From 68e2df24fdac15d2328555f31d44de627ec8b3f4 Mon Sep 17 00:00:00 2001 From: Jeremy Mahieu Date: Wed, 18 Dec 2019 22:08:16 +0100 Subject: [PATCH 1/6] Support TOTP --- index.html | 24 +++++++++++++++++++----- js/connection.js | 9 ++++++--- js/glowingbear.js | 11 ++++++++++- js/weechat.js | 3 +++ 4 files changed, 38 insertions(+), 9 deletions(-) diff --git a/index.html b/index.html index e30e596..3da29a8 100644 --- a/index.html +++ b/index.html @@ -114,7 +114,7 @@
- Error: wrong password + Error: wrong password or one-time password
@@ -123,18 +123,26 @@ Save password in your browser
+
+ +
-
+ + @@ -151,6 +159,7 @@
+

Use TLS encryption

WeeChat version 0.4.2 or higher is required—we recommend at least 1.0.

To start using Glowing Bear, follow the instructions below to set up an encrypted relay. All communication goes directly between your browser and your WeeChat relay! This means that your server must be accessible. We never see any of your data or your password, and you don't need to trust a "cloud". All settings, including your password, are saved locally in your own browser between sessions.

You're using Glowing Bear over an unencrypted connection (http://). This is not recommended! We recommend using our secure hosted version at https://www.glowing-bear.org/, or https://latest.glowing-bear.org for the latest and greatest development version. You can still follow the instructions below to set up an encrypted relay, though.
@@ -168,6 +177,11 @@ chown -R username:username ~username

Your certificate needs to be renewed every couple of months. Either follow the instructions for automatic renewal at https://certbot.eff.org, or run certbot renew manually when renewal is due. Important: You'll need to follow the instructions for copying the certificate to the right place again, and re-run /relay sslcertkey in WeeChat.

+

Use TOTP (Time-based One-Time Password)

+

Configure WeeChat for TOTP. The secret key has to be a base 32 string.

+ 
/secure set relay_totp_secret xxxxx
+/set relay.network.totp_secret "${sec.data.relay_totp_secret}"
+

Open an authenticator app and create an entry with the same secret. In Glowing Bear check the checkbox for "use Time-based One-Time Password" and fill in the one time password as you see it in the authenticator app.

diff --git a/js/connection.js b/js/connection.js index 1347551..242fcae 100644 --- a/js/connection.js +++ b/js/connection.js @@ -20,7 +20,7 @@ weechat.factory('connection', var locked = false; // Takes care of the connection and websocket hooks - var connect = function (host, port, path, passwd, ssl, noCompression, successCallback, failCallback) { + var connect = function (host, port, path, passwd, ssl, useTotp, totp, noCompression, successCallback, failCallback) { $rootScope.passwordError = false; connectionData = [host, port, path, passwd, ssl, noCompression]; var proto = ssl ? 'wss' : 'ws'; @@ -45,7 +45,9 @@ weechat.factory('connection', ngWebsockets.send( weeChat.Protocol.formatInit({ password: passwd, - compression: noCompression ? 'off' : 'zlib' + compression: noCompression ? 'off' : 'zlib', + useTotp: useTotp, + totp: totp }) ); @@ -328,7 +330,8 @@ weechat.factory('connection', var attemptReconnect = function (bufferId, timeout) { $log.info('Attempting to reconnect...'); var d = connectionData; - connect(d[0], d[1], d[2], d[3], d[4], function() { + // won't work if totp is mandetory + connect(d[0], d[1], d[2], d[3], d[4], false, "", function() { $rootScope.reconnecting = false; // on success, update active buffer models.setActiveBuffer(bufferId); diff --git a/js/glowingbear.js b/js/glowingbear.js index 1dd2291..32c83ae 100644 --- a/js/glowingbear.js +++ b/js/glowingbear.js @@ -45,6 +45,7 @@ weechat.controller('WeechatCtrl', ['$rootScope', '$scope', '$store', '$timeout', 'port': 9001, 'path': 'weechat', 'ssl': (window.location.protocol === "https:"), + 'useTotp': false, 'savepassword': false, 'autoconnect': false, 'nonicklist': utils.isMobileUi(), @@ -687,6 +688,13 @@ weechat.controller('WeechatCtrl', ['$rootScope', '$scope', '$store', '$timeout', } }; + $scope.changeUseTOTP = function() { + if (settings.useTotp) { + settings.autoconnect = false; + } + } + + $scope.connect = function() { notifications.requestNotificationPermission(); $rootScope.sslError = false; @@ -695,7 +703,8 @@ weechat.controller('WeechatCtrl', ['$rootScope', '$scope', '$store', '$timeout', $rootScope.bufferBottom = true; $scope.connectbutton = 'Connecting'; $scope.connectbuttonicon = 'glyphicon-refresh glyphicon-spin'; - connection.connect(settings.host, settings.port, settings.path, $scope.password, settings.ssl); + connection.connect(settings.host, settings.port, settings.path, $scope.password, settings.ssl, settings.useTotp, $scope.totp); + $scope.totp = "";//clear for next time }; $scope.disconnect = function() { diff --git a/js/weechat.js b/js/weechat.js index 4d06ff5..f46e3ef 100644 --- a/js/weechat.js +++ b/js/weechat.js @@ -648,6 +648,9 @@ if (params.password !== null) { keys.push('password=' + params.password); } + if (params.useTotp) { + keys.push('totp=' + params.totp); + } parts.push(keys.join(',')); return WeeChatProtocol._formatCmd(null, 'init', parts); From 060a722a3f45fed583a9a18d3b4e16b9ef4b41e8 Mon Sep 17 00:00:00 2001 From: Jeremy Mahieu Date: Wed, 18 Dec 2019 22:28:12 +0100 Subject: [PATCH 2/6] Missed semicolon --- js/glowingbear.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/glowingbear.js b/js/glowingbear.js index 32c83ae..a139787 100644 --- a/js/glowingbear.js +++ b/js/glowingbear.js @@ -692,7 +692,7 @@ weechat.controller('WeechatCtrl', ['$rootScope', '$scope', '$store', '$timeout', if (settings.useTotp) { settings.autoconnect = false; } - } + }; $scope.connect = function() { From e87d74243fbb2c673edcf79b42a01bdcbe62344c Mon Sep 17 00:00:00 2001 From: Jeremy Mahieu Date: Thu, 19 Dec 2019 08:25:17 +0100 Subject: [PATCH 3/6] Spelling in comment --- js/connection.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/connection.js b/js/connection.js index 242fcae..d84ac76 100644 --- a/js/connection.js +++ b/js/connection.js @@ -330,7 +330,7 @@ weechat.factory('connection', var attemptReconnect = function (bufferId, timeout) { $log.info('Attempting to reconnect...'); var d = connectionData; - // won't work if totp is mandetory + // won't work if totp is mandatory connect(d[0], d[1], d[2], d[3], d[4], false, "", function() { $rootScope.reconnecting = false; // on success, update active buffer From 012bd882587d6463b7138bb1cb1843d95b76fe5c Mon Sep 17 00:00:00 2001 From: Jeremy Mahieu Date: Thu, 19 Dec 2019 22:16:01 +0100 Subject: [PATCH 4/6] Change layout and autoconnect behaviour. Add info next to topt function --- index.html | 24 ++++++++++++++++-------- js/connection.js | 8 +++++++- js/glowingbear.js | 5 ++--- 3 files changed, 25 insertions(+), 12 deletions(-) diff --git a/index.html b/index.html index 3da29a8..e66f13c 100644 --- a/index.html +++ b/index.html @@ -100,21 +100,31 @@
diff --git a/js/connection.js b/js/connection.js index d84ac76..b521332 100644 --- a/js/connection.js +++ b/js/connection.js @@ -328,9 +328,15 @@ weechat.factory('connection', }; var attemptReconnect = function (bufferId, timeout) { + // won't work if totp is mandatory + if (settings.useTotp) + { + $log.info('Not reconnecting because totp will be expired.'); + return; + } + $log.info('Attempting to reconnect...'); var d = connectionData; - // won't work if totp is mandatory connect(d[0], d[1], d[2], d[3], d[4], false, "", function() { $rootScope.reconnecting = false; // on success, update active buffer diff --git a/js/glowingbear.js b/js/glowingbear.js index a139787..d85114c 100644 --- a/js/glowingbear.js +++ b/js/glowingbear.js @@ -688,12 +688,11 @@ weechat.controller('WeechatCtrl', ['$rootScope', '$scope', '$store', '$timeout', } }; - $scope.changeUseTOTP = function() { + settings.addCallback('useTotp', function() { if (settings.useTotp) { settings.autoconnect = false; } - }; - + }); $scope.connect = function() { notifications.requestNotificationPermission(); From 876a9351ac12543f21c81c7e6ea438572b0e28d9 Mon Sep 17 00:00:00 2001 From: Jeremy Mahieu Date: Thu, 19 Dec 2019 22:37:32 +0100 Subject: [PATCH 5/6] Validate token field --- index.html | 4 ++-- js/glowingbear.js | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index e66f13c..b66a6ae 100644 --- a/index.html +++ b/index.html @@ -120,7 +120,7 @@
- +
@@ -152,7 +152,7 @@
- + diff --git a/js/glowingbear.js b/js/glowingbear.js index d85114c..ee8540e 100644 --- a/js/glowingbear.js +++ b/js/glowingbear.js @@ -694,6 +694,10 @@ weechat.controller('WeechatCtrl', ['$rootScope', '$scope', '$store', '$timeout', } }); + $scope.parseTotp = function() { + $scope.totpInvalid = !/^\d{6}$/.test($scope.totp); + }; + $scope.connect = function() { notifications.requestNotificationPermission(); $rootScope.sslError = false; From 4498312e14acae7ab8a026c7938eb12c51c9c5cf Mon Sep 17 00:00:00 2001 From: Jeremy Mahieu Date: Sat, 21 Dec 2019 01:02:48 +0100 Subject: [PATCH 6/6] Layout of checkboxes, 4-10digits, look of info --- index.html | 13 ++++++------- js/glowingbear.js | 2 +- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/index.html b/index.html index b66a6ae..e031aa1 100644 --- a/index.html +++ b/index.html @@ -126,13 +126,18 @@
Error: wrong password or token
-
+
+ +
-
- -
diff --git a/js/glowingbear.js b/js/glowingbear.js index ee8540e..5111d52 100644 --- a/js/glowingbear.js +++ b/js/glowingbear.js @@ -695,7 +695,7 @@ weechat.controller('WeechatCtrl', ['$rootScope', '$scope', '$store', '$timeout', }); $scope.parseTotp = function() { - $scope.totpInvalid = !/^\d{6}$/.test($scope.totp); + $scope.totpInvalid = !/^\d{4,10}$/.test($scope.totp); }; $scope.connect = function() {