From 31220eaf6583c28f2df5070c3c8841a02a17cdbe Mon Sep 17 00:00:00 2001 From: vnugent Date: Mon, 22 May 2023 16:48:31 -0400 Subject: Functionality error patches --- .../src/Endpoints/MFAEndpoint.cs | 2 +- .../src/MFA/UserMFAExtensions.cs | 30 ---------------------- .../src/SecurityProvider/AccountSecProvider.cs | 13 ++-------- 3 files changed, 3 insertions(+), 42 deletions(-) diff --git a/plugins/VNLib.Plugins.Essentials.Accounts/src/Endpoints/MFAEndpoint.cs b/plugins/VNLib.Plugins.Essentials.Accounts/src/Endpoints/MFAEndpoint.cs index 087ad2c..3201e18 100644 --- a/plugins/VNLib.Plugins.Essentials.Accounts/src/Endpoints/MFAEndpoint.cs +++ b/plugins/VNLib.Plugins.Essentials.Accounts/src/Endpoints/MFAEndpoint.cs @@ -143,7 +143,7 @@ namespace VNLib.Plugins.Essentials.Accounts.Endpoints } //Get the user entry - using IUser? user = await Users.GetUserFromIDAsync(entity.Session.UserID); + using IUser? user = await Users.GetUserAndPassFromIDAsync(entity.Session.UserID); if (webm.Assert(user != null, "Please log-out and try again.")) { diff --git a/plugins/VNLib.Plugins.Essentials.Accounts/src/MFA/UserMFAExtensions.cs b/plugins/VNLib.Plugins.Essentials.Accounts/src/MFA/UserMFAExtensions.cs index 99f7fbb..e042799 100644 --- a/plugins/VNLib.Plugins.Essentials.Accounts/src/MFA/UserMFAExtensions.cs +++ b/plugins/VNLib.Plugins.Essentials.Accounts/src/MFA/UserMFAExtensions.cs @@ -27,7 +27,6 @@ using System.Linq; using System.Buffers; using System.Text.Json; using System.Collections.Generic; -using System.Text.Json.Serialization; using VNLib.Hashing; using VNLib.Utils; @@ -44,7 +43,6 @@ namespace VNLib.Plugins.Essentials.Accounts.MFA { public const string WEBAUTHN_KEY_ENTRY = "mfa.fido"; public const string TOTP_KEY_ENTRY = "mfa.totp"; - public const string PGP_PUB_KEY = "mfa.pgpp"; public const string SESSION_SIG_KEY = "mfa.sig"; public const string USER_PKI_ENTRY = "mfa.pki"; @@ -270,34 +268,6 @@ namespace VNLib.Plugins.Essentials.Accounts.MFA #endregion - #region pgp - - private class PgpMfaCred - { - [JsonPropertyName("p")] - public string? SpkiPublicKey { get; set; } - - [JsonPropertyName("c")] - public string? CurveFriendlyName { get; set; } - } - - - /// - /// Gets the stored PGP public key for the user - /// - /// - /// The stored PGP signature key - public static string MFAGetPGPPubKey(this IUser user) => user[PGP_PUB_KEY]; - - public static void MFASetPGPPubKey(this IUser user, string? pubKey) => user[PGP_PUB_KEY] = pubKey!; - - public static void VerifySignedData(string data) - { - - } - - #endregion - #region webauthn #endregion diff --git a/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecProvider.cs b/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecProvider.cs index c63304a..f8b0401 100644 --- a/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecProvider.cs +++ b/plugins/VNLib.Plugins.Essentials.Accounts/src/SecurityProvider/AccountSecProvider.cs @@ -59,7 +59,6 @@ namespace VNLib.Plugins.Essentials.Accounts.SecurityProvider private const int PUB_KEY_JWT_NONCE_SIZE = 16; //Session entry keys - private const string CLIENT_PUB_KEY_ENTRY = "acnt.pbk"; private const string PUBLIC_KEY_SIG_KEY_ENTRY = "acnt.pbsk"; private const HashAlg ClientTokenHmacType = HashAlg.SHA256; @@ -203,16 +202,8 @@ namespace VNLib.Plugins.Essentials.Accounts.SecurityProvider ERRNO IAccountSecurityProvider.TryEncryptClientData(HttpEntity entity, ReadOnlySpan data, Span outputBuffer) { - //Session must be enabled and not new - if (!entity.Session.IsSet || entity.Session.IsNew) - { - return false; - } - - //try to get the public key from the client - string base64PubKey = entity.Session[CLIENT_PUB_KEY_ENTRY]; - - return TryEncryptClientData(base64PubKey, data, outputBuffer); + //Recover the signed public key, already does session checks + return TryGetPublicKey(entity, out string? pubKey) ? TryEncryptClientData(pubKey, data, outputBuffer) : ERRNO.E_FAIL; } ERRNO IAccountSecurityProvider.TryEncryptClientData(IClientSecInfo entity, ReadOnlySpan data, Span outputBuffer) -- cgit