WIP working password change with restricted registration

pull/1/head
ansuz 4 years ago
parent 0124e2c3f4
commit 18c73ad282

@ -86,20 +86,37 @@ var createLoginBlockPath = function (Env, publicKey) { // FIXME BLOCKS
return Path.join(Env.paths.block, safeKey.slice(0, 2), safeKey);
};
var validateAncestorProof = function (Env, proof, newPubKey, cb) {
/* prove that you own an existing block by signing for its publicKey
we will need:
1. the publicKey
2. for the old key's block to exist
* path = createLoginBlockPath(Env, oldPublicKey)
* path && FS.readFile(path, err => { !err })
3. a message signed with that publicKey
*/
cb("E_RESTRICTED");
var validateAncestorProof = function (Env, proof, _cb) {
var cb = Util.once(Util.mkAsync(_cb));
/* prove that you own an existing block by signing for its publicKey */
try {
var parsed = JSON.parse(proof);
var pub = parsed[0];
var u8_pub = Nacl.util.decodeBase64(pub);
var sig = parsed[1];
var u8_sig = Nacl.util.decodeBase64(sig);
var valid = false;
nThen(function (w) {
// XXX restricted-registration do this in a worker
valid = Nacl.sign.detached.verify(u8_pub, u8_sig, u8_pub);
if (!valid) {
w.abort();
return void cb('E_INVALID_ANCESTOR_PROOF');
}
// else fall through to next step
}).nThen(function (w) {
var path = createLoginBlockPath(Env, pub);
Fs.access(path, Fs.constants.F_OK, w(function (err) {
if (!err) { return; }
w.abort(); // else
return void cb("E_MISSING_ANCESTOR");
}));
}).nThen(function () {
cb(void 0, valid);
});
} catch (err) {
return void cb(err);
}
};
Block.writeLoginBlock = function (Env, safeKey, msg, _cb) { // FIXME BLOCKS
@ -119,14 +136,13 @@ Block.writeLoginBlock = function (Env, safeKey, msg, _cb) { // FIXME BLOCKS
w.abort();
return cb("E_RESTRICTED");
}
// TODO check that the provided proof was valid
// XXX restricted-registration check whether proof of an existing block was provided
validateAncestorProof(Env, void 0, w(function (err) {
if (err) {
validateAncestorProof(Env, registrationProof, w(function (err, validated) {
if (err || !validated) { // double check that it was validated
w.abort();
cb(err);
// XXX Log
return void cb("E_RESTRICTED"); // XXX restricted-registration we can provide more descriptive errors if we check that the client will understand them
}
// else fall through to the next block
}));
}).nThen(function (w) {
validateLoginBlock(Env, publicKey, signature, block, w(function (e, _validatedBlock) {

@ -1857,7 +1857,7 @@ define([
var content = Block.serialize(JSON.stringify(temp), blockKeys);
console.error("OLD AND NEW BLOCK KEYS", oldBlockKeys, blockKeys);
// XXX ignored unless restricted registration is active?
// content.registrationProof = Block.proveAncestor();
content.registrationProof = Block.proveAncestor(oldBlockKeys);
console.log("writing new login block");
common.writeLoginBlock(content, waitFor(function (obj) {

@ -88,26 +88,16 @@ define([
Block.proveAncestor = function (O /* oldBlockKeys */, N /* newBlockKeys */) {
N = N;
/*
var registrationProof;
var registrationSig;
if (keys.previous) {
// XXX restricted-registration
// sign the publicKey of the new key with the old key
// your existing block's publicKey
// the new block's publicKey
// some proof of recency to prevent replays?
// a signature of the whole thing
// registrationProof = [oldPublicKey, newPublicKey];
// registrationSig = sign(registrationProof, oldPrivateKey);
var u8_pub = Util.find(O, ['sign', 'publicKey']);
var u8_secret = Util.find(O, ['sign', 'secretKey']);
try {
// sign your old publicKey with your old privateKey
var u8_sig = Nacl.sign.detached(u8_pub, u8_secret);
// return an array with the sig and the pubkey
return JSON.stringify([u8_pub, u8_sig].map(Nacl.util.encodeBase64));
} catch (err) {
throw err; // XXX restricted-registration
}
*/
// needed for password change with restricted registration
//registrationProof: registrationProof? Nacl.util.encodeBase64(registrationProof): undefined,
//registrationSig: registrationSig? Nacl.util.encode
};
Block.remove = function (keys) {

@ -226,7 +226,7 @@ var factory = function (Util, Rpc) {
console.log(data);
return void cb("MISSING_PARAMETERS");
}
if (['string', 'undefined'].indexOf(typeof(data.registrationProof)) !== -1) {
if (['string', 'undefined'].indexOf(typeof(data.registrationProof)) === -1) {
return void cb("INVALID_REGISTRATION_PROOF");
}

Loading…
Cancel
Save