bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-02-24 00:23:17 +00:00
Code Issues Releases Wiki Activity

Merge branch 'km/tmp-move-auth-1' into km/auth-move-initial-password

Browse Source
This commit is contained in:
Bernd Schoolmann
2025-07-23 21:32:41 +02:00
committed by GitHub
parent adfa3a946e 0f5a9d2c5c
commit 3063f625f6
4 changed files with 34 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
libs/common/src/key-management/master-password/services/master-password.service.ts
View File

@@ -3,6 +3,7 @@
import { firstValueFrom, map, Observable } from "rxjs";
import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
import { assertNonNullish } from "@bitwarden/common/auth/utils";
import { SdkLoadService } from "@bitwarden/common/platform/abstractions/sdk/sdk-load.service";
import { Utils } from "@bitwarden/common/platform/misc/utils";
// eslint-disable-next-line no-restricted-imports
@@ -78,6 +79,14 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr
private accountService: AccountService,
) {}
saltForUser$(userId: UserId): Observable<MasterPasswordSalt> {
assertNonNullish(userId, "userId");
return this.accountService.accounts$.pipe(
map((accounts) => accounts[userId].email),
map((email) => this.emailToSalt(email)),
);
}
masterKey$(userId: UserId): Observable<MasterKey> {
if (userId == null) {
throw new Error("User ID is required.");
@@ -239,15 +248,12 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr
kdf: KdfConfig,
salt: MasterPasswordSalt,
): Promise<MasterPasswordAuthenticationData> {
if (password == null) {
throw new Error("Password is required.");
}
if (kdf == null) {
throw new Error("KDF configuration is required.");
}
if (salt == null) {
throw new Error("Salt is required.");
}
assertNonNullish(password, "password");
assertNonNullish(kdf, "kdf");
assertNonNullish(salt, "salt");
// We don't trust callers to use masterpasswordsalt correctly. They may type assert incorrectly.
salt = salt.toLowerCase().trim() as MasterPasswordSalt;
const SERVER_AUTHENTICATION_HASH_ITERATIONS = 1;
@@ -279,18 +285,13 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr
salt: MasterPasswordSalt,
userKey: UserKey,
): Promise<MasterPasswordUnlockData> {
if (password == null) {
throw new Error("Password is required.");
}
if (kdf == null) {
throw new Error("KDF configuration is required.");
}
if (salt == null) {
throw new Error("Salt is required.");
}
if (userKey == null) {
throw new Error("User key is required.");
}
assertNonNullish(password, "password");
assertNonNullish(kdf, "kdf");
assertNonNullish(salt, "salt");
assertNonNullish(userKey, "userKey");
// We don't trust callers to use masterpasswordsalt correctly. They may type assert incorrectly.
salt = salt.toLowerCase().trim() as MasterPasswordSalt;
await SdkLoadService.Ready;
const masterKeyWrappedUserKey = new EncString(
@@ -312,12 +313,8 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr
password: string,
masterPasswordUnlockData: MasterPasswordUnlockData,
): Promise<UserKey> {
if (password == null) {
throw new Error("Password is required.");
}
if (masterPasswordUnlockData == null) {
throw new Error("Master password unlock data is required.");
}
assertNonNullish(password, "password");
assertNonNullish(masterPasswordUnlockData, "masterPasswordUnlockData");
await SdkLoadService.Ready;
const userKey = new SymmetricCryptoKey(

2
libs/common/src/types/key.ts
View File

@@ -6,7 +6,7 @@ import { SymmetricCryptoKey } from "../platform/models/domain/symmetric-crypto-k
export type DeviceKey = Opaque<SymmetricCryptoKey, "DeviceKey">;
export type PrfKey = Opaque<SymmetricCryptoKey, "PrfKey">;
export type UserKey = Opaque<SymmetricCryptoKey, "UserKey">;
/** @deprecated The master key is not meant to be interacted with directly. Consider using an API from masterpasswordservice instead */
/** @deprecated Interacting with the master key directly is prohibited. Use a high level function from MasterPasswordService instead. */
export type MasterKey = Opaque<SymmetricCryptoKey, "MasterKey">;
export type PinKey = Opaque<SymmetricCryptoKey, "PinKey">;
export type OrgKey = Opaque<SymmetricCryptoKey, "OrgKey">;