[server] Add server side validation
This commit is contained in:
@@ -10,6 +10,8 @@ const (
|
||||
ChangeEmailOTTPurpose = "change"
|
||||
SignUpOTTPurpose = "signup"
|
||||
LoginOTTPurpose = "login"
|
||||
|
||||
ExpectedKDFStrength = 1073741824 * 4
|
||||
)
|
||||
|
||||
// User represents a user in the system
|
||||
@@ -88,6 +90,14 @@ type SetUserAttributesRequest struct {
|
||||
KeyAttributes KeyAttributes `json:"keyAttributes" binding:"required"`
|
||||
}
|
||||
|
||||
func (sk *SetUserAttributesRequest) Validate() error {
|
||||
strength := sk.KeyAttributes.MemLimit * sk.KeyAttributes.OpsLimit
|
||||
if strength != ExpectedKDFStrength {
|
||||
return NewBadRequestWithMessage("Unexpected KDF strength")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// UpdateEmailMFA ..
|
||||
type UpdateEmailMFA struct {
|
||||
IsEnabled *bool `json:"isEnabled" binding:"required"`
|
||||
@@ -102,6 +112,14 @@ type UpdateKeysRequest struct {
|
||||
OpsLimit int `json:"opsLimit" binding:"required"`
|
||||
}
|
||||
|
||||
func (u *UpdateKeysRequest) Validate() error {
|
||||
strength := u.MemLimit * u.OpsLimit
|
||||
if strength != ExpectedKDFStrength {
|
||||
return NewBadRequestWithMessage("Unexpected KDF strength")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
type SetRecoveryKeyRequest struct {
|
||||
MasterKeyEncryptedWithRecoveryKey string `json:"masterKeyEncryptedWithRecoveryKey"`
|
||||
MasterKeyDecryptionNonce string `json:"masterKeyDecryptionNonce"`
|
||||
|
||||
@@ -82,6 +82,10 @@ func (h *UserHandler) SetAttributes(c *gin.Context) {
|
||||
handler.Error(c, stacktrace.Propagate(err, ""))
|
||||
return
|
||||
}
|
||||
if err := request.Validate(); err != nil {
|
||||
handler.Error(c, stacktrace.Propagate(err, ""))
|
||||
return
|
||||
}
|
||||
err := h.UserController.SetAttributes(userID, request)
|
||||
if err != nil {
|
||||
handler.Error(c, stacktrace.Propagate(err, ""))
|
||||
|
||||
@@ -135,6 +135,9 @@ func (repo *UserAuthRepository) InsertOrUpdateSRPAuthAndKeyAttr(ctx context.Cont
|
||||
return stacktrace.Propagate(err, "")
|
||||
}
|
||||
updateKeyAttr := *req.UpdateAttributes
|
||||
if validErr := updateKeyAttr.Validate(); validErr != nil {
|
||||
return stacktrace.Propagate(validErr, "")
|
||||
}
|
||||
_, err = tx.ExecContext(ctx, `UPDATE key_attributes SET kek_salt = $1, encrypted_key = $2, key_decryption_nonce = $3, mem_limit = $4, ops_limit = $5 WHERE user_id = $6`,
|
||||
updateKeyAttr.KEKSalt, updateKeyAttr.EncryptedKey, updateKeyAttr.KeyDecryptionNonce, updateKeyAttr.MemLimit, updateKeyAttr.OpsLimit, userID)
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user