bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-23 03:33:54 +00:00
Code Issues Releases Wiki Activity

Authenticate with secure storage service (#402)

Browse Source 
* Split secure key into use case

Allows us to push authentication for key access as late as possible.

* Do not reload if biometric locked

* Linter fixes

* Fix key upgrade scenario

* Fix boolean value message parsing

* Handle systems which don't support biometrics

* Do not fail key retrieval on secret upgrade

* Ensure old key is removed regardless of upgrade success

* Log errors
This commit is contained in:
Matt Gibson
2021-06-09 15:53:54 -05:00
committed by GitHub
parent d7682cde3b
commit 5ba1416679
15 changed files with 188 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
common/src/abstractions/biometric.main.ts
View File

@@ -2,5 +2,5 @@ export abstract class BiometricMain {
isError: boolean;
init: () => Promise<void>;
supportsBiometric: () => Promise<boolean>;
requestCreate: () => Promise<boolean>;
authenticateBiometric: () => Promise<boolean>;
}

7
common/src/abstractions/crypto.service.ts
View File

@@ -5,6 +5,7 @@ import { SymmetricCryptoKey } from '../models/domain/symmetricCryptoKey';
import { ProfileOrganizationResponse } from '../models/response/profileOrganizationResponse';
import { KdfType } from '../enums/kdfType';
import { KeySuffixOptions } from './storage.service';
export abstract class CryptoService {
setKey: (key: SymmetricCryptoKey) => Promise<any>;
@@ -12,7 +13,7 @@ export abstract class CryptoService {
setEncKey: (encKey: string) => Promise<{}>;
setEncPrivateKey: (encPrivateKey: string) => Promise<{}>;
setOrgKeys: (orgs: ProfileOrganizationResponse[]) => Promise<{}>;
getKey: () => Promise<SymmetricCryptoKey>;
getKey: (keySuffix?: KeySuffixOptions) => Promise<SymmetricCryptoKey>;
getKeyHash: () => Promise<string>;
getEncKey: (key?: SymmetricCryptoKey) => Promise<SymmetricCryptoKey>;
getPublicKey: () => Promise<ArrayBuffer>;
@@ -21,8 +22,10 @@ export abstract class CryptoService {
getOrgKeys: () => Promise<Map<string, SymmetricCryptoKey>>;
getOrgKey: (orgId: string) => Promise<SymmetricCryptoKey>;
hasKey: () => Promise<boolean>;
hasKeyInMemory: () => boolean;
hasKeyStored: (keySuffix?: KeySuffixOptions) => Promise<boolean>;
hasEncKey: () => Promise<boolean>;
clearKey: () => Promise<any>;
clearKey: (clearSecretStorage?: boolean) => Promise<any>;
clearKeyHash: () => Promise<any>;
clearEncKey: (memoryOnly?: boolean) => Promise<any>;
clearKeyPair: (memoryOnly?: boolean) => Promise<any>;

13
common/src/abstractions/storage.service.ts
View File

@@ -1,5 +1,12 @@
export abstract class StorageService {
get: <T>(key: string) => Promise<T>;
save: (key: string, obj: any) => Promise<any>;
remove: (key: string) => Promise<any>;
get: <T>(key: string, options?: StorageServiceOptions) => Promise<T>;
has: (key: string, options?: StorageServiceOptions) => Promise<boolean>;
save: (key: string, obj: any, options?: StorageServiceOptions) => Promise<any>;
remove: (key: string, options?: StorageServiceOptions) => Promise<any>;
}
export interface StorageServiceOptions {
keySuffix: KeySuffixOptions;
}
export type KeySuffixOptions = 'auto' | 'biometric';

2
common/src/abstractions/vaultTimeout.service.ts
View File

@@ -2,6 +2,8 @@ import { EncString } from '../models/domain/encString';
export abstract class VaultTimeoutService {
biometricLocked: boolean;
manuallyOrTimerLocked: boolean;
everBeenUnlocked: boolean;
pinProtectedKey: EncString;
isLocked: () => Promise<boolean>;
checkVaultTimeout: () => Promise<void>;