mirror of
https://github.com/philomena-dev/philomena.git
synced 2024-11-30 14:57:59 +01:00
add cryptor
This commit is contained in:
parent
39470dc1ad
commit
4d7ef4a18d
6 changed files with 42 additions and 1 deletions
|
@ -11,6 +11,7 @@ config :philomena,
|
|||
ecto_repos: [Philomena.Repo],
|
||||
elasticsearch_url: "http://localhost:9200",
|
||||
password_pepper: "dn2e0EpZrvBLoxUM3gfQveBhjf0bG/6/bYhrOyq3L3hV9hdo/bimJ+irbDWsuXLP",
|
||||
otp_secret_key: "Wn7O/8DD+qxL0X4X7bvT90wOkVGcA90bIHww4twR03Ci//zq7PnMw8ypqyyT/b/C",
|
||||
image_url_root: "/img"
|
||||
|
||||
config :philomena, :pow,
|
||||
|
|
|
@ -16,6 +16,7 @@ config :bcrypt_elixir,
|
|||
|
||||
config :philomena,
|
||||
password_pepper: System.get_env("PASSWORD_PEPPER"),
|
||||
otp_secret_key: System.get_env("OTP_SECRET_KEY"),
|
||||
image_url_root: System.get_env("IMAGE_URL_ROOT")
|
||||
|
||||
config :philomena, Philomena.Repo,
|
||||
|
|
19
lib/philomena/users/encryptor.ex
Normal file
19
lib/philomena/users/encryptor.ex
Normal file
|
@ -0,0 +1,19 @@
|
|||
defmodule Philomena.Users.Encryptor do
|
||||
def decrypt_model(secret, iv, salt) do
|
||||
# attr_encrypted encoding scheme
|
||||
secret = Base.decode64!(secret, ignore: :whitespace)
|
||||
iv = Base.decode64!(iv, ignore: :whitespace)
|
||||
<<?_, salt::binary>> = salt
|
||||
salt = Base.decode64!(salt, ignore: :whitespace)
|
||||
|
||||
{:ok, key} = :pbkdf2.pbkdf2(:sha, otp_secret(), salt, 2000, 32)
|
||||
auth_tag = :binary.part(secret, byte_size(secret), -16)
|
||||
msg = :binary.part(secret, 0, byte_size(secret) - 16)
|
||||
|
||||
:crypto.crypto_one_time_aead(:aes_256_gcm, key, iv, msg, "", auth_tag, false)
|
||||
end
|
||||
|
||||
defp otp_secret do
|
||||
Application.get_env(:philomena, :otp_secret_key)
|
||||
end
|
||||
end
|
|
@ -106,5 +106,22 @@ defmodule Philomena.Users.User do
|
|||
|> pow_extension_changeset(attrs)
|
||||
|> cast(attrs, [])
|
||||
|> validate_required([])
|
||||
|> put_otp_secret()
|
||||
end
|
||||
|
||||
def otp_secret(%{encrypted_otp_secret: x} = user) when x not in [nil, ""] do
|
||||
Philomena.Users.Encryptor.decrypt_model(
|
||||
user.encrypted_otp_secret,
|
||||
user.encrypted_otp_secret_iv,
|
||||
user.encrypted_otp_secret_salt
|
||||
)
|
||||
end
|
||||
|
||||
def otp_secret(_user), do: nil
|
||||
|
||||
defp put_otp_secret(%{valid?: true} = changeset) do
|
||||
|
||||
end
|
||||
|
||||
defp put_otp_secret(changeset), do: changeset
|
||||
end
|
||||
|
|
3
mix.exs
3
mix.exs
|
@ -53,7 +53,8 @@ defmodule Philomena.MixProject do
|
|||
{:nimble_parsec, "~> 0.5.1"},
|
||||
{:canary, "~> 1.1.1"},
|
||||
{:scrivener_ecto, "~> 2.0"},
|
||||
{:elixir2fa, "~> 0.1.0"}
|
||||
{:elixir2fa, "~> 0.1.0"},
|
||||
{:pbkdf2, "~> 2.0"}
|
||||
]
|
||||
end
|
||||
|
||||
|
|
2
mix.lock
2
mix.lock
|
@ -27,6 +27,8 @@
|
|||
"neotoma": {:hex, :neotoma, "1.7.3", "d8bd5404b73273989946e4f4f6d529e5c2088f5fa1ca790b4dbe81f4be408e61", [:rebar], [], "hexpm"},
|
||||
"nimble_parsec": {:hex, :nimble_parsec, "0.5.1", "c90796ecee0289dbb5ad16d3ad06f957b0cd1199769641c961cfe0b97db190e0", [:mix], [], "hexpm"},
|
||||
"parse_trans": {:hex, :parse_trans, "3.3.0", "09765507a3c7590a784615cfd421d101aec25098d50b89d7aa1d66646bc571c1", [:rebar3], [], "hexpm"},
|
||||
"pbkdf2": {:hex, :pbkdf2, "2.0.0", "11c23279fded5c0027ab3996cfae77805521d7ef4babde2bd7ec04a9086cf499", [:rebar3], [], "hexpm"},
|
||||
"pbkdf2_elixir": {:hex, :pbkdf2_elixir, "1.0.2", "3791717374498a605e7e864bc77a7dd3221e1d035750b3af3df5af632f0fc947", [:mix], [{:comeonin, "~> 5.1", [hex: :comeonin, repo: "hexpm", optional: false]}], "hexpm"},
|
||||
"phoenix": {:hex, :phoenix, "1.4.10", "619e4a545505f562cd294df52294372d012823f4fd9d34a6657a8b242898c255", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 1.1", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:plug, "~> 1.8.1 or ~> 1.9", [hex: :plug, repo: "hexpm", optional: false]}, {:plug_cowboy, "~> 1.0 or ~> 2.0", [hex: :plug_cowboy, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm"},
|
||||
"phoenix_ecto": {:hex, :phoenix_ecto, "4.0.0", "c43117a136e7399ea04ecaac73f8f23ee0ffe3e07acfcb8062fe5f4c9f0f6531", [:mix], [{:ecto, "~> 3.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.9", [hex: :phoenix_html, repo: "hexpm", optional: true]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"},
|
||||
"phoenix_html": {:hex, :phoenix_html, "2.13.3", "850e292ff6e204257f5f9c4c54a8cb1f6fbc16ed53d360c2b780a3d0ba333867", [:mix], [{:plug, "~> 1.5", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm"},
|
||||
|
|
Loading…
Reference in a new issue