bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-19 17:53:39 +00:00
Code Issues Releases Wiki Activity

Implement User-based API Keys (#197)

Browse Source 
* Added support for authenticating with an API key

* added api service methods for user api keys

* fixed a copy/pasted api endpoint url

* Let toIdentityToken() use a a prestored client_id in place of the application client_id if one exists

* Allowed for api key auth in the cli

* Removed some commented out code commited for apiKey auth

* Cleanup for ApiKey auth in the CLI

* Removed cli prefix from client_crendential auth types

* Removed ClientPrefix conditional from decoded token getters

* Update src/services/api.service.ts

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>

* formatting

* changed command from login --apiKey to login --apikey

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
This commit is contained in:
Addison Beck
2020-11-10 15:15:40 -05:00
committed by GitHub
parent 9aa3cbf73d
commit 79b856cb6e
7 changed files with 124 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
src/services/auth.service.ts
View File

@@ -9,7 +9,6 @@ import { KeysRequest } from '../models/request/keysRequest';
import { PreloginRequest } from '../models/request/preloginRequest';
import { TokenRequest } from '../models/request/tokenRequest';
import { ErrorResponse } from '../models/response/errorResponse';
import { IdentityTokenResponse } from '../models/response/identityTokenResponse';
import { IdentityTwoFactorResponse } from '../models/response/identityTwoFactorResponse';
@@ -81,6 +80,8 @@ export class AuthService implements AuthServiceAbstraction {
code: string;
codeVerifier: string;
ssoRedirectUrl: string;
clientId: string;
clientSecret: string;
twoFactorProvidersData: Map<TwoFactorProviderType, { [key: string]: string; }>;
selectedTwoFactorProviderType: TwoFactorProviderType = null;
@@ -118,19 +119,27 @@ export class AuthService implements AuthServiceAbstraction {
this.selectedTwoFactorProviderType = null;
const key = await this.makePreloginKey(masterPassword, email);
const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key);
return await this.logInHelper(email, hashedPassword, null, null, null, key,
null, null, null);
return await this.logInHelper(email, hashedPassword, null, null, null, null, null,
key, null, null, null);
}
async logInSso(code: string, codeVerifier: string, redirectUrl: string): Promise<AuthResult> {
this.selectedTwoFactorProviderType = null;
return await this.logInHelper(null, null, code, codeVerifier, redirectUrl, null, null, null, null);
return await this.logInHelper(null, null, code, codeVerifier, redirectUrl, null, null,
null, null, null, null);
}
async logInApiKey(clientId: string, clientSecret: string): Promise<AuthResult> {
this.selectedTwoFactorProviderType = null;
return await this.logInHelper(null, null, null, null, null, clientId, clientSecret,
null, null, null, null);
}
async logInTwoFactor(twoFactorProvider: TwoFactorProviderType, twoFactorToken: string,
remember?: boolean): Promise<AuthResult> {
return await this.logInHelper(this.email, this.masterPasswordHash, this.code, this.codeVerifier,
this.ssoRedirectUrl, this.key, twoFactorProvider, twoFactorToken, remember);
this.ssoRedirectUrl, this.clientId, this.clientSecret, this.key, twoFactorProvider,
twoFactorToken, remember);
}
async logInComplete(email: string, masterPassword: string, twoFactorProvider: TwoFactorProviderType,
@@ -138,14 +147,21 @@ export class AuthService implements AuthServiceAbstraction {
this.selectedTwoFactorProviderType = null;
const key = await this.makePreloginKey(masterPassword, email);
const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key);
return await this.logInHelper(email, hashedPassword, null, null, null, key, twoFactorProvider, twoFactorToken,
remember);
return await this.logInHelper(email, hashedPassword, null, null, null, null, null, key,
twoFactorProvider, twoFactorToken, remember);
}
async logInSsoComplete(code: string, codeVerifier: string, redirectUrl: string,
twoFactorProvider: TwoFactorProviderType, twoFactorToken: string, remember?: boolean): Promise<AuthResult> {
this.selectedTwoFactorProviderType = null;
return await this.logInHelper(null, null, code, codeVerifier, redirectUrl, null,
null, null, twoFactorProvider, twoFactorToken, remember);
}
async logInApiKeyComplete(clientId: string, clientSecret: string, twoFactorProvider: TwoFactorProviderType,
twoFactorToken: string, remember?: boolean): Promise<AuthResult> {
this.selectedTwoFactorProviderType = null;
return await this.logInHelper(null, null, null, null, null, clientId, clientSecret, null,
twoFactorProvider, twoFactorToken, remember);
}
@@ -233,6 +249,10 @@ export class AuthService implements AuthServiceAbstraction {
return this.cryptoService.makeKey(masterPassword, email, kdf, kdfIterations);
}
authingWithApiKey(): boolean {
return this.clientId != null && this.clientSecret != null;
}
authingWithSso(): boolean {
return this.code != null && this.codeVerifier != null && this.ssoRedirectUrl != null;
}
@@ -242,14 +262,16 @@ export class AuthService implements AuthServiceAbstraction {
}
private async logInHelper(email: string, hashedPassword: string, code: string, codeVerifier: string,
redirectUrl: string, key: SymmetricCryptoKey, twoFactorProvider?: TwoFactorProviderType,
twoFactorToken?: string, remember?: boolean): Promise<AuthResult> {
redirectUrl: string, clientId: string, clientSecret: string, key: SymmetricCryptoKey,
twoFactorProvider?: TwoFactorProviderType, twoFactorToken?: string, remember?: boolean): Promise<AuthResult> {
const storedTwoFactorToken = await this.tokenService.getTwoFactorToken(email);
const appId = await this.appIdService.getAppId();
const deviceRequest = new DeviceRequest(appId, this.platformUtilsService);
let emailPassword: string[] = [];
let codeCodeVerifier: string[] = [];
let clientIdClientSecret: string[] = [];
if (email != null && hashedPassword != null) {
emailPassword = [email, hashedPassword];
} else {
@@ -260,16 +282,22 @@ export class AuthService implements AuthServiceAbstraction {
} else {
codeCodeVerifier = null;
}
if (clientId != null && clientSecret != null) {
clientIdClientSecret = [clientId, clientSecret]
} else {
clientIdClientSecret = null;
}
let request: TokenRequest;
if (twoFactorToken != null && twoFactorProvider != null) {
request = new TokenRequest(emailPassword, codeCodeVerifier, twoFactorProvider, twoFactorToken, remember,
deviceRequest);
request = new TokenRequest(emailPassword, codeCodeVerifier, clientIdClientSecret, twoFactorProvider,
twoFactorToken, remember, deviceRequest);
} else if (storedTwoFactorToken != null) {
request = new TokenRequest(emailPassword, codeCodeVerifier, TwoFactorProviderType.Remember,
request = new TokenRequest(emailPassword, codeCodeVerifier, clientIdClientSecret, TwoFactorProviderType.Remember,
storedTwoFactorToken, false, deviceRequest);
} else {
request = new TokenRequest(emailPassword, codeCodeVerifier, null, null, false, deviceRequest);
request = new TokenRequest(emailPassword, codeCodeVerifier, clientIdClientSecret, null,
null, false, deviceRequest);
}
const response = await this.apiService.postIdentityToken(request);
@@ -286,6 +314,8 @@ export class AuthService implements AuthServiceAbstraction {
this.code = code;
this.codeVerifier = codeVerifier;
this.ssoRedirectUrl = redirectUrl;
this.clientId = clientId;
this.clientSecret = clientSecret;
this.key = this.setCryptoKeys ? key : null;
this.twoFactorProvidersData = twoFactorResponse.twoFactorProviders2;
result.twoFactorProviders = twoFactorResponse.twoFactorProviders2;
@@ -343,6 +373,8 @@ export class AuthService implements AuthServiceAbstraction {
this.code = null;
this.codeVerifier = null;
this.ssoRedirectUrl = null;
this.clientId = null;
this.clientSecret = null;
this.twoFactorProvidersData = null;
this.selectedTwoFactorProviderType = null;
}