From d7ee500ba6695704efaff1949db333a1e15cc4d2 Mon Sep 17 00:00:00 2001
From: Dominik Korsa <dominik.korsa@gmail.com>
Date: Tue, 19 Jan 2021 21:39:03 +0100
Subject: [PATCH] Store encrypted private key in cookies

---
 .../src/routes/website-api/models/login-result.ts   |  3 ---
 .../routes/website-api/resolvers/login-resolver.ts  | 13 +++++++++++--
 backend/src/types.ts                                |  8 +++++++-
 .../authenticate-prompt-windows/login-window.vue    |  4 ++--
 website/src/graphql/generated.ts                    |  3 ---
 website/src/graphql/mutations/login.ts              |  1 -
 6 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/backend/src/routes/website-api/models/login-result.ts b/backend/src/routes/website-api/models/login-result.ts
index b4429da..9c32a12 100644
--- a/backend/src/routes/website-api/models/login-result.ts
+++ b/backend/src/routes/website-api/models/login-result.ts
@@ -3,9 +3,6 @@ import LoginResultStudent from './login-result-student';
 
 @ObjectType()
 export default class LoginResult {
-  @Field(() => String)
-  public encryptedPrivateKey!: string;
-
   @Field(() => [LoginResultStudent])
   public students!: LoginResultStudent[];
 }
diff --git a/backend/src/routes/website-api/resolvers/login-resolver.ts b/backend/src/routes/website-api/resolvers/login-resolver.ts
index 0cce8ce..ed43c81 100644
--- a/backend/src/routes/website-api/resolvers/login-resolver.ts
+++ b/backend/src/routes/website-api/resolvers/login-resolver.ts
@@ -21,7 +21,7 @@ export default class LoginResolver {
       @Arg('username') username: string,
       @Arg('password') password: string,
       @Arg('host') host: string,
-      @Ctx() { sessionData }: WebsiteAPIContext,
+      @Ctx() { sessionData, reply }: WebsiteAPIContext,
   ): Promise<LoginResult> {
     const prompt = sessionData.prompts.get(promptId);
     if (!prompt) throw new UnknownPromptError();
@@ -55,8 +55,17 @@ export default class LoginResolver {
       username,
       availableStudentIds: students.map(({ studentId }) => studentId),
     };
+    // TODO: Find why the promise never resolves
+    reply.setCookie('epk', encryptedPrivateKey, {
+      sameSite: 'strict',
+      httpOnly: true,
+      path: '/',
+      maxAge: 3600,
+    });
+    // In case execution of setCookie takes some time
+    // TODO: Remove
+    await new Promise((resolve) => setTimeout(resolve, 100));
     return {
-      encryptedPrivateKey,
       students,
     };
   }
diff --git a/backend/src/types.ts b/backend/src/types.ts
index 08da259..1840cd1 100644
--- a/backend/src/types.ts
+++ b/backend/src/types.ts
@@ -1,5 +1,10 @@
 import type {
-  FastifyInstance, FastifyRequest, RawReplyDefaultExpression, RawRequestDefaultExpression, RawServerDefault,
+  FastifyInstance,
+  FastifyReply,
+  FastifyRequest,
+  RawReplyDefaultExpression,
+  RawRequestDefaultExpression,
+  RawServerDefault,
 } from 'fastify';
 import { registerEnumType } from 'type-graphql';
 import type SessionData from './session-data';
@@ -45,4 +50,5 @@ export type MyFastifyInstance = FastifyInstance<RawServerDefault, RawRequestDefa
 
 export interface ApolloContext {
   request: FastifyRequest;
+  reply: FastifyReply,
 }
diff --git a/website/src/compontents/authenticate-prompt-windows/login-window.vue b/website/src/compontents/authenticate-prompt-windows/login-window.vue
index 7cce912..7b31c2e 100644
--- a/website/src/compontents/authenticate-prompt-windows/login-window.vue
+++ b/website/src/compontents/authenticate-prompt-windows/login-window.vue
@@ -79,8 +79,8 @@ export default class LoginWindow extends Vue {
         username: this.username,
         password: this.password,
       });
-      const { students, encryptedPrivateKey } = login;
-      console.log(students, encryptedPrivateKey);
+      const { students } = login;
+      console.log(students);
       this.reset();
     } catch (error) {
       console.error(error);
diff --git a/website/src/graphql/generated.ts b/website/src/graphql/generated.ts
index 8a5785e..b4218c5 100644
--- a/website/src/graphql/generated.ts
+++ b/website/src/graphql/generated.ts
@@ -61,7 +61,6 @@ export type MutationLoginArgs = {
 
 export type LoginResult = {
   __typename?: 'LoginResult';
-  encryptedPrivateKey: Scalars['String'];
   students: Array<LoginResultStudent>;
 };
 
@@ -82,7 +81,6 @@ export type LoginMutation = (
   { __typename?: 'Mutation' }
   & { login: (
     { __typename?: 'LoginResult' }
-    & Pick<LoginResult, 'encryptedPrivateKey'>
     & { students: Array<(
       { __typename?: 'LoginResultStudent' }
       & Pick<LoginResultStudent, 'studentId' | 'name'>
@@ -114,7 +112,6 @@ export const LoginDocument = gql`
     username: $username
     promptId: $promptId
   ) {
-    encryptedPrivateKey
     students {
       studentId
       name
diff --git a/website/src/graphql/mutations/login.ts b/website/src/graphql/mutations/login.ts
index e275bee..5bd7102 100644
--- a/website/src/graphql/mutations/login.ts
+++ b/website/src/graphql/mutations/login.ts
@@ -2,7 +2,6 @@ import gql from 'graphql-tag';
 
 export default gql`mutation Login($promptId: String!, $host: String!, $username: String!, $password: String!) {
   login(host: $host, password: $password, username: $username, promptId: $promptId) {
-    encryptedPrivateKey
     students {
       studentId
       name