From a8d37fab30ccbced5ec8819510ee84893460bb5e Mon Sep 17 00:00:00 2001
From: Marvin Borner
Date: Thu, 10 May 2018 20:42:13 +0200
Subject: Began chat encrpytion integration and ECC key generation on
registration
---
main/app/sprinkles/admin/routes/users.php | 2 ++
.../admin/src/Controller/PostController.php | 5 ++---
.../admin/src/Controller/UserController.php | 26 ++++++++++++++++++++++
.../admin/src/Controller/WormholeController.php | 6 ++---
4 files changed, 33 insertions(+), 6 deletions(-)
(limited to 'main/app/sprinkles/admin')
diff --git a/main/app/sprinkles/admin/routes/users.php b/main/app/sprinkles/admin/routes/users.php
index ece5757..76e372c 100644
--- a/main/app/sprinkles/admin/routes/users.php
+++ b/main/app/sprinkles/admin/routes/users.php
@@ -35,6 +35,8 @@ $app->group('/api/users', function () {
$this->post('/u/{user_name}/password-reset', 'UserFrosting\Sprinkle\Admin\Controller\UserController:createPasswordReset');
+ $this->post('/u/{user_name}/publickey', 'UserFrosting\Sprinkle\Admin\Controller\UserController:setPublicKey');
+
$this->put('/u/{user_name}', 'UserFrosting\Sprinkle\Admin\Controller\UserController:updateInfo');
$this->put('/u/{user_name}/{field}', 'UserFrosting\Sprinkle\Admin\Controller\UserController:updateField');
diff --git a/main/app/sprinkles/admin/src/Controller/PostController.php b/main/app/sprinkles/admin/src/Controller/PostController.php
index 2441be4..98bee5a 100644
--- a/main/app/sprinkles/admin/src/Controller/PostController.php
+++ b/main/app/sprinkles/admin/src/Controller/PostController.php
@@ -79,9 +79,8 @@ class PostController extends SimpleController
$uploadedFile->moveTo(__DIR__ . '/../../../../../uploads' . DIRECTORY_SEPARATOR . $filename);
// Store in Database
- DB::table('image_posts')->insert(
- ['UserID' => $currentUser->id, 'File' => $filename]
- );
+ DB::table('image_posts')
+ ->insert(['UserID' => $currentUser->id, 'File' => $filename]);
$response->write('Uploaded successfully!
');
}
diff --git a/main/app/sprinkles/admin/src/Controller/UserController.php b/main/app/sprinkles/admin/src/Controller/UserController.php
index 46d0f0f..30a8d30 100644
--- a/main/app/sprinkles/admin/src/Controller/UserController.php
+++ b/main/app/sprinkles/admin/src/Controller/UserController.php
@@ -231,6 +231,32 @@ class UserController extends SimpleController
return $response->withStatus(200);
}
+
+ /**
+ * Sets the users public key
+ * Request type: POST
+ */
+ public function setPublicKey($request, $response, $args) {
+ $user = $this->getUserFromParams($args);
+
+ if (!$user) {
+ throw new NotFoundException($request, $response);
+ }
+
+ $classMapper = $this->ci->classMapper;
+ $requestedUser = $classMapper->staticMethod('user', 'where', 'user_name', $args['user_name'])
+ ->first();
+
+ if ($user->id === $requestedUser->id) {
+ $PublicKey = $request->getParsedBody()["PublicKey"];
+ Capsule::table('public_keys')
+ ->insert(['UserID' => $requestedUser->id, 'Key' => $PublicKey]);
+ return $response->withStatus(200);
+ } else {
+ throw new ForbiddenException();
+ }
+ }
+
/**
* Processes the request to delete an existing user.
*
diff --git a/main/app/sprinkles/admin/src/Controller/WormholeController.php b/main/app/sprinkles/admin/src/Controller/WormholeController.php
index 2ed7e68..d70fbbc 100644
--- a/main/app/sprinkles/admin/src/Controller/WormholeController.php
+++ b/main/app/sprinkles/admin/src/Controller/WormholeController.php
@@ -83,9 +83,9 @@ class WormholeController extends SimpleController
private function verifyAccessToken($args) {
$currentUser = $this->ci->currentUser; // FOR DATABASE QUERY
$access_token = $args['access_token'];
- if (DB::table('public_keys')
- ->where('UserID', 1)
- ->where('Key', '=', $access_token)
+ if (DB::table('access_token')
+ ->where('id', 1)
+ ->where('token', '=', $access_token)
->exists()) {
return true;
} else {
--
cgit v1.2.3
From 80b9827a0576ef36ff08f8b9c6e3ef647c965781 Mon Sep 17 00:00:00 2001
From: Marvin Borner
Date: Fri, 11 May 2018 15:41:23 +0200
Subject: More chat encryption...
---
.../assets/userfrosting/js/pages/register.js | 34 +------------
.../assets/userfrosting/js/pages/sign-in.js | 49 +++++++++++++------
.../account/templates/pages/sign-in.html.twig | 1 -
main/app/sprinkles/admin/routes/users.php | 2 +
.../admin/src/Controller/UserController.php | 57 +++++++++++++++++++---
.../sprinkles/core/assets/SiteAssets/js/chat.js | 52 +++++++++++++++-----
.../sprinkles/core/assets/SiteAssets/js/main.js | 53 ++++++++++++--------
main/app/sprinkles/core/config/default.php | 2 +-
.../templates/pages/abstract/mainsite.html.twig | 15 ++++--
.../sprinkles/core/templates/pages/test.html.twig | 28 ++---------
10 files changed, 174 insertions(+), 119 deletions(-)
(limited to 'main/app/sprinkles/admin')
diff --git a/main/app/sprinkles/account/assets/userfrosting/js/pages/register.js b/main/app/sprinkles/account/assets/userfrosting/js/pages/register.js
index 97870a7..a311305 100644
--- a/main/app/sprinkles/account/assets/userfrosting/js/pages/register.js
+++ b/main/app/sprinkles/account/assets/userfrosting/js/pages/register.js
@@ -85,39 +85,7 @@ $(document).ready(function () {
msgTarget: $("#alerts-page"),
keyupDelay: 500
}).on("submitSuccess.ufForm", function () {
- // GENERATE KEYS
- var openpgp = window.openpgp;
- var options;
- var randomString = Math.random().toString(36).substr(2, 11); // PRIVKEY ENCRYPTION KEY
- openpgp.initWorker({path: '/assets-raw/core/assets/SiteAssets/js/openpgp.worker.js'});
- options = {
- userIds: [{name: $("#r-form-username").val(), email: $("#r-form-email").val()}],
- curve: "curve25519",
- passphrase: randomString
- };
- openpgp.generateKey(options).then(function (key) {
- localStorage.setItem("PrivateKey", key.privateKeyArmored);
- localStorage.setItem("🔒", randomString);
-
- console.log(key.publicKeyArmored);
- console.log(key.privateKeyArmored);
- // SAVE PUBLIC KEY TO DATABASE
- var data = {
- csrf_name: site.csrf.name,
- csrf_value: site.csrf.value,
- PublicKey: key.publicKeyArmored
- };
- $.ajax({
- type: 'POST',
- url: site.uri.public + '/api/users/u/' + $("#r-form-username").val() + '/publickey',
- data: data,
- success: function (response) {
- console.log(response);
- //window.location.reload();
- }
- });
-
- });
+ window.location.reload();
}).on("submitError.ufForm", function () {
// Reload captcha
$("#captcha").captcha();
diff --git a/main/app/sprinkles/account/assets/userfrosting/js/pages/sign-in.js b/main/app/sprinkles/account/assets/userfrosting/js/pages/sign-in.js
index b627f2d..97f19e9 100644
--- a/main/app/sprinkles/account/assets/userfrosting/js/pages/sign-in.js
+++ b/main/app/sprinkles/account/assets/userfrosting/js/pages/sign-in.js
@@ -34,19 +34,40 @@ $(document).ready(function() {
validators: page.validators.login,
msgTarget: $("#alerts-page")
}).on("submitSuccess.ufForm", function(event, data, textStatus, jqXHR) {
- /* GENERATE KEYS
- var openpgp = window.openpgp;
- var options, PublicKey, PrivateKey;
- openpgp.initWorker({path: '/assets-raw/core/assets/SiteAssets/js/openpgp.worker.js'});
- options = {
- userIds: [{user_id: current_user_id}],
- curve: "curve25519",
- passphrase: $("input[name='password']") // only local
- };
- openpgp.generateKey(options).then(function (key) {
- PrivateKey = key.privateKeyArmored;
- PublicKey = key.publicKeyArmored;
- });*/
- redirectOnLogin(jqXHR);
+ if (localStorage.getItem("PrivateKey") === null && localStorage.getItem("🔒") === null) {
+ // GENERATE KEYS
+ var openpgp = window.openpgp;
+ var options;
+ var randomString = Math.random().toString(36).substr(2, 11); // PRIVKEY ENCRYPTION KEY
+ openpgp.initWorker({path: '/assets-raw/core/assets/SiteAssets/js/openpgp.worker.js'});
+ options = {
+ userIds: [{name: $("input[name=user_name]").val()}],
+ curve: "curve25519",
+ passphrase: randomString
+ };
+ openpgp.generateKey(options).then(function (key) {
+ localStorage.setItem("PrivateKey", key.privateKeyArmored);
+ localStorage.setItem("🔒", randomString);
+
+ console.log(key.publicKeyArmored);
+ console.log(key.privateKeyArmored);
+ // SAVE PUBLIC KEY TO DATABASE
+ var data = {
+ csrf_name: site.csrf.name,
+ csrf_value: site.csrf.value,
+ PublicKey: key.publicKeyArmored
+ };
+ $.ajax({
+ type: 'POST',
+ dataType : "json",
+ url: site.uri.public + '/api/users/u/' + $("input[name=user_name]").val() + '/publickey',
+ data: data,
+ async: false
+ });
+ redirectOnLogin(jqXHR);
+ });
+ } else {
+ redirectOnLogin(jqXHR);
+ }
});
});
diff --git a/main/app/sprinkles/account/templates/pages/sign-in.html.twig b/main/app/sprinkles/account/templates/pages/sign-in.html.twig
index 083d170..2fb6e1c 100644
--- a/main/app/sprinkles/account/templates/pages/sign-in.html.twig
+++ b/main/app/sprinkles/account/templates/pages/sign-in.html.twig
@@ -62,7 +62,6 @@
{% endblock %}
{% block scripts_page %}
-
+
{# Override this block in a child layout template or page template to override site-level scripts. #}
{% block scripts_site %}
{{ assets.js('js/main') | raw }}
diff --git a/main/app/sprinkles/core/templates/pages/test.html.twig b/main/app/sprinkles/core/templates/pages/test.html.twig
index 972e734..6f64962 100644
--- a/main/app/sprinkles/core/templates/pages/test.html.twig
+++ b/main/app/sprinkles/core/templates/pages/test.html.twig
@@ -25,35 +25,13 @@
\ No newline at end of file
--
cgit v1.2.3