Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved document locking security #459

Merged
merged 2 commits into from
Sep 16, 2023
Merged

Improved document locking security #459

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
db1c6b7
Beefed up document locking security
JanSpies82 Sep 16, 2023
5d5c41c
Merge pull request #461 from COS301-SE-2023/codecov
JanSpies82 Sep 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 35 additions & 30 deletions frontend/src/app/services/file.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import { environment } from '../../environments/environment';
import * as CryptoJS from 'crypto-js';

import { ConversionService } from './conversion.service';
import { env } from 'process';

@Injectable({
providedIn: 'root',
Expand Down Expand Up @@ -585,14 +586,14 @@ export class FileService {
safeLock: boolean,
path: string
): Promise<boolean> {
return new Promise<boolean>((resolve, reject) => {
this.sendUpdateLockData(
return new Promise<boolean>(async (resolve, reject) => {
(await this.sendUpdateLockData(
markdownID,
content,
userDocumentPassword,
safeLock,
path
).subscribe({
)).subscribe({
next: (response: HttpResponse<any>) => {
if (response.status === 200) {
if (safeLock) {
Expand All @@ -615,13 +616,13 @@ export class FileService {
});
}

sendUpdateLockData(
async sendUpdateLockData(
markdownID: string,
content: string,
userDocumentPassword: string,
safeLock: boolean,
path: string
): Observable<HttpResponse<any>> {
): Promise<Observable<HttpResponse<any>>> {
const environmentURL = environment.apiURL;
const url = `${environmentURL}file_manager/update_safelock_status`;
const body = new MarkdownFileDTO();
Expand All @@ -639,7 +640,7 @@ export class FileService {
});
});
} else {
const decrypted = this.decryptSafeLockDocument(
const decrypted = await this.decryptSafeLockDocument(
content,
userDocumentPassword
);
Expand Down Expand Up @@ -678,13 +679,27 @@ export class FileService {
}
}

generateSignature(userDocumentPassword: string) {
const iterations = 100000;

const key = CryptoJS.PBKDF2(
userDocumentPassword + environment.frontendSignature,
'',
{ keySize: 256 / 32, iterations }
);
return CryptoJS.SHA256(key).toString();
}

encryptSafeLockDocument(
content: string | undefined,
userDocumentPassword: string
) {
const signature = 'WRITETOPDF-SAFELOCK-SIGNATURE';
const key = userDocumentPassword;
if (key && (content || content == '')) {
const signature = this.generateSignature(userDocumentPassword);
if (userDocumentPassword && (content || content == '')) {
const key = CryptoJS.PBKDF2(userDocumentPassword, '', {
keySize: 256 / 32, // 256 bits for the key
iterations: 10000 // iterations for the key
}).toString();
content = content + signature;
const encryptedMessage = CryptoJS.AES.encrypt(content, key).toString();
return encryptedMessage;
Expand All @@ -709,39 +724,29 @@ export class FileService {
decryptSafeLockDocument(
content: string | undefined,
userDocumentPassword: string
) {
// console.log('decrypting safelock document');
const signature = 'WRITETOPDF-SAFELOCK-SIGNATURE';
const key = userDocumentPassword;
if (key && (content || content == '')) {
): string | null {
if (userDocumentPassword && (content || content == '')) {
try{
const decryptedMessage = CryptoJS.AES.decrypt(content, key)
.toString(CryptoJS.enc.Utf8)
.replace(/^"(.*)"$/, '$1');

// console.log('Decrypted safelock document: ' + decryptedMessage);
if (decryptedMessage.endsWith(signature)) {
// console.log('Decrypted safelock document end with signature');
const key = CryptoJS.PBKDF2(userDocumentPassword, '', {
keySize: 256 / 32, // 256 bits for the key
iterations: 10000 // iterations for the key
}).toString();
const decryptedMessageBeforeReplace = CryptoJS.AES.decrypt(content, key)
.toString(CryptoJS.enc.Utf8);
const decryptedMessage = decryptedMessageBeforeReplace.replace(/^"(.*)"$/, '$1');
const signature = this.generateSignature(userDocumentPassword);
if (decryptedMessage.endsWith(signature)) {
const signRemoved = decryptedMessage.substring(
0,
decryptedMessage.length - signature.length
);

// console.log('Decrypted safelock document: ' + signRemoved);
return signRemoved;
// return decryptedMessage.substring(
// 0,
// decryptedMessage.length - signature.length
// );
} else {
// console.log('Decrypted safelock document does not end with signature');
return null;
}
} catch (error) {
return null;
}


} else {
return null;
}
Expand Down
3 changes: 2 additions & 1 deletion frontend/src/environments/environment.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,6 @@ export const environment = {
clientId: 'secret',
apiURL: 'http://localhost:3000/',
DEV_USER_EMAIL: 'secret',
DEV_USER_PASSWORD: 'secret'
DEV_USER_PASSWORD: 'secret',
frontendSignature: 'secret',
};
Loading