go-ssb-room/roomdb/sqlite/auth_fallback.go

// SPDX-FileCopyrightText: 2021 The NGI Pointer Secure-Scuttlebutt Team of 2020/2021
//
// SPDX-License-Identifier: MIT

package sqlite

import (
	"context"
	"crypto/rand"
	"crypto/sha256"
	"database/sql"
	"encoding/base64"
	"fmt"

	"github.com/friendsofgo/errors"
	"github.com/mattn/go-sqlite3"
	"github.com/volatiletech/sqlboiler/v4/boil"
	"github.com/volatiletech/sqlboiler/v4/queries/qm"
	"go.mindeco.de/http/auth"
	"golang.org/x/crypto/bcrypt"

	"github.com/ssbc/go-ssb-room/v2/roomdb"
	"github.com/ssbc/go-ssb-room/v2/roomdb/sqlite/models"
	weberrors "github.com/ssbc/go-ssb-room/v2/web/errors"
)

// compiler assertion to ensure the struct fullfills the interface
var _ roomdb.AuthFallbackService = (*AuthFallback)(nil)

type AuthFallback struct {
	db *sql.DB
}

var redirectPasswordAuthErr = weberrors.ErrRedirect{
	Path:   "/fallback/login",
	Reason: auth.ErrBadLogin,
}

// Check receives the loging and password (in clear) and checks them accordingly.
// Login might be a registered alias or a ssb id who belongs to a member.
// If it's a valid combination it returns the user ID, or an error if they are not.
func (af AuthFallback) Check(login, password string) (interface{}, error) {
	ctx := context.Background()

	var memberID = int64(-1)

	// try looking up an alias first
	loginIsAlias, err := models.Aliases(qm.Where("name = ?", login)).One(ctx, af.db)
	if err != nil {
		if !errors.Is(err, sql.ErrNoRows) {
			// something else went wrong
			return nil, err
		}

		// did not find an alias, try as ssb reference
		member, err := models.Members(qm.Where("pub_key = ?", login)).One(ctx, af.db)
		if errors.Is(err, sql.ErrNoRows) {
			return nil, redirectPasswordAuthErr
		}

		// member found by ssb id, use their id
		memberID = member.ID
	} else {
		// found an alias, use the corresponding member ID
		memberID = loginIsAlias.MemberID
	}

	foundPassword, err := models.FallbackPasswords(qm.Where("member_id = ?", memberID)).One(ctx, af.db)
	if err != nil {
		if errors.Is(err, sql.ErrNoRows) {
			return nil, redirectPasswordAuthErr
		}
		return nil, err
	}

	err = bcrypt.CompareHashAndPassword(foundPassword.PasswordHash, []byte(password))
	if err != nil {
		return nil, redirectPasswordAuthErr
	}

	return foundPassword.MemberID, nil
}

func (af AuthFallback) SetPassword(ctx context.Context, memberID int64, password string) error {
	hashed, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	if err != nil {
		return fmt.Errorf("auth/fallback: failed to hash password for member")
	}

	// this is a silly upsert construction which sqlboiler-sqlite doesnt support nativly
	return transact(af.db, func(tx *sql.Tx) error {

		foundPassword, err := models.FallbackPasswords(qm.Where("member_id = ?", memberID)).One(ctx, tx)
		if err != nil {
			if !errors.Is(err, sql.ErrNoRows) {
				// something else went wrong
				return err
			}
			// not found => insert new entry
			var newPasswordEntry models.FallbackPassword
			newPasswordEntry.PasswordHash = hashed
			newPasswordEntry.MemberID = memberID
			err = newPasswordEntry.Insert(ctx, tx, boil.Infer())
			if err != nil {
				return fmt.Errorf("auth/fallback: failed to insert new user: %w", err)
			}
		} else {
			// found => update the entry
			foundPassword.PasswordHash = hashed
			_, err = foundPassword.Update(ctx, tx, boil.Whitelist("password_hash"))
			if err != nil {
				return fmt.Errorf("auth/fallback: failed to update password for member: %w", err)
			}
		}

		return nil
	})
}

func (af AuthFallback) SetPasswordWithToken(ctx context.Context, resetToken string, password string) error {
	hashed, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	if err != nil {
		return fmt.Errorf("auth/fallback: failed to hash password for member")
	}

	hashedTok, err := getHashedToken(resetToken)
	if err != nil {
		return fmt.Errorf("invalid password reset token")
	}

	// this is a silly upsert construction which sqlboiler-sqlite doesnt support nativly
	return transact(af.db, func(tx *sql.Tx) error {
		//  make sure its a valid one and load it
		resetEntry, err := models.FallbackResetTokens(qm.Where("active = true and hashed_token = ?", hashedTok)).One(ctx, tx)
		if err != nil {
			if errors.Is(err, sql.ErrNoRows) {
				return fmt.Errorf("could not find the reset-token")
			}
			return err
		}

		// see that there is a password entry for the member in the reset entry
		foundPassword, err := models.FallbackPasswords(qm.Where("member_id = ?", resetEntry.ForMember)).One(ctx, tx)
		if err != nil {
			if !errors.Is(err, sql.ErrNoRows) {
				return err
			}
			// not found => insert new entry
			var newPasswordEntry models.FallbackPassword
			newPasswordEntry.PasswordHash = hashed
			newPasswordEntry.MemberID = resetEntry.ForMember
			err = newPasswordEntry.Insert(ctx, tx, boil.Infer())
			if err != nil {
				return fmt.Errorf("auth/fallback: failed to insert new fallback password for member: %w", err)
			}
		} else {
			// found it => update the entry
			foundPassword.PasswordHash = hashed
			_, err = foundPassword.Update(ctx, tx, boil.Whitelist("password_hash"))
			if err != nil {
				return fmt.Errorf("auth/fallback: failed to update password for member: %w", err)
			}
		}

		// finally, invalidate the token
		resetEntry.Active = false
		_, err = resetEntry.Update(ctx, tx, boil.Whitelist("active"))
		if err != nil {
			return fmt.Errorf("auth/fallback: failed to invalidate the reset entry: %w", err)
		}

		return nil
	})
}

func (af AuthFallback) CreateResetToken(ctx context.Context, createdByMember, forMember int64) (string, error) {
	var newResetToken = models.FallbackResetToken{
		CreatedBy: createdByMember,
		ForMember: forMember,
	}

	tokenBytes := make([]byte, inviteTokenLength)

	err := transact(af.db, func(tx *sql.Tx) error {

		inserted := false
	trying:
		for tries := 100; tries > 0; tries-- {
			// generate an invite code
			rand.Read(tokenBytes)

			// hash the binary of the token for storage
			h := sha256.New()
			h.Write(tokenBytes)
			newResetToken.HashedToken = fmt.Sprintf("%x", h.Sum(nil))

			// insert the new invite
			err := newResetToken.Insert(ctx, tx, boil.Infer())
			if err != nil {
				var sqlErr sqlite3.Error
				if errors.As(err, &sqlErr) && sqlErr.ExtendedCode == sqlite3.ErrConstraintUnique {
					// generated an existing token, retry
					continue trying
				}
				return err
			}
			inserted = true
			break // no error means it worked!
		}

		if !inserted {
			return errors.New("admindb: failed to generate an invite token in a reasonable amount of time")
		}

		return nil
	})

	if err != nil {
		return "", err
	}

	return base64.URLEncoding.EncodeToString(tokenBytes), nil
}

// since reset tokens are marked as invalid so that the code can't be generated twice,
// they need to be deleted periodically.
func deleteConsumedResetTokens(tx boil.ContextExecutor) error {
	_, err := models.FallbackResetTokens(qm.Where("active = false")).DeleteAll(context.Background(), tx)
	if err != nil {
		return fmt.Errorf("admindb: failed to delete used reset tokens: %w", err)
	}
	return nil
}
fix SPDX headers and add reuse API badge 2021-10-08 12:39:31 +00:00			`// SPDX-FileCopyrightText: 2021 The NGI Pointer Secure-Scuttlebutt Team of 2020/2021`
			`//`
add missing license headers 2021-02-09 11:53:33 +00:00			`// SPDX-License-Identifier: MIT`

sqlite and auth setup 2021-02-08 16:47:42 +00:00			`package sqlite`

			`import (`
			`"context"`
implement password update flow with reset tokens (fixes #98) also update AuthFallback database * re-write fallback auth to use alias or ssbid * replace Create() with SetPassword() which does an upsert * Add reset tokens to sqlite * add test for SetPassword with reset token 2021-05-11 09:05:17 +00:00			`"crypto/rand"`
			`"crypto/sha256"`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`"database/sql"`
implement password update flow with reset tokens (fixes #98) also update AuthFallback database * re-write fallback auth to use alias or ssbid * replace Create() with SetPassword() which does an upsert * Add reset tokens to sqlite * add test for SetPassword with reset token 2021-05-11 09:05:17 +00:00			`"encoding/base64"`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`"fmt"`

sqlite: make sure to return ErrNotFound 2021-04-01 06:05:07 +00:00			`"github.com/friendsofgo/errors"`
implement password update flow with reset tokens (fixes #98) also update AuthFallback database * re-write fallback auth to use alias or ssbid * replace Create() with SetPassword() which does an upsert * Add reset tokens to sqlite * add test for SetPassword with reset token 2021-05-11 09:05:17 +00:00			`"github.com/mattn/go-sqlite3"`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`"github.com/volatiletech/sqlboiler/v4/boil"`
			`"github.com/volatiletech/sqlboiler/v4/queries/qm"`
show login error above form 2021-04-05 07:12:05 +00:00			`"go.mindeco.de/http/auth"`
mega schema overhaul * create consolidated schema with new members table * update interfaces * remove allow_list and replace it with members * update roomdb types * rename User to Member * add role enums * update insert-user 2021-03-18 16:49:52 +00:00			`"golang.org/x/crypto/bcrypt"`
sqlite and auth setup 2021-02-08 16:47:42 +00:00
Migrate to ssbc urls (#336) * fix: ssbc urls Closes https://github.com/ssbc/go-ssb-room/issues/332 * fix: go-ssb-refs API changes * test: go-ssb-refs API changes Co-authored-by: decentral1se <cellarspoon@riseup.net> Co-authored-by: André Staltz <andre@staltz.com> 2022-11-07 09:18:13 +00:00			`"github.com/ssbc/go-ssb-room/v2/roomdb"`
			`"github.com/ssbc/go-ssb-room/v2/roomdb/sqlite/models"`
			`weberrors "github.com/ssbc/go-ssb-room/v2/web/errors"`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`)`

add admindb.InviteService interface methods: create, consume, list and revoke. SQLite implementation and some light testing. Related changes: * have authfallback.Create return the user id At some point we will need to not assume that authfallback is our users table but that will not become relevant before we start adding moderation roles. * Update package documentation of admindb and admindb/sqlite * remove leftover generated.db now using the roomdb file created by TestSimple Review comments by @cblgh * better documentation of hashed token storage * space between %d and `bytes` * make interface assertion comments less scary 2021-03-02 16:14:02 +00:00			`// compiler assertion to ensure the struct fullfills the interface`
rename admindb to roomdb 2021-03-10 15:44:46 +00:00			`var _ roomdb.AuthFallbackService = (*AuthFallback)(nil)`
sqlite and auth setup 2021-02-08 16:47:42 +00:00
			`type AuthFallback struct {`
			`db *sql.DB`
			`}`

show login error above form 2021-04-05 07:12:05 +00:00			`var redirectPasswordAuthErr = weberrors.ErrRedirect{`
			`Path: "/fallback/login",`
			`Reason: auth.ErrBadLogin,`
			`}`

implement password update flow with reset tokens (fixes #98) also update AuthFallback database * re-write fallback auth to use alias or ssbid * replace Create() with SetPassword() which does an upsert * Add reset tokens to sqlite * add test for SetPassword with reset token 2021-05-11 09:05:17 +00:00			`// Check receives the loging and password (in clear) and checks them accordingly.`
			`// Login might be a registered alias or a ssb id who belongs to a member.`
add test for visibility of notice edit buttons 2021-03-09 12:39:43 +00:00			`// If it's a valid combination it returns the user ID, or an error if they are not.`
mega schema overhaul * create consolidated schema with new members table * update interfaces * remove allow_list and replace it with members * update roomdb types * rename User to Member * add role enums * update insert-user 2021-03-18 16:49:52 +00:00			`func (af AuthFallback) Check(login, password string) (interface{}, error) {`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`ctx := context.Background()`
implement password update flow with reset tokens (fixes #98) also update AuthFallback database * re-write fallback auth to use alias or ssbid * replace Create() with SetPassword() which does an upsert * Add reset tokens to sqlite * add test for SetPassword with reset token 2021-05-11 09:05:17 +00:00
			`var memberID = int64(-1)`

			`// try looking up an alias first`
			`loginIsAlias, err := models.Aliases(qm.Where("name = ?", login)).One(ctx, af.db)`
			`if err != nil {`
			`if !errors.Is(err, sql.ErrNoRows) {`
			`// something else went wrong`
			`return nil, err`
			`}`

			`// did not find an alias, try as ssb reference`
			`member, err := models.Members(qm.Where("pub_key = ?", login)).One(ctx, af.db)`
			`if errors.Is(err, sql.ErrNoRows) {`
			`return nil, redirectPasswordAuthErr`
			`}`

			`// member found by ssb id, use their id`
			`memberID = member.ID`
			`} else {`
			`// found an alias, use the corresponding member ID`
			`memberID = loginIsAlias.MemberID`
			`}`

			`foundPassword, err := models.FallbackPasswords(qm.Where("member_id = ?", memberID)).One(ctx, af.db)`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`if err != nil {`
sqlite: make sure to return ErrNotFound 2021-04-01 06:05:07 +00:00			`if errors.Is(err, sql.ErrNoRows) {`
show login error above form 2021-04-05 07:12:05 +00:00			`return nil, redirectPasswordAuthErr`
sqlite: make sure to return ErrNotFound 2021-04-01 06:05:07 +00:00			`}`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`return nil, err`
			`}`

implement password update flow with reset tokens (fixes #98) also update AuthFallback database * re-write fallback auth to use alias or ssbid * replace Create() with SetPassword() which does an upsert * Add reset tokens to sqlite * add test for SetPassword with reset token 2021-05-11 09:05:17 +00:00			`err = bcrypt.CompareHashAndPassword(foundPassword.PasswordHash, []byte(password))`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`if err != nil {`
show login error above form 2021-04-05 07:12:05 +00:00			`return nil, redirectPasswordAuthErr`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`}`

implement password update flow with reset tokens (fixes #98) also update AuthFallback database * re-write fallback auth to use alias or ssbid * replace Create() with SetPassword() which does an upsert * Add reset tokens to sqlite * add test for SetPassword with reset token 2021-05-11 09:05:17 +00:00			`return foundPassword.MemberID, nil`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`}`

change []byte password to string 2021-05-12 12:41:47 +00:00			`func (af AuthFallback) SetPassword(ctx context.Context, memberID int64, password string) error {`
			`hashed, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)`
implement password update flow with reset tokens (fixes #98) also update AuthFallback database * re-write fallback auth to use alias or ssbid * replace Create() with SetPassword() which does an upsert * Add reset tokens to sqlite * add test for SetPassword with reset token 2021-05-11 09:05:17 +00:00			`if err != nil {`
			`return fmt.Errorf("auth/fallback: failed to hash password for member")`
			`}`

			`// this is a silly upsert construction which sqlboiler-sqlite doesnt support nativly`
			`return transact(af.db, func(tx *sql.Tx) error {`

			`foundPassword, err := models.FallbackPasswords(qm.Where("member_id = ?", memberID)).One(ctx, tx)`
			`if err != nil {`
			`if !errors.Is(err, sql.ErrNoRows) {`
			`// something else went wrong`
			`return err`
			`}`
			`// not found => insert new entry`
			`var newPasswordEntry models.FallbackPassword`
			`newPasswordEntry.PasswordHash = hashed`
			`newPasswordEntry.MemberID = memberID`
			`err = newPasswordEntry.Insert(ctx, tx, boil.Infer())`
			`if err != nil {`
			`return fmt.Errorf("auth/fallback: failed to insert new user: %w", err)`
			`}`
			`} else {`
			`// found => update the entry`
			`foundPassword.PasswordHash = hashed`
			`_, err = foundPassword.Update(ctx, tx, boil.Whitelist("password_hash"))`
			`if err != nil {`
			`return fmt.Errorf("auth/fallback: failed to update password for member: %w", err)`
			`}`
			`}`
sqlite and auth setup 2021-02-08 16:47:42 +00:00
implement password update flow with reset tokens (fixes #98) also update AuthFallback database * re-write fallback auth to use alias or ssbid * replace Create() with SetPassword() which does an upsert * Add reset tokens to sqlite * add test for SetPassword with reset token 2021-05-11 09:05:17 +00:00			`return nil`
			`})`
			`}`

change []byte password to string 2021-05-12 12:41:47 +00:00			`func (af AuthFallback) SetPasswordWithToken(ctx context.Context, resetToken string, password string) error {`
			`hashed, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`if err != nil {`
implement password update flow with reset tokens (fixes #98) also update AuthFallback database * re-write fallback auth to use alias or ssbid * replace Create() with SetPassword() which does an upsert * Add reset tokens to sqlite * add test for SetPassword with reset token 2021-05-11 09:05:17 +00:00			`return fmt.Errorf("auth/fallback: failed to hash password for member")`
			`}`

			`hashedTok, err := getHashedToken(resetToken)`
			`if err != nil {`
			`return fmt.Errorf("invalid password reset token")`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`}`

implement password update flow with reset tokens (fixes #98) also update AuthFallback database * re-write fallback auth to use alias or ssbid * replace Create() with SetPassword() which does an upsert * Add reset tokens to sqlite * add test for SetPassword with reset token 2021-05-11 09:05:17 +00:00			`// this is a silly upsert construction which sqlboiler-sqlite doesnt support nativly`
			`return transact(af.db, func(tx *sql.Tx) error {`
			`// make sure its a valid one and load it`
			`resetEntry, err := models.FallbackResetTokens(qm.Where("active = true and hashed_token = ?", hashedTok)).One(ctx, tx)`
			`if err != nil {`
			`if errors.Is(err, sql.ErrNoRows) {`
			`return fmt.Errorf("could not find the reset-token")`
			`}`
			`return err`
			`}`

			`// see that there is a password entry for the member in the reset entry`
			`foundPassword, err := models.FallbackPasswords(qm.Where("member_id = ?", resetEntry.ForMember)).One(ctx, tx)`
			`if err != nil {`
			`if !errors.Is(err, sql.ErrNoRows) {`
			`return err`
			`}`
			`// not found => insert new entry`
			`var newPasswordEntry models.FallbackPassword`
			`newPasswordEntry.PasswordHash = hashed`
			`newPasswordEntry.MemberID = resetEntry.ForMember`
			`err = newPasswordEntry.Insert(ctx, tx, boil.Infer())`
			`if err != nil {`
			`return fmt.Errorf("auth/fallback: failed to insert new fallback password for member: %w", err)`
			`}`
			`} else {`
			`// found it => update the entry`
			`foundPassword.PasswordHash = hashed`
			`_, err = foundPassword.Update(ctx, tx, boil.Whitelist("password_hash"))`
			`if err != nil {`
			`return fmt.Errorf("auth/fallback: failed to update password for member: %w", err)`
			`}`
			`}`

			`// finally, invalidate the token`
			`resetEntry.Active = false`
			`_, err = resetEntry.Update(ctx, tx, boil.Whitelist("active"))`
			`if err != nil {`
			`return fmt.Errorf("auth/fallback: failed to invalidate the reset entry: %w", err)`
			`}`

			`return nil`
			`})`
			`}`

			`func (af AuthFallback) CreateResetToken(ctx context.Context, createdByMember, forMember int64) (string, error) {`
			`var newResetToken = models.FallbackResetToken{`
			`CreatedBy: createdByMember,`
			`ForMember: forMember,`
			`}`

			`tokenBytes := make([]byte, inviteTokenLength)`

			`err := transact(af.db, func(tx *sql.Tx) error {`

			`inserted := false`
			`trying:`
			`for tries := 100; tries > 0; tries-- {`
			`// generate an invite code`
			`rand.Read(tokenBytes)`

			`// hash the binary of the token for storage`
			`h := sha256.New()`
			`h.Write(tokenBytes)`
			`newResetToken.HashedToken = fmt.Sprintf("%x", h.Sum(nil))`

			`// insert the new invite`
			`err := newResetToken.Insert(ctx, tx, boil.Infer())`
			`if err != nil {`
			`var sqlErr sqlite3.Error`
			`if errors.As(err, &sqlErr) && sqlErr.ExtendedCode == sqlite3.ErrConstraintUnique {`
			`// generated an existing token, retry`
			`continue trying`
			`}`
			`return err`
			`}`
			`inserted = true`
			`break // no error means it worked!`
			`}`

			`if !inserted {`
			`return errors.New("admindb: failed to generate an invite token in a reasonable amount of time")`
			`}`

			`return nil`
			`})`

sqlite and auth setup 2021-02-08 16:47:42 +00:00			`if err != nil {`
implement password update flow with reset tokens (fixes #98) also update AuthFallback database * re-write fallback auth to use alias or ssbid * replace Create() with SetPassword() which does an upsert * Add reset tokens to sqlite * add test for SetPassword with reset token 2021-05-11 09:05:17 +00:00			`return "", err`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`}`

implement password update flow with reset tokens (fixes #98) also update AuthFallback database * re-write fallback auth to use alias or ssbid * replace Create() with SetPassword() which does an upsert * Add reset tokens to sqlite * add test for SetPassword with reset token 2021-05-11 09:05:17 +00:00			`return base64.URLEncoding.EncodeToString(tokenBytes), nil`
			`}`

fixed some typos 2021-06-15 14:24:06 +00:00			`// since reset tokens are marked as invalid so that the code can't be generated twice,`
implement password update flow with reset tokens (fixes #98) also update AuthFallback database * re-write fallback auth to use alias or ssbid * replace Create() with SetPassword() which does an upsert * Add reset tokens to sqlite * add test for SetPassword with reset token 2021-05-11 09:05:17 +00:00			`// they need to be deleted periodically.`
			`func deleteConsumedResetTokens(tx boil.ContextExecutor) error {`
			`_, err := models.FallbackResetTokens(qm.Where("active = false")).DeleteAll(context.Background(), tx)`
			`if err != nil {`
			`return fmt.Errorf("admindb: failed to delete used reset tokens: %w", err)`
			`}`
mega schema overhaul * create consolidated schema with new members table * update interfaces * remove allow_list and replace it with members * update roomdb types * rename User to Member * add role enums * update insert-user 2021-03-18 16:49:52 +00:00			`return nil`
sqlite and auth setup 2021-02-08 16:47:42 +00:00			`}`