feat(api): add security part

LiterateInk · Sep 28, 2024 · 72da565 · 72da565
1 parent e8bbb6e
commit 72da565
Show file tree

Hide file tree

Showing 6 changed files with 151 additions and 1 deletion.
diff --git a/library/src/commonMain/kotlin/ink/literate/pawnote/api/security-check-custom-password.kt b/library/src/commonMain/kotlin/ink/literate/pawnote/api/security-check-custom-password.kt
@@ -0,0 +1,25 @@
+package ink.literate.pawnote.api
+
+import ink.literate.pawnote.api.private.AES
+import ink.literate.pawnote.core.RequestFN
+import ink.literate.pawnote.api.private.aesKeys
+import ink.literate.pawnote.models.DoubleAuthServerAction
+import ink.literate.pawnote.models.SessionHandle
+import kotlinx.serialization.encodeToString
+import kotlinx.serialization.json.*
+
+suspend fun securityCheckCustomPassword (session: SessionHandle, newPassword: String): Boolean {
+    val keys = aesKeys(session.information)
+
+    val request = RequestFN(session.information, "SecurisationCompteDoubleAuth", Json.encodeToString(
+        buildJsonObject {
+            putJsonObject("donnees") {
+                put("action", DoubleAuthServerAction.csch_VerifierMotDePassePersonnalise.code)
+                put("nouveauMDP", AES.encrypt(newPassword.toByteArray(), keys.key, keys.iv))
+            }
+        }
+    ))
+
+    val response = request.send()
+    return Json.parseToJsonElement(response.data).jsonObject["donnees"]!!.jsonObject["result"]!!.jsonPrimitive.boolean
+}
diff --git a/library/src/commonMain/kotlin/ink/literate/pawnote/api/security-check-pin.kt b/library/src/commonMain/kotlin/ink/literate/pawnote/api/security-check-pin.kt
@@ -0,0 +1,25 @@
+package ink.literate.pawnote.api
+
+import ink.literate.pawnote.api.private.AES
+import ink.literate.pawnote.core.RequestFN
+import ink.literate.pawnote.api.private.aesKeys
+import ink.literate.pawnote.models.DoubleAuthServerAction
+import ink.literate.pawnote.models.SessionHandle
+import kotlinx.serialization.encodeToString
+import kotlinx.serialization.json.*
+
+suspend fun securityCheckPin (session: SessionHandle, pin: String): Boolean {
+    val keys = aesKeys(session.information)
+
+    val request = RequestFN(session.information, "SecurisationCompteDoubleAuth", Json.encodeToString(
+        buildJsonObject {
+            putJsonObject("donnees") {
+                put("action", DoubleAuthServerAction.csch_VerifierPIN.code)
+                put("nouveauMDP", AES.encrypt(pin.toByteArray(), keys.key, keys.iv))
+            }
+        }
+    ))
+
+    val response = request.send()
+    return Json.parseToJsonElement(response.data).jsonObject["donnees"]!!.jsonObject["result"]!!.jsonPrimitive.boolean
+}
diff --git a/library/src/commonMain/kotlin/ink/literate/pawnote/api/security-save.kt b/library/src/commonMain/kotlin/ink/literate/pawnote/api/security-save.kt
@@ -0,0 +1,56 @@
+package ink.literate.pawnote.api
+
+import ink.literate.pawnote.core.RequestFN
+import ink.literate.pawnote.api.private.AES
+import ink.literate.pawnote.api.private.aesKeys
+import ink.literate.pawnote.models.DoubleAuthMode
+import ink.literate.pawnote.models.DoubleAuthServerAction
+import ink.literate.pawnote.models.SecurityModal
+import ink.literate.pawnote.models.SessionHandle
+import kotlinx.serialization.encodeToString
+import kotlinx.serialization.json.*
+
+data class SecSaveOptions(
+    val password: String? = null,
+    val deviceName: String? = null,
+    val pin: String? = null,
+    val mode: DoubleAuthMode? = null
+)
+
+suspend fun securitySave (session: SessionHandle, handle: SecurityModal, options: SecSaveOptions) {
+    var data = buildJsonObject {
+        put("action", DoubleAuthServerAction.csch_EnregistrerChoixUtilisateur.code)
+    }
+
+    val keys = aesKeys(session.information)
+
+    if (options.mode != null)
+        data = JsonObject(data + buildJsonObject { put("mode", options.mode.code) })
+
+    if (options.password != null)
+        data = JsonObject(data + buildJsonObject { put("nouveauMDP", AES.encrypt(options.password.toByteArray(), keys.key, keys.iv)) })
+
+    if (options.pin != null)
+        data = JsonObject(data + buildJsonObject { put("codePin", AES.encrypt(options.pin.toByteArray(), keys.key, keys.iv)) })
+
+    if (options.deviceName != null) {
+        data = JsonObject(data + buildJsonObject {
+            put("avecIdentification", true)
+            put("strIdentification", options.deviceName)
+        })
+    }
+
+    val request = RequestFN(session.information, "SecurisationCompteDoubleAuth", Json.encodeToString(
+        buildJsonObject {
+            put("donnees", data)
+        }
+    ))
+
+    val response = request.send()
+    val token = Json.parseToJsonElement(response.data).jsonObject["donnees"]!!.jsonObject["jetonConnexionAppliMobile"]?.jsonPrimitive?.content
+
+    if (token != null)
+        handle.context.authentication = JsonObject(handle.context.authentication + buildJsonObject {
+            put("jetonConnexionAppliMobile", token)
+        })
+}
diff --git a/library/src/commonMain/kotlin/ink/literate/pawnote/api/security-source.kt b/library/src/commonMain/kotlin/ink/literate/pawnote/api/security-source.kt
@@ -0,0 +1,28 @@
+package ink.literate.pawnote.api
+
+import ink.literate.pawnote.core.RequestFN
+import ink.literate.pawnote.models.DoubleAuthServerAction
+import ink.literate.pawnote.models.SessionHandle
+import ink.literate.pawnote.models.errors.SecuritySourceTooLongError
+import kotlinx.serialization.encodeToString
+import kotlinx.serialization.json.*
+
+/**
+ * @return true if the source is already known
+ */
+suspend fun securitySource (session: SessionHandle, source: String): Boolean {
+    val LIMIT = 30
+    if (source.length > LIMIT) throw SecuritySourceTooLongError(LIMIT)
+
+    val request = RequestFN(session.information, "SecurisationCompteDoubleAuth", Json.encodeToString(
+        buildJsonObject {
+            putJsonObject("donnees") {
+                put("action", DoubleAuthServerAction.csch_LibellesSourceConnexionDejaConnus.code)
+                put("libelle", source)
+            }
+        }
+    ))
+
+    val response = request.send()
+    return Json.parseToJsonElement(response.data).jsonObject["donnees"]!!.jsonObject["dejaConnu"]!!.jsonPrimitive.boolean
+}
diff --git a/library/src/commonMain/kotlin/ink/literate/pawnote/models/DoubleAuthServerAction.kt b/library/src/commonMain/kotlin/ink/literate/pawnote/models/DoubleAuthServerAction.kt
@@ -0,0 +1,16 @@
+package ink.literate.pawnote.models
+
+enum class DoubleAuthServerAction (val code: Int) {
+    csch_VerifierPIN(0),
+    csch_VerifierMotDePassePersonnalise(1),
+    csch_LibellesSourceConnexionDejaConnus(2),
+    csch_EnregistrerChoixUtilisateur(3),
+    csch_AffecterModeDoubleAuthentification(4),
+    csch_AffecterCodePIN(5),
+    csch_RenommerSourceConnexionConnue(6),
+    csch_SupprimerSourceConnexionConnue(7),
+    csch_AffecterMotDePassePersonnalise(8),
+    csch_ModifierLogin(9),
+    csch_DemandeReinitialisationPIN(10),
+    csch_VerifierCodeReinitialisationPIN(11)
+}
diff --git a/library/src/commonMain/kotlin/ink/literate/pawnote/models/SecurityModal.kt b/library/src/commonMain/kotlin/ink/literate/pawnote/models/SecurityModal.kt
@@ -5,7 +5,7 @@ import ink.literate.pawnote.api.private.IdentifyResponse
 import kotlinx.serialization.json.JsonObject
 
 data class SecurityModalContext(
-    val authentication: JsonObject,
+    var authentication: JsonObject,
     val identity: IdentifyResponse,
     val initialUsername: String? = null
 )