finish account recovery

Journaly-io · Jun 8, 2024 · 90b60a4 · 90b60a4
1 parent 1a00499
commit 90b60a4
Show file tree

Hide file tree

Showing 6 changed files with 71 additions and 1 deletion.
diff --git a/JournalyApiV2/Controllers/AuthController.cs b/JournalyApiV2/Controllers/AuthController.cs
@@ -18,7 +18,7 @@ public class AuthController : JournalyControllerBase
 {
     private readonly IAuthService _authService;
     private readonly ICryptoService _cryptoService;
-
+    
     public AuthController(IAuthService authService, ICryptoService cryptoService)
     {
         _authService = authService;
@@ -241,4 +241,23 @@ public async Task<JsonResult> GetRecoveryKeys()
     {
         return new JsonResult(await _authService.GetRecoveryKeys(GetRecoveryToken()));
     }
+
+    [Route("recover-account")]
+    [AllowAnonymous]
+    [HttpPost]
+    public async Task<JsonResult> RecoverAccount([FromBody] RecoverAccountRequest request)
+    {
+        var userId = await _authService.GetUserIdFromRecoveryToken(GetRecoveryToken());
+        if (userId == null) throw new BadRequestException("Invalid recovery token");
+        await _authService.RecoverAccount(userId.Value, request.passwordHash, new CryptographicKey
+        {
+            DEK = request.DEK,
+            Salt = request.Salt,
+            Type = (int)EncryptedDEKType.Primary
+        });
+        return new JsonResult(new AuthenticationResponse
+        {
+            Token = await _authService.IssueToken(userId.Value)
+        });
+    }
 }
diff --git a/JournalyApiV2/Models/Requests/RecoverAccountRequest.cs b/JournalyApiV2/Models/Requests/RecoverAccountRequest.cs
@@ -0,0 +1,8 @@
+namespace JournalyApiV2.Models.Requests;
+
+public class RecoverAccountRequest
+{
+    public string DEK { get; set; }
+    public string Salt { get; set; }
+    public string passwordHash { get; set; }
+}
diff --git a/JournalyApiV2/Services/BLL/AuthService.cs b/JournalyApiV2/Services/BLL/AuthService.cs
@@ -57,6 +57,11 @@ public async Task<AuthenticationResponse> SignIn(string email, string password)
         }
     }
 
+    public async Task<string> IssueToken(Guid userId)
+    {
+        return await _authDbService.GenerateToken(userId);
+    }
+
     public async Task VoidToken(string token)
     {
         await _authDbService.RevokeToken(token);
@@ -221,4 +226,20 @@ public async Task<CryptographicKey[]> GetRecoveryKeys(string recoveryToken)
     {
         return await _authDbService.GetRecoveryKeys(recoveryToken);
     }
+
+    public async Task RecoverAccount(Guid userId, string passwordHash, CryptographicKey primaryKey)
+    {
+        if (primaryKey.Type != 1) throw new ArgumentException("Key must be a primary key");
+        var user = await _userManager.FindByIdAsync(userId.ToString());
+        if (user == null) throw new ArgumentException("UserID invalid");
+        var resetToken = await _userManager.GeneratePasswordResetTokenAsync(user);
+        await _userManager.ResetPasswordAsync(user, resetToken, passwordHash);
+        await _cryptoDbService.UpdateDEKForUser(userId, primaryKey.DEK, primaryKey.Salt, EncryptedDEKType.Primary);
+        await _authDbService.ClearRecoveryTokens(userId);
+    }
+
+    public async Task<Guid?> GetUserIdFromRecoveryToken(string recoveryToken)
+    {
+        return await _authDbService.GetUserIdFromRecoveryToken(recoveryToken);
+    }
 }
diff --git a/JournalyApiV2/Services/BLL/IAuthService.cs b/JournalyApiV2/Services/BLL/IAuthService.cs
@@ -21,4 +21,7 @@ public interface IAuthService
     Task<string> IssueRecoveryTokenWithShortCode(string email, string shortCode);
     Task<string> IssueRecoveryTokenWithLongCode(string longCode);
     Task<CryptographicKey[]> GetRecoveryKeys(string recoveryToken);
+    Task RecoverAccount(Guid userId, string passwordHash, CryptographicKey primaryKey);
+    Task<Guid?> GetUserIdFromRecoveryToken(string recoveryToken);
+    Task<string> IssueToken(Guid userId);
 }
diff --git a/JournalyApiV2/Services/DAL/AuthDbService.cs b/JournalyApiV2/Services/DAL/AuthDbService.cs
@@ -1,4 +1,5 @@
 using System.Security.Cryptography;
+using System.Security.Cryptography.Xml;
 using JournalyApiV2.Data;
 using JournalyApiV2.Data.Models;
 using JournalyApiV2.Models;
@@ -233,4 +234,20 @@ public async Task<CryptographicKey[]> GetRecoveryKeys(string recoveryToken)
             Type = x.EncryptedDEKTypeId
         }).ToArray();
     }
+
+    public async Task ClearRecoveryTokens(Guid userId)
+    {
+        await using var db = _db.Journaly();
+        db.RemoveRange(db.AccountRecoveryTokens.Where(x => x.UserId == userId));
+        await db.SaveChangesAsync();
+    }
+
+    public async Task<Guid?> GetUserIdFromRecoveryToken(string recoveryToken)
+    {
+        await using var db = _db.Journaly();
+
+        var recoveryTokenObj = await db.AccountRecoveryTokens.SingleOrDefaultAsync(x => x.Token == recoveryToken);
+
+        return recoveryTokenObj?.UserId;
+    }
 }
diff --git a/JournalyApiV2/Services/DAL/IAuthDbService.cs b/JournalyApiV2/Services/DAL/IAuthDbService.cs
@@ -22,4 +22,6 @@ public interface IAuthDbService
     Task RevokeTokens(Guid userId, string[]? exclude);
     Task<string> IssueRecoveryToken(Guid userId);
     Task<CryptographicKey[]> GetRecoveryKeys(string recoveryToken);
+    Task ClearRecoveryTokens(Guid userId);
+    Task<Guid?> GetUserIdFromRecoveryToken(string recoveryToken);
 }