yubioath-flutter/lib/desktop/fido/state.dart

import 'dart:async';
import 'dart:convert';
import 'dart:io';

import 'package:flutter_riverpod/flutter_riverpod.dart';
import 'package:logging/logging.dart';
import 'package:yubico_authenticator/app/logging.dart';

import '../../app/models.dart';
import '../../fido/models.dart';
import '../../fido/state.dart';
import '../models.dart';
import '../rpc.dart';
import '../state.dart';

final _log = Logger('desktop.fido.state');

final _pinProvider = StateProvider.autoDispose.family<String?, DevicePath>(
  (ref, _) => null,
);

final _sessionProvider =
    Provider.autoDispose.family<RpcNodeSession, DevicePath>(
  (ref, devicePath) {
    // Make sure the pinProvider is held for the duration of the session.
    ref.watch(_pinProvider(devicePath));
    return RpcNodeSession(
        ref.watch(rpcProvider), devicePath, ['fido', 'ctap2']);
  },
);

final desktopFidoState = StateNotifierProvider.autoDispose
    .family<FidoStateNotifier, AsyncValue<FidoState>, DevicePath>(
  (ref, devicePath) {
    final session = ref.watch(_sessionProvider(devicePath));
    if (Platform.isWindows) {
      // Make sure to rebuild if isAdmin changes
      ref.watch(rpcStateProvider.select((state) => state.isAdmin));
    }
    final notifier = _DesktopFidoStateNotifier(
      session,
      ref.watch(_pinProvider(devicePath).notifier),
    );
    session.setErrorHandler('state-reset', (_) async {
      ref.refresh(_sessionProvider(devicePath));
    });
    session.setErrorHandler('auth-required', (_) async {
      final pin = ref.read(_pinProvider(devicePath));
      if (pin != null) {
        await notifier.unlock(pin);
      }
    });
    ref.onDispose(() {
      session.unsetErrorHandler('auth-required');
    });
    ref.onDispose(() {
      session.unsetErrorHandler('state-reset');
    });
    return notifier..refresh();
  },
);

class _DesktopFidoStateNotifier extends FidoStateNotifier {
  final RpcNodeSession _session;
  final StateController<String?> _pinController;
  _DesktopFidoStateNotifier(this._session, this._pinController) : super();

  Future<void> refresh() => updateState(() async {
        final result = await _session.command('get');
        _log.debug('application status', jsonEncode(result));
        return FidoState.fromJson(result['data']);
      });

  @override
  Stream<InteractionEvent> reset() {
    final controller = StreamController<InteractionEvent>();
    final signaler = Signaler();
    signaler.signals
        .where((s) => s.status == 'reset')
        .map((signal) => InteractionEvent.values
            .firstWhere((e) => e.name == signal.body['state']))
        .listen(controller.sink.add);

    controller.onCancel = () {
      if (!controller.isClosed) {
        signaler.cancel();
      }
    };
    controller.onListen = () async {
      try {
        await _session.command('reset', signal: signaler);
        await refresh();
        await controller.sink.close();
      } catch (e) {
        controller.sink.addError(e);
      }
    };

    return controller.stream;
  }

  @override
  Future<PinResult> setPin(String newPin, {String? oldPin}) async {
    try {
      await _session.command('set_pin', params: {
        'pin': oldPin,
        'new_pin': newPin,
      });
      return unlock(newPin);
    } on RpcError catch (e) {
      if (e.status == 'pin-validation') {
        return PinResult.failed(e.body['retries'], e.body['auth_blocked']);
      }
      rethrow;
    }
  }

  @override
  Future<PinResult> unlock(String pin) async {
    try {
      await _session.command(
        'unlock',
        params: {'pin': pin},
      );
      _pinController.state = pin;

      return PinResult.success();
    } on RpcError catch (e) {
      if (e.status == 'pin-validation') {
        _pinController.state = null;
        return PinResult.failed(e.body['retries'], e.body['auth_blocked']);
      }
      rethrow;
    }
  }
}

final desktopFingerprintProvider = StateNotifierProvider.autoDispose.family<
        FidoFingerprintsNotifier, AsyncValue<List<Fingerprint>>, DevicePath>(
    (ref, devicePath) => _DesktopFidoFingerprintsNotifier(
          ref.watch(_sessionProvider(devicePath)),
        ));

class _DesktopFidoFingerprintsNotifier extends FidoFingerprintsNotifier {
  final RpcNodeSession _session;

  _DesktopFidoFingerprintsNotifier(this._session) {
    _refresh();
  }

  Future<void> _refresh() async {
    final result = await _session.command('fingerprints');
    setItems((result['children'] as Map<String, dynamic>)
        .entries
        .map((e) => Fingerprint(e.key, e.value['name']))
        .toList());
  }

  @override
  Future<void> deleteFingerprint(Fingerprint fingerprint) async {
    await _session
        .command('delete', target: ['fingerprints', fingerprint.templateId]);
    await _refresh();
  }

  @override
  Stream<FingerprintEvent> registerFingerprint({String? name}) {
    final controller = StreamController<FingerprintEvent>();
    final signaler = Signaler();
    signaler.signals.listen((signal) {
      switch (signal.status) {
        case 'capture':
          controller.sink
              .add(FingerprintEvent.capture(signal.body['remaining']));
          break;
        case 'capture-error':
          controller.sink.add(FingerprintEvent.error(signal.body['code']));
          break;
      }
    });

    controller.onCancel = () {
      if (!controller.isClosed) {
        signaler.cancel();
      }
    };
    controller.onListen = () async {
      try {
        final result = await _session.command(
          'add',
          target: ['fingerprints'],
          params: {'name': name},
          signal: signaler,
        );
        controller.sink
            .add(FingerprintEvent.complete(Fingerprint.fromJson(result)));
        await _refresh();
        await controller.sink.close();
      } catch (e) {
        controller.sink.addError(e);
      }
    };

    return controller.stream;
  }

  @override
  Future<Fingerprint> renameFingerprint(
      Fingerprint fingerprint, String name) async {
    await _session.command('rename',
        target: ['fingerprints', fingerprint.templateId],
        params: {'name': name});
    final renamed = fingerprint.copyWith(name: name);
    await _refresh();
    return renamed;
  }
}

final desktopCredentialProvider = StateNotifierProvider.autoDispose.family<
        FidoCredentialsNotifier, AsyncValue<List<FidoCredential>>, DevicePath>(
    (ref, devicePath) => _DesktopFidoCredentialsNotifier(
          ref.watch(_sessionProvider(devicePath)),
        ));

class _DesktopFidoCredentialsNotifier extends FidoCredentialsNotifier {
  final RpcNodeSession _session;

  _DesktopFidoCredentialsNotifier(this._session) {
    _refresh();
  }

  Future<void> _refresh() async {
    final List<FidoCredential> creds = [];
    final rps = await _session.command('credentials');
    for (final rpId in (rps['children'] as Map<String, dynamic>).keys) {
      final result = await _session.command(rpId, target: ['credentials']);
      for (final e in (result['children'] as Map<String, dynamic>).entries) {
        creds.add(FidoCredential(
            rpId: rpId,
            credentialId: e.key,
            userId: e.value['user_id'],
            userName: e.value['user_name']));
      }
    }
    setItems(creds);
  }

  @override
  Future<void> deleteCredential(FidoCredential credential) async {
    await _session.command('delete', target: [
      'credentials',
      credential.rpId,
      credential.credentialId,
    ]);
    await _refresh();
  }
}
Add FIDO reset support. 2022-03-17 22:10:10 +03:00			`import 'dart:async';`
Add base for FIDO support. 2022-03-15 19:16:14 +03:00			`import 'dart:convert';`
Add RPC elevate. 2022-03-30 17:45:47 +03:00			`import 'dart:io';`
Add base for FIDO support. 2022-03-15 19:16:14 +03:00
			`import 'package:flutter_riverpod/flutter_riverpod.dart';`
			`import 'package:logging/logging.dart';`
Use "standard" log level names. 2022-05-03 12:24:25 +03:00			`import 'package:yubico_authenticator/app/logging.dart';`
Add base for FIDO support. 2022-03-15 19:16:14 +03:00
			`import '../../app/models.dart';`
			`import '../../fido/models.dart';`
			`import '../../fido/state.dart';`
Add FIDO reset support. 2022-03-17 22:10:10 +03:00			`import '../models.dart';`
Add base for FIDO support. 2022-03-15 19:16:14 +03:00			`import '../rpc.dart';`
			`import '../state.dart';`

			`final _log = Logger('desktop.fido.state');`

Refactor FIDO PIN handling. 2022-03-23 19:50:49 +03:00			`final _pinProvider = StateProvider.autoDispose.family<String?, DevicePath>(`
			`(ref, _) => null,`
			`);`

Add base for FIDO support. 2022-03-15 19:16:14 +03:00			`final _sessionProvider =`
			`Provider.autoDispose.family<RpcNodeSession, DevicePath>(`
Refactor FIDO PIN handling. 2022-03-23 19:50:49 +03:00			`(ref, devicePath) {`
			`// Make sure the pinProvider is held for the duration of the session.`
			`ref.watch(_pinProvider(devicePath));`
			`return RpcNodeSession(`
			`ref.watch(rpcProvider), devicePath, ['fido', 'ctap2']);`
			`},`
Add base for FIDO support. 2022-03-15 19:16:14 +03:00			`);`

			`final desktopFidoState = StateNotifierProvider.autoDispose`
Use AsyncValue instead of custom classes. 2022-03-24 00:55:18 +03:00			`.family<FidoStateNotifier, AsyncValue<FidoState>, DevicePath>(`
Add base for FIDO support. 2022-03-15 19:16:14 +03:00			`(ref, devicePath) {`
			`final session = ref.watch(_sessionProvider(devicePath));`
Add RPC elevate. 2022-03-30 17:45:47 +03:00			`if (Platform.isWindows) {`
			`// Make sure to rebuild if isAdmin changes`
			`ref.watch(rpcStateProvider.select((state) => state.isAdmin));`
			`}`
Update FIDO views for new RPC model and AppPage. 2022-04-03 12:05:37 +03:00			`final notifier = _DesktopFidoStateNotifier(`
			`session,`
			`ref.watch(_pinProvider(devicePath).notifier),`
			`);`
Add base for FIDO support. 2022-03-15 19:16:14 +03:00			`session.setErrorHandler('state-reset', (_) async {`
			`ref.refresh(_sessionProvider(devicePath));`
			`});`
Update FIDO views for new RPC model and AppPage. 2022-04-03 12:05:37 +03:00			`session.setErrorHandler('auth-required', (_) async {`
			`final pin = ref.read(_pinProvider(devicePath));`
			`if (pin != null) {`
			`await notifier.unlock(pin);`
			`}`
			`});`
			`ref.onDispose(() {`
			`session.unsetErrorHandler('auth-required');`
			`});`
Add base for FIDO support. 2022-03-15 19:16:14 +03:00			`ref.onDispose(() {`
			`session.unsetErrorHandler('state-reset');`
			`});`
			`return notifier..refresh();`
			`},`
			`);`

			`class _DesktopFidoStateNotifier extends FidoStateNotifier {`
			`final RpcNodeSession _session;`
Update FIDO views for new RPC model and AppPage. 2022-04-03 12:05:37 +03:00			`final StateController<String?> _pinController;`
			`_DesktopFidoStateNotifier(this._session, this._pinController) : super();`
Add base for FIDO support. 2022-03-15 19:16:14 +03:00
Refactor FIDO PIN handling. 2022-03-24 14:39:49 +03:00			`Future<void> refresh() => updateState(() async {`
			`final result = await _session.command('get');`
Use "standard" log level names. 2022-05-03 12:24:25 +03:00			`_log.debug('application status', jsonEncode(result));`
Refactor FIDO PIN handling. 2022-03-24 14:39:49 +03:00			`return FidoState.fromJson(result['data']);`
			`});`
Add base for FIDO support. 2022-03-15 19:16:14 +03:00
			`@override`
Add FIDO reset support. 2022-03-17 22:10:10 +03:00			`Stream<InteractionEvent> reset() {`
			`final controller = StreamController<InteractionEvent>();`
Improve RPC device path stability. This improves "remembering" the active YubiKey, and lets FIDO reset work with additional keys present. 2022-03-18 13:22:24 +03:00			`final signaler = Signaler();`
			`signaler.signals`
			`.where((s) => s.status == 'reset')`
			`.map((signal) => InteractionEvent.values`
			`.firstWhere((e) => e.name == signal.body['state']))`
			`.listen(controller.sink.add);`
Add FIDO reset support. 2022-03-17 22:10:10 +03:00
			`controller.onCancel = () {`
			`if (!controller.isClosed) {`
			`signaler.cancel();`
			`}`
			`};`
			`controller.onListen = () async {`
			`try {`
			`await _session.command('reset', signal: signaler);`
			`await refresh();`
			`await controller.sink.close();`
			`} catch (e) {`
			`controller.sink.addError(e);`
			`}`
			`};`

			`return controller.stream;`
Add base for FIDO support. 2022-03-15 19:16:14 +03:00			`}`

			`@override`
Add FIDO PIN management. 2022-03-17 15:06:48 +03:00			`Future<PinResult> setPin(String newPin, {String? oldPin}) async {`
			`try {`
			`await _session.command('set_pin', params: {`
			`'pin': oldPin,`
			`'new_pin': newPin,`
			`});`
Update FIDO views for new RPC model and AppPage. 2022-04-03 12:05:37 +03:00			`return unlock(newPin);`
Add FIDO PIN management. 2022-03-17 15:06:48 +03:00			`} on RpcError catch (e) {`
			`if (e.status == 'pin-validation') {`
			`return PinResult.failed(e.body['retries'], e.body['auth_blocked']);`
			`}`
			`rethrow;`
			`}`
Refactor FIDO PIN handling. 2022-03-23 19:50:49 +03:00			`}`
Refactor FIDO PIN handling. 2022-03-24 14:39:49 +03:00
			`@override`
			`Future<PinResult> unlock(String pin) async {`
			`try {`
			`await _session.command(`
Update FIDO views for new RPC model and AppPage. 2022-04-03 12:05:37 +03:00			`'unlock',`
Refactor FIDO PIN handling. 2022-03-24 14:39:49 +03:00			`params: {'pin': pin},`
			`);`
			`_pinController.state = pin;`

			`return PinResult.success();`
			`} on RpcError catch (e) {`
			`if (e.status == 'pin-validation') {`
			`_pinController.state = null;`
			`return PinResult.failed(e.body['retries'], e.body['auth_blocked']);`
			`}`
			`rethrow;`
			`}`
			`}`
			`}`

Refactor FIDO PIN handling. 2022-03-23 19:50:49 +03:00			`final desktopFingerprintProvider = StateNotifierProvider.autoDispose.family<`
Update FIDO views for new RPC model and AppPage. 2022-04-03 12:05:37 +03:00			`FidoFingerprintsNotifier, AsyncValue<List<Fingerprint>>, DevicePath>(`
			`(ref, devicePath) => _DesktopFidoFingerprintsNotifier(`
			`ref.watch(_sessionProvider(devicePath)),`
			`));`
Refactor FIDO PIN handling. 2022-03-23 19:50:49 +03:00
			`class _DesktopFidoFingerprintsNotifier extends FidoFingerprintsNotifier {`
			`final RpcNodeSession _session;`

Update FIDO views for new RPC model and AppPage. 2022-04-03 12:05:37 +03:00			`_DesktopFidoFingerprintsNotifier(this._session) {`
			`_refresh();`
Add list, rename, delete for fingerprints. 2022-03-22 16:23:12 +03:00			`}`

Refactor FIDO PIN handling. 2022-03-23 19:50:49 +03:00			`Future<void> _refresh() async {`
Add list, rename, delete for fingerprints. 2022-03-22 16:23:12 +03:00			`final result = await _session.command('fingerprints');`
Refactor FIDO PIN handling. 2022-03-23 19:50:49 +03:00			`setItems((result['children'] as Map<String, dynamic>)`
			`.entries`
			`.map((e) => Fingerprint(e.key, e.value['name']))`
			`.toList());`
Add list, rename, delete for fingerprints. 2022-03-22 16:23:12 +03:00			`}`

			`@override`
			`Future<void> deleteFingerprint(Fingerprint fingerprint) async {`
Add fingerprint registration. 2022-03-23 11:49:20 +03:00			`await _session`
			`.command('delete', target: ['fingerprints', fingerprint.templateId]);`
Refactor FIDO PIN handling. 2022-03-23 19:50:49 +03:00			`await _refresh();`
Add list, rename, delete for fingerprints. 2022-03-22 16:23:12 +03:00			`}`

			`@override`
Add fingerprint registration. 2022-03-23 11:49:20 +03:00			`Stream<FingerprintEvent> registerFingerprint({String? name}) {`
			`final controller = StreamController<FingerprintEvent>();`
			`final signaler = Signaler();`
			`signaler.signals.listen((signal) {`
			`switch (signal.status) {`
			`case 'capture':`
			`controller.sink`
			`.add(FingerprintEvent.capture(signal.body['remaining']));`
			`break;`
			`case 'capture-error':`
			`controller.sink.add(FingerprintEvent.error(signal.body['code']));`
			`break;`
			`}`
			`});`

			`controller.onCancel = () {`
			`if (!controller.isClosed) {`
			`signaler.cancel();`
			`}`
			`};`
			`controller.onListen = () async {`
			`try {`
			`final result = await _session.command(`
			`'add',`
			`target: ['fingerprints'],`
			`params: {'name': name},`
			`signal: signaler,`
			`);`
			`controller.sink`
			`.add(FingerprintEvent.complete(Fingerprint.fromJson(result)));`
Refactor FIDO PIN handling. 2022-03-23 19:50:49 +03:00			`await _refresh();`
Add fingerprint registration. 2022-03-23 11:49:20 +03:00			`await controller.sink.close();`
			`} catch (e) {`
			`controller.sink.addError(e);`
			`}`
			`};`

			`return controller.stream;`
Add base for FIDO support. 2022-03-15 19:16:14 +03:00			`}`
Add list, rename, delete for fingerprints. 2022-03-22 16:23:12 +03:00
			`@override`
			`Future<Fingerprint> renameFingerprint(`
Add fingerprint registration. 2022-03-23 11:49:20 +03:00			`Fingerprint fingerprint, String name) async {`
Add list, rename, delete for fingerprints. 2022-03-22 16:23:12 +03:00			`await _session.command('rename',`
Add fingerprint registration. 2022-03-23 11:49:20 +03:00			`target: ['fingerprints', fingerprint.templateId],`
			`params: {'name': name});`
			`final renamed = fingerprint.copyWith(name: name);`
Refactor FIDO PIN handling. 2022-03-23 19:50:49 +03:00			`await _refresh();`
Add list, rename, delete for fingerprints. 2022-03-22 16:23:12 +03:00			`return renamed;`
			`}`
Add base for FIDO support. 2022-03-15 19:16:14 +03:00			`}`
Refactor FIDO PIN handling. 2022-03-23 19:50:49 +03:00
			`final desktopCredentialProvider = StateNotifierProvider.autoDispose.family<`
Update FIDO views for new RPC model and AppPage. 2022-04-03 12:05:37 +03:00			`FidoCredentialsNotifier, AsyncValue<List<FidoCredential>>, DevicePath>(`
			`(ref, devicePath) => _DesktopFidoCredentialsNotifier(`
			`ref.watch(_sessionProvider(devicePath)),`
			`));`
Refactor FIDO PIN handling. 2022-03-23 19:50:49 +03:00
			`class _DesktopFidoCredentialsNotifier extends FidoCredentialsNotifier {`
			`final RpcNodeSession _session;`

Update FIDO views for new RPC model and AppPage. 2022-04-03 12:05:37 +03:00			`_DesktopFidoCredentialsNotifier(this._session) {`
			`_refresh();`
Refactor FIDO PIN handling. 2022-03-23 19:50:49 +03:00			`}`

			`Future<void> _refresh() async {`
			`final List<FidoCredential> creds = [];`
			`final rps = await _session.command('credentials');`
			`for (final rpId in (rps['children'] as Map<String, dynamic>).keys) {`
			`final result = await _session.command(rpId, target: ['credentials']);`
			`for (final e in (result['children'] as Map<String, dynamic>).entries) {`
			`creds.add(FidoCredential(`
			`rpId: rpId,`
			`credentialId: e.key,`
			`userId: e.value['user_id'],`
			`userName: e.value['user_name']));`
			`}`
			`}`
			`setItems(creds);`
			`}`

			`@override`
			`Future<void> deleteCredential(FidoCredential credential) async {`
			`await _session.command('delete', target: [`
			`'credentials',`
			`credential.rpId,`
			`credential.credentialId,`
			`]);`
			`await _refresh();`
			`}`
			`}`