mstar/linstrom
1
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages 1 Wiki Activity Actions

Compare commits

base: mstar:a6bcbaf5e9e35fc5d41f2a3d15b2bf78da101c97
Branches Tags
mstar:main
..
compare: mstar:c59b0c83408aee3c376747351c94083acd6076f5
Branches Tags
mstar:main

No commits in common. "a6bcbaf5e9e35fc5d41f2a3d15b2bf78da101c97" and "c59b0c83408aee3c376747351c94083acd6076f5" have entirely different histories.
a6bcbaf5e9 ... c59b0c8340

3 changed files with 3 additions and 43 deletions
Show stats Expand all files Collapse all files

13
auth-new/errors.go
View file

@ -11,17 +11,4 @@ var (
ErrProcessTimeout = errors.New("authentication process timed out") ErrProcessTimeout = errors.New("authentication process timed out")
// A user may not login, for whatever reason // A user may not login, for whatever reason
ErrCantLogin = errors.New("user can't login") ErrCantLogin = errors.New("user can't login")
ErrDecryptionFailure = errors.New("failed to decrypt content")
) )
type CombinedError struct {
Err1, Err2 error
}
func (c *CombinedError) Is(e error) bool {
return errors.Is(e, c.Err1) || errors.Is(e, c.Err2)
}
func (c *CombinedError) Error() string {
return c.Err1.Error() + " + " + c.Err2.Error()
}

8
auth-new/passkey.go
View file

@ -14,14 +14,6 @@ import (
"git.mstar.dev/mstar/linstrom/storage-new/models" "git.mstar.dev/mstar/linstrom/storage-new/models"
) )
// TODO: Check if passkey encryption is viable
// Check if encryption for passkey info data is viable to implement
// and if we should do it.
// Encrypting it would probably require making a custom wrapper struct,
// if even possible. Reason being that login completion still requires to update
// the data post-creation, including matching on unique and stable elements
// of said data
// Start the login process via passkey for a given username. // Start the login process via passkey for a given username.
// Returns the credential options the passkey needs to sign // Returns the credential options the passkey needs to sign
func (a *Authenticator) StartPasskeyLogin( func (a *Authenticator) StartPasskeyLogin(

23
auth-new/totp.go
View file

@ -27,7 +27,7 @@ func (a *Authenticator) PerformTotpLogin(
if err != nil { if err != nil {
return LoginNextFailure, "", other.Error("auth", "failed to find account", err) return LoginNextFailure, "", other.Error("auth", "failed to find account", err)
} }
encryptedSecrets := sliceutils.Map( secrets := sliceutils.Map(
sliceutils.Filter(acc.AuthMethods, func(t models.UserAuthMethod) bool { sliceutils.Filter(acc.AuthMethods, func(t models.UserAuthMethod) bool {
return t.AuthMethod == models.AuthMethodGAuth return t.AuthMethod == models.AuthMethodGAuth
}), }),
@ -35,18 +35,6 @@ func (a *Authenticator) PerformTotpLogin(
return string(t.Token) return string(t.Token)
}, },
) )
secrets := []string{}
for _, key := range encryptedSecrets {
decrypted, err := Decrypt([]byte(config.GlobalConfig.Storage.EncryptionKey), []byte(key))
if err != nil {
return 0, "", other.Error(
"auth",
"failed to decrypt secret",
&CombinedError{ErrDecryptionFailure, err},
)
}
secrets = append(secrets, string(decrypted))
}
found := false found := false
for _, secret := range secrets { for _, secret := range secrets {
if totp.Validate(totpToken, secret) { if totp.Validate(totpToken, secret) {
@ -103,17 +91,10 @@ func (a *Authenticator) StartTotpRegistration(
return nil, err return nil, err
} }
secret := key.Secret() secret := key.Secret()
encryptedSecret, err := Encrypt(
[]byte(config.GlobalConfig.Storage.EncryptionKey),
[]byte(secret),
)
if err != nil {
return nil, other.Error("auth", "failed to encrypt secret", err)
}
authToken := models.UserAuthMethod{ authToken := models.UserAuthMethod{
UserId: acc.ID, UserId: acc.ID,
User: *acc, User: *acc,
Token: encryptedSecret, Token: []byte(secret),
AuthMethod: models.AuthMethodGAuth, AuthMethod: models.AuthMethodGAuth,
Name: tokenName + totpUnverifiedSuffix, Name: tokenName + totpUnverifiedSuffix,
} }