import 'dart:convert'; import 'dart:io'; import 'package:dartssh2/dartssh2.dart'; import 'package:flutter/material.dart'; // for ed2219 key generation import 'package:cryptography/cryptography.dart'; import 'package:flutter/services.dart'; // secret storage import 'package:flutter_secure_storage/flutter_secure_storage.dart'; import 'package:oauth2/oauth2.dart' as oauth2; import 'package:url_launcher/url_launcher.dart'; import 'package:provider/provider.dart'; import 'authentik_api.dart' as authentik; void main() { runApp( MultiProvider( providers: [ ChangeNotifierProvider( create: (context) => AuthentikUserSettingsChangeDialogState(), ), ], child: const MyApp(), ), ); } void makeAlert(BuildContext context, String title, String message) { showDialog( context: context, builder: (BuildContext context) => AlertDialog( title: Text(title), content: Text(message), actions: [ TextButton( onPressed: () => Navigator.pop(context, 'OK'), child: const Text('OK'), ), ], ), ); } Future generateKeyPair() async { final algorithm = Ed25519(); // Generate a key pair final cryptographyKeyPair = await algorithm.newKeyPair(); final privateKey = await cryptographyKeyPair.extractPrivateKeyBytes(); final publicKey = (await cryptographyKeyPair.extractPublicKey()).bytes; final dartsshKeyPair = OpenSSHEd25519KeyPair( Uint8List.fromList(publicKey), Uint8List.fromList(privateKey + publicKey), "", ); return dartsshKeyPair; } String encodePublicKey(OpenSSHEd25519KeyPair keyPair, {String comment = ''}) { final publicKeyBytes = keyPair.toPublicKey().encode(); return "ssh-ed25519 ${base64.encode(publicKeyBytes)} $comment"; } class MyApp extends StatelessWidget { const MyApp({super.key}); @override Widget build(BuildContext context) { return MaterialApp( title: 'Flutter Demo', theme: ThemeData( colorScheme: ColorScheme.fromSeed(seedColor: Colors.deepPurple), ), home: const MyHomePage(title: 'LeineLab e.V. Key App'), ); } } class MyHomePage extends StatefulWidget { const MyHomePage({super.key, required this.title}); final String title; @override State createState() => _MyHomePageState(); } class _MyHomePageState extends State { int navIndex = 0; OpenSSHEd25519KeyPair? keyPair; String _output = ''; String key = ''; Future doSSH() async { SSHSocket? socket; try { socket = await SSHSocket.connect( '192.168.2.123', 22, timeout: const Duration(seconds: 0, milliseconds: 500), ); final client = SSHClient( socket, username: 'test', identities: List.of(keyPair != null ? [keyPair!] : []), ); final uptime = await client.run('uptime'); setState(() { _output = utf8.decode(uptime); }); } catch (e) { setState(() { _output = "Error: $e"; }); return; } } Future obtainKeyPair({bool regenerate = false}) async { // Generate a key pair final storage = const FlutterSecureStorage(); final storedKey = await storage.read(key: 'ssh_key_pair'); // Restore the key if we have one stored and regeneration is not requested if (storedKey != null && !regenerate) { // If we have a stored key, use it final keyPairsFromStorage = SSHKeyPair.fromPem(storedKey); assert(keyPairsFromStorage.length == 1); assert(keyPairsFromStorage[0] is OpenSSHEd25519KeyPair); final keyPairFromStorage = keyPairsFromStorage[0] as OpenSSHEd25519KeyPair; setState(() { keyPair = keyPairFromStorage; key = encodePublicKey(keyPairFromStorage, comment: "leinelab-app-key"); }); return; } final generatedKeyPair = await generateKeyPair(); // local variable avoids downcast to ? ptr await storage.write(key: 'ssh_key_pair', value: generatedKeyPair.toPem()); setState(() { keyPair = generatedKeyPair; key = encodePublicKey(generatedKeyPair, comment: "leinelab-app-key"); }); await SystemChannels.platform.invokeMethod( 'Clipboard.setData', {'text': key}, ); } @override void initState() { super.initState(); // we do not await generateKey() here, as this is the intended way obtainKeyPair(); } @override Widget build(BuildContext context) { final String outputText = _output.isNotEmpty ? 'Output: $_output' : 'Press the button to run a command.'; final authentikApiState = context .watch(); //final userSettingsDialog = final bodyComponentMain = Center( child: Column( mainAxisAlignment: MainAxisAlignment.center, children: [ TextButton( onPressed: authentikApiState.start, child: Text("Oauth2 Login"), ), Text('Current output:'), Consumer( builder: ( BuildContext context, AuthentikUserSettingsChangeDialogState dialogState, Widget? child, ) { return Text( dialogState.keysToKeep.isEmpty ? 'No keys selected to keep.' : 'Keys selected to keep: ${dialogState.keysToKeep.join(', ')}', ); }, ), Text(outputText, style: Theme.of(context).textTheme.headlineMedium), // Generated code for this Text Widget... KeepOrDeleteKey(sshKey: "ssh-ed22519 abs csas blabla"), KeepOrDeleteKey(sshKey: "ssh-ed22519 abs "), ], ), ); final bodyComponentInfo = Center( child: Column( mainAxisAlignment: MainAxisAlignment.center, children: [Center(child: Text('Info\n\n$key'))], ), ); final actionButtonMain = FloatingActionButton( onPressed: doSSH, tooltip: 'Do SSH', child: const Icon(Icons.computer), ); final actionButtonInfo = FloatingActionButton( onPressed: () => obtainKeyPair(regenerate: true), tooltip: 'Regenerate Key', child: const Icon(Icons.refresh), ); var bodyComponent = bodyComponentMain; var actionButton = actionButtonMain; if (navIndex == 0) { // Main page bodyComponent = bodyComponentMain; actionButton = actionButtonMain; } else if (navIndex == 1) { // Info page bodyComponent = bodyComponentInfo; actionButton = actionButtonInfo; } else { throw Exception('Unknown navIndex: $navIndex'); } final mainPage = Scaffold( appBar: AppBar(backgroundColor: Colors.amber, title: Text(widget.title)), body: bodyComponent, floatingActionButton: actionButton, drawer: Drawer( child: ListView( padding: EdgeInsets.zero, children: [ DrawerHeader( decoration: BoxDecoration(color: Colors.amber), child: Text( widget.title, style: TextStyle(color: Colors.black, fontSize: 24), ), ), ListTile( title: const Text('Main Page'), onTap: () { setState(() { navIndex = 0; }); Navigator.pop(context); }, ), ListTile( title: const Text('Info Page'), onTap: () { setState(() { navIndex = 1; }); Navigator.pop(context); }, ), ], ), ), ); if (authentikApiState.isClosed()) { return mainPage; } var title; var children = []; var actions = [ TextButton(onPressed: authentikApiState.exit, child: Text("Cancel")), ]; switch (authentikApiState.status) { case AuthentikUserSettingsChangeDialogStatus.closed: return mainPage; case AuthentikUserSettingsChangeDialogStatus.waitingForOAuth: title = Text("Waiting for OAuth"); children = [Text("Please complete the OAuth flow in your browser.")]; case AuthentikUserSettingsChangeDialogStatus.loadingUserSettings: title = Text("Loading User Settings"); children = [Text("Loading...")]; case AuthentikUserSettingsChangeDialogStatus.userSettingsObtained: title = Text("User Settings Obtained"); children = [Text("You can now edit your user settings.")]; for (var k in authentikApiState.allKeys) { children.add(KeepOrDeleteKey(sshKey: k, isOurKey: k == key)); } if (!authentikApiState.allKeys.contains(key)) { // If the key is not already in the list, add it children.add(KeepOrDeleteKey(sshKey: key, isOurKey: true)); } actions.add( TextButton( onPressed: () { // Close the dialog and return to the main page authentikApiState.save(); }, child: Text("Save and Close"), ), ); case AuthentikUserSettingsChangeDialogStatus.savingUserSettings: title = Text("Saving User Settings"); children = [Text("Saving...")]; } final dialog = AlertDialog( title: title, content: SingleChildScrollView(child: Column(children: children)), actions: actions, ); return Stack( children: [ mainPage, ModalBarrier(dismissible: false, color: Colors.black54), dialog, ], ); } } enum AuthentikUserSettingsChangeDialogStatus { closed, waitingForOAuth, loadingUserSettings, userSettingsObtained, savingUserSettings, } class AuthentikUserSettingsChangeDialogState extends ChangeNotifier { AuthentikUserSettingsChangeDialogStatus _status = AuthentikUserSettingsChangeDialogStatus.closed; oauth2.Client? oauthClient; String? sessionCookie; Map? userSettings; HttpServer? server; AuthentikUserSettingsChangeDialogStatus get status => _status; List _allKeys = []; List _keysToKeep = []; List get allKeys => _allKeys; List get keysToKeep => _keysToKeep; Future getOAuth2Client() async { // This is a placeholder for OAuth2 client initialization. // Replace with your actual OAuth2 client setup. final authorizationEndpoint = Uri.parse( 'https://auth.leinelab.org/application/o/authorize/', ); final tokenEndpoint = Uri.parse( 'https://auth.leinelab.org/application/o/token/', ); final identifier = 'UwSMm8gTwBTUURSaxp5uPpuwX1OkGO4FRHeO9v3i'; final secret = null; // = 'my client secret'; final redirectUrl = Uri.parse('http://localhost:30165/'); // final credentialsFile = File('~/.myapp/credentials.json'); // //.... // var exists = await credentialsFile.exists(); // if (exists) { // var credentials = oauth2.Credentials.fromJson( // await credentialsFile.readAsString(), // ); // return oauth2.Client(credentials, identifier: identifier, secret: secret); // } var grant = oauth2.AuthorizationCodeGrant( identifier, authorizationEndpoint, tokenEndpoint, secret: secret, ); var authorizationUrl = grant.getAuthorizationUrl( redirectUrl, scopes: ["profile", "email", "goauthentik.io/api", "openid"], ); // TODO: clicking the button twice might try to bind the server twice server = await HttpServer.bind("127.0.0.1", 30165); await launchUrl(authorizationUrl); var queryParameters; if (server == null) { // exit() might have been called before we arrived here. return null; } await server!.forEach((HttpRequest request) { request.response.write( 'Success! You can close this window now and go back to the app.', ); queryParameters = request.uri.queryParameters; request.response.close(); server!.close(); }); return await grant.handleAuthorizationResponse(queryParameters); } Future start() async { // Reset the state to be sure oauthClient = null; sessionCookie = null; userSettings = null; _status = AuthentikUserSettingsChangeDialogStatus.waitingForOAuth; notifyListeners(); oauthClient = await getOAuth2Client(); if (isClosed()) { // If the dialog was closed before we got the client, exit return; } sessionCookie = await authentik.getSessionCookie(oauthClient!); if (isClosed()) { // If the dialog was closed before we got the session cookie, exit return; } _status = AuthentikUserSettingsChangeDialogStatus.loadingUserSettings; notifyListeners(); userSettings = await authentik.getUserSettings( oauthClient!, sessionCookie!, ); if (isClosed()) { // If the dialog was closed before we got the user settings, exit return; } _status = AuthentikUserSettingsChangeDialogStatus.userSettingsObtained; if (userSettings != null && userSettings!['attributes.sshPublicKeys'] != null) { // If we have SSH keys, add them to the list of all keys final sshKeysString = userSettings!['attributes.sshPublicKeys'] as String; _allKeys = sshKeysString .split('\n') .where((key) => key.isNotEmpty) .toList(); } else { throw Exception( "Expected 'attributes.sshPublicKeys' in user settings, but got: $userSettings", ); } notifyListeners(); } void exit() { _status = AuthentikUserSettingsChangeDialogStatus.closed; oauthClient = null; sessionCookie = null; userSettings = null; if (server != null) { server!.close(); server = null; } notifyListeners(); } bool isClosed() { return _status == AuthentikUserSettingsChangeDialogStatus.closed; } Future save() async { if (isClosed()) { return; } if (_status != AuthentikUserSettingsChangeDialogStatus.userSettingsObtained) { throw Exception("Cannot save, not started or no settings obtained."); } userSettings!['attributes.sshPublicKeys'] = _keysToKeep.join('\n'); _status = AuthentikUserSettingsChangeDialogStatus.savingUserSettings; notifyListeners(); await authentik.setUserSettings( oauthClient!, sessionCookie!, userSettings!, ); exit(); } void keepKey(String key) { if (_keysToKeep.contains(key)) { // If the key is already in the list, do nothing return; } _keysToKeep.add(key); notifyListeners(); } void selectKeyForDeletion(String key) { _keysToKeep.remove(key); notifyListeners(); } bool isKeySelectedToKeep(String key) { return _keysToKeep.contains(key); } void clearKeys() { _keysToKeep.clear(); notifyListeners(); } // Future doOAuth1() async { // final client = await getOAuth2Client(); // // TODO: Handle errors better // try { // final jsonMe = await client.read( // Uri.parse('https://auth.leinelab.org/api/v3/core/users/me/'), // ); // final me = jsonDecode(jsonMe); // final user = me['user']; // final transformed = { // "username": user['username'], // "name": user['name'], // "email": user['email'], // "attributes.settings.locale": user['settings']['locale'], // "attributes.sshPublicKeys": // "foooooooobar :O :O!", // fix oder aus anderer Quelle // "component": "ak-stage-prompt", // }; // print(user); // print(transformed); // } catch (e) { // print(e.toString()); // } // ; // } } class KeepOrDeleteKey extends StatelessWidget { final String sshKey; final bool isOurKey; const KeepOrDeleteKey({ super.key, required this.sshKey, this.isOurKey = false, }); @override Widget build(BuildContext context) { final key = sshKey; final isKeyPreviouslyExisting = context .select( (keylist) => keylist.allKeys.contains(key), ); final isKeySelectedToKeep = context .select( (keylist) => keylist.isKeySelectedToKeep(key), ); final buttonStyleKeepActive = ButtonStyle( backgroundColor: MaterialStateProperty.all(Colors.blue), foregroundColor: MaterialStateProperty.all(Colors.white), ); final buttonStyleDeleteActive = ButtonStyle( backgroundColor: MaterialStateProperty.all(Colors.red), foregroundColor: MaterialStateProperty.all(Colors.white), ); ButtonStyle? buttonStyleKeep; ButtonStyle? buttonStyleDelete = buttonStyleDeleteActive; if (isKeySelectedToKeep) { buttonStyleKeep = buttonStyleKeepActive; buttonStyleDelete = null; } var title = "Unnamed Key"; final sshKeySplit = sshKey.split(' '); if (sshKeySplit.length >= 3) { final potentialTitle = sshKeySplit.sublist(2).join(' '); if (potentialTitle != "") { title = potentialTitle; } } var textPush = "Keep Key"; var textDoNotPush = "Select for Deletion"; if (!isKeyPreviouslyExisting) { textPush = "Push Key"; textDoNotPush = "Do Not Push Key"; } Widget titleWidget = Text(title, style: TextStyle(fontSize: 25)); if (isOurKey) { titleWidget = Row( mainAxisAlignment: MainAxisAlignment.spaceEvenly, children: [ titleWidget, Container( decoration: BoxDecoration( color: Colors.green, borderRadius: BorderRadius.circular(5), ), padding: EdgeInsets.all(5), child: Text( "This Device", style: TextStyle(fontSize: 15, color: Colors.white), ), ), ], ); } return Card( margin: EdgeInsets.fromLTRB(20, 20, 20, 0), child: Column( children: [ Padding(padding: EdgeInsets.all(20), child: titleWidget), Padding( padding: EdgeInsets.fromLTRB(20, 0, 20, 20), child: Text(sshKey, style: TextStyle(fontSize: 15)), ), Padding( padding: EdgeInsets.fromLTRB(20, 0, 20, 20), child: Row( mainAxisAlignment: MainAxisAlignment.spaceAround, children: [ TextButton( onPressed: () { Provider.of( context, listen: false, ).keepKey(sshKey); }, style: buttonStyleKeep, child: Text(textPush), ), TextButton( onPressed: () { Provider.of( context, listen: false, ).selectKeyForDeletion(sshKey); }, style: buttonStyleDelete, child: Text(textDoNotPush), ), ], ), ), ], ), ); } }