3pp-mirror/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-06-25 16:27:05 +02:00
Code Issues Projects Releases Packages Wiki Activity

♻️ Replace internal crypto/pbkd with buddy.

Browse source
This commit is contained in:
Andrey Antukh 2020-09-15 14:48:13 +02:00 committed by Alonso Torres
parent 28da2406d3
commit 7c068621cf
16 changed files with 54 additions and 757 deletions
Download patch file Download diff file Expand all files Collapse all files

4
backend/src/app/cli/fixtures.clj
View file

@ -12,7 +12,7 @@
(:require
[clojure.tools.logging :as log]
[mount.core :as mount]
[sodi.pwhash :as pwhash]
[buddy.hashers :as hashers]
[app.common.data :as d]
[app.common.pages :as cp]
[app.common.uuid :as uuid]
@ -28,7 +28,7 @@
;; --- Profiles creation
(def password (pwhash/derive "123123"))
(def password (hashers/derive "123123"))
(def preset-small
{:num-teams 5

13
backend/src/app/services/mutations/demo.clj
View file

@ -11,8 +11,8 @@
"A demo specific mutations."
(:require
[clojure.spec.alpha :as s]
[sodi.prng]
[sodi.util]
[buddy.core.codecs :as bc]
[buddy.core.nonce :as bn]
[app.common.exceptions :as ex]
[app.config :as cfg]
[app.db :as db]
@ -24,12 +24,13 @@
(sm/defmutation ::create-demo-profile
[_]
(let [id (uuid/next)
sem (System/currentTimeMillis)
(let [id (uuid/next)
sem (System/currentTimeMillis)
email (str "demo-" sem ".demo@nodomain.com")
fullname (str "Demo User " sem)
password (-> (sodi.prng/random-bytes 12)
(sodi.util/bytes->b64s))
password (-> (bn/random-bytes 12)
(bc/bytes->b64u)
(bc/bytes->str))
params {:id id
:email email
:fullname fullname

46
backend/src/app/services/mutations/profile.clj
View file

@ -9,33 +9,32 @@
(ns app.services.mutations.profile
(:require
[clojure.spec.alpha :as s]
[cuerdas.core :as str]
[datoteka.core :as fs]
[promesa.core :as p]
[promesa.exec :as px]
[sodi.prng]
[sodi.pwhash]
[sodi.util]
[app.common.exceptions :as ex]
[app.common.media :as cm]
[app.common.spec :as us]
[app.common.uuid :as uuid]
[app.common.media :as cm]
[app.config :as cfg]
[app.db :as db]
[app.emails :as emails]
[app.media :as media]
[app.media-storage :as mst]
[app.services.tokens :as tokens]
[app.services.mutations :as sm]
[app.services.mutations.media :as media-mutations]
[app.services.mutations.projects :as projects]
[app.services.mutations.teams :as teams]
[app.services.queries.profile :as profile]
[app.services.tokens :as tokens]
[app.tasks :as tasks]
[app.util.blob :as blob]
[app.util.storage :as ust]
[app.util.time :as dt]))
[app.util.time :as dt]
[buddy.core.codecs :as bc]
[buddy.core.nonce :as bn]
[buddy.hashers :as hashers]
[clojure.spec.alpha :as s]
[cuerdas.core :as str]
[datoteka.core :as fs]))
;; --- Helpers & Specs
@ -112,16 +111,16 @@
"Create the profile entry on the database with limited input
filling all the other fields with defaults."
[conn {:keys [id fullname email password demo?] :as params}]
(let [id (or id (uuid/next))
(let [id (or id (uuid/next))
demo? (if (boolean? demo?) demo? false)
password (sodi.pwhash/derive password)]
paswd (hashers/derive password {:alg :bcrypt+sha512})]
(db/insert! conn :profile
{:id id
:fullname fullname
:email (str/lower email)
:pending-email (if demo? nil email)
:photo ""
:password password
:password paswd
:is-demo demo?})))
(defn- create-profile-relations
@ -159,8 +158,7 @@
(when (= (:password profile) "!")
(ex/raise :type :validation
:code ::account-without-password))
(let [result (sodi.pwhash/verify password (:password profile))]
(:valid result)))
(hashers/check password (:password profile)))
(validate-profile [profile]
(when-not profile
@ -242,9 +240,8 @@
(defn- validate-password!
[conn {:keys [profile-id old-password] :as params}]
(let [profile (profile/retrieve-profile-data conn profile-id)
result (sodi.pwhash/verify old-password (:password profile))]
(when-not (:valid result)
(let [profile (profile/retrieve-profile-data conn profile-id)]
(when-not (hashers/check old-password (:password profile))
(ex/raise :type :validation
:code ::old-password-not-match))))
@ -256,12 +253,11 @@
(db/with-atomic [conn db/pool]
(validate-password! conn params)
(db/update! conn :profile
{:password (sodi.pwhash/derive password)}
{:password (hashers/derive password {:alg :bcrypt+sha512})}
{:id profile-id})
nil))
;; --- Mutation: Update Photo
(declare upload-photo)
@ -290,8 +286,9 @@
(defn- upload-photo
[conn {:keys [file profile-id]}]
(let [prefix (-> (sodi.prng/random-bytes 8)
(sodi.util/bytes->b64s))
(let [prefix (-> (bn/random-bytes 8)
(bc/bytes->b64u)
(bc/bytes->str))
thumb (media/run
{:cmd :profile-thumbnail
:format :jpeg
@ -455,13 +452,12 @@
(:profile-id tpayload)))
(update-password [conn profile-id]
(let [pwd (sodi.pwhash/derive password)]
(let [pwd (hashers/derive password {:alg :bcrypt+sha512})]
(db/update! conn :profile {:password pwd} {:id profile-id})))
(delete-token [conn token]
(db/delete! conn :generic-token {:token token}))]
(db/with-atomic [conn db/pool]
(->> (validate-token conn token)
(update-password conn))

24
backend/src/app/services/mutations/viewer.clj
View file

@ -5,31 +5,20 @@
;; This Source Code Form is "Incompatible With Secondary Licenses", as
;; defined by the Mozilla Public License, v. 2.0.
;;
;; Copyright (c) 2019-2020 Andrey Antukh <niwi@niwi.nz>
;; Copyright (c) 2020 UXBOX Labs SL
(ns app.services.mutations.viewer
(:require
[app.common.exceptions :as ex]
[app.common.pages :as cp]
[app.common.pages-migrations :as pmg]
[app.common.spec :as us]
[app.common.uuid :as uuid]
[app.config :as cfg]
[app.db :as db]
[app.redis :as redis]
[app.services.mutations :as sm]
[app.services.mutations.projects :as proj]
[app.services.queries.files :as files]
[app.tasks :as tasks]
[app.util.blob :as blob]
[app.util.storage :as ust]
[app.util.time :as dt]
[app.util.transit :as t]
[clojure.spec.alpha :as s]
[datoteka.core :as fs]
[promesa.core :as p]
[sodi.prng]
[sodi.util]))
[buddy.core.codecs :as bc]
[buddy.core.nonce :as bn]
[clojure.spec.alpha :as s]))
(s/def ::profile-id ::us/uuid)
(s/def ::file-id ::us/uuid)
@ -42,8 +31,9 @@
[{:keys [profile-id file-id page-id] :as params}]
(db/with-atomic [conn db/pool]
(files/check-edition-permissions! conn profile-id file-id)
(let [token (-> (sodi.prng/random-bytes 16)
(sodi.util/bytes->b64s))]
(let [token (-> (bn/random-bytes 16)
(bc/bytes->b64u)
(bc/bytes->str))]
(db/insert! conn :file-share-token
{:file-id file-id
:page-id page-id

9
backend/src/app/services/tokens.clj
View file

@ -11,8 +11,8 @@
(:require
[clojure.spec.alpha :as s]
[cuerdas.core :as str]
[sodi.prng]
[sodi.util]
[buddy.core.codecs :as bc]
[buddy.core.nonce :as bn]
[app.common.exceptions :as ex]
[app.common.spec :as us]
[app.util.time :as dt]
@ -21,8 +21,9 @@
(defn next-token
([] (next-token 96))
([n]
(-> (sodi.prng/random-nonce n)
(sodi.util/bytes->b64s))))
(-> (bn/random-bytes n)
(bc/bytes->b64u)
(bc/bytes->str))))
(def default-duration
(dt/duration {:hours 48}))

15
backend/src/app/util/storage.clj
View file

@ -10,14 +10,14 @@
(ns app.util.storage
"A local filesystem storage implementation."
(:require
[app.common.exceptions :as ex]
[buddy.core.codecs :as bc]
[buddy.core.nonce :as bn]
[clojure.java.io :as io]
[clojure.spec.alpha :as s]
[cuerdas.core :as str]
[datoteka.core :as fs]
[datoteka.proto :as fp]
[sodi.prng :as sodi.prng]
[sodi.util :as sodi.util]
[app.common.exceptions :as ex])
[datoteka.proto :as fp])
(:import
java.io.ByteArrayInputStream
java.io.InputStream
@ -162,7 +162,7 @@
(def ^:private prng
(delay
(doto (java.security.SecureRandom/getInstance "SHA1PRNG")
(.setSeed ^bytes (sodi.prng/random-bytes 64)))))
(.setSeed ^bytes (bn/random-bytes 64)))))
(defn with-xf
[storage xfm]
@ -174,8 +174,9 @@
(def random-path
(map (fn [^Path path]
(let [name (str (.getFileName path))
hash (-> (sodi.prng/random-bytes @prng 10)
(sodi.util/bytes->b64s))
hash (-> (bn/random-bytes 10 @prng)
(bc/bytes->b64u)
(bc/bytes->str))
tokens (re-seq #"[\w\d\-\_]{2}" hash)
path-tokens (take 3 tokens)
rest-tokens (drop 3 tokens)