bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-18 01:03:35 +00:00
Code Issues Releases Wiki Activity

soft locking with protected pin

Browse Source
This commit is contained in:
Kyle Spearrin
2019-02-13 21:36:36 -05:00
parent 76c53bc641
commit 0bdbfd7984
6 changed files with 79 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/angular/components/lock.component.ts
View File

@@ -25,6 +25,7 @@ export class LockComponent implements OnInit {
protected onSuccessfulSubmit: () => void;
private invalidPinAttempts = 0;
private pinSet: [boolean, boolean];
constructor(protected router: Router, protected i18nService: I18nService,
protected platformUtilsService: PlatformUtilsService, protected messagingService: MessagingService,
@@ -32,7 +33,9 @@ export class LockComponent implements OnInit {
protected storageService: StorageService, protected lockService: LockService) { }
async ngOnInit() {
this.pinLock = await this.lockService.isPinLockSet();
this.pinSet = await this.lockService.isPinLockSet();
const hasKey = await this.cryptoService.hasKey();
this.pinLock = (this.pinSet[0] && hasKey) || this.pinSet[1];
this.email = await this.userService.getEmail();
}
@@ -52,13 +55,25 @@ export class LockComponent implements OnInit {
const kdfIterations = await this.userService.getKdfIterations();
if (this.pinLock) {
const pinProtectedKey = await this.storageService.get<string>(ConstantsService.pinProtectedKey);
let failed = true;
try {
const protectedKeyCs = new CipherString(pinProtectedKey);
const pinKey = await this.cryptoService.makePinKey(this.pin, this.email, kdf, kdfIterations);
const decKey = await this.cryptoService.decryptToBytes(protectedKeyCs, pinKey);
await this.setKeyAndContinue(new SymmetricCryptoKey(decKey));
} catch {
if (this.pinSet[0]) {
const protectedPin = await this.storageService.get<string>(ConstantsService.protectedPin);
const decPin = await this.cryptoService.decryptToUtf8(new CipherString(protectedPin));
this.lockService.pinLocked = false;
failed = decPin !== this.pin;
this.doContinue();
} else {
const pinProtectedKey = await this.storageService.get<string>(ConstantsService.pinProtectedKey);
const protectedKeyCs = new CipherString(pinProtectedKey);
const pinKey = await this.cryptoService.makePinKey(this.pin, this.email, kdf, kdfIterations);
const decKey = await this.cryptoService.decryptToBytes(protectedKeyCs, pinKey);
failed = false;
await this.setKeyAndContinue(new SymmetricCryptoKey(decKey));
}
} catch { }
if (failed) {
this.invalidPinAttempts++;
if (this.invalidPinAttempts >= 5) {
this.messagingService.send('logout');
@@ -97,6 +112,10 @@ export class LockComponent implements OnInit {
private async setKeyAndContinue(key: SymmetricCryptoKey) {
await this.cryptoService.setKey(key);
this.doContinue();
}
private doContinue() {
this.messagingService.send('unlocked');
if (this.onSuccessfulSubmit != null) {
this.onSuccessfulSubmit();

8
src/angular/services/auth-guard.service.ts
View File

@@ -4,13 +4,13 @@ import {
Router,
} from '@angular/router';
import { CryptoService } from '../../abstractions/crypto.service';
import { LockService } from '../../abstractions/lock.service';
import { MessagingService } from '../../abstractions/messaging.service';
import { UserService } from '../../abstractions/user.service';
@Injectable()
export class AuthGuardService implements CanActivate {
constructor(private cryptoService: CryptoService, private userService: UserService, private router: Router,
constructor(private lockService: LockService, private userService: UserService, private router: Router,
private messagingService: MessagingService) { }
async canActivate() {
@@ -20,8 +20,8 @@ export class AuthGuardService implements CanActivate {
return false;
}
const hasKey = await this.cryptoService.hasKey();
if (!hasKey) {
const locked = await this.lockService.isLocked();
if (locked) {
this.router.navigate(['lock']);
return false;
}