commit bd1809fd46609b0f0cafbe43da8f8dd970a34937
parent d95f36a59f1f3cc2e808c9e64e15239528033a25
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Fri, 2 Dec 2022 16:04:31 -0500
Add/edit gpg keys using either decrypt or sign method
Diffstat:
5 files changed, 82 insertions(+), 33 deletions(-)
diff --git a/pkg/web/handlers/data.go b/pkg/web/handlers/data.go
@@ -500,12 +500,16 @@ type settingsAgeData struct {
}
type addPGPData struct {
- PGPPublicKey string
- ErrorPGPPublicKey string
- Error string
- Code string
- EncryptedMessage string
- ErrorCode string
+ GpgMode bool
+ SignedMessage string
+ ToBeSignedMessage string
+ ErrorSignedMessage string
+ PGPPublicKey string
+ ErrorPGPPublicKey string
+ Error string
+ Code string
+ EncryptedMessage string
+ ErrorCode string
}
type addAgeData struct {
diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -472,7 +472,7 @@ func SessionsGpgSignTwoFactorHandler(c echo.Context) error {
var data sessionsGpgSignTwoFactorData
if c.Request().Method == http.MethodGet {
- data.ToBeSignedMessage = generatePgpToBeSignedTokenMessage(user.ID)
+ data.ToBeSignedMessage = generatePgpToBeSignedTokenMessage(user.ID, "Signed message for darkforest 2fa")
return c.Render(http.StatusOK, "sessions-gpg-sign-two-factor", data)
}
@@ -3338,9 +3338,9 @@ func generatePgpEncryptedTokenMessage(userID int64, pkey string) (string, error)
return utils.GeneratePgpEncryptedMessage(pkey, msg)
}
-func generatePgpToBeSignedTokenMessage(userID int64) string {
+func generatePgpToBeSignedTokenMessage(userID int64, txt string) string {
token := utils.GenerateToken10()
- msg := fmt.Sprintf("Signed message for darkforest 2fa\n%s\n%s", token, time.Now().UTC().Format("Jan 02, 2006"))
+ msg := fmt.Sprintf("%s\n%s\n%s", txt, token, time.Now().UTC().Format("Jan 02, 2006"))
pgpTokenCache.Set(userID, msg, 10*time.Minute)
return msg
}
@@ -3352,27 +3352,52 @@ func AddPGPHandler(c echo.Context) error {
if c.Request().Method == http.MethodPost {
formName := c.Request().PostFormValue("formName")
if formName == "pgp_step1" {
+
data.PGPPublicKey = c.Request().PostFormValue("pgp_public_key")
- msg, err := generatePgpEncryptedTokenMessage(authUser.ID, data.PGPPublicKey)
- if err != nil {
- data.ErrorPGPPublicKey = err.Error()
- return c.Render(http.StatusOK, "pgp", data)
+ data.GpgMode = utils.DoParseBool(c.Request().PostFormValue("gpg_mode"))
+
+ if data.GpgMode {
+ data.ToBeSignedMessage = generatePgpToBeSignedTokenMessage(authUser.ID, "Signed message for darkforest")
+ return c.Render(http.StatusOK, "pgp_code", data)
+
+ } else {
+ msg, err := generatePgpEncryptedTokenMessage(authUser.ID, data.PGPPublicKey)
+ if err != nil {
+ data.ErrorPGPPublicKey = err.Error()
+ return c.Render(http.StatusOK, "pgp", data)
+ }
+ data.EncryptedMessage = msg
+ return c.Render(http.StatusOK, "pgp_code", data)
}
- data.EncryptedMessage = msg
- return c.Render(http.StatusOK, "pgp_code", data)
} else if formName == "pgp_step2" {
token, found := pgpTokenCache.Get(authUser.ID)
if !found {
return c.Redirect(http.StatusFound, "/settings/pgp")
}
- data.PGPPublicKey = c.Request().PostFormValue("pgp_public_key")
- data.EncryptedMessage = c.Request().PostFormValue("encrypted_message")
- data.Code = c.Request().PostFormValue("pgp_code")
- if data.Code != token {
- data.ErrorCode = "invalid code"
- return c.Render(http.StatusOK, "pgp_code", data)
+
+ data.GpgMode = utils.DoParseBool(c.Request().PostFormValue("gpg_mode"))
+ if data.GpgMode {
+ data.ToBeSignedMessage = c.Request().PostFormValue("to_be_signed_message")
+ data.SignedMessage = c.Request().PostFormValue("signed_message")
+ if err := utils.PgpCheckSignMessage(data.PGPPublicKey, token+"\n", data.SignedMessage); err != nil {
+ if err := utils.PgpCheckSignMessage(data.PGPPublicKey, token, data.SignedMessage); err != nil {
+ logrus.Error(err)
+ data.ErrorSignedMessage = "invalid signature"
+ return c.Render(http.StatusOK, "pgp_code", data)
+ }
+ }
+
+ } else {
+ data.PGPPublicKey = c.Request().PostFormValue("pgp_public_key")
+ data.EncryptedMessage = c.Request().PostFormValue("encrypted_message")
+ data.Code = c.Request().PostFormValue("pgp_code")
+ if data.Code != token {
+ data.ErrorCode = "invalid code"
+ return c.Render(http.StatusOK, "pgp_code", data)
+ }
}
+
pgpTokenCache.Delete(authUser.ID)
authUser.GPGPublicKey = data.PGPPublicKey
_ = authUser.Save()
diff --git a/pkg/web/public/views/pages/pgp.gohtml b/pkg/web/public/views/pages/pgp.gohtml
@@ -34,6 +34,10 @@
{{ end }}
</div>
<div class="form-group">
+ <input id="gpg_mode_decrypt" name="gpg_mode" value="0" type="radio" checked /><label for="gpg_mode_decrypt">Decrypt code</label>
+ <input id="gpg_mode_sign" name="gpg_mode" value="1" type="radio" /><label for="gpg_mode_sign">Sign message</label>
+ </div>
+ <div class="form-group">
<input type="submit" value="{{ t "Use PGP public key" . }}" class="btn btn-primary" />
<a href="/settings/pgp" class="btn btn-secondary">{{ t "Cancel" . }}</a>
</div>
diff --git a/pkg/web/public/views/pages/pgp_code.gohtml b/pkg/web/public/views/pages/pgp_code.gohtml
@@ -27,17 +27,33 @@
<input type="hidden" name="csrf" value="{{ .CSRF }}" />
<input type="hidden" name="pgp_public_key" value="{{ .Data.PGPPublicKey }}" />
<input type="hidden" name="formName" value="pgp_step2" />
- <div class="form-group">
- <label for="encrypted_message">{{ t "Please decrypt the following message with your private key and send the required code" . }}</label>
- <textarea name="encrypted_message" id="encrypted_message" rows="10" class="form-control" style="font-family: SFMono-Regular,Menlo,Monaco,Consolas,'Liberation Mono','Courier New',monospace;" readonly>{{ .Data.EncryptedMessage }}</textarea>
- </div>
- <div class="form-group">
- <label for="pgp_code">{{ t "Your decrypted code" . }}</label>
- <input name="pgp_code" id="pgp_code" value="{{ .Data.Code }}" class="form-control{{ if .Data.ErrorCode }} is-invalid{{ end }}" autofocus />
- {{ if .Data.ErrorCode }}
- <div class="invalid-feedback">{{ .Data.ErrorCode }}</div>
- {{ end }}
- </div>
+ <input type="hidden" name="gpg_mode" value="{{ .Data.GpgMode }}" />
+ {{ if .Data.GpgMode }}
+ <div class="form-group">
+ <label for="encrypted_message">{{ t "Please sign the following message with your private key and send the signature" . }}</label>
+ <p><code>gpg --armor --detach-sign file</code></p>
+ <textarea name="to_be_signed_message" id="to_be_signed_message" rows="3" class="form-control" style="font-family: SFMono-Regular,Menlo,Monaco,Consolas,'Liberation Mono','Courier New',monospace;" readonly>{{ .Data.ToBeSignedMessage }}</textarea>
+ </div>
+ <div class="form-group">
+ <label for="signed_message">{{ t "Message detached signature" . }}</label>
+ <textarea name="signed_message" id="signed_message" rows="10" class="form-control{{ if .Data.ErrorSignedMessage }} is-invalid{{ end }}" style="font-family: SFMono-Regular,Menlo,Monaco,Consolas,'Liberation Mono','Courier New',monospace;" autofocus>{{ .Data.SignedMessage }}</textarea>
+ {{ if .Data.ErrorSignedMessage }}
+ <div class="invalid-feedback">{{ .Data.ErrorSignedMessage }}</div>
+ {{ end }}
+ </div>
+ {{ else }}
+ <div class="form-group">
+ <label for="encrypted_message">{{ t "Please decrypt the following message with your private key and send the required code" . }}</label>
+ <textarea name="encrypted_message" id="encrypted_message" rows="10" class="form-control" style="font-family: SFMono-Regular,Menlo,Monaco,Consolas,'Liberation Mono','Courier New',monospace;" readonly>{{ .Data.EncryptedMessage }}</textarea>
+ </div>
+ <div class="form-group">
+ <label for="pgp_code">{{ t "Your decrypted code" . }}</label>
+ <input name="pgp_code" id="pgp_code" value="{{ .Data.Code }}" class="form-control{{ if .Data.ErrorCode }} is-invalid{{ end }}" autofocus />
+ {{ if .Data.ErrorCode }}
+ <div class="invalid-feedback">{{ .Data.ErrorCode }}</div>
+ {{ end }}
+ </div>
+ {{ end }}
<div class="form-group">
<input type="submit" value="{{ t "Validate PGP public key" . }}" class="btn btn-primary" />
<a href="/settings/pgp" class="btn btn-secondary">{{ t "Cancel" . }}</a>
diff --git a/pkg/web/public/views/pages/sessions-gpg-sign-two-factor.gohtml b/pkg/web/public/views/pages/sessions-gpg-sign-two-factor.gohtml
@@ -26,7 +26,7 @@
<div class="form-group">
<label for="encrypted_message">{{ t "Please sign the following message with your private key and send the signature" . }}</label>
<p><code>gpg --armor --detach-sign file</code></p>
- <textarea name="to_be_signed_message" id="to_be_signed_message" rows="4" class="form-control" style="font-family: SFMono-Regular,Menlo,Monaco,Consolas,'Liberation Mono','Courier New',monospace;" readonly>{{ .Data.ToBeSignedMessage }}</textarea>
+ <textarea name="to_be_signed_message" id="to_be_signed_message" rows="3" class="form-control" style="font-family: SFMono-Regular,Menlo,Monaco,Consolas,'Liberation Mono','Courier New',monospace;" readonly>{{ .Data.ToBeSignedMessage }}</textarea>
</div>
<div class="form-group">
<label for="signed_message">{{ t "Message detached signature" . }}</label>
