From 1805b770ac719a32a7d1e2d8beaf8e701b47b8aa Mon Sep 17 00:00:00 2001 From: levlam Date: Tue, 17 Apr 2018 15:39:23 +0300 Subject: [PATCH] Fix storing credentials. GitOrigin-RevId: f621726534338e3dc198b36c1f14996f049a4cb4 --- td/telegram/SecureManager.cpp | 37 +++++++++++++++++++++++++++++++---- td/telegram/SecureManager.h | 4 ++++ td/telegram/SecureValue.cpp | 16 +++++++-------- td/telegram/SecureValue.h | 4 ++-- 4 files changed, 47 insertions(+), 14 deletions(-) diff --git a/td/telegram/SecureManager.cpp b/td/telegram/SecureManager.cpp index 70f2ccab3..43595ba00 100644 --- a/td/telegram/SecureManager.cpp +++ b/td/telegram/SecureManager.cpp @@ -488,21 +488,49 @@ void SecureManager::get_passport_authorization_form(string password, UserId bot_ Promise promise) { refcnt_++; auto authorization_form_id = ++authorization_form_id_; - authorization_forms_[authorization_form_id] = AuthorizationForm{bot_user_id, scope, public_key, payload}; + authorization_forms_[authorization_form_id] = + AuthorizationForm{bot_user_id, scope, public_key, payload, false, false}; + auto new_promise = + PromiseCreator::lambda([actor_id = actor_id(this), authorization_form_id, promise = std::move(promise)]( + Result r_authorization_form) mutable { + send_closure(actor_id, &SecureManager::on_get_passport_authorization_form, authorization_form_id, + std::move(promise), std::move(r_authorization_form)); + }); create_actor("GetPassportAuthorizationForm", actor_shared(), std::move(password), authorization_form_id, bot_user_id, std::move(scope), - std::move(public_key), std::move(promise)) + std::move(public_key), std::move(new_promise)) .release(); } +void SecureManager::on_get_passport_authorization_form(int32 authorization_form_id, + Promise promise, + Result r_authorization_form) { + auto it = authorization_forms_.find(authorization_form_id); + CHECK(it != authorization_forms_.end()); + CHECK(it->second.is_received == false); + if (r_authorization_form.is_error()) { + authorization_forms_.erase(it); + return promise.set_error(r_authorization_form.move_as_error()); + } + it->second.is_received = true; + + auto authorization_form = r_authorization_form.move_as_ok(); + CHECK(authorization_form != nullptr); + it->second.is_selfie_required = authorization_form->is_selfie_required_; + promise.set_value(std::move(authorization_form)); +} + void SecureManager::send_passport_authorization_form(string password, int32 authorization_form_id, std::vector types, Promise<> promise) { auto it = authorization_forms_.find(authorization_form_id); if (it == authorization_forms_.end()) { return promise.set_error(Status::Error(400, "Unknown authorization_form_id")); } + if (!it->second.is_received) { + return promise.set_error(Status::Error(400, "Authorization form isn't received yet")); + } if (types.empty()) { - return promise.set_error(Status::Error(400, "Empty types")); + return promise.set_error(Status::Error(400, "Types must be non-empty")); } struct JoinPromise { @@ -562,7 +590,8 @@ void SecureManager::do_send_passport_authorization_form(int32 authorization_form BufferSlice(c.hash))); } - auto r_encrypted_credentials = encrypted_credentials(credentials, it->second.payload, it->second.public_key); + auto r_encrypted_credentials = + get_encrypted_credentials(credentials, it->second.payload, it->second.is_selfie_required, it->second.public_key); if (r_encrypted_credentials.is_error()) { return promise.set_error(r_encrypted_credentials.move_as_error()); } diff --git a/td/telegram/SecureManager.h b/td/telegram/SecureManager.h index 0f2a01356..f7a185fb5 100644 --- a/td/telegram/SecureManager.h +++ b/td/telegram/SecureManager.h @@ -144,6 +144,8 @@ class SecureManager : public NetQueryCallback { string scope; string public_key; string payload; + bool is_selfie_required; + bool is_received; }; std::map authorization_forms_; @@ -153,6 +155,8 @@ class SecureManager : public NetQueryCallback { void hangup_shared() override; void dec_refcnt(); void do_get_secure_value(std::string password, SecureValueType type, Promise promise); + void on_get_passport_authorization_form(int32 authorization_form_id, Promise promise, + Result r_authorization_form); void do_send_passport_authorization_form(int32 authorization_form_id, vector credentials, Promise<> promise); diff --git a/td/telegram/SecureValue.cpp b/td/telegram/SecureValue.cpp index 5a23c999c..bed51a0f6 100644 --- a/td/telegram/SecureValue.cpp +++ b/td/telegram/SecureValue.cpp @@ -981,22 +981,22 @@ static Slice secure_value_type_as_slice(SecureValueType type) { } } -static auto credentials_as_jsonable(std::vector &credentials, Slice payload) { - return json_object([&credentials, &payload](auto &o) { - o("secure_data", json_object([&credentials](auto &o) { +static auto credentials_as_jsonable(std::vector &credentials, Slice payload, bool with_selfie) { + return json_object([&credentials, &payload, with_selfie](auto &o) { + o("secure_data", json_object([&credentials, with_selfie](auto &o) { for (auto &c : credentials) { if (c.type == SecureValueType::PhoneNumber || c.type == SecureValueType::EmailAddress) { continue; } - o(secure_value_type_as_slice(c.type), json_object([&credentials = c](auto &o) { + o(secure_value_type_as_slice(c.type), json_object([&credentials = c, with_selfie](auto &o) { if (credentials.data) { o("data", as_jsonable(credentials.data.value())); } if (!credentials.files.empty()) { o("files", as_jsonable(credentials.files)); } - if (credentials.selfie) { + if (credentials.selfie && with_selfie) { o("selfie", as_jsonable(credentials.selfie.value())); } })); @@ -1006,9 +1006,9 @@ static auto credentials_as_jsonable(std::vector &credent }); } -Result encrypted_credentials(std::vector &credentials, - Slice payload, Slice public_key) { - auto encoded_credentials = json_encode(credentials_as_jsonable(credentials, payload)); +Result get_encrypted_credentials(std::vector &credentials, + Slice payload, bool with_selfie, Slice public_key) { + auto encoded_credentials = json_encode(credentials_as_jsonable(credentials, payload, with_selfie)); auto secret = secure_storage::Secret::create_new(); auto encrypted_value = secure_storage::encrypt_value(secret, encoded_credentials).move_as_ok(); diff --git a/td/telegram/SecureValue.h b/td/telegram/SecureValue.h index 9d21e828c..b18e1ad73 100644 --- a/td/telegram/SecureValue.h +++ b/td/telegram/SecureValue.h @@ -155,8 +155,8 @@ struct SecureValueCredentials { optional selfie; }; -Result encrypted_credentials(std::vector &credentials, - Slice payload, Slice public_key); +Result get_encrypted_credentials(std::vector &credentials, + Slice payload, bool with_selfie, Slice public_key); class SecureValue { public: