Conflict resolution

2025-12-19 01:33:33 +00:00 · 2024-04-02 17:18:45 +01:00
parent 8a1df6671a
commit 0c0c2039ed
699 changed files with 17230 additions and 8095 deletions
--- a/libs/auth/src/common/login-strategies/password-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/password-login.strategy.ts
@@ -26,6 +26,7 @@ import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/pass
 import { MasterKey } from "@bitwarden/common/types/key";

 import { LoginStrategyServiceAbstraction } from "../abstractions";
+import { InternalUserDecryptionOptionsServiceAbstraction } from "../abstractions/user-decryption-options.service.abstraction";
 import { PasswordLoginCredentials } from "../models/domain/login-credentials";
 import { CacheData } from "../services/login-strategies/login-strategy.state";

@@ -36,15 +37,11 @@ export class PasswordLoginStrategyData implements LoginStrategyData {

  /** User's entered email obtained pre-login. Always present in MP login. */
  userEnteredEmail: string;
-
+  /** If 2fa is required, token is returned to bypass captcha */
  captchaBypassToken?: string;
-  /**
-   * The local version of the user's master key hash
-   */
+  /** The local version of the user's master key hash */
  localMasterKeyHash: string;
-  /**
-   * The user's master key
-   */
+  /** The user's master key */
  masterKey: MasterKey;
  /**
   * Tracks if the user needs to update their password due to
@@ -62,14 +59,12 @@ export class PasswordLoginStrategyData implements LoginStrategyData {
 }

 export class PasswordLoginStrategy extends LoginStrategy {
-  /**
-   * The email address of the user attempting to log in.
-   */
+  /** The email address of the user attempting to log in. */
  email$: Observable<string>;
-  /**
-   * The master key hash of the user attempting to log in.
-   */
-  masterKeyHash$: Observable<string | null>;
+  /** The master key hash used for authentication */
+  serverMasterKeyHash$: Observable<string>;
+  /** The local master key hash we store client side */
+  localMasterKeyHash$: Observable<string | null>;

  protected cache: BehaviorSubject<PasswordLoginStrategyData>;

@@ -84,6 +79,7 @@ export class PasswordLoginStrategy extends LoginStrategy {
    logService: LogService,
    protected stateService: StateService,
    twoFactorService: TwoFactorService,
+    userDecryptionOptionsService: InternalUserDecryptionOptionsServiceAbstraction,
    private passwordStrengthService: PasswordStrengthServiceAbstraction,
    private policyService: PolicyService,
    private loginStrategyService: LoginStrategyServiceAbstraction,
@@ -99,12 +95,16 @@ export class PasswordLoginStrategy extends LoginStrategy {
      logService,
      stateService,
      twoFactorService,
+      userDecryptionOptionsService,
      billingAccountProfileStateService,
    );

    this.cache = new BehaviorSubject(data);
    this.email$ = this.cache.pipe(map((state) => state.tokenRequest.email));
-    this.masterKeyHash$ = this.cache.pipe(map((state) => state.localMasterKeyHash));
+    this.serverMasterKeyHash$ = this.cache.pipe(
+      map((state) => state.tokenRequest.masterPasswordHash),
+    );
+    this.localMasterKeyHash$ = this.cache.pipe(map((state) => state.localMasterKeyHash));
  }

  override async logIn(credentials: PasswordLoginCredentials) {
@@ -120,11 +120,14 @@ export class PasswordLoginStrategy extends LoginStrategy {
      data.masterKey,
      HashPurpose.LocalAuthorization,
    );
-    const masterKeyHash = await this.cryptoService.hashMasterKey(masterPassword, data.masterKey);
+    const serverMasterKeyHash = await this.cryptoService.hashMasterKey(
+      masterPassword,
+      data.masterKey,
+    );

    data.tokenRequest = new PasswordTokenRequest(
      email,
-      masterKeyHash,
+      serverMasterKeyHash,
      captchaToken,
      await this.buildTwoFactor(twoFactor, email),
      await this.buildDeviceRequest(),
@@ -168,10 +171,10 @@ export class PasswordLoginStrategy extends LoginStrategy {
    twoFactor: TokenTwoFactorRequest,
    captchaResponse: string,
  ): Promise<AuthResult> {
-    this.cache.next({
-      ...this.cache.value,
-      captchaBypassToken: captchaResponse ?? this.cache.value.captchaBypassToken,
-    });
+    const data = this.cache.value;
+    data.tokenRequest.captchaResponse = captchaResponse ?? data.captchaBypassToken;
+    this.cache.next(data);
+
    const result = await super.logInTwoFactor(twoFactor);

    // 2FA was successful, save the force update password options with the state service if defined