From 944ef2e564c11df876448af7933f07086b55acb1 Mon Sep 17 00:00:00 2001 From: Neeraj Gupta <254676+ua741@users.noreply.github.com> Date: Mon, 11 Mar 2024 22:33:47 +0530 Subject: [PATCH] [mob]Generate randomkey using crypto library --- auth/lib/services/user_service.dart | 5 +---- auth/lib/ui/settings/security_section_widget.dart | 9 ++++----- mobile/lib/services/user_service.dart | 5 +---- mobile/lib/ui/settings/security_section_widget.dart | 9 ++++----- 4 files changed, 10 insertions(+), 18 deletions(-) diff --git a/auth/lib/services/user_service.dart b/auth/lib/services/user_service.dart index f4e9022ef..b870aa647 100644 --- a/auth/lib/services/user_service.dart +++ b/auth/lib/services/user_service.dart @@ -867,14 +867,11 @@ class UserService { return; } try { - final secretValue = type == TwoFactorType.passkey - ? utf8.decode(base64.decode(secret)) - : secret; final response = await _dio.post( _config.getHttpEndpoint() + "/users/two-factor/remove", data: { "sessionID": sessionID, - "secret": secretValue, + "secret": secret, "twoFactorType": twoFactorTypeToString(type), }, ); diff --git a/auth/lib/ui/settings/security_section_widget.dart b/auth/lib/ui/settings/security_section_widget.dart index 5a4e6c464..622c77723 100644 --- a/auth/lib/ui/settings/security_section_widget.dart +++ b/auth/lib/ui/settings/security_section_widget.dart @@ -169,15 +169,14 @@ class _SecuritySectionWidgetState extends State { await PasskeyService.instance.isPasskeyRecoveryEnabled(); if (!isPassKeyResetEnabled) { final Uint8List recoveryKey = Configuration.instance.getRecoveryKey(); - final resetSecret = const Uuid().v4().toString(); - final bytes = utf8.encode(resetSecret); - final base64Str = base64.encode(bytes); + final resetKey = CryptoUtil.generateKey(); + final resetKeyBase64 = CryptoUtil.bin2base64(resetKey); final encryptionResult = CryptoUtil.encryptSync( - CryptoUtil.base642bin(base64Str), + resetKey, recoveryKey, ); await PasskeyService.instance.configurePasskeyRecovery( - resetSecret, + resetKeyBase64, CryptoUtil.bin2base64(encryptionResult.encryptedData!), CryptoUtil.bin2base64(encryptionResult.nonce!), ); diff --git a/mobile/lib/services/user_service.dart b/mobile/lib/services/user_service.dart index 3ad3e1b0f..44e098567 100644 --- a/mobile/lib/services/user_service.dart +++ b/mobile/lib/services/user_service.dart @@ -912,14 +912,11 @@ class UserService { return; } try { - final secretValue = type == TwoFactorType.passkey - ? utf8.decode(base64.decode(secret)) - : secret; final response = await _dio.post( _config.getHttpEndpoint() + "/users/two-factor/remove", data: { "sessionID": sessionID, - "secret": secretValue, + "secret": secret, "twoFactorType": twoFactorTypeToString(type), }, ); diff --git a/mobile/lib/ui/settings/security_section_widget.dart b/mobile/lib/ui/settings/security_section_widget.dart index 5099bc5d3..88a198f4e 100644 --- a/mobile/lib/ui/settings/security_section_widget.dart +++ b/mobile/lib/ui/settings/security_section_widget.dart @@ -243,15 +243,14 @@ class _SecuritySectionWidgetState extends State { if (!isPassKeyResetEnabled) { final Uint8List recoveryKey = await UserService.instance.getOrCreateRecoveryKey(context); - final resetSecret = const Uuid().v4().toString(); - final bytes = utf8.encode(resetSecret); - final base64Str = base64.encode(bytes); + final resetKey = CryptoUtil.generateKey(); + final resetKeyBase64 = CryptoUtil.bin2base64(resetKey); final encryptionResult = CryptoUtil.encryptSync( - CryptoUtil.base642bin(base64Str), + resetKey, recoveryKey, ); await PasskeyService.instance.configurePasskeyRecovery( - resetSecret, + resetKeyBase64, CryptoUtil.bin2base64(encryptionResult.encryptedData!), CryptoUtil.bin2base64(encryptionResult.nonce!), );