diff --git a/api/views.py b/api/views.py index 446389b0..3a8ab65a 100644 --- a/api/views.py +++ b/api/views.py @@ -635,14 +635,14 @@ class UserView(APIView): encrypted_private_key = serializer.data.get("encrypted_private_key") ref_code = serializer.data.get("ref_code") - valid, bad_keys_context, public_key, encrypted_private_key = Logics.validate_pgp_keys(public_key, encrypted_private_key) - if not valid: - return Response(bad_keys_context, status.HTTP_400_BAD_REQUEST) - if not public_key or not encrypted_private_key: context["bad_request"] = "Must provide valid 'pub' and 'enc_priv' PGP keys" return Response(context, status.HTTP_400_BAD_REQUEST) + valid, bad_keys_context, public_key, encrypted_private_key = Logics.validate_pgp_keys(public_key, encrypted_private_key) + if not valid: + return Response(bad_keys_context, status.HTTP_400_BAD_REQUEST) + # Now the server only receives a hash of the token. So server trusts the client # with computing length, counts and unique_values to confirm the high entropy of the token # In any case, it is up to the client if they want to create a bad high entropy token. @@ -698,8 +698,13 @@ class UserView(APIView): context['referral_code'] = token_urlsafe(8) user.profile.referral_code = context['referral_code'] user.profile.avatar = "static/assets/avatars/" + nickname + ".png" - user.profile.public_key = public_key - user.profile.encrypted_private_key = encrypted_private_key + + # Noticed some PGP keys replaced at re-login. Should not happen. + # Let's implement this sanity check "If profile has not keys..." + if not user.profile.public_key: + user.profile.public_key = public_key + if not user.profile.encrypted_private_key: + user.profile.encrypted_private_key = encrypted_private_key # If the ref_code was created by another robot, this robot was referred. queryset = Profile.objects.filter(referral_code=ref_code) @@ -805,10 +810,7 @@ class BookView(ListAPIView): order) data["maker_status"] = Logics.user_activity_status( order.maker_last_seen) - for key in ( - "status", - "taker", - ): # Non participants should not see the status or who is the taker + for key in ("status","taker"): # Non participants should not see the status or who is the taker del data[key] book_data.append(data) diff --git a/chat/consumers.py b/chat/consumers.py index 80b5bad4..a04b76be 100644 --- a/chat/consumers.py +++ b/chat/consumers.py @@ -11,9 +11,15 @@ class ChatRoomConsumer(AsyncWebsocketConsumer): @database_sync_to_async def allow_in_chatroom(self): order = Order.objects.get(id=self.order_id) + + if not order.status in [Order.Status.CCA, Order.Status.FSE]: + print("Order not in chat status") + return False + if not (order.maker == self.user or order.taker == self.user): print("Not allowed in this chat") return False + return True @database_sync_to_async @@ -165,21 +171,6 @@ class ChatRoomConsumer(AsyncWebsocketConsumer): }, ) - # If there is any stored message, serve them. - msgs = await self.get_all_PGP_messages() - for msg in msgs: - await self.channel_layer.group_send( - self.room_group_name, - { - "type": "PGP_message", - "index": msg['index'], - "time": msg['time'], - "message": msg['message'], - "nick": msg['nick'], - "peer_connected": None, - }, - ) - async def disconnect(self, close_code): await self.save_disconnect_user() await self.channel_layer.group_discard(self.room_group_name, @@ -198,7 +189,7 @@ class ChatRoomConsumer(AsyncWebsocketConsumer): text_data_json = json.loads(text_data) message = text_data_json["message"] peer_connected = await self.is_peer_connected() - + # Encrypted messages are stored. They are served later when a user reconnects. if message[0:27] == '-----BEGIN PGP MESSAGE-----': # save to database @@ -219,7 +210,23 @@ class ChatRoomConsumer(AsyncWebsocketConsumer): "peer_connected": peer_connected, }, ) - + + # Encrypted messages are served when the user requests them + elif message[0:23] == '-----SERVE HISTORY-----': + # If there is any stored message, serve them. + msgs = await self.get_all_PGP_messages() + for msg in msgs: + await self.channel_layer.group_send( + self.room_group_name, + { + "type": "PGP_message", + "index": msg['index'], + "time": msg['time'], + "message": msg['message'], + "nick": msg['nick'], + "peer_connected": None, + }, + ) else: await self.channel_layer.group_send( self.room_group_name, diff --git a/chat/models.py b/chat/models.py index a1f07f09..5e637ba9 100644 --- a/chat/models.py +++ b/chat/models.py @@ -44,7 +44,7 @@ class ChatRoom(models.Model): ) def __str__(self): - return f"Chat:{str(self.order.id)}" + return f"Chat:{str(self.id)}" class Message(models.Model): class Meta: @@ -85,4 +85,4 @@ class Message(models.Model): created_at = models.DateTimeField(default=timezone.now) def __str__(self): - return f"Chat:{str(self.order.id)} - Idx:{self.index}" + return f"Chat:{str(self.chatroom.id)} - Idx:{self.index}"