670 lines
18 KiB
Dart
670 lines
18 KiB
Dart
import 'dart:convert';
|
|
import 'dart:io';
|
|
|
|
import 'package:dartssh2/dartssh2.dart';
|
|
import 'package:flutter/material.dart';
|
|
|
|
// for ed2219 key generation
|
|
import 'package:cryptography/cryptography.dart';
|
|
import 'package:flutter/services.dart';
|
|
|
|
// secret storage
|
|
import 'package:flutter_secure_storage/flutter_secure_storage.dart';
|
|
import 'package:oauth2/oauth2.dart' as oauth2;
|
|
|
|
import 'package:url_launcher/url_launcher.dart';
|
|
|
|
import 'package:provider/provider.dart';
|
|
|
|
import 'authentik_api.dart' as authentik;
|
|
|
|
void main() {
|
|
runApp(
|
|
MultiProvider(
|
|
providers: [
|
|
ChangeNotifierProvider(
|
|
create: (context) => AuthentikUserSettingsChangeDialogState(),
|
|
),
|
|
],
|
|
child: const MyApp(),
|
|
),
|
|
);
|
|
}
|
|
|
|
void makeAlert(BuildContext context, String title, String message) {
|
|
showDialog<String>(
|
|
context: context,
|
|
builder: (BuildContext context) => AlertDialog(
|
|
title: Text(title),
|
|
content: Text(message),
|
|
actions: <Widget>[
|
|
TextButton(
|
|
onPressed: () => Navigator.pop(context, 'OK'),
|
|
child: const Text('OK'),
|
|
),
|
|
],
|
|
),
|
|
);
|
|
}
|
|
|
|
Future<OpenSSHEd25519KeyPair> generateKeyPair() async {
|
|
final algorithm = Ed25519();
|
|
|
|
// Generate a key pair
|
|
final cryptographyKeyPair = await algorithm.newKeyPair();
|
|
|
|
final privateKey = await cryptographyKeyPair.extractPrivateKeyBytes();
|
|
final publicKey = (await cryptographyKeyPair.extractPublicKey()).bytes;
|
|
|
|
final dartsshKeyPair = OpenSSHEd25519KeyPair(
|
|
Uint8List.fromList(publicKey),
|
|
Uint8List.fromList(privateKey + publicKey),
|
|
"",
|
|
);
|
|
|
|
return dartsshKeyPair;
|
|
}
|
|
|
|
String encodePublicKey(OpenSSHEd25519KeyPair keyPair, {String comment = ''}) {
|
|
final publicKeyBytes = keyPair.toPublicKey().encode();
|
|
return "ssh-ed25519 ${base64.encode(publicKeyBytes)} $comment";
|
|
}
|
|
|
|
class MyApp extends StatelessWidget {
|
|
const MyApp({super.key});
|
|
|
|
@override
|
|
Widget build(BuildContext context) {
|
|
return MaterialApp(
|
|
title: 'Flutter Demo',
|
|
theme: ThemeData(
|
|
colorScheme: ColorScheme.fromSeed(seedColor: Colors.deepPurple),
|
|
),
|
|
home: const MyHomePage(title: 'LeineLab e.V. Key App'),
|
|
);
|
|
}
|
|
}
|
|
|
|
class MyHomePage extends StatefulWidget {
|
|
const MyHomePage({super.key, required this.title});
|
|
|
|
final String title;
|
|
|
|
@override
|
|
State<MyHomePage> createState() => _MyHomePageState();
|
|
}
|
|
|
|
class _MyHomePageState extends State<MyHomePage> {
|
|
int navIndex = 0;
|
|
OpenSSHEd25519KeyPair? keyPair;
|
|
String _output = '';
|
|
String key = '';
|
|
|
|
Future<void> doSSH() async {
|
|
SSHSocket? socket;
|
|
|
|
try {
|
|
socket = await SSHSocket.connect(
|
|
'192.168.2.123',
|
|
22,
|
|
timeout: const Duration(seconds: 0, milliseconds: 500),
|
|
);
|
|
|
|
final client = SSHClient(
|
|
socket,
|
|
username: 'test',
|
|
identities: List.of(keyPair != null ? [keyPair!] : []),
|
|
);
|
|
|
|
final uptime = await client.run('uptime');
|
|
setState(() {
|
|
_output = utf8.decode(uptime);
|
|
});
|
|
} catch (e) {
|
|
setState(() {
|
|
_output = "Error: $e";
|
|
});
|
|
return;
|
|
}
|
|
}
|
|
|
|
Future<void> obtainKeyPair({bool regenerate = false}) async {
|
|
// Generate a key pair
|
|
|
|
final storage = const FlutterSecureStorage();
|
|
final storedKey = await storage.read(key: 'ssh_key_pair');
|
|
|
|
// Restore the key if we have one stored and regeneration is not requested
|
|
if (storedKey != null && !regenerate) {
|
|
// If we have a stored key, use it
|
|
final keyPairsFromStorage = SSHKeyPair.fromPem(storedKey);
|
|
assert(keyPairsFromStorage.length == 1);
|
|
assert(keyPairsFromStorage[0] is OpenSSHEd25519KeyPair);
|
|
|
|
final keyPairFromStorage =
|
|
keyPairsFromStorage[0] as OpenSSHEd25519KeyPair;
|
|
|
|
setState(() {
|
|
keyPair = keyPairFromStorage;
|
|
key = encodePublicKey(keyPairFromStorage, comment: "leinelab-app-key");
|
|
});
|
|
return;
|
|
}
|
|
|
|
final generatedKeyPair =
|
|
await generateKeyPair(); // local variable avoids downcast to ? ptr
|
|
|
|
await storage.write(key: 'ssh_key_pair', value: generatedKeyPair.toPem());
|
|
|
|
setState(() {
|
|
keyPair = generatedKeyPair;
|
|
key = encodePublicKey(generatedKeyPair, comment: "leinelab-app-key");
|
|
});
|
|
|
|
await SystemChannels.platform.invokeMethod<void>(
|
|
'Clipboard.setData',
|
|
<String, dynamic>{'text': key},
|
|
);
|
|
}
|
|
|
|
@override
|
|
void initState() {
|
|
super.initState();
|
|
|
|
// we do not await generateKey() here, as this is the intended way
|
|
obtainKeyPair();
|
|
}
|
|
|
|
@override
|
|
Widget build(BuildContext context) {
|
|
final String outputText = _output.isNotEmpty
|
|
? 'Output: $_output'
|
|
: 'Press the button to run a command.';
|
|
|
|
final authentikApiState = context
|
|
.watch<AuthentikUserSettingsChangeDialogState>();
|
|
|
|
//final userSettingsDialog =
|
|
|
|
final bodyComponentMain = Center(
|
|
child: Column(
|
|
mainAxisAlignment: MainAxisAlignment.center,
|
|
children: <Widget>[
|
|
TextButton(
|
|
onPressed: authentikApiState.start,
|
|
child: Text("Oauth2 Login"),
|
|
),
|
|
Text('Current output:'),
|
|
Consumer(
|
|
builder:
|
|
(
|
|
BuildContext context,
|
|
AuthentikUserSettingsChangeDialogState dialogState,
|
|
Widget? child,
|
|
) {
|
|
return Text(
|
|
dialogState.keysToKeep.isEmpty
|
|
? 'No keys selected to keep.'
|
|
: 'Keys selected to keep: ${dialogState.keysToKeep.join(', ')}',
|
|
);
|
|
},
|
|
),
|
|
Text(outputText, style: Theme.of(context).textTheme.headlineMedium),
|
|
// Generated code for this Text Widget...
|
|
KeepOrDeleteKey(sshKey: "ssh-ed22519 abs csas blabla"),
|
|
KeepOrDeleteKey(sshKey: "ssh-ed22519 abs "),
|
|
],
|
|
),
|
|
);
|
|
|
|
final bodyComponentInfo = Center(
|
|
child: Column(
|
|
mainAxisAlignment: MainAxisAlignment.center,
|
|
children: <Widget>[Center(child: Text('Info\n\n$key'))],
|
|
),
|
|
);
|
|
|
|
final actionButtonMain = FloatingActionButton(
|
|
onPressed: doSSH,
|
|
tooltip: 'Do SSH',
|
|
child: const Icon(Icons.computer),
|
|
);
|
|
|
|
final actionButtonInfo = FloatingActionButton(
|
|
onPressed: () => obtainKeyPair(regenerate: true),
|
|
tooltip: 'Regenerate Key',
|
|
child: const Icon(Icons.refresh),
|
|
);
|
|
|
|
var bodyComponent = bodyComponentMain;
|
|
var actionButton = actionButtonMain;
|
|
|
|
if (navIndex == 0) {
|
|
// Main page
|
|
bodyComponent = bodyComponentMain;
|
|
actionButton = actionButtonMain;
|
|
} else if (navIndex == 1) {
|
|
// Info page
|
|
bodyComponent = bodyComponentInfo;
|
|
actionButton = actionButtonInfo;
|
|
} else {
|
|
throw Exception('Unknown navIndex: $navIndex');
|
|
}
|
|
|
|
final mainPage = Scaffold(
|
|
appBar: AppBar(backgroundColor: Colors.amber, title: Text(widget.title)),
|
|
body: bodyComponent,
|
|
floatingActionButton: actionButton,
|
|
drawer: Drawer(
|
|
child: ListView(
|
|
padding: EdgeInsets.zero,
|
|
children: <Widget>[
|
|
DrawerHeader(
|
|
decoration: BoxDecoration(color: Colors.amber),
|
|
child: Text(
|
|
widget.title,
|
|
style: TextStyle(color: Colors.black, fontSize: 24),
|
|
),
|
|
),
|
|
ListTile(
|
|
title: const Text('Main Page'),
|
|
onTap: () {
|
|
setState(() {
|
|
navIndex = 0;
|
|
});
|
|
Navigator.pop(context);
|
|
},
|
|
),
|
|
ListTile(
|
|
title: const Text('Info Page'),
|
|
onTap: () {
|
|
setState(() {
|
|
navIndex = 1;
|
|
});
|
|
Navigator.pop(context);
|
|
},
|
|
),
|
|
],
|
|
),
|
|
),
|
|
);
|
|
|
|
if (authentikApiState.isClosed()) {
|
|
return mainPage;
|
|
}
|
|
|
|
var title;
|
|
var children = <Widget>[];
|
|
var actions = [
|
|
TextButton(onPressed: authentikApiState.exit, child: Text("Cancel")),
|
|
];
|
|
|
|
switch (authentikApiState.status) {
|
|
case AuthentikUserSettingsChangeDialogStatus.closed:
|
|
return mainPage;
|
|
case AuthentikUserSettingsChangeDialogStatus.waitingForOAuth:
|
|
title = Text("Waiting for OAuth");
|
|
children = [Text("Please complete the OAuth flow in your browser.")];
|
|
case AuthentikUserSettingsChangeDialogStatus.loadingUserSettings:
|
|
title = Text("Loading User Settings");
|
|
children = [Text("Loading...")];
|
|
case AuthentikUserSettingsChangeDialogStatus.userSettingsObtained:
|
|
title = Text("User Settings Obtained");
|
|
children = [Text("You can now edit your user settings.")];
|
|
for (var key in authentikApiState.allKeys) {
|
|
children.add(KeepOrDeleteKey(sshKey: key));
|
|
}
|
|
|
|
actions.add(
|
|
TextButton(
|
|
onPressed: () {
|
|
// Close the dialog and return to the main page
|
|
authentikApiState.save();
|
|
},
|
|
child: Text("Save and Close"),
|
|
),
|
|
);
|
|
case AuthentikUserSettingsChangeDialogStatus.savingUserSettings:
|
|
title = Text("Saving User Settings");
|
|
children = [Text("Saving...")];
|
|
}
|
|
|
|
final dialog = AlertDialog(
|
|
title: title,
|
|
content: Column(children: children),
|
|
actions: actions,
|
|
);
|
|
|
|
return Stack(
|
|
children: [
|
|
mainPage,
|
|
ModalBarrier(dismissible: false, color: Colors.black54),
|
|
dialog,
|
|
],
|
|
);
|
|
}
|
|
}
|
|
|
|
enum AuthentikUserSettingsChangeDialogStatus {
|
|
closed,
|
|
waitingForOAuth,
|
|
loadingUserSettings,
|
|
userSettingsObtained,
|
|
savingUserSettings,
|
|
}
|
|
|
|
class AuthentikUserSettingsChangeDialogState extends ChangeNotifier {
|
|
AuthentikUserSettingsChangeDialogStatus _status =
|
|
AuthentikUserSettingsChangeDialogStatus.closed;
|
|
|
|
oauth2.Client? oauthClient;
|
|
String? sessionCookie;
|
|
Map<String, dynamic>? userSettings;
|
|
HttpServer? server;
|
|
|
|
AuthentikUserSettingsChangeDialogStatus get status => _status;
|
|
|
|
List<String> _allKeys = [];
|
|
List<String> _keysToKeep = [];
|
|
|
|
List<String> get allKeys => _allKeys;
|
|
List<String> get keysToKeep => _keysToKeep;
|
|
|
|
Future<oauth2.Client?> getOAuth2Client() async {
|
|
// This is a placeholder for OAuth2 client initialization.
|
|
// Replace with your actual OAuth2 client setup.
|
|
|
|
final authorizationEndpoint = Uri.parse(
|
|
'https://auth.leinelab.org/application/o/authorize/',
|
|
);
|
|
|
|
final tokenEndpoint = Uri.parse(
|
|
'https://auth.leinelab.org/application/o/token/',
|
|
);
|
|
|
|
final identifier = 'UwSMm8gTwBTUURSaxp5uPpuwX1OkGO4FRHeO9v3i';
|
|
final secret = null; // = 'my client secret';
|
|
|
|
final redirectUrl = Uri.parse('http://localhost:30165/');
|
|
|
|
// final credentialsFile = File('~/.myapp/credentials.json');
|
|
|
|
// //....
|
|
|
|
// var exists = await credentialsFile.exists();
|
|
|
|
// if (exists) {
|
|
// var credentials = oauth2.Credentials.fromJson(
|
|
// await credentialsFile.readAsString(),
|
|
// );
|
|
// return oauth2.Client(credentials, identifier: identifier, secret: secret);
|
|
// }
|
|
|
|
var grant = oauth2.AuthorizationCodeGrant(
|
|
identifier,
|
|
authorizationEndpoint,
|
|
tokenEndpoint,
|
|
secret: secret,
|
|
);
|
|
|
|
var authorizationUrl = grant.getAuthorizationUrl(
|
|
redirectUrl,
|
|
scopes: ["profile", "email", "goauthentik.io/api", "openid"],
|
|
);
|
|
|
|
// TODO: clicking the button twice might try to bind the server twice
|
|
server = await HttpServer.bind("127.0.0.1", 30165);
|
|
|
|
await launchUrl(authorizationUrl);
|
|
|
|
var queryParameters;
|
|
|
|
if (server == null) {
|
|
// exit() might have been called before we arrived here.
|
|
return null;
|
|
}
|
|
|
|
await server!.forEach((HttpRequest request) {
|
|
request.response.write(
|
|
'Success! You can close this window now and go back to the app.',
|
|
);
|
|
queryParameters = request.uri.queryParameters;
|
|
request.response.close();
|
|
server!.close();
|
|
});
|
|
|
|
return await grant.handleAuthorizationResponse(queryParameters);
|
|
}
|
|
|
|
Future<void> start() async {
|
|
// Reset the state to be sure
|
|
oauthClient = null;
|
|
sessionCookie = null;
|
|
userSettings = null;
|
|
|
|
_status = AuthentikUserSettingsChangeDialogStatus.waitingForOAuth;
|
|
notifyListeners();
|
|
|
|
oauthClient = await getOAuth2Client();
|
|
if (isClosed()) {
|
|
// If the dialog was closed before we got the client, exit
|
|
return;
|
|
}
|
|
|
|
sessionCookie = await authentik.getSessionCookie(oauthClient!);
|
|
if (isClosed()) {
|
|
// If the dialog was closed before we got the session cookie, exit
|
|
return;
|
|
}
|
|
|
|
_status = AuthentikUserSettingsChangeDialogStatus.loadingUserSettings;
|
|
notifyListeners();
|
|
|
|
userSettings = await authentik.getUserSettings(
|
|
oauthClient!,
|
|
sessionCookie!,
|
|
);
|
|
|
|
if (isClosed()) {
|
|
// If the dialog was closed before we got the user settings, exit
|
|
return;
|
|
}
|
|
|
|
_status = AuthentikUserSettingsChangeDialogStatus.userSettingsObtained;
|
|
|
|
if (userSettings != null &&
|
|
userSettings!['attributes.sshPublicKeys'] != null) {
|
|
// If we have SSH keys, add them to the list of all keys
|
|
final sshKeysString = userSettings!['attributes.sshPublicKeys'] as String;
|
|
_allKeys = sshKeysString
|
|
.split('\n')
|
|
.where((key) => key.isNotEmpty)
|
|
.toList();
|
|
} else {
|
|
throw Exception(
|
|
"Expected 'attributes.sshPublicKeys' in user settings, but got: $userSettings",
|
|
);
|
|
}
|
|
|
|
notifyListeners();
|
|
}
|
|
|
|
void exit() {
|
|
_status = AuthentikUserSettingsChangeDialogStatus.closed;
|
|
oauthClient = null;
|
|
sessionCookie = null;
|
|
userSettings = null;
|
|
if (server != null) {
|
|
server!.close();
|
|
server = null;
|
|
}
|
|
notifyListeners();
|
|
}
|
|
|
|
bool isClosed() {
|
|
return _status == AuthentikUserSettingsChangeDialogStatus.closed;
|
|
}
|
|
|
|
Future<void> save() async {
|
|
if (isClosed()) {
|
|
return;
|
|
}
|
|
|
|
if (_status !=
|
|
AuthentikUserSettingsChangeDialogStatus.userSettingsObtained) {
|
|
throw Exception("Cannot save, not started or no settings obtained.");
|
|
}
|
|
|
|
userSettings!['attributes.sshPublicKeys'] = _keysToKeep.join('\n');
|
|
|
|
_status = AuthentikUserSettingsChangeDialogStatus.savingUserSettings;
|
|
notifyListeners();
|
|
|
|
await authentik.setUserSettings(
|
|
oauthClient!,
|
|
sessionCookie!,
|
|
userSettings!,
|
|
);
|
|
exit();
|
|
}
|
|
|
|
void keepKey(String key) {
|
|
if (_keysToKeep.contains(key)) {
|
|
// If the key is already in the list, do nothing
|
|
return;
|
|
}
|
|
_keysToKeep.add(key);
|
|
notifyListeners();
|
|
}
|
|
|
|
void selectKeyForDeletion(String key) {
|
|
_keysToKeep.remove(key);
|
|
notifyListeners();
|
|
}
|
|
|
|
bool isKeySelectedToKeep(String key) {
|
|
return _keysToKeep.contains(key);
|
|
}
|
|
|
|
void clearKeys() {
|
|
_keysToKeep.clear();
|
|
notifyListeners();
|
|
}
|
|
|
|
// Future<void> doOAuth1() async {
|
|
// final client = await getOAuth2Client();
|
|
|
|
// // TODO: Handle errors better
|
|
// try {
|
|
// final jsonMe = await client.read(
|
|
// Uri.parse('https://auth.leinelab.org/api/v3/core/users/me/'),
|
|
// );
|
|
|
|
// final me = jsonDecode(jsonMe);
|
|
|
|
// final user = me['user'];
|
|
// final transformed = {
|
|
// "username": user['username'],
|
|
// "name": user['name'],
|
|
// "email": user['email'],
|
|
// "attributes.settings.locale": user['settings']['locale'],
|
|
// "attributes.sshPublicKeys":
|
|
// "foooooooobar :O :O!", // fix oder aus anderer Quelle
|
|
// "component": "ak-stage-prompt",
|
|
// };
|
|
|
|
// print(user);
|
|
// print(transformed);
|
|
// } catch (e) {
|
|
// print(e.toString());
|
|
// }
|
|
// ;
|
|
// }
|
|
}
|
|
|
|
class KeepOrDeleteKey extends StatelessWidget {
|
|
final String sshKey;
|
|
|
|
const KeepOrDeleteKey({super.key, required this.sshKey});
|
|
|
|
@override
|
|
Widget build(BuildContext context) {
|
|
final key = sshKey;
|
|
final isKeySelectedToKeep = context
|
|
.select<AuthentikUserSettingsChangeDialogState, bool>(
|
|
(keylist) => keylist.isKeySelectedToKeep(key),
|
|
);
|
|
|
|
final buttonStyleKeepActive = ButtonStyle(
|
|
backgroundColor: MaterialStateProperty.all(Colors.blue),
|
|
foregroundColor: MaterialStateProperty.all(Colors.white),
|
|
);
|
|
|
|
final buttonStyleDeleteActive = ButtonStyle(
|
|
backgroundColor: MaterialStateProperty.all(Colors.red),
|
|
foregroundColor: MaterialStateProperty.all(Colors.white),
|
|
);
|
|
|
|
ButtonStyle? buttonStyleKeep;
|
|
ButtonStyle? buttonStyleDelete = buttonStyleDeleteActive;
|
|
|
|
if (isKeySelectedToKeep) {
|
|
buttonStyleKeep = buttonStyleKeepActive;
|
|
buttonStyleDelete = null;
|
|
}
|
|
|
|
var title = "Unnamed Key";
|
|
final sshKeySplit = sshKey.split(' ');
|
|
if (sshKeySplit.length >= 3) {
|
|
final potentialTitle = sshKeySplit.sublist(2).join(' ');
|
|
if (potentialTitle != "") {
|
|
title = potentialTitle;
|
|
}
|
|
}
|
|
|
|
return Card(
|
|
margin: EdgeInsets.fromLTRB(20, 20, 20, 0),
|
|
child: Column(
|
|
children: [
|
|
Padding(
|
|
padding: EdgeInsets.all(20),
|
|
child: Text(title, style: TextStyle(fontSize: 25)),
|
|
),
|
|
Padding(
|
|
padding: EdgeInsets.fromLTRB(20, 0, 20, 20),
|
|
child: Text(sshKey, style: TextStyle(fontSize: 15)),
|
|
),
|
|
Padding(
|
|
padding: EdgeInsets.fromLTRB(20, 0, 20, 20),
|
|
child: Row(
|
|
mainAxisAlignment: MainAxisAlignment.spaceAround,
|
|
children: [
|
|
TextButton(
|
|
onPressed: () {
|
|
Provider.of<AuthentikUserSettingsChangeDialogState>(
|
|
context,
|
|
listen: false,
|
|
).selectKeyForDeletion(sshKey);
|
|
},
|
|
style: buttonStyleDelete,
|
|
child: Text('Select for Deletion'),
|
|
),
|
|
TextButton(
|
|
onPressed: () {
|
|
Provider.of<AuthentikUserSettingsChangeDialogState>(
|
|
context,
|
|
listen: false,
|
|
).keepKey(sshKey);
|
|
},
|
|
style: buttonStyleKeep,
|
|
child: Text('Keep Key'),
|
|
),
|
|
],
|
|
),
|
|
),
|
|
],
|
|
),
|
|
);
|
|
}
|
|
}
|