Feature/password protected export (#612)

* Add password protected export * Run prettier * Test password protected export service * Create type for known import type strings * Test import service changes * Test bitwarden password importer * Run prettier * Remove unnecessary class properties * Run prettier * Tslint fixes * Add KdfType to password protected export * Linter fixes * run prettier
2025-12-24 04:04:24 +00:00 · 2022-02-07 10:33:10 -05:00
parent 9caea70ea2
commit 7afb748791
8 changed files with 594 additions and 75 deletions
--- a/spec/common/importers/bitwardenPasswordProtectedImporter.spec.ts
+++ b/spec/common/importers/bitwardenPasswordProtectedImporter.spec.ts
@@ -0,0 +1,203 @@
+import Substitute, { Arg, SubstituteOf } from "@fluffy-spoon/substitute";
+
+import { CryptoService } from "jslib-common/abstractions/crypto.service";
+import { I18nService } from "jslib-common/abstractions/i18n.service";
+import { ImportService } from "jslib-common/abstractions/import.service";
+
+import { KdfType } from "jslib-common/enums/kdfType";
+
+import { BitwardenPasswordProtectedImporter } from "jslib-common/importers/bitwardenPasswordProtectedImporter";
+import { Importer } from "jslib-common/importers/importer";
+
+import { Utils } from "jslib-common/misc/utils";
+import { ImportResult } from "jslib-common/models/domain/importResult";
+
+describe("BitwardenPasswordProtectedImporter", () => {
+  let importer: BitwardenPasswordProtectedImporter;
+  let innerImporter: SubstituteOf<Importer>;
+  let importService: SubstituteOf<ImportService>;
+  let cryptoService: SubstituteOf<CryptoService>;
+  let i18nService: SubstituteOf<I18nService>;
+  const password = Utils.newGuid();
+  const result = new ImportResult();
+  let jDoc: {
+    encrypted?: boolean;
+    passwordProtected?: boolean;
+    format?: string;
+    salt?: string;
+    kdfIterations?: any;
+    kdfType?: any;
+    encKeyValidation_DO_NOT_EDIT?: string;
+    data?: string;
+  };
+
+  beforeEach(() => {
+    cryptoService = Substitute.for<CryptoService>();
+    i18nService = Substitute.for<I18nService>();
+    importService = Substitute.for<ImportService>();
+    innerImporter = Substitute.for<Importer>();
+
+    jDoc = {
+      encrypted: true,
+      passwordProtected: true,
+      format: "csv",
+      salt: "c2FsdA==",
+      kdfIterations: 100000,
+      kdfType: KdfType.PBKDF2_SHA256,
+      encKeyValidation_DO_NOT_EDIT: Utils.newGuid(),
+      data: Utils.newGuid(),
+    };
+
+    result.success = true;
+    innerImporter.parse(Arg.any()).resolves(result);
+    importer = new BitwardenPasswordProtectedImporter(
+      importService,
+      cryptoService,
+      i18nService,
+      password
+    );
+  });
+
+  describe("Required Json Data", () => {
+    it("succeeds with default jdoc", async () => {
+      cryptoService.decryptToUtf8(Arg.any(), Arg.any()).resolves("successful decryption");
+
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(true);
+    });
+
+    it("accepts json format", async () => {
+      jDoc.format = "json";
+      cryptoService.decryptToUtf8(Arg.any(), Arg.any()).resolves("successful decryption");
+
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(true);
+    });
+
+    it("accepts encrypted_json format", async () => {
+      jDoc.format = "encrypted_json";
+      cryptoService.decryptToUtf8(Arg.any(), Arg.any()).resolves("successful decryption");
+
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(true);
+    });
+
+    it("fails if encrypted === false", async () => {
+      jDoc.encrypted = false;
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
+    });
+
+    it("fails if encrypted === null", async () => {
+      jDoc.encrypted = null;
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
+    });
+
+    it("fails if passwordProtected === false", async () => {
+      jDoc.passwordProtected = false;
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
+    });
+
+    it("fails if passwordProtected === null", async () => {
+      jDoc.passwordProtected = null;
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
+    });
+
+    it("fails if format === null", async () => {
+      jDoc.format = null;
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
+    });
+
+    it("fails if format not known", async () => {
+      jDoc.format = "Not a real format";
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
+    });
+
+    it("fails if salt === null", async () => {
+      jDoc.salt = null;
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
+    });
+
+    it("fails if kdfIterations === null", async () => {
+      jDoc.kdfIterations = null;
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
+    });
+
+    it("fails if kdfIterations is not a number", async () => {
+      jDoc.kdfIterations = "not a number";
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
+    });
+
+    it("fails if kdfType === null", async () => {
+      jDoc.kdfType = null;
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
+    });
+
+    it("fails if kdfType is not a string", async () => {
+      jDoc.kdfType = "not a valid kdf type";
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
+    });
+
+    it("fails if kdfType is not a known kdfType", async () => {
+      jDoc.kdfType = -1;
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
+    });
+
+    it("fails if encKeyValidation_DO_NOT_EDIT === null", async () => {
+      jDoc.encKeyValidation_DO_NOT_EDIT = null;
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
+    });
+
+    it("fails if data === null", async () => {
+      jDoc.data = null;
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
+    });
+  });
+
+  describe("inner importer", () => {
+    beforeEach(() => {
+      cryptoService.decryptToUtf8(Arg.any(), Arg.any()).resolves("successful decryption");
+    });
+    it("delegates success", async () => {
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(true);
+      result.success = false;
+      expect((await importer.parse(JSON.stringify(jDoc))).success).toEqual(false);
+    });
+
+    it("passes on organization Id", async () => {
+      jDoc.format = "csv";
+      importer.organizationId = Utils.newGuid();
+      await importer.parse(JSON.stringify(jDoc));
+
+      importService.received(1).getImporter("bitwardencsv", importer.organizationId);
+    });
+
+    it("passes null organizationId if none set", async () => {
+      jDoc.format = "csv";
+      importer.organizationId = null;
+      await importer.parse(JSON.stringify(jDoc));
+
+      importService.received(1).getImporter("bitwardencsv", null);
+    });
+
+    it("gets csv importer for csv format", async () => {
+      jDoc.format = "csv";
+
+      await importer.parse(JSON.stringify(jDoc));
+
+      importService.received(1).getImporter("bitwardencsv", Arg.any());
+    });
+
+    it("gets json importer for json format", async () => {
+      jDoc.format = "json";
+
+      await importer.parse(JSON.stringify(jDoc));
+
+      importService.received(1).getImporter("bitwardenjson", Arg.any());
+    });
+
+    it("gets json importer for encrypted_json format", async () => {
+      jDoc.format = "encrypted_json";
+
+      await importer.parse(JSON.stringify(jDoc));
+
+      importService.received(1).getImporter("bitwardenjson", Arg.any());
+    });
+  });
+});
--- a/spec/common/services/export.service.spec.ts
+++ b/spec/common/services/export.service.spec.ts
@@ -1,8 +1,9 @@
-import { Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
+import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";

 import { ApiService } from "jslib-common/abstractions/api.service";
 import { CipherService } from "jslib-common/abstractions/cipher.service";
 import { CryptoService } from "jslib-common/abstractions/crypto.service";
+import { CryptoFunctionService } from "jslib-common/abstractions/cryptoFunction.service";
 import { FolderService } from "jslib-common/abstractions/folder.service";

 import { ExportService } from "jslib-common/services/export.service";
@@ -13,6 +14,9 @@ import { Login } from "jslib-common/models/domain/login";
 import { CipherWithIds as CipherExport } from "jslib-common/models/export/cipherWithIds";

 import { CipherType } from "jslib-common/enums/cipherType";
+import { KdfType } from "jslib-common/enums/kdfType";
+
+import { Utils } from "jslib-common/misc/utils";
 import { CipherView } from "jslib-common/models/view/cipherView";
 import { LoginView } from "jslib-common/models/view/loginView";

@@ -85,12 +89,14 @@ function expectEqualCiphers(ciphers: CipherView[] | Cipher[], jsonResult: string
 describe("ExportService", () => {
  let exportService: ExportService;
  let apiService: SubstituteOf<ApiService>;
+  let cryptoFunctionService: SubstituteOf<CryptoFunctionService>;
  let cipherService: SubstituteOf<CipherService>;
  let folderService: SubstituteOf<FolderService>;
  let cryptoService: SubstituteOf<CryptoService>;

  beforeEach(() => {
    apiService = Substitute.for<ApiService>();
+    cryptoFunctionService = Substitute.for<CryptoFunctionService>();
    cipherService = Substitute.for<CipherService>();
    folderService = Substitute.for<FolderService>();
    cryptoService = Substitute.for<CryptoService>();
@@ -98,7 +104,13 @@ describe("ExportService", () => {
    folderService.getAllDecrypted().resolves([]);
    folderService.getAll().resolves([]);

-    exportService = new ExportService(folderService, cipherService, apiService, cryptoService);
+    exportService = new ExportService(
+      folderService,
+      cipherService,
+      apiService,
+      cryptoService,
+      cryptoFunctionService
+    );
  });

  it("exports unecrypted user ciphers", async () => {
@@ -132,4 +144,68 @@ describe("ExportService", () => {

    expectEqualCiphers(UserCipherDomains.slice(0, 2), actual);
  });
+
+  describe("password protected export", () => {
+    let exportString: string;
+    let exportObject: any;
+    let mac: SubstituteOf<EncString>;
+    let data: SubstituteOf<EncString>;
+    const password = "password";
+    const salt = "salt";
+
+    describe("export json object", () => {
+      beforeEach(async () => {
+        mac = Substitute.for<EncString>();
+        data = Substitute.for<EncString>();
+
+        mac.encryptedString = "mac";
+        data.encryptedString = "encData";
+
+        spyOn(Utils, "fromBufferToB64").and.returnValue(salt);
+        cipherService.getAllDecrypted().resolves(UserCipherViews.slice(0, 1));
+
+        exportString = await exportService.getPasswordProtectedExport(password);
+        exportObject = JSON.parse(exportString);
+      });
+
+      it("specifies it is encrypted", () => {
+        expect(exportObject.encrypted).toBe(true);
+      });
+
+      it("specifies it's password protected", () => {
+        expect(exportObject.passwordProtected).toBe(true);
+      });
+
+      it("specifies format", () => {
+        expect(exportObject).toEqual(jasmine.objectContaining({ format: jasmine.any(String) }));
+      });
+
+      it("specifies salt", () => {
+        expect(exportObject.salt).toEqual("salt");
+      });
+
+      it("specifies kdfIterations", () => {
+        expect(exportObject.kdfIterations).toEqual(100000);
+      });
+
+      it("has kdfType", () => {
+        expect(exportObject.kdfType).toEqual(KdfType.PBKDF2_SHA256);
+      });
+
+      it("has a mac property", () => {
+        cryptoService.encrypt(Arg.any(), Arg.any()).resolves(mac);
+        expect(exportObject.encKeyValidation_DO_NOT_EDIT).toEqual(mac.encryptedString);
+      });
+
+      it("has data property", () => {
+        cryptoService.encrypt(Arg.any(), Arg.any()).resolves(data);
+        expect(exportObject.data).toEqual(data.encryptedString);
+      });
+
+      it("encrypts the data property", async () => {
+        const unencrypted = await exportService.getExport();
+        expect(exportObject.data).not.toEqual(unencrypted);
+      });
+    });
+  });
 });
--- a/spec/common/services/import.service.spec.ts
+++ b/spec/common/services/import.service.spec.ts
@@ -0,0 +1,74 @@
+import Substitute, { Arg, SubstituteOf } from "@fluffy-spoon/substitute";
+import { ApiService } from "jslib-common/abstractions/api.service";
+
+import { CipherService } from "jslib-common/abstractions/cipher.service";
+import { CollectionService } from "jslib-common/abstractions/collection.service";
+import { CryptoService } from "jslib-common/abstractions/crypto.service";
+import { FolderService } from "jslib-common/abstractions/folder.service";
+import { I18nService } from "jslib-common/abstractions/i18n.service";
+import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
+import { BitwardenPasswordProtectedImporter } from "jslib-common/importers/bitwardenPasswordProtectedImporter";
+
+import { Importer } from "jslib-common/importers/importer";
+import { Utils } from "jslib-common/misc/utils";
+
+import { ImportService } from "jslib-common/services/import.service";
+
+describe("ImportService", () => {
+  let importService: ImportService;
+  let cipherService: SubstituteOf<CipherService>;
+  let folderService: SubstituteOf<FolderService>;
+  let apiService: SubstituteOf<ApiService>;
+  let i18nService: SubstituteOf<I18nService>;
+  let collectionService: SubstituteOf<CollectionService>;
+  let platformUtilsService: SubstituteOf<PlatformUtilsService>;
+  let cryptoService: SubstituteOf<CryptoService>;
+
+  beforeEach(() => {
+    cipherService = Substitute.for<CipherService>();
+    folderService = Substitute.for<FolderService>();
+    apiService = Substitute.for<ApiService>();
+    i18nService = Substitute.for<I18nService>();
+    collectionService = Substitute.for<CollectionService>();
+    platformUtilsService = Substitute.for<PlatformUtilsService>();
+    cryptoService = Substitute.for<CryptoService>();
+
+    importService = new ImportService(
+      cipherService,
+      folderService,
+      apiService,
+      i18nService,
+      collectionService,
+      platformUtilsService,
+      cryptoService
+    );
+  });
+
+  describe("getImporterInstance", () => {
+    describe("Get bitPasswordProtected importer", () => {
+      let importer: Importer;
+      const organizationId = Utils.newGuid();
+      const password = Utils.newGuid();
+
+      beforeEach(() => {
+        importer = importService.getImporter(
+          "bitwardenpasswordprotected",
+          organizationId,
+          password
+        );
+      });
+
+      it("returns an instance of BitwardenPasswordProtectedImporter", () => {
+        expect(importer).toBeInstanceOf(BitwardenPasswordProtectedImporter);
+      });
+
+      it("has the appropriate organization Id", () => {
+        expect(importer.organizationId).toEqual(organizationId);
+      });
+
+      it("has the appropriate password", () => {
+        expect(Object.entries(importer)).toEqual(jasmine.arrayContaining([["password", password]]));
+      });
+    });
+  });
+});