Ejemplo n.º 1
0
    async def validate_otp(self, request, context):
        try:
            success_status = self.service.verify_otp(request.user_id,
                                                     request.pre_access_token,
                                                     request.otp_code)
            if not success_status:
                raise Exception(Message.AUTH_USER_NOT_FOUND)

            user_info = self.user_service.get_user_by_id(request.user_id)
            introspect_token = KeyCloakUtils.introspect_token(
                token['access_token'])
            require_action = ""
            client_key_obj = SignalService().peer_get_client_key(
                request.user_id)
            client_key_peer = auth_messages.PeerGetClientKeyResponse(
                clientId=request.user_id,
                workspace_domain=get_owner_workspace_domain(),
                registrationId=client_key_obj.registration_id,
                deviceId=client_key_obj.device_id,
                identityKeyPublic=client_key_obj.identity_key_public,
                preKeyId=client_key_obj.prekey_id,
                preKey=client_key_obj.prekey,
                signedPreKeyId=client_key_obj.signed_prekey_id,
                signedPreKey=client_key_obj.signed_prekey,
                signedPreKeySignature=client_key_obj.signed_prekey_signature,
                identityKeyEncrypted=client_key_obj.identity_key_encrypted)
            token = self.service.token(user_info.email,
                                       user_info.password_verifier)
            self.user_service.update_last_login(user_id=request.user_id)
            return auth_messages.AuthRes(
                workspace_domain=get_owner_workspace_domain(),
                workspace_name=get_system_config()['server_name'],
                access_token=token["access_token"],
                expires_in=token['expires_in'],
                refresh_expires_in=token['refresh_expires_in'],
                refresh_token=token['refresh_token'],
                token_type=token['token_type'],
                session_state=token['session_state'],
                scope=token['scope'],
                require_action=require_action,
                salt=user_info.salt,
                client_key_peer=client_key_peer,
                iv_parameter=user_info.iv_parameter)

        except Exception as e:
            logger.error(e)
            if not e.args or e.args[0] not in Message.msg_dict:
                errors = [
                    Message.get_error_object(Message.GET_MFA_STATE_FALED)
                ]
            else:
                errors = [Message.get_error_object(e.args[0])]
            context.set_details(
                json.dumps(errors, default=lambda x: x.__dict__))
            context.set_code(grpc.StatusCode.INTERNAL)
Ejemplo n.º 2
0
    async def verify_pincode(self, request, context):
        try:
            exists_user = self.service.get_user_by_email(request.user_name)
            user_info = self.user_service.get_user_by_id(exists_user["id"])
            if not user_info:
                raise Exception(Message.AUTH_USER_NOT_FOUND)
            password_verifier = bytes.fromhex(user_info.password_verifier)
            salt = bytes.fromhex(user_info.salt)
            client_session_key_proof = request.client_session_key_proof
            client_session_key_proof_bytes = bytes.fromhex(
                client_session_key_proof)

            srv = srp.Verifier(username=request.user_name,
                               bytes_s=salt,
                               bytes_v=password_verifier,
                               bytes_A=bytes.fromhex(request.client_public),
                               bytes_b=bytes.fromhex(
                                   user_info.srp_server_private))
            srv.verify_session(client_session_key_proof_bytes)
            authenticated = srv.authenticated()

            if not authenticated:
                raise Exception(Message.AUTHENTICATION_FAILED)

            token = self.service.token(request.user_name,
                                       user_info.password_verifier)
            introspect_token = KeyCloakUtils.introspect_token(
                token['access_token'])
            if not token:
                raise Exception(Message.VERIFY_PINCODE_FAILED)

            client_key_obj = SignalService().peer_get_client_key(
                introspect_token['sub'])
            client_key_peer = auth_messages.PeerGetClientKeyResponse(
                clientId=introspect_token['sub'],
                workspace_domain=get_owner_workspace_domain(),
                registrationId=client_key_obj.registration_id,
                deviceId=client_key_obj.device_id,
                identityKeyPublic=client_key_obj.identity_key_public,
                preKeyId=client_key_obj.prekey_id,
                preKey=client_key_obj.prekey,
                signedPreKeyId=client_key_obj.signed_prekey_id,
                signedPreKey=client_key_obj.signed_prekey,
                signedPreKeySignature=client_key_obj.signed_prekey_signature,
                identityKeyEncrypted=client_key_obj.identity_key_encrypted)
            self.user_service.update_last_login(
                user_id=introspect_token['sub'])
            return auth_messages.AuthRes(
                workspace_domain=get_owner_workspace_domain(),
                workspace_name=get_system_config()['server_name'],
                access_token=token["access_token"],
                expires_in=token['expires_in'],
                refresh_expires_in=token['refresh_expires_in'],
                refresh_token=token['refresh_token'],
                token_type=token['token_type'],
                session_state=token['session_state'],
                scope=token['scope'],
                salt=user_info.salt,
                client_key_peer=client_key_peer,
                iv_parameter=user_info.iv_parameter)
        except Exception as e:
            logger.error(e)
            if not e.args or e.args[0] not in Message.msg_dict:
                errors = [
                    Message.get_error_object(Message.VERIFY_PINCODE_FAILED)
                ]
            else:
                errors = [Message.get_error_object(e.args[0])]
            context.set_details(
                json.dumps(errors, default=lambda x: x.__dict__))
            context.set_code(grpc.StatusCode.INTERNAL)
Ejemplo n.º 3
0
 async def reset_pincode(self, request, context):
     try:
         success_status = self.service.verify_hash_pre_access_token(
             request.user_name, request.reset_pincode_token,
             "verify_pincode")
         exists_user = self.service.get_user_by_email(request.user_name)
         if not exists_user:
             raise Exception(Message.USER_NOT_FOUND)
         if not success_status:
             raise Exception(Message.REGISTER_CLIENT_SIGNAL_KEY_FAILED)
         self.user_service.change_password(request, None,
                                           request.hash_pincode,
                                           exists_user["id"])
         old_client_key_peer = SignalService().peer_get_client_key(
             exists_user["id"])
         SignalService().client_update_peer_key(exists_user["id"],
                                                request.client_key_peer)
         try:
             salt, iv_parameter = UserService().update_hash_pin(
                 exists_user["id"], request.hash_pincode, request.salt,
                 request.iv_parameter)
         except Exception as e:
             logger.error(e)
             SignalService().client_update_peer_key(exists_user["id"],
                                                    old_client_key_peer)
             raise Message.get_error_object(
                 Message.REGISTER_CLIENT_SIGNAL_KEY_FAILED)
         client_key_obj = request.client_key_peer
         client_key_peer = auth_messages.PeerGetClientKeyResponse(
             clientId=exists_user["id"],
             workspace_domain=get_owner_workspace_domain(),
             registrationId=client_key_obj.registrationId,
             deviceId=client_key_obj.deviceId,
             identityKeyPublic=client_key_obj.identityKeyPublic,
             preKeyId=client_key_obj.preKeyId,
             preKey=client_key_obj.preKey,
             signedPreKeyId=client_key_obj.signedPreKeyId,
             signedPreKey=client_key_obj.signedPreKey,
             signedPreKeySignature=client_key_obj.signedPreKeySignature,
             identityKeyEncrypted=client_key_obj.identityKeyEncrypted)
         # logout all device before get new token for user after updated new key
         user_sessions = KeyCloakUtils.get_sessions(
             user_id=exists_user["id"])
         for user_session in user_sessions:
             KeyCloakUtils.remove_session(session_id=user_session['id'])
         token = self.service.token(request.user_name, request.hash_pincode)
         introspect_token = KeyCloakUtils.introspect_token(
             token['access_token'])
         return auth_messages.AuthRes(
             workspace_domain=get_owner_workspace_domain(),
             workspace_name=get_system_config()['server_name'],
             access_token=token["access_token"],
             expires_in=token['expires_in'],
             refresh_expires_in=token['refresh_expires_in'],
             refresh_token=token['refresh_token'],
             token_type=token['token_type'],
             session_state=token['session_state'],
             scope=token['scope'],
             salt=salt,
             client_key_peer=client_key_peer,
             iv_parameter=iv_parameter)
     except Exception as e:
         logger.error(e)
         if not e.args or e.args[0] not in Message.msg_dict:
             errors = [
                 Message.get_error_object(
                     Message.REGISTER_CLIENT_SIGNAL_KEY_FAILED)
             ]
         else:
             errors = [Message.get_error_object(e.args[0])]
             context.set_details(
                 json.dumps(errors, default=lambda x: x.__dict__))
             context.set_code(grpc.StatusCode.INTERNAL)
Ejemplo n.º 4
0
 async def register_pincode(self, request, context):
     try:
         exists_user = self.service.get_user_by_email(request.user_name)
         if not exists_user:
             raise Exception(Message.REGISTER_CLIENT_SIGNAL_KEY_FAILED)
         user_info = self.user_service.get_user_by_id(exists_user["id"])
         if user_info.password_verifier is not None:
             raise Exception(Message.REGISTER_USER_ALREADY_EXISTS)
         salt = request.salt
         self.user_service.change_password(request, None,
                                           request.hash_pincode,
                                           exists_user['id'])
         # using hash_pincode as password for social user
         try:
             SignalService().peer_register_client_key(
                 exists_user['id'], request.client_key_peer)
         except Exception as e:
             logger.error(e)
         try:
             UserService().update_hash_pin(exists_user['id'],
                                           request.hash_pincode,
                                           request.salt,
                                           request.iv_parameter)
         except Exception as e:
             logger.error(e)
             ## TODO: revert change_password
             SignalService().delete_client_peer_key(exists_user['id'])
             raise Message.get_error_object(
                 Message.REGISTER_CLIENT_SIGNAL_KEY_FAILED)
         require_action = ""
         client_key_obj = request.client_key_peer
         client_key_peer = auth_messages.PeerGetClientKeyResponse(
             clientId=exists_user['id'],
             workspace_domain=get_owner_workspace_domain(),
             registrationId=client_key_obj.registrationId,
             deviceId=client_key_obj.deviceId,
             identityKeyPublic=client_key_obj.identityKeyPublic,
             preKeyId=client_key_obj.preKeyId,
             preKey=client_key_obj.preKey,
             signedPreKeyId=client_key_obj.signedPreKeyId,
             signedPreKey=client_key_obj.signedPreKey,
             signedPreKeySignature=client_key_obj.signedPreKeySignature,
             identityKeyEncrypted=client_key_obj.identityKeyEncrypted)
         token = self.service.token(request.user_name, request.hash_pincode)
         introspect_token = KeyCloakUtils.introspect_token(
             token['access_token'])
         self.user_service.update_last_login(
             user_id=introspect_token['sub'])
         return auth_messages.AuthRes(
             workspace_domain=get_owner_workspace_domain(),
             workspace_name=get_system_config()['server_name'],
             access_token=token["access_token"],
             expires_in=token['expires_in'],
             refresh_expires_in=token['refresh_expires_in'],
             refresh_token=token['refresh_token'],
             token_type=token['token_type'],
             session_state=token['session_state'],
             scope=token['scope'],
             salt=request.salt,
             client_key_peer=client_key_peer,
             iv_parameter=request.iv_parameter)
     except Exception as e:
         logger.error(e)
         if not e.args or e.args[0] not in Message.msg_dict:
             errors = [
                 Message.get_error_object(
                     Message.REGISTER_CLIENT_SIGNAL_KEY_FAILED)
             ]
         else:
             errors = [Message.get_error_object(e.args[0])]
         context.set_details(
             json.dumps(errors, default=lambda x: x.__dict__))
         context.set_code(grpc.StatusCode.INTERNAL)
Ejemplo n.º 5
0
    async def forgot_password_update(self, request, context):
        try:
            logger.info("from email {}".format(request.email))
            user_info = self.user_service.get_user_by_auth_source(
                request.email, "account")
            old_user_id = user_info.id
            self.service.verify_hash_pre_access_token(old_user_id,
                                                      request.pre_access_token,
                                                      "forgot_password")
            new_user_id = self.service.forgot_user(request.email,
                                                   request.password_verifier,
                                                   user_info.display_name)
            try:
                await GroupService().forgot_peer_groups_for_client(user_info)
            except Exception as e:
                logger.error("cannot send notify to other group")
                logger.error(e)
            SignalService().delete_client_peer_key(old_user_id)
            if new_user_id:
                # create new user in database
                UserService().forgot_user(user_info, new_user_id,
                                          request.password_verifier,
                                          request.salt, request.iv_parameter)
            else:
                self.service.delete_user(new_user_id)
                raise Exception(Message.REGISTER_USER_FAILED)
            try:
                SignalService().peer_register_client_key(
                    new_user_id, request.client_key_peer)
            except Exception:
                self.service.delete_user(new_user_id)
                UserService().delete_user(new_user_id)
                raise Exception(Message.REGISTER_USER_FAILED)

            token = self.service.token(request.email,
                                       request.password_verifier)
            if token:
                client_key_obj = request.client_key_peer
                client_key_peer = auth_messages.PeerGetClientKeyResponse(
                    clientId=new_user_id,
                    workspace_domain=get_owner_workspace_domain(),
                    registrationId=client_key_obj.registrationId,
                    deviceId=client_key_obj.deviceId,
                    identityKeyPublic=client_key_obj.identityKeyPublic,
                    preKeyId=client_key_obj.preKeyId,
                    preKey=client_key_obj.preKey,
                    signedPreKeyId=client_key_obj.signedPreKeyId,
                    signedPreKey=client_key_obj.signedPreKey,
                    signedPreKeySignature=client_key_obj.signedPreKeySignature,
                    identityKeyEncrypted=client_key_obj.identityKeyEncrypted)
                self.user_service.update_last_login(user_id=new_user_id)
                auth_message = auth_messages.AuthRes(
                    workspace_domain=get_owner_workspace_domain(),
                    workspace_name=get_system_config()['server_name'],
                    access_token=token['access_token'],
                    expires_in=token['expires_in'],
                    refresh_expires_in=token['refresh_expires_in'],
                    refresh_token=token['refresh_token'],
                    token_type=token['token_type'],
                    session_state=token['session_state'],
                    scope=token['scope'],
                    salt=request.salt,
                    client_key_peer=client_key_peer,
                    iv_parameter=request.iv_parameter)
            else:
                raise Exception(Message.AUTH_USER_NOT_FOUND)
            return auth_message

        except Exception as e:
            logger.error(e)
            if not e.args or e.args[0] not in Message.msg_dict:
                errors = [
                    Message.get_error_object(Message.CHANGE_PASSWORD_FAILED)
                ]
            else:
                errors = [Message.get_error_object(e.args[0])]
            context.set_details(
                json.dumps(errors, default=lambda x: x.__dict__))
            context.set_code(grpc.StatusCode.INTERNAL)