mirror of
https://github.com/bitwarden/browser
synced 2025-12-18 09:13:33 +00:00
[deps] Autofill: Update prettier to v3 (#7014)
* [deps] Autofill: Update prettier to v3 * prettier formatting updates --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jonathan Prusik <jprusik@classynemesis.com>
This commit is contained in:
renovate[bot]
GitHub
@@ -4,21 +4,21 @@ import { AuthRequestResponse } from "../models/response/auth-request.response";
|
||||
export abstract class AuthRequestCryptoServiceAbstraction {
|
||||
setUserKeyAfterDecryptingSharedUserKey: (
|
||||
authReqResponse: AuthRequestResponse,
|
||||
authReqPrivateKey: ArrayBuffer
|
||||
authReqPrivateKey: ArrayBuffer,
|
||||
) => Promise<void>;
|
||||
setKeysAfterDecryptingSharedMasterKeyAndHash: (
|
||||
authReqResponse: AuthRequestResponse,
|
||||
authReqPrivateKey: ArrayBuffer
|
||||
authReqPrivateKey: ArrayBuffer,
|
||||
) => Promise<void>;
|
||||
|
||||
decryptPubKeyEncryptedUserKey: (
|
||||
pubKeyEncryptedUserKey: string,
|
||||
privateKey: ArrayBuffer
|
||||
privateKey: ArrayBuffer,
|
||||
) => Promise<UserKey>;
|
||||
|
||||
decryptPubKeyEncryptedMasterKeyAndHash: (
|
||||
pubKeyEncryptedMasterKey: string,
|
||||
pubKeyEncryptedMasterKeyHash: string,
|
||||
privateKey: ArrayBuffer
|
||||
privateKey: ArrayBuffer,
|
||||
) => Promise<{ masterKey: MasterKey; masterKeyHash: string }>;
|
||||
}
|
||||
|
||||
@@ -27,11 +27,11 @@ export abstract class AuthService {
|
||||
| PasswordLoginCredentials
|
||||
| SsoLoginCredentials
|
||||
| AuthRequestLoginCredentials
|
||||
| WebAuthnLoginCredentials
|
||||
| WebAuthnLoginCredentials,
|
||||
) => Promise<AuthResult>;
|
||||
logInTwoFactor: (
|
||||
twoFactor: TokenTwoFactorRequest,
|
||||
captchaResponse: string
|
||||
captchaResponse: string,
|
||||
) => Promise<AuthResult>;
|
||||
logOut: (callback: () => void) => void;
|
||||
makePreloginKey: (masterPassword: string, email: string) => Promise<MasterKey>;
|
||||
@@ -44,7 +44,7 @@ export abstract class AuthService {
|
||||
passwordlessLogin: (
|
||||
id: string,
|
||||
key: string,
|
||||
requestApproved: boolean
|
||||
requestApproved: boolean,
|
||||
) => Promise<AuthRequestResponse>;
|
||||
getPushNotificationObs$: () => Observable<any>;
|
||||
}
|
||||
|
||||
@@ -17,7 +17,7 @@ export abstract class DeviceTrustCryptoServiceAbstraction {
|
||||
decryptUserKeyWithDeviceKey: (
|
||||
encryptedDevicePrivateKey: EncString,
|
||||
encryptedUserKey: EncString,
|
||||
deviceKey?: DeviceKey
|
||||
deviceKey?: DeviceKey,
|
||||
) => Promise<UserKey | null>;
|
||||
rotateDevicesTrust: (newUserKey: UserKey, masterPasswordHash: string) => Promise<void>;
|
||||
|
||||
|
||||
@@ -15,13 +15,13 @@ export abstract class DevicesApiServiceAbstraction {
|
||||
deviceIdentifier: string,
|
||||
devicePublicKeyEncryptedUserKey: string,
|
||||
userKeyEncryptedDevicePublicKey: string,
|
||||
deviceKeyEncryptedDevicePrivateKey: string
|
||||
deviceKeyEncryptedDevicePrivateKey: string,
|
||||
) => Promise<DeviceResponse>;
|
||||
|
||||
updateTrust: (updateDevicesTrustRequestModel: UpdateDevicesTrustRequest) => Promise<void>;
|
||||
|
||||
getDeviceKeys: (
|
||||
deviceIdentifier: string,
|
||||
secretVerificationRequest: SecretVerificationRequest
|
||||
secretVerificationRequest: SecretVerificationRequest,
|
||||
) => Promise<ProtectedDeviceResponse>;
|
||||
}
|
||||
|
||||
@@ -10,6 +10,6 @@ export abstract class DevicesServiceAbstraction {
|
||||
deviceIdentifier: string,
|
||||
devicePublicKeyEncryptedUserKey: string,
|
||||
userKeyEncryptedDevicePublicKey: string,
|
||||
deviceKeyEncryptedDevicePrivateKey: string
|
||||
deviceKeyEncryptedDevicePrivateKey: string,
|
||||
) => Observable<DeviceView>;
|
||||
}
|
||||
|
||||
@@ -9,7 +9,7 @@ export abstract class KeyConnectorService {
|
||||
userNeedsMigration: () => Promise<boolean>;
|
||||
convertNewSsoUserToKeyConnector: (
|
||||
tokenResponse: IdentityTokenResponse,
|
||||
orgId: string
|
||||
orgId: string,
|
||||
) => Promise<void>;
|
||||
setUsesKeyConnector: (enabled: boolean) => Promise<void>;
|
||||
setConvertAccountRequired: (status: boolean) => Promise<void>;
|
||||
|
||||
@@ -4,7 +4,7 @@ export abstract class TokenService {
|
||||
setTokens: (
|
||||
accessToken: string,
|
||||
refreshToken: string,
|
||||
clientIdClientSecret: [string, string]
|
||||
clientIdClientSecret: [string, string],
|
||||
) => Promise<any>;
|
||||
setToken: (token: string) => Promise<any>;
|
||||
getToken: () => Promise<string>;
|
||||
|
||||
@@ -5,7 +5,7 @@ export abstract class UserVerificationService {
|
||||
buildRequest: <T extends SecretVerificationRequest>(
|
||||
verification: Verification,
|
||||
requestClass?: new () => T,
|
||||
alreadyHashed?: boolean
|
||||
alreadyHashed?: boolean,
|
||||
) => Promise<T>;
|
||||
verifyUser: (verification: Verification) => Promise<boolean>;
|
||||
requestOTP: () => Promise<void>;
|
||||
|
||||
@@ -33,7 +33,7 @@ export abstract class WebAuthnLoginServiceAbstraction {
|
||||
* If the assertion is not successfully obtained, it returns undefined.
|
||||
*/
|
||||
assertCredential: (
|
||||
credentialAssertionOptions: WebAuthnLoginCredentialAssertionOptionsView
|
||||
credentialAssertionOptions: WebAuthnLoginCredentialAssertionOptionsView,
|
||||
) => Promise<WebAuthnLoginCredentialAssertionView | undefined>;
|
||||
|
||||
/**
|
||||
|
||||
@@ -9,7 +9,7 @@ export class CaptchaIFrame extends IFrameComponent {
|
||||
private i18nService: I18nService,
|
||||
successCallback: (message: string) => any,
|
||||
errorCallback: (message: string) => any,
|
||||
infoCallback: (message: string) => any
|
||||
infoCallback: (message: string) => any,
|
||||
) {
|
||||
super(
|
||||
win,
|
||||
@@ -26,13 +26,13 @@ export class CaptchaIFrame extends IFrameComponent {
|
||||
} else {
|
||||
infoCallback(parsedMessage);
|
||||
}
|
||||
}
|
||||
},
|
||||
);
|
||||
}
|
||||
|
||||
init(siteKey: string): void {
|
||||
super.initComponent(
|
||||
this.createParams({ siteKey: siteKey, locale: this.i18nService.translationLocale }, 1)
|
||||
this.createParams({ siteKey: siteKey, locale: this.i18nService.translationLocale }, 1),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ export abstract class IFrameComponent {
|
||||
private iframeId: string,
|
||||
public successCallback?: (message: string) => any,
|
||||
public errorCallback?: (message: string) => any,
|
||||
public infoCallback?: (message: string) => any
|
||||
public infoCallback?: (message: string) => any,
|
||||
) {
|
||||
this.connectorLink = win.document.createElement("a");
|
||||
}
|
||||
@@ -35,7 +35,7 @@ export abstract class IFrameComponent {
|
||||
return btoa(
|
||||
encodeURIComponent(str).replace(/%([0-9A-F]{2})/g, (match, p1) => {
|
||||
return String.fromCharCode(("0x" + p1) as any);
|
||||
})
|
||||
}),
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@@ -45,7 +45,7 @@ describe("AuthRequestLoginStrategy", () => {
|
||||
const accessCode = "ACCESS_CODE";
|
||||
const authRequestId = "AUTH_REQUEST_ID";
|
||||
const decMasterKey = new SymmetricCryptoKey(
|
||||
new Uint8Array(64).buffer as CsprngArray
|
||||
new Uint8Array(64).buffer as CsprngArray,
|
||||
) as MasterKey;
|
||||
const decUserKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as UserKey;
|
||||
const decMasterKeyHash = "LOCAL_PASSWORD_HASH";
|
||||
@@ -76,7 +76,7 @@ describe("AuthRequestLoginStrategy", () => {
|
||||
logService,
|
||||
stateService,
|
||||
twoFactorService,
|
||||
deviceTrustCryptoService
|
||||
deviceTrustCryptoService,
|
||||
);
|
||||
|
||||
tokenResponse = identityTokenResponseFactory();
|
||||
@@ -90,7 +90,7 @@ describe("AuthRequestLoginStrategy", () => {
|
||||
authRequestId,
|
||||
null,
|
||||
decMasterKey,
|
||||
decMasterKeyHash
|
||||
decMasterKeyHash,
|
||||
);
|
||||
|
||||
const masterKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as MasterKey;
|
||||
@@ -117,7 +117,7 @@ describe("AuthRequestLoginStrategy", () => {
|
||||
authRequestId,
|
||||
decUserKey, // Pass userKey
|
||||
null, // No masterKey
|
||||
null // No masterKeyHash
|
||||
null, // No masterKeyHash
|
||||
);
|
||||
|
||||
// Call logIn
|
||||
|
||||
@@ -42,7 +42,7 @@ export class AuthRequestLoginStrategy extends LoginStrategy {
|
||||
logService: LogService,
|
||||
stateService: StateService,
|
||||
twoFactorService: TwoFactorService,
|
||||
private deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction
|
||||
private deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
|
||||
) {
|
||||
super(
|
||||
cryptoService,
|
||||
@@ -53,7 +53,7 @@ export class AuthRequestLoginStrategy extends LoginStrategy {
|
||||
messagingService,
|
||||
logService,
|
||||
stateService,
|
||||
twoFactorService
|
||||
twoFactorService,
|
||||
);
|
||||
}
|
||||
|
||||
@@ -65,7 +65,7 @@ export class AuthRequestLoginStrategy extends LoginStrategy {
|
||||
credentials.accessCode,
|
||||
null,
|
||||
await this.buildTwoFactor(credentials.twoFactor),
|
||||
await this.buildDeviceRequest()
|
||||
await this.buildDeviceRequest(),
|
||||
);
|
||||
|
||||
this.tokenRequest.setAuthRequestAccessCode(credentials.authRequestId);
|
||||
@@ -75,7 +75,7 @@ export class AuthRequestLoginStrategy extends LoginStrategy {
|
||||
|
||||
override async logInTwoFactor(
|
||||
twoFactor: TokenTwoFactorRequest,
|
||||
captchaResponse: string
|
||||
captchaResponse: string,
|
||||
): Promise<AuthResult> {
|
||||
this.tokenRequest.captchaResponse = captchaResponse ?? this.captchaBypassToken;
|
||||
return super.logInTwoFactor(twoFactor);
|
||||
@@ -115,7 +115,7 @@ export class AuthRequestLoginStrategy extends LoginStrategy {
|
||||
|
||||
protected override async setPrivateKey(response: IdentityTokenResponse): Promise<void> {
|
||||
await this.cryptoService.setPrivateKey(
|
||||
response.privateKey ?? (await this.createKeyPairForOldAccount())
|
||||
response.privateKey ?? (await this.createKeyPairForOldAccount()),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -76,7 +76,7 @@ const twoFactorRemember = true;
|
||||
|
||||
export function identityTokenResponseFactory(
|
||||
masterPasswordPolicyResponse: MasterPasswordPolicyResponse = null,
|
||||
userDecryptionOptions: IUserDecryptionOptionsServerResponse = null
|
||||
userDecryptionOptions: IUserDecryptionOptionsServerResponse = null,
|
||||
) {
|
||||
return new IdentityTokenResponse({
|
||||
ForcePasswordReset: false,
|
||||
@@ -143,7 +143,7 @@ describe("LoginStrategy", () => {
|
||||
twoFactorService,
|
||||
passwordStrengthService,
|
||||
policyService,
|
||||
authService
|
||||
authService,
|
||||
);
|
||||
credentials = new PasswordLoginCredentials(email, masterPassword);
|
||||
});
|
||||
@@ -156,10 +156,10 @@ describe("LoginStrategy", () => {
|
||||
|
||||
beforeEach(() => {
|
||||
userKey = new SymmetricCryptoKey(
|
||||
new Uint8Array(userKeyBytesLength).buffer as CsprngArray
|
||||
new Uint8Array(userKeyBytesLength).buffer as CsprngArray,
|
||||
) as UserKey;
|
||||
masterKey = new SymmetricCryptoKey(
|
||||
new Uint8Array(masterKeyBytesLength).buffer as CsprngArray
|
||||
new Uint8Array(masterKeyBytesLength).buffer as CsprngArray,
|
||||
) as MasterKey;
|
||||
});
|
||||
|
||||
@@ -191,7 +191,7 @@ describe("LoginStrategy", () => {
|
||||
},
|
||||
keys: new AccountKeys(),
|
||||
decryptionOptions: AccountDecryptionOptions.fromResponse(idTokenResponse),
|
||||
})
|
||||
}),
|
||||
);
|
||||
expect(messagingService.send).toHaveBeenCalledWith("loggedIn");
|
||||
});
|
||||
@@ -202,7 +202,7 @@ describe("LoginStrategy", () => {
|
||||
apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
|
||||
|
||||
const deviceKey = new SymmetricCryptoKey(
|
||||
new Uint8Array(userKeyBytesLength).buffer as CsprngArray
|
||||
new Uint8Array(userKeyBytesLength).buffer as CsprngArray,
|
||||
) as DeviceKey;
|
||||
|
||||
stateService.getDeviceKey.mockResolvedValue(deviceKey);
|
||||
@@ -215,7 +215,7 @@ describe("LoginStrategy", () => {
|
||||
|
||||
// Assert
|
||||
expect(stateService.addAccount).toHaveBeenCalledWith(
|
||||
expect.objectContaining({ keys: accountKeys })
|
||||
expect.objectContaining({ keys: accountKeys }),
|
||||
);
|
||||
});
|
||||
|
||||
@@ -273,7 +273,7 @@ describe("LoginStrategy", () => {
|
||||
expect(cryptoService.setUserKey).toHaveBeenCalled();
|
||||
expect(cryptoService.makeKeyPair).toHaveBeenCalled();
|
||||
expect(cryptoService.setUserKey.mock.invocationCallOrder[0]).toBeLessThan(
|
||||
cryptoService.makeKeyPair.mock.invocationCallOrder[0]
|
||||
cryptoService.makeKeyPair.mock.invocationCallOrder[0],
|
||||
);
|
||||
|
||||
expect(apiService.postAccountKeys).toHaveBeenCalled();
|
||||
@@ -352,7 +352,7 @@ describe("LoginStrategy", () => {
|
||||
token: twoFactorToken,
|
||||
remember: false,
|
||||
} as TokenTwoFactorRequest,
|
||||
})
|
||||
}),
|
||||
);
|
||||
});
|
||||
|
||||
@@ -362,7 +362,7 @@ describe("LoginStrategy", () => {
|
||||
credentials.twoFactor = new TokenTwoFactorRequest(
|
||||
twoFactorProviderType,
|
||||
twoFactorToken,
|
||||
twoFactorRemember
|
||||
twoFactorRemember,
|
||||
);
|
||||
|
||||
await passwordLoginStrategy.logIn(credentials);
|
||||
@@ -374,7 +374,7 @@ describe("LoginStrategy", () => {
|
||||
token: twoFactorToken,
|
||||
remember: twoFactorRemember,
|
||||
} as TokenTwoFactorRequest,
|
||||
})
|
||||
}),
|
||||
);
|
||||
});
|
||||
|
||||
@@ -384,14 +384,14 @@ describe("LoginStrategy", () => {
|
||||
email,
|
||||
masterPasswordHash,
|
||||
null,
|
||||
null
|
||||
null,
|
||||
);
|
||||
|
||||
apiService.postIdentityToken.mockResolvedValue(identityTokenResponseFactory());
|
||||
|
||||
await passwordLoginStrategy.logInTwoFactor(
|
||||
new TokenTwoFactorRequest(twoFactorProviderType, twoFactorToken, twoFactorRemember),
|
||||
null
|
||||
null,
|
||||
);
|
||||
|
||||
expect(apiService.postIdentityToken).toHaveBeenCalledWith(
|
||||
@@ -401,7 +401,7 @@ describe("LoginStrategy", () => {
|
||||
token: twoFactorToken,
|
||||
remember: twoFactorRemember,
|
||||
} as TokenTwoFactorRequest,
|
||||
})
|
||||
}),
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -55,7 +55,7 @@ export abstract class LoginStrategy {
|
||||
protected messagingService: MessagingService,
|
||||
protected logService: LogService,
|
||||
protected stateService: StateService,
|
||||
protected twoFactorService: TwoFactorService
|
||||
protected twoFactorService: TwoFactorService,
|
||||
) {}
|
||||
|
||||
abstract logIn(
|
||||
@@ -64,12 +64,12 @@ export abstract class LoginStrategy {
|
||||
| PasswordLoginCredentials
|
||||
| SsoLoginCredentials
|
||||
| AuthRequestLoginCredentials
|
||||
| WebAuthnLoginCredentials
|
||||
| WebAuthnLoginCredentials,
|
||||
): Promise<AuthResult>;
|
||||
|
||||
async logInTwoFactor(
|
||||
twoFactor: TokenTwoFactorRequest,
|
||||
captchaResponse: string = null
|
||||
captchaResponse: string = null,
|
||||
): Promise<AuthResult> {
|
||||
this.tokenRequest.setTwoFactor(twoFactor);
|
||||
const [authResult] = await this.startLogIn();
|
||||
@@ -153,7 +153,7 @@ export abstract class LoginStrategy {
|
||||
keys: accountKeys,
|
||||
decryptionOptions: AccountDecryptionOptions.fromResponse(tokenResponse),
|
||||
adminAuthRequest: adminAuthRequest?.toJSON(),
|
||||
})
|
||||
}),
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@@ -39,8 +39,8 @@ const hashedPassword = "HASHED_PASSWORD";
|
||||
const localHashedPassword = "LOCAL_HASHED_PASSWORD";
|
||||
const masterKey = new SymmetricCryptoKey(
|
||||
Utils.fromB64ToArray(
|
||||
"N2KWjlLpfi5uHjv+YcfUKIpZ1l+W+6HRensmIqD+BFYBf6N/dvFpJfWwYnVBdgFCK2tJTAIMLhqzIQQEUmGFgg=="
|
||||
)
|
||||
"N2KWjlLpfi5uHjv+YcfUKIpZ1l+W+6HRensmIqD+BFYBf6N/dvFpJfWwYnVBdgFCK2tJTAIMLhqzIQQEUmGFgg==",
|
||||
),
|
||||
) as MasterKey;
|
||||
const deviceId = Utils.newGuid();
|
||||
const masterPasswordPolicy = new MasterPasswordPolicyResponse({
|
||||
@@ -106,7 +106,7 @@ describe("PasswordLoginStrategy", () => {
|
||||
twoFactorService,
|
||||
passwordStrengthService,
|
||||
policyService,
|
||||
authService
|
||||
authService,
|
||||
);
|
||||
credentials = new PasswordLoginCredentials(email, masterPassword);
|
||||
tokenResponse = identityTokenResponseFactory(masterPasswordPolicy);
|
||||
@@ -129,7 +129,7 @@ describe("PasswordLoginStrategy", () => {
|
||||
token: null,
|
||||
}),
|
||||
captchaResponse: undefined,
|
||||
})
|
||||
}),
|
||||
);
|
||||
});
|
||||
|
||||
@@ -175,7 +175,7 @@ describe("PasswordLoginStrategy", () => {
|
||||
|
||||
expect(policyService.evaluateMasterPassword).toHaveBeenCalled();
|
||||
expect(stateService.setForceSetPasswordReason).toHaveBeenCalledWith(
|
||||
ForceSetPasswordReason.WeakMasterPassword
|
||||
ForceSetPasswordReason.WeakMasterPassword,
|
||||
);
|
||||
expect(result.forcePasswordReset).toEqual(ForceSetPasswordReason.WeakMasterPassword);
|
||||
});
|
||||
@@ -198,7 +198,7 @@ describe("PasswordLoginStrategy", () => {
|
||||
|
||||
// Second login request succeeds
|
||||
apiService.postIdentityToken.mockResolvedValueOnce(
|
||||
identityTokenResponseFactory(masterPasswordPolicy)
|
||||
identityTokenResponseFactory(masterPasswordPolicy),
|
||||
);
|
||||
const secondResult = await passwordLoginStrategy.logInTwoFactor(
|
||||
{
|
||||
@@ -206,7 +206,7 @@ describe("PasswordLoginStrategy", () => {
|
||||
token: "123456",
|
||||
remember: false,
|
||||
},
|
||||
""
|
||||
"",
|
||||
);
|
||||
|
||||
// First login attempt should not save the force password reset options
|
||||
@@ -214,7 +214,7 @@ describe("PasswordLoginStrategy", () => {
|
||||
|
||||
// Second login attempt should save the force password reset options and return in result
|
||||
expect(stateService.setForceSetPasswordReason).toHaveBeenCalledWith(
|
||||
ForceSetPasswordReason.WeakMasterPassword
|
||||
ForceSetPasswordReason.WeakMasterPassword,
|
||||
);
|
||||
expect(secondResult.forcePasswordReset).toEqual(ForceSetPasswordReason.WeakMasterPassword);
|
||||
});
|
||||
|
||||
@@ -56,7 +56,7 @@ export class PasswordLoginStrategy extends LoginStrategy {
|
||||
twoFactorService: TwoFactorService,
|
||||
private passwordStrengthService: PasswordStrengthServiceAbstraction,
|
||||
private policyService: PolicyService,
|
||||
private authService: AuthService
|
||||
private authService: AuthService,
|
||||
) {
|
||||
super(
|
||||
cryptoService,
|
||||
@@ -67,13 +67,13 @@ export class PasswordLoginStrategy extends LoginStrategy {
|
||||
messagingService,
|
||||
logService,
|
||||
stateService,
|
||||
twoFactorService
|
||||
twoFactorService,
|
||||
);
|
||||
}
|
||||
|
||||
override async logInTwoFactor(
|
||||
twoFactor: TokenTwoFactorRequest,
|
||||
captchaResponse: string
|
||||
captchaResponse: string,
|
||||
): Promise<AuthResult> {
|
||||
this.tokenRequest.captchaResponse = captchaResponse ?? this.captchaBypassToken;
|
||||
const result = await super.logInTwoFactor(twoFactor);
|
||||
@@ -100,7 +100,7 @@ export class PasswordLoginStrategy extends LoginStrategy {
|
||||
this.localMasterKeyHash = await this.cryptoService.hashMasterKey(
|
||||
masterPassword,
|
||||
this.masterKey,
|
||||
HashPurpose.LocalAuthorization
|
||||
HashPurpose.LocalAuthorization,
|
||||
);
|
||||
const masterKeyHash = await this.cryptoService.hashMasterKey(masterPassword, this.masterKey);
|
||||
|
||||
@@ -109,7 +109,7 @@ export class PasswordLoginStrategy extends LoginStrategy {
|
||||
masterKeyHash,
|
||||
captchaToken,
|
||||
await this.buildTwoFactor(twoFactor),
|
||||
await this.buildDeviceRequest()
|
||||
await this.buildDeviceRequest(),
|
||||
);
|
||||
|
||||
const [authResult, identityResponse] = await this.startLogIn();
|
||||
@@ -122,7 +122,7 @@ export class PasswordLoginStrategy extends LoginStrategy {
|
||||
// If there is a policy active, evaluate the supplied password before its no longer in memory
|
||||
const meetsRequirements = this.evaluateMasterPassword(
|
||||
credentials,
|
||||
masterPasswordPolicyOptions
|
||||
masterPasswordPolicyOptions,
|
||||
);
|
||||
|
||||
if (!meetsRequirements) {
|
||||
@@ -132,7 +132,7 @@ export class PasswordLoginStrategy extends LoginStrategy {
|
||||
} else {
|
||||
// Authentication was successful, save the force update password options with the state service
|
||||
await this.stateService.setForceSetPasswordReason(
|
||||
ForceSetPasswordReason.WeakMasterPassword
|
||||
ForceSetPasswordReason.WeakMasterPassword,
|
||||
);
|
||||
authResult.forcePasswordReset = ForceSetPasswordReason.WeakMasterPassword;
|
||||
}
|
||||
@@ -162,7 +162,7 @@ export class PasswordLoginStrategy extends LoginStrategy {
|
||||
|
||||
protected override async setPrivateKey(response: IdentityTokenResponse): Promise<void> {
|
||||
await this.cryptoService.setPrivateKey(
|
||||
response.privateKey ?? (await this.createKeyPairForOldAccount())
|
||||
response.privateKey ?? (await this.createKeyPairForOldAccount()),
|
||||
);
|
||||
}
|
||||
|
||||
@@ -171,7 +171,7 @@ export class PasswordLoginStrategy extends LoginStrategy {
|
||||
}
|
||||
|
||||
private getMasterPasswordPolicyOptionsFromResponse(
|
||||
response: IdentityTokenResponse | IdentityTwoFactorResponse | IdentityCaptchaResponse
|
||||
response: IdentityTokenResponse | IdentityTwoFactorResponse | IdentityCaptchaResponse,
|
||||
): MasterPasswordPolicyOptions {
|
||||
if (response == null || response instanceof IdentityCaptchaResponse) {
|
||||
return null;
|
||||
@@ -181,12 +181,10 @@ export class PasswordLoginStrategy extends LoginStrategy {
|
||||
|
||||
private evaluateMasterPassword(
|
||||
{ masterPassword, email }: PasswordLoginCredentials,
|
||||
options: MasterPasswordPolicyOptions
|
||||
options: MasterPasswordPolicyOptions,
|
||||
): boolean {
|
||||
const passwordStrength = this.passwordStrengthService.getPasswordStrength(
|
||||
masterPassword,
|
||||
email
|
||||
)?.score;
|
||||
const passwordStrength = this.passwordStrengthService.getPasswordStrength(masterPassword, email)
|
||||
?.score;
|
||||
|
||||
return this.policyService.evaluateMasterPassword(passwordStrength, masterPassword, options);
|
||||
}
|
||||
|
||||
@@ -89,7 +89,7 @@ describe("SsoLoginStrategy", () => {
|
||||
keyConnectorService,
|
||||
deviceTrustCryptoService,
|
||||
authRequestCryptoService,
|
||||
i18nService
|
||||
i18nService,
|
||||
);
|
||||
credentials = new SsoLoginCredentials(ssoCode, ssoCodeVerifier, ssoRedirectUrl, ssoOrgId);
|
||||
});
|
||||
@@ -111,7 +111,7 @@ describe("SsoLoginStrategy", () => {
|
||||
provider: null,
|
||||
token: null,
|
||||
}),
|
||||
})
|
||||
}),
|
||||
);
|
||||
});
|
||||
|
||||
@@ -185,7 +185,7 @@ describe("SsoLoginStrategy", () => {
|
||||
// Arrange
|
||||
const idTokenResponse: IdentityTokenResponse = identityTokenResponseFactory(
|
||||
null,
|
||||
userDecryptionOptsServerResponseWithTdeOption
|
||||
userDecryptionOptsServerResponseWithTdeOption,
|
||||
);
|
||||
|
||||
apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
|
||||
@@ -208,7 +208,7 @@ describe("SsoLoginStrategy", () => {
|
||||
// Arrange
|
||||
const idTokenResponse: IdentityTokenResponse = identityTokenResponseFactory(
|
||||
null,
|
||||
userDecryptionOptsServerResponseWithTdeOption
|
||||
userDecryptionOptsServerResponseWithTdeOption,
|
||||
);
|
||||
apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
|
||||
// Set deviceKey to be null
|
||||
@@ -248,7 +248,7 @@ describe("SsoLoginStrategy", () => {
|
||||
// Arrange
|
||||
const idTokenResponse: IdentityTokenResponse = identityTokenResponseFactory(
|
||||
null,
|
||||
userDecryptionOptsServerResponseWithTdeOption
|
||||
userDecryptionOptsServerResponseWithTdeOption,
|
||||
);
|
||||
apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
|
||||
deviceTrustCryptoService.getDeviceKey.mockResolvedValue(mockDeviceKey);
|
||||
@@ -275,7 +275,7 @@ describe("SsoLoginStrategy", () => {
|
||||
|
||||
it("gets and sets the master key if Key Connector is enabled and the user doesn't have a master password", async () => {
|
||||
const masterKey = new SymmetricCryptoKey(
|
||||
new Uint8Array(64).buffer as CsprngArray
|
||||
new Uint8Array(64).buffer as CsprngArray,
|
||||
) as MasterKey;
|
||||
|
||||
apiService.postIdentityToken.mockResolvedValue(tokenResponse);
|
||||
@@ -295,14 +295,14 @@ describe("SsoLoginStrategy", () => {
|
||||
|
||||
expect(keyConnectorService.convertNewSsoUserToKeyConnector).toHaveBeenCalledWith(
|
||||
tokenResponse,
|
||||
ssoOrgId
|
||||
ssoOrgId,
|
||||
);
|
||||
});
|
||||
|
||||
it("decrypts and sets the user key if Key Connector is enabled and the user doesn't have a master password", async () => {
|
||||
const userKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as UserKey;
|
||||
const masterKey = new SymmetricCryptoKey(
|
||||
new Uint8Array(64).buffer as CsprngArray
|
||||
new Uint8Array(64).buffer as CsprngArray,
|
||||
) as MasterKey;
|
||||
|
||||
apiService.postIdentityToken.mockResolvedValue(tokenResponse);
|
||||
@@ -326,7 +326,7 @@ describe("SsoLoginStrategy", () => {
|
||||
|
||||
it("gets and sets the master key if Key Connector is enabled and the user doesn't have a master password", async () => {
|
||||
const masterKey = new SymmetricCryptoKey(
|
||||
new Uint8Array(64).buffer as CsprngArray
|
||||
new Uint8Array(64).buffer as CsprngArray,
|
||||
) as MasterKey;
|
||||
|
||||
apiService.postIdentityToken.mockResolvedValue(tokenResponse);
|
||||
@@ -346,14 +346,14 @@ describe("SsoLoginStrategy", () => {
|
||||
|
||||
expect(keyConnectorService.convertNewSsoUserToKeyConnector).toHaveBeenCalledWith(
|
||||
tokenResponse,
|
||||
ssoOrgId
|
||||
ssoOrgId,
|
||||
);
|
||||
});
|
||||
|
||||
it("decrypts and sets the user key if Key Connector is enabled and the user doesn't have a master password", async () => {
|
||||
const userKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as UserKey;
|
||||
const masterKey = new SymmetricCryptoKey(
|
||||
new Uint8Array(64).buffer as CsprngArray
|
||||
new Uint8Array(64).buffer as CsprngArray,
|
||||
) as MasterKey;
|
||||
|
||||
apiService.postIdentityToken.mockResolvedValue(tokenResponse);
|
||||
|
||||
@@ -44,7 +44,7 @@ export class SsoLoginStrategy extends LoginStrategy {
|
||||
private keyConnectorService: KeyConnectorService,
|
||||
private deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
|
||||
private authReqCryptoService: AuthRequestCryptoServiceAbstraction,
|
||||
private i18nService: I18nService
|
||||
private i18nService: I18nService,
|
||||
) {
|
||||
super(
|
||||
cryptoService,
|
||||
@@ -55,7 +55,7 @@ export class SsoLoginStrategy extends LoginStrategy {
|
||||
messagingService,
|
||||
logService,
|
||||
stateService,
|
||||
twoFactorService
|
||||
twoFactorService,
|
||||
);
|
||||
}
|
||||
|
||||
@@ -66,7 +66,7 @@ export class SsoLoginStrategy extends LoginStrategy {
|
||||
credentials.codeVerifier,
|
||||
credentials.redirectUrl,
|
||||
await this.buildTwoFactor(credentials.twoFactor),
|
||||
await this.buildDeviceRequest()
|
||||
await this.buildDeviceRequest(),
|
||||
);
|
||||
|
||||
const [ssoAuthResult] = await this.startLogIn();
|
||||
@@ -200,14 +200,14 @@ export class SsoLoginStrategy extends LoginStrategy {
|
||||
if (adminAuthReqResponse.masterPasswordHash) {
|
||||
await this.authReqCryptoService.setKeysAfterDecryptingSharedMasterKeyAndHash(
|
||||
adminAuthReqResponse,
|
||||
adminAuthReqStorable.privateKey
|
||||
adminAuthReqStorable.privateKey,
|
||||
);
|
||||
} else {
|
||||
// if masterPasswordHash is null, we will always receive authReqResponse.key
|
||||
// as authRequestPublicKey(userKey)
|
||||
await this.authReqCryptoService.setUserKeyAfterDecryptingSharedUserKey(
|
||||
adminAuthReqResponse,
|
||||
adminAuthReqStorable.privateKey
|
||||
adminAuthReqStorable.privateKey,
|
||||
);
|
||||
}
|
||||
|
||||
@@ -239,7 +239,7 @@ export class SsoLoginStrategy extends LoginStrategy {
|
||||
const userKey = await this.deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
|
||||
encDevicePrivateKey,
|
||||
encUserKey,
|
||||
deviceKey
|
||||
deviceKey,
|
||||
);
|
||||
|
||||
if (userKey) {
|
||||
@@ -267,7 +267,7 @@ export class SsoLoginStrategy extends LoginStrategy {
|
||||
|
||||
if (!newSsoUser) {
|
||||
await this.cryptoService.setPrivateKey(
|
||||
tokenResponse.privateKey ?? (await this.createKeyPairForOldAccount())
|
||||
tokenResponse.privateKey ?? (await this.createKeyPairForOldAccount()),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -72,7 +72,7 @@ describe("UserApiLoginStrategy", () => {
|
||||
stateService,
|
||||
twoFactorService,
|
||||
environmentService,
|
||||
keyConnectorService
|
||||
keyConnectorService,
|
||||
);
|
||||
|
||||
credentials = new UserApiLoginCredentials(apiClientId, apiClientSecret);
|
||||
@@ -93,7 +93,7 @@ describe("UserApiLoginStrategy", () => {
|
||||
provider: null,
|
||||
token: null,
|
||||
}),
|
||||
})
|
||||
}),
|
||||
);
|
||||
});
|
||||
|
||||
|
||||
@@ -29,7 +29,7 @@ export class UserApiLoginStrategy extends LoginStrategy {
|
||||
stateService: StateService,
|
||||
twoFactorService: TwoFactorService,
|
||||
private environmentService: EnvironmentService,
|
||||
private keyConnectorService: KeyConnectorService
|
||||
private keyConnectorService: KeyConnectorService,
|
||||
) {
|
||||
super(
|
||||
cryptoService,
|
||||
@@ -40,7 +40,7 @@ export class UserApiLoginStrategy extends LoginStrategy {
|
||||
messagingService,
|
||||
logService,
|
||||
stateService,
|
||||
twoFactorService
|
||||
twoFactorService,
|
||||
);
|
||||
}
|
||||
|
||||
@@ -49,7 +49,7 @@ export class UserApiLoginStrategy extends LoginStrategy {
|
||||
credentials.clientId,
|
||||
credentials.clientSecret,
|
||||
await this.buildTwoFactor(),
|
||||
await this.buildDeviceRequest()
|
||||
await this.buildDeviceRequest(),
|
||||
);
|
||||
|
||||
const [authResult] = await this.startLogIn();
|
||||
@@ -77,7 +77,7 @@ export class UserApiLoginStrategy extends LoginStrategy {
|
||||
|
||||
protected override async setPrivateKey(response: IdentityTokenResponse): Promise<void> {
|
||||
await this.cryptoService.setPrivateKey(
|
||||
response.privateKey ?? (await this.createKeyPairForOldAccount())
|
||||
response.privateKey ?? (await this.createKeyPairForOldAccount()),
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
@@ -82,7 +82,7 @@ describe("WebAuthnLoginStrategy", () => {
|
||||
messagingService,
|
||||
logService,
|
||||
stateService,
|
||||
twoFactorService
|
||||
twoFactorService,
|
||||
);
|
||||
|
||||
// Create credentials
|
||||
@@ -128,7 +128,7 @@ describe("WebAuthnLoginStrategy", () => {
|
||||
// Arrange
|
||||
const idTokenResponse: IdentityTokenResponse = identityTokenResponseFactory(
|
||||
null,
|
||||
userDecryptionOptsServerResponseWithWebAuthnPrfOption
|
||||
userDecryptionOptsServerResponseWithWebAuthnPrfOption,
|
||||
);
|
||||
|
||||
apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
|
||||
@@ -146,7 +146,7 @@ describe("WebAuthnLoginStrategy", () => {
|
||||
device: expect.objectContaining({
|
||||
identifier: deviceId,
|
||||
}),
|
||||
})
|
||||
}),
|
||||
);
|
||||
|
||||
expect(authResult).toBeInstanceOf(AuthResult);
|
||||
@@ -164,7 +164,7 @@ describe("WebAuthnLoginStrategy", () => {
|
||||
// Arrange
|
||||
const idTokenResponse: IdentityTokenResponse = identityTokenResponseFactory(
|
||||
null,
|
||||
userDecryptionOptsServerResponseWithWebAuthnPrfOption
|
||||
userDecryptionOptsServerResponseWithWebAuthnPrfOption,
|
||||
);
|
||||
|
||||
apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
|
||||
@@ -187,12 +187,12 @@ describe("WebAuthnLoginStrategy", () => {
|
||||
expect(cryptoService.decryptToBytes).toHaveBeenCalledTimes(1);
|
||||
expect(cryptoService.decryptToBytes).toHaveBeenCalledWith(
|
||||
idTokenResponse.userDecryptionOptions.webAuthnPrfOption.encryptedPrivateKey,
|
||||
webAuthnCredentials.prfKey
|
||||
webAuthnCredentials.prfKey,
|
||||
);
|
||||
expect(cryptoService.rsaDecrypt).toHaveBeenCalledTimes(1);
|
||||
expect(cryptoService.rsaDecrypt).toHaveBeenCalledWith(
|
||||
idTokenResponse.userDecryptionOptions.webAuthnPrfOption.encryptedUserKey.encryptedString,
|
||||
mockPrfPrivateKey
|
||||
mockPrfPrivateKey,
|
||||
);
|
||||
expect(cryptoService.setUserKey).toHaveBeenCalledWith(mockUserKey);
|
||||
expect(cryptoService.setPrivateKey).toHaveBeenCalledWith(idTokenResponse.privateKey);
|
||||
@@ -205,7 +205,7 @@ describe("WebAuthnLoginStrategy", () => {
|
||||
// Arrange
|
||||
const idTokenResponse: IdentityTokenResponse = identityTokenResponseFactory(
|
||||
null,
|
||||
userDecryptionOptsServerResponseWithWebAuthnPrfOption
|
||||
userDecryptionOptsServerResponseWithWebAuthnPrfOption,
|
||||
);
|
||||
|
||||
apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
|
||||
@@ -247,7 +247,7 @@ describe("WebAuthnLoginStrategy", () => {
|
||||
// Arrange
|
||||
const idTokenResponse: IdentityTokenResponse = identityTokenResponseFactory(
|
||||
null,
|
||||
userDecryptionOptsServerResponseWithWebAuthnPrfOption
|
||||
userDecryptionOptsServerResponseWithWebAuthnPrfOption,
|
||||
);
|
||||
|
||||
apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
|
||||
@@ -265,7 +265,7 @@ describe("WebAuthnLoginStrategy", () => {
|
||||
// Arrange
|
||||
const idTokenResponse: IdentityTokenResponse = identityTokenResponseFactory(
|
||||
null,
|
||||
userDecryptionOptsServerResponseWithWebAuthnPrfOption
|
||||
userDecryptionOptsServerResponseWithWebAuthnPrfOption,
|
||||
);
|
||||
|
||||
apiService.postIdentityToken.mockResolvedValue(idTokenResponse);
|
||||
@@ -314,7 +314,7 @@ class MockPublicKeyCredential implements PublicKeyCredential {
|
||||
// Creating the array buffer from a known hex value allows us to
|
||||
// assert on the value in tests
|
||||
private prfKeyArrayBuffer: ArrayBuffer = Utils.hexStringToArrayBuffer(
|
||||
"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
|
||||
"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
|
||||
);
|
||||
|
||||
getClientExtensionResults(): any {
|
||||
|
||||
@@ -35,13 +35,13 @@ export class WebAuthnLoginStrategy extends LoginStrategy {
|
||||
// decrypt prf encrypted private key
|
||||
const privateKey = await this.cryptoService.decryptToBytes(
|
||||
webAuthnPrfOption.encryptedPrivateKey,
|
||||
this.credentials.prfKey
|
||||
this.credentials.prfKey,
|
||||
);
|
||||
|
||||
// decrypt user key with private key
|
||||
const userKey = await this.cryptoService.rsaDecrypt(
|
||||
webAuthnPrfOption.encryptedUserKey.encryptedString,
|
||||
privateKey
|
||||
privateKey,
|
||||
);
|
||||
|
||||
if (userKey) {
|
||||
@@ -52,7 +52,7 @@ export class WebAuthnLoginStrategy extends LoginStrategy {
|
||||
|
||||
protected override async setPrivateKey(response: IdentityTokenResponse): Promise<void> {
|
||||
await this.cryptoService.setPrivateKey(
|
||||
response.privateKey ?? (await this.createKeyPairForOldAccount())
|
||||
response.privateKey ?? (await this.createKeyPairForOldAccount()),
|
||||
);
|
||||
}
|
||||
|
||||
@@ -66,7 +66,7 @@ export class WebAuthnLoginStrategy extends LoginStrategy {
|
||||
this.tokenRequest = new WebAuthnLoginTokenRequest(
|
||||
credentials.token,
|
||||
credentials.deviceResponse,
|
||||
await this.buildDeviceRequest()
|
||||
await this.buildDeviceRequest(),
|
||||
);
|
||||
|
||||
const [authResult] = await this.startLogIn();
|
||||
|
||||
@@ -127,10 +127,10 @@ export class SsoConfigApi extends BaseResponse {
|
||||
this.idpX509PublicCert = this.getResponseProperty("IdpX509PublicCert");
|
||||
this.idpOutboundSigningAlgorithm = this.getResponseProperty("IdpOutboundSigningAlgorithm");
|
||||
this.idpAllowUnsolicitedAuthnResponse = this.getResponseProperty(
|
||||
"IdpAllowUnsolicitedAuthnResponse"
|
||||
"IdpAllowUnsolicitedAuthnResponse",
|
||||
);
|
||||
this.idpDisableOutboundLogoutRequests = this.getResponseProperty(
|
||||
"IdpDisableOutboundLogoutRequests"
|
||||
"IdpDisableOutboundLogoutRequests",
|
||||
);
|
||||
this.idpWantAuthnRequestsSigned = this.getResponseProperty("IdpWantAuthnRequestsSigned");
|
||||
}
|
||||
|
||||
@@ -14,7 +14,7 @@ export class PasswordLoginCredentials {
|
||||
public email: string,
|
||||
public masterPassword: string,
|
||||
public captchaToken?: string,
|
||||
public twoFactor?: TokenTwoFactorRequest
|
||||
public twoFactor?: TokenTwoFactorRequest,
|
||||
) {}
|
||||
}
|
||||
|
||||
@@ -26,14 +26,17 @@ export class SsoLoginCredentials {
|
||||
public codeVerifier: string,
|
||||
public redirectUrl: string,
|
||||
public orgId: string,
|
||||
public twoFactor?: TokenTwoFactorRequest
|
||||
public twoFactor?: TokenTwoFactorRequest,
|
||||
) {}
|
||||
}
|
||||
|
||||
export class UserApiLoginCredentials {
|
||||
readonly type = AuthenticationType.UserApi;
|
||||
|
||||
constructor(public clientId: string, public clientSecret: string) {}
|
||||
constructor(
|
||||
public clientId: string,
|
||||
public clientSecret: string,
|
||||
) {}
|
||||
}
|
||||
|
||||
export class AuthRequestLoginCredentials {
|
||||
@@ -46,7 +49,7 @@ export class AuthRequestLoginCredentials {
|
||||
public decryptedUserKey: UserKey,
|
||||
public decryptedMasterKey: MasterKey,
|
||||
public decryptedMasterKeyHash: string,
|
||||
public twoFactor?: TokenTwoFactorRequest
|
||||
public twoFactor?: TokenTwoFactorRequest,
|
||||
) {}
|
||||
}
|
||||
|
||||
@@ -56,6 +59,6 @@ export class WebAuthnLoginCredentials {
|
||||
constructor(
|
||||
public token: string,
|
||||
public deviceResponse: WebAuthnLoginAssertionResponseRequest,
|
||||
public prfKey?: SymmetricCryptoKey
|
||||
public prfKey?: SymmetricCryptoKey,
|
||||
) {}
|
||||
}
|
||||
|
||||
@@ -2,6 +2,6 @@ export class TrustedDeviceUserDecryptionOption {
|
||||
constructor(
|
||||
public hasAdminApproval: boolean,
|
||||
public hasLoginApprovingDevice: boolean,
|
||||
public hasManageResetPasswordPermission: boolean
|
||||
public hasManageResetPasswordPermission: boolean,
|
||||
) {}
|
||||
}
|
||||
|
||||
@@ -6,6 +6,6 @@ export class CreateAuthRequest {
|
||||
readonly deviceIdentifier: string,
|
||||
readonly publicKey: string,
|
||||
readonly type: AuthRequestType,
|
||||
readonly accessCode: string
|
||||
readonly accessCode: string,
|
||||
) {}
|
||||
}
|
||||
|
||||
@@ -12,7 +12,7 @@ export class PasswordTokenRequest extends TokenRequest implements CaptchaProtect
|
||||
public masterPasswordHash: string,
|
||||
public captchaResponse: string,
|
||||
protected twoFactor: TokenTwoFactorRequest,
|
||||
device?: DeviceRequest
|
||||
device?: DeviceRequest,
|
||||
) {
|
||||
super(twoFactor, device);
|
||||
}
|
||||
|
||||
@@ -8,7 +8,7 @@ export class SsoTokenRequest extends TokenRequest {
|
||||
public codeVerifier: string,
|
||||
public redirectUri: string,
|
||||
protected twoFactor: TokenTwoFactorRequest,
|
||||
device?: DeviceRequest
|
||||
device?: DeviceRequest,
|
||||
) {
|
||||
super(twoFactor, device);
|
||||
}
|
||||
|
||||
@@ -4,6 +4,6 @@ export class TokenTwoFactorRequest {
|
||||
constructor(
|
||||
public provider: TwoFactorProviderType = null,
|
||||
public token: string = null,
|
||||
public remember: boolean = false
|
||||
public remember: boolean = false,
|
||||
) {}
|
||||
}
|
||||
|
||||
@@ -5,7 +5,10 @@ export abstract class TokenRequest {
|
||||
protected device?: DeviceRequest;
|
||||
protected authRequest: string;
|
||||
|
||||
constructor(protected twoFactor?: TokenTwoFactorRequest, device?: DeviceRequest) {
|
||||
constructor(
|
||||
protected twoFactor?: TokenTwoFactorRequest,
|
||||
device?: DeviceRequest,
|
||||
) {
|
||||
this.device = device != null ? device : null;
|
||||
}
|
||||
|
||||
|
||||
@@ -7,7 +7,7 @@ export class UserApiTokenRequest extends TokenRequest {
|
||||
public clientId: string,
|
||||
public clientSecret: string,
|
||||
protected twoFactor: TokenTwoFactorRequest,
|
||||
device?: DeviceRequest
|
||||
device?: DeviceRequest,
|
||||
) {
|
||||
super(twoFactor, device);
|
||||
}
|
||||
|
||||
@@ -7,7 +7,7 @@ export class WebAuthnLoginTokenRequest extends TokenRequest {
|
||||
constructor(
|
||||
public token: string,
|
||||
public deviceResponse: WebAuthnLoginAssertionResponseRequest,
|
||||
device?: DeviceRequest
|
||||
device?: DeviceRequest,
|
||||
) {
|
||||
super(undefined, device);
|
||||
}
|
||||
|
||||
@@ -3,6 +3,6 @@ export class PasswordlessAuthRequest {
|
||||
readonly key: string,
|
||||
readonly masterPasswordHash: string,
|
||||
readonly deviceIdentifier: string,
|
||||
readonly requestApproved: boolean
|
||||
readonly requestApproved: boolean,
|
||||
) {}
|
||||
}
|
||||
|
||||
@@ -16,7 +16,7 @@ export class SetKeyConnectorKeyRequest {
|
||||
kdf: KdfType,
|
||||
kdfConfig: KdfConfig,
|
||||
orgIdentifier: string,
|
||||
keys: KeysRequest
|
||||
keys: KeysRequest,
|
||||
) {
|
||||
this.key = key;
|
||||
this.kdf = kdf;
|
||||
|
||||
@@ -21,7 +21,7 @@ export class SetPasswordRequest {
|
||||
kdf: KdfType,
|
||||
kdfIterations: number,
|
||||
kdfMemory?: number,
|
||||
kdfParallelism?: number
|
||||
kdfParallelism?: number,
|
||||
) {
|
||||
this.masterPasswordHash = masterPasswordHash;
|
||||
this.key = key;
|
||||
|
||||
@@ -36,7 +36,7 @@ export class AuthRequestResponse extends BaseResponse {
|
||||
requestDate.getUTCHours(),
|
||||
requestDate.getUTCMinutes(),
|
||||
requestDate.getUTCSeconds(),
|
||||
requestDate.getUTCMilliseconds()
|
||||
requestDate.getUTCMilliseconds(),
|
||||
);
|
||||
|
||||
const dateNow = new Date(Date.now());
|
||||
@@ -47,7 +47,7 @@ export class AuthRequestResponse extends BaseResponse {
|
||||
dateNow.getUTCHours(),
|
||||
dateNow.getUTCMinutes(),
|
||||
dateNow.getUTCSeconds(),
|
||||
dateNow.getUTCMilliseconds()
|
||||
dateNow.getUTCMilliseconds(),
|
||||
);
|
||||
|
||||
this.isExpired = dateNowUTC - requestDateUTC >= RequestTimeOut;
|
||||
|
||||
@@ -7,10 +7,10 @@ export class DeviceVerificationResponse extends BaseResponse {
|
||||
constructor(response: any) {
|
||||
super(response);
|
||||
this.isDeviceVerificationSectionEnabled = this.getResponseProperty(
|
||||
"IsDeviceVerificationSectionEnabled"
|
||||
"IsDeviceVerificationSectionEnabled",
|
||||
);
|
||||
this.unknownDeviceVerificationEnabled = this.getResponseProperty(
|
||||
"UnknownDeviceVerificationEnabled"
|
||||
"UnknownDeviceVerificationEnabled",
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -44,12 +44,12 @@ export class IdentityTokenResponse extends BaseResponse {
|
||||
this.apiUseKeyConnector = this.getResponseProperty("ApiUseKeyConnector");
|
||||
this.keyConnectorUrl = this.getResponseProperty("KeyConnectorUrl");
|
||||
this.masterPasswordPolicy = new MasterPasswordPolicyResponse(
|
||||
this.getResponseProperty("MasterPasswordPolicy")
|
||||
this.getResponseProperty("MasterPasswordPolicy"),
|
||||
);
|
||||
|
||||
if (response.UserDecryptionOptions) {
|
||||
this.userDecryptionOptions = new UserDecryptionOptionsResponse(
|
||||
this.getResponseProperty("UserDecryptionOptions")
|
||||
this.getResponseProperty("UserDecryptionOptions"),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -25,7 +25,7 @@ export class IdentityTwoFactorResponse extends BaseResponse {
|
||||
}
|
||||
}
|
||||
this.masterPasswordPolicy = new MasterPasswordPolicyResponse(
|
||||
this.getResponseProperty("MasterPasswordPolicy")
|
||||
this.getResponseProperty("MasterPasswordPolicy"),
|
||||
);
|
||||
|
||||
this.ssoEmail2faSessionToken = this.getResponseProperty("SsoEmail2faSessionToken");
|
||||
|
||||
@@ -22,7 +22,7 @@ export class TrustedDeviceUserDecryptionOptionResponse extends BaseResponse {
|
||||
|
||||
this.hasLoginApprovingDevice = this.getResponseProperty("HasLoginApprovingDevice");
|
||||
this.hasManageResetPasswordPermission = this.getResponseProperty(
|
||||
"HasManageResetPasswordPermission"
|
||||
"HasManageResetPasswordPermission",
|
||||
);
|
||||
|
||||
if (response.EncryptedPrivateKey) {
|
||||
|
||||
@@ -33,17 +33,17 @@ export class UserDecryptionOptionsResponse extends BaseResponse {
|
||||
|
||||
if (response.TrustedDeviceOption) {
|
||||
this.trustedDeviceOption = new TrustedDeviceUserDecryptionOptionResponse(
|
||||
this.getResponseProperty("TrustedDeviceOption")
|
||||
this.getResponseProperty("TrustedDeviceOption"),
|
||||
);
|
||||
}
|
||||
if (response.KeyConnectorOption) {
|
||||
this.keyConnectorOption = new KeyConnectorUserDecryptionOptionResponse(
|
||||
this.getResponseProperty("KeyConnectorOption")
|
||||
this.getResponseProperty("KeyConnectorOption"),
|
||||
);
|
||||
}
|
||||
if (response.WebAuthnPrfOption) {
|
||||
this.webAuthnPrfOption = new WebAuthnPrfDecryptionOptionResponse(
|
||||
this.getResponseProperty("WebAuthnPrfOption")
|
||||
this.getResponseProperty("WebAuthnPrfOption"),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,5 +1,8 @@
|
||||
import { AssertionOptionsResponse } from "../../../services/webauthn-login/response/assertion-options.response";
|
||||
|
||||
export class WebAuthnLoginCredentialAssertionOptionsView {
|
||||
constructor(readonly options: AssertionOptionsResponse, readonly token: string) {}
|
||||
constructor(
|
||||
readonly options: AssertionOptionsResponse,
|
||||
readonly token: string,
|
||||
) {}
|
||||
}
|
||||
|
||||
@@ -5,6 +5,6 @@ export class WebAuthnLoginCredentialAssertionView {
|
||||
constructor(
|
||||
readonly token: string,
|
||||
readonly deviceResponse: WebAuthnLoginAssertionResponseRequest,
|
||||
readonly prfKey?: PrfKey
|
||||
readonly prfKey?: PrfKey,
|
||||
) {}
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ export class AccountApiServiceImplementation implements AccountApiService {
|
||||
private apiService: ApiService,
|
||||
private userVerificationService: UserVerificationService,
|
||||
private logService: LogService,
|
||||
private accountService: InternalAccountService
|
||||
private accountService: InternalAccountService,
|
||||
) {}
|
||||
|
||||
async deleteAccount(verification: Verification): Promise<void> {
|
||||
|
||||
@@ -21,7 +21,7 @@ export const ACCOUNT_ACCOUNTS = KeyDefinition.record<AccountInfo, UserId>(
|
||||
"accounts",
|
||||
{
|
||||
deserializer: (accountInfo) => accountInfo,
|
||||
}
|
||||
},
|
||||
);
|
||||
|
||||
export const ACCOUNT_ACTIVE_ACCOUNT_ID = new KeyDefinition(ACCOUNT_MEMORY, "activeAccountId", {
|
||||
@@ -42,19 +42,19 @@ export class AccountServiceImplementation implements InternalAccountService {
|
||||
constructor(
|
||||
private messagingService: MessagingService,
|
||||
private logService: LogService,
|
||||
private globalStateProvider: GlobalStateProvider
|
||||
private globalStateProvider: GlobalStateProvider,
|
||||
) {
|
||||
this.accountsState = this.globalStateProvider.get(ACCOUNT_ACCOUNTS);
|
||||
this.activeAccountIdState = this.globalStateProvider.get(ACCOUNT_ACTIVE_ACCOUNT_ID);
|
||||
|
||||
this.accounts$ = this.accountsState.state$.pipe(
|
||||
map((accounts) => (accounts == null ? {} : accounts))
|
||||
map((accounts) => (accounts == null ? {} : accounts)),
|
||||
);
|
||||
this.activeAccount$ = this.activeAccountIdState.state$.pipe(
|
||||
combineLatestWith(this.accounts$),
|
||||
map(([id, accounts]) => (id ? { id, ...accounts[id] } : undefined)),
|
||||
distinctUntilChanged((a, b) => a?.id === b?.id && accountInfoEqual(a, b)),
|
||||
shareReplay({ bufferSize: 1, refCount: false })
|
||||
shareReplay({ bufferSize: 1, refCount: false }),
|
||||
);
|
||||
}
|
||||
|
||||
@@ -103,7 +103,7 @@ export class AccountServiceImplementation implements InternalAccountService {
|
||||
// update only if userId changes
|
||||
return id !== userId;
|
||||
},
|
||||
}
|
||||
},
|
||||
);
|
||||
}
|
||||
|
||||
@@ -136,7 +136,7 @@ export class AccountServiceImplementation implements InternalAccountService {
|
||||
|
||||
return !accountInfoEqual(accounts[userId], newAccountInfo(accounts[userId]));
|
||||
},
|
||||
}
|
||||
},
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ export class AnonymousHubService implements AnonymousHubServiceAbstraction {
|
||||
constructor(
|
||||
private environmentService: EnvironmentService,
|
||||
private authService: AuthService,
|
||||
private logService: LogService
|
||||
private logService: LogService,
|
||||
) {}
|
||||
|
||||
async createHubConnection(token: string) {
|
||||
@@ -51,7 +51,7 @@ export class AnonymousHubService implements AnonymousHubServiceAbstraction {
|
||||
|
||||
private async ProcessNotification(notification: NotificationResponse) {
|
||||
await this.authService.authResponsePushNotification(
|
||||
notification.payload as AuthRequestPushNotification
|
||||
notification.payload as AuthRequestPushNotification,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,23 +13,23 @@ export class AuthRequestCryptoServiceImplementation implements AuthRequestCrypto
|
||||
|
||||
async setUserKeyAfterDecryptingSharedUserKey(
|
||||
authReqResponse: AuthRequestResponse,
|
||||
authReqPrivateKey: Uint8Array
|
||||
authReqPrivateKey: Uint8Array,
|
||||
) {
|
||||
const userKey = await this.decryptPubKeyEncryptedUserKey(
|
||||
authReqResponse.key,
|
||||
authReqPrivateKey
|
||||
authReqPrivateKey,
|
||||
);
|
||||
await this.cryptoService.setUserKey(userKey);
|
||||
}
|
||||
|
||||
async setKeysAfterDecryptingSharedMasterKeyAndHash(
|
||||
authReqResponse: AuthRequestResponse,
|
||||
authReqPrivateKey: Uint8Array
|
||||
authReqPrivateKey: Uint8Array,
|
||||
) {
|
||||
const { masterKey, masterKeyHash } = await this.decryptPubKeyEncryptedMasterKeyAndHash(
|
||||
authReqResponse.key,
|
||||
authReqResponse.masterPasswordHash,
|
||||
authReqPrivateKey
|
||||
authReqPrivateKey,
|
||||
);
|
||||
|
||||
// Decrypt and set user key in state
|
||||
@@ -45,11 +45,11 @@ export class AuthRequestCryptoServiceImplementation implements AuthRequestCrypto
|
||||
// Decryption helpers
|
||||
async decryptPubKeyEncryptedUserKey(
|
||||
pubKeyEncryptedUserKey: string,
|
||||
privateKey: Uint8Array
|
||||
privateKey: Uint8Array,
|
||||
): Promise<UserKey> {
|
||||
const decryptedUserKeyBytes = await this.cryptoService.rsaDecrypt(
|
||||
pubKeyEncryptedUserKey,
|
||||
privateKey
|
||||
privateKey,
|
||||
);
|
||||
|
||||
return new SymmetricCryptoKey(decryptedUserKeyBytes) as UserKey;
|
||||
@@ -58,16 +58,16 @@ export class AuthRequestCryptoServiceImplementation implements AuthRequestCrypto
|
||||
async decryptPubKeyEncryptedMasterKeyAndHash(
|
||||
pubKeyEncryptedMasterKey: string,
|
||||
pubKeyEncryptedMasterKeyHash: string,
|
||||
privateKey: Uint8Array
|
||||
privateKey: Uint8Array,
|
||||
): Promise<{ masterKey: MasterKey; masterKeyHash: string }> {
|
||||
const decryptedMasterKeyArrayBuffer = await this.cryptoService.rsaDecrypt(
|
||||
pubKeyEncryptedMasterKey,
|
||||
privateKey
|
||||
privateKey,
|
||||
);
|
||||
|
||||
const decryptedMasterKeyHashArrayBuffer = await this.cryptoService.rsaDecrypt(
|
||||
pubKeyEncryptedMasterKeyHash,
|
||||
privateKey
|
||||
privateKey,
|
||||
);
|
||||
|
||||
const masterKey = new SymmetricCryptoKey(decryptedMasterKeyArrayBuffer) as MasterKey;
|
||||
|
||||
@@ -47,13 +47,13 @@ describe("AuthRequestCryptoService", () => {
|
||||
// Act
|
||||
await authReqCryptoService.setUserKeyAfterDecryptingSharedUserKey(
|
||||
mockAuthReqResponse,
|
||||
mockPrivateKey
|
||||
mockPrivateKey,
|
||||
);
|
||||
|
||||
// Assert
|
||||
expect(authReqCryptoService.decryptPubKeyEncryptedUserKey).toBeCalledWith(
|
||||
mockAuthReqResponse.key,
|
||||
mockPrivateKey
|
||||
mockPrivateKey,
|
||||
);
|
||||
expect(cryptoService.setUserKey).toBeCalledWith(mockDecryptedUserKey);
|
||||
});
|
||||
@@ -86,14 +86,14 @@ describe("AuthRequestCryptoService", () => {
|
||||
// Act
|
||||
await authReqCryptoService.setKeysAfterDecryptingSharedMasterKeyAndHash(
|
||||
mockAuthReqResponse,
|
||||
mockPrivateKey
|
||||
mockPrivateKey,
|
||||
);
|
||||
|
||||
// Assert
|
||||
expect(authReqCryptoService.decryptPubKeyEncryptedMasterKeyAndHash).toBeCalledWith(
|
||||
mockAuthReqResponse.key,
|
||||
mockAuthReqResponse.masterPasswordHash,
|
||||
mockPrivateKey
|
||||
mockPrivateKey,
|
||||
);
|
||||
expect(cryptoService.setMasterKey).toBeCalledWith(mockDecryptedMasterKey);
|
||||
expect(cryptoService.setMasterKeyHash).toBeCalledWith(mockDecryptedMasterKeyHash);
|
||||
@@ -114,7 +114,7 @@ describe("AuthRequestCryptoService", () => {
|
||||
// Act
|
||||
const result = await authReqCryptoService.decryptPubKeyEncryptedUserKey(
|
||||
mockPubKeyEncryptedUserKey,
|
||||
mockPrivateKey
|
||||
mockPrivateKey,
|
||||
);
|
||||
|
||||
// Assert
|
||||
@@ -131,7 +131,7 @@ describe("AuthRequestCryptoService", () => {
|
||||
|
||||
const mockDecryptedMasterKeyBytes = new Uint8Array(64);
|
||||
const mockDecryptedMasterKey = new SymmetricCryptoKey(
|
||||
mockDecryptedMasterKeyBytes
|
||||
mockDecryptedMasterKeyBytes,
|
||||
) as MasterKey;
|
||||
const mockDecryptedMasterKeyHashBytes = new Uint8Array(64);
|
||||
const mockDecryptedMasterKeyHash = Utils.fromBufferToUtf8(mockDecryptedMasterKeyHashBytes);
|
||||
@@ -144,19 +144,19 @@ describe("AuthRequestCryptoService", () => {
|
||||
const result = await authReqCryptoService.decryptPubKeyEncryptedMasterKeyAndHash(
|
||||
mockPubKeyEncryptedMasterKey,
|
||||
mockPubKeyEncryptedMasterKeyHash,
|
||||
mockPrivateKey
|
||||
mockPrivateKey,
|
||||
);
|
||||
|
||||
// Assert
|
||||
expect(cryptoService.rsaDecrypt).toHaveBeenNthCalledWith(
|
||||
1,
|
||||
mockPubKeyEncryptedMasterKey,
|
||||
mockPrivateKey
|
||||
mockPrivateKey,
|
||||
);
|
||||
expect(cryptoService.rsaDecrypt).toHaveBeenNthCalledWith(
|
||||
2,
|
||||
mockPubKeyEncryptedMasterKeyHash,
|
||||
mockPrivateKey
|
||||
mockPrivateKey,
|
||||
);
|
||||
expect(result.masterKey).toEqual(mockDecryptedMasterKey);
|
||||
expect(result.masterKeyHash).toEqual(mockDecryptedMasterKeyHash);
|
||||
|
||||
@@ -110,7 +110,7 @@ export class AuthService implements AuthServiceAbstraction {
|
||||
protected passwordStrengthService: PasswordStrengthServiceAbstraction,
|
||||
protected policyService: PolicyService,
|
||||
protected deviceTrustCryptoService: DeviceTrustCryptoServiceAbstraction,
|
||||
protected authReqCryptoService: AuthRequestCryptoServiceAbstraction
|
||||
protected authReqCryptoService: AuthRequestCryptoServiceAbstraction,
|
||||
) {}
|
||||
|
||||
async logIn(
|
||||
@@ -119,7 +119,7 @@ export class AuthService implements AuthServiceAbstraction {
|
||||
| PasswordLoginCredentials
|
||||
| SsoLoginCredentials
|
||||
| AuthRequestLoginCredentials
|
||||
| WebAuthnLoginCredentials
|
||||
| WebAuthnLoginCredentials,
|
||||
): Promise<AuthResult> {
|
||||
this.clearState();
|
||||
|
||||
@@ -144,7 +144,7 @@ export class AuthService implements AuthServiceAbstraction {
|
||||
this.twoFactorService,
|
||||
this.passwordStrengthService,
|
||||
this.policyService,
|
||||
this
|
||||
this,
|
||||
);
|
||||
break;
|
||||
case AuthenticationType.Sso:
|
||||
@@ -161,7 +161,7 @@ export class AuthService implements AuthServiceAbstraction {
|
||||
this.keyConnectorService,
|
||||
this.deviceTrustCryptoService,
|
||||
this.authReqCryptoService,
|
||||
this.i18nService
|
||||
this.i18nService,
|
||||
);
|
||||
break;
|
||||
case AuthenticationType.UserApi:
|
||||
@@ -176,7 +176,7 @@ export class AuthService implements AuthServiceAbstraction {
|
||||
this.stateService,
|
||||
this.twoFactorService,
|
||||
this.environmentService,
|
||||
this.keyConnectorService
|
||||
this.keyConnectorService,
|
||||
);
|
||||
break;
|
||||
case AuthenticationType.AuthRequest:
|
||||
@@ -190,7 +190,7 @@ export class AuthService implements AuthServiceAbstraction {
|
||||
this.logService,
|
||||
this.stateService,
|
||||
this.twoFactorService,
|
||||
this.deviceTrustCryptoService
|
||||
this.deviceTrustCryptoService,
|
||||
);
|
||||
break;
|
||||
case AuthenticationType.WebAuthn:
|
||||
@@ -203,7 +203,7 @@ export class AuthService implements AuthServiceAbstraction {
|
||||
this.messagingService,
|
||||
this.logService,
|
||||
this.stateService,
|
||||
this.twoFactorService
|
||||
this.twoFactorService,
|
||||
);
|
||||
break;
|
||||
}
|
||||
@@ -218,7 +218,7 @@ export class AuthService implements AuthServiceAbstraction {
|
||||
|
||||
async logInTwoFactor(
|
||||
twoFactor: TokenTwoFactorRequest,
|
||||
captchaResponse: string
|
||||
captchaResponse: string,
|
||||
): Promise<AuthResult> {
|
||||
if (this.logInStrategy == null) {
|
||||
throw new Error(this.i18nService.t("sessionTimeout"));
|
||||
@@ -281,7 +281,7 @@ export class AuthService implements AuthServiceAbstraction {
|
||||
// Attempt to get the key from storage and set it in memory
|
||||
const userKey = await this.cryptoService.getUserKeyFromStorage(
|
||||
KeySuffixOptions.Auto,
|
||||
userId
|
||||
userId,
|
||||
);
|
||||
await this.cryptoService.setUserKey(userKey, userId);
|
||||
}
|
||||
@@ -307,7 +307,7 @@ export class AuthService implements AuthServiceAbstraction {
|
||||
kdfConfig = new KdfConfig(
|
||||
preloginResponse.kdfIterations,
|
||||
preloginResponse.kdfMemory,
|
||||
preloginResponse.kdfParallelism
|
||||
preloginResponse.kdfParallelism,
|
||||
);
|
||||
}
|
||||
} catch (e) {
|
||||
@@ -329,7 +329,7 @@ export class AuthService implements AuthServiceAbstraction {
|
||||
async passwordlessLogin(
|
||||
id: string,
|
||||
key: string,
|
||||
requestApproved: boolean
|
||||
requestApproved: boolean,
|
||||
): Promise<AuthRequestResponse> {
|
||||
const pubKey = Utils.fromB64ToArray(key);
|
||||
|
||||
@@ -346,7 +346,7 @@ export class AuthService implements AuthServiceAbstraction {
|
||||
if (masterKeyHash != null) {
|
||||
encryptedMasterKeyHash = await this.cryptoService.rsaEncrypt(
|
||||
Utils.fromUtf8ToArray(masterKeyHash),
|
||||
pubKey
|
||||
pubKey,
|
||||
);
|
||||
}
|
||||
} else {
|
||||
@@ -360,7 +360,7 @@ export class AuthService implements AuthServiceAbstraction {
|
||||
encryptedKey.encryptedString,
|
||||
encryptedMasterKeyHash?.encryptedString,
|
||||
await this.appIdService.getAppId(),
|
||||
requestApproved
|
||||
requestApproved,
|
||||
);
|
||||
return await this.apiService.putAuthRequest(id, request);
|
||||
}
|
||||
@@ -371,7 +371,7 @@ export class AuthService implements AuthServiceAbstraction {
|
||||
| PasswordLoginStrategy
|
||||
| SsoLoginStrategy
|
||||
| AuthRequestLoginStrategy
|
||||
| WebAuthnLoginStrategy
|
||||
| WebAuthnLoginStrategy,
|
||||
) {
|
||||
this.logInStrategy = strategy;
|
||||
this.startSessionTimeout();
|
||||
|
||||
@@ -30,7 +30,7 @@ export class DeviceTrustCryptoService implements DeviceTrustCryptoServiceAbstrac
|
||||
private appIdService: AppIdService,
|
||||
private devicesApiService: DevicesApiServiceAbstraction,
|
||||
private i18nService: I18nService,
|
||||
private platformUtilsService: PlatformUtilsService
|
||||
private platformUtilsService: PlatformUtilsService,
|
||||
) {}
|
||||
|
||||
/**
|
||||
@@ -67,9 +67,8 @@ export class DeviceTrustCryptoService implements DeviceTrustCryptoServiceAbstrac
|
||||
const deviceKey = await this.makeDeviceKey();
|
||||
|
||||
// Generate asymmetric RSA key pair: devicePrivateKey, devicePublicKey
|
||||
const [devicePublicKey, devicePrivateKey] = await this.cryptoFunctionService.rsaGenerateKeyPair(
|
||||
2048
|
||||
);
|
||||
const [devicePublicKey, devicePrivateKey] =
|
||||
await this.cryptoFunctionService.rsaGenerateKeyPair(2048);
|
||||
|
||||
const [
|
||||
devicePublicKeyEncryptedUserKey,
|
||||
@@ -92,7 +91,7 @@ export class DeviceTrustCryptoService implements DeviceTrustCryptoServiceAbstrac
|
||||
deviceIdentifier,
|
||||
devicePublicKeyEncryptedUserKey.encryptedString,
|
||||
userKeyEncryptedDevicePublicKey.encryptedString,
|
||||
deviceKeyEncryptedDevicePrivateKey.encryptedString
|
||||
deviceKeyEncryptedDevicePrivateKey.encryptedString,
|
||||
);
|
||||
|
||||
// store device key in local/secure storage if enc keys posted to server successfully
|
||||
@@ -121,25 +120,25 @@ export class DeviceTrustCryptoService implements DeviceTrustCryptoServiceAbstrac
|
||||
// Get the keys that are used in rotating a devices keys from the server
|
||||
const currentDeviceKeys = await this.devicesApiService.getDeviceKeys(
|
||||
deviceIdentifier,
|
||||
secretVerificationRequest
|
||||
secretVerificationRequest,
|
||||
);
|
||||
|
||||
// Decrypt the existing device public key with the old user key
|
||||
const decryptedDevicePublicKey = await this.encryptService.decryptToBytes(
|
||||
currentDeviceKeys.encryptedPublicKey,
|
||||
oldUserKey
|
||||
oldUserKey,
|
||||
);
|
||||
|
||||
// Encrypt the brand new user key with the now-decrypted public key for the device
|
||||
const encryptedNewUserKey = await this.cryptoService.rsaEncrypt(
|
||||
newUserKey.key,
|
||||
decryptedDevicePublicKey
|
||||
decryptedDevicePublicKey,
|
||||
);
|
||||
|
||||
// Re-encrypt the device public key with the new user key
|
||||
const encryptedDevicePublicKey = await this.encryptService.encrypt(
|
||||
decryptedDevicePublicKey,
|
||||
newUserKey
|
||||
newUserKey,
|
||||
);
|
||||
|
||||
const currentDeviceUpdateRequest = new DeviceKeysUpdateRequest();
|
||||
@@ -176,7 +175,7 @@ export class DeviceTrustCryptoService implements DeviceTrustCryptoServiceAbstrac
|
||||
async decryptUserKeyWithDeviceKey(
|
||||
encryptedDevicePrivateKey: EncString,
|
||||
encryptedUserKey: EncString,
|
||||
deviceKey?: DeviceKey
|
||||
deviceKey?: DeviceKey,
|
||||
): Promise<UserKey | null> {
|
||||
// If device key provided use it, otherwise try to retrieve from storage
|
||||
deviceKey ||= await this.getDeviceKey();
|
||||
@@ -190,13 +189,13 @@ export class DeviceTrustCryptoService implements DeviceTrustCryptoServiceAbstrac
|
||||
// attempt to decrypt encryptedDevicePrivateKey with device key
|
||||
const devicePrivateKey = await this.encryptService.decryptToBytes(
|
||||
encryptedDevicePrivateKey,
|
||||
deviceKey
|
||||
deviceKey,
|
||||
);
|
||||
|
||||
// Attempt to decrypt encryptedUserDataKey with devicePrivateKey
|
||||
const userKey = await this.cryptoService.rsaDecrypt(
|
||||
encryptedUserKey.encryptedString,
|
||||
devicePrivateKey
|
||||
devicePrivateKey,
|
||||
);
|
||||
|
||||
return new SymmetricCryptoKey(userKey) as UserKey;
|
||||
|
||||
@@ -45,7 +45,7 @@ describe("deviceTrustCryptoService", () => {
|
||||
appIdService,
|
||||
devicesApiService,
|
||||
i18nService,
|
||||
platformUtilsService
|
||||
platformUtilsService,
|
||||
);
|
||||
});
|
||||
|
||||
@@ -118,7 +118,7 @@ describe("deviceTrustCryptoService", () => {
|
||||
|
||||
beforeEach(() => {
|
||||
existingDeviceKey = new SymmetricCryptoKey(
|
||||
new Uint8Array(deviceKeyBytesLength) as CsprngArray
|
||||
new Uint8Array(deviceKeyBytesLength) as CsprngArray,
|
||||
) as DeviceKey;
|
||||
|
||||
stateSvcGetDeviceKeySpy = jest.spyOn(stateService, "getDeviceKey");
|
||||
@@ -152,7 +152,7 @@ describe("deviceTrustCryptoService", () => {
|
||||
const stateSvcSetDeviceKeySpy = jest.spyOn(stateService, "setDeviceKey");
|
||||
|
||||
const deviceKey = new SymmetricCryptoKey(
|
||||
new Uint8Array(deviceKeyBytesLength) as CsprngArray
|
||||
new Uint8Array(deviceKeyBytesLength) as CsprngArray,
|
||||
) as DeviceKey;
|
||||
|
||||
// TypeScript will allow calling private methods if the object is of type 'any'
|
||||
@@ -236,17 +236,17 @@ describe("deviceTrustCryptoService", () => {
|
||||
|
||||
mockDevicePublicKeyEncryptedUserKey = new EncString(
|
||||
EncryptionType.Rsa2048_OaepSha1_B64,
|
||||
"mockDevicePublicKeyEncryptedUserKey"
|
||||
"mockDevicePublicKeyEncryptedUserKey",
|
||||
);
|
||||
|
||||
mockUserKeyEncryptedDevicePublicKey = new EncString(
|
||||
EncryptionType.AesCbc256_HmacSha256_B64,
|
||||
"mockUserKeyEncryptedDevicePublicKey"
|
||||
"mockUserKeyEncryptedDevicePublicKey",
|
||||
);
|
||||
|
||||
mockDeviceKeyEncryptedDevicePrivateKey = new EncString(
|
||||
EncryptionType.AesCbc256_HmacSha256_B64,
|
||||
"mockDeviceKeyEncryptedDevicePrivateKey"
|
||||
"mockDeviceKeyEncryptedDevicePrivateKey",
|
||||
);
|
||||
|
||||
// TypeScript will allow calling private methods if the object is of type 'any'
|
||||
@@ -307,7 +307,7 @@ describe("deviceTrustCryptoService", () => {
|
||||
mockDeviceId,
|
||||
mockDevicePublicKeyEncryptedUserKey.encryptedString,
|
||||
mockUserKeyEncryptedDevicePublicKey.encryptedString,
|
||||
mockDeviceKeyEncryptedDevicePrivateKey.encryptedString
|
||||
mockDeviceKeyEncryptedDevicePrivateKey.encryptedString,
|
||||
);
|
||||
|
||||
expect(response).toBeInstanceOf(DeviceResponse);
|
||||
@@ -319,7 +319,7 @@ describe("deviceTrustCryptoService", () => {
|
||||
cryptoSvcGetUserKeySpy.mockResolvedValue(null);
|
||||
// check if the expected error is thrown
|
||||
await expect(deviceTrustCryptoService.trustDevice()).rejects.toThrow(
|
||||
"User symmetric key not found"
|
||||
"User symmetric key not found",
|
||||
);
|
||||
|
||||
// reset the spy
|
||||
@@ -329,7 +329,7 @@ describe("deviceTrustCryptoService", () => {
|
||||
cryptoSvcGetUserKeySpy.mockResolvedValue(undefined);
|
||||
// check if the expected error is thrown
|
||||
await expect(deviceTrustCryptoService.trustDevice()).rejects.toThrow(
|
||||
"User symmetric key not found"
|
||||
"User symmetric key not found",
|
||||
);
|
||||
});
|
||||
|
||||
@@ -377,9 +377,9 @@ describe("deviceTrustCryptoService", () => {
|
||||
const methodSpy = spy();
|
||||
methodSpy.mockResolvedValue(invalidValue);
|
||||
await expect(deviceTrustCryptoService.trustDevice()).rejects.toThrow();
|
||||
}
|
||||
},
|
||||
);
|
||||
}
|
||||
},
|
||||
);
|
||||
});
|
||||
|
||||
@@ -398,12 +398,12 @@ describe("deviceTrustCryptoService", () => {
|
||||
|
||||
mockEncryptedDevicePrivateKey = new EncString(
|
||||
EncryptionType.AesCbc256_HmacSha256_B64,
|
||||
"mockEncryptedDevicePrivateKey"
|
||||
"mockEncryptedDevicePrivateKey",
|
||||
);
|
||||
|
||||
mockEncryptedUserKey = new EncString(
|
||||
EncryptionType.AesCbc256_HmacSha256_B64,
|
||||
"mockEncryptedUserKey"
|
||||
"mockEncryptedUserKey",
|
||||
);
|
||||
|
||||
jest.clearAllMocks();
|
||||
@@ -416,7 +416,7 @@ describe("deviceTrustCryptoService", () => {
|
||||
|
||||
const result = await deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
|
||||
mockEncryptedDevicePrivateKey,
|
||||
mockEncryptedUserKey
|
||||
mockEncryptedUserKey,
|
||||
);
|
||||
|
||||
expect(result).toBeNull();
|
||||
@@ -435,7 +435,7 @@ describe("deviceTrustCryptoService", () => {
|
||||
const result = await deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
|
||||
mockEncryptedDevicePrivateKey,
|
||||
mockEncryptedUserKey,
|
||||
mockDeviceKey
|
||||
mockDeviceKey,
|
||||
);
|
||||
|
||||
expect(result).toEqual(mockUserKey);
|
||||
@@ -458,7 +458,7 @@ describe("deviceTrustCryptoService", () => {
|
||||
// Call without providing a device key
|
||||
const result = await deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
|
||||
mockEncryptedDevicePrivateKey,
|
||||
mockEncryptedUserKey
|
||||
mockEncryptedUserKey,
|
||||
);
|
||||
|
||||
expect(getDeviceKeySpy).toHaveBeenCalledTimes(1);
|
||||
@@ -477,7 +477,7 @@ describe("deviceTrustCryptoService", () => {
|
||||
const result = await deviceTrustCryptoService.decryptUserKeyWithDeviceKey(
|
||||
mockEncryptedDevicePrivateKey,
|
||||
mockEncryptedUserKey,
|
||||
mockDeviceKey
|
||||
mockDeviceKey,
|
||||
);
|
||||
|
||||
expect(result).toBeNull();
|
||||
@@ -511,7 +511,7 @@ describe("deviceTrustCryptoService", () => {
|
||||
describe("is on a trusted device", () => {
|
||||
beforeEach(() => {
|
||||
stateService.getDeviceKey.mockResolvedValue(
|
||||
new SymmetricCryptoKey(new Uint8Array(deviceKeyBytesLength)) as DeviceKey
|
||||
new SymmetricCryptoKey(new Uint8Array(deviceKeyBytesLength)) as DeviceKey,
|
||||
);
|
||||
});
|
||||
|
||||
@@ -525,7 +525,7 @@ describe("deviceTrustCryptoService", () => {
|
||||
|
||||
// Mock the retrieval of a user key that differs from the new one passed into the method
|
||||
stateService.getUserKey.mockResolvedValue(
|
||||
new SymmetricCryptoKey(fakeOldUserKeyData) as UserKey
|
||||
new SymmetricCryptoKey(fakeOldUserKeyData) as UserKey,
|
||||
);
|
||||
|
||||
appIdService.getAppId.mockResolvedValue("test_device_identifier");
|
||||
@@ -547,7 +547,7 @@ describe("deviceTrustCryptoService", () => {
|
||||
type: DeviceType.FirefoxBrowser,
|
||||
encryptedPublicKey: currentEncryptedPublicKey.encryptedString,
|
||||
encryptedUserKey: currentEncryptedUserKey.encryptedString,
|
||||
})
|
||||
}),
|
||||
);
|
||||
});
|
||||
|
||||
@@ -576,7 +576,7 @@ describe("deviceTrustCryptoService", () => {
|
||||
|
||||
expect(new Uint8Array(key.key)[0]).toBe(FakeNewUserKeyMarker);
|
||||
return Promise.resolve(
|
||||
new EncString("2.ZW5jcnlwdGVkcHVibGlj|ZW5jcnlwdGVkcHVibGlj|ZW5jcnlwdGVkcHVibGlj")
|
||||
new EncString("2.ZW5jcnlwdGVkcHVibGlj|ZW5jcnlwdGVkcHVibGlj|ZW5jcnlwdGVkcHVibGlj"),
|
||||
);
|
||||
});
|
||||
|
||||
@@ -589,7 +589,7 @@ describe("deviceTrustCryptoService", () => {
|
||||
"2.ZW5jcnlwdGVkcHVibGlj|ZW5jcnlwdGVkcHVibGlj|ZW5jcnlwdGVkcHVibGlj" &&
|
||||
updateTrustModel.currentDevice.encryptedUserKey === "4.ZW5jcnlwdGVkdXNlcg=="
|
||||
);
|
||||
})
|
||||
}),
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -23,7 +23,7 @@ export class DevicesApiServiceImplementation implements DevicesApiServiceAbstrac
|
||||
(headers) => {
|
||||
headers.set("X-Device-Identifier", deviceIdentifier);
|
||||
headers.set("X-Request-Email", Utils.fromUtf8ToUrlB64(email));
|
||||
}
|
||||
},
|
||||
);
|
||||
return r as boolean;
|
||||
}
|
||||
@@ -38,7 +38,7 @@ export class DevicesApiServiceImplementation implements DevicesApiServiceAbstrac
|
||||
`/devices/identifier/${deviceIdentifier}`,
|
||||
null,
|
||||
true,
|
||||
true
|
||||
true,
|
||||
);
|
||||
return new DeviceResponse(r);
|
||||
}
|
||||
@@ -52,12 +52,12 @@ export class DevicesApiServiceImplementation implements DevicesApiServiceAbstrac
|
||||
deviceIdentifier: string,
|
||||
devicePublicKeyEncryptedUserKey: string,
|
||||
userKeyEncryptedDevicePublicKey: string,
|
||||
deviceKeyEncryptedDevicePrivateKey: string
|
||||
deviceKeyEncryptedDevicePrivateKey: string,
|
||||
): Promise<DeviceResponse> {
|
||||
const request = new TrustedDeviceKeysRequest(
|
||||
devicePublicKeyEncryptedUserKey,
|
||||
userKeyEncryptedDevicePublicKey,
|
||||
deviceKeyEncryptedDevicePrivateKey
|
||||
deviceKeyEncryptedDevicePrivateKey,
|
||||
);
|
||||
|
||||
const result = await this.apiService.send(
|
||||
@@ -65,7 +65,7 @@ export class DevicesApiServiceImplementation implements DevicesApiServiceAbstrac
|
||||
`/devices/${deviceIdentifier}/keys`,
|
||||
request,
|
||||
true,
|
||||
true
|
||||
true,
|
||||
);
|
||||
|
||||
return new DeviceResponse(result);
|
||||
@@ -77,20 +77,20 @@ export class DevicesApiServiceImplementation implements DevicesApiServiceAbstrac
|
||||
"/devices/update-trust",
|
||||
updateDevicesTrustRequestModel,
|
||||
true,
|
||||
false
|
||||
false,
|
||||
);
|
||||
}
|
||||
|
||||
async getDeviceKeys(
|
||||
deviceIdentifier: string,
|
||||
secretVerificationRequest: SecretVerificationRequest
|
||||
secretVerificationRequest: SecretVerificationRequest,
|
||||
): Promise<ProtectedDeviceResponse> {
|
||||
const result = await this.apiService.send(
|
||||
"POST",
|
||||
`/devices/${deviceIdentifier}/retrieve-keys`,
|
||||
secretVerificationRequest,
|
||||
true,
|
||||
true
|
||||
true,
|
||||
);
|
||||
return new ProtectedDeviceResponse(result);
|
||||
}
|
||||
|
||||
@@ -26,7 +26,7 @@ export class DevicesServiceImplementation implements DevicesServiceAbstraction {
|
||||
return deviceResponses.data.map((deviceResponse: DeviceResponse) => {
|
||||
return new DeviceView(deviceResponse);
|
||||
});
|
||||
})
|
||||
}),
|
||||
);
|
||||
}
|
||||
|
||||
@@ -35,7 +35,7 @@ export class DevicesServiceImplementation implements DevicesServiceAbstraction {
|
||||
*/
|
||||
getDeviceByIdentifier$(deviceIdentifier: string): Observable<DeviceView> {
|
||||
return defer(() => this.devicesApiService.getDeviceByIdentifier(deviceIdentifier)).pipe(
|
||||
map((deviceResponse: DeviceResponse) => new DeviceView(deviceResponse))
|
||||
map((deviceResponse: DeviceResponse) => new DeviceView(deviceResponse)),
|
||||
);
|
||||
}
|
||||
|
||||
@@ -54,15 +54,15 @@ export class DevicesServiceImplementation implements DevicesServiceAbstraction {
|
||||
deviceIdentifier: string,
|
||||
devicePublicKeyEncryptedUserKey: string,
|
||||
userKeyEncryptedDevicePublicKey: string,
|
||||
deviceKeyEncryptedDevicePrivateKey: string
|
||||
deviceKeyEncryptedDevicePrivateKey: string,
|
||||
): Observable<DeviceView> {
|
||||
return defer(() =>
|
||||
this.devicesApiService.updateTrustedDeviceKeys(
|
||||
deviceIdentifier,
|
||||
devicePublicKeyEncryptedUserKey,
|
||||
userKeyEncryptedDevicePublicKey,
|
||||
deviceKeyEncryptedDevicePrivateKey
|
||||
)
|
||||
deviceKeyEncryptedDevicePrivateKey,
|
||||
),
|
||||
).pipe(map((deviceResponse: DeviceResponse) => new DeviceView(deviceResponse)));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,6 +2,6 @@ export class TrustedDeviceKeysRequest {
|
||||
constructor(
|
||||
public encryptedUserKey: string,
|
||||
public encryptedPublicKey: string,
|
||||
public encryptedPrivateKey: string
|
||||
public encryptedPrivateKey: string,
|
||||
) {}
|
||||
}
|
||||
|
||||
@@ -24,7 +24,7 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
|
||||
private logService: LogService,
|
||||
private organizationService: OrganizationService,
|
||||
private cryptoFunctionService: CryptoFunctionService,
|
||||
private logoutCallback: (expired: boolean, userId?: string) => Promise<void>
|
||||
private logoutCallback: (expired: boolean, userId?: string) => Promise<void>,
|
||||
) {}
|
||||
|
||||
setUsesKeyConnector(usesKeyConnector: boolean) {
|
||||
@@ -51,7 +51,7 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
|
||||
try {
|
||||
await this.apiService.postUserKeyToKeyConnector(
|
||||
organization.keyConnectorUrl,
|
||||
keyConnectorRequest
|
||||
keyConnectorRequest,
|
||||
);
|
||||
} catch (e) {
|
||||
this.handleKeyConnectorError(e);
|
||||
@@ -79,7 +79,7 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
|
||||
o.keyConnectorEnabled &&
|
||||
o.type !== OrganizationUserType.Admin &&
|
||||
o.type !== OrganizationUserType.Owner &&
|
||||
!o.isProviderUser
|
||||
!o.isProviderUser,
|
||||
);
|
||||
}
|
||||
|
||||
@@ -100,7 +100,7 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
|
||||
Utils.fromBufferToB64(password),
|
||||
await this.tokenService.getEmail(),
|
||||
kdf,
|
||||
kdfConfig
|
||||
kdfConfig,
|
||||
);
|
||||
const keyConnectorRequest = new KeyConnectorUserKeyRequest(masterKey.encKeyB64);
|
||||
await this.cryptoService.setMasterKey(masterKey);
|
||||
@@ -125,7 +125,7 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction {
|
||||
kdf,
|
||||
kdfConfig,
|
||||
orgId,
|
||||
keys
|
||||
keys,
|
||||
);
|
||||
await this.apiService.postSetKeyConnectorKey(setPasswordRequest);
|
||||
}
|
||||
|
||||
@@ -28,7 +28,7 @@ describe("PasswordResetEnrollmentServiceImplementation", () => {
|
||||
stateService,
|
||||
cryptoService,
|
||||
organizationUserService,
|
||||
i18nService
|
||||
i18nService,
|
||||
);
|
||||
});
|
||||
|
||||
@@ -88,13 +88,13 @@ describe("PasswordResetEnrollmentServiceImplementation", () => {
|
||||
await service.enroll("orgId");
|
||||
|
||||
expect(
|
||||
organizationUserService.putOrganizationUserResetPasswordEnrollment
|
||||
organizationUserService.putOrganizationUserResetPasswordEnrollment,
|
||||
).toHaveBeenCalledWith(
|
||||
"orgId",
|
||||
"userId",
|
||||
expect.objectContaining({
|
||||
resetPasswordKey: encryptedKey.encryptedString,
|
||||
})
|
||||
}),
|
||||
);
|
||||
});
|
||||
|
||||
@@ -110,13 +110,13 @@ describe("PasswordResetEnrollmentServiceImplementation", () => {
|
||||
await service.enroll("orgId", "userId", { key: "key" } as any);
|
||||
|
||||
expect(
|
||||
organizationUserService.putOrganizationUserResetPasswordEnrollment
|
||||
organizationUserService.putOrganizationUserResetPasswordEnrollment,
|
||||
).toHaveBeenCalledWith(
|
||||
"orgId",
|
||||
"userId",
|
||||
expect.objectContaining({
|
||||
resetPasswordKey: encryptedKey.encryptedString,
|
||||
})
|
||||
}),
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -16,13 +16,12 @@ export class PasswordResetEnrollmentServiceImplementation
|
||||
protected stateService: StateService,
|
||||
protected cryptoService: CryptoService,
|
||||
protected organizationUserService: OrganizationUserService,
|
||||
protected i18nService: I18nService
|
||||
protected i18nService: I18nService,
|
||||
) {}
|
||||
|
||||
async enrollIfRequired(organizationSsoIdentifier: string): Promise<void> {
|
||||
const orgAutoEnrollStatusResponse = await this.organizationApiService.getAutoEnrollStatus(
|
||||
organizationSsoIdentifier
|
||||
);
|
||||
const orgAutoEnrollStatusResponse =
|
||||
await this.organizationApiService.getAutoEnrollStatus(organizationSsoIdentifier);
|
||||
|
||||
if (!orgAutoEnrollStatusResponse.resetPasswordEnabled) {
|
||||
await this.enroll(orgAutoEnrollStatusResponse.id, null, null);
|
||||
@@ -50,7 +49,7 @@ export class PasswordResetEnrollmentServiceImplementation
|
||||
await this.organizationUserService.putOrganizationUserResetPasswordEnrollment(
|
||||
organizationId,
|
||||
userId,
|
||||
resetRequest
|
||||
resetRequest,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -28,7 +28,7 @@ export class TokenService implements TokenServiceAbstraction {
|
||||
async setTokens(
|
||||
accessToken: string,
|
||||
refreshToken: string,
|
||||
clientIdClientSecret: [string, string]
|
||||
clientIdClientSecret: [string, string],
|
||||
): Promise<any> {
|
||||
await this.setToken(accessToken);
|
||||
await this.setRefreshToken(refreshToken);
|
||||
|
||||
@@ -65,7 +65,7 @@ export class TwoFactorService implements TwoFactorServiceAbstraction {
|
||||
|
||||
constructor(
|
||||
private i18nService: I18nService,
|
||||
private platformUtilsService: PlatformUtilsService
|
||||
private platformUtilsService: PlatformUtilsService,
|
||||
) {}
|
||||
|
||||
init() {
|
||||
|
||||
@@ -17,7 +17,7 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
|
||||
private stateService: StateService,
|
||||
private cryptoService: CryptoService,
|
||||
private i18nService: I18nService,
|
||||
private userVerificationApiService: UserVerificationApiServiceAbstraction
|
||||
private userVerificationApiService: UserVerificationApiServiceAbstraction,
|
||||
) {}
|
||||
|
||||
/**
|
||||
@@ -29,7 +29,7 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
|
||||
async buildRequest<T extends SecretVerificationRequest>(
|
||||
verification: Verification,
|
||||
requestClass?: new () => T,
|
||||
alreadyHashed?: boolean
|
||||
alreadyHashed?: boolean,
|
||||
) {
|
||||
this.validateInput(verification);
|
||||
|
||||
@@ -45,7 +45,7 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
|
||||
verification.secret,
|
||||
await this.stateService.getEmail(),
|
||||
await this.stateService.getKdfType(),
|
||||
await this.stateService.getKdfConfig()
|
||||
await this.stateService.getKdfConfig(),
|
||||
);
|
||||
}
|
||||
request.masterPasswordHash = alreadyHashed
|
||||
@@ -78,12 +78,12 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
|
||||
verification.secret,
|
||||
await this.stateService.getEmail(),
|
||||
await this.stateService.getKdfType(),
|
||||
await this.stateService.getKdfConfig()
|
||||
await this.stateService.getKdfConfig(),
|
||||
);
|
||||
}
|
||||
const passwordValid = await this.cryptoService.compareAndUpdateKeyHash(
|
||||
verification.secret,
|
||||
masterKey
|
||||
masterKey,
|
||||
);
|
||||
if (!passwordValid) {
|
||||
throw new Error(this.i18nService.t("invalidMasterPassword"));
|
||||
|
||||
@@ -5,7 +5,10 @@ import { WebAuthnLoginApiServiceAbstraction } from "../../abstractions/webauthn/
|
||||
import { CredentialAssertionOptionsResponse } from "./response/credential-assertion-options.response";
|
||||
|
||||
export class WebAuthnLoginApiService implements WebAuthnLoginApiServiceAbstraction {
|
||||
constructor(private apiService: ApiService, private environmentService: EnvironmentService) {}
|
||||
constructor(
|
||||
private apiService: ApiService,
|
||||
private environmentService: EnvironmentService,
|
||||
) {}
|
||||
|
||||
async getCredentialAssertionOptions(): Promise<CredentialAssertionOptionsResponse> {
|
||||
const response = await this.apiService.send(
|
||||
@@ -14,7 +17,7 @@ export class WebAuthnLoginApiService implements WebAuthnLoginApiServiceAbstracti
|
||||
null,
|
||||
false,
|
||||
true,
|
||||
this.environmentService.getIdentityUrl()
|
||||
this.environmentService.getIdentityUrl(),
|
||||
);
|
||||
return new CredentialAssertionOptionsResponse(response);
|
||||
}
|
||||
|
||||
@@ -16,7 +16,7 @@ describe("WebAuthnLoginPrfCryptoService", () => {
|
||||
describe("createSymmetricKeyFromPrf", () => {
|
||||
it("should stretch the key to 64 bytes when given a key with 32 bytes", async () => {
|
||||
cryptoFunctionService.hkdfExpand.mockImplementation((key, salt, length) =>
|
||||
Promise.resolve(randomBytes(length))
|
||||
Promise.resolve(randomBytes(length)),
|
||||
);
|
||||
|
||||
const result = await service.createSymmetricKeyFromPrf(randomBytes(32));
|
||||
|
||||
@@ -78,7 +78,7 @@ describe("WebAuthnLoginService", () => {
|
||||
configService,
|
||||
webAuthnLoginPrfCryptoService,
|
||||
window,
|
||||
logService
|
||||
logService,
|
||||
);
|
||||
}
|
||||
|
||||
@@ -135,11 +135,11 @@ describe("WebAuthnLoginService", () => {
|
||||
};
|
||||
|
||||
const mockedCredentialAssertionOptionsResponse = new CredentialAssertionOptionsResponse(
|
||||
mockedCredentialAssertionOptionsServerResponse
|
||||
mockedCredentialAssertionOptionsServerResponse,
|
||||
);
|
||||
|
||||
webAuthnLoginApiService.getCredentialAssertionOptions.mockResolvedValue(
|
||||
mockedCredentialAssertionOptionsResponse
|
||||
mockedCredentialAssertionOptionsResponse,
|
||||
);
|
||||
|
||||
// Act
|
||||
@@ -190,11 +190,11 @@ describe("WebAuthnLoginService", () => {
|
||||
}),
|
||||
}),
|
||||
}),
|
||||
})
|
||||
}),
|
||||
);
|
||||
|
||||
expect(webAuthnLoginPrfCryptoService.createSymmetricKeyFromPrf).toHaveBeenCalledWith(
|
||||
prfResult
|
||||
prfResult,
|
||||
);
|
||||
|
||||
expect(result).toBeInstanceOf(WebAuthnLoginCredentialAssertionView);
|
||||
@@ -320,7 +320,7 @@ class MockPublicKeyCredential implements PublicKeyCredential {
|
||||
// Creating the array buffer from a known hex value allows us to
|
||||
// assert on the value in tests
|
||||
private prfKeyArrayBuffer: ArrayBuffer = Utils.hexStringToArrayBuffer(
|
||||
"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
|
||||
"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
|
||||
);
|
||||
|
||||
getClientExtensionResults(): any {
|
||||
@@ -367,11 +367,11 @@ function buildCredentialAssertionOptions(): WebAuthnLoginCredentialAssertionOpti
|
||||
};
|
||||
|
||||
const credentialAssertionOptionsResponse = new CredentialAssertionOptionsResponse(
|
||||
credentialAssertionOptionsServerResponse
|
||||
credentialAssertionOptionsServerResponse,
|
||||
);
|
||||
|
||||
return new WebAuthnLoginCredentialAssertionOptionsView(
|
||||
credentialAssertionOptionsResponse.options,
|
||||
credentialAssertionOptionsResponse.token
|
||||
credentialAssertionOptionsResponse.token,
|
||||
);
|
||||
}
|
||||
|
||||
@@ -26,7 +26,7 @@ export class WebAuthnLoginService implements WebAuthnLoginServiceAbstraction {
|
||||
private configService: ConfigServiceAbstraction,
|
||||
private webAuthnLoginPrfCryptoService: WebAuthnLoginPrfCryptoServiceAbstraction,
|
||||
private window: Window,
|
||||
private logService?: LogService
|
||||
private logService?: LogService,
|
||||
) {
|
||||
this.enabled$ = this.configService.getFeatureFlag$(FeatureFlag.PasswordlessLogin, false);
|
||||
this.navigatorCredentials = this.window.navigator.credentials;
|
||||
@@ -38,7 +38,7 @@ export class WebAuthnLoginService implements WebAuthnLoginServiceAbstraction {
|
||||
}
|
||||
|
||||
async assertCredential(
|
||||
credentialAssertionOptions: WebAuthnLoginCredentialAssertionOptionsView
|
||||
credentialAssertionOptions: WebAuthnLoginCredentialAssertionOptionsView,
|
||||
): Promise<WebAuthnLoginCredentialAssertionView> {
|
||||
const nativeOptions: CredentialRequestOptions = {
|
||||
publicKey: credentialAssertionOptions.options,
|
||||
@@ -57,9 +57,8 @@ export class WebAuthnLoginService implements WebAuthnLoginServiceAbstraction {
|
||||
const prfResult = (response.getClientExtensionResults() as any).prf?.results?.first;
|
||||
let symmetricPrfKey: PrfKey | undefined;
|
||||
if (prfResult != undefined) {
|
||||
symmetricPrfKey = await this.webAuthnLoginPrfCryptoService.createSymmetricKeyFromPrf(
|
||||
prfResult
|
||||
);
|
||||
symmetricPrfKey =
|
||||
await this.webAuthnLoginPrfCryptoService.createSymmetricKeyFromPrf(prfResult);
|
||||
}
|
||||
|
||||
const deviceResponse = new WebAuthnLoginAssertionResponseRequest(response);
|
||||
@@ -73,7 +72,7 @@ export class WebAuthnLoginService implements WebAuthnLoginServiceAbstraction {
|
||||
return new WebAuthnLoginCredentialAssertionView(
|
||||
credentialAssertionOptions.token,
|
||||
deviceResponse,
|
||||
symmetricPrfKey
|
||||
symmetricPrfKey,
|
||||
);
|
||||
} catch (error) {
|
||||
this.logService?.error(error);
|
||||
@@ -85,7 +84,7 @@ export class WebAuthnLoginService implements WebAuthnLoginServiceAbstraction {
|
||||
const credential = new WebAuthnLoginCredentials(
|
||||
assertion.token,
|
||||
assertion.deviceResponse,
|
||||
assertion.prfKey
|
||||
assertion.prfKey,
|
||||
);
|
||||
const result = await this.authService.logIn(credential);
|
||||
return result;
|
||||
|
||||
@@ -14,7 +14,7 @@ export class WebAuthnIFrame {
|
||||
private i18nService: I18nService,
|
||||
private successCallback: Function, // eslint-disable-line
|
||||
private errorCallback: Function, // eslint-disable-line
|
||||
private infoCallback: Function // eslint-disable-line
|
||||
private infoCallback: Function, // eslint-disable-line
|
||||
) {
|
||||
this.connectorLink = win.document.createElement("a");
|
||||
}
|
||||
@@ -31,7 +31,7 @@ export class WebAuthnIFrame {
|
||||
// Firefox fallback which opens the webauthn page in a new tab
|
||||
params.append("locale", this.i18nService.translationLocale);
|
||||
this.platformUtilsService.launchUri(
|
||||
`${this.webVaultUrl}/webauthn-fallback-connector.html?${params}`
|
||||
`${this.webVaultUrl}/webauthn-fallback-connector.html?${params}`,
|
||||
);
|
||||
} else {
|
||||
this.connectorLink.href = `${this.webVaultUrl}/webauthn-connector.html?${params}`;
|
||||
@@ -63,7 +63,7 @@ export class WebAuthnIFrame {
|
||||
return btoa(
|
||||
encodeURIComponent(str).replace(/%([0-9A-F]{2})/g, (match, p1) => {
|
||||
return String.fromCharCode(("0x" + p1) as any);
|
||||
})
|
||||
}),
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user