diff --git a/src/AliasVault.Client/Auth/Pages/Setup/Components/CreatingStep.razor b/src/AliasVault.Client/Auth/Pages/Setup/Components/CreatingStep.razor index c09cd1562..21d7891a7 100644 --- a/src/AliasVault.Client/Auth/Pages/Setup/Components/CreatingStep.razor +++ b/src/AliasVault.Client/Auth/Pages/Setup/Components/CreatingStep.razor @@ -1,7 +1,6 @@ @inherits AliasVault.Client.Auth.Pages.Base.LoginBase @layout Auth.Layout.EmptyLayout @attribute [AllowAnonymous] -@inject IConfiguration Configuration @using System.Text.Json @using AliasVault.Client.Utilities @using AliasVault.Cryptography.Client diff --git a/src/AliasVault.Client/Config.cs b/src/AliasVault.Client/Config.cs index bf7da0c08..b8a057415 100644 --- a/src/AliasVault.Client/Config.cs +++ b/src/AliasVault.Client/Config.cs @@ -4,7 +4,6 @@ // Licensed under the MIT license. See LICENSE.md file in the project root for full license information. // //----------------------------------------------------------------------- - namespace AliasVault.Client; /// @@ -13,20 +12,19 @@ namespace AliasVault.Client; public class Config { /// - /// Gets or sets the admin password hash which is generated by install.sh and will be set - /// as the default password for the admin user. + /// Gets or sets the API URL for the AliasVault server. /// - public string ApiUrl { get; set; } = "false"; + public string ApiUrl { get; set; } = string.Empty; /// - /// Gets or sets the domains that the AliasVault server is listening for. + /// Gets or sets the list of private email domains that the AliasVault server is listening for. /// Email addresses that client vault users use will be registered at the server /// to get exclusive access to the email address. /// public List PrivateEmailDomains { get; set; } = []; /// - /// Gets or sets the public email domains that are allowed to be used by the client vault users. + /// Gets or sets the list of public email domains that are allowed to be used by the client vault users. /// public List PublicEmailDomains { get; set; } = [ @@ -41,4 +39,22 @@ public class Config "spamok.es", "spamok.fr", ]; + + /// + /// Gets or sets a value indicating whether to use a debug encryption key. + /// This should only be set to true in development environments. + /// + public bool UseDebugEncryptionKey { get; set; } + + /// + /// Gets or sets the type of cryptography to use for password hashing. + /// Currently supports "Argon2Id". + /// + public string? CryptographyOverrideType { get; set; } + + /// + /// Gets or sets the JSON string containing cryptography settings. + /// For Argon2Id, this includes DegreeOfParallelism, MemorySize, and Iterations. + /// + public string? CryptographyOverrideSettings { get; set; } } diff --git a/src/AliasVault.Client/Services/Auth/AuthService.cs b/src/AliasVault.Client/Services/Auth/AuthService.cs index 1c6ebc6ed..111116c48 100644 --- a/src/AliasVault.Client/Services/Auth/AuthService.cs +++ b/src/AliasVault.Client/Services/Auth/AuthService.cs @@ -21,9 +21,9 @@ using Microsoft.AspNetCore.Components.WebAssembly.Hosting; /// The HTTP client. /// The local storage service. /// IWebAssemblyHostEnvironment instance. -/// IConfiguration instance. +/// Config instance. /// JSInteropService instance. -public sealed class AuthService(HttpClient httpClient, ILocalStorageService localStorage, IWebAssemblyHostEnvironment environment, IConfiguration configuration, JsInteropService jsInteropService) +public sealed class AuthService(HttpClient httpClient, ILocalStorageService localStorage, IWebAssemblyHostEnvironment environment, Config config, JsInteropService jsInteropService) { private const string AccessTokenKey = "token"; private const string RefreshTokenKey = "refreshToken"; @@ -107,7 +107,7 @@ public sealed class AuthService(HttpClient httpClient, ILocalStorageService loca /// SrpArgonEncryption key as base64 string. public string GetEncryptionKeyAsBase64Async() { - if (environment.IsDevelopment() && configuration["UseDebugEncryptionKey"] == "true") + if (environment.IsDevelopment() && config.UseDebugEncryptionKey) { // When project runs in development mode a static encryption key will be used. // This allows to skip the unlock screen for faster development. diff --git a/src/AliasVault.Client/Services/Auth/UserRegistrationService.cs b/src/AliasVault.Client/Services/Auth/UserRegistrationService.cs index 9cc1d9aa4..bf5c7d157 100644 --- a/src/AliasVault.Client/Services/Auth/UserRegistrationService.cs +++ b/src/AliasVault.Client/Services/Auth/UserRegistrationService.cs @@ -16,34 +16,14 @@ using Microsoft.AspNetCore.Components.Authorization; using SecureRemotePassword; /// -/// This service is responsible for registering a new user. +/// Service responsible for handling user registration operations. /// -public class UserRegistrationService +/// The HTTP client used for making registration requests. +/// The provider that manages authentication state. +/// The service handling authentication operations. +/// The application configuration. +public class UserRegistrationService(HttpClient httpClient, AuthenticationStateProvider authStateProvider, AuthService authService, Config config) { - private readonly HttpClient _httpClient; - private readonly AuthenticationStateProvider _authStateProvider; - private readonly AuthService _authService; - private readonly IConfiguration _configuration; - - /// - /// Initializes a new instance of the class. - /// - /// The HTTP client. - /// The authentication state provider. - /// The authentication service. - /// The configuration. - public UserRegistrationService( - HttpClient httpClient, - AuthenticationStateProvider authStateProvider, - AuthService authService, - IConfiguration configuration) - { - _httpClient = httpClient; - _authStateProvider = authStateProvider; - _authService = authService; - _configuration = configuration; - } - /// /// Registers a new user asynchronously. /// @@ -59,10 +39,10 @@ public class UserRegistrationService string encryptionType = Defaults.EncryptionType; string encryptionSettings = Defaults.EncryptionSettings; - if (_configuration["CryptographyOverrideType"] is not null && _configuration["CryptographyOverrideSettings"] is not null) + if (config.CryptographyOverrideType is not null && config.CryptographyOverrideSettings is not null) { - encryptionType = _configuration["CryptographyOverrideType"]!; - encryptionSettings = _configuration["CryptographyOverrideSettings"]!; + encryptionType = config.CryptographyOverrideType; + encryptionSettings = config.CryptographyOverrideSettings; } var passwordHash = await Encryption.DeriveKeyFromPasswordAsync(password, salt, encryptionType, encryptionSettings); @@ -70,7 +50,7 @@ public class UserRegistrationService var srpSignup = Srp.PasswordChangeAsync(client, salt, username, passwordHashString); var registerRequest = new RegisterRequest(srpSignup.Username, srpSignup.Salt, srpSignup.Verifier, encryptionType, encryptionSettings); - var result = await _httpClient.PostAsJsonAsync("api/v1/Auth/register", registerRequest); + var result = await httpClient.PostAsJsonAsync("api/v1/Auth/register", registerRequest); var responseContent = await result.Content.ReadAsStringAsync(); if (!result.IsSuccessStatusCode) @@ -86,10 +66,10 @@ public class UserRegistrationService return (false, "An error occurred during registration."); } - await _authService.StoreEncryptionKeyAsync(passwordHash); - await _authService.StoreAccessTokenAsync(tokenObject.Token); - await _authService.StoreRefreshTokenAsync(tokenObject.RefreshToken); - await _authStateProvider.GetAuthenticationStateAsync(); + await authService.StoreEncryptionKeyAsync(passwordHash); + await authService.StoreAccessTokenAsync(tokenObject.Token); + await authService.StoreRefreshTokenAsync(tokenObject.RefreshToken); + await authStateProvider.GetAuthenticationStateAsync(); return (true, null); }