зеркало из https://github.com/mozilla/gecko-dev.git
Added a Service.verifyPassphrase() method. Also, Service.login() now checks to ensure that the user's passphrase is valid, and if it's not, it throws an exception.
This commit is contained in:
Родитель
69a5198bbf
Коммит
8078914d96
|
@ -360,25 +360,35 @@ WeaveSvc.prototype = {
|
||||||
finally { DAV.defaultPrefix = prefix; }
|
finally { DAV.defaultPrefix = prefix; }
|
||||||
},
|
},
|
||||||
|
|
||||||
_getKeypair : function WeaveSvc__getKeypair() {
|
_getKeypair : function WeaveSvc__getKeypair(id, createIfNecessary) {
|
||||||
let self = yield;
|
let self = yield;
|
||||||
|
|
||||||
if ("none" == Utils.prefs.getCharPref("encryption"))
|
if ("none" == Utils.prefs.getCharPref("encryption"))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
if (typeof(id) == "undefined")
|
||||||
|
id = ID.get('WeaveCryptoID');
|
||||||
|
|
||||||
|
if (typeof(createIfNecessary) == "undefined")
|
||||||
|
createIfNecessary = true;
|
||||||
|
|
||||||
this._log.trace("Retrieving keypair from server");
|
this._log.trace("Retrieving keypair from server");
|
||||||
|
|
||||||
|
let statuses = [[200, 300]];
|
||||||
|
if (createIfNecessary)
|
||||||
|
statuses.push(404);
|
||||||
|
|
||||||
// XXX this kind of replaces _keyCheck
|
// XXX this kind of replaces _keyCheck
|
||||||
// seems like key generation should only happen during setup?
|
// seems like key generation should only happen during setup?
|
||||||
DAV.GET("private/privkey", self.cb);
|
DAV.GET("private/privkey", self.cb);
|
||||||
let privkeyResp = yield;
|
let privkeyResp = yield;
|
||||||
Utils.ensureStatus(privkeyResp.status,
|
Utils.ensureStatus(privkeyResp.status,
|
||||||
"Could not get private key from server", [[200,300],404]);
|
"Could not get private key from server", statuses);
|
||||||
|
|
||||||
DAV.GET("public/pubkey", self.cb);
|
DAV.GET("public/pubkey", self.cb);
|
||||||
let pubkeyResp = yield;
|
let pubkeyResp = yield;
|
||||||
Utils.ensureStatus(pubkeyResp.status,
|
Utils.ensureStatus(pubkeyResp.status,
|
||||||
"Could not get public key from server", [[200,300],404]);
|
"Could not get public key from server", statuses);
|
||||||
|
|
||||||
if (privkeyResp.status == 404 || pubkeyResp.status == 404) {
|
if (privkeyResp.status == 404 || pubkeyResp.status == 404) {
|
||||||
yield this._generateKeys.async(this, self.cb);
|
yield this._generateKeys.async(this, self.cb);
|
||||||
|
@ -396,7 +406,6 @@ WeaveSvc.prototype = {
|
||||||
throw "Only RSA keys currently supported";
|
throw "Only RSA keys currently supported";
|
||||||
|
|
||||||
|
|
||||||
let id = ID.get('WeaveCryptoID');
|
|
||||||
id.keypairAlg = privkeyData.algorithm;
|
id.keypairAlg = privkeyData.algorithm;
|
||||||
id.privkey = privkeyData.privkey;
|
id.privkey = privkeyData.privkey;
|
||||||
id.privkeyWrapIV = privkeyData.privkeyIV;
|
id.privkeyWrapIV = privkeyData.privkeyIV;
|
||||||
|
@ -404,8 +413,9 @@ WeaveSvc.prototype = {
|
||||||
|
|
||||||
id.pubkey = pubkeyData.pubkey;
|
id.pubkey = pubkeyData.pubkey;
|
||||||
|
|
||||||
// XXX note that we have not used the private key, so we don't yet
|
let isValid = yield Crypto.isPassphraseValid.async(Crypto, self.cb, id);
|
||||||
// know if the user's passphrase works or not.
|
if (!isValid)
|
||||||
|
throw new Error("Passphrase is not valid.");
|
||||||
},
|
},
|
||||||
|
|
||||||
_generateKeys: function WeaveSvc__generateKeys() {
|
_generateKeys: function WeaveSvc__generateKeys() {
|
||||||
|
@ -493,6 +503,33 @@ WeaveSvc.prototype = {
|
||||||
|
|
||||||
// These are global (for all engines)
|
// These are global (for all engines)
|
||||||
|
|
||||||
|
verifyPassphrase: function WeaveSvc_verifyPassphrase(username, password,
|
||||||
|
passphrase) {
|
||||||
|
this._localLock(this._notify("verify-passphrase",
|
||||||
|
this._verifyPassphrase,
|
||||||
|
username,
|
||||||
|
password,
|
||||||
|
passphrase)).async(this, null);
|
||||||
|
},
|
||||||
|
|
||||||
|
_verifyPassphrase: function WeaveSvc__verifyPassphrase(username, password,
|
||||||
|
passphrase) {
|
||||||
|
let self = yield;
|
||||||
|
|
||||||
|
this._log.debug("Verifying passphrase");
|
||||||
|
|
||||||
|
yield this._verifyLogin.async(this, self.cb, username, password);
|
||||||
|
let id = new Identity('Passphrase Verification', username);
|
||||||
|
id.setTempPassword(passphrase);
|
||||||
|
// XXX: We're not checking the version of the server here, in part because
|
||||||
|
// we have no idea what to do if the version is different than we expect
|
||||||
|
// it to be.
|
||||||
|
yield this._getKeypair.async(this, self.cb, id, false);
|
||||||
|
let isValid = yield Crypto.isPassphraseValid.async(Crypto, self.cb, id);
|
||||||
|
if (!isValid)
|
||||||
|
throw new Error("Passphrase is not valid.");
|
||||||
|
},
|
||||||
|
|
||||||
verifyLogin: function WeaveSvc_verifyLogin(username, password) {
|
verifyLogin: function WeaveSvc_verifyLogin(username, password) {
|
||||||
this._log.debug("Verifying login for user " + username);
|
this._log.debug("Verifying login for user " + username);
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,8 @@ Cu.import("resource://weave/log4moz.js");
|
||||||
Cu.import("resource://weave/async.js");
|
Cu.import("resource://weave/async.js");
|
||||||
Cu.import("resource://weave/crypto.js");
|
Cu.import("resource://weave/crypto.js");
|
||||||
|
|
||||||
|
Function.prototype.async = Async.sugar;
|
||||||
|
|
||||||
let __fakePrefs = {
|
let __fakePrefs = {
|
||||||
"log.logger.async" : "Debug",
|
"log.logger.async" : "Debug",
|
||||||
"username" : "foo",
|
"username" : "foo",
|
||||||
|
@ -31,6 +33,14 @@ TestService.prototype = {
|
||||||
};
|
};
|
||||||
TestService.prototype.__proto__ = Service.WeaveSvc.prototype;
|
TestService.prototype.__proto__ = Service.WeaveSvc.prototype;
|
||||||
|
|
||||||
|
Crypto.isPassphraseValid = function fake_isPassphraseValid(id) {
|
||||||
|
let self = yield;
|
||||||
|
|
||||||
|
do_check_eq(id.password, "passphrase");
|
||||||
|
|
||||||
|
self.done(true);
|
||||||
|
};
|
||||||
|
|
||||||
function test_login_works() {
|
function test_login_works() {
|
||||||
var syncTesting = new SyncTestingInfrastructure();
|
var syncTesting = new SyncTestingInfrastructure();
|
||||||
|
|
||||||
|
|
Загрузка…
Ссылка в новой задаче