Implement pin hardening

This commit is contained in:
Rene Vergara 2023-01-26 12:13:17 -06:00
parent e6d3646fa8
commit 6d14ccd48a
Signed by: pitmutt
GPG key ID: 65122AD495A7F5B2
3 changed files with 13 additions and 6 deletions

View file

@ -6,6 +6,7 @@
module ZGoBackend where
import qualified BLAKE3 as BLK
import Config
import Control.Concurrent (forkIO, threadDelay)
import Control.Exception (try)
@ -14,6 +15,7 @@ import Control.Monad.IO.Class
import Data.Aeson
import Data.Array
import qualified Data.Bson as B
import qualified Data.ByteArray as BA
import qualified Data.ByteString as BS
import qualified Data.ByteString.Base64 as B64
import qualified Data.ByteString.Char8 as C
@ -426,12 +428,17 @@ addUser nodeUser nodePwd p db node (Just tx) = do
when isNew $ do
let newPin = unsafePerformIO (generatePin (fromIntegral $ blocktime tx))
_ <- sendPin nodeUser nodePwd node (address tx) newPin
let pinHash =
BLK.hash
[ BA.pack . BS.unpack . C.pack . T.unpack $ newPin <> session tx :: BA.Bytes
]
insert_
"users"
[ "address" =: address tx
, "session" =: session tx
, "blocktime" =: blocktime tx
, "pin" =: newPin
, "pin" =:
(T.pack . show $ (pinHash :: BLK.Digest BLK.DEFAULT_DIGEST_LEN))
, "validated" =: False
]

View file

@ -521,7 +521,7 @@ main = do
["expiration" =: ["$lt" =: now], "paid" =: True]
"owners"))
res `shouldBe` []
xit "login txs are converted to users" $ \p -> do
it "login txs are converted to users" $ \p -> do
let myTx =
ZGoTx
Nothing

View file

@ -10,7 +10,7 @@ port = 3000
tls = false
certificate = "/path/to/cert.pem"
key = "/path/to/key.pem"
mailHost = "127.0.0.1"
mailPort = 1025
mailUser = "contact@zgo.cash"
mailPwd = "uib3K8BkCPexl_wr5bYfrg"
smtpHost = "127.0.0.1"
smtpPort = 1025
smtpUser = "contact@zgo.cash"
smtpPwd = "uib3K8BkCPexl_wr5bYfrg"