Merge remote-tracking branch 'origin/main' into innovation/opaque

2026-02-27 10:03:23 +00:00 · 2025-03-18 11:06:39 +10:00
parent 47a36eace0 4537642003
commit 8754d2f767
44 changed files with 179 additions and 177 deletions
--- a/apps/web/src/app/auth/recover-two-factor.component.spec.ts
+++ b/apps/web/src/app/auth/recover-two-factor.component.spec.ts
@@ -9,7 +9,6 @@ import {
 } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
-import { TwoFactorRecoveryRequest } from "@bitwarden/common/auth/models/request/two-factor-recovery.request";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -85,15 +84,14 @@ describe("RecoverTwoFactorComponent", () => {
  describe("handleRecoveryLogin", () => {
    it("should log in successfully and navigate to the two-factor settings page", async () => {
      // Arrange
-      const request = new TwoFactorRecoveryRequest();
-      request.recoveryCode = "testRecoveryCode";
-      request.email = "test@example.com";
+      const email = "test@example.com";
+      const recoveryCode = "testRecoveryCode";

      const authResult = new AuthResult();
      mockLoginStrategyService.logIn.mockResolvedValue(authResult);

      // Act
-      await component["handleRecoveryLogin"](request);
+      await component["loginWithRecoveryCode"](email, recoveryCode);

      // Assert
      expect(mockLoginStrategyService.logIn).toHaveBeenCalledWith(
@@ -112,15 +110,14 @@ describe("RecoverTwoFactorComponent", () => {

    it("should handle login errors and redirect to login page", async () => {
      // Arrange
-      const request = new TwoFactorRecoveryRequest();
-      request.recoveryCode = "testRecoveryCode";
-      request.email = "test@example.com";
+      const email = "test@example.com";
+      const recoveryCode = "testRecoveryCode";

      const error = new Error("Login failed");
      mockLoginStrategyService.logIn.mockRejectedValue(error);

      // Act
-      await component["handleRecoveryLogin"](request);
+      await component["loginWithRecoveryCode"](email, recoveryCode);

      // Assert
      expect(mockLogService.error).toHaveBeenCalledWith(
@@ -128,7 +125,7 @@ describe("RecoverTwoFactorComponent", () => {
        error.message,
      );
      expect(mockRouter.navigate).toHaveBeenCalledWith(["/login"], {
-        queryParams: { email: request.email },
+        queryParams: { email: email },
      });
    });
  });
--- a/apps/web/src/app/auth/recover-two-factor.component.ts
+++ b/apps/web/src/app/auth/recover-two-factor.component.ts
@@ -7,17 +7,11 @@ import {
  PasswordLoginCredentials,
  LoginSuccessHandlerService,
 } from "@bitwarden/auth/common";
-import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
 import { TokenTwoFactorRequest } from "@bitwarden/common/auth/models/request/identity-token/token-two-factor.request";
-import { TwoFactorRecoveryRequest } from "@bitwarden/common/auth/models/request/two-factor-recovery.request";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
-import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
-import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { ToastService } from "@bitwarden/components";
-import { KeyService } from "@bitwarden/key-management";
 import { NewDeviceVerificationNoticeService } from "@bitwarden/vault";

@Component({
@@ -36,32 +30,18 @@ export class RecoverTwoFactorComponent implements OnInit {
   */
  recoveryCodeMessage = "";

-  /**
-   * Whether the recovery code login feature flag is enabled
-   */
-  private recoveryCodeLoginFeatureFlagEnabled = false;
-
  constructor(
    private router: Router,
-    private apiService: ApiService,
-    private platformUtilsService: PlatformUtilsService,
    private i18nService: I18nService,
-    private keyService: KeyService,
    private loginStrategyService: LoginStrategyServiceAbstraction,
    private toastService: ToastService,
-    private configService: ConfigService,
    private loginSuccessHandlerService: LoginSuccessHandlerService,
    private logService: LogService,
    private newDeviceVerificationNoticeService: NewDeviceVerificationNoticeService,
  ) {}

  async ngOnInit() {
-    this.recoveryCodeLoginFeatureFlagEnabled = await this.configService.getFeatureFlag(
-      FeatureFlag.RecoveryCodeLogin,
-    );
-    this.recoveryCodeMessage = this.recoveryCodeLoginFeatureFlagEnabled
-      ? this.i18nService.t("logInBelowUsingYourSingleUseRecoveryCode")
-      : this.i18nService.t("recoverAccountTwoStepDesc");
+    this.recoveryCodeMessage = this.i18nService.t("logInBelowUsingYourSingleUseRecoveryCode");
  }

  get email(): string {
@@ -85,46 +65,25 @@ export class RecoverTwoFactorComponent implements OnInit {
      return;
    }

-    const request = new TwoFactorRecoveryRequest();
-    request.recoveryCode = this.recoveryCode.replace(/\s/g, "").toLowerCase();
-    request.email = this.email.trim().toLowerCase();
+    const email = this.email.trim().toLowerCase();
+    const recoveryCode = this.recoveryCode.replace(/\s/g, "").toLowerCase();

-    const masterKey = await this.loginStrategyService.makePrePasswordLoginMasterKey(
-      this.masterPassword,
-      request.email,
-    );
-
-    request.masterPasswordHash = await this.keyService.hashMasterKey(
-      this.masterPassword,
-      masterKey,
-    );
-
-    if (this.recoveryCodeLoginFeatureFlagEnabled) {
-      await this.handleRecoveryLogin(request);
-    } else {
-      await this.apiService.postTwoFactorRecover(request);
-      this.toastService.showToast({
-        variant: "success",
-        title: "",
-        message: this.i18nService.t("twoStepRecoverDisabled"),
-      });
-      await this.router.navigate(["/"]);
-    }
+    await this.loginWithRecoveryCode(email, recoveryCode);
  };

  /**
   * Handles the login process after a successful account recovery.
   */
-  private async handleRecoveryLogin(request: TwoFactorRecoveryRequest) {
+  private async loginWithRecoveryCode(email: string, recoveryCode: string) {
    // Build two-factor request to pass into PasswordLoginCredentials request using the 2FA recovery code and RecoveryCode type
    const twoFactorRequest: TokenTwoFactorRequest = {
      provider: TwoFactorProviderType.RecoveryCode,
-      token: request.recoveryCode,
+      token: recoveryCode,
      remember: false,
    };

    const credentials = new PasswordLoginCredentials(
-      request.email,
+      email,
      this.masterPassword,
      "",
      twoFactorRequest,
@@ -156,7 +115,7 @@ export class RecoverTwoFactorComponent implements OnInit {
    } catch (error) {
      // If login errors, redirect to login page per product. Don't show error
      this.logService.error("Error logging in automatically: ", (error as Error).message);
-      await this.router.navigate(["/login"], { queryParams: { email: request.email } });
+      await this.router.navigate(["/login"], { queryParams: { email: email } });
    }
  }
 }
--- a/apps/web/src/app/auth/settings/two-factor/two-factor-setup.component.ts
+++ b/apps/web/src/app/auth/settings/two-factor/two-factor-setup.component.ts
@@ -29,7 +29,6 @@ import { TwoFactorProviders } from "@bitwarden/common/auth/services/two-factor.s
 import { AuthResponse } from "@bitwarden/common/auth/types/auth-response";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { ProductTierType } from "@bitwarden/common/billing/enums";
-import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
@@ -85,12 +84,7 @@ export class TwoFactorSetupComponent implements OnInit, OnDestroy {
  }

  async ngOnInit() {
-    const recoveryCodeLoginFeatureFlagEnabled = await this.configService.getFeatureFlag(
-      FeatureFlag.RecoveryCodeLogin,
-    );
-    this.recoveryCodeWarningMessage = recoveryCodeLoginFeatureFlagEnabled
-      ? this.i18nService.t("yourSingleUseRecoveryCode")
-      : this.i18nService.t("twoStepLoginRecoveryWarning");
+    this.recoveryCodeWarningMessage = this.i18nService.t("yourSingleUseRecoveryCode");

    for (const key in TwoFactorProviders) {
      // eslint-disable-next-line
--- a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.spec.ts
+++ b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.spec.ts
@@ -2,10 +2,10 @@ import { mock, MockProxy } from "jest-mock-extended";
 import { BehaviorSubject } from "rxjs";

 import { OrganizationUserResetPasswordWithIdRequest } from "@bitwarden/admin-console/common";
-import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { WebauthnRotateCredentialRequest } from "@bitwarden/common/auth/models/request/webauthn-rotate-credential.request";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
+import { DeviceTrustServiceAbstraction } from "@bitwarden/common/key-management/device-trust/abstractions/device-trust.service.abstraction";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
--- a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts
+++ b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts
@@ -2,11 +2,11 @@ import { Injectable } from "@angular/core";
 import { firstValueFrom } from "rxjs";

 import { Account } from "@bitwarden/common/auth/abstractions/account.service";
-import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { VerificationType } from "@bitwarden/common/auth/enums/verification-type";
 import { MasterPasswordVerification } from "@bitwarden/common/auth/types/verification";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
+import { DeviceTrustServiceAbstraction } from "@bitwarden/common/key-management/device-trust/abstractions/device-trust.service.abstraction";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { EncryptedString } from "@bitwarden/common/platform/models/domain/enc-string";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";