bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-16 08:13:42 +00:00
Code Issues Releases Wiki Activity

Use cryptoservice to compare key to local keyhash (#331)

Browse Source 
* Use cryptoservice to compare key to local keyhash

* Fix bugs

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
This commit is contained in:
Matt Gibson
2021-06-21 13:23:30 -04:00
committed by GitHub
parent 12b36557bd
commit 62b5a05c40
1 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/commands/unlock.command.ts
View File

@@ -13,6 +13,8 @@ import { PasswordVerificationRequest } from 'jslib-common/models/request/passwor
import { Utils } from 'jslib-common/misc/utils'; import { Utils } from 'jslib-common/misc/utils';
import { HashPurpose } from 'jslib-common/enums/hashPurpose';
export class UnlockCommand { export class UnlockCommand {
constructor(private cryptoService: CryptoService, private userService: UserService, constructor(private cryptoService: CryptoService, private userService: UserService,
private cryptoFunctionService: CryptoFunctionService, private apiService: ApiService) { } private cryptoFunctionService: CryptoFunctionService, private apiService: ApiService) { }
@@ -36,20 +38,22 @@ export class UnlockCommand {
const kdf = await this.userService.getKdf(); const kdf = await this.userService.getKdf();
const kdfIterations = await this.userService.getKdfIterations(); const kdfIterations = await this.userService.getKdfIterations();
const key = await this.cryptoService.makeKey(password, email, kdf, kdfIterations); const key = await this.cryptoService.makeKey(password, email, kdf, kdfIterations);
const keyHash = await this.cryptoService.hashPassword(password, key); const storedKeyHash = await this.cryptoService.getKeyHash();
let passwordValid = false; let passwordValid = false;
if (keyHash != null) { if (key != null) {
const storedKeyHash = await this.cryptoService.getKeyHash();
if (storedKeyHash != null) { if (storedKeyHash != null) {
passwordValid = storedKeyHash === keyHash; passwordValid = await this.cryptoService.compareAndUpdateKeyHash(password, key);
} else { } else {
const serverKeyHash = await this.cryptoService.hashPassword(password, key, HashPurpose.ServerAuthorization);
const request = new PasswordVerificationRequest(); const request = new PasswordVerificationRequest();
request.masterPasswordHash = keyHash; request.masterPasswordHash = serverKeyHash;
try { try {
await this.apiService.postAccountVerifyPassword(request); await this.apiService.postAccountVerifyPassword(request);
passwordValid = true; passwordValid = true;
await this.cryptoService.setKeyHash(keyHash); const localKeyHash = await this.cryptoService.hashPassword(password, key,
HashPurpose.LocalAuthorization);
await this.cryptoService.setKeyHash(localKeyHash);
} catch { } } catch { }
} }
} }