hydroxide-push/auth/auth.go

package auth

import (
	"crypto/rand"
	"encoding/base64"
	"encoding/json"
	"errors"
	"fmt"
	"io"
	"os"

	"github.com/ProtonMail/go-crypto/openpgp"
	"golang.org/x/crypto/bcrypt"
	"golang.org/x/crypto/nacl/secretbox"

	"github.com/emersion/hydroxide/config"
	"github.com/emersion/hydroxide/protonmail"
)

func authFilePath() (string, error) {
	return config.Path("auth.json")
}

type CachedAuth struct {
	protonmail.Auth
	LoginPassword   string
	MailboxPassword string
	KeySalts        map[string][]byte
	// TODO: add padding
}

func readCachedAuths() (map[string]string, error) {
	p, err := authFilePath()
	if err != nil {
		return nil, fmt.Errorf("failed to get auth file path: %v", err)
	}

	f, err := os.Open(p)
	if os.IsNotExist(err) {
		return nil, nil
	} else if err != nil {
		return nil, fmt.Errorf("failed to open cached auth file: %v", err)
	}
	defer f.Close()

	auths := make(map[string]string)
	if err := json.NewDecoder(f).Decode(&auths); err != nil {
		return nil, fmt.Errorf("failed to read cached auth file: %v", err)
	}

	return auths, nil
}

func saveAuths(auths map[string]string) error {
	p, err := authFilePath()
	if err != nil {
		return fmt.Errorf("failed to get auth file path: %v", err)
	}
	f, err := os.Create(p)
	if err != nil {
		return fmt.Errorf("failed to create cached auth file: %v", err)
	}
	defer f.Close()

	if err := json.NewEncoder(f).Encode(auths); err != nil {
		return fmt.Errorf("failed to write cached auth file: %v", err)
	}
	if err := f.Close(); err != nil {
		return fmt.Errorf("failed to close cached auth file: %v", err)
	}
	return nil
}

func encrypt(msg []byte, secretKey *[32]byte) (string, error) {
	var nonce [24]byte
	if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
		return "", fmt.Errorf("failed to generate nonce: %v", err)
	}

	encrypted := secretbox.Seal(nonce[:], msg, &nonce, secretKey)
	return base64.StdEncoding.EncodeToString(encrypted), nil
}

func decrypt(encryptedString string, secretKey *[32]byte) ([]byte, error) {
	encrypted, err := base64.StdEncoding.DecodeString(encryptedString)
	if err != nil {
		return nil, fmt.Errorf("invalid encrypted string: %v", err)
	}

	var nonce [24]byte
	copy(nonce[:], encrypted[:24])
	decrypted, ok := secretbox.Open(nil, encrypted[24:], &nonce, secretKey)
	if !ok {
		return nil, errors.New("decryption error")
	}
	return decrypted, nil
}

func EncryptAndSave(auth *CachedAuth, username string, secretKey *[32]byte) error {
	cleartext, err := json.Marshal(auth)
	if err != nil {
		return fmt.Errorf("failed to format cached auth: %v", err)
	}

	encrypted, err := encrypt(cleartext, secretKey)
	if err != nil {
		return err
	}

	auths, err := readCachedAuths()
	if err != nil {
		return err
	}

	if auths == nil {
		auths = make(map[string]string)
	}
	auths[username] = encrypted

	return saveAuths(auths)
}

func authenticate(c *protonmail.Client, cachedAuth *CachedAuth, username string) (openpgp.EntityList, error) {
	auth, err := c.AuthRefresh(&cachedAuth.Auth)
	if apiErr, ok := err.(*protonmail.APIError); ok && apiErr.Code == 10013 {
		// Invalid refresh token, re-authenticate
		authInfo, err := c.AuthInfo(username)
		if err != nil {
			return nil, fmt.Errorf("cannot re-authenticate: failed to get auth info: %v", err)
		}

		auth, err = c.Auth(username, cachedAuth.LoginPassword, authInfo)
		if err != nil {
			return nil, fmt.Errorf("cannot re-authenticate: %v", err)
		}

		if auth.TwoFactor.Enabled == 1 {
			return nil, fmt.Errorf("cannot re-authenticate: two factor authentication enabled, please login again manually")
		}
	} else if err != nil {
		return nil, err
	}
	cachedAuth.Auth = *auth

	return c.Unlock(auth, cachedAuth.KeySalts, cachedAuth.MailboxPassword)
}

func ListUsernames() ([]string, error) {
	auths, err := readCachedAuths()
	if err != nil {
		return nil, err
	}

	l := make([]string, 0, len(auths))
	for username, _ := range auths {
		l = append(l, username)
	}
	return l, nil
}

func GeneratePassword() (secretKey *[32]byte, password string, err error) {
	var key [32]byte
	if _, err = io.ReadFull(rand.Reader, key[:]); err != nil {
		return nil, "", fmt.Errorf("failed to generate key: %v", err)
	}
	password = base64.StdEncoding.EncodeToString(key[:])
	return &key, password, nil
}

type session struct {
	hashedSecretKey []byte
	c               *protonmail.Client
	privateKeys     openpgp.EntityList
}

var ErrUnauthorized = errors.New("Invalid username or password")

type Manager struct {
	newClient func() *protonmail.Client
	sessions  map[string]*session
}

func (m *Manager) Auth(username, password string) (*protonmail.Client, openpgp.EntityList, error) {
	var secretKey [32]byte
	passwordBytes, err := base64.StdEncoding.DecodeString(password)
	if err != nil || len(passwordBytes) != len(secretKey) {
		return nil, nil, ErrUnauthorized
	}
	copy(secretKey[:], passwordBytes)

	s, ok := m.sessions[username]
	if ok {
		err := bcrypt.CompareHashAndPassword(s.hashedSecretKey, secretKey[:])
		if err != nil {
			return nil, nil, ErrUnauthorized
		}
	} else {
		auths, err := readCachedAuths()
		if err != nil && !os.IsNotExist(err) {
			return nil, nil, err
		}

		encrypted, ok := auths[username]
		if !ok {
			return nil, nil, ErrUnauthorized
		}

		decrypted, err := decrypt(encrypted, &secretKey)
		if err != nil {
			return nil, nil, ErrUnauthorized
		}

		var cachedAuth CachedAuth
		if err := json.Unmarshal(decrypted, &cachedAuth); err != nil {
			return nil, nil, err
		}

		c := m.newClient()
		c.ReAuth = func() error {
			if _, err := authenticate(c, &cachedAuth, username); err != nil {
				return err
			}
			return EncryptAndSave(&cachedAuth, username, &secretKey)
		}

		// authenticate updates cachedAuth with the new refresh token
		privateKeys, err := authenticate(c, &cachedAuth, username)
		if err != nil {
			return nil, nil, err
		}

		if err := EncryptAndSave(&cachedAuth, username, &secretKey); err != nil {
			return nil, nil, err
		}

		hashed, err := bcrypt.GenerateFromPassword(secretKey[:], bcrypt.DefaultCost)
		if err != nil {
			return nil, nil, err
		}

		s = &session{
			c:               c,
			privateKeys:     privateKeys,
			hashedSecretKey: hashed,
		}
		m.sessions[username] = s
	}

	return s.c, s.privateKeys, nil
}

func NewManager(newClient func() *protonmail.Client) *Manager {
	return &Manager{
		newClient: newClient,
		sessions:  make(map[string]*session),
	}
}
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`package auth`

			`import (`
			`"crypto/rand"`
			`"encoding/base64"`
			`"encoding/json"`
			`"errors"`
auth: try to re-authenticate 2018-01-09 23:58:55 +02:00			`"fmt"`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`"io"`
			`"os"`

imports: change the crypto lib to new import path 2020-12-29 19:47:20 +02:00			`"github.com/ProtonMail/go-crypto/openpgp"`
Upgrade dependencies 2021-07-30 16:27:31 +03:00			`"golang.org/x/crypto/bcrypt"`
			`"golang.org/x/crypto/nacl/secretbox"`
protonmail: add some messages + public keys endpoints 2017-09-20 11:09:31 +03:00
Store everything in XDG_CONFIG_HOME, add `status` command 2019-03-22 22:35:10 +02:00			`"github.com/emersion/hydroxide/config"`
protonmail: add some messages + public keys endpoints 2017-09-20 11:09:31 +03:00			`"github.com/emersion/hydroxide/protonmail"`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`)`

Store everything in XDG_CONFIG_HOME, add `status` command 2019-03-22 22:35:10 +02:00			`func authFilePath() (string, error) {`
			`return config.Path("auth.json")`
			`}`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00
			`type CachedAuth struct {`
			`protonmail.Auth`
			`LoginPassword string`
			`MailboxPassword string`
Save key salts after auth The key salts endpoint can only be accessed right after authentication, it's blocked after auth refresh. Closes: https://github.com/emersion/hydroxide/issues/68 2019-08-31 17:43:46 +03:00			`KeySalts map[string][]byte`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`// TODO: add padding`
			`}`

			`func readCachedAuths() (map[string]string, error) {`
Store everything in XDG_CONFIG_HOME, add `status` command 2019-03-22 22:35:10 +02:00			`p, err := authFilePath()`
			`if err != nil {`
auth: add more context to errors 2022-09-10 22:49:33 +03:00			`return nil, fmt.Errorf("failed to get auth file path: %v", err)`
Store everything in XDG_CONFIG_HOME, add `status` command 2019-03-22 22:35:10 +02:00			`}`
auth: add more context to errors 2022-09-10 22:49:33 +03:00
Store everything in XDG_CONFIG_HOME, add `status` command 2019-03-22 22:35:10 +02:00			`f, err := os.Open(p)`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`if os.IsNotExist(err) {`
			`return nil, nil`
			`} else if err != nil {`
auth: add more context to errors 2022-09-10 22:49:33 +03:00			`return nil, fmt.Errorf("failed to open cached auth file: %v", err)`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`}`
			`defer f.Close()`

			`auths := make(map[string]string)`
auth: add more context to errors 2022-09-10 22:49:33 +03:00			`if err := json.NewDecoder(f).Decode(&auths); err != nil {`
			`return nil, fmt.Errorf("failed to read cached auth file: %v", err)`
			`}`

			`return auths, nil`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`}`

			`func saveAuths(auths map[string]string) error {`
Store everything in XDG_CONFIG_HOME, add `status` command 2019-03-22 22:35:10 +02:00			`p, err := authFilePath()`
			`if err != nil {`
auth: add more context to errors 2022-09-10 22:49:33 +03:00			`return fmt.Errorf("failed to get auth file path: %v", err)`
Store everything in XDG_CONFIG_HOME, add `status` command 2019-03-22 22:35:10 +02:00			`}`
			`f, err := os.Create(p)`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`if err != nil {`
auth: add more context to errors 2022-09-10 22:49:33 +03:00			`return fmt.Errorf("failed to create cached auth file: %v", err)`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`}`
			`defer f.Close()`

auth: add more context to errors 2022-09-10 22:49:33 +03:00			`if err := json.NewEncoder(f).Encode(auths); err != nil {`
			`return fmt.Errorf("failed to write cached auth file: %v", err)`
			`}`
			`if err := f.Close(); err != nil {`
			`return fmt.Errorf("failed to close cached auth file: %v", err)`
			`}`
			`return nil`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`}`

			`func encrypt(msg []byte, secretKey *[32]byte) (string, error) {`
			`var nonce [24]byte`
			`if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {`
auth: add more context to errors 2022-09-10 22:49:33 +03:00			`return "", fmt.Errorf("failed to generate nonce: %v", err)`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`}`

			`encrypted := secretbox.Seal(nonce[:], msg, &nonce, secretKey)`
			`return base64.StdEncoding.EncodeToString(encrypted), nil`
			`}`

			`func decrypt(encryptedString string, secretKey *[32]byte) ([]byte, error) {`
			`encrypted, err := base64.StdEncoding.DecodeString(encryptedString)`
			`if err != nil {`
auth: add more context to errors 2022-09-10 22:49:33 +03:00			`return nil, fmt.Errorf("invalid encrypted string: %v", err)`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`}`

			`var nonce [24]byte`
			`copy(nonce[:], encrypted[:24])`
			`decrypted, ok := secretbox.Open(nil, encrypted[24:], &nonce, secretKey)`
			`if !ok {`
			`return nil, errors.New("decryption error")`
			`}`
			`return decrypted, nil`
			`}`

			`func EncryptAndSave(auth CachedAuth, username string, secretKey [32]byte) error {`
			`cleartext, err := json.Marshal(auth)`
			`if err != nil {`
auth: add more context to errors 2022-09-10 22:49:33 +03:00			`return fmt.Errorf("failed to format cached auth: %v", err)`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`}`

			`encrypted, err := encrypt(cleartext, secretKey)`
			`if err != nil {`
			`return err`
			`}`

			`auths, err := readCachedAuths()`
			`if err != nil {`
			`return err`
			`}`

			`if auths == nil {`
			`auths = make(map[string]string)`
			`}`
			`auths[username] = encrypted`

			`return saveAuths(auths)`
			`}`

auth: try to re-authenticate 2018-01-09 23:58:55 +02:00			`func authenticate(c protonmail.Client, cachedAuth CachedAuth, username string) (openpgp.EntityList, error) {`
			`auth, err := c.AuthRefresh(&cachedAuth.Auth)`
protonmail: fix "invalid input" error on /auth/refresh It seems like we were just missing a valid RedirectURI. References: https://github.com/emersion/hydroxide/issues/70 2019-11-14 10:12:34 +02:00			`if apiErr, ok := err.(*protonmail.APIError); ok && apiErr.Code == 10013 {`
auth: try to re-authenticate 2018-01-09 23:58:55 +02:00			`// Invalid refresh token, re-authenticate`
			`authInfo, err := c.AuthInfo(username)`
			`if err != nil {`
			`return nil, fmt.Errorf("cannot re-authenticate: failed to get auth info: %v", err)`
			`}`

Fix 2FA support The 2FA information is now returned after the /auth request instead of the /auth/info one. Closes: https://github.com/emersion/hydroxide/issues/76 2019-12-08 13:14:41 +02:00			`auth, err = c.Auth(username, cachedAuth.LoginPassword, authInfo)`
auth: try to re-authenticate 2018-01-09 23:58:55 +02:00			`if err != nil {`
			`return nil, fmt.Errorf("cannot re-authenticate: %v", err)`
			`}`
auth: fix re-auth 2FA error message not showing up There was a confusing error message instead: [403] Access token does not have sufficient scope Which just meant the access token was used without completing 2FA. 2021-11-23 12:25:27 +02:00
			`if auth.TwoFactor.Enabled == 1 {`
			`return nil, fmt.Errorf("cannot re-authenticate: two factor authentication enabled, please login again manually")`
			`}`
auth: try to re-authenticate 2018-01-09 23:58:55 +02:00			`} else if err != nil {`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`return nil, err`
			`}`
auth: try to re-authenticate 2018-01-09 23:58:55 +02:00			`cachedAuth.Auth = *auth`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00
Save key salts after auth The key salts endpoint can only be accessed right after authentication, it's blocked after auth refresh. Closes: https://github.com/emersion/hydroxide/issues/68 2019-08-31 17:43:46 +03:00			`return c.Unlock(auth, cachedAuth.KeySalts, cachedAuth.MailboxPassword)`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`}`

Store everything in XDG_CONFIG_HOME, add `status` command 2019-03-22 22:35:10 +02:00			`func ListUsernames() ([]string, error) {`
			`auths, err := readCachedAuths()`
			`if err != nil {`
			`return nil, err`
			`}`

			`l := make([]string, 0, len(auths))`
			`for username, _ := range auths {`
			`l = append(l, username)`
			`}`
			`return l, nil`
			`}`

auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`func GeneratePassword() (secretKey *[32]byte, password string, err error) {`
			`var key [32]byte`
			`if _, err = io.ReadFull(rand.Reader, key[:]); err != nil {`
auth: add more context to errors 2022-09-10 22:49:33 +03:00			`return nil, "", fmt.Errorf("failed to generate key: %v", err)`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`}`
			`password = base64.StdEncoding.EncodeToString(key[:])`
auth: add more context to errors 2022-09-10 22:49:33 +03:00			`return &key, password, nil`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`}`

			`type session struct {`
			`hashedSecretKey []byte`
			`c *protonmail.Client`
			`privateKeys openpgp.EntityList`
			`}`

			`var ErrUnauthorized = errors.New("Invalid username or password")`

			`type Manager struct {`
			`newClient func() *protonmail.Client`
			`sessions map[string]*session`
			`}`

			`func (m Manager) Auth(username, password string) (protonmail.Client, openpgp.EntityList, error) {`
			`var secretKey [32]byte`
			`passwordBytes, err := base64.StdEncoding.DecodeString(password)`
			`if err != nil \|\| len(passwordBytes) != len(secretKey) {`
			`return nil, nil, ErrUnauthorized`
			`}`
			`copy(secretKey[:], passwordBytes)`

			`s, ok := m.sessions[username]`
			`if ok {`
			`err := bcrypt.CompareHashAndPassword(s.hashedSecretKey, secretKey[:])`
			`if err != nil {`
			`return nil, nil, ErrUnauthorized`
			`}`
			`} else {`
			`auths, err := readCachedAuths()`
			`if err != nil && !os.IsNotExist(err) {`
			`return nil, nil, err`
			`}`

			`encrypted, ok := auths[username]`
			`if !ok {`
			`return nil, nil, ErrUnauthorized`
			`}`

			`decrypted, err := decrypt(encrypted, &secretKey)`
			`if err != nil {`
			`return nil, nil, ErrUnauthorized`
			`}`

			`var cachedAuth CachedAuth`
			`if err := json.Unmarshal(decrypted, &cachedAuth); err != nil {`
			`return nil, nil, err`
			`}`

			`c := m.newClient()`
Re-auth when access token expires 2017-09-26 19:29:13 +03:00			`c.ReAuth = func() error {`
auth: try to re-authenticate 2018-01-09 23:58:55 +02:00			`if _, err := authenticate(c, &cachedAuth, username); err != nil {`
Re-auth when access token expires 2017-09-26 19:29:13 +03:00			`return err`
			`}`
			`return EncryptAndSave(&cachedAuth, username, &secretKey)`
			`}`

			`// authenticate updates cachedAuth with the new refresh token`
auth: try to re-authenticate 2018-01-09 23:58:55 +02:00			`privateKeys, err := authenticate(c, &cachedAuth, username)`
auth: move auth stuff in this new package 2017-09-19 15:57:29 +03:00			`if err != nil {`
			`return nil, nil, err`
			`}`

			`if err := EncryptAndSave(&cachedAuth, username, &secretKey); err != nil {`
			`return nil, nil, err`
			`}`

			`hashed, err := bcrypt.GenerateFromPassword(secretKey[:], bcrypt.DefaultCost)`
			`if err != nil {`
			`return nil, nil, err`
			`}`

			`s = &session{`
			`c: c,`
			`privateKeys: privateKeys,`
			`hashedSecretKey: hashed,`
			`}`
			`m.sessions[username] = s`
			`}`

			`return s.c, s.privateKeys, nil`
			`}`

			`func NewManager(newClient func() protonmail.Client) Manager {`
			`return &Manager{`
			`newClient: newClient,`
			`sessions: make(map[string]*session),`
			`}`
			`}`