forked from Silverfish/proton-bridge
GODT-1155 Update gopenpgp and use go-srp
This commit is contained in:
Jakub
@ -47,8 +47,8 @@ type Credentials struct {
|
||||
UserID, // Do not marshal; used as a key.
|
||||
Name,
|
||||
Emails,
|
||||
APIToken,
|
||||
MailboxPassword,
|
||||
APIToken string
|
||||
MailboxPassword []byte
|
||||
BridgePassword,
|
||||
Version string
|
||||
Timestamp int64
|
||||
@ -58,15 +58,15 @@ type Credentials struct {
|
||||
|
||||
func (s *Credentials) Marshal() string {
|
||||
items := []string{
|
||||
s.Name, // 0
|
||||
s.Emails, // 1
|
||||
s.APIToken, // 2
|
||||
s.MailboxPassword, // 3
|
||||
s.BridgePassword, // 4
|
||||
s.Version, // 5
|
||||
"", // 6
|
||||
"", // 7
|
||||
"", // 8
|
||||
s.Name, // 0
|
||||
s.Emails, // 1
|
||||
s.APIToken, // 2
|
||||
string(s.MailboxPassword), // 3
|
||||
s.BridgePassword, // 4
|
||||
s.Version, // 5
|
||||
"", // 6
|
||||
"", // 7
|
||||
"", // 8
|
||||
}
|
||||
|
||||
items[6] = fmt.Sprint(s.Timestamp)
|
||||
@ -97,7 +97,7 @@ func (s *Credentials) Unmarshal(secret string) error {
|
||||
s.Name = items[0]
|
||||
s.Emails = items[1]
|
||||
s.APIToken = items[2]
|
||||
s.MailboxPassword = items[3]
|
||||
s.MailboxPassword = []byte(items[3])
|
||||
|
||||
switch len(items) {
|
||||
case itemLengthBridge:
|
||||
@ -143,11 +143,11 @@ func (s *Credentials) CheckPassword(password string) error {
|
||||
|
||||
func (s *Credentials) Logout() {
|
||||
s.APIToken = ""
|
||||
s.MailboxPassword = ""
|
||||
s.MailboxPassword = []byte{}
|
||||
}
|
||||
|
||||
func (s *Credentials) IsConnected() bool {
|
||||
return s.APIToken != "" && s.MailboxPassword != ""
|
||||
return s.APIToken != "" && len(s.MailboxPassword) != 0
|
||||
}
|
||||
|
||||
func (s *Credentials) SplitAPIToken() (string, string, error) {
|
||||
|
||||
@ -32,7 +32,7 @@ var wantCredentials = Credentials{
|
||||
Name: "name",
|
||||
Emails: "email1;email2",
|
||||
APIToken: "token",
|
||||
MailboxPassword: "mailbox pass",
|
||||
MailboxPassword: []byte("mailbox pass"),
|
||||
BridgePassword: "bridge pass",
|
||||
Version: "k11",
|
||||
Timestamp: time.Now().Unix(),
|
||||
@ -52,7 +52,7 @@ func TestUnmarshallImportExport(t *testing.T) {
|
||||
wantCredentials.Name,
|
||||
wantCredentials.Emails,
|
||||
wantCredentials.APIToken,
|
||||
wantCredentials.MailboxPassword,
|
||||
string(wantCredentials.MailboxPassword),
|
||||
"k11",
|
||||
fmt.Sprint(wantCredentials.Timestamp),
|
||||
}
|
||||
|
||||
@ -39,7 +39,7 @@ func NewStore(keychain *keychain.Keychain) *Store {
|
||||
return &Store{secrets: keychain}
|
||||
}
|
||||
|
||||
func (s *Store) Add(userID, userName, uid, ref, mailboxPassword string, emails []string) (*Credentials, error) {
|
||||
func (s *Store) Add(userID, userName, uid, ref string, mailboxPassword []byte, emails []string) (*Credentials, error) {
|
||||
storeLocker.Lock()
|
||||
defer storeLocker.Unlock()
|
||||
|
||||
@ -108,7 +108,7 @@ func (s *Store) UpdateEmails(userID string, emails []string) (*Credentials, erro
|
||||
return credentials, s.saveCredentials(credentials)
|
||||
}
|
||||
|
||||
func (s *Store) UpdatePassword(userID, password string) (*Credentials, error) {
|
||||
func (s *Store) UpdatePassword(userID string, password []byte) (*Credentials, error) {
|
||||
storeLocker.Lock()
|
||||
defer storeLocker.Unlock()
|
||||
|
||||
|
||||
@ -277,7 +277,7 @@ func TestMarshal(t *testing.T) {
|
||||
Name: "007",
|
||||
Emails: "ja@pm.me;aj@cus.tom",
|
||||
APIToken: "sdfdsfsdfsdfsdf",
|
||||
MailboxPassword: "cdcdcdcd",
|
||||
MailboxPassword: []byte("cdcdcdcd"),
|
||||
BridgePassword: "wew123",
|
||||
Version: "k11",
|
||||
Timestamp: 152469263742,
|
||||
|
||||
@ -108,7 +108,7 @@ func (m *MockCredentialsStorer) EXPECT() *MockCredentialsStorerMockRecorder {
|
||||
}
|
||||
|
||||
// Add mocks base method
|
||||
func (m *MockCredentialsStorer) Add(arg0, arg1, arg2, arg3, arg4 string, arg5 []string) (*credentials.Credentials, error) {
|
||||
func (m *MockCredentialsStorer) Add(arg0, arg1, arg2, arg3 string, arg4 []byte, arg5 []string) (*credentials.Credentials, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "Add", arg0, arg1, arg2, arg3, arg4, arg5)
|
||||
ret0, _ := ret[0].(*credentials.Credentials)
|
||||
@ -212,7 +212,7 @@ func (mr *MockCredentialsStorerMockRecorder) UpdateEmails(arg0, arg1 interface{}
|
||||
}
|
||||
|
||||
// UpdatePassword mocks base method
|
||||
func (m *MockCredentialsStorer) UpdatePassword(arg0, arg1 string) (*credentials.Credentials, error) {
|
||||
func (m *MockCredentialsStorer) UpdatePassword(arg0 string, arg1 []byte) (*credentials.Credentials, error) {
|
||||
m.ctrl.T.Helper()
|
||||
ret := m.ctrl.Call(m, "UpdatePassword", arg0, arg1)
|
||||
ret0, _ := ret[0].(*credentials.Credentials)
|
||||
|
||||
@ -32,11 +32,11 @@ type PanicHandler interface {
|
||||
|
||||
type CredentialsStorer interface {
|
||||
List() (userIDs []string, err error)
|
||||
Add(userID, userName, uid, ref, mailboxPassword string, emails []string) (*credentials.Credentials, error)
|
||||
Add(userID, userName, uid, ref string, mailboxPassword []byte, emails []string) (*credentials.Credentials, error)
|
||||
Get(userID string) (*credentials.Credentials, error)
|
||||
SwitchAddressMode(userID string) (*credentials.Credentials, error)
|
||||
UpdateEmails(userID string, emails []string) (*credentials.Credentials, error)
|
||||
UpdatePassword(userID, password string) (*credentials.Credentials, error)
|
||||
UpdatePassword(userID string, password []byte) (*credentials.Credentials, error)
|
||||
UpdateToken(userID, uid, ref string) (*credentials.Credentials, error)
|
||||
Logout(userID string) (*credentials.Credentials, error)
|
||||
Delete(userID string) error
|
||||
|
||||
@ -227,7 +227,7 @@ func (u *User) unlockIfNecessary() error {
|
||||
// client. Unlock should only finish unlocking when connection is back up.
|
||||
// That means it should try it fast enough and not retry if connection
|
||||
// is still down.
|
||||
err := u.client.Unlock(pmapi.ContextWithoutRetry(context.Background()), []byte(u.creds.MailboxPassword))
|
||||
err := u.client.Unlock(pmapi.ContextWithoutRetry(context.Background()), u.creds.MailboxPassword)
|
||||
if err == nil {
|
||||
return nil
|
||||
}
|
||||
@ -364,7 +364,7 @@ func (u *User) UpdateUser(ctx context.Context) error {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := u.client.ReloadKeys(ctx, []byte(u.creds.MailboxPassword)); err != nil {
|
||||
if err := u.client.ReloadKeys(ctx, u.creds.MailboxPassword); err != nil {
|
||||
return errors.Wrap(err, "failed to reload keys")
|
||||
}
|
||||
|
||||
|
||||
@ -37,7 +37,7 @@ func TestUpdateUser(t *testing.T) {
|
||||
|
||||
gomock.InOrder(
|
||||
m.pmapiClient.EXPECT().UpdateUser(gomock.Any()).Return(nil, nil),
|
||||
m.pmapiClient.EXPECT().ReloadKeys(gomock.Any(), []byte(testCredentials.MailboxPassword)).Return(nil),
|
||||
m.pmapiClient.EXPECT().ReloadKeys(gomock.Any(), testCredentials.MailboxPassword).Return(nil),
|
||||
m.pmapiClient.EXPECT().Addresses().Return([]*pmapi.Address{testPMAPIAddress}),
|
||||
|
||||
m.credentialsStore.EXPECT().UpdateEmails("user", []string{testPMAPIAddress.Email}).Return(testCredentials, nil),
|
||||
|
||||
@ -46,7 +46,7 @@ func TestNewUserUnlockFails(t *testing.T) {
|
||||
m.credentialsStore.EXPECT().Get("user").Return(testCredentials, nil),
|
||||
m.pmapiClient.EXPECT().AddAuthRefreshHandler(gomock.Any()),
|
||||
m.pmapiClient.EXPECT().IsUnlocked().Return(false),
|
||||
m.pmapiClient.EXPECT().Unlock(gomock.Any(), []byte(testCredentials.MailboxPassword)).Return(errors.New("bad password")),
|
||||
m.pmapiClient.EXPECT().Unlock(gomock.Any(), testCredentials.MailboxPassword).Return(errors.New("bad password")),
|
||||
|
||||
// Handle of unlock error.
|
||||
m.pmapiClient.EXPECT().AuthDelete(gomock.Any()).Return(nil),
|
||||
|
||||
@ -200,14 +200,14 @@ func (u *Users) closeAllConnections() {
|
||||
|
||||
// Login authenticates a user by username/password, returning an authorised client and an auth object.
|
||||
// The authorisation scope may not yet be full if the user has 2FA enabled.
|
||||
func (u *Users) Login(username, password string) (authClient pmapi.Client, auth *pmapi.Auth, err error) {
|
||||
func (u *Users) Login(username string, password []byte) (authClient pmapi.Client, auth *pmapi.Auth, err error) {
|
||||
u.crashBandicoot(username)
|
||||
|
||||
return u.clientManager.NewClientWithLogin(context.Background(), username, password)
|
||||
}
|
||||
|
||||
// FinishLogin finishes the login procedure and adds the user into the credentials store.
|
||||
func (u *Users) FinishLogin(client pmapi.Client, auth *pmapi.Auth, password string) (user *User, err error) { //nolint[funlen]
|
||||
func (u *Users) FinishLogin(client pmapi.Client, auth *pmapi.Auth, password []byte) (user *User, err error) { //nolint[funlen]
|
||||
apiUser, passphrase, err := getAPIUser(context.Background(), client, password)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@ -228,7 +228,7 @@ func (u *Users) FinishLogin(client pmapi.Client, auth *pmapi.Auth, password stri
|
||||
}
|
||||
|
||||
// Update the password in case the user changed it.
|
||||
creds, err := u.credStorer.UpdatePassword(apiUser.ID, string(passphrase))
|
||||
creds, err := u.credStorer.UpdatePassword(apiUser.ID, passphrase)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "failed to update password of user in credentials store")
|
||||
}
|
||||
@ -264,7 +264,7 @@ func (u *Users) addNewUser(client pmapi.Client, apiUser *pmapi.User, auth *pmapi
|
||||
emails = client.Addresses().AllEmails()
|
||||
}
|
||||
|
||||
if _, err := u.credStorer.Add(apiUser.ID, apiUser.Name, auth.UID, auth.RefreshToken, string(passphrase), emails); err != nil {
|
||||
if _, err := u.credStorer.Add(apiUser.ID, apiUser.Name, auth.UID, auth.RefreshToken, passphrase, emails); err != nil {
|
||||
return errors.Wrap(err, "failed to add user credentials to credentials store")
|
||||
}
|
||||
|
||||
@ -286,7 +286,7 @@ func (u *Users) addNewUser(client pmapi.Client, apiUser *pmapi.User, auth *pmapi
|
||||
return nil
|
||||
}
|
||||
|
||||
func getAPIUser(ctx context.Context, client pmapi.Client, password string) (*pmapi.User, []byte, error) {
|
||||
func getAPIUser(ctx context.Context, client pmapi.Client, password []byte) (*pmapi.User, []byte, error) {
|
||||
salt, err := client.AuthSalt(ctx)
|
||||
if err != nil {
|
||||
return nil, nil, errors.Wrap(err, "failed to get salt")
|
||||
|
||||
@ -37,7 +37,7 @@ func TestUsersFinishLoginBadMailboxPassword(t *testing.T) {
|
||||
|
||||
// Set up mocks for FinishLogin.
|
||||
m.pmapiClient.EXPECT().AuthSalt(gomock.Any()).Return("", nil)
|
||||
m.pmapiClient.EXPECT().Unlock(gomock.Any(), []byte(testCredentials.MailboxPassword)).Return(errors.New("no keys could be unlocked"))
|
||||
m.pmapiClient.EXPECT().Unlock(gomock.Any(), testCredentials.MailboxPassword).Return(errors.New("no keys could be unlocked"))
|
||||
|
||||
checkUsersFinishLogin(t, m, testAuthRefresh, testCredentials.MailboxPassword, "", ErrWrongMailboxPassword)
|
||||
}
|
||||
@ -69,7 +69,7 @@ func TestUsersFinishLoginExistingDisconnectedUser(t *testing.T) {
|
||||
// Mock process of FinishLogin of already added user.
|
||||
gomock.InOrder(
|
||||
m.pmapiClient.EXPECT().AuthSalt(gomock.Any()).Return("", nil),
|
||||
m.pmapiClient.EXPECT().Unlock(gomock.Any(), []byte(testCredentials.MailboxPassword)).Return(nil),
|
||||
m.pmapiClient.EXPECT().Unlock(gomock.Any(), testCredentials.MailboxPassword).Return(nil),
|
||||
m.pmapiClient.EXPECT().CurrentUser(gomock.Any()).Return(testPMAPIUserDisconnected, nil),
|
||||
m.credentialsStore.EXPECT().UpdateToken(testCredentialsDisconnected.UserID, testAuthRefresh.UID, testAuthRefresh.RefreshToken).Return(testCredentials, nil),
|
||||
m.credentialsStore.EXPECT().UpdatePassword(testCredentialsDisconnected.UserID, testCredentials.MailboxPassword).Return(testCredentials, nil),
|
||||
@ -101,7 +101,7 @@ func TestUsersFinishLoginConnectedUser(t *testing.T) {
|
||||
// Mock process of FinishLogin of already connected user.
|
||||
gomock.InOrder(
|
||||
m.pmapiClient.EXPECT().AuthSalt(gomock.Any()).Return("", nil),
|
||||
m.pmapiClient.EXPECT().Unlock(gomock.Any(), []byte(testCredentials.MailboxPassword)).Return(nil),
|
||||
m.pmapiClient.EXPECT().Unlock(gomock.Any(), testCredentials.MailboxPassword).Return(nil),
|
||||
m.pmapiClient.EXPECT().CurrentUser(gomock.Any()).Return(testPMAPIUser, nil),
|
||||
m.pmapiClient.EXPECT().AuthDelete(gomock.Any()).Return(nil),
|
||||
)
|
||||
@ -113,7 +113,7 @@ func TestUsersFinishLoginConnectedUser(t *testing.T) {
|
||||
r.EqualError(t, err, "user is already connected")
|
||||
}
|
||||
|
||||
func checkUsersFinishLogin(t *testing.T, m mocks, auth *pmapi.Auth, mailboxPassword string, expectedUserID string, expectedErr error) {
|
||||
func checkUsersFinishLogin(t *testing.T, m mocks, auth *pmapi.Auth, mailboxPassword []byte, expectedUserID string, expectedErr error) {
|
||||
users := testNewUsers(t, m)
|
||||
defer cleanUpUsersData(users)
|
||||
|
||||
|
||||
@ -84,7 +84,7 @@ func TestNewUsersWithConnectedUserWithBadToken(t *testing.T) {
|
||||
m.clientManager.EXPECT().NewClient("uid", "", "acc", time.Time{}).Return(m.pmapiClient)
|
||||
m.pmapiClient.EXPECT().AddAuthRefreshHandler(gomock.Any())
|
||||
m.pmapiClient.EXPECT().IsUnlocked().Return(false)
|
||||
m.pmapiClient.EXPECT().Unlock(gomock.Any(), []byte(testCredentials.MailboxPassword)).Return(errors.New("not authorized"))
|
||||
m.pmapiClient.EXPECT().Unlock(gomock.Any(), testCredentials.MailboxPassword).Return(errors.New("not authorized"))
|
||||
m.pmapiClient.EXPECT().AuthDelete(gomock.Any())
|
||||
|
||||
m.credentialsStore.EXPECT().List().Return([]string{"user"}, nil)
|
||||
|
||||
@ -63,7 +63,7 @@ var (
|
||||
Name: "username",
|
||||
Emails: "user@pm.me",
|
||||
APIToken: "uid:acc",
|
||||
MailboxPassword: "pass",
|
||||
MailboxPassword: []byte("pass"),
|
||||
BridgePassword: "0123456789abcdef",
|
||||
Version: "v1",
|
||||
Timestamp: 123456789,
|
||||
@ -76,7 +76,7 @@ var (
|
||||
Name: "usersname",
|
||||
Emails: "users@pm.me;anotheruser@pm.me;alsouser@pm.me",
|
||||
APIToken: "uid:acc",
|
||||
MailboxPassword: "pass",
|
||||
MailboxPassword: []byte("pass"),
|
||||
BridgePassword: "0123456789abcdef",
|
||||
Version: "v1",
|
||||
Timestamp: 123456789,
|
||||
@ -89,7 +89,7 @@ var (
|
||||
Name: "username",
|
||||
Emails: "user@pm.me",
|
||||
APIToken: "",
|
||||
MailboxPassword: "",
|
||||
MailboxPassword: []byte{},
|
||||
BridgePassword: "0123456789abcdef",
|
||||
Version: "v1",
|
||||
Timestamp: 123456789,
|
||||
@ -102,7 +102,7 @@ var (
|
||||
Name: "usersname",
|
||||
Emails: "users@pm.me;anotheruser@pm.me;alsouser@pm.me",
|
||||
APIToken: "",
|
||||
MailboxPassword: "",
|
||||
MailboxPassword: []byte{},
|
||||
BridgePassword: "0123456789abcdef",
|
||||
Version: "v1",
|
||||
Timestamp: 123456789,
|
||||
@ -249,7 +249,7 @@ func mockAddingConnectedUser(m mocks) {
|
||||
gomock.InOrder(
|
||||
// Mock of users.FinishLogin.
|
||||
m.pmapiClient.EXPECT().AuthSalt(gomock.Any()).Return("", nil),
|
||||
m.pmapiClient.EXPECT().Unlock(gomock.Any(), []byte(testCredentials.MailboxPassword)).Return(nil),
|
||||
m.pmapiClient.EXPECT().Unlock(gomock.Any(), testCredentials.MailboxPassword).Return(nil),
|
||||
m.pmapiClient.EXPECT().CurrentUser(gomock.Any()).Return(testPMAPIUser, nil),
|
||||
m.pmapiClient.EXPECT().Addresses().Return([]*pmapi.Address{testPMAPIAddress}),
|
||||
m.credentialsStore.EXPECT().Add("user", "username", testAuthRefresh.UID, testAuthRefresh.RefreshToken, testCredentials.MailboxPassword, []string{testPMAPIAddress.Email}).Return(testCredentials, nil),
|
||||
|
||||
Reference in New Issue
Block a user