paulborile/Telodendria
1
0
Fork 0
forked from Telodendria/Telodendria
Code Pull requests Activity
Telodendria/src/User.c

577 lines
11 KiB
C
Raw Normal View History

Begin prototyping User.h
2023-01-07 15:51:56 +00:00
/*
* Copyright (C) 2022-2023 Jordan Bancino <@jordan:bancino.net>
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation files
* (the "Software"), to deal in the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#include <User.h>
Apply #43 with modifications.
2023-01-09 19:22:09 +00:00
#include <Util.h>
#include <Memory.h>
#include <Str.h>
#include <Sha2.h>
#include <Json.h>
Begin prototyping User.h
2023-01-07 15:51:56 +00:00
#include <string.h>
Define User struct.
2023-01-07 16:15:11 +00:00
struct User
{
Db *db;
DbRef *ref;
Apply #43 with modifications.
2023-01-09 19:22:09 +00:00
char *name;
Define User struct.
2023-01-07 16:15:11 +00:00
};
Begin prototyping User.h
2023-01-07 15:51:56 +00:00
int
UserValidate(char *localpart, char *domain)
{
size_t maxLen = 255 - strlen(domain) - 1;
size_t i = 0;
while (localpart[i])
{
char c = localpart[i];
if (i > maxLen)
{
return 0;
}
if (!((c >= 'a' && c <= 'z') || (c >= '0' && c <= '9') ||
(c == '.') || (c == '_') || (c == '=') || (c == '-') ||
(c == '/')))
{
return 0;
}
i++;
}
return 1;
}
int
UserHistoricalValidate(char *localpart, char *domain)
{
size_t maxLen = 255 - strlen(domain) - 1;
size_t i = 0;
while (localpart[i])
{
char c = localpart[i];
if (i > maxLen)
{
return 0;
}
if (!(c >= 0x21 && c <= 0x39) || (c >= 0x3B && c <= 0x7E))
{
return 0;
}
i++;
}
return 1;
}
int
UserExists(Db * db, char *name)
{
return DbExists(db, 2, "users", name);
}
Apply #43 with modifications.
2023-01-09 19:22:09 +00:00
User *
UserLock(Db * db, char *name)
{
User *user = NULL;
DbRef *ref = NULL;
if (!UserExists(db, name))
{
return NULL;
}
ref = DbLock(db, 2, "users", name);
user = Malloc(sizeof(User));
user->db = db;
user->ref = ref;
user->name = StrDuplicate(name);
return user;
}
Refactor endpoint authentication flow. Instead of one MatrixAuthenticate() function, we'll do MatrixGetAccessToken(), and then UserAuthenticate(). This allows us to give different error messages depending on what the user provided and what the server state is.
2023-01-17 01:36:22 +00:00
User *
UserAuthenticate(Db * db, char *accessToken)
{
User *user;
DbRef *atRef;
char *userName;
char *deviceId;
long expires;
if (!db || !accessToken)
{
return NULL;
}
atRef = DbLock(db, 3, "tokens", "access", accessToken);
if (!atRef)
{
return NULL;
}
userName = JsonValueAsString(HashMapGet(DbJson(atRef), "user"));
deviceId = JsonValueAsString(HashMapGet(DbJson(atRef), "device"));
expires = JsonValueAsInteger(HashMapGet(DbJson(atRef), "expires"));
user = UserLock(db, userName);
if (!user)
{
DbUnlock(db, atRef);
return NULL;
}
Apply modified #50 and fix some misc. bugs.
2023-02-23 15:13:39 +00:00
if (expires && UtilServerTs() >= (unsigned long) expires)
Refactor endpoint authentication flow. Instead of one MatrixAuthenticate() function, we'll do MatrixGetAccessToken(), and then UserAuthenticate(). This allows us to give different error messages depending on what the user provided and what the server state is.
2023-01-17 01:36:22 +00:00
{
UserUnlock(user);
DbUnlock(db, atRef);
return NULL;
}
/* TODO: Attach deviceId to User */
(void) deviceId;
DbUnlock(db, atRef);
return user;
}
Apply #43 with modifications.
2023-01-09 19:22:09 +00:00
int
UserUnlock(User * user)
{
Fix use after free.
2023-01-10 00:38:47 +00:00
int ret;
Apply #43 with modifications.
2023-01-09 19:22:09 +00:00
if (!user)
{
return 0;
}
Fix use after free.
2023-01-10 00:38:47 +00:00
Apply #43 with modifications.
2023-01-09 19:22:09 +00:00
Free(user->name);
Fix use after free.
2023-01-10 00:38:47 +00:00
ret = DbUnlock(user->db, user->ref);
Apply #43 with modifications.
2023-01-09 19:22:09 +00:00
Free(user);
Fix use after free.
2023-01-10 00:38:47 +00:00
return ret;
Apply #43 with modifications.
2023-01-09 19:22:09 +00:00
}
User *
UserCreate(Db * db, char *name, char *password)
{
User *user = NULL;
HashMap *json = NULL;
unsigned long ts = UtilServerTs();
/* TODO: Put some sort of password policy(like for example at least
* 8 chars, or maybe check it's entropy)? */
if (!db || (name && UserExists(db, name)) || !password || !strlen(password))
{
/* User exists or cannot be registered, therefore, do NOT
* bother */
return NULL;
}
user = Malloc(sizeof(User));
user->db = db;
if (!name)
{
user->name = StrRandom(12);
}
else
{
user->name = StrDuplicate(name);
}
user->ref = DbCreate(db, 2, "users", user->name);
if (!user->ref)
{
/* The only scenario where I can see that occur is if for some
* strange reason, Db fails to create a file(e.g fs is full) */
Free(user->name);
Free(user);
return NULL;
}
Build out the User API a bit more.
2023-02-17 03:18:24 +00:00
UserSetPassword(user, password);
Apply #43 with modifications.
2023-01-09 19:22:09 +00:00
Build out the User API a bit more.
2023-02-17 03:18:24 +00:00
json = DbJson(user->ref);
Implement user login.
2023-01-16 21:17:44 +00:00
HashMapSet(json, "createdOn", JsonValueInteger(ts));
HashMapSet(json, "deactivated", JsonValueBoolean(0));
Apply #43 with modifications.
2023-01-09 19:22:09 +00:00
return user;
}
Implement user login.
2023-01-16 21:17:44 +00:00
UserLoginInfo *
UserLogin(User * user, char *password, char *deviceId, char *deviceDisplayName,
int withRefresh)
Apply #43 with modifications.
2023-01-09 19:22:09 +00:00
{
Implement user login.
2023-01-16 21:17:44 +00:00
DbRef *rtRef = NULL;
HashMap *devices;
HashMap *device;
UserLoginInfo *result;
if (!user || !password)
{
return NULL;
}
if (!UserCheckPassword(user, password))
{
return NULL;
}
result = Malloc(sizeof(UserLoginInfo));
if (!result)
{
return NULL;
}
result->refreshToken = NULL;
Build out the User API a bit more.
2023-02-17 03:18:24 +00:00
if (!deviceId)
{
deviceId = StrRandom(10);
}
else
{
deviceId = StrDuplicate(deviceId);
}
Implement user login.
2023-01-16 21:17:44 +00:00
Build out the User API a bit more.
2023-02-17 03:18:24 +00:00
/* Generate an access token */
result->accessToken = UserGenerateAccessToken(user, deviceId, withRefresh);
UserAccessTokenSave(user->db, result->accessToken);
Implement user login.
2023-01-16 21:17:44 +00:00
if (withRefresh)
{
result->refreshToken = StrRandom(64);
rtRef = DbCreate(user->db, 3, "tokens", "refresh", result->refreshToken);
HashMapSet(DbJson(rtRef), "refreshes",
Format source code.
2023-02-17 03:23:25 +00:00
JsonValueString(StrDuplicate(result->accessToken->string)));
Implement user login.
2023-01-16 21:17:44 +00:00
DbUnlock(user->db, rtRef);
}
devices = JsonValueAsObject(HashMapGet(DbJson(user->ref), "devices"));
if (!devices)
{
devices = HashMapCreate();
HashMapSet(DbJson(user->ref), "devices", JsonValueObject(devices));
}
Build out the User API a bit more.
2023-02-17 03:18:24 +00:00
device = JsonValueAsObject(HashMapGet(devices, deviceId));
Implement user login.
2023-01-16 21:17:44 +00:00
if (device)
{
JsonValue *val;
val = HashMapDelete(device, "accessToken");
if (val)
{
DbDelete(user->db, 3, "tokens", "access", JsonValueAsString(val));
JsonValueFree(val);
}
val = HashMapDelete(device, "refreshToken");
if (val)
{
DbDelete(user->db, 3, "tokens", "refresh", JsonValueAsString(val));
JsonValueFree(val);
}
}
else
{
device = HashMapCreate();
Build out the User API a bit more.
2023-02-17 03:18:24 +00:00
HashMapSet(devices, deviceId, JsonValueObject(device));
Implement user login.
2023-01-16 21:17:44 +00:00
if (deviceDisplayName)
{
HashMapSet(device, "displayName",
JsonValueString(StrDuplicate(deviceDisplayName)));
}
}
Begin the great StrDuplicate() refactor.
2023-02-23 23:19:23 +00:00
Free(deviceId);
Implement user login.
2023-01-16 21:17:44 +00:00
if (result->refreshToken)
{
HashMapSet(device, "refreshToken",
JsonValueString(StrDuplicate(result->refreshToken)));
}
HashMapSet(device, "accessToken",
Format source code.
2023-02-17 03:23:25 +00:00
JsonValueString(StrDuplicate(result->accessToken->string)));
Implement user login.
2023-01-16 21:17:44 +00:00
return result;
Apply #43 with modifications.
2023-01-09 19:22:09 +00:00
}
char *
UserGetName(User * user)
{
return user ? user->name : NULL;
}
Implement user login.
2023-01-16 21:17:44 +00:00
int
UserCheckPassword(User * user, char *password)
{
HashMap *json;
char *storedHash;
char *salt;
char *hashedPwd;
char *tmp;
int result;
if (!user || !password)
{
return 0;
}
json = DbJson(user->ref);
storedHash = JsonValueAsString(HashMapGet(json, "password"));
salt = JsonValueAsString(HashMapGet(json, "salt"));
if (!storedHash || !salt)
{
return 0;
}
tmp = StrConcat(2, password, salt);
hashedPwd = Sha256(tmp);
Free(tmp);
result = strcmp(hashedPwd, storedHash) == 0;
Free(hashedPwd);
return result;
}
Build out the User API a bit more.
2023-02-17 03:18:24 +00:00
int
Format source code.
2023-02-17 03:23:25 +00:00
UserSetPassword(User * user, char *password)
Build out the User API a bit more.
2023-02-17 03:18:24 +00:00
{
HashMap *json;
char *hash = NULL;
char *salt = NULL;
char *tmpstr = NULL;
if (!user || !password)
{
return 0;
}
json = DbJson(user->ref);
salt = StrRandom(16);
tmpstr = StrConcat(2, password, salt);
hash = Sha256(tmpstr);
Free(tmpstr);
JsonValueFree(HashMapSet(json, "salt", JsonValueString(salt)));
JsonValueFree(HashMapSet(json, "password", JsonValueString(hash)));
return 1;
}
int
Format source code.
2023-02-17 03:23:25 +00:00
UserDeactivate(User * user)
Build out the User API a bit more.
2023-02-17 03:18:24 +00:00
{
HashMap *json;
if (!user)
{
return 0;
}
json = DbJson(user->ref);
JsonValueFree(HashMapSet(json, "deactivated", JsonValueBoolean(1)));
return 1;
}
HashMap *
Format source code.
2023-02-17 03:23:25 +00:00
UserGetDevices(User * user)
Build out the User API a bit more.
2023-02-17 03:18:24 +00:00
{
HashMap *json;
if (!user)
{
return NULL;
}
json = DbJson(user->ref);
return JsonValueAsObject(HashMapGet(json, "devices"));
}
UserAccessToken *
Format source code.
2023-02-17 03:23:25 +00:00
UserGenerateAccessToken(User * user, char *deviceId, int withRefresh)
Build out the User API a bit more.
2023-02-17 03:18:24 +00:00
{
UserAccessToken *token;
if (!user || !deviceId)
{
return NULL;
}
token = Malloc(sizeof(UserAccessToken));
if (!token)
{
return NULL;
}
token->user = StrDuplicate(user->name);
token->deviceId = StrDuplicate(deviceId);
token->string = StrRandom(64);
if (withRefresh)
{
Format source code.
2023-02-17 03:23:25 +00:00
token->lifetime = 1000 * 60 * 60 * 24 * 7; /* 1 Week */
Build out the User API a bit more.
2023-02-17 03:18:24 +00:00
}
else
{
token->lifetime = 0;
}
return token;
}
int
Format source code.
2023-02-17 03:23:25 +00:00
UserAccessTokenSave(Db * db, UserAccessToken * token)
Build out the User API a bit more.
2023-02-17 03:18:24 +00:00
{
DbRef *ref;
HashMap *json;
if (!token)
{
return 0;
}
ref = DbCreate(db, 3, "tokens", "access", token->string);
if (!ref)
{
return 0;
}
json = DbJson(ref);
Apply modified #50 and fix some misc. bugs.
2023-02-23 15:13:39 +00:00
HashMapSet(json, "user", JsonValueString(StrDuplicate(token->user)));
HashMapSet(json, "device", JsonValueString(StrDuplicate(token->deviceId)));
Build out the User API a bit more.
2023-02-17 03:18:24 +00:00
if (token->lifetime)
{
HashMapSet(json, "expires", JsonValueInteger(UtilServerTs() + token->lifetime));
}
return DbUnlock(db, ref);
}
Apply modified #50 and fix some misc. bugs.
2023-02-23 15:13:39 +00:00
int
UserDeleteToken(User * user, char *token)
{
char *username = NULL;
char *deviceid = NULL;
Db *db = NULL;
DbRef *tokenref = NULL;
HashMap *tokenjson = NULL;
HashMap *userjson = NULL;
HashMap *deviceobject = NULL;
JsonValue *devicejson = NULL;
JsonValue *deletedval = NULL;
if (!user || !token)
{
return 0;
}
db = user->db;
/* First check if the token even exists */
if (!DbExists(db, 3, "tokens", "access", token))
{
return 0;
}
/* If it does, get it's username. */
tokenref = DbLock(db, 3, "tokens", "access", token);
if (!tokenref)
{
return 0;
}
tokenjson = DbJson(tokenref);
username = JsonValueAsString(HashMapGet(tokenjson, "user"));
deviceid = JsonValueAsString(HashMapGet(tokenjson, "device"));
if (strcmp(username, UserGetName(user)) != 0)
{
/* Token does not match user, do not delete it */
DbUnlock(db, tokenref);
return 0;
}
/* Now delete it from the user */
userjson = DbJson(user->ref);
devicejson = HashMapGet(userjson, "devices");
if (JsonValueType(devicejson) == JSON_OBJECT)
{
/* Delete our object */
deviceobject = JsonValueAsObject(devicejson);
deletedval = HashMapDelete(deviceobject, deviceid);
if (!deletedval)
{
return 0;
}
JsonValueFree(deletedval);
}
/* ... and now the token */
if (!DbUnlock(db, tokenref) || !DbDelete(db, 3, "tokens", "access", token))
{
return 0;
}
return 1;
}
Copy permalink