TYPING ON SENDING -> CHANGE STATE TO FALSE - sendTypingState(false); - isTyping = false; - clearTimeout(typingTimer); - - ChatSocket.send(JSON.stringify({ - ClientMessageType: "ChatMessage", - MessageType: "Private", - Message: ChatTextInput.val() - })); - ChatTextInput.val(""); - ChatTextInput.val(""); + options = { + data: ChatTextInput.val(), + publicKeys: openpgp.key.readArmored(PublicKey[ReceiversUsername]).keys, + privateKeys: [privKeyObj] // FOR SIGNING + }; + openpgp.encrypt(options).then(function (Encrypted) { + EncryptedText = Encrypted.data; + + // USER USUALLY STOPS TYPING ON SENDING -> CHANGE STATE TO FALSE + sendTypingState(false); + isTyping = false; + clearTimeout(typingTimer); + + ChatSocket.send(JSON.stringify({ + ClientMessageType: "ChatMessage", + MessageType: "Private", + Message: EncryptedText.substr(91).slice(0,-29) + })); + ChatTextInput.val(""); + ChatTextInput.val(""); + }); } }); }; diff --git a/main/app/sprinkles/core/assets/SiteAssets/js/main.js b/main/app/sprinkles/core/assets/SiteAssets/js/main.js index 28c7b7c..08d5888 100644 --- a/main/app/sprinkles/core/assets/SiteAssets/js/main.js +++ b/main/app/sprinkles/core/assets/SiteAssets/js/main.js @@ -32,38 +32,49 @@ function triggerErrorPopup() { /** * ENCRYPTION */ -var openpgp = window.openpgp; -var hkp = new openpgp.HKP('https://pgp.mit.edu'); -var options, EncryptedText, DecryptedText, PublicKey, PrivateKey, PrivateKeyObj; +/*var openpgp = window.openpgp; +var options, EncryptedText, DecryptedText, PrivateKey, PassPhrase, PrivateKeyObj; +var PublicKey = []; openpgp.initWorker({path: '/assets-raw/core/assets/SiteAssets/js/openpgp.worker.js'}); -function generateKeys(passphrase) { - options = { - userIds: [{user_id: current_user_id}], - curve: "curve25519", - passphrase: passphrase - }; - - openpgp.generateKey(options).then(function (key) { - PrivateKey = key.privateKeyArmored; - PublicKey = key.publicKeyArmored; - }); -} +$.ajax({ + type: 'GET', + url: site.uri.public + '/api/users/u/' + current_username + '/publickey', + dataType : "json", + success: function (response) { + if (response.user_id === current_user_id) { + PublicKey[current_username] = response.PublicKey; + PrivateKey = localStorage.getItem("PrivateKey"); + PassPhrase = localStorage.getItem("🔒") + } + } +}); -function EncryptMessage(Message, PublicKey) { +function EncryptMessage(Message, Username) { + if (!Username in PublicKey) { + $.ajax({ + type: 'GET', + url: site.uri.public + '/api/users/u/' + Username + '/publickey', + dataType : "json", + success: function (response) { + if (response.user_id === current_user_id) { + PublicKey[Username] = response.PublicKey; + } + } + }); + } options = { data: Message, - publicKeys: openpgp.key.readArmored(PublicKey).keys + publicKeys: openpgp.key.readArmored(PublicKey[Username]).keys }; - openpgp.encrypt(options).then(function (EncryptedText) { EncryptedText = EncryptedText.data; }); } -function DecryptMessage(EncryptedText, PrivateKey, passphrase) { +function DecryptMessage(EncryptedText) { PrivateKeyObj = openpgp.key.readArmored(PrivateKey).keys[0]; - PrivateKeyObj.decrypt(passphrase); + PrivateKeyObj.decrypt(PassPhrase); options = { message: openpgp.message.readArmored(EncryptedText), privateKeys: [PrivateKeyObj] @@ -72,7 +83,7 @@ function DecryptMessage(EncryptedText, PrivateKey, passphrase) { openpgp.decrypt(options).then(function (DecryptedText) { DecryptedText = DecryptedText.data; }); -} +}*/ /** * OLD BROWSER diff --git a/main/app/sprinkles/core/config/default.php b/main/app/sprinkles/core/config/default.php index 07fd2e6..60e3345 100644 --- a/main/app/sprinkles/core/config/default.php +++ b/main/app/sprinkles/core/config/default.php @@ -175,7 +175,7 @@ 'php' => [ 'timezone' => 'Europe/Berlin', 'error_reporting' => E_ALL, // Development - report all errors and suggestions - 'display_errors' => 'false', + 'display_errors' => 'true', 'log_errors' => 'true', // Let PHP itself render errors natively. Useful if a fatal error is raised in our custom shutdown handler. 'display_errors_native' => 'true' diff --git a/main/app/sprinkles/core/templates/pages/abstract/mainsite.html.twig b/main/app/sprinkles/core/templates/pages/abstract/mainsite.html.twig index 1821510..c27c071 100644 --- a/main/app/sprinkles/core/templates/pages/abstract/mainsite.html.twig +++ b/main/app/sprinkles/core/templates/pages/abstract/mainsite.html.twig @@ -8,7 +8,8 @@ <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"> - <meta name="description" content="{% block page_description %}This page has not yet been configured.{% endblock %}"> + <meta name="description" + content="{% block page_description %}This page has not yet been configured.{% endblock %}"> <meta name="author" content="{% block page_author %}{{ site.author }}{% endblock %}"> <title>{{ site.title }} | {% block page_title %}New Page{% endblock %}</title> @@ -54,7 +55,7 @@ {# Canonical page link #} {% if block('page_canonical') %} - <link href="{{site.uri.base.scheme}}://{% block page_canonical %}{% endblock %}" rel="canonical" /> + <link href="{{ site.uri.base.scheme }}://{% block page_canonical %}{% endblock %}" rel="canonical" /> {% endif %} <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries --> @@ -85,7 +86,10 @@ {% block content_header %} <section class="content-header"> <h1>{% block header_title %}{{ block('page_title') }}{% endblock %}</h1> - {% if block('page_description') is not empty %}<h1><small>{% block header_description %}{{ block('page_description') }}{% endblock %}</small></h1>{% endif %} + {% if block('page_description') is not empty %} + <h1> + <small>{% block header_description %}{{ block('page_description') }}{% endblock %}</small> + </h1>{% endif %} {% block breadcrumb %} {% include 'navigation/breadcrumb.html.twig' with {page_title: block('page_title')} %} {% endblock %} @@ -116,7 +120,10 @@ {% endblock %} {% block scripts %} - <script>var current_user_id = {{ current_user.id }};</script> + <script> + var current_user_id = {{ current_user.id }}; + var current_username = "{{ current_user.user_name }}"; + </script> {# Override this block in a child layout template or page template to override site-level scripts. #} {% block scripts_site %} {{ assets.js('js/main') | raw }} diff --git a/main/app/sprinkles/core/templates/pages/test.html.twig b/main/app/sprinkles/core/templates/pages/test.html.twig index 972e734..6f64962 100644 --- a/main/app/sprinkles/core/templates/pages/test.html.twig +++ b/main/app/sprinkles/core/templates/pages/test.html.twig @@ -25,35 +25,13 @@ <script> - - // GENERATE KEYS - var openpgp = window.openpgp; - var options; - var randomString = Math.random().toString(36).substr(2, 11); // PRIVKEY ENCRYPTION KEY - openpgp.initWorker({path: '/assets-raw/core/assets/SiteAssets/js/openpgp.worker.js'}); - options = { - userIds: [{name: 'marvinborner', email: 'marvin@borners.de'}], - curve: "curve25519", - passphrase: randomString - }; - openpgp.generateKey(options).then(function (key) { - localStorage.setItem("PrivateKey", key.privateKeyArmored); - localStorage.setItem("🔒", randomString); - // SAVE PUBLIC KEY TO DATABASE - var data = { - csrf_name: site.csrf.name, - csrf_value: site.csrf.value, - PublicKey: key.publicKeyArmored - }; $.ajax({ - type: 'POST', - url: site.uri.public + '/api/users/u/' + 'tory.redstart' + '/publickey', - data: data, + type: 'GET', + url: site.uri.public + '/api/users/u/' + 'marvinborner' + '/publickey', + dataType : "json", success: function (response) { console.log(response); //window.location.reload(); } }); - - }); </script>
\ No newline at end of file |