search

keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
900 stars 37 forks source link

Failed to login using javascript AJAX with crypto_scrypt and CryptoJS #1848

Closed lettergram closed 8 years ago

lettergram commented 9 years ago

I have been trying to login using ajax, but cannot appear to get the correct page. I am receiving a 404. The passphrase I am is correct, and this appears to match issue #1500 

// AJAX login to get private key:                                                          
// Step One: Salt                                                                          
$.ajax({
    async: true,
    type: 'GET',
    url: "https://keybase.io/_/api/1.0/getsalt.json",
    data: {"email_or_username": username},
    success: function(salt) {
        if(salt && salt.status && salt.status.name == "OK"){

            var scrypt = scrypt_module_factory(67108864);
            var pwh = scrypt.crypto_scrypt(scrypt.encode_utf8(user_passphrase),
                                           scrypt.encode_utf8(salt.salt),
                                           Math.pow(2,15), 8, 1, 224).slice(192, 224);

            var login_session = CryptoJS.enc.Base64.parse(salt.login_session);                        
            pwh = CryptoJS.enc.Utf8.parse(pwh);          

            var hmac_pwh = CryptoJS.HmacSHA512(pwh, login_session);
            hmac_pwh = hmac_pwh.toString(CryptoJS.enc.Hex);

            // AJAX login to get private key:                                              
            // Step Two: Login                                                             
            $.ajax({
                async: true,
                type: 'GET',
                url: "https://keybase.io/_/api/1.0/login.json",
                data: {
                    "email_or_username": username,
                    "hmac_pwh": hmac_pwh,
                    "login_session": salt.login_session
                },
                success: function(login) {
                    if(login && login.status && login.status.name == "OK"){
                        console.log("success");
                        console.log(login.me);
                    }else{
                        console.log("failed");
                    }
                },
                error: function (request, status, err) {
                    console.log(err + status);
                }
            });
        }else{
            console.log("failed");
        }
    },
    error: function (request, status, err) {
        console.log(err + status);
    }
});

If there is another solution to obtaining ones private key that would be excellent, but this seems to be the proper choice.

lettergram commented 8 years ago

Can anybody get to this? I really need to know how this works. I've tried a few ways and nothing appears to work.

lettergram commented 8 years ago

I found a solution:

// AJAX login to get private key:
// Step One: Salt
$.ajax({
async: true,
type: 'GET',
url: "https://keybase.io/_/api/1.0/getsalt.json",
async: false,
data: {"email_or_username": username},

success: function(salt) {
    if(salt && salt.status && salt.status.name == "OK"){

    var scrypt = scrypt_module_factory(67108864);
    var pwh = scrypt.crypto_scrypt(scrypt.encode_utf8(user_passphrase),
                                   hex2bin(salt.salt),
                                   Math.pow(2,15), 8, 1, 224).slice(192, 224);

    var login_session = CryptoJS.enc.Base64.parse(salt.login_session);
    var parsed_pwh = CryptoJS.enc.u8array.parse(pwh);
    var hmac_pwh = CryptoJS.HmacSHA512(login_session, parsed_pwh);
    hmac_pwh = CryptoJS.enc.Hex.stringify(hmac_pwh);

    var login_data = {
        email_or_username: username,
        csrf_token: salt.csrf_token,
        hmac_pwh: hmac_pwh,
        login_session: salt.login_session
    };

    // AJAX login to get private key:
    // Step Two: Login
    $.ajax({
        async: false,
        type: 'POST',
        url: "https://keybase.io/_/api/1.0/login.json",
        data: login_data,
        dataType: "json",
        success: function(login) {
        console.log(login);
        if(login && login.status && login.status.name == "OK"){
            console.log("successful login");
            console.log(login.me);
        }else{
            console.log("failed login: " + login.status.name);
        }
        },
        error: function (request, status, err) {
        console.log(err + status);
        }
    });

    }else{
    console.log("failed salt");
    }
},
error: function (request, status, err) {
    console.log(err + status);
}
});