Class: KStor::Model::User

Inherits:
Base
  • Object
show all
Defined in:
lib/kstor/model.rb

Overview

A person allowed to connect to the application.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Base

#clean, #dirty?, #initialize, property, property?

Constructor Details

This class inherits a constructor from KStor::Model::Base

Instance Attribute Details

#encrypted_privkObject

Returns value of property encrypted_privk

Returns:

  • returns value of property encrypted_privk



178
 
# File 'lib/kstor/model.rb', line 178

property :encrypted_privk

#idObject

Returns value of property id

Returns:

  • returns value of property id



166
 
# File 'lib/kstor/model.rb', line 166

property :id

#kdf_paramsObject

Returns value of property kdf_params

Returns:

  • returns value of property kdf_params



176
 
# File 'lib/kstor/model.rb', line 176

property :kdf_params

#keychainObject

Returns value of property keychain

Returns:

  • returns value of property keychain



182
 
# File 'lib/kstor/model.rb', line 182

property :keychain

#loginObject

Returns value of property login

Returns:

  • returns value of property login



168
 
# File 'lib/kstor/model.rb', line 168

property :login

#nameObject

Returns value of property name

Returns:

  • returns value of property name



170
 
# File 'lib/kstor/model.rb', line 170

property :name

#privkObject

Returns value of property privk

Returns:

  • returns value of property privk



180
 
# File 'lib/kstor/model.rb', line 180

property :privk

#pubkObject

Returns value of property pubk

Returns:

  • returns value of property pubk



174
 
# File 'lib/kstor/model.rb', line 174

property :pubk

#statusObject

Returns value of property status

Returns:

  • returns value of property status



172
 
# File 'lib/kstor/model.rb', line 172

property :status

Instance Method Details

#change_password(password, new_password) ⇒ Object

Re-encrypt private key and keychain with a new secret key derived from the new password.

Parameters:

  • password (String)

    old password

  • new_password (String)

    new password



276
277
278
279
280
281
282
 
# File 'lib/kstor/model.rb', line 276

def change_password(password, new_password)
  Log.info("model: changing password for user #{}")
  old_secret_key = secret_key(password)
  unlock(old_secret_key)
  new_secret_key = secret_key(new_password)
  encrypt(new_secret_key)
end

#encrypt(secret_key) ⇒ Object

Re-encrypt user private key and keychain.

This will overwrite the #encrypted_privk property and call KeychainItem#encrypt on the keychain.

Parameters:

See Also:



220
221
222
223
224
225
226
 
# File 'lib/kstor/model.rb', line 220

def encrypt(secret_key)
  Log.debug("model: lock user data for #{}")
  self.encrypted_privk = Crypto.encrypt_user_privk(
    secret_key, privk
  )
  keychain.each_value { |it| it.encrypt(pubk) }
end

#lockObject

Forget about the user’s decrypted private key and the group private keys in the keychain.

This will unset the #privk property and call KeychainItem#lock on the keychain.



233
234
235
236
237
238
 
# File 'lib/kstor/model.rb', line 233

def lock
  return if locked?

  self.privk = nil
  keychain.each_value(&:lock)
end

#locked?Boolean

Check if some sensitive data was decrypted.

Returns:

  • (Boolean)

    true if private key or keychain was decrypted



243
244
245
 
# File 'lib/kstor/model.rb', line 243

def locked?
  privk.nil? && keychain.all? { |_, it| it.locked? }
end

#reset_password(password) ⇒ Object

Generate a new key pair and throw away all keychain items.

Parameters:

  • password (String)

    new user password



259
260
261
262
263
264
265
266
267
268
269
 
# File 'lib/kstor/model.rb', line 259

def reset_password(password)
  Log.info("model: resetting password for user #{}")
  reset_key_pair
  secret_key = Crypto.key_derive(password)
  self.kdf_params = secret_key.kdf_params
  encrypt(secret_key)
  self.keychain = {}
  # FIXME: delete keychain items from database!
  #   they won't be useable (decryption key is lost) but will provoke
  #   errors.
end

#secret_key(password) ⇒ KStor::Crypto::SecretKey

Derive secret key from password.

If user has no keypair yet, initialize it.

Parameters:

  • password (String)

    plaintext password

Returns:



190
191
192
193
194
 
# File 'lib/kstor/model.rb', line 190

def secret_key(password)
  Log.debug("model: deriving secret key for user #{}")
  reset_password(password) unless initialized?
  Crypto.key_derive(password, kdf_params)
end

#to_hObject

Dump properties except #encrypted_privk and #pubk.



285
286
287
288
289
290
291
292
 
# File 'lib/kstor/model.rb', line 285

def to_h
  h = super
  h.delete('encrypted_privk')
  h.delete('pubk')
  h['keychain'] = keychain.transform_values(&:to_h) if keychain

  h
end

#unlock(secret_key) ⇒ Object

Decrypt user private key and keychain.

This will set the #privk property and call KeychainItem#unlock on the keychain.

Parameters:

See Also:



204
205
206
207
208
209
210
 
# File 'lib/kstor/model.rb', line 204

def unlock(secret_key)
  return if unlocked?

  Log.debug("model: unlock user #{}")
  self.privk = Crypto.decrypt_user_privk(secret_key, encrypted_privk)
  keychain.each_value { |it| it.unlock(it.group_pubk, privk) }
end

#unlocked?Boolean

Check if no sensitive data was decrypted.

Returns:

  • (Boolean)

    true if neither private key nor any keychain iyem was decrypted.



251
252
253
 
# File 'lib/kstor/model.rb', line 251

def unlocked?
  !privk.nil? || keychain.any? { |_, it| it.unlocked? }
end