From e7584509c3491b0ec2faf309dd18cd26a972a990 Mon Sep 17 00:00:00 2001
From: Michael Zanetti <michael_zanetti@gmx.net>
Date: Wed, 8 Jan 2020 13:24:12 +0100
Subject: [PATCH] Use a more unique nonce for the remote connection

---
 libnymea-app-core/connection/awsclient.cpp      | 8 +++++---
 libnymea-app-core/connection/awsclient.h        | 2 +-
 libnymea-app-core/connection/cloudtransport.cpp | 6 +++---
 libnymea-app-core/connection/cloudtransport.h   | 2 +-
 4 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/libnymea-app-core/connection/awsclient.cpp b/libnymea-app-core/connection/awsclient.cpp
index 48eedd15..e463252e 100644
--- a/libnymea-app-core/connection/awsclient.cpp
+++ b/libnymea-app-core/connection/awsclient.cpp
@@ -846,7 +846,7 @@ bool AWSClient::tokensExpired() const
     return (m_accessTokenExpiry.addSecs(-10) < QDateTime::currentDateTime()) || (m_sessionTokenExpiry.addSecs(-10) < QDateTime::currentDateTime());
 }
 
-bool AWSClient::postToMQTT(const QString &coreId, const QString &timestamp, QObject* sender, std::function<void (bool)> callback)
+bool AWSClient::postToMQTT(const QString &coreId, const QString &nonce, QObject* sender, std::function<void (bool)> callback)
 {
     if (!isLoggedIn()) {
         qWarning() << "Cannot post to MQTT. Not logged in to AWS";
@@ -855,7 +855,7 @@ bool AWSClient::postToMQTT(const QString &coreId, const QString &timestamp, QObj
     if (tokensExpired()) {
         qDebug() << "Cannot post to MQTT. Need to refresh the tokens first";
         refreshAccessToken();
-        QueuedCall::enqueue(m_callQueue, QueuedCall("postToMQTT", coreId, timestamp, sender, callback));
+        QueuedCall::enqueue(m_callQueue, QueuedCall("postToMQTT", coreId, nonce, sender, callback));
         return true; // So far it looks we're doing ok... let's return true
     }    
     QString topic = QString("%1/%2/proxy").arg(coreId).arg(QString(m_identityId));
@@ -873,7 +873,9 @@ bool AWSClient::postToMQTT(const QString &coreId, const QString &timestamp, QObj
 
     QVariantMap params;
     params.insert("token", m_idToken);
-    params.insert("timestamp", timestamp);
+    params.insert("nonce", nonce);
+    // FIXME: Old (nymea < 0.18) protocol spec had "timestamp" instead of "nonce", keeping it for backwards compatibility for a bit
+    params.insert("timestamp", nonce);
     QByteArray payload = QJsonDocument::fromVariant(params).toJson(QJsonDocument::Compact);
 
 
diff --git a/libnymea-app-core/connection/awsclient.h b/libnymea-app-core/connection/awsclient.h
index e8048ddc..7ebf1404 100644
--- a/libnymea-app-core/connection/awsclient.h
+++ b/libnymea-app-core/connection/awsclient.h
@@ -119,7 +119,7 @@ public:
 
     Q_INVOKABLE void fetchDevices();
 
-    Q_INVOKABLE bool postToMQTT(const QString &coreId, const QString &timestamp, QObject* sender, std::function<void(bool)> callback);
+    Q_INVOKABLE bool postToMQTT(const QString &coreId, const QString &nonce, QObject* sender, std::function<void(bool)> callback);
     Q_INVOKABLE void getId();
 
     Q_INVOKABLE void registerPushNotificationEndpoint(const QString &registrationId, const QString &deviceDisplayName, const QString mobileDeviceId, const QString &mobileDeviceManufacturer, const QString &mobileDeviceModel);
diff --git a/libnymea-app-core/connection/cloudtransport.cpp b/libnymea-app-core/connection/cloudtransport.cpp
index a071e190..68880887 100644
--- a/libnymea-app-core/connection/cloudtransport.cpp
+++ b/libnymea-app-core/connection/cloudtransport.cpp
@@ -30,7 +30,7 @@ CloudTransport::CloudTransport(AWSClient *awsClient, QObject *parent):
 
     QObject::connect(m_remoteproxyConnection, &RemoteProxyConnection::ready, this,[this]() {
         qDebug() << "Proxy ready. Authenticating channel.";
-        m_remoteproxyConnection->authenticate(m_awsClient->idToken(), QString::number(m_timestamp.toMSecsSinceEpoch()));
+        m_remoteproxyConnection->authenticate(m_awsClient->idToken(), m_nonce);
     });
     QObject::connect(m_remoteproxyConnection, &RemoteProxyConnection::dataReady, this, [this](const QByteArray &data) {
         emit dataReady(data);
@@ -52,8 +52,8 @@ bool CloudTransport::connect(const QUrl &url)
     qDebug() << "Connecting to" << url;
     m_url = url;
 
-    m_timestamp = QDateTime::currentDateTime();
-    bool postResult = m_awsClient->postToMQTT(url.host(), QString::number(m_timestamp.toMSecsSinceEpoch()), QPointer<QObject>(this), [this](bool success) {
+    m_nonce = QUuid::createUuid().toString();
+    bool postResult = m_awsClient->postToMQTT(url.host(), m_nonce, QPointer<QObject>(this), [this](bool success) {
         if (success) {
             qDebug() << "MQTT Post done. Connecting to remote proxy";
             m_remoteproxyConnection->connectServer(QUrl("wss://remoteproxy.nymea.io"));
diff --git a/libnymea-app-core/connection/cloudtransport.h b/libnymea-app-core/connection/cloudtransport.h
index 00d09ea9..025e0d3e 100644
--- a/libnymea-app-core/connection/cloudtransport.h
+++ b/libnymea-app-core/connection/cloudtransport.h
@@ -36,7 +36,7 @@ private:
     QUrl m_url;
     AWSClient *m_awsClient = nullptr;
     remoteproxyclient::RemoteProxyConnection *m_remoteproxyConnection = nullptr;
-    QDateTime m_timestamp;
+    QString m_nonce;
 };
 
 #endif // CLOUDTRANSPORT_H