arno/etesync-server
1
0
Fork 0
mirror of https://github.com/etesync/server synced 2025-01-28 09:30:56 +00:00
Code Issues Releases Wiki Activity

Avoid leaking user existence info

Browse Source
This commit is contained in:
1fexd 2024-05-05 13:39:27 +02:00
parent 6b66ec16d5
commit 886a5621f0
No known key found for this signature in database
GPG Key ID: B459DD424E49FAAD
1 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
etebase_server/fastapi/routers/authentication.py
View File

@ -1,3 +1,4 @@
import random
import typing as t import typing as t
from typing_extensions import Literal from typing_extensions import Literal
from datetime import datetime from datetime import datetime
@ -122,16 +123,36 @@ def get_login_user(request: Request, challenge: LoginChallengeIn) -> UserType:
raise AuthenticationFailed(code="user_not_init", detail="User not properly init") raise AuthenticationFailed(code="user_not_init", detail="User not properly init")
return user return user
except User.DoesNotExist: except User.DoesNotExist:
raise AuthenticationFailed(code="user_not_found", detail="User not found") return fake_user(username)
def get_encryption_key(salt: bytes): FAKE_USER_COUNT = 1000
def fake_user(username: str) -> UserType:
username_bytes = bytes(username, encoding="utf-8")
login_pubkey = get_encryption_key(b"", b"loginPubkey", username_bytes)[:32]
salt = get_encryption_key(b"", b"salt", username_bytes)[:16]
user = User()
user.username = username
user.id = random.Random(settings.SECRET_KEY + username).randint(0, FAKE_USER_COUNT)
userinfo = UserInfo()
userinfo.loginPubkey = login_pubkey
userinfo.salt = salt
user.userinfo = userinfo
return user
def get_encryption_key(salt: bytes, person=b"etebase-auth", data: bytes = b""):
key = nacl.hash.blake2b(settings.SECRET_KEY.encode(), encoder=nacl.encoding.RawEncoder) key = nacl.hash.blake2b(settings.SECRET_KEY.encode(), encoder=nacl.encoding.RawEncoder)
return nacl.hash.blake2b( return nacl.hash.blake2b(
b"", data=data,
key=key, key=key,
salt=salt[: nacl.hash.BLAKE2B_SALTBYTES], salt=salt[: nacl.hash.BLAKE2B_SALTBYTES],
person=b"etebase-auth", person=person,
encoder=nacl.encoding.RawEncoder, encoder=nacl.encoding.RawEncoder,
) )