Browse Source

cleanup + passreset 100%

master
RENOX 4 months ago
parent
commit
b57bf8c253
5 changed files with 37 additions and 29 deletions
  1. +24
    -18
      src/main/java/planetrenox/controller/FormController.java
  2. +5
    -3
      src/main/java/planetrenox/encryption/AES256_GCM.java
  3. +4
    -2
      src/main/java/planetrenox/encryption/BCryptSHA256.java
  4. +2
    -1
      src/main/java/planetrenox/mongodb/Dungeon.java
  5. +2
    -5
      src/main/resources/static/js/main.js

+ 24
- 18
src/main/java/planetrenox/controller/FormController.java View File

@@ -1,5 +1,6 @@
package planetrenox.controller;

import lombok.NonNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import planetrenox.encryption.AES256_GCM;
@@ -21,15 +22,16 @@ public class FormController
* "DOCUMENT_TYPE": "DECRYPT_SUCCESS" || "DECRYPT_FAILURE"
*/
@PostMapping(path = "/", params = {"name", "password"})
public Map<String, Object> login(@RequestParam("name") String name, @RequestParam("password") String password)
public Map<String, Object> login
(@NonNull @RequestParam("name") final String name, @NonNull @RequestParam("password") final String password)
{
Map<String, Object> loginDocument = RequestValidation.validateLogin(name, password);
if ((boolean) loginDocument.get("INVALID")) return loginDocument; // Validation Failed
else // Validation Successful
{
name = (String) loginDocument.get("CLEAN_NAME");
final String sanitizedName = (String) loginDocument.get("CLEAN_NAME");
loginDocument.clear();
Dungeon dungeon = repository.findByNameIgnoreCase(name);
Dungeon dungeon = repository.findByNameIgnoreCase(sanitizedName);
if (dungeon == null) // New User
{
loginDocument.put("DOCUMENT_TYPE", "NEW_USER");
@@ -57,20 +59,21 @@ public class FormController
* "DOCUMENT_TYPE": "DECRYPT_FAILURE"
*/
@PostMapping(path = "/", params = {"name", "password", "text", "tabs"})
public Map<String, Object> save(@RequestParam("name") String name, @RequestParam("password") String password, @RequestParam("text") String text, @RequestParam("tabs") int tabs)
public Map<String, Object> save
(@NonNull @RequestParam("name") final String name, @NonNull @RequestParam("password") final String password, @NonNull @RequestParam("text") final String text, @NonNull @RequestParam("tabs") final int tabs)
{
Map<String, Object> saveDocument = RequestValidation.validateSave(name, password, text, tabs);
if ((boolean) saveDocument.get("INVALID")) return saveDocument; // Validation Failed
else // Validation Successful
{
name = (String) saveDocument.get("CLEAN_NAME");
text = (String) saveDocument.get("CLEAN_TEXT");
final String sanitizedName = (String) saveDocument.get("CLEAN_NAME");
final String sanitizedText = (String) saveDocument.get("CLEAN_TEXT");
saveDocument.clear();
Dungeon dungeon = repository.findByNameIgnoreCase(name);
Dungeon dungeon = repository.findByNameIgnoreCase(sanitizedName);
if (dungeon == null) // New User
{
saveDocument.put("DOCUMENT_TYPE", "SAVED");
dungeon = new Dungeon(name, AES256_GCM.encrypt(text, password), new java.util.HashMap<>(Map.of(
dungeon = new Dungeon(sanitizedName, AES256_GCM.encrypt(sanitizedText, password), new java.util.HashMap<>(Map.of(
"TAB_COUNT", Integer.toString(tabs),
"TYPE", "FREE"
)));
@@ -84,7 +87,7 @@ public class FormController
} else // Password Correct - Saved
{
saveDocument.put("DOCUMENT_TYPE", "SAVED");
dungeon.setEncryptionData(AES256_GCM.encrypt(text, password));
dungeon.setEncryptionData(AES256_GCM.encrypt(sanitizedText, password));
Map<String, String> meta = dungeon.getMeta();
meta.put("TAB_COUNT", Integer.toString(tabs));
dungeon.setMeta(meta);
@@ -96,9 +99,12 @@ public class FormController
}

@PostMapping(path = "/", params = {"name", "password", "delete"})
public void delete(@RequestParam("name") String name, @RequestParam("password") String password)
public void delete
(@NonNull @RequestParam("name") final String name, @NonNull @RequestParam("password") final String password)
{
Dungeon dungeon = repository.findByNameIgnoreCase(name);
Map<String, Object> deleteDocument = RequestValidation.validateLogin(name, password);
final String sanitizedName = (String) deleteDocument.get("CLEAN_NAME");
Dungeon dungeon = repository.findByNameIgnoreCase(sanitizedName);
if (dungeon != null)
{
dungeon.setCleartext(AES256_GCM.decrypt(dungeon.getEncryptionData(), password));
@@ -109,17 +115,18 @@ public class FormController
}
}

@PostMapping(path = "/", params = {"name", "password", "text", "tabs, newpassword"})
public Map<String, Object> reset(@RequestParam("name") String name, @RequestParam("password") String password, @RequestParam("text") String text, @RequestParam("tabs") int tabs, @RequestParam("newpassword") String newPassword)
@PostMapping(path = "/", params = {"name", "password", "text", "tabs", "newpassword"})
public Map<String, Object> reset
(@NonNull @RequestParam("name") final String name, @NonNull @RequestParam("password") final String password, @NonNull @RequestParam("text") final String text, @NonNull @RequestParam("tabs") final int tabs, @NonNull @RequestParam("newpassword") final String newPassword)
{
Map<String, Object> saveDocument = RequestValidation.validateReset(name, password, text, tabs, newPassword);
if ((boolean) saveDocument.get("INVALID")) return saveDocument; // Validation Failed
else // Validation Successful
{
name = (String) saveDocument.get("CLEAN_NAME");
text = (String) saveDocument.get("CLEAN_TEXT");
final String sanitizedName = (String) saveDocument.get("CLEAN_NAME");
final String sanitizedText = (String) saveDocument.get("CLEAN_TEXT");
saveDocument.clear();
Dungeon dungeon = repository.findByNameIgnoreCase(name);
Dungeon dungeon = repository.findByNameIgnoreCase(sanitizedName);
if (dungeon != null)
{
if (AES256_GCM.decrypt(dungeon.getEncryptionData(), password) == null) // DECRYPT FAILURE
@@ -128,7 +135,7 @@ public class FormController
} else // Password Correct
{
saveDocument.put("DOCUMENT_TYPE", "SAVED");
dungeon.setEncryptionData(AES256_GCM.encrypt(text, newPassword));
dungeon.setEncryptionData(AES256_GCM.encrypt(sanitizedText, newPassword));
Map<String, String> meta = dungeon.getMeta();
meta.put("TAB_COUNT", Integer.toString(tabs));
dungeon.setMeta(meta);
@@ -138,5 +145,4 @@ public class FormController
return saveDocument;
}
}

}

+ 5
- 3
src/main/java/planetrenox/encryption/AES256_GCM.java View File

@@ -3,6 +3,8 @@

package planetrenox.encryption;

import lombok.NonNull;

import javax.crypto.*;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
@@ -23,7 +25,7 @@ public class AES256_GCM

private AES256_GCM(){}

public static byte[] encrypt(String cleartext, String clearPass)
public static byte[] encrypt(@NonNull final String cleartext, @NonNull final String clearPass)
{
byte[] shaltAndBaltAndNonceAndCipher = null;

@@ -63,7 +65,7 @@ public class AES256_GCM

} // encrypt.

public static String decrypt(byte[] shaltAndBaltAndNonceAndCipher, String clearPass)
public static String decrypt(@NonNull final byte[] shaltAndBaltAndNonceAndCipher, @NonNull final String clearPass)
{
String decryptedText = null;

@@ -72,7 +74,7 @@ public class AES256_GCM
byte[] shaltAndBalt = new byte[SHALT_LENGTH + BALT_LENGTH];
System.arraycopy(shaltAndBaltAndNonceAndCipher, 0, shaltAndBalt, 0, SHALT_LENGTH);
System.arraycopy(shaltAndBaltAndNonceAndCipher, SHALT_LENGTH, shaltAndBalt, SHALT_LENGTH, BALT_LENGTH);
final SecretKeySpec key = new SecretKeySpec(BCryptSHA256.initHashWithShalt(clearPass, shaltAndBalt), "AES");
final SecretKeySpec key = new SecretKeySpec(BCryptSHA256.initHashWithShaltAndBalt(clearPass, shaltAndBalt), "AES");
final Cipher aesCipherInstance = Cipher.getInstance("AES/GCM/NoPadding");
final GCMParameterSpec params = new GCMParameterSpec(GCM_TAG_LENGTH, shaltAndBaltAndNonceAndCipher, SHALT_LENGTH + BALT_LENGTH, NONCE_LENGTH);
aesCipherInstance.init(Cipher.DECRYPT_MODE, key, params);


+ 4
- 2
src/main/java/planetrenox/encryption/BCryptSHA256.java View File

@@ -3,6 +3,8 @@

package planetrenox.encryption;

import lombok.NonNull;

import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
@@ -20,7 +22,7 @@ public class BCryptSHA256
private BCryptSHA256(){}

// SHA-256(BCrypt(SHA-256)))
public static byte[] initHash(String clearPass)
public static byte[] initHash(@NonNull final String clearPass)
{
byte[] derivedShaltAndBaltAndHashByte = new byte[SHALT_LENGTH + BALT_LENGTH + HASH_LENGTH];

@@ -54,7 +56,7 @@ public class BCryptSHA256

} // initHash.

public static byte[] initHashWithShalt(String clearPass, byte[] shaltAndBalt)
public static byte[] initHashWithShaltAndBalt(@NonNull final String clearPass, @NonNull final byte[] shaltAndBalt)
{
byte[] derivedHashByte = new byte[32];



+ 2
- 1
src/main/java/planetrenox/mongodb/Dungeon.java View File

@@ -1,6 +1,7 @@
package planetrenox.mongodb;

import lombok.Getter;
import lombok.NonNull;
import lombok.Setter;
import org.springframework.data.annotation.Id;
import org.springframework.data.annotation.Transient;
@@ -19,7 +20,7 @@ public class Dungeon
@Getter @Setter private Map<String, String> meta = new HashMap<>();
@Transient @Getter @Setter String cleartext;

public Dungeon(String name, byte[] encryptionData, Map<String, String> meta)
public Dungeon(@NonNull String name, @NonNull byte[] encryptionData, @NonNull Map<String, String> meta)
{
this.name = name;
this.creationDate = new Date();


+ 2
- 5
src/main/resources/static/js/main.js View File

@@ -67,17 +67,15 @@ function initValidateSave() { // TODO not allowing saves straight from the form
if (resettingPass) sessionStorage.setItem("oldpassword", sessionStorage.getItem(name));
tabContent.set(currentTabID, document.getElementById("textarea").value);
tabContent.forEach(combineTabsLocalEvent);

function combineTabsLocalEvent(values) {
tabTitleCount++;
if (values !== "" && values != null) {
tabCount++;
empty = false;
text += values + "|textdungeon-tab|";
document.getElementById("tab" + tabTitleCount).textContent = values.substring(0, 10);
document.getElementById("tab" + tabTitleCount).textContent = values.substring(0, 10); // setting tab titles
}
}

if (document.getElementById("password-form").value === "") // logged in user
password = sessionStorage.getItem(name);
else
@@ -207,9 +205,8 @@ function saveLocalEvent(name, password, text, tabCount) {
xmlrequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8");
if (resettingPass)
xmlrequest.send("name=" + name + "&password=" + sessionStorage.getItem("oldpassword") + "&text=" + text + "&tabs=" + tabCount + "&newpassword=" + password);
else {
else
xmlrequest.send("name=" + name + "&password=" + password + "&text=" + text + "&tabs=" + tabCount);
}
xmlrequest.onload = function () {
saveResponseLocalEvent(xmlrequest.response);
}


Loading…
Cancel
Save