enigma-bbs/core/user.js

/* jslint node: true */
'use strict';

var crypto			= require('crypto');
var assert			= require('assert');
//var database		= require('./database.js');

var userDb			= require('./database.js').dbs.user;

exports.User					= User;

var PBKDF2 = {
	iterations	: 1000,
	keyLen		: 128,
	saltLen		: 32,
};

var UserErrorCodes = Object.freeze({
	NONE				: 'No error',
	INVALID_USER		: 'Invalid user',
	INVALID_PASSWORD	: 'Invalid password',
});

function User() {
	var self = this;
	
	this.id				= 0;
	this.userName		= '';
	this.groups			= [];
	this.permissions	= [];
	this.properties		= {};


}

User.generatePasswordDerivedKey = function(password, cb) {
	crypto.randomBytes(PBKDF2.saltLen, function onRandomSalt(err, salt) {
		if(err) {
			cb(err);
			return;
		}

		salt = salt.toString('hex');

		password = new Buffer(password).toString('hex');

		crypto.pbkdf2(password, salt, PBKDF2.iterations, PBKDF2.keyLen, function onDerivedKey(err, dk) {
			if(err) {
				cb(err);
				return;
			}

			cb(null, { dk : dk.toString('hex'), salt : salt });
		});
	});
};

//
//	:TODO: createNewUser(userName, password, groups)

User.addNew = function(user, cb) {
	userDb.run('INSERT INTO user (user_name) VALUES(?);', [ user.userName ], function onUserInsert(err) {
		if(err) {
			cb(err);
			return;
		}

		user.id = this.lastID;
		user.persist(cb);
	});
};

User.prototype.persist = function(cb) {
	var self = this;

	if(0 === this.id || 0 === this.userName.length) {
		cb(new Error(UserErrorCodes.INVALID_USER));
		return;
	}

	userDb.serialize(function onSerialized() {
		userDb.run('BEGIN;');

		//	:TODO: Create persistProperties(id, {props})
		var stmt = userDb.prepare('REPLACE INTO user_property (user_id, prop_name, prop_value) VALUES(?, ?, ?);');
		Object.keys(self.properties).forEach(function onPropName(propName) {
			stmt.run(self.id, propName, self.properties[propName]);
		});

		stmt.finalize(function onFinalized() {
			userDb.run('COMMIT;');
			cb(null, self.id);
		});
	});
};

//	:TODO: make standalone function(password, dk, salt)
User.prototype.validatePassword = function(password, cb) {
	assert(this.properties.pw_pbkdf2_salt);
	assert(this.properties.pw_pbkdf2_dk);

	var self = this;

	password = new Buffer(password).toString('hex');

	crypto.pbkdf2(password, this.properties.pw_pbkdf2_salt, PBKDF2.iterations, PBKDF2.keyLen, function onDerivedKey(err, dk) {
		if(err) {
			cb(err);
			return;
		}

		//	Constant time compare
		var propDk = new Buffer(self.properties.pw_pbkdf2_dk, 'hex');

		console.log(propDk);
		console.log(dk);

		if(propDk.length !== dk.length) {
			cb(new Error('Unexpected buffer length'));
			return;
		}

		var c = 0;
		for(var i = 0; i < dk.length; i++) {
			c |= propDk[i] ^ dk[i];
		}
		cb(null, c === 0);
	});
};

//	:TODO: make this something like getUserProperties(id, [propNames], cb)
function getUserDerivedKeyAndSalt(id, cb) {
	var properties = {};
	userDb.each(
		'SELECT prop_name, prop_value ' +
		'FROM user_property ' +
		'WHERE user_id = ? AND prop_name="pw_pbkdf2_salt" OR prop_name="pw_pbkdf2_dk";', 
		[ id ], 
		function onPwPropRow(err, propRow) {
			if(err) {
				cb(err);
			} else {
				properties[propRow.prop_name] = propRow.prop_value;
			}
		}, 
		function onComplete() {
			cb(null, properties);
		}
	);
}

User.loadWithCredentials = function(userName, password, cb) {
	userDb.get('SELECT id, user_name FROM user WHERE user_name LIKE ? LIMIT 1;"', [ userName ], function onUserIds(err, userRow) {
		if(err) {
			cb(err);
			return;
		}

		if(!userRow) {
			cb(new Error(UserErrorCodes.INVALID_USER));
			return;
		}

		//	Load dk & salt properties for password validation
		getUserDerivedKeyAndSalt(userRow.id, function onDkAndSalt(err, props) {
			var user		= new User();
			user.properties = props;
			
			user.validatePassword(password, function onValidatePw(err, isCorrect) {
				if(err) {
					cb(err);
					return;
				}

				if(!isCorrect) {
					cb(new Error(UserErrorCodes.INVALID_PASSWORD));
					return;
				}

				//	userName and password OK -- load the rest.
				
				user.id			= userRow.id;
				user.userName	= userRow.user_name;

				cb(null, user);
			});
		});
	});
};

User.prototype.setPassword = function(password, cb) {
	//	:TODO: validate min len, etc. here?

	crypto.randomBytes(PBKDF2.saltLen, function onRandomSalt(err, salt) {
		if(err) {
			cb(err);
			return;
		}

		password = Buffer.isBuffer(password) ? password : new Buffer(password, 'hex');

		crypto.pbkdf2(password, salt, PBKDF2.iterations, PBKDF2.keyLen, function onPbkdf2Generated(err, dk) {
			if(err) {
				cb(err);
				return;
			}

			cb(null, dk);

			this.properties['pw.pbkdf2.salt']	= salt;
			this.properties['pw.pbkdf2.dk']		= dk;
		});
	});
};
* Start work on database & users 2014-10-20 05:30:44 +00:00			`/* jslint node: true */`
			`'use strict';`

			`var crypto = require('crypto');`
* Work on User & user db 2014-10-21 04:47:13 +00:00			`var assert = require('assert');`
			`//var database = require('./database.js');`

			`var userDb = require('./database.js').dbs.user;`
* Start work on database & users 2014-10-20 05:30:44 +00:00
			`exports.User = User;`

* Work on User & user db 2014-10-21 04:47:13 +00:00			`var PBKDF2 = {`
* Start work on database & users 2014-10-20 05:30:44 +00:00			`iterations : 1000,`
			`keyLen : 128,`
			`saltLen : 32,`
			`};`

* Work on User & user db 2014-10-21 04:47:13 +00:00			`var UserErrorCodes = Object.freeze({`
			`NONE : 'No error',`
			`INVALID_USER : 'Invalid user',`
			`INVALID_PASSWORD : 'Invalid password',`
			`});`

* Start work on database & users 2014-10-20 05:30:44 +00:00			`function User() {`
			`var self = this;`
* Work on User & user db 2014-10-21 04:47:13 +00:00
* Start work on database & users 2014-10-20 05:30:44 +00:00			`this.id = 0;`
			`this.userName = '';`
			`this.groups = [];`
			`this.permissions = [];`
			`this.properties = {};`

* Work on User & user db 2014-10-21 04:47:13 +00:00
			`}`

			`User.generatePasswordDerivedKey = function(password, cb) {`
			`crypto.randomBytes(PBKDF2.saltLen, function onRandomSalt(err, salt) {`
			`if(err) {`
			`cb(err);`
			`return;`
			`}`

			`salt = salt.toString('hex');`

			`password = new Buffer(password).toString('hex');`

			`crypto.pbkdf2(password, salt, PBKDF2.iterations, PBKDF2.keyLen, function onDerivedKey(err, dk) {`
* Start work on database & users 2014-10-20 05:30:44 +00:00			`if(err) {`
			`cb(err);`
			`return;`
			`}`

* Work on User & user db 2014-10-21 04:47:13 +00:00			`cb(null, { dk : dk.toString('hex'), salt : salt });`
			`});`
			`});`
			`};`

			`//`
			`// :TODO: createNewUser(userName, password, groups)`
* Start work on database & users 2014-10-20 05:30:44 +00:00
* Work on User & user db 2014-10-21 04:47:13 +00:00			`User.addNew = function(user, cb) {`
			`userDb.run('INSERT INTO user (user_name) VALUES(?);', [ user.userName ], function onUserInsert(err) {`
			`if(err) {`
			`cb(err);`
			`return;`
			`}`
* Start work on database & users 2014-10-20 05:30:44 +00:00
* Work on User & user db 2014-10-21 04:47:13 +00:00			`user.id = this.lastID;`
			`user.persist(cb);`
			`});`
			`};`

			`User.prototype.persist = function(cb) {`
			`var self = this;`

			`if(0 === this.id \|\| 0 === this.userName.length) {`
			`cb(new Error(UserErrorCodes.INVALID_USER));`
			`return;`
			`}`
* Start work on database & users 2014-10-20 05:30:44 +00:00
* Work on User & user db 2014-10-21 04:47:13 +00:00			`userDb.serialize(function onSerialized() {`
			`userDb.run('BEGIN;');`

			`// :TODO: Create persistProperties(id, {props})`
			`var stmt = userDb.prepare('REPLACE INTO user_property (user_id, prop_name, prop_value) VALUES(?, ?, ?);');`
			`Object.keys(self.properties).forEach(function onPropName(propName) {`
			`stmt.run(self.id, propName, self.properties[propName]);`
* Start work on database & users 2014-10-20 05:30:44 +00:00			`});`

* Work on User & user db 2014-10-21 04:47:13 +00:00			`stmt.finalize(function onFinalized() {`
			`userDb.run('COMMIT;');`
			`cb(null, self.id);`
			`});`
			`});`
			`};`

			`// :TODO: make standalone function(password, dk, salt)`
			`User.prototype.validatePassword = function(password, cb) {`
			`assert(this.properties.pw_pbkdf2_salt);`
			`assert(this.properties.pw_pbkdf2_dk);`

			`var self = this;`

			`password = new Buffer(password).toString('hex');`

			`crypto.pbkdf2(password, this.properties.pw_pbkdf2_salt, PBKDF2.iterations, PBKDF2.keyLen, function onDerivedKey(err, dk) {`
* Start work on database & users 2014-10-20 05:30:44 +00:00			`if(err) {`
			`cb(err);`
			`return;`
			`}`

* Work on User & user db 2014-10-21 04:47:13 +00:00			`// Constant time compare`
			`var propDk = new Buffer(self.properties.pw_pbkdf2_dk, 'hex');`
* Start work on database & users 2014-10-20 05:30:44 +00:00
* Work on User & user db 2014-10-21 04:47:13 +00:00			`console.log(propDk);`
			`console.log(dk);`
* Start work on database & users 2014-10-20 05:30:44 +00:00
* Work on User & user db 2014-10-21 04:47:13 +00:00			`if(propDk.length !== dk.length) {`
			`cb(new Error('Unexpected buffer length'));`
			`return;`
			`}`

			`var c = 0;`
			`for(var i = 0; i < dk.length; i++) {`
			`c \|= propDk[i] ^ dk[i];`
			`}`
			`cb(null, c === 0);`
			`});`
			`};`

			`// :TODO: make this something like getUserProperties(id, [propNames], cb)`
			`function getUserDerivedKeyAndSalt(id, cb) {`
			`var properties = {};`
			`userDb.each(`
			`'SELECT prop_name, prop_value ' +`
			`'FROM user_property ' +`
			`'WHERE user_id = ? AND prop_name="pw_pbkdf2_salt" OR prop_name="pw_pbkdf2_dk";',`
			`[ id ],`
			`function onPwPropRow(err, propRow) {`
			`if(err) {`
			`cb(err);`
			`} else {`
			`properties[propRow.prop_name] = propRow.prop_value;`
			`}`
			`},`
			`function onComplete() {`
			`cb(null, properties);`
			`}`
			`);`
			`}`

			`User.loadWithCredentials = function(userName, password, cb) {`
			`userDb.get('SELECT id, user_name FROM user WHERE user_name LIKE ? LIMIT 1;"', [ userName ], function onUserIds(err, userRow) {`
			`if(err) {`
			`cb(err);`
			`return;`
			`}`

			`if(!userRow) {`
			`cb(new Error(UserErrorCodes.INVALID_USER));`
			`return;`
			`}`

			`// Load dk & salt properties for password validation`
			`getUserDerivedKeyAndSalt(userRow.id, function onDkAndSalt(err, props) {`
			`var user = new User();`
			`user.properties = props;`

			`user.validatePassword(password, function onValidatePw(err, isCorrect) {`
			`if(err) {`
			`cb(err);`
			`return;`
			`}`

			`if(!isCorrect) {`
			`cb(new Error(UserErrorCodes.INVALID_PASSWORD));`
			`return;`
			`}`

			`// userName and password OK -- load the rest.`

			`user.id = userRow.id;`
			`user.userName = userRow.user_name;`

			`cb(null, user);`
* Start work on database & users 2014-10-20 05:30:44 +00:00			`});`
			`});`
			`});`
			`};`

			`User.prototype.setPassword = function(password, cb) {`
			`// :TODO: validate min len, etc. here?`

* Work on User & user db 2014-10-21 04:47:13 +00:00			`crypto.randomBytes(PBKDF2.saltLen, function onRandomSalt(err, salt) {`
* Start work on database & users 2014-10-20 05:30:44 +00:00			`if(err) {`
			`cb(err);`
			`return;`
			`}`

* Work on User & user db 2014-10-21 04:47:13 +00:00			`password = Buffer.isBuffer(password) ? password : new Buffer(password, 'hex');`
* Start work on database & users 2014-10-20 05:30:44 +00:00
* Work on User & user db 2014-10-21 04:47:13 +00:00			`crypto.pbkdf2(password, salt, PBKDF2.iterations, PBKDF2.keyLen, function onPbkdf2Generated(err, dk) {`
* Start work on database & users 2014-10-20 05:30:44 +00:00			`if(err) {`
			`cb(err);`
			`return;`
			`}`

			`cb(null, dk);`

			`this.properties['pw.pbkdf2.salt'] = salt;`
			`this.properties['pw.pbkdf2.dk'] = dk;`
			`});`
			`});`
			`};`