From df868e2c4fcbe61662c1a944aafd1af5c57fd04b Mon Sep 17 00:00:00 2001 From: Caio Marcelo de Oliveira Filho Date: Wed, 29 Jul 2020 09:14:18 -0700 Subject: [PATCH 1/4] jael, eyre: Add a way to reset the web login code Jael now stores a `step` that is combined with the original salt to produce a new code. A `%step` card is used to increment that value, and effectively resetting the keys. Because the first `step` is zero, the first code is the same as before. Eyre was changed to be notified with `%code-changed` so it can forget old cookies, sessions and discard all the existing channels. A new generator was added |code, that does both querying and resetting the code |code :: shows current code, step and help |code %reset :: changes the code The old +code generator still works correctly. --- pkg/arvo/gen/hood/code.hoon | 30 +++++++++++++++ pkg/arvo/lib/hood/helm.hoon | 8 ++++ pkg/arvo/sys/vane/eyre.hoon | 25 +++++++++++++ pkg/arvo/sys/vane/jael.hoon | 75 +++++++++++++++++++++++++++++++------ pkg/arvo/sys/zuse.hoon | 4 ++ 5 files changed, 130 insertions(+), 12 deletions(-) create mode 100644 pkg/arvo/gen/hood/code.hoon diff --git a/pkg/arvo/gen/hood/code.hoon b/pkg/arvo/gen/hood/code.hoon new file mode 100644 index 000000000..3cb86c225 --- /dev/null +++ b/pkg/arvo/gen/hood/code.hoon @@ -0,0 +1,30 @@ +:: Helm: query or reset login code for web +:: +:::: /hoon/code/hood/gen + :: +/? 310 +:: +:::: + :: +:- %say +|= $: [now=@da eny=@uvJ bec=beak] + [arg=?(~ [%reset ~]) ~] + == +=* our p.bec +:- %helm-code +?~ arg + =/ code=tape + %+ slag 1 + %+ scow %p + .^(@p %j /(scot %p our)/code/(scot %da now)/(scot %p our)) + =/ step=tape + %+ scow %ud + .^(@ud %j /(scot %p our)/step/(scot %da now)/(scot %p our)) + %- %- slog + :~ [%leaf code] + [%leaf (weld "current step=" step)] + [%leaf "use |code %reset to invalidate this and generate a new code"] + == + ~ +?> =(%reset -.arg) +%reset diff --git a/pkg/arvo/lib/hood/helm.hoon b/pkg/arvo/lib/hood/helm.hoon index 4f25e4d9f..42b4bd4f1 100644 --- a/pkg/arvo/lib/hood/helm.hoon +++ b/pkg/arvo/lib/hood/helm.hoon @@ -79,6 +79,13 @@ this (emit %pass / %arvo %j %moon u.sed) :: +++ poke-code + |= act=?(~ %reset) + =< abet + ?~ act + this + (emit %pass / %arvo %j %step ~) +:: ++ poke-mass |= ~ =< abet (emit %pass /heft %arvo %d %flog %heft ~) @@ -213,6 +220,7 @@ %helm-atom =;(f (f !<(_+<.f vase)) poke-atom) %helm-automass =;(f (f !<(_+<.f vase)) poke-automass) %helm-cancel-automass =;(f (f !<(_+<.f vase)) poke-cancel-automass) + %helm-code =;(f (f !<(_+<.f vase)) poke-code) %helm-hi =;(f (f !<(_+<.f vase)) poke-hi) %helm-knob =;(f (f !<(_+<.f vase)) poke-knob) %helm-mass =;(f (f !<(_+<.f vase)) poke-mass) diff --git a/pkg/arvo/sys/vane/eyre.hoon b/pkg/arvo/sys/vane/eyre.hoon index 20c1fb7e9..04542e0ae 100644 --- a/pkg/arvo/sys/vane/eyre.hoon +++ b/pkg/arvo/sys/vane/eyre.hoon @@ -1960,6 +1960,31 @@ :: closed-connections == + :: + ?: ?=(%code-changed -.task) + ~> %slog.[0 leaf+"eyre: code-changed: throwing away old cookies"] + =. authentication-state.server-state.ax *authentication-state + :: + =/ event-args [[our eny duct now scry-gate] server-state.ax] + =* by-channel by-channel:(per-server-event event-args) + =* channel-state channel-state.server-state.ax + :: + =/ channel-ids=(list @t) ~(tap in ~(key by session.channel-state)) + ?: =(~ channel-ids) + [~ http-server-gate] + :: + =/ len=tape (scow %ud (lent channel-ids)) + ~> %slog.[0 leaf+"eyre: code-changed: closing {len} channels"] + :: + =| moves=(list (list move)) + |- ^- [(list move) _http-server-gate] + ?~ channel-ids + [(zing (flop moves)) http-server-gate] + :: discard channel state, and cancel any active gall subscriptions + :: + =^ mov server-state.ax (discard-channel:by-channel i.channel-ids |) + $(moves [mov moves], channel-ids t.channel-ids) + :: :: all other commands operate on a per-server-event :: =/ event-args [[our eny duct now scry-gate] server-state.ax] diff --git a/pkg/arvo/sys/vane/jael.hoon b/pkg/arvo/sys/vane/jael.hoon index e4eee1438..a4bd366f9 100644 --- a/pkg/arvo/sys/vane/jael.hoon +++ b/pkg/arvo/sys/vane/jael.hoon @@ -35,12 +35,19 @@ :: manage subscriptions efficiently. :: => |% -+$ state :: all vane state - $: ver=$0 :: vane version - pki=state-pki :: ++$ any-state $%(state-0 state-1) +:: ++$ state-0 + $: %0 + pki=state-pki-0 :: etn=state-eth-node :: eth connection state == :: -+$ state-pki :: urbit metadata ++$ state-1 + $: %1 + pki=state-pki-1 :: + etn=state-eth-node :: eth connection state + == :: ++$ state-pki-0 :: urbit metadata $: $= own :: vault (vein) $: yen=(set duct) :: trackers sig=(unit oath) :: for a moon @@ -59,6 +66,26 @@ pos=(map ship point) :: on-chain ship state == :: == :: ++$ state-pki-1 :: urbit metadata + $: $= own :: vault (vein) + $: yen=(set duct) :: trackers + sig=(unit oath) :: for a moon + tuf=(list turf) :: domains + boq=@ud :: boot block + nod=purl:eyre :: eth gateway + fak=_| :: fake keys + lyf=life :: version + step=@ud :: login code step + jaw=(map life ring) :: private keys + == :: + $= zim :: public + $: yen=(jug duct ship) :: trackers + ney=(jug ship duct) :: reverse trackers + nel=(set duct) :: trackers of all + dns=dnses :: on-chain dns state + pos=(map ship point) :: on-chain ship state + == :: + == :: +$ message :: message to her jael $% [%nuke whos=(set ship)] :: cancel trackers [%public-keys whos=(set ship)] :: view ethereum events @@ -80,6 +107,9 @@ $: %b :: to %behn $>(%wait task:able:behn) :: set timer == :: + $: %e :: to %eyre + [%code-changed ~] :: notify code changed + == :: $: %g :: to %gall $>(%deal task:able:gall) :: talk to app == :: @@ -179,7 +209,7 @@ == :: all vane state :: - state + state-1 == :: lex: all durable state :: moz: pending actions @@ -446,6 +476,14 @@ %- curd =< abet (~(new-event su hen our now pki etn) [ship udiff]:tac) :: + :: rotate web login code + :: + %step + %= +>.$ + step.own.pki +(step.own.pki) + moz [[hen %pass / %e %code-changed ~] moz] + == + :: :: watch public keys :: [%public-keys ships=(set ship)] :: @@ -578,7 +616,7 @@ :: :: ++curd:of ++ curd :: relative moves |= $: moz/(list move) - pki/state-pki + pki/state-pki-1 etn/state-eth-node == +>(pki pki, etn etn, moz (weld (flop moz) ^moz)) @@ -599,7 +637,7 @@ =| $: hen=duct our=ship now=@da - state-pki + state-pki-1 state-eth-node == :: moz: moves in reverse order @@ -955,7 +993,7 @@ :: :: lex: all durable %jael state :: -=| lex/state +=| lex/state-1 |= $: :: :: our: identity :: now: current time @@ -991,11 +1029,15 @@ |= $: :: old: previous state :: :: old/* - old/state + old/any-state == ^+ ..^$ - :: ..^$ - ..^$(lex old) + =/ new=state-1 + ?- -.old + %0 old(- %1, |7.own.pki [step=0 |7.own.pki.old]) + %1 old + == + ..^$(lex new) :: :: ++scry ++ scry :: inspect |= $: :: fur: event security @@ -1025,6 +1067,14 @@ ``mass+!>(maz) ?+ syd ~ + :: + %step + ?. ?=([@ ~] tyl) [~ ~] + ?. =([%& our] why) + [~ ~] + =/ who (slaw %p i.tyl) + ?~ who [~ ~] + ``[%noun !>(step.own.pki.lex)] :: %code ?. ?=([@ ~] tyl) [~ ~] @@ -1036,7 +1086,8 @@ =/ cub (nol:nu:crub:crypto sec) :: XX use pac:ex:cub? :: - ``[%noun !>((end 6 1 (shaf %pass (shax sec:ex:cub))))] + =/ sal (add %pass step.own.pki.lex) + ``[%noun !>((end 6 1 (shaf sal (shax sec:ex:cub))))] :: %life ?. ?=([@ ~] tyl) [~ ~] diff --git a/pkg/arvo/sys/zuse.hoon b/pkg/arvo/sys/zuse.hoon index e1b3998a0..a867c9346 100644 --- a/pkg/arvo/sys/zuse.hoon +++ b/pkg/arvo/sys/zuse.hoon @@ -1268,6 +1268,9 @@ :: the first place. :: [%disconnect =binding] + :: notifies us that web login code changed + :: + [%code-changed ~] == :: -- @@ -1953,6 +1956,7 @@ [%turf ~] :: view domains $>(%vega vane-task) :: report upgrade $>(%plea vane-task) :: ames request + [%step ~] :: reset web login code == :: :: +$ dawn-event From 72b164ade261e91d597b7278f2b89060f6e64621 Mon Sep 17 00:00:00 2001 From: Caio Marcelo de Oliveira Filho Date: Fri, 31 Jul 2020 13:01:19 -0700 Subject: [PATCH 2/4] eyre: Make %code-changed handling less chatty --- pkg/arvo/sys/vane/eyre.hoon | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/pkg/arvo/sys/vane/eyre.hoon b/pkg/arvo/sys/vane/eyre.hoon index 04542e0ae..2fd6f1f46 100644 --- a/pkg/arvo/sys/vane/eyre.hoon +++ b/pkg/arvo/sys/vane/eyre.hoon @@ -1962,7 +1962,7 @@ == :: ?: ?=(%code-changed -.task) - ~> %slog.[0 leaf+"eyre: code-changed: throwing away old cookies"] + ~> %slog.[0 leaf+"eyre: code-changed: throwing away cookies and sessions"] =. authentication-state.server-state.ax *authentication-state :: =/ event-args [[our eny duct now scry-gate] server-state.ax] @@ -1970,12 +1970,6 @@ =* channel-state channel-state.server-state.ax :: =/ channel-ids=(list @t) ~(tap in ~(key by session.channel-state)) - ?: =(~ channel-ids) - [~ http-server-gate] - :: - =/ len=tape (scow %ud (lent channel-ids)) - ~> %slog.[0 leaf+"eyre: code-changed: closing {len} channels"] - :: =| moves=(list (list move)) |- ^- [(list move) _http-server-gate] ?~ channel-ids From b0d252fa7633ba030c555f690594d85c0d59b36f Mon Sep 17 00:00:00 2001 From: Matilde Park Date: Wed, 12 Aug 2020 21:12:05 -0400 Subject: [PATCH 3/4] publish: no-op when joining our own notebook Fixes #3300. --- pkg/arvo/app/publish.hoon | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/arvo/app/publish.hoon b/pkg/arvo/app/publish.hoon index 17470e7e5..2ed386584 100644 --- a/pkg/arvo/app/publish.hoon +++ b/pkg/arvo/app/publish.hoon @@ -1831,6 +1831,8 @@ :: %subscribe ?> (team:title our.bol src.bol) + ?: =(our.bol who.act) + [~ state] =/ join-wire=wire /join-group/[(scot %p who.act)]/[book.act] =/ meta=(unit (set path)) From 4804cb78646b72dab036591ed74d490722ddb1cd Mon Sep 17 00:00:00 2001 From: Caio Marcelo de Oliveira Filho Date: Tue, 18 Aug 2020 09:44:59 -0700 Subject: [PATCH 4/4] pill: Update solid.pill for code-reset changes --- bin/solid.pill | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/solid.pill b/bin/solid.pill index 02e11e82a..0c0e9f9d0 100644 --- a/bin/solid.pill +++ b/bin/solid.pill @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:6cd7246753c12c7acb757e1a6ee54c177806c20a137ad8fb4300c000ac146a0f -size 6260139 +oid sha256:84ef1d5feadc0d302fa72b3ab1ccb40d8353e22b133bbb0abce00086bad657ee +size 6263669