server_account_manager: fix parseAnnounce

parseAnnounce doesn't use the longId. This fix authentification
to JAMS accounts.

Change-Id: I87a6b3d5893bb3aae6c814b086f50cd023d8a85c
GitLab: #579

src/jamidht/account_manager.cpp

@@ -84,7 +84,7 @@ AccountManager::loadIdentity(const std::string& crt_path,
 std::shared_ptr<dht::Value>
 AccountManager::parseAnnounce(const std::string& announceBase64,
                               const std::string& accountId,
-                              const std::string& deviceId)
+                              const std::string& deviceSha1)
 {
     auto announce_val = std::make_shared<dht::Value>();
     try {
@@ -98,7 +98,7 @@ AccountManager::parseAnnounce(const std::string& announceBase64,
         }
         DeviceAnnouncement da;
         da.unpackValue(*announce_val);
-        if (da.from.toString() != accountId or da.dev.toString() != deviceId) {
+        if (da.from.toString() != accountId or da.dev.toString() != deviceSha1) {
             JAMI_ERR("[Auth] device ID mismatch in announce");
             return {};
         }
@@ -165,7 +165,13 @@ AccountManager::useIdentity(const dht::crypto::Identity& identity,
         return nullptr;
     }
 
-    auto announce = parseAnnounce(root["announce"].asString(), id, dev_id);
+    auto devicePk = identity.first->getSharedPublicKey();
+    if (!devicePk) {
+        JAMI_ERR("[Auth] No device pk found");
+        return nullptr;
+    }
+
+    auto announce = parseAnnounce(root["announce"].asString(), id, devicePk->getId().toString());
     if (not announce) {
         return nullptr;
     }
@@ -177,7 +183,7 @@ AccountManager::useIdentity(const dht::crypto::Identity& identity,
     info->contacts = std::move(contactList);
     info->contacts->load();
     info->accountId = id;
-    info->devicePk = identity.first->getSharedPublicKey();
+    info->devicePk = std::move(devicePk);
     info->deviceId = info->devicePk->getLongId().toString();
     info->announce = std::move(announce);
     info->ethAccount = root["eth"].asString();
@@ -704,9 +710,7 @@ AccountManager::sendTrustRequestConfirm(const dht::InfoHash& toH, const std::str
         JAMI_WARN("sending trust request reply: %s / %s",
                   toH.toString().c_str(),
                   dev->getLongId().toString().c_str());
-        dht_->putEncrypted(dht::InfoHash::get("inbox:" + dev->getId().toString()),
-                           dev,
-                           answer);
+        dht_->putEncrypted(dht::InfoHash::get("inbox:" + dev->getId().toString()), dev, answer);
     });
 }
 

src/jamidht/account_manager.h

@@ -182,7 +182,9 @@ public:
 
     using PeerCertificateCb = std::function<void(const std::shared_ptr<dht::crypto::Certificate>& crt,
                                                  const dht::InfoHash& peer_account)>;
-    void onPeerMessage(const dht::crypto::PublicKey& peer_device, bool allowPublic, PeerCertificateCb&& cb);
+    void onPeerMessage(const dht::crypto::PublicKey& peer_device,
+                       bool allowPublic,
+                       PeerCertificateCb&& cb);
     bool onPeerCertificate(const std::shared_ptr<dht::crypto::Certificate>& crt,
                            bool allowPublic,
                            dht::InfoHash& account_id);
@@ -251,7 +253,7 @@ public:
 
     static std::shared_ptr<dht::Value> parseAnnounce(const std::string& announceBase64,
                                                      const std::string& accountId,
-                                                     const std::string& deviceId);
+                                                     const std::string& deviceSha1);
 
     // Name resolver
     using LookupCallback = NameDirectory::LookupCallback;

src/jamidht/server_account_manager.cpp

@@ -146,7 +146,8 @@ ServerAccountManager::initAuthentication(PrivateKey key,
                                     auto info = std::make_unique<AccountInfo>();
                                     info->identity.first = ctx->key.get();
                                     info->identity.second = cert;
-                                    info->devicePk = std::make_shared<dht::crypto::PublicKey>(cert->getPublicKey());
+                                    info->devicePk = std::make_shared<dht::crypto::PublicKey>(
+                                        cert->getPublicKey());
                                     info->deviceId = info->devicePk->getLongId().toString();
                                     info->accountId = accountCert->getId().toString();
                                     info->contacts = std::make_unique<ContactList>(accountCert,
@@ -159,9 +160,10 @@ ServerAccountManager::initAuthentication(PrivateKey key,
                                                                        ctx->deviceName,
                                                                        clock::now());
                                     info->ethAccount = receiptJson["eth"].asString();
-                                    info->announce = parseAnnounce(receiptJson["announce"].asString(),
+                                    info->announce
+                                        = parseAnnounce(receiptJson["announce"].asString(),
                                                         info->accountId,
-                                                                   info->deviceId);
+                                                        info->devicePk->getId().toString());
                                     if (not info->announce) {
                                         ctx->onFailure(AuthError::SERVER_ERROR,
                                                        "Can't parse announce from server");
@@ -178,7 +180,8 @@ ServerAccountManager::initAuthentication(PrivateKey key,
                                             if (!nameServer.empty() && nameServer[0] == '/')
                                                 nameServer = this_.managerHostname_ + nameServer;
                                             this_.nameDir_ = NameDirectory::instance(nameServer);
-                                            config.emplace(DRing::Account::ConfProperties::RingNS::URI,
+                                            config
+                                                .emplace(DRing::Account::ConfProperties::RingNS::URI,
                                                          std::move(nameServer));
                                         } else if (name == "userPhoto"sv) {
                                             this_.info_->photo = json["userPhoto"].asString();
@@ -212,13 +215,15 @@ ServerAccountManager::initAuthentication(PrivateKey key,
 }
 
 void
-ServerAccountManager::onAuthEnded(const Json::Value& json, const dht::http::Response& response, TokenScope expectedScope)
+ServerAccountManager::onAuthEnded(const Json::Value& json,
+                                  const dht::http::Response& response,
+                                  TokenScope expectedScope)
 {
     if (response.status_code >= 200 && response.status_code < 300) {
         auto scopeStr = json["scope"].asString();
-        auto scope = scopeStr == "DEVICE"sv ? TokenScope::Device
-                    : (scopeStr == "USER"sv   ? TokenScope::User
-                                            : TokenScope::None);
+        auto scope = scopeStr == "DEVICE"sv
+                         ? TokenScope::Device
+                         : (scopeStr == "USER"sv ? TokenScope::User : TokenScope::None);
         auto expires_in = json["expires_in"].asLargestUInt();
         auto expiration = std::chrono::steady_clock::now() + std::chrono::seconds(expires_in);
         JAMI_WARN("[Auth] Got server response: %d %s", response.status_code, response.body.c_str());
@@ -237,11 +242,17 @@ ServerAccountManager::authenticateDevice()
     }
     const std::string url = managerHostname_ + JAMI_PATH_LOGIN;
     JAMI_WARN("[Auth] getting a device token: %s", url.c_str());
-    auto request = std::make_shared<Request>(*Manager::instance().ioContext(), url, Json::Value{Json::objectValue}, [onAsync = onAsync_](Json::Value json, const dht::http::Response& response) {
+    auto request = std::make_shared<Request>(
+        *Manager::instance().ioContext(),
+        url,
+        Json::Value {Json::objectValue},
+        [onAsync = onAsync_](Json::Value json, const dht::http::Response& response) {
             onAsync([=](AccountManager& accountManager) {
-            static_cast<ServerAccountManager*>(&accountManager)->onAuthEnded(json, response, TokenScope::Device);
+                static_cast<ServerAccountManager*>(&accountManager)
+                    ->onAuthEnded(json, response, TokenScope::Device);
             });
-    }, logger_);
+        },
+        logger_);
     request->set_identity(info_->identity);
     // request->set_certificate_authority(info_->identity.second->issuer->issuer);
     sendRequest(request);
@@ -252,11 +263,17 @@ ServerAccountManager::authenticateAccount(const std::string& username, const std
 {
     const std::string url = managerHostname_ + JAMI_PATH_LOGIN;
     JAMI_WARN("[Auth] getting a device token: %s", url.c_str());
-    auto request = std::make_shared<Request>(*Manager::instance().ioContext(), url, Json::Value{Json::objectValue}, [onAsync = onAsync_] (Json::Value json, const dht::http::Response& response){
+    auto request = std::make_shared<Request>(
+        *Manager::instance().ioContext(),
+        url,
+        Json::Value {Json::objectValue},
+        [onAsync = onAsync_](Json::Value json, const dht::http::Response& response) {
             onAsync([=](AccountManager& accountManager) {
-            static_cast<ServerAccountManager*>(&accountManager)->onAuthEnded(json, response, TokenScope::User);
+                static_cast<ServerAccountManager*>(&accountManager)
+                    ->onAuthEnded(json, response, TokenScope::User);
             });
-    }, logger_);
+        },
+        logger_);
     request->set_auth(username, password);
     sendRequest(request);
 }
@@ -354,7 +371,8 @@ ServerAccountManager::sendDeviceRequest(const std::shared_ptr<dht::http::Request
 }
 
 void
-ServerAccountManager::sendAccountRequest(const std::shared_ptr<dht::http::Request>& req, const std::string& pwd)
+ServerAccountManager::sendAccountRequest(const std::shared_ptr<dht::http::Request>& req,
+                                         const std::string& pwd)
 {
     std::lock_guard<std::mutex> lock(tokenLock_);
     if (hasAuthorization(TokenScope::User)) {
@@ -463,7 +481,10 @@ ServerAccountManager::revokeDevice(const std::string& password,
     }
     const std::string url = managerHostname_ + PATH_DEVICE + "/" + device;
     JAMI_WARN("[Revoke] Revoking device of %s at %s", info_->username.c_str(), url.c_str());
-    auto request = std::make_shared<Request>(*Manager::instance().ioContext(), url, [cb, onAsync = onAsync_] (Json::Value json, const dht::http::Response& response){
+    auto request = std::make_shared<Request>(
+        *Manager::instance().ioContext(),
+        url,
+        [cb, onAsync = onAsync_](Json::Value json, const dht::http::Response& response) {
             onAsync([=](AccountManager& accountManager) {
                 JAMI_DBG("[Revoke] Got request callback with status code=%u", response.status_code);
                 auto& this_ = *static_cast<ServerAccountManager*>(&accountManager);
@@ -482,7 +503,8 @@ ServerAccountManager::revokeDevice(const std::string& password,
                     cb(RevokeDeviceResult::ERROR_NETWORK);
                 this_.clearRequest(response.request);
             });
-    }, logger_);
+        },
+        logger_);
     request->set_method(restinio::http_method_delete());
     sendAccountRequest(request, password);
     return false;