public function extractKeyAndUser(Request $request)
{
$apiKey = $request->header('Authorization');
if (!$apiKey) {
throw new InvalidAuthException('No Authorization header provided.');
}
if (strpos($apiKey, 'Basic ') === 0) {
$apiKey = substr($apiKey, 5, strlen($apiKey));
}
$parts = explode(':', $apiKey);
if (sizeof($parts) != 2) {
throw new InvalidAuthException('Invalid Authorization header provided. It has to be user:code');
}
$user = User::where('email', trim($parts[0]))->first();
if ($user) {
try {
$key = new PrivateKey($user->rsaKey->private);
$pass = Crypt::decrypt(trim($parts[1]));
$key->unlock($pass);
return ['user' => $user, 'key' => $key];
} catch (\Exception $e) {
throw new InvalidAuthException($e->getMessage());
}
}
return null;
}
/**
* Execute the console command.
*
* @return mixed
*/
public function handle()
{
foreach (User::all() as $user) {
if (!$user->rsaKey) {
throw new \RuntimeException('user ' . $user->email . ' has no RSA key. Create it using key:generate:users');
}
}
if (!$this->filesystem->exists(config('app.backup_key'))) {
$this->warn('Backup key does not exist. We recommend that you create one using key:generate:master');
}
$entries = Entry::all();
foreach ($entries as $entry) {
$list = $this->accessDecider->getUserListForEntry($entry);
if ($list->count() == 0) {
throw new \RuntimeException('Entry #' . $entry->id . ' has no access. Share it.');
}
}
foreach ($entries as $entry) {
if ($entry->password != '') {
continue;
}
echo $entry->id . '... ';
$this->entryCrypt->encrypt($entry->password, $entry);
echo ' encrypted!' . "\n";
}
}
public function handle()
{
$model = User::create(['email' => $this->email, 'password' => Hash::make($this->password), 'group' => $this->group, 'name' => $this->name, 'surname' => $this->surname]);
$keys = KeyPairGenerator::generate($this->password);
$key = new RsaKey();
$key->private = $keys['private'];
$key->public = $keys['public'];
$key->user_id = $model->id;
$key->save();
event(new UserCreated($model));
return $model;
}
/**
* Execute the console command.
*
* @return mixed
*/
public function handle()
{
$user = User::where('email', $this->argument('email'))->first();
$key = new PrivateKey($this->fs->get($this->argument('keyPath')));
$key->unlock(md5($this->ask('What is the master key secret?')));
$entries = KeyShare::where('user_id', $user->id)->with('entry')->get();
foreach ($entries as $share) {
$masterShare = $share->entry->keyShares()->whereNull('user_id')->firstOrFail();
$data = $this->sealer->unseal($share->entry->data, $masterShare->public, $key);
$this->crypt->encrypt($data, $share->entry);
}
}
/**
* Run the database seeds.
*
* @return void
*/
public function run()
{
Eloquent::unguard();
if (!User::find(1)) {
User::create(['email' => 'admin', 'password' => Hash::make('admin'), 'name' => 'Main', 'surname' => 'Admin', 'group' => User::GROUP_ADMIN]);
Project::create(['name' => 'Project 1', 'description' => 'Default starter project', 'user_id' => 1]);
$keys = KeyPairGenerator::generate('admin');
$key = new RsaKey();
$key->private = $keys['private'];
$key->public = $keys['public'];
$key->user_id = 1;
$key->save();
echo "DB Seeded...\n";
} else {
echo "DB Already Seeded...\n";
}
}
/**
* @param $users
*/
private function generateKeys($users)
{
foreach ($users as $userRow) {
$newPassword = md5(Crypt::encrypt($userRow->email));
$pair = KeyPairGenerator::generate($newPassword);
$user = User::find($userRow->id);
$key = new RsaKey();
$key->private = $pair['private'];
$key->public = $pair['public'];
if ($user->rsaKey()->count()) {
$user->rsaKey()->delete();
}
$user->rsaKey()->save($key);
$user->password = Hash::make($newPassword);
$user->save();
echo $user->email . "\t" . $newPassword . "\n";
}
}
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::table('user', function ($table) {
$table->string('type', 20);
});
$users = User::all();
foreach ($users as $user) {
if (isset($user->group)) {
$user->type = $user->group == 'admin' ? 'admin' : 'member';
$user->save();
}
}
Schema::table('user', function ($table) {
$table->dropColumn('group');
});
Schema::table('user', function ($table) {
$table->renameColumn('type', 'group');
});
}
public function handle(UserRepository $userRepo, HistoryLogger $logger)
{
$model = User::findOrFail($this->id);
$model->email = $this->email;
$model->name = $this->name;
$model->surname = $this->surname;
if ($this->group) {
if ($this->isBecomingNonAdmin($model) && $userRepo->isLastAdmin($model)) {
throw new HttpResponseException(new JsonResponse('You cannot change this user group.', 419));
}
$model->group = $this->group;
}
$logger->log('user', 'Updated user details.', $model->id);
if (!is_null($this->password)) {
$logger->log('user', 'Changed user password.', $model->id);
$model->password = Hash::make($this->password);
}
$model->save();
return $model;
}
/**
* Store a newly created resource in storage.
*
* @param HistoryLogger $logger
* @return Response
*/
public function store(HistoryLogger $logger)
{
$oldPassword = Input::get('old');
$newPassword = Input::get('new');
if (!Hash::check($oldPassword, Auth::user()->password)) {
return Response::make('Old password does not match.', 419);
}
if ($newPassword != Input::get('repeat')) {
return Response::make('New passwords do not match.', 419);
}
try {
$model = User::findOrFail(Auth::user()->id);
$model->password = Hash::make($newPassword);
$rsa = $model->rsaKey;
$rsa->private = (new PrivateKey($rsa->private))->unlock(md5($oldPassword))->lock($newPassword)->getKey();
$rsa->save();
$model->save();
$logger->log('auth', 'User changed password.', Auth::user()->id);
} catch (\RuntimeException $e) {
return Response::make('Incorrect old password for private key.', 419);
}
}
public function index()
{
return User::all();
}
