Skip to content

Commit

Permalink
Merge branch 'develop' into feature/uvf
Browse files Browse the repository at this point in the history
# Conflicts:
#	backend/src/main/java/org/cryptomator/hub/entities/User.java
#	backend/src/main/resources/org/cryptomator/hub/flyway/ERM.png
#	frontend/src/common/crypto.ts
#	frontend/src/components/CreateVault.vue
#	frontend/src/components/GrantPermissionDialog.vue
#	frontend/src/components/InitialSetup.vue
#	frontend/src/components/ManageSetupCode.vue
#	frontend/src/components/RecoverVaultDialog.vue
#	frontend/src/components/RegenerateSetupCodeDialog.vue
#	frontend/src/components/VaultDetails.vue
#	frontend/test/common/crypto.spec.ts
  • Loading branch information
overheadhunter committed Jun 6, 2024
2 parents afd370f + 645c013 commit 0de22c9
Show file tree
Hide file tree
Showing 35 changed files with 519 additions and 333 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@
import org.cryptomator.hub.entities.LegacyAccessToken;
import org.cryptomator.hub.entities.LegacyDevice;
import org.cryptomator.hub.entities.User;
import org.cryptomator.hub.entities.events.DeviceRemovedEvent;
import org.cryptomator.hub.entities.events.EventLogger;
import org.cryptomator.hub.validation.NoHtmlOrScriptChars;
import org.cryptomator.hub.validation.OnlyBase64Chars;
Expand Down Expand Up @@ -102,7 +101,7 @@ public Response createOrUpdate(@Valid @NotNull DeviceDto dto, @PathParam("device
}
device.setName(dto.name);
device.setPublickey(dto.publicKey);
device.setUserPrivateKey(dto.userPrivateKey);
device.setUserPrivateKeys(dto.userPrivateKeys);

try {
deviceRepo.persistAndFlush(device);
Expand Down Expand Up @@ -173,12 +172,12 @@ public record DeviceDto(@JsonProperty("id") @ValidId String id,
@JsonProperty("name") @NoHtmlOrScriptChars @NotBlank String name,
@JsonProperty("type") Device.Type type,
@JsonProperty("publicKey") @NotNull @OnlyBase64Chars String publicKey,
@JsonProperty("userPrivateKey") @NotNull @ValidJWE String userPrivateKey,
@JsonProperty("userPrivateKey") @NotNull @ValidJWE String userPrivateKeys, // singular name for history reasons (don't break client compatibility)
@JsonProperty("owner") @ValidId String ownerId,
@JsonProperty("creationTime") Instant creationTime) {

public static DeviceDto fromEntity(Device entity) {
return new DeviceDto(entity.getId(), entity.getName(), entity.getType(), entity.getPublickey(), entity.getUserPrivateKey(), entity.getOwner().getId(), entity.getCreationTime().truncatedTo(ChronoUnit.MILLIS));
return new DeviceDto(entity.getId(), entity.getName(), entity.getType(), entity.getPublickey(), entity.getUserPrivateKeys(), entity.getOwner().getId(), entity.getCreationTime().truncatedTo(ChronoUnit.MILLIS));
}

}
Expand Down
26 changes: 18 additions & 8 deletions backend/src/main/java/org/cryptomator/hub/api/UserDto.java
Original file line number Diff line number Diff line change
Expand Up @@ -14,24 +14,34 @@ public final class UserDto extends AuthorityDto {
public final String email;
@JsonProperty("devices")
public final Set<DeviceResource.DeviceDto> devices;
@JsonProperty("publicKey")
public final String publicKey;
@JsonProperty("privateKey")
public final String privateKey;
@JsonProperty("ecdhPublicKey")
public final String ecdhPublicKey;
@JsonProperty("ecdsaPublicKey")
public final String ecdsaPublicKey;
@JsonProperty("privateKey") // singular name for history reasons (don't break client compatibility)
public final String privateKeys;
@JsonProperty("setupCode")
public final String setupCode;

@Deprecated
@JsonProperty("publicKey")
public final String legacyEcdhPublicKey;

UserDto(@JsonProperty("id") String id, @JsonProperty("name") String name, @JsonProperty("pictureUrl") String pictureUrl, @JsonProperty("email") String email, @JsonProperty("devices") Set<DeviceResource.DeviceDto> devices,
@Nullable @JsonProperty("publicKey") @OnlyBase64Chars String publicKey, @Nullable @JsonProperty("privateKey") @ValidJWE String privateKey, @Nullable @JsonProperty("setupCode") @ValidJWE String setupCode) {
@Nullable @JsonProperty("ecdhPublicKey") @OnlyBase64Chars String ecdhPublicKey, @Nullable @JsonProperty("ecdsaPublicKey") @OnlyBase64Chars String ecdsaPublicKey, @Nullable @JsonProperty("privateKeys") @ValidJWE String privateKeys, @Nullable @JsonProperty("setupCode") @ValidJWE String setupCode) {
super(id, Type.USER, name, pictureUrl);
this.email = email;
this.devices = devices;
this.publicKey = publicKey;
this.privateKey = privateKey;
this.ecdhPublicKey = ecdhPublicKey;
this.ecdsaPublicKey = ecdsaPublicKey;
this.privateKeys = privateKeys;
this.setupCode = setupCode;

// duplicate fields to maintain backwards compatibility:
this.legacyEcdhPublicKey = ecdhPublicKey;
}

public static UserDto justPublicInfo(User user) {
return new UserDto(user.getId(), user.getName(), user.getPictureUrl(), user.getEmail(), Set.of(), user.getPublicKey(), null, null);
return new UserDto(user.getId(), user.getName(), user.getPictureUrl(), user.getEmail(), Set.of(), user.getEcdhPublicKey(), user.getEcdsaPublicKey(),null, null);
}
}
36 changes: 29 additions & 7 deletions backend/src/main/java/org/cryptomator/hub/api/UsersResource.java
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@
import org.cryptomator.hub.entities.User;
import org.cryptomator.hub.entities.Vault;
import org.cryptomator.hub.entities.events.EventLogger;
import org.cryptomator.hub.entities.events.VaultAccessGrantedEvent;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.eclipse.microprofile.openapi.annotations.Operation;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
Expand Down Expand Up @@ -71,14 +70,37 @@ public Response putMe(@Nullable @Valid UserDto dto) {
user.setPictureUrl(jwt.getClaim("picture"));
user.setEmail(jwt.getClaim("email"));
if (dto != null) {
user.setPublicKey(dto.publicKey);
user.setPrivateKey(dto.privateKey);
user.setEcdhPublicKey(dto.ecdhPublicKey);
user.setEcdsaPublicKey(dto.ecdsaPublicKey);
user.setPrivateKeys(dto.privateKeys);
user.setSetupCode(dto.setupCode);
updateDevices(user, dto);
}
userRepo.persist(user);
return Response.created(URI.create(".")).build();
}

/**
* Updates those devices that are present in both the entity and the DTO. No devices are added or removed.
*
* @param userEntity The persistent entity
* @param userDto The DTO
*/
private void updateDevices(User userEntity, UserDto userDto) {
var devices = userEntity.devices.stream().collect(Collectors.toUnmodifiableMap(Device::getId, Function.identity()));
var updatedDevices = userDto.devices.stream()
.filter(d -> devices.containsKey(d.id())) // only look at DTOs for which we find a matching existing entity
.map(dto -> {
var device = devices.get(dto.id());
device.setType(dto.type());
device.setName(dto.name());
device.setPublickey(dto.publicKey());
device.setUserPrivateKeys(dto.userPrivateKeys());
return device;
});
deviceRepo.persist(updatedDevices);
}

@POST
@Path("/me/access-tokens")
@RolesAllowed("user")
Expand Down Expand Up @@ -117,9 +139,9 @@ public Response updateMyAccessTokens(@NotNull Map<UUID, String> tokens) {
@APIResponse(responseCode = "404", description = "no user matching the subject of the JWT passed as Bearer Token")
public UserDto getMe(@QueryParam("withDevices") boolean withDevices) {
User user = userRepo.findById(jwt.getSubject());
Function<Device, DeviceResource.DeviceDto> mapDevices = d -> new DeviceResource.DeviceDto(d.getId(), d.getName(), d.getType(), d.getPublickey(), d.getUserPrivateKey(), d.getOwner().getId(), d.getCreationTime().truncatedTo(ChronoUnit.MILLIS));
Function<Device, DeviceResource.DeviceDto> mapDevices = d -> new DeviceResource.DeviceDto(d.getId(), d.getName(), d.getType(), d.getPublickey(), d.getUserPrivateKeys(), d.getOwner().getId(), d.getCreationTime().truncatedTo(ChronoUnit.MILLIS));
var devices = withDevices ? user.devices.stream().map(mapDevices).collect(Collectors.toSet()) : Set.<DeviceResource.DeviceDto>of();
return new UserDto(user.getId(), user.getName(), user.getPictureUrl(), user.getEmail(), devices, user.getPublicKey(), user.getPrivateKey(), user.getSetupCode());
return new UserDto(user.getId(), user.getName(), user.getPictureUrl(), user.getEmail(), devices, user.getEcdhPublicKey(), user.getEcdsaPublicKey(), user.getPrivateKeys(), user.getSetupCode());
}

@POST
Expand All @@ -131,8 +153,8 @@ public UserDto getMe(@QueryParam("withDevices") boolean withDevices) {
@APIResponse(responseCode = "204", description = "deleted keys, devices and access permissions")
public Response resetMe() {
User user = userRepo.findById(jwt.getSubject());
user.setPublicKey(null);
user.setPrivateKey(null);
user.setEcdhPublicKey(null);
user.setPrivateKeys(null);
user.setSetupCode(null);
userRepo.persist(user);
deviceRepo.deleteByOwner(user.getId());
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -320,7 +320,7 @@ public Response unlock(@PathParam("vaultId") UUID vaultId, @QueryParam("evenIfAr
}

var user = userRepo.findById(jwt.getSubject());
if (user.getPublicKey() == null) {
if (user.getEcdhPublicKey() == null) {
throw new ActionRequiredException("User account not initialized.");
}

Expand Down
18 changes: 9 additions & 9 deletions backend/src/main/java/org/cryptomator/hub/entities/Device.java
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,8 @@ public enum Type {
@Column(name = "publickey", nullable = false)
private String publickey;

@Column(name = "user_privatekey", nullable = false)
private String userPrivateKey;
@Column(name = "user_privatekeys", nullable = false)
private String userPrivateKeys;

@Column(name = "creation_time", nullable = false)
private Instant creationTime;
Expand Down Expand Up @@ -102,12 +102,12 @@ public void setPublickey(String publickey) {
this.publickey = publickey;
}

public String getUserPrivateKey() {
return userPrivateKey;
public String getUserPrivateKeys() {
return userPrivateKeys;
}

public void setUserPrivateKey(String userPrivateKey) {
this.userPrivateKey = userPrivateKey;
public void setUserPrivateKeys(String userPrivateKeys) {
this.userPrivateKeys = userPrivateKeys;
}

public Instant getCreationTime() {
Expand All @@ -126,7 +126,7 @@ public String toString() {
", name='" + name + '\'' +
", type='" + type + '\'' +
", publickey='" + publickey + '\'' +
", userPrivateKey='" + userPrivateKey + '\'' +
", userPrivateKey='" + userPrivateKeys + '\'' +
", creationTime='" + creationTime + '\'' +
'}';
}
Expand All @@ -141,13 +141,13 @@ public boolean equals(Object o) {
&& Objects.equals(this.name, other.name)
&& Objects.equals(this.type, other.type)
&& Objects.equals(this.publickey, other.publickey)
&& Objects.equals(this.userPrivateKey, other.userPrivateKey)
&& Objects.equals(this.userPrivateKeys, other.userPrivateKeys)
&& Objects.equals(this.creationTime, other.creationTime);
}

@Override
public int hashCode() {
return Objects.hash(id, owner, name, type, publickey, userPrivateKey, creationTime);
return Objects.hash(id, owner, name, type, publickey, userPrivateKeys, creationTime);
}

@ApplicationScoped
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ SELECT count(DISTINCT u)
FROM EffectiveVaultAccess eva
INNER JOIN User u ON u.id = eva.id.authorityId
LEFT JOIN AccessToken token ON token.id.vaultId = eva.id.vaultId AND token.id.userId = eva.id.authorityId
WHERE eva.id.vaultId = :vaultId AND token.vault IS NULL AND u.publicKey IS NOT NULL
WHERE eva.id.vaultId = :vaultId AND token.vault IS NULL AND u.ecdhPublicKey IS NOT NULL
"""
)
public class EffectiveVaultAccess {
Expand Down
42 changes: 27 additions & 15 deletions backend/src/main/java/org/cryptomator/hub/entities/User.java
Original file line number Diff line number Diff line change
Expand Up @@ -40,11 +40,14 @@ public class User extends Authority {
@Column(name = "email")
private String email;

@Column(name = "publickey")
private String publicKey;
@Column(name = "ecdh_publickey")
private String ecdhPublicKey;

@Column(name = "privatekey")
private String privateKey;
@Column(name = "ecdsa_publickey")
private String ecdsaPublicKey;

@Column(name = "privatekeys")
private String privateKeys;

@Column(name = "setupcode")
private String setupCode;
Expand All @@ -65,20 +68,28 @@ public void setEmail(String email) {
this.email = email;
}

public String getPublicKey() {
return publicKey;
public String getEcdhPublicKey() {
return ecdhPublicKey;
}

public void setEcdhPublicKey(String ecdhPublicKey) {
this.ecdhPublicKey = ecdhPublicKey;
}

public String getEcdsaPublicKey() {
return ecdsaPublicKey;
}

public void setPublicKey(String publicKey) {
this.publicKey = publicKey;
public void setEcdsaPublicKey(String ecdsaPublicKey) {
this.ecdsaPublicKey = ecdsaPublicKey;
}

public String getPrivateKey() {
return privateKey;
public String getPrivateKeys() {
return privateKeys;
}

public void setPrivateKey(String privateKey) {
this.privateKey = privateKey;
public void setPrivateKeys(String privateKeys) {
this.privateKeys = privateKeys;
}

public String getSetupCode() {
Expand Down Expand Up @@ -119,14 +130,15 @@ public boolean equals(Object o) {
return super.equals(that) //
&& Objects.equals(pictureUrl, that.pictureUrl) //
&& Objects.equals(email, that.email) //
&& Objects.equals(publicKey, that.publicKey) //
&& Objects.equals(privateKey, that.privateKey) //
&& Objects.equals(ecdhPublicKey, that.ecdhPublicKey) //
&& Objects.equals(ecdsaPublicKey, that.ecdsaPublicKey) //
&& Objects.equals(privateKeys, that.privateKeys) //
&& Objects.equals(setupCode, that.setupCode);
}

@Override
public int hashCode() {
return Objects.hash(super.getId(), pictureUrl, email, publicKey, privateKey, setupCode);
return Objects.hash(super.getId(), pictureUrl, email, ecdhPublicKey, privateKeys, setupCode);
}

@ApplicationScoped
Expand Down
2 changes: 1 addition & 1 deletion backend/src/main/resources/application.properties
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ hub.keycloak.oidc.cryptomator-client-id=cryptomator
%dev.quarkus.keycloak.devservices.start-command=start-dev
%dev.quarkus.keycloak.devservices.port=8180
%dev.quarkus.keycloak.devservices.service-name=quarkus-cryptomator-hub
%dev.quarkus.keycloak.devservices.image-name=ghcr.io/cryptomator/keycloak:23.0.7
%dev.quarkus.keycloak.devservices.image-name=ghcr.io/cryptomator/keycloak:24.0.4
%dev.quarkus.oidc.devui.grant.type=code
# OIDC will be mocked during unit tests. Use fake auth url to prevent dev services to start:
%test.quarkus.oidc.auth-server-url=http://localhost:43210/dev/null
Expand Down
21 changes: 20 additions & 1 deletion backend/src/main/resources/dev-realm.json
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@
"users": [
{
"username": "admin",
"firstName": "admin",
"lastName": "admin",
"email": "admin@localhost",
"enabled": true,
"attributes": {
Expand All @@ -66,39 +68,56 @@
},
{
"username": "alice",
"firstName": "alice",
"lastName": "alice",
"email": "alice@localhost",
"enabled": true,
"credentials": [{"type": "password", "value": "asd"}],
"realmRoles": ["user"]
},
{
"username": "bob",
"firstName": "bob",
"lastName": "bob",
"email": "bob@localhost",
"enabled": true,
"credentials": [{"type": "password", "value": "asd"}],
"realmRoles": ["user"]
},
{
"username": "carol",
"firstName": "carol",
"lastName": "carol",
"email": "carol@localhost",
"enabled": true,
"credentials": [{"type": "password", "value": "asd"}],
"realmRoles": ["user"],
"groups" : [ "/groupies" ]
},
{
"username": "dave",
"firstName": "dave",
"lastName": "dave",
"email": "dave@localhost",
"enabled": true,
"credentials": [{"type": "password", "value": "asd"}],
"realmRoles": ["user"],
"groups" : [ "/groupies" ]
},
{
"username": "erin",
"firstName": "erin",
"lastName": "erin",
"email": "erin@localhost",
"enabled": true,
"credentials": [{"type": "password", "value": "asd"}],
"realmRoles": ["user"],
"groups" : [ "/groupies" ]
},
{
"username": "syncer",
"firstName": "syncer",
"lastName": "syncer",
"email": "syncer@localhost",
"enabled": true,
"attributes": {
Expand Down Expand Up @@ -227,4 +246,4 @@
"browserSecurityHeaders": {
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self' http://localhost:*; object-src 'none';"
}
}
}
Binary file modified backend/src/main/resources/org/cryptomator/hub/flyway/ERM.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
ALTER TABLE "user_details" RENAME COLUMN "publickey" TO "ecdh_publickey";
ALTER TABLE "user_details" RENAME COLUMN "privatekey" TO "privatekeys";
ALTER TABLE "user_details" ADD "ecdsa_publickey" VARCHAR;
ALTER TABLE "device" RENAME COLUMN "user_privatekey" TO "user_privatekeys";
Loading

0 comments on commit 0de22c9

Please sign in to comment.