コード例 #1
0
        /// <summary>
        /// Changes the user password.<para> </para>
        /// Remember that <paramref name="requestBody"/>'s field
        /// <see cref="EpistleRequestBody.Body"/> should be the <see cref="UserChangePasswordRequestDto"/>
        /// instance serialized into JSON and then compressed!
        /// </summary>
        /// <param name="requestBody">Request parameters DTO wrapped into an <see cref="EpistleRequestBody"/>.</param>
        /// <returns><c>bool</c> indicating whether the change was successful or not.</returns>
        public async Task <bool> ChangeUserPassword(EpistleRequestBody requestBody)
        {
            var          request  = EpistleRequest(requestBody, "users/change-pw", Method.Put);
            RestResponse response = await restClient.ExecuteAsync(request).ConfigureAwait(false);

            return(response?.StatusCode == HttpStatusCode.OK);
        }
コード例 #2
0
        /// <summary>
        /// Deletes a user irreversibly from the backend's db.<para> </para>
        /// <paramref name="requestBody.Body"/> should directly be the unprocessed <see cref="User.PasswordSHA512"/>.
        /// </summary>
        /// <param name="requestBody">Request parameters DTO wrapped into an <see cref="EpistleRequestBody"/>.</param>
        /// <returns>Whether deletion was successful or not.</returns>
        public async Task <bool> DeleteUser(EpistleRequestBody requestBody)
        {
            var          request  = EpistleRequest(requestBody, "users/delete");
            RestResponse response = await restClient.ExecuteAsync(request).ConfigureAwait(false);

            return(response?.StatusCode == HttpStatusCode.NoContent);
        }
コード例 #3
0
        /// <summary>
        /// Kick a user from a conversation.
        /// </summary>
        /// <param name="requestBody">Request parameters.</param>
        /// <returns>Whether the user was kicked out successfully or not.</returns>
        public async Task <bool> KickUser(EpistleRequestBody requestBody)
        {
            var          request  = EpistleRequest(requestBody, "convos/kick", Method.Put);
            RestResponse response = await restClient.ExecuteAsync(request);

            return(response.IsSuccessful);
        }
コード例 #4
0
        /// <summary>
        /// Creates a new convo on the server.<para> </para>
        /// "<paramref name="requestBody.Body"/>" should be the <see cref="ConvoCreationRequestDto"/> serialized into JSON and compressed.
        /// </summary>
        /// <param name="requestBody">Request body containing the parameters (auth, etc...).</param>
        /// <returns><c>null</c> if creation failed; the created <see cref="Convo"/>'s unique id.</returns>
        public async Task <string> CreateConvo(EpistleRequestBody requestBody)
        {
            var          request  = EpistleRequest(requestBody, "convos/create");
            RestResponse response = await restClient.ExecuteAsync(request).ConfigureAwait(false);

            return(response.IsSuccessful ? response.Content : null);
        }
コード例 #5
0
        /// <summary>
        /// Changes a convo's metadata (description, title, etc...).<para> </para>
        /// The user making the request needs to be the <see cref="Convo"/>'s admin (Creator).<para> </para>
        /// If you're assigning a new admin, he needs to be a participant of the <see cref="Convo"/>, else you'll get a bad request returned from the web api.
        /// </summary>
        /// <param name="requestBody">Request body containing the authentication parameters + the data that needs to be changed (<c>null</c> fields will be ignored; fields with values will be updated and persisted into the server's db)..</param>
        /// <returns>Whether the convo's metadata was changed successfully or not.</returns>
        public async Task <bool> ChangeConvoMetadata(EpistleRequestBody requestBody)
        {
            var          request  = EpistleRequest(requestBody, "convos/metadata", Method.Put);
            RestResponse response = await restClient.ExecuteAsync(request);

            return(response.IsSuccessful);
        }
コード例 #6
0
        /// <summary>
        /// Join a <see cref="Convo" />.
        /// </summary>
        /// <param name="requestBody">Request body containing the convo join parameters.</param>
        /// <returns>Whether the <see cref="Convo" /> was joined successfully or not.</returns>
        public async Task <bool> JoinConvo(EpistleRequestBody requestBody)
        {
            var          request  = EpistleRequest(requestBody, "convos/join", Method.Put);
            RestResponse response = await restClient.ExecuteAsync(request).ConfigureAwait(false);

            return(response.IsSuccessful);
        }
コード例 #7
0
        /// <summary>
        /// Posts a message to a <see cref="Convo" />.
        /// </summary>
        /// <param name="requestBody">Request body containing the message post parameters.</param>
        /// <returns>Whether the message was posted successfully or not.</returns>
        public async Task <bool> PostMessage(EpistleRequestBody requestBody)
        {
            var          request  = EpistleRequest(requestBody, "convos/post");
            RestResponse response = await restClient.ExecuteAsync(request);

            return(response.IsSuccessful);
        }
コード例 #8
0
#pragma warning restore 1591

        /// <summary>
        /// Changes an Epistle <see cref="User"/>'s password.
        /// </summary>
        /// <param name="oldPw">The old <see cref="User"/> password (NOT its SHA512!).</param>
        /// <param name="newPw">The new, better and safer password (NOT its SHA512!).</param>
        /// <param name="totp">Request authentication token.</param>
        /// <returns>Whether the password change request was successful or not.</returns>
        /// <exception cref="ApplicationException">Thrown if the <see cref="User.PrivateKeyPem"/> is <c>null</c> or empty.</exception>
        public async Task <bool> ChangePassword(string oldPw, string newPw, string totp)
        {
            if (oldPw == newPw)
            {
                return(false);
            }

            if (user.PrivateKeyPem.NullOrEmpty())
            {
                string msg = "The user's in-memory private key seems to be null or empty; can't change passwords without re-encrypting a new copy of the user key!";
                logger?.LogError(msg);
                throw new ApplicationException(msg);
            }

            var dto = new UserChangePasswordRequestDto
            {
                Totp          = totp,
                OldPwSHA512   = oldPw.SHA512(),
                NewPwSHA512   = newPw.SHA512(),
                NewPrivateKey = await keyExchange.EncryptAndCompressPrivateKeyAsync(user.PrivateKeyPem, newPw).ConfigureAwait(false)
            };

            var requestBody = new EpistleRequestBody
            {
                UserId = user.Id,
                Auth   = user.Token.Item2,
                Body   = await compressionUtility.Compress(JsonSerializer.Serialize(dto)).ConfigureAwait(false)
            };

            bool success = await userService.ChangeUserPassword(requestBody.Sign(crypto, user.PrivateKeyPem)).ConfigureAwait(false);

            return(success);
        }
コード例 #9
0
        /// <summary>
        /// Uploads a new profile picture to the server.
        /// </summary>
        /// <param name="totp">2FA Token.</param>
        /// <param name="pic">The profile picture (base64-encoded). Can be <c>null</c>.</param>
        /// <returns>Whether the update was accepted or failed.</returns>
        public async Task <bool> UpdateUserProfilePicture(string totp, string pic)
        {
            try
            {
                if (user is null || pic.Length > 512 * 512 || user.Id.NullOrEmpty() || user.Token is null || user.Token.Item2.NullOrEmpty() || totp.NullOrEmpty())
                {
                    return(false);
                }

                var dto = new UserChangeProfilePictureRequestDto
                {
                    Totp           = totp,
                    ProfilePicture = pic,
                    PasswordSHA512 = user.PasswordSHA512
                };

                var requestBody = new EpistleRequestBody
                {
                    UserId = user.Id,
                    Auth   = user.Token?.Item2,
                    Body   = JsonSerializer.Serialize(dto)
                };

                var          request  = EpistleRequest(requestBody.Sign(rsa, user.PrivateKeyPem), "users/pic", Method.Put);
                RestResponse response = await restClient.ExecuteAsync(request).ConfigureAwait(false);

                return(response?.StatusCode == HttpStatusCode.OK);
            }
            catch
            {
                return(false);
            }
        }
コード例 #10
0
        private async void TryJoinConvos()
        {
            if (!appSettings["SaveConvoPasswords", true])
            {
                return;
            }

            var userConvos = (await userService.GetConvos(user.Id, user.Token.Item2))
                             .Select(c => (Convo)c)
                             .Distinct()
                             .Where(convo => !convo.IsExpired()).ToArray();

            foreach (var convo in userConvos)
            {
                string cachedPwSHA512 = convoPasswordProvider.GetPasswordSHA512(convo.Id);

                if (cachedPwSHA512.NullOrEmpty())
                {
                    cachedPwSHA512 = await SecureStorage.GetAsync($"convo:{convo.Id}_pw:SHA512");
                }

                if (cachedPwSHA512.NotNullNotEmpty())
                {
                    var dto = new ConvoJoinRequestDto
                    {
                        ConvoId             = convo.Id,
                        ConvoPasswordSHA512 = cachedPwSHA512
                    };

                    var body = new EpistleRequestBody
                    {
                        UserId = user.Id,
                        Auth   = user.Token.Item2,
                        Body   = JsonSerializer.Serialize(dto)
                    };

                    if (await convoService.JoinConvo(body.Sign(crypto, user.PrivateKeyPem)))
                    {
                        convoPasswordProvider.SetPasswordSHA512(convo.Id, cachedPwSHA512);
                        ConvoMetadataDto metadata = await convoService.GetConvoMetadata(convo.Id, cachedPwSHA512, user.Id, user.Token.Item2);

                        if (metadata != null)
                        {
                            var viewModel = viewModelFactory.Create <ActiveConvoViewModel>();
                            viewModel.ActiveConvo = convo;
                            viewModel.OnAppearing();

                            activeConvos[convo.Id] = viewModel;
                        }
                    }
                }
            }

            eventAggregator.GetEvent <TriggerUpdateConvosListEvent>().Publish();
        }
コード例 #11
0
        /// <summary>
        /// Creates a <see cref="RestRequest"/> using the provided <paramref name="requestBody"/>, <paramref name="endpoint"/> and <paramref name="method"/>.<para> </para>
        /// The <paramref name="requestBody"/> is serialized to JSON and added to the HTTP request body.<para> </para>
        /// Please only add bodies to POST, and maybe PUT requests...
        /// </summary>
        /// <param name="requestBody">The <see cref="EpistleRequestBody"/> to serialize into JSON and add to the HTTP POST (or PUT) request's body.</param>
        /// <param name="endpoint">The API endpoint (relative path).</param>
        /// <param name="method">The HTTP method to use. Should be either POST or PUT if you use the request body.</param>
        /// <returns>The <see cref="RestRequest"/>, ready to be submitted.</returns>
        protected RestRequest EpistleRequest(EpistleRequestBody requestBody, string endpoint, Method method = Method.Post)
        {
            if (method != Method.Post && method != Method.Put)
            {
                throw new ArgumentException($"{nameof(EpistleWebApiService)}::{nameof(EpistleRequest)}: Non-PUT or POST HTTP method passed. Please only add request bodies to POST and PUT requests!");
            }

            var request = new RestRequest(
                method: method,
                resource: new Uri(endpoint, UriKind.Relative)
                );

            request.AddStringBody(JsonSerializer.Serialize(requestBody), "application/json");

            return(request);
        }
コード例 #12
0
        /// <summary>
        /// Deletes a convo server-side.
        /// </summary>
        /// <param name="requestBody">Request body containing the convo deletion parameters (auth, etc...).</param>
        /// <returns>Whether deletion was successful or not.</returns>
        public async Task <bool> DeleteConvo(EpistleRequestBody requestBody)
        {
            RestResponse response = await restClient.ExecuteAsync(EpistleRequest(requestBody, "convos/delete"));

            return(response.IsSuccessful);
        }
コード例 #13
0
        /// <summary>
        /// Submits a message to a <see cref="Convo"/>.
        /// </summary>
        /// <param name="convo">The <see cref="Convo"/> to post the message into.</param>
        /// <param name="messageType">The type of message (e.g. "TEXT=UTF8", "FILE=example.png", etc...).</param>
        /// <param name="message">The message body to encrypt and post.</param>
        /// <returns>Whether the message could be submitted successfully or not.</returns>
        private async Task <bool> PostMessageToConvo(Convo convo, string messageType, byte[] message)
        {
            if (message.NullOrEmpty())
            {
                return(false);
            }

            Task <IDictionary <string, string> > publicKeys = userService.GetUserPublicKeys(user.Id, convo.GetParticipantIdsCommaSeparated(), user.Token.Item2);

            byte[] compressedMessage = await compressionUtility.Compress(message, CompressionSettings.Default).ConfigureAwait(false);

            using var encryptionResult = await aes.EncryptAsync(compressedMessage).ConfigureAwait(false);

            byte[] key = new byte[48];

            for (int i = 0; i < 32; i++)
            {
                key[i] = encryptionResult.Key[i];
            }

            for (int i = 0; i < 16; i++)
            {
                key[i + 32] = encryptionResult.IV[i];
            }

            // Encrypt the message decryption key for every convo participant individually.
            var encryptedKeys = new ConcurrentBag <string>();

            Parallel.ForEach(await publicKeys.ConfigureAwait(false), kvp =>
            {
                (string userId, string userPublicKey) = kvp;

                if (userId.NotNullNotEmpty() && userPublicKey.NotNullNotEmpty())
                {
                    string decompressedPublicKey = keyExchange.DecompressPublicKey(userPublicKey);
                    encryptedKeys.Add(userId + ':' + Convert.ToBase64String(rsa.Encrypt(key, decompressedPublicKey)));
                }
            });

            try
            {
                var postParamsDto = new PostMessageParamsDto
                {
                    Type                = messageType,
                    SenderName          = userSettings.Username,
                    ConvoId             = convo.Id,
                    ConvoPasswordSHA512 = convoPasswordProvider.GetPasswordSHA512(convo.Id),
                    EncryptedKeys       = encryptedKeys.ToCommaSeparatedString(),
                    EncryptedBody       = Convert.ToBase64String(encryptionResult.EncryptedData)
                };

                var body = new EpistleRequestBody
                {
                    UserId = user.Id,
                    Auth   = user.Token.Item2,
                    Body   = JsonSerializer.Serialize(postParamsDto)
                };

                return(await convoService.PostMessage(body.Sign(rsa, user.PrivateKeyPem)).ConfigureAwait(false));
            }
            catch
            {
                return(false);
            }
        }