door_mat 0.0.5

data/app/models/door_mat/activity.rb

@@ -0,0 +1,14 @@
+module DoorMat
+  class Activity < ActiveRecord::Base
+
+    belongs_to :actor
+    belongs_to :notifier, :polymorphic => true
+
+    enum status: [:pending, :started, :done, :failed]
+
+    def self.hash_token(token)
+      DoorMat::Crypto::FastHash.sha256(token)
+    end
+
+  end
+end

data/app/models/door_mat/activity_confirm_email.rb

@@ -0,0 +1,45 @@
+module DoorMat
+  class ActivityConfirmEmail < Activity
+
+    belongs_to :email, :class_name => "DoorMat::Email", :foreign_key => :notifier_id
+
+    def self.for(email, controller)
+      return unless email.not_confirmed?
+
+      actor = email.actor
+
+      # Fail any existing email confirmation activities for the current email
+      actor.confirm_email_activities.each do |a|
+        a.failed! if email == a.email
+      end
+      token = SecureRandom.uuid
+
+      activity = self.new
+      activity.actor = actor
+      activity.email = email
+      activity.link_hash = self.hash_token(token)
+      activity.started!
+
+      activity.send_email_with(token, controller)
+    end
+
+    def input_valid?(token, encoded_address)
+      DoorMat::Crypto.secure_compare(
+          [DoorMat::Activity.hash_token(token.to_s), DoorMat::Email.address_hash_from_encoded_address(encoded_address)].join('_'),
+          [self.link_hash, self.email.address_hash].join('_')
+      ) && self.email.not_confirmed?
+    end
+
+    def send_email_with(token, controller)
+      parameters = {
+          url: controller.send(:confirm_email_url, token: token, email: self.email.to_urlsafe_encoded, protocol: DoorMat::UrlProtocol.url_protocol),
+          address: self.email.address
+      }
+      DoorMat::ActivityMailer.confirm_email(parameters).deliver_now
+    rescue Exception => e
+      DoorMat.configuration.logger.error "ERROR: Failed to deliver confirmation email for actor #{self.actor.id} to #{self.email.address} w #{parameters[:url]} - #{e}"
+      raise e
+    end
+
+  end
+end

data/app/models/door_mat/activity_download_recovery_key.rb

@@ -0,0 +1,30 @@
+module DoorMat
+  class ActivityDownloadRecoveryKey < Activity
+
+    def self.for(actor)
+      # Fail any existing activities
+      actor.download_recovery_key_activities.each do |a|
+        a.failed!
+      end
+
+      activity = self.new
+      activity.actor = actor
+      activity.notifier = actor
+      activity.link_hash = self.hash_token(SecureRandom.uuid)
+      activity.started!
+    end
+
+    def input_valid?(token)
+      DoorMat::Crypto.secure_compare(DoorMat::Activity.hash_token(token.to_s), self.link_hash)
+    end
+
+    def get_new_token
+      token = SecureRandom.uuid
+      self.link_hash = DoorMat::Activity.hash_token(token)
+      self.save!
+
+      token
+    end
+
+  end
+end

data/app/models/door_mat/activity_reset_password.rb

@@ -0,0 +1,47 @@
+module DoorMat
+  class ActivityResetPassword < Activity
+
+    belongs_to :email, :class_name => "DoorMat::Email", :foreign_key => :notifier_id
+
+    def self.for(email, controller)
+      # BFP: prevent email flooding
+      return nil unless self.where( actor: email.actor ).where(["created_at > ?", DoorMat.configuration.forgot_password_link_request_delay_minutes.minutes.ago]).blank?
+
+      token = SecureRandom.uuid
+
+      activity = self.new
+      activity.actor = email.actor
+      activity.email = email
+      activity.link_hash = self.hash_token(token)
+      activity.started!
+
+      activity.send_email_with(token, controller)
+      activity
+    end
+
+    def self.with(token, emails)
+
+      self.where(type: "DoorMat::ActivityResetPassword", link_hash: self.hash_token(token)).started.each do |activity|
+        if activity.created_at < DoorMat.configuration.forgot_password_link_expiration_delay_minutes.minutes.ago
+          activity.failed!
+        else
+          return activity if emails.include? activity.email
+        end
+      end
+
+      nil
+    end
+
+    def send_email_with(token, controller)
+      parameters = {
+          url: controller.send(:choose_new_password_url, token: token, email: self.email.to_urlsafe_encoded, protocol: DoorMat::UrlProtocol.url_protocol),
+          address: self.email.address
+      }
+      DoorMat::ActivityMailer.reset_password(parameters).deliver_now
+    rescue Exception => e
+      DoorMat.configuration.logger.error "ERROR: Failed to deliver reset password email for actor #{self.actor.id} to #{self.email.address} w #{parameters[:url]} - #{e}"
+      raise e
+    end
+
+  end
+end

data/app/models/door_mat/actor.rb

@@ -0,0 +1,149 @@
+module DoorMat
+  class Actor < ActiveRecord::Base
+
+    has_many :emails, :dependent => :destroy
+    has_many :sessions, :dependent => :destroy
+    has_many :activities, :dependent => :destroy
+    has_many :access_tokens, :dependent => :destroy
+
+    has_many :memberships,
+             :inverse_of => :member,
+             :foreign_key => :member_id,
+             :class_name => 'DoorMat::Membership',
+             :dependent => :destroy
+    has_many :anonymous_actors,
+             :through => :memberships,
+             :source => :member_of
+
+    has_many :members,
+             :inverse_of => :member_of,
+             :foreign_key => :member_of_id,
+             :class_name => 'DoorMat::Membership',
+             :dependent => :destroy
+    has_many :member_actors,
+             :through => :members,
+             :source => :member
+
+    attr_accessor :current_email
+
+    validates_presence_of :key_salt, :password_salt, :password_hash, :system_key
+
+    def self.create_with(password)
+      actor = self.new
+
+      actor.re_key_with(password)
+
+      actor.system_key = DoorMat::Crypto::SymmetricStore.random_key
+
+      actor
+    end
+
+    def re_key_with(password)
+      self.key_salt = DoorMat::Crypto::PasswordHash.pbkdf2_salt
+
+      self.password_salt = DoorMat::Crypto::PasswordHash.bcrypt_salt
+      self.password_hash = DoorMat::Crypto::PasswordHash.bcrypt_hash(password, self.password_salt)
+    end
+
+    def self.authenticate_with(address, password)
+      actor = nil
+      matching_emails = DoorMat::Email.matching(address)
+
+      # As with a secure_compare, spend constant time
+      # testing the password against all the accounts, all the time, even if
+      # the first account is matching
+      matching_emails.each do |e|
+        if e.actor.authenticate(password)
+          actor = e.actor
+          actor.current_email = e
+        end
+      end
+
+      actor
+    end
+
+    def confirm_email_activities
+      activities.started.where(type: "DoorMat::ActivityConfirmEmail")
+    end
+
+    def download_recovery_key_activities
+      activities.started.where(type: "DoorMat::ActivityDownloadRecoveryKey")
+    end
+
+    def can_add_email?(email)
+      if emails.count >= DoorMat::configuration.max_email_count_per_actor
+        email.errors[:base] << I18n.t("door_mat.actor.max_email_count_per_actor_reached")
+        return false
+      end
+
+      if emails.where(:address_hash => email.address_hash).count > 0
+        email.errors[:base] << I18n.t("door_mat.actor.email_already_associated")
+        return false
+      end
+
+      true
+    end
+
+    def has_primary_email?
+      emails.map {|e| e.primary?}.inject(false, :|)
+    end
+
+    def email_from_urlsafe_encoded(encoded_address)
+      emails.where(:address_hash => DoorMat::Email.address_hash_from_encoded_address(encoded_address)).first
+    end
+
+    def system_encrypt(message)
+      DoorMat::Crypto::SymmetricStore.encrypt(message, self.system_key)[:ciphertext]
+    end
+
+    def system_decrypt(ciphertext)
+      DoorMat::Crypto::SymmetricStore.decrypt(ciphertext, self.system_key)
+    end
+
+    def authenticate(password)
+      DoorMat::Crypto::secure_compare(
+          self.password_hash,
+          DoorMat::Crypto::PasswordHash.bcrypt_hash(password, self.password_salt)
+      )
+    end
+
+    def setup_public_key_pairs(session)
+      pem_encrypted_pkey_pair_and_key = DoorMat::Crypto::AsymmetricStore.generate_pem_encrypted_pkey_pair_and_key
+      self.encrypted_pem_key = session.encrypt(pem_encrypted_pkey_pair_and_key[:key])
+      self.pem_encrypted_pkey = pem_encrypted_pkey_pair_and_key[:pem_encrypted_pkey]
+      self.pem_public_key = DoorMat::Crypto::AsymmetricStore.pem_public_key_from_pem_encrypted_pkey_pair(pem_encrypted_pkey_pair_and_key[:pem_encrypted_pkey], pem_encrypted_pkey_pair_and_key[:key])
+    end
+
+    def encrypt_shared_key(key)
+      self_pub_key = DoorMat::Crypto::AsymmetricStore.public_key_from_pem_public_key(self.pem_public_key)
+      DoorMat::Crypto::AsymmetricStore.encrypt(key, self_pub_key)
+    end
+
+    def decrypt_shared_key(key, session)
+      pem_key = session.decrypt(self.encrypted_pem_key)
+      private_key = DoorMat::Crypto::AsymmetricStore.private_key_from_pem_encrypted_pkey_pair(self.pem_encrypted_pkey, pem_key)
+      DoorMat::Crypto::AsymmetricStore.decrypt(key, private_key)
+    end
+
+    def share_with(other, secrets, with_key=nil)
+      secrets = Array(secrets)
+      with_key ||= DoorMat::Crypto::SymmetricStore.random_key
+      self_shared_key = self.encrypt_shared_key(with_key)
+      other_shared_key = other.encrypt_shared_key(with_key)
+      encrypted_secrets = DoorMat::Crypto.encrypt_shared(secrets, with_key)
+
+      {
+          key: self_shared_key,
+          other_key: other_shared_key,
+          secrets: encrypted_secrets
+      }
+    end
+
+    def keep_only_this_session!(session)
+      sessions.each do |s|
+        s.destroy! unless s == session
+      end
+    end
+
+  end
+end

data/app/models/door_mat/change_password.rb

@@ -0,0 +1,12 @@
+module DoorMat
+  class ChangePassword
+
+    include ActiveModel::Model
+
+    attr_accessor :old_password, :new_password, :new_password_confirmation
+
+    validates :old_password, length: { minimum: 1 }
+    validates :new_password, length: { minimum: 1 }
+    validates :new_password, confirmation: true
+  end
+end

data/app/models/door_mat/email.rb

@@ -0,0 +1,58 @@
+module DoorMat
+  class Email < ActiveRecord::Base
+
+    include DoorMat::AttrSymmetricStore
+
+    belongs_to :actor
+    has_many :sessions, :dependent => :destroy
+
+    validates_presence_of :address_hash, :address
+    validates_format_of :address, with: DoorMat::Regex.simple_email
+
+    attr_symmetric_store :address
+
+    enum status: [:not_confirmed, :confirmed, :primary, :not_available]
+
+    def self.address_hash(address)
+      DoorMat::Crypto::FastHash.sha256(address.to_str)
+    end
+
+    def self.decode_urlsafe(encoded_address)
+      Base64.urlsafe_decode64(encoded_address.to_str)
+    rescue ArgumentError
+      return encoded_address.to_str
+    end
+
+    def self.address_hash_from_encoded_address(encoded_address)
+      self.address_hash(self.decode_urlsafe(encoded_address))
+    end
+
+    def self.matching(address)
+      address_hash = self.address_hash(address.to_str)
+      self.where(address_hash: address_hash)
+    end
+
+    def self.confirmed_matching(address)
+      address_hash = self.address_hash(address.to_str)
+      self.where(address_hash: address_hash).where('status = :confirmed or status = :primary', self.statuses)
+    end
+
+    def self.count_matching(address)
+      address_hash = self.address_hash(address.to_str)
+      self.where(address_hash: address_hash).count
+    end
+
+    def self.for(address)
+      e = self.new
+      e.address_hash = self.address_hash(address.to_str)
+      e.address = address.to_str
+      e.status = :not_confirmed
+      e
+    end
+
+    def to_urlsafe_encoded
+      Base64.urlsafe_encode64(self.address)
+    end
+
+  end
+end

data/app/models/door_mat/forgot_password.rb

@@ -0,0 +1,12 @@
+module DoorMat
+  class ForgotPassword
+
+    include ActiveModel::Model
+
+    attr_accessor :email, :password, :password_confirmation, :token, :recovery_key
+
+    validates_format_of :email, with: DoorMat::Regex.simple_email
+    validates :password, length: { minimum: 1 }
+    validates :password, confirmation: true
+  end
+end

data/app/models/door_mat/membership.rb

@@ -0,0 +1,42 @@
+module DoorMat
+  class Membership < ActiveRecord::Base
+
+    include DoorMat::AttrAsymmetricStore
+
+    belongs_to :member,
+               :inverse_of => :memberships,
+               :foreign_key => :member_id,
+               :class_name => 'DoorMat::Actor'
+    belongs_to :member_of,
+               :inverse_of => :members,
+               :foreign_key => :member_of_id,
+               :class_name => 'DoorMat::Actor'
+
+    attr_asymmetric_store :key, actor_column: :member
+
+    enum sponsor: [:sponsor_false, :sponsor_true]
+    enum owner: [:owner_false, :owner_true]
+    enum permission: [:no_permission, :list_permission, :read_permission, :write_permission]
+
+    def share_with!(actor, ownership = :owner_true, permission = :no_permission )
+      false unless self.owner_true?
+
+      membership = DoorMat::Membership.new
+      membership.member = actor
+      membership.member_of = self.member_of
+      membership.sponsor = DoorMat::Membership.sponsors[:sponsor_false]
+      membership.owner = DoorMat::Membership.owners[ownership]
+      membership.permission = DoorMat::Membership.permissions[permission]
+      membership.key = self.key
+      membership.save!
+      true
+    end
+
+    def load_sub_session
+      sub_session = DoorMat::Session.new_sub_session_for_actor(self.member_of, self.key)
+
+      self.member.setup_public_key_pairs(sub_session)
+    end
+
+  end
+end

data/app/models/door_mat/session.rb

@@ -0,0 +1,315 @@
+module DoorMat
+  class Session < ActiveRecord::Base
+
+    belongs_to :actor
+    belongs_to :email
+
+    attr_accessor :token
+
+    validate :initialization_performed?
+
+    enum rating: [:public_computer, :private_computer, :remember_me]
+
+    def initialization_performed?
+      if @symmetric_actor_key.blank? || @symmetric_actor_key.first.blank? || @session_key.blank? || @token.blank? || self.hashed_token.blank?
+        errors.add(:base, I18n.t("door_mat.session.initialization_failure"))
+      end
+    end
+
+    # The current_session is never nil but it might not be valid
+    # Check with DoorMat::Session.current_session.valid?
+    def self.current_session
+      RequestStore.store[:current_session] ||= self.new
+    end
+
+    # destroy existing valid session if any at sign_in and sign_up time
+    # or when expired
+    # to prevent unreferenced sessions from accumulating in the store
+    def self.clear_current_session
+      session = current_session
+      RequestStore.store[:current_session] = nil
+
+      session.destroy if session.persisted?
+
+      nil
+    end
+
+    def self.for(actor, password, request)
+      clear_current_session
+
+      return nil if password.blank? || actor.key_salt.blank?
+
+      session = self.new
+      session.ip = request.remote_ip
+      session.agent = request.user_agent
+
+      RequestStore.store[:current_session] = session.initialize_with(actor, password)
+    end
+
+    def initialize_with(actor, password)
+      reset
+      self.email = actor.current_email
+
+      re_key_with(actor, password)
+
+      self
+    rescue Exception => e
+      reset
+      DoorMat.configuration.logger.error "ERROR: Failed to initialize session with password for actor #{actor.id} - #{e}"
+
+      nil
+    end
+
+    def re_key_with(actor, password)
+      @symmetric_actor_key << DoorMat::Crypto::PasswordHash.pbkdf2_hash(password, actor.key_salt)
+
+      encrypt_actor_key(actor, @symmetric_actor_key.last)
+      set_new_token
+
+      self.password_authenticated_at = DateTime.current
+
+      self
+    end
+
+    def session_for_actor_loaded?(actor)
+      actor.nil? || (self.actor == actor) || (sub_sessions.has_key? actor.id)
+    end
+
+    def self.new_sub_session_for_actor(actor, password)
+      session = self.new
+      session.initialize_with(actor, password)
+      session.actor = actor
+
+      session
+    end
+
+    def append_sub_session(session)
+      unless DoorMat::Session.current_session == self
+        DoorMat.configuration.logger.error "ERROR: append_sub_session must only be called on DoorMat::Session.current_session"
+        return false
+      end
+
+      unless session.valid?
+        DoorMat.configuration.logger.error "ERROR: append_sub_session was given an invalid session"
+        return false
+      end
+
+      actor_id = session.actor.id
+      if sub_sessions.has_key? actor_id
+        DoorMat.configuration.logger.warn "WARN: sub_session #{actor_id} already present; updating."
+      end
+      sub_sessions[actor_id] = session
+
+      return true
+    end
+
+    def memberships_for(actor)
+      current_session_ids = sub_sessions.keys
+      current_session_ids.push(self.actor_id) unless self.actor_id.nil?
+
+      DoorMat::Membership.where("member_of_id = :member_of and member_id in (:ids)",
+                                :member_of => actor.id,
+                                :ids => current_session_ids).select {|m| !m.readonly?}
+    end
+
+    def autoload_sesion_for(actor)
+      return if session_for_actor_loaded?(actor)
+
+      memberships = memberships_for(actor)
+      unless memberships.empty?
+        membership = memberships.first
+        session = DoorMat::Session.new_sub_session_for_actor(membership.member_of, membership.key)
+        append_sub_session(session)
+      end
+    end
+
+    def self.from(cookies, request)
+      clear_current_session
+      session_guid = cookies.encrypted[:session_guid].to_s.strip
+      session_key = cookies.encrypted[:session_key].to_s.strip
+
+      return nil if session_guid.blank? || session_key.blank?
+      return nil if DoorMat::Regex.session_guid.match(session_guid).blank?
+      session = self.find_by(hashed_token: DoorMat::Crypto::FastHash.sha256(session_guid) ) || self.new
+      session.token = session_guid
+      if session.actor.nil?
+        session.destroy!
+        return nil
+      end
+
+      case
+        when session.remember_me?
+          if session.created_at < DoorMat.configuration.remember_me_max_day_count.days.ago
+            session.destroy!
+            return nil
+          end
+          if session.updated_at < DoorMat.configuration.private_computer_access_session_timeout.minutes.ago
+            session_key = session.renew_session_key_and_token(session_key, cookies)
+          end
+        when session.private_computer?
+          if session.updated_at < DoorMat.configuration.private_computer_access_session_timeout.minutes.ago
+            session.destroy!
+            return nil
+          end
+        else
+          if session.updated_at < DoorMat.configuration.public_computer_access_session_timeout.minutes.ago
+            session.destroy!
+            return nil
+          end
+      end
+
+      session.ip = request.remote_ip
+      session.agent = request.user_agent # Check for major change in user_agent in case of strict session policy
+      session.updated_at = DateTime.current
+
+      RequestStore.store[:current_session] = session
+      if session.unlock_with(session_key)
+        session.save
+      else
+        clear_current_session
+      end
+    end
+
+    def renew_session_key_and_token(old_session_key, cookies)
+
+      if unlock_with(old_session_key)
+        encrypt_actor_key(self.actor, @symmetric_actor_key.last)
+        set_new_token
+
+        set_up(cookies)
+      end
+
+      @session_key
+    end
+
+    def unlock_with(session_key)
+      @symmetric_actor_key = [DoorMat::Crypto::SymmetricStore.decrypt(
+          self.encrypted_symmetric_actor_key,
+          self.actor.system_decrypt(session_key)
+      )]
+      @session_key = session_key
+
+      true
+    rescue Exception => e
+      reset
+      DoorMat.configuration.logger.error "ERROR: Failed to unlock session with session_key for actor #{self.actor.id} - #{e}"
+      false
+    end
+
+    def self.destroy_if_linked_to(cookies)
+      session_guid = cookies.encrypted[:session_guid].to_s.strip
+      clean_up(cookies)
+
+      return false if DoorMat::Regex.session_guid.match(session_guid).blank?
+      session = self.find_by(hashed_token: DoorMat::Crypto::FastHash.sha256(session_guid) ) || self.new
+      return false unless session.persisted?
+      session.destroy!
+
+      true
+    end
+
+    def set_up(cookies)
+      options = {
+          secure: DoorMat.configuration.transmit_cookies_only_over_https,
+          httponly: true
+      }
+      options.merge!({ expires: DoorMat.configuration.remember_me_max_day_count.days.since(self.created_at) }) unless self.public_computer?
+
+      cookies.encrypted[:session_guid] = options.merge({value: self.token})
+      cookies.encrypted[:session_key] = options.merge({value: @session_key})
+
+      nil
+    end
+
+    def self.clean_up(cookies)
+      cookies.delete(:session_guid)
+      cookies.delete(:session_key)
+
+      nil
+    end
+
+    def is_older_than(minutes_old)
+      self.password_authenticated_at < minutes_old.minutes.ago
+    end
+
+    def with_session_for_actor(actor)
+      if self.valid? && (actor.nil? || self.actor_id.nil? || self.actor == actor)
+        yield(self)
+      elsif !actor.nil? && (sub_sessions.has_key? actor.id)
+        yield(sub_sessions[actor.id])
+      end
+    end
+
+    def encrypt(message)
+      DoorMat::Crypto::SymmetricStore.encrypt(message, @symmetric_actor_key.last)[:ciphertext]
+    end
+
+    def decrypt(ciphertext)
+      DoorMat::Crypto::SymmetricStore.decrypt(ciphertext, @symmetric_actor_key.first)
+    rescue OpenSSL::Cipher::CipherError => e
+      DoorMat.configuration.logger.warn "WARN: Failed to decrypt for actor #{self.actor.id} - #{e}"
+      nil
+    end
+
+    def package_recovery_key
+      h = DoorMat::Crypto::SymmetricStore.encrypt(@symmetric_actor_key.last)
+      self.actor.recovery_key = h[:ciphertext]
+      self.actor.save!
+      self.actor.system_encrypt(h[:key])
+    end
+
+    def recovery_key_restore(actor, recovery_key)
+      self.actor = actor
+      key = self.actor.system_decrypt(recovery_key)
+      @symmetric_actor_key = [DoorMat::Crypto::SymmetricStore.decrypt(self.actor.recovery_key, key)]
+      true
+    rescue OpenSSL::Cipher::CipherError => e
+      DoorMat.configuration.logger.warn "WARN: Failed recovery_key_restore for actor #{self.actor.id} - #{e}"
+      false
+    end
+
+    def reconfirm_password(password)
+      if self.actor.authenticate(password)
+        self.password_authenticated_at = DateTime.current
+        self.save!
+        true
+      else
+        false
+      end
+    end
+
+    private
+
+    def reset
+      # This key must never be stored or shared in clear outside this object
+      @symmetric_actor_key = []
+      # This token must never be stored in clear on the system side
+      @token = ''
+      # This random key is encrypted with the actor system_key and used to decrypt the session symmetric_actor key; see unlock_with(session_key)
+      @session_key = ''
+      # Sub sessions grant access to data associated with additional actors
+      @sub_sessions = {}
+
+      nil
+    end
+
+    def sub_sessions
+      @sub_sessions ||= {}
+    end
+
+    def encrypt_actor_key(actor, actor_key)
+      symmetric_store = DoorMat::Crypto::SymmetricStore.encrypt(actor_key)
+      self.encrypted_symmetric_actor_key = symmetric_store[:ciphertext]
+      @session_key = actor.system_encrypt(symmetric_store[:key])
+
+      nil
+    end
+
+    def set_new_token
+      @token = SecureRandom.uuid
+
+      self.hashed_token = DoorMat::Crypto::FastHash.sha256(@token)
+    end
+
+  end
+end