update change password flow

apps/photos/src/pages/change-password/index.tsx

@@ -1,4 +1,4 @@
-import React, { useState, useEffect } from 'react';
+import { useState, useEffect } from 'react';
 import { t } from 'i18next';
 
 import { getData, LS_KEYS, setData } from 'utils/storage/localStorage';
@@ -6,9 +6,12 @@ import { useRouter } from 'next/router';
 import {
     saveKeyInSessionStore,
     generateAndSaveIntermediateKeyAttributes,
+    generateLoginSubKey,
+    generateSRPClient,
+    generateSRPSetupAttributes,
 } from 'utils/crypto';
 import { getActualKey } from 'utils/common/key';
-import { setKeys } from 'services/userService';
+import { startSRPSetup, updateSRPAndKeys } from 'services/userService';
 import SetPasswordForm, {
     SetPasswordFormProps,
 } from 'components/SetPasswordForm';
@@ -22,6 +25,7 @@ import FormPaperFooter from 'components/Form/FormPaper/Footer';
 import FormPaperTitle from 'components/Form/FormPaper/Title';
 import ComlinkCryptoWorker from 'utils/comlink/ComlinkCryptoWorker';
 import { APPS, getAppName } from 'constants/apps';
+import { convertBufferToBase64, convertBase64ToBuffer } from 'utils/user';
 
 export default function ChangePassword() {
     const [token, setToken] = useState<string>();
@@ -65,7 +69,40 @@ export default function ChangePassword() {
             memLimit: kek.memLimit,
         };
 
-        await setKeys(token, updatedKey);
+        const loginSubKey = await generateLoginSubKey(
+            passphrase,
+            updatedKey.kekSalt,
+            updatedKey.opsLimit,
+            updatedKey.memLimit
+        );
+
+        const { srpUserID, srpSalt, srpVerifier } =
+            await generateSRPSetupAttributes(loginSubKey);
+
+        const srpClient = await generateSRPClient(
+            srpSalt,
+            srpUserID,
+            loginSubKey
+        );
+
+        const srpA = convertBufferToBase64(srpClient.computeA());
+
+        const { setupID, srpB } = await startSRPSetup(token, {
+            srpUserID,
+            srpSalt,
+            srpVerifier,
+            srpA,
+        });
+
+        srpClient.setB(convertBase64ToBuffer(srpB));
+
+        const srpM1 = convertBufferToBase64(srpClient.computeM1());
+
+        await updateSRPAndKeys(token, {
+            setupID,
+            srpM1,
+            updatedKeyAttr: updatedKey,
+        });
 
         const updatedKeyAttributes = Object.assign(keyAttributes, updatedKey);
         await generateAndSaveIntermediateKeyAttributes(

apps/photos/src/pages/credentials/index.tsx

@@ -97,7 +97,6 @@ export default function Credentials() {
                 const srpSetupAttributes = await generateSRPSetupAttributes(
                     loginSubKey
                 );
-                // we don't have access to kek here, so we will have to re-derive it from the passphrase
                 await configureSRP(srpSetupAttributes);
             }
 

apps/photos/src/services/userService.ts

@@ -15,7 +15,6 @@ import { logError } from 'utils/sentry';
 import { eventBus, Events } from './events';
 import {
     KeyAttributes,
-    UpdatedKey,
     RecoveryKey,
     TwoFactorSecret,
     TwoFactorVerificationResponse,
@@ -32,6 +31,8 @@ import {
     CompleteSRPSetupResponse,
     SRPSetupAttributes,
     SRPAttributes,
+    UpdateSRPAndKeysRequest,
+    UpdateSRPAndKeysResponse,
 } from 'types/user';
 import { ServerErrorCodes } from 'utils/error';
 import isElectron from 'is-electron';
@@ -128,10 +129,20 @@ export const putAttributes = (token: string, keyAttributes: KeyAttributes) =>
         'X-Auth-Token': token,
     });
 
-export const setKeys = (token: string, updatedKey: UpdatedKey) =>
-    HTTPService.put(`${ENDPOINT}/users/keys`, updatedKey, null, {
-        'X-Auth-Token': token,
-    });
+export const updateSRPAndKeys = async (
+    token: string,
+    updateSRPAndKeyRequest: UpdateSRPAndKeysRequest
+): Promise<UpdateSRPAndKeysResponse> => {
+    const resp = await HTTPService.post(
+        `${ENDPOINT}/users/srp/update`,
+        updateSRPAndKeyRequest,
+        null,
+        {
+            'X-Auth-Token': token,
+        }
+    );
+    return resp.data as UpdateSRPAndKeysResponse;
+};
 
 export const setRecoveryKey = (token: string, recoveryKey: RecoveryKey) =>
     HTTPService.put(`${ENDPOINT}/users/recovery-key`, recoveryKey, null, {

apps/photos/src/types/user/index.ts

@@ -27,6 +27,18 @@ export interface UpdatedKey {
     memLimit: number;
     opsLimit: number;
 }
+
+export interface UpdateSRPAndKeysRequest {
+    srpM1: string;
+    setupID: string;
+    updatedKeyAttr: UpdatedKey;
+}
+
+export interface UpdateSRPAndKeysResponse {
+    srpM2: string;
+    setupID: string;
+}
+
 export interface RecoveryKey {
     masterKeyEncryptedWithRecoveryKey: string;
     masterKeyDecryptionNonce: string;