fix(ikev2): correct ikev2 credentials storing

morpheusthewhite · morpheusthewhite · commit 093bee229e27 · 2021-10-13T20:17:15.000+02:00
Save ikev2 credentials in a separate file
diff --git a/bin/credentials.py b/bin/credentials.py
@@ -1,9 +1,12 @@
 import os
+import json
 import subprocess
 from tkinter import simpledialog
 from bin.pathUtil import CURRENT_PATH
 
 CREDENTIALS_FILENAME = "credentials"
+credentials_file_path = CURRENT_PATH + "credentials"
+credentials_ikev2_file_path = CURRENT_PATH + "credentials.ikev2"
 
 
 class NoCredentialsProvidedException(Exception):
@@ -53,6 +56,48 @@ def save_credentials():
         print("IOError while creating 'credentials' file.")
 
 
+def check_credentials_ikev2():
+    """
+    checks if exists a file with the credentials for ikev2 protocol
+    :return: True if exists, False otherwise
+    """
+    return os.path.exists(credentials_ikev2_file_path)
+
+
+def save_credentials_ikev2():
+    """
+    Stores credentials in a root-password-protected file. Raises a NoCredentialsProvidedException if some
+    credentials info were not inserted
+    """
+    print("Storing credentials in " + "'" + credentials_ikev2_file_path + "'")
+
+    username = askIkev2Username()
+    if username is None:
+        raise NoCredentialsProvidedException
+
+    password = askIkev2Password()
+    if password is None:
+        raise NoCredentialsProvidedException
+
+    try:
+        with open(credentials_ikev2_file_path, 'w') as creds:
+            json.dump({'username': username, 'password': password}, creds)
+
+        # Change file permissions
+        subprocess.check_call(["sudo", "chown", "root", credentials_file_path],
+                                             universal_newlines=True, stdout=subprocess.DEVNULL,
+                                             stderr=subprocess.DEVNULL)
+        subprocess.check_call(["sudo", "chmod", "600", credentials_file_path],
+                                             universal_newlines=True, stdout=subprocess.DEVNULL,
+                                             stderr=subprocess.DEVNULL)
+
+        print("Awesome, the credentials have been saved in " +
+              "'" + credentials_ikev2_file_path + "'" + "\n")
+    except (IOError, OSError):
+        print(f"IOError while creating {credentials_ikev2_file_path} file.")
+
+
+
 def askVPNUsername():
     """
     Asks VPN username by a dialog window
@@ -69,6 +114,22 @@ def askVPNPassword():
     return simpledialog.askstring("Password NordVPN", "Enter password:", show="*")
 
 
+def askIkev2Username():
+    """
+    Asks Ikev2 username by a dialog window
+    :return: the username inserted
+    """
+    return simpledialog.askstring("Ikev2 NordVPN username", "Enter username (see shorturl.at/lszBX):")
+
+
+def askIkev2Password():
+    """
+    Asks Ikev2 password by a window dialog
+    :return: the password inserted
+    """
+    return simpledialog.askstring("Ikev2 NordVPN password", "Enter password (see shorturl.at/lszBX):", show="*")
+
+
 def read_saved_credentials():
     """
     reads saved credentials
@@ -83,4 +144,15 @@ def read_saved_credentials():
     return cred[0], cred[1]
 
 
-credentials_file_path = CURRENT_PATH + "credentials"
+def read_saved_credentials_ikev2():
+    """
+    reads saved credentials
+    :return: a tuple containing (username, password)
+    """
+    args = ['sudo', 'cat', credentials_ikev2_file_path]
+    reading_process = subprocess.Popen(args, universal_newlines=True, stdout=subprocess.PIPE)
+    (out, _) = reading_process.communicate()
+
+    cred = json.loads(out)
+
+    return cred["username"], cred["password"]
diff --git a/bin/gui.py b/bin/gui.py
@@ -216,7 +216,10 @@ def connect_to_VPN(self, server, protocol):
             return
         except LoginError:
             messagebox.showwarning(title="Error", message="Wrong credentials")
-            os.remove(credentials_file_path)
+            if protocol == IKEV2_PROTOCOL_NUMBER:
+                os.remove(credentials_ikev2_file_path)
+            else:
+                os.remove(credentials_file_path)
             self.setStatusDisconnected()
             return
         except OpenresolvError:
diff --git a/bin/vpn_util/ikev2.py b/bin/vpn_util/ikev2.py
@@ -37,6 +37,11 @@
                                '    load = no' + linesep + \
                                '}' + linesep
 
+SUCCESS_STRING = "connection 'NordVPN' established successfully"
+FAILURE_STRING = "establishing connection 'NordVPN' failed"
+AUTH_FAILURE_STRING = "EAP authentication failed"
+CONFIG_NOT_FOUND_STRING = "no config named 'NordVPN'"
+
 logger = get_logger(__name__)
 
 def ipsec_exists():
@@ -112,11 +117,6 @@ def __ikev2_reset_load__():
     return
 
 
-SUCCESS_STRING = "connection 'NordVPN' established successfully"
-FAILURE_STRING = "establishing connection 'NordVPN' failed"
-AUTH_FAILURE_STRING = "EAP authentication failed"
-CONFIG_NOT_FOUND_STRING = "no config named 'NordVPN'"
-
 def __ikev2_launch__():
     """
     Launches the command the start the ikev2 connection. Raise a LoginError if credentials are wrong, a ConnectionError
@@ -175,10 +175,11 @@ def __ikev2_ipsec_reload__():
     restarts ipsec (used to load saved settings)
     """
     args = ['sudo', 'ipsec', 'restart']
-    (out, _) = Popen(args, stdout=PIPE, universal_newlines=True).communicate()
+    (_, _) = Popen(args, stdout=PIPE, universal_newlines=True).communicate()
 
     return
 
+
 def ikev2_connect(username, password, server):
     """
     starts a ikev2 connection. Launches a ConnectionError if no connection is available, a LoginError if the
diff --git a/bin/vpn_util/vpn.py b/bin/vpn_util/vpn.py
@@ -1,5 +1,6 @@
 from bin.vpn_util.ikev2 import ikev2_connect, ikev2_is_running, ikev2_disconnect, ipsec_exists
 from bin.vpn_util.openvpn import *
+from bin.credentials import read_saved_credentials_ikev2, check_credentials_ikev2, save_credentials_ikev2
 from bin.vpn_util.nm import nm_running_vpn, nm_disconnect, nm_connect, nm_openvpn_exists
 IPSEC_EXISTS = ipsec_exists()
 
@@ -14,6 +15,18 @@ def startVPN(server, protocol, nm):
     :param nm: a boolean: True if network manager should be used, false otherwise
     :return: a string representing the connection established
     """
+
+    if protocol == IKEV2_PROTOCOL_NUMBER:  # if it is ikev2/ipvsec
+        if not check_credentials_ikev2():
+            try:
+                save_credentials_ikev2()
+            except NoCredentialsProvidedException:
+                return None
+        username, password = read_saved_credentials_ikev2()
+
+        ikev2_connect(username, password, server)
+        return IPSEC_CONNECTION_STRING
+
     if not check_credentials():
         try:
             save_credentials()
@@ -22,10 +35,7 @@ def startVPN(server, protocol, nm):
 
     username, password = read_saved_credentials()
 
-    if protocol == IKEV2_PROTOCOL_NUMBER:  # if it is ikev2/ipvsec
-        ikev2_connect(username, password, server)
-        return IPSEC_CONNECTION_STRING
-    elif nm and nm_openvpn_exists():
+    if nm and nm_openvpn_exists():
         nm_connect(server, protocol, username, password)
         return NM_CONNECTION_STRING
     else:
