Class: KStor::Model::User

Inherits:
Base
  • Object
show all
Defined in:
lib/kstor/model.rb

Overview

A person allowed to connect to the application.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Base

#clean, #dirty?, #initialize, property, property?

Constructor Details

This class inherits a constructor from KStor::Model::Base

Instance Attribute Details

#encrypted_privkObject

Returns value of property encrypted_privk

Returns:

  • returns value of property encrypted_privk



173
 
# File 'lib/kstor/model.rb', line 173

property :encrypted_privk

#idObject

Returns value of property id

Returns:

  • returns value of property id



161
 
# File 'lib/kstor/model.rb', line 161

property :id

#kdf_paramsObject

Returns value of property kdf_params

Returns:

  • returns value of property kdf_params



171
 
# File 'lib/kstor/model.rb', line 171

property :kdf_params

#keychainObject

Returns value of property keychain

Returns:

  • returns value of property keychain



177
 
# File 'lib/kstor/model.rb', line 177

property :keychain

#loginObject

Returns value of property login

Returns:

  • returns value of property login



163
 
# File 'lib/kstor/model.rb', line 163

property :login

#nameObject

Returns value of property name

Returns:

  • returns value of property name



165
 
# File 'lib/kstor/model.rb', line 165

property :name

#privkObject

Returns value of property privk

Returns:

  • returns value of property privk



175
 
# File 'lib/kstor/model.rb', line 175

property :privk

#pubkObject

Returns value of property pubk

Returns:

  • returns value of property pubk



169
 
# File 'lib/kstor/model.rb', line 169

property :pubk

#statusObject

Returns value of property status

Returns:

  • returns value of property status



167
 
# File 'lib/kstor/model.rb', line 167

property :status

Instance Method Details

#change_password(password, new_password) ⇒ Object

Re-encrypt private key and keychain with a new secret key derived from the new password.

Parameters:

  • password (String)

    old password

  • new_password (String)

    new password



268
269
270
271
272
273
274
 
# File 'lib/kstor/model.rb', line 268

def change_password(password, new_password)
  Log.info("model: changing password for user #{}")
  old_secret_key = secret_key(password)
  unlock(old_secret_key)
  new_secret_key = secret_key(new_password)
  encrypt(new_secret_key)
end

#encrypt(secret_key) ⇒ Object

Re-encrypt user private key and keychain.

This will overwrite the #encrypted_privk property and call KeychainItem#encrypt on the keychain.

Parameters:

See Also:



215
216
217
218
219
220
221
 
# File 'lib/kstor/model.rb', line 215

def encrypt(secret_key)
  Log.debug("model: lock user data for #{}")
  self.encrypted_privk = Crypto.encrypt_user_privk(
    secret_key, privk
  )
  keychain.each_value { |it| it.encrypt(pubk) }
end

#lockObject

Forget about the user’s decrypted private key and the group private keys in the keychain.

This will unset the #privk property and call KeychainItem#lock on the keychain.



228
229
230
231
232
233
 
# File 'lib/kstor/model.rb', line 228

def lock
  return if locked?

  self.privk = nil
  keychain.each_value(&:lock)
end

#locked?Boolean

Check if some sensitive data was decrypted.

Returns:

  • (Boolean)

    true if private key or keychain was decrypted



238
239
240
 
# File 'lib/kstor/model.rb', line 238

def locked?
  privk.nil? && keychain.all? { |_, it| it.locked? }
end

#reset_password(password) ⇒ Object

Generate a new key pair and throw away all keychain items.

Parameters:

  • password (String)

    new user password



254
255
256
257
258
259
260
261
 
# File 'lib/kstor/model.rb', line 254

def reset_password(password)
  Log.info("model: resetting password for user #{}")
  reset_key_pair
  secret_key = Crypto.key_derive(password)
  self.kdf_params = secret_key.kdf_params
  encrypt(secret_key)
  self.keychain = {}
end

#secret_key(password) ⇒ KStor::Crypto::SecretKey

Derive secret key from password.

If user has no keypair yet, initialize it.

Parameters:

  • password (String)

    plaintext password

Returns:



185
186
187
188
189
 
# File 'lib/kstor/model.rb', line 185

def secret_key(password)
  Log.debug("model: deriving secret key for user #{}")
  reset_password(password) unless initialized?
  Crypto.key_derive(password, kdf_params)
end

#to_hObject

Dump properties except #encrypted_privk and #pubk.



277
278
279
280
281
282
 
# File 'lib/kstor/model.rb', line 277

def to_h
  h = super.except('encrypted_privk', 'pubk')
  h['keychain'] = keychain.transform_values(&:to_h) if keychain

  h
end

#unlock(secret_key) ⇒ Object

Decrypt user private key and keychain.

This will set the #privk property and call KeychainItem#unlock on the keychain.

Parameters:

See Also:



199
200
201
202
203
204
205
 
# File 'lib/kstor/model.rb', line 199

def unlock(secret_key)
  return if unlocked?

  Log.debug("model: unlock user #{}")
  self.privk = Crypto.decrypt_user_privk(secret_key, encrypted_privk)
  keychain.each_value { |it| it.unlock(it.group_pubk, privk) }
end

#unlocked?Boolean

Check if no sensitive data was decrypted.

Returns:

  • (Boolean)

    true if neither private key nor any keychain iyem was decrypted.



246
247
248
 
# File 'lib/kstor/model.rb', line 246

def unlocked?
  !privk.nil? || keychain.any? { |_, it| it.unlocked? }
end