Grant Access via WebApp by overheadhunter · Pull Request #1 · cryptomator/hub

overheadhunter · 2021-08-11T14:11:21Z

This completes the unlock workflow by computing and storing a device-specific masterkey, i.e. the vault owner re-encrypts the masterkey using the public key of a certain trusted device.

The public key gets stored on first contact of the device (further device verification may be added later).

During unlock the device retrieves the key from via a callback URL which it will listen to on localhost (compatable to RFC 8252 section 7.3).

* created "create vault" component

until we solve server-side redirects to index.html

* Separate db of development/testing and production * Remove static uuid of admin in production but instead use a separate keycloak config file for development

If the user is still authenticated but the session token is expired, we get 401 status codes when executing requests. We need to refresh the token as long as we allowed until the user is logged out. For more details see https://stackoverflow.com/questions/43422542/keycloak-js-automatic-token-refesh

…tion

[ci skip]

sonatype-lift · 2021-08-11T14:19:59Z

web/src/common/util.ts

+ */
+export function uuid(): string {
+  return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function (c) {
+    var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8);


opt.semgrep.node_insecure_random_generator: crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator.
(at-me in a reply with help or ignore)

@sonatype-lift ignore

this uuid is just used to create vault ids, which aren't involved in anything security-related

SailReal and others added 30 commits August 2, 2021 20:31

WIP add database and REST-interface

af6abd1

Enhance vault and device resource and fix PUT-test

06fc9e4

Set ID of user 'owner' to run tests without changes

c3399b0

Merge branch 'main' into feature/add-db-and-rest-interface

9beae7b

Create test-vault from TypeScript

8bd4030

Switch to iterations in vault because PBKDF2 is used instead of scrypt

904adc9

Provide uuid of vault while creation as path variable

40b134f

Merge branch 'feature/add-db-and-rest-interface' into develop

4969df5

adjusted folder strucuture for vue.js

77be59e

tslint → eslint

346cae3

adjust linter

f5daaac

added vue-router

eebb17d

adjust linter

ea9ab66

* always require login (via router)

f9b7ad4

* created "create vault" component

no longer used

b1b5694

ignore the contents, not the folder

87cde34

Merge branch 'feature/vue-ui-poc' into develop

3204235

cleanup

e17186a

allow cross-origin requests during dev

2de2e92

don't use web history api

b1b9086

until we solve server-side redirects to index.html

Enhance dev mode of backend

abc55d6

* Separate db of development/testing and production * Remove static uuid of admin in production but instead use a separate keycloak config file for development

improve login/logout

52b1035

use axios request interceptor to add Authorization header

91bc02f

renamed some crypto classes and added unit tests

68e7c7d

cleanup

d1653f6

add user service

f964329

add some actual public keys

f0f2470

retrieve devices from backend

5bc323d

encrypt a masterkey for a single device (prototype)

ac0a6f0

SailReal and others added 23 commits August 6, 2021 13:13

Show alert when vault creation was successful

fefe325

WIP create device

69ee4d7

persist key when granting access

9359e7c

Reformat code: use tabs instead of spaces

f073849

Merge branch 'develop' into feature/access-list

1936462

Minor refactoring

b24f882

Minor refactoring 2.0

298cfa4

allow user interaction during certain states of the unlock workflow

9d31729

Return 404 when vault or device doesn't exists while creating access

13a8196

Option to download vault folder after creation

30cd769

add additional field to Access entity

05ff079

first attempt to pass masterkey to client after successful authentica…

7ae1105

…tion

use correct masterkey during access grant workflow

16879c1

fix compatibility issue, reduce scope of key material

bbea984

Create root folder structure using AES-SIV in zipped export

cd8bb88

Use common lib for base32 and base64 encoding

32a50a2

Fix build by switching to correct base64url-impl in VaultDetauls too

e86bc36

revoke access

dcd4ad3

Switching to P-384 + X9.63 KDF SHA-256 + AES-GCM

e2b18a7

hash encrypted dir id to bring it to uniform length

670f49c

adjust tests

046cc01

stop being fancy

101d68a

[ci skip]

Fix hashDirectoryId, SIV lib requires macKey before encKey

32e609f

overheadhunter merged commit 5a13f6b into main Aug 11, 2021

overheadhunter deleted the feature/access-list branch August 11, 2021 14:13

sonatype-lift bot reviewed Aug 11, 2021

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Grant Access via WebApp#1

Grant Access via WebApp#1
overheadhunter merged 53 commits intomainfrom
feature/access-list

overheadhunter commented Aug 11, 2021

Uh oh!

sonatype-lift bot Aug 11, 2021

Uh oh!

overheadhunter Aug 11, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

overheadhunter commented Aug 11, 2021

Uh oh!

sonatype-lift bot Aug 11, 2021

Choose a reason for hiding this comment

Uh oh!

overheadhunter Aug 11, 2021

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants