Skip to content

Commit

Permalink
fix: password reset logic with otp, special chars in password
Browse files Browse the repository at this point in the history
  • Loading branch information
web-mi committed Feb 29, 2024
1 parent ded217e commit 2bbae96
Show file tree
Hide file tree
Showing 3 changed files with 102 additions and 97 deletions.
181 changes: 89 additions & 92 deletions src/components/registration/autoLogin.ts
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ import { getBudibaseAccessToken } from '../sessionCookie/getBudibaseAccessToken'
import {
TenantDataInterface,
TenantDataSettingsInterface
} from '../../globalState/interfaces/TenantDataInterface';
} from '../../globalState/interfaces';
import { appConfig } from '../../utils/appConfig';
import { parseJwt } from '../../utils/parseJWT';
import { removeRocketChatMasterKeyFromLocalStorage } from '../sessionCookie/accessSessionLocalStorage';
Expand All @@ -53,95 +53,94 @@ interface AutoLoginProps {
tenantData?: TenantDataInterface;
}

export const autoLogin = (autoLoginProps: AutoLoginProps): Promise<any> =>
new Promise((resolve, reject) => {
const tenantSettings = (autoLoginProps?.tenantData?.settings ||
{}) as TenantDataSettingsInterface;
const userHash = autoLoginProps.useOldUser
? autoLoginProps.username
: encodeUsername(autoLoginProps.username);
const username = autoLoginProps.useOldUser
? encodeURIComponent(userHash)
: userHash;

getKeycloakAccessToken(
const loginKeycloak = async (
username: string,
password: string,
otp?: string
) => {
const keycloakRes = await getKeycloakAccessToken(
username,
encodeURIComponent(password),
otp || null
);

setTokens(
keycloakRes.access_token,
keycloakRes.expires_in,
keycloakRes.refresh_token,
keycloakRes.refresh_expires_in
);

return keycloakRes;
};

const loginRocketChat = async (userHash: string, password: string) => {
const { data } = await getRocketchatAccessToken(userHash, password);

if (data.authToken) {
setValueInCookie('rc_token', data.authToken);
}
if (data.userId) {
setValueInCookie('rc_uid', data.userId);
}

//generate new csrf token for current session
generateCsrfToken(true);

// e2ee
await handleE2EESetup(password, data.userId, () =>
loginRocketChat(userHash, password)
);
};

export const autoLogin = async ({
password,
...autoLoginProps
}: AutoLoginProps): Promise<any> => {
const tenantSettings = (autoLoginProps?.tenantData?.settings ||
{}) as TenantDataSettingsInterface;

let userHash = encodeUsername(autoLoginProps.username);
let username = userHash;
let keycloakRes;

// Login with enc username and fallback to unencrypted username
try {
keycloakRes = await loginKeycloak(
username,
encodeURIComponent(autoLoginProps.password),
autoLoginProps.otp ? autoLoginProps.otp : null
)
.then((response) => {
setTokens(
response.access_token,
response.expires_in,
response.refresh_token,
response.refresh_expires_in
);
password,
autoLoginProps.otp
);
} catch (e: any) {
if (e.message === FETCH_ERRORS.UNAUTHORIZED) {
userHash = autoLoginProps.username;
username = encodeURIComponent(userHash);
keycloakRes = await loginKeycloak(
username,
password,
autoLoginProps.otp
);
} else {
throw e;
}
}

if (
appConfig.useTenantService &&
!appConfig.multitenancyWithSingleDomainEnabled
) {
const { tenantId } = parseJwt(response.access_token);
if (tenantId !== autoLoginProps.tenantData.id) {
return reject(new Error(FETCH_ERRORS.UNAUTHORIZED));
}
}
if (
appConfig.useTenantService &&
!appConfig.multitenancyWithSingleDomainEnabled
) {
const { tenantId } = parseJwt(keycloakRes.access_token);
if (tenantId !== autoLoginProps.tenantData.id) {
throw new Error(FETCH_ERRORS.UNAUTHORIZED);
}
}

getRocketchatAccessToken(userHash, autoLoginProps.password)
.then(async (accesTokenResponse) => {
const data = accesTokenResponse.data;
if (data.authToken) {
setValueInCookie('rc_token', data.authToken);
}
if (data.userId) {
setValueInCookie('rc_uid', data.userId);
}

//generate new csrf token for current session
generateCsrfToken(true);

// e2ee
await handleE2EESetup(
autoLoginProps.password,
data.userId,
autoLoginProps
);
await loginRocketChat(userHash, password);

if (tenantSettings?.featureToolsEnabled) {
getBudibaseAccessToken(
username,
autoLoginProps.password,
tenantSettings
).then(() => {
resolve(undefined);
});
} else {
resolve(undefined);
}
})
.catch((error) => {
reject(error);
});
})
.catch((error) => {
if (
!autoLoginProps.useOldUser &&
error.message === FETCH_ERRORS.UNAUTHORIZED
) {
autoLogin({
username: autoLoginProps.username,
password: autoLoginProps.password,
otp: autoLoginProps.otp,
useOldUser: true,
tenantData: autoLoginProps.tenantData
})
.then(() => resolve(undefined))
.catch((autoLoginError) => reject(autoLoginError));
} else {
reject(error);
}
});
});
if (tenantSettings?.featureToolsEnabled) {
await getBudibaseAccessToken(username, password, tenantSettings);
}
};

export const redirectToApp = (gcid?: string) => {
const params = gcid ? `?gcid=${gcid}` : '';
Expand All @@ -151,7 +150,7 @@ export const redirectToApp = (gcid?: string) => {
export const handleE2EESetup = (
password: string,
rcUserId: string,
autoLoginProps?: AutoLoginProps,
reloginCallback?: () => Promise<any>,
skipUpdateSubscriptions?: boolean
): Promise<any> => {
return new Promise(async (resolve, reject) => {
Expand Down Expand Up @@ -185,13 +184,11 @@ export const handleE2EESetup = (
if (!persistedArrayBuffer) {
console.error('master key not persisted - reset e2e key');
await apiRocketChatResetE2EKey();
if (!autoLoginProps) {
if (!reloginCallback) {
console.error('could not re-login after e2e key reset');
} else {
await writeMasterKeyToLocalStorage(masterKey, rcUserId);
await autoLogin(autoLoginProps)
.then(resolve)
.catch(reject);
await reloginCallback().then(resolve).catch(reject);
return;
}
} else {
Expand All @@ -207,7 +204,7 @@ export const handleE2EESetup = (
return handleE2EESetup(
password,
rcUserId,
autoLoginProps,
reloginCallback,
skipUpdateSubscriptions
);
});
Expand Down
13 changes: 10 additions & 3 deletions src/utils/encryptionHelpers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,14 @@ export function toArrayBuffer(thing: any): ArrayBuffer {
);
}

return ByteBuffer.wrap(thing, 'binary').toArrayBuffer();
try {
return ByteBuffer.wrap(thing, 'binary').toArrayBuffer();
} catch {
return ByteBuffer.wrap(
new TextEncoder().encode(thing),
'binary'
).toArrayBuffer();
}
}

export function typedArrayToBuffer(array: Uint8Array): ArrayBuffer {
Expand Down Expand Up @@ -243,7 +250,7 @@ export const decryptAttachment = async (
): Promise<File> => {
// error if key is missing
if (!roomKeyID || !groupKey) {
throw new MissingKeyError('e2ee.message.encryption');
throw new MissingKeyError('e2ee.message.encryption.text');
}

// keyId
Expand Down Expand Up @@ -396,7 +403,7 @@ export const decryptText = async (
}

if (!roomKeyID || !groupKey) {
throw new MissingKeyError('e2ee.message.encryption');
throw new MissingKeyError('e2ee.message.encryption.text');
}

const keyID = message.slice(
Expand Down
5 changes: 3 additions & 2 deletions src/utils/validateInputValue.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,13 @@ const hasNumber = (value: string) => {

const hasMixedLetters = (value: string) => {
return (
new RegExp(/[a-zäöü]/).test(value) && new RegExp(/[A-ZÄÖÜ]/).test(value)
new RegExp(/[a-zßäöü]/).test(value) &&
new RegExp(/[A-ZÄÖÜ]/).test(value)
);
};

const hasSpecialChar = (value: string) => {
return new RegExp(/[^\p{Lu}\p{Lt}\p{Ll}\p{Lm}\p{Lo}\p{Nd}]/gu).test(value);
return new RegExp(/[^a-zßäöüA-ZÄÖÜ0-9]/).test(value);
};

export const strengthColor = (count: number) => {
Expand Down

0 comments on commit 2bbae96

Please sign in to comment.