mirror of
https://github.com/bitwarden/browser
synced 2025-12-16 00:03:56 +00:00
[PM-14445] TS strict for Key Management, Keys and Lock component (#13121)
* PM-14445: TS strict for Key Management Biometrics * formatting * callbacks not null expectations * state nullability expectations updates * unit tests fix * secure channel naming, explicit null check on messageId * KM-14445: TS strict for Key Management, Keys and Lock component * conflicts resolution, new strict check failures * null simplifications * migrate legacy encryption when no active user throw error instead of hiding it * throw instead of return
This commit is contained in:
Maciej Zieniuk
GitHub
@@ -1,5 +1,3 @@
|
||||
// FIXME: Update this file to be type safe and remove this and next line
|
||||
// @ts-strict-ignore
|
||||
import { Observable } from "rxjs";
|
||||
|
||||
import { EncryptedOrganizationKeyData } from "@bitwarden/common/admin-console/models/data/encrypted-organization-key.data";
|
||||
@@ -40,7 +38,7 @@ export type CipherDecryptionKeys = {
|
||||
/**
|
||||
* A users decrypted organization keys.
|
||||
*/
|
||||
orgKeys: Record<OrganizationId, OrgKey>;
|
||||
orgKeys: Record<OrganizationId, OrgKey> | null;
|
||||
};
|
||||
|
||||
export abstract class KeyService {
|
||||
@@ -49,7 +47,7 @@ export abstract class KeyService {
|
||||
* is in a locked or logged out state.
|
||||
* @param userId The user id of the user to get the {@see UserKey} for.
|
||||
*/
|
||||
abstract userKey$(userId: UserId): Observable<UserKey>;
|
||||
abstract userKey$(userId: UserId): Observable<UserKey | null>;
|
||||
/**
|
||||
* Returns the an observable key for the given user id.
|
||||
*
|
||||
@@ -62,11 +60,11 @@ export abstract class KeyService {
|
||||
* any other necessary versions (such as auto, biometrics,
|
||||
* or pin)
|
||||
*
|
||||
* @throws when key is null. Lock the account to clear a key
|
||||
* @throws Error when key or userId is null. Lock the account to clear a key.
|
||||
* @param key The user key to set
|
||||
* @param userId The desired user
|
||||
*/
|
||||
abstract setUserKey(key: UserKey, userId?: string): Promise<void>;
|
||||
abstract setUserKey(key: UserKey, userId: UserId): Promise<void>;
|
||||
/**
|
||||
* Sets the provided user keys and stores any other necessary versions
|
||||
* (such as auto, biometrics, or pin).
|
||||
@@ -129,7 +127,10 @@ export abstract class KeyService {
|
||||
* @param userId The desired user
|
||||
* @returns The user key
|
||||
*/
|
||||
abstract getUserKeyFromStorage(keySuffix: KeySuffixOptions, userId?: string): Promise<UserKey>;
|
||||
abstract getUserKeyFromStorage(
|
||||
keySuffix: KeySuffixOptions,
|
||||
userId?: string,
|
||||
): Promise<UserKey | null>;
|
||||
|
||||
/**
|
||||
* Determines whether the user key is available for the given user.
|
||||
@@ -151,10 +152,11 @@ export abstract class KeyService {
|
||||
abstract hasUserKeyStored(keySuffix: KeySuffixOptions, userId?: string): Promise<boolean>;
|
||||
/**
|
||||
* Generates a new user key
|
||||
* @param masterKey The user's master key
|
||||
* @throws Error when master key is null and there is no active user
|
||||
* @param masterKey The user's master key. When null, grabs master key from active user.
|
||||
* @returns A new user key and the master key protected version of it
|
||||
*/
|
||||
abstract makeUserKey(key: MasterKey): Promise<[UserKey, EncString]>;
|
||||
abstract makeUserKey(masterKey: MasterKey | null): Promise<[UserKey, EncString]>;
|
||||
/**
|
||||
* Clears the user's stored version of the user key
|
||||
* @param keySuffix The desired version of the key to clear
|
||||
@@ -163,11 +165,13 @@ export abstract class KeyService {
|
||||
abstract clearStoredUserKey(keySuffix: KeySuffixOptions, userId?: string): Promise<void>;
|
||||
/**
|
||||
* Stores the master key encrypted user key
|
||||
* @throws Error when userId is null and there is no active user.
|
||||
* @param userKeyMasterKey The master key encrypted user key to set
|
||||
* @param userId The desired user
|
||||
*/
|
||||
abstract setMasterKeyEncryptedUserKey(UserKeyMasterKey: string, userId: string): Promise<void>;
|
||||
abstract setMasterKeyEncryptedUserKey(userKeyMasterKey: string, userId?: UserId): Promise<void>;
|
||||
/**
|
||||
* @throws Error when userId is null and no active user
|
||||
* @param password The user's master password that will be used to derive a master key if one isn't found
|
||||
* @param userId The desired user
|
||||
*/
|
||||
@@ -195,14 +199,15 @@ export abstract class KeyService {
|
||||
* Creates a master password hash from the user's master password. Can
|
||||
* be used for local authentication or for server authentication depending
|
||||
* on the hashPurpose provided.
|
||||
* @throws Error when password is null or key is null and no active user or active user have no master key
|
||||
* @param password The user's master password
|
||||
* @param key The user's master key
|
||||
* @param key The user's master key or active's user master key.
|
||||
* @param hashPurpose The iterations to use for the hash
|
||||
* @returns The user's master password hash
|
||||
*/
|
||||
abstract hashMasterKey(
|
||||
password: string,
|
||||
key: MasterKey,
|
||||
key: MasterKey | null,
|
||||
hashPurpose?: HashPurpose,
|
||||
): Promise<string>;
|
||||
/**
|
||||
@@ -240,13 +245,14 @@ export abstract class KeyService {
|
||||
/**
|
||||
* Returns the organization's symmetric key
|
||||
* @deprecated Use the observable userOrgKeys$ and `map` to the desired {@link OrgKey} instead
|
||||
* @throws Error when not active user
|
||||
* @param orgId The desired organization
|
||||
* @returns The organization's symmetric key
|
||||
*/
|
||||
abstract getOrgKey(orgId: string): Promise<OrgKey>;
|
||||
abstract getOrgKey(orgId: string): Promise<OrgKey | null>;
|
||||
/**
|
||||
* Uses the org key to derive a new symmetric key for encrypting data
|
||||
* @param orgKey The organization's symmetric key
|
||||
* @param key The organization's symmetric key
|
||||
*/
|
||||
abstract makeDataEncKey<T extends UserKey | OrgKey>(
|
||||
key: T,
|
||||
@@ -259,13 +265,17 @@ export abstract class KeyService {
|
||||
*/
|
||||
abstract setProviderKeys(orgs: ProfileProviderResponse[], userId: UserId): Promise<void>;
|
||||
/**
|
||||
*
|
||||
* @throws Error when providerId is null or no active user
|
||||
* @param providerId The desired provider
|
||||
* @returns The provider's symmetric key
|
||||
*/
|
||||
abstract getProviderKey(providerId: string): Promise<ProviderKey>;
|
||||
abstract getProviderKey(providerId: string): Promise<ProviderKey | null>;
|
||||
/**
|
||||
* Creates a new organization key and encrypts it with the user's public key.
|
||||
* This method can also return Provider keys for creating new Provider users.
|
||||
*
|
||||
* @throws Error when no active user or user have no public key
|
||||
* @returns The new encrypted org key and the decrypted key itself
|
||||
*/
|
||||
abstract makeOrgKey<T extends OrgKey | ProviderKey>(): Promise<[EncString, T]>;
|
||||
@@ -281,11 +291,11 @@ export abstract class KeyService {
|
||||
* from storage and stores it in memory
|
||||
* @returns The user's private key
|
||||
*
|
||||
* @throws An error if there is no user currently active.
|
||||
* @throws Error when no active user
|
||||
*
|
||||
* @deprecated Use {@link userPrivateKey$} instead.
|
||||
*/
|
||||
abstract getPrivateKey(): Promise<Uint8Array>;
|
||||
abstract getPrivateKey(): Promise<Uint8Array | null>;
|
||||
|
||||
/**
|
||||
* Gets an observable stream of the given users decrypted private key, will emit null if the user
|
||||
@@ -294,7 +304,7 @@ export abstract class KeyService {
|
||||
*
|
||||
* @param userId The user id of the user to get the data for.
|
||||
*/
|
||||
abstract userPrivateKey$(userId: UserId): Observable<UserPrivateKey>;
|
||||
abstract userPrivateKey$(userId: UserId): Observable<UserPrivateKey | null>;
|
||||
|
||||
/**
|
||||
* Gets an observable stream of the given users encrypted private key, will emit null if the user
|
||||
@@ -305,7 +315,7 @@ export abstract class KeyService {
|
||||
* @deprecated Temporary function to allow the SDK to be initialized after the login process, it
|
||||
* will be removed when auth has been migrated to the SDK.
|
||||
*/
|
||||
abstract userEncryptedPrivateKey$(userId: UserId): Observable<EncryptedString>;
|
||||
abstract userEncryptedPrivateKey$(userId: UserId): Observable<EncryptedString | null>;
|
||||
|
||||
/**
|
||||
* Gets an observable stream of the given users decrypted private key with legacy support,
|
||||
@@ -314,10 +324,12 @@ export abstract class KeyService {
|
||||
*
|
||||
* @param userId The user id of the user to get the data for.
|
||||
*/
|
||||
abstract userPrivateKeyWithLegacySupport$(userId: UserId): Observable<UserPrivateKey>;
|
||||
abstract userPrivateKeyWithLegacySupport$(userId: UserId): Observable<UserPrivateKey | null>;
|
||||
|
||||
/**
|
||||
* Generates a fingerprint phrase for the user based on their public key
|
||||
*
|
||||
* @throws Error when publicKey is null and there is no active user, or the active user does not have a public key
|
||||
* @param fingerprintMaterial Fingerprint material
|
||||
* @param publicKey The user's public key
|
||||
* @returns The user's fingerprint phrase
|
||||
@@ -410,7 +422,7 @@ export abstract class KeyService {
|
||||
*/
|
||||
abstract encryptedOrgKeys$(
|
||||
userId: UserId,
|
||||
): Observable<Record<OrganizationId, EncryptedOrganizationKeyData>>;
|
||||
): Observable<Record<OrganizationId, EncryptedOrganizationKeyData> | null>;
|
||||
|
||||
/**
|
||||
* Gets an observable stream of the users public key. If the user is does not have
|
||||
@@ -420,7 +432,7 @@ export abstract class KeyService {
|
||||
*
|
||||
* @throws If an invalid user id is passed in.
|
||||
*/
|
||||
abstract userPublicKey$(userId: UserId): Observable<UserPublicKey>;
|
||||
abstract userPublicKey$(userId: UserId): Observable<UserPublicKey | null>;
|
||||
|
||||
/**
|
||||
* Validates that a userkey is correct for a given user
|
||||
|
||||
Reference in New Issue
Block a user