Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Only keep 1 keypair (32) #169

Merged
merged 2 commits into from
Nov 6, 2024
Merged

feat: Only keep 1 keypair (32) #169

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
507e05b
Only keep 1 keypair (32)
bmingles Nov 6, 2024
1cffc3d
await key deletion in try / catch (32)
bmingles Nov 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 54 additions & 3 deletions src/controllers/UserLoginController.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
import {
deletePublicKeys,
generateBase64KeyPair,
loginClientWithKeyPair,
loginClientWithPassword,
uploadPublicKey,
type Base64KeyPair,
type AuthenticatedClient as DheAuthenticatedClient,
type Username,
} from '@deephaven-enterprise/auth-nodejs';
Expand Down Expand Up @@ -56,6 +58,41 @@ export class UserLoginController extends ControllerBase {
private readonly secretService: ISecretService;
private readonly toast: IToastService;

/**
* Login with a given key pair and remove the public key from the server.
* @param serverUrl The server URL to remove the key from.
* @param userName The user name to remove the key for.
* @param keyPair The key pair that contains the public key to be removed. The
* key pair is needed since a login is required before the deletion.
*/
private _deleteUserPublicKey = async (
serverUrl: URL,
userName: Username,
keyPair: Base64KeyPair
): Promise<void> => {
const dheClient = await loginClientWithKeyPair(
await this.dheClientFactory(serverUrl),
{
type: 'keyPair',
username: userName,
keyPair,
}
);

const { type, publicKey } = keyPair;

try {
await deletePublicKeys({
dheClient,
userName,
publicKeys: [publicKey],
type,
});
} finally {
dheClient.disconnect();
}
};

/**
* Handle request for generating a DHE key pair.
* @param serverState The server state to generate the key pair for.
Expand Down Expand Up @@ -96,12 +133,26 @@ export class UserLoginController extends ControllerBase {
type,
});

// Get existing server keys or create a new object
const serverKeys = await this.secretService.getServerKeys(serverUrl);
const existingServerKeys =
await this.secretService.getServerKeys(serverUrl);

// Attempt to remove older keys / previously generated keys for other users
// from the server. Ignore errors since this is an optimistic cleanup, and
// it's possible the keys have already been removed.
Object.entries(existingServerKeys).forEach(async ([username, keyPair]) => {
try {
await this._deleteUserPublicKey(
serverUrl,
username as Username,
keyPair
);
} catch (err) {
logger.error(err);
}
});

// Store the new private key for the user
await this.secretService.storeServerKeys(serverUrl, {
...serverKeys,
[credentials.username]: keyPair,
});

Expand Down