mirror of
https://github.com/bitwarden/browser
synced 2025-12-14 15:23:33 +00:00
[PM-7169][PM-5267] Remove auth status from account info (#8539)
* remove active account unlocked from state service * Remove status from account service `AccountInfo` * Fixup lingering usages of status Fixup missed factories * Fixup account info usage * fixup CLI build * Fixup current account type * Add helper for all auth statuses to auth service * Fix tests * Uncomment mistakenly commented code * Rework logged out account exclusion tests * Correct test description * Avoid getters returning observables * fixup type
This commit is contained in:
Matt Gibson
GitHub
@@ -2,7 +2,6 @@ import { Injectable, inject } from "@angular/core";
|
||||
import { CanActivate, CanActivateFn, Router, UrlTree } from "@angular/router";
|
||||
import { Observable, map } from "rxjs";
|
||||
|
||||
import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
|
||||
import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
|
||||
import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
|
||||
|
||||
@@ -43,14 +42,14 @@ const defaultRoutes: UnauthRoutes = {
|
||||
};
|
||||
|
||||
function unauthGuard(routes: UnauthRoutes): Observable<boolean | UrlTree> {
|
||||
const accountService = inject(AccountService);
|
||||
const authService = inject(AuthService);
|
||||
const router = inject(Router);
|
||||
|
||||
return accountService.activeAccount$.pipe(
|
||||
map((accountData) => {
|
||||
if (accountData == null || accountData.status === AuthenticationStatus.LoggedOut) {
|
||||
return authService.activeAccountStatus$.pipe(
|
||||
map((status) => {
|
||||
if (status == null || status === AuthenticationStatus.LoggedOut) {
|
||||
return true;
|
||||
} else if (accountData.status === AuthenticationStatus.Locked) {
|
||||
} else if (status === AuthenticationStatus.Locked) {
|
||||
return router.createUrlTree([routes.locked]);
|
||||
} else {
|
||||
return router.createUrlTree([routes.homepage()]);
|
||||
|
||||
@@ -756,7 +756,7 @@ const safeProviders: SafeProvider[] = [
|
||||
safeProvider({
|
||||
provide: EventUploadServiceAbstraction,
|
||||
useClass: EventUploadService,
|
||||
deps: [ApiServiceAbstraction, StateProvider, LogService, AccountServiceAbstraction],
|
||||
deps: [ApiServiceAbstraction, StateProvider, LogService, AuthServiceAbstraction],
|
||||
}),
|
||||
safeProvider({
|
||||
provide: EventCollectionServiceAbstraction,
|
||||
@@ -766,7 +766,7 @@ const safeProviders: SafeProvider[] = [
|
||||
StateProvider,
|
||||
OrganizationServiceAbstraction,
|
||||
EventUploadServiceAbstraction,
|
||||
AccountServiceAbstraction,
|
||||
AuthServiceAbstraction,
|
||||
],
|
||||
}),
|
||||
safeProvider({
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
import { firstValueFrom } from "rxjs";
|
||||
|
||||
import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
|
||||
import { Utils } from "@bitwarden/common/platform/misc/utils";
|
||||
import {
|
||||
FakeAccountService,
|
||||
@@ -66,7 +65,6 @@ describe("UserDecryptionOptionsService", () => {
|
||||
await fakeAccountService.addAccount(givenUser, {
|
||||
name: "Test User 1",
|
||||
email: "test1@email.com",
|
||||
status: AuthenticationStatus.Locked,
|
||||
});
|
||||
await fakeStateProvider.setUserState(
|
||||
USER_DECRYPTION_OPTIONS,
|
||||
|
||||
@@ -1,8 +1,7 @@
|
||||
import { mock } from "jest-mock-extended";
|
||||
import { Observable, ReplaySubject } from "rxjs";
|
||||
import { ReplaySubject } from "rxjs";
|
||||
|
||||
import { AccountInfo, AccountService } from "../src/auth/abstractions/account.service";
|
||||
import { AuthenticationStatus } from "../src/auth/enums/authentication-status";
|
||||
import { UserId } from "../src/types/guid";
|
||||
|
||||
export function mockAccountServiceWith(
|
||||
@@ -14,7 +13,6 @@ export function mockAccountServiceWith(
|
||||
...{
|
||||
name: "name",
|
||||
email: "email",
|
||||
status: AuthenticationStatus.Locked,
|
||||
},
|
||||
};
|
||||
const service = new FakeAccountService({ [userId]: fullInfo });
|
||||
@@ -34,8 +32,6 @@ export class FakeAccountService implements AccountService {
|
||||
}
|
||||
accounts$ = this.accountsSubject.asObservable();
|
||||
activeAccount$ = this.activeAccountSubject.asObservable();
|
||||
accountLock$: Observable<UserId>;
|
||||
accountLogout$: Observable<UserId>;
|
||||
|
||||
constructor(initialData: Record<UserId, AccountInfo>) {
|
||||
this.accountsSubject.next(initialData);
|
||||
@@ -57,14 +53,6 @@ export class FakeAccountService implements AccountService {
|
||||
await this.mock.setAccountEmail(userId, email);
|
||||
}
|
||||
|
||||
async setAccountStatus(userId: UserId, status: AuthenticationStatus): Promise<void> {
|
||||
await this.mock.setAccountStatus(userId, status);
|
||||
}
|
||||
|
||||
async setMaxAccountStatus(userId: UserId, maxStatus: AuthenticationStatus): Promise<void> {
|
||||
await this.mock.setMaxAccountStatus(userId, maxStatus);
|
||||
}
|
||||
|
||||
async switchAccount(userId: UserId): Promise<void> {
|
||||
const next =
|
||||
userId == null ? null : { id: userId, ...this.accountsSubject["_buffer"]?.[0]?.[userId] };
|
||||
|
||||
@@ -1,27 +1,23 @@
|
||||
import { Observable } from "rxjs";
|
||||
|
||||
import { UserId } from "../../types/guid";
|
||||
import { AuthenticationStatus } from "../enums/authentication-status";
|
||||
|
||||
/**
|
||||
* Holds information about an account for use in the AccountService
|
||||
* if more information is added, be sure to update the equality method.
|
||||
*/
|
||||
export type AccountInfo = {
|
||||
status: AuthenticationStatus;
|
||||
email: string;
|
||||
name: string | undefined;
|
||||
};
|
||||
|
||||
export function accountInfoEqual(a: AccountInfo, b: AccountInfo) {
|
||||
return a?.status === b?.status && a?.email === b?.email && a?.name === b?.name;
|
||||
return a?.email === b?.email && a?.name === b?.name;
|
||||
}
|
||||
|
||||
export abstract class AccountService {
|
||||
accounts$: Observable<Record<UserId, AccountInfo>>;
|
||||
activeAccount$: Observable<{ id: UserId | undefined } & AccountInfo>;
|
||||
accountLock$: Observable<UserId>;
|
||||
accountLogout$: Observable<UserId>;
|
||||
/**
|
||||
* Updates the `accounts$` observable with the new account data.
|
||||
* @param userId
|
||||
@@ -40,24 +36,6 @@ export abstract class AccountService {
|
||||
* @param email
|
||||
*/
|
||||
abstract setAccountEmail(userId: UserId, email: string): Promise<void>;
|
||||
/**
|
||||
* Updates the `accounts$` observable with the new account status.
|
||||
* Also emits the `accountLock$` or `accountLogout$` observable if the status is `Locked` or `LoggedOut` respectively.
|
||||
* @param userId
|
||||
* @param status
|
||||
*/
|
||||
abstract setAccountStatus(userId: UserId, status: AuthenticationStatus): Promise<void>;
|
||||
/**
|
||||
* Updates the `accounts$` observable with the new account status if the current status is higher than the `maxStatus`.
|
||||
*
|
||||
* This method only downgrades status to the maximum value sent in, it will not increase authentication status.
|
||||
*
|
||||
* @example An account is transitioning from unlocked to logged out. If callbacks that set the status to locked occur
|
||||
* after it is updated to logged out, the account will be in the incorrect state.
|
||||
* @param userId The user id of the account to be updated.
|
||||
* @param maxStatus The new status of the account.
|
||||
*/
|
||||
abstract setMaxAccountStatus(userId: UserId, maxStatus: AuthenticationStatus): Promise<void>;
|
||||
/**
|
||||
* Updates the `activeAccount$` observable with the new active account.
|
||||
* @param userId
|
||||
|
||||
@@ -6,6 +6,8 @@ import { AuthenticationStatus } from "../enums/authentication-status";
|
||||
export abstract class AuthService {
|
||||
/** Authentication status for the active user */
|
||||
abstract activeAccountStatus$: Observable<AuthenticationStatus>;
|
||||
/** Authentication status for all known users */
|
||||
abstract authStatuses$: Observable<Record<UserId, AuthenticationStatus>>;
|
||||
/**
|
||||
* Returns an observable authentication status for the given user id.
|
||||
* @note userId is a required parameter, null values will always return `AuthenticationStatus.LoggedOut`
|
||||
|
||||
@@ -8,7 +8,6 @@ import { LogService } from "../../platform/abstractions/log.service";
|
||||
import { MessagingService } from "../../platform/abstractions/messaging.service";
|
||||
import { UserId } from "../../types/guid";
|
||||
import { AccountInfo } from "../abstractions/account.service";
|
||||
import { AuthenticationStatus } from "../enums/authentication-status";
|
||||
|
||||
import {
|
||||
ACCOUNT_ACCOUNTS,
|
||||
@@ -24,9 +23,7 @@ describe("accountService", () => {
|
||||
let accountsState: FakeGlobalState<Record<UserId, AccountInfo>>;
|
||||
let activeAccountIdState: FakeGlobalState<UserId>;
|
||||
const userId = "userId" as UserId;
|
||||
function userInfo(status: AuthenticationStatus): AccountInfo {
|
||||
return { status, email: "email", name: "name" };
|
||||
}
|
||||
const userInfo = { email: "email", name: "name" };
|
||||
|
||||
beforeEach(() => {
|
||||
messagingService = mock();
|
||||
@@ -50,61 +47,49 @@ describe("accountService", () => {
|
||||
expect(emissions).toEqual([undefined]);
|
||||
});
|
||||
|
||||
it("should emit the active account and status", async () => {
|
||||
it("should emit the active account", async () => {
|
||||
const emissions = trackEmissions(sut.activeAccount$);
|
||||
accountsState.stateSubject.next({ [userId]: userInfo(AuthenticationStatus.Unlocked) });
|
||||
accountsState.stateSubject.next({ [userId]: userInfo });
|
||||
activeAccountIdState.stateSubject.next(userId);
|
||||
|
||||
expect(emissions).toEqual([
|
||||
undefined, // initial value
|
||||
{ id: userId, ...userInfo(AuthenticationStatus.Unlocked) },
|
||||
]);
|
||||
});
|
||||
|
||||
it("should update the status if the account status changes", async () => {
|
||||
accountsState.stateSubject.next({ [userId]: userInfo(AuthenticationStatus.Unlocked) });
|
||||
activeAccountIdState.stateSubject.next(userId);
|
||||
const emissions = trackEmissions(sut.activeAccount$);
|
||||
accountsState.stateSubject.next({ [userId]: userInfo(AuthenticationStatus.Locked) });
|
||||
|
||||
expect(emissions).toEqual([
|
||||
{ id: userId, ...userInfo(AuthenticationStatus.Unlocked) },
|
||||
{ id: userId, ...userInfo(AuthenticationStatus.Locked) },
|
||||
{ id: userId, ...userInfo },
|
||||
]);
|
||||
});
|
||||
|
||||
it("should remember the last emitted value", async () => {
|
||||
accountsState.stateSubject.next({ [userId]: userInfo(AuthenticationStatus.Unlocked) });
|
||||
accountsState.stateSubject.next({ [userId]: userInfo });
|
||||
activeAccountIdState.stateSubject.next(userId);
|
||||
|
||||
expect(await firstValueFrom(sut.activeAccount$)).toEqual({
|
||||
id: userId,
|
||||
...userInfo(AuthenticationStatus.Unlocked),
|
||||
...userInfo,
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe("accounts$", () => {
|
||||
it("should maintain an accounts cache", async () => {
|
||||
accountsState.stateSubject.next({ [userId]: userInfo(AuthenticationStatus.Unlocked) });
|
||||
accountsState.stateSubject.next({ [userId]: userInfo(AuthenticationStatus.Locked) });
|
||||
accountsState.stateSubject.next({ [userId]: userInfo });
|
||||
accountsState.stateSubject.next({ [userId]: userInfo });
|
||||
expect(await firstValueFrom(sut.accounts$)).toEqual({
|
||||
[userId]: userInfo(AuthenticationStatus.Locked),
|
||||
[userId]: userInfo,
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe("addAccount", () => {
|
||||
it("should emit the new account", async () => {
|
||||
await sut.addAccount(userId, userInfo(AuthenticationStatus.Unlocked));
|
||||
await sut.addAccount(userId, userInfo);
|
||||
const currentValue = await firstValueFrom(sut.accounts$);
|
||||
|
||||
expect(currentValue).toEqual({ [userId]: userInfo(AuthenticationStatus.Unlocked) });
|
||||
expect(currentValue).toEqual({ [userId]: userInfo });
|
||||
});
|
||||
});
|
||||
|
||||
describe("setAccountName", () => {
|
||||
const initialState = { [userId]: userInfo(AuthenticationStatus.Unlocked) };
|
||||
const initialState = { [userId]: userInfo };
|
||||
beforeEach(() => {
|
||||
accountsState.stateSubject.next(initialState);
|
||||
});
|
||||
@@ -114,7 +99,7 @@ describe("accountService", () => {
|
||||
const currentState = await firstValueFrom(accountsState.state$);
|
||||
|
||||
expect(currentState).toEqual({
|
||||
[userId]: { ...userInfo(AuthenticationStatus.Unlocked), name: "new name" },
|
||||
[userId]: { ...userInfo, name: "new name" },
|
||||
});
|
||||
});
|
||||
|
||||
@@ -127,7 +112,7 @@ describe("accountService", () => {
|
||||
});
|
||||
|
||||
describe("setAccountEmail", () => {
|
||||
const initialState = { [userId]: userInfo(AuthenticationStatus.Unlocked) };
|
||||
const initialState = { [userId]: userInfo };
|
||||
beforeEach(() => {
|
||||
accountsState.stateSubject.next(initialState);
|
||||
});
|
||||
@@ -137,7 +122,7 @@ describe("accountService", () => {
|
||||
const currentState = await firstValueFrom(accountsState.state$);
|
||||
|
||||
expect(currentState).toEqual({
|
||||
[userId]: { ...userInfo(AuthenticationStatus.Unlocked), email: "new email" },
|
||||
[userId]: { ...userInfo, email: "new email" },
|
||||
});
|
||||
});
|
||||
|
||||
@@ -149,49 +134,9 @@ describe("accountService", () => {
|
||||
});
|
||||
});
|
||||
|
||||
describe("setAccountStatus", () => {
|
||||
const initialState = { [userId]: userInfo(AuthenticationStatus.Unlocked) };
|
||||
beforeEach(() => {
|
||||
accountsState.stateSubject.next(initialState);
|
||||
});
|
||||
|
||||
it("should update the account", async () => {
|
||||
await sut.setAccountStatus(userId, AuthenticationStatus.Locked);
|
||||
const currentState = await firstValueFrom(accountsState.state$);
|
||||
|
||||
expect(currentState).toEqual({
|
||||
[userId]: {
|
||||
...userInfo(AuthenticationStatus.Unlocked),
|
||||
status: AuthenticationStatus.Locked,
|
||||
},
|
||||
});
|
||||
});
|
||||
|
||||
it("should not update if the status is the same", async () => {
|
||||
await sut.setAccountStatus(userId, AuthenticationStatus.Unlocked);
|
||||
const currentState = await firstValueFrom(accountsState.state$);
|
||||
|
||||
expect(currentState).toEqual(initialState);
|
||||
});
|
||||
|
||||
it("should emit logout if the status is logged out", async () => {
|
||||
const emissions = trackEmissions(sut.accountLogout$);
|
||||
await sut.setAccountStatus(userId, AuthenticationStatus.LoggedOut);
|
||||
|
||||
expect(emissions).toEqual([userId]);
|
||||
});
|
||||
|
||||
it("should emit lock if the status is locked", async () => {
|
||||
const emissions = trackEmissions(sut.accountLock$);
|
||||
await sut.setAccountStatus(userId, AuthenticationStatus.Locked);
|
||||
|
||||
expect(emissions).toEqual([userId]);
|
||||
});
|
||||
});
|
||||
|
||||
describe("switchAccount", () => {
|
||||
beforeEach(() => {
|
||||
accountsState.stateSubject.next({ [userId]: userInfo(AuthenticationStatus.Unlocked) });
|
||||
accountsState.stateSubject.next({ [userId]: userInfo });
|
||||
activeAccountIdState.stateSubject.next(userId);
|
||||
});
|
||||
|
||||
@@ -207,26 +152,4 @@ describe("accountService", () => {
|
||||
expect(sut.switchAccount("unknown" as UserId)).rejects.toThrowError("Account does not exist");
|
||||
});
|
||||
});
|
||||
|
||||
describe("setMaxAccountStatus", () => {
|
||||
it("should update the account", async () => {
|
||||
accountsState.stateSubject.next({ [userId]: userInfo(AuthenticationStatus.Unlocked) });
|
||||
await sut.setMaxAccountStatus(userId, AuthenticationStatus.Locked);
|
||||
const currentState = await firstValueFrom(accountsState.state$);
|
||||
|
||||
expect(currentState).toEqual({
|
||||
[userId]: userInfo(AuthenticationStatus.Locked),
|
||||
});
|
||||
});
|
||||
|
||||
it("should not update if the new max status is higher than the current", async () => {
|
||||
accountsState.stateSubject.next({ [userId]: userInfo(AuthenticationStatus.LoggedOut) });
|
||||
await sut.setMaxAccountStatus(userId, AuthenticationStatus.Locked);
|
||||
const currentState = await firstValueFrom(accountsState.state$);
|
||||
|
||||
expect(currentState).toEqual({
|
||||
[userId]: userInfo(AuthenticationStatus.LoggedOut),
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@@ -14,7 +14,6 @@ import {
|
||||
KeyDefinition,
|
||||
} from "../../platform/state";
|
||||
import { UserId } from "../../types/guid";
|
||||
import { AuthenticationStatus } from "../enums/authentication-status";
|
||||
|
||||
export const ACCOUNT_ACCOUNTS = KeyDefinition.record<AccountInfo, UserId>(
|
||||
ACCOUNT_MEMORY,
|
||||
@@ -36,8 +35,6 @@ export class AccountServiceImplementation implements InternalAccountService {
|
||||
|
||||
accounts$;
|
||||
activeAccount$;
|
||||
accountLock$ = this.lock.asObservable();
|
||||
accountLogout$ = this.logout.asObservable();
|
||||
|
||||
constructor(
|
||||
private messagingService: MessagingService,
|
||||
@@ -74,34 +71,6 @@ export class AccountServiceImplementation implements InternalAccountService {
|
||||
await this.setAccountInfo(userId, { email });
|
||||
}
|
||||
|
||||
async setAccountStatus(userId: UserId, status: AuthenticationStatus): Promise<void> {
|
||||
await this.setAccountInfo(userId, { status });
|
||||
|
||||
if (status === AuthenticationStatus.LoggedOut) {
|
||||
this.logout.next(userId);
|
||||
} else if (status === AuthenticationStatus.Locked) {
|
||||
this.lock.next(userId);
|
||||
}
|
||||
}
|
||||
|
||||
async setMaxAccountStatus(userId: UserId, maxStatus: AuthenticationStatus): Promise<void> {
|
||||
await this.accountsState.update(
|
||||
(accounts) => {
|
||||
accounts[userId].status = maxStatus;
|
||||
return accounts;
|
||||
},
|
||||
{
|
||||
shouldUpdate: (accounts) => {
|
||||
if (accounts?.[userId] == null) {
|
||||
throw new Error("Account does not exist");
|
||||
}
|
||||
|
||||
return accounts[userId].status > maxStatus;
|
||||
},
|
||||
},
|
||||
);
|
||||
}
|
||||
|
||||
async switchAccount(userId: UserId): Promise<void> {
|
||||
await this.activeAccountIdState.update(
|
||||
(_, accounts) => {
|
||||
|
||||
@@ -122,6 +122,25 @@ describe("AuthService", () => {
|
||||
});
|
||||
});
|
||||
|
||||
describe("authStatuses$", () => {
|
||||
it("requests auth status for all known users", async () => {
|
||||
const userId2 = Utils.newGuid() as UserId;
|
||||
|
||||
await accountService.addAccount(userId2, { email: "email2", name: "name2" });
|
||||
|
||||
const mockFn = jest.fn().mockReturnValue(of(AuthenticationStatus.Locked));
|
||||
sut.authStatusFor$ = mockFn;
|
||||
|
||||
await expect(firstValueFrom(await sut.authStatuses$)).resolves.toEqual({
|
||||
[userId]: AuthenticationStatus.Locked,
|
||||
[userId2]: AuthenticationStatus.Locked,
|
||||
});
|
||||
expect(mockFn).toHaveBeenCalledTimes(2);
|
||||
expect(mockFn).toHaveBeenCalledWith(userId);
|
||||
expect(mockFn).toHaveBeenCalledWith(userId2);
|
||||
});
|
||||
});
|
||||
|
||||
describe("authStatusFor$", () => {
|
||||
beforeEach(() => {
|
||||
tokenService.hasAccessToken$.mockReturnValue(of(true));
|
||||
|
||||
@@ -21,6 +21,7 @@ import { AuthenticationStatus } from "../enums/authentication-status";
|
||||
|
||||
export class AuthService implements AuthServiceAbstraction {
|
||||
activeAccountStatus$: Observable<AuthenticationStatus>;
|
||||
authStatuses$: Observable<Record<UserId, AuthenticationStatus>>;
|
||||
|
||||
constructor(
|
||||
protected accountService: AccountService,
|
||||
@@ -36,6 +37,26 @@ export class AuthService implements AuthServiceAbstraction {
|
||||
return this.authStatusFor$(userId);
|
||||
}),
|
||||
);
|
||||
|
||||
this.authStatuses$ = this.accountService.accounts$.pipe(
|
||||
map((accounts) => Object.keys(accounts) as UserId[]),
|
||||
switchMap((entries) =>
|
||||
combineLatest(
|
||||
entries.map((userId) =>
|
||||
this.authStatusFor$(userId).pipe(map((status) => ({ userId, status }))),
|
||||
),
|
||||
),
|
||||
),
|
||||
map((statuses) => {
|
||||
return statuses.reduce(
|
||||
(acc, { userId, status }) => {
|
||||
acc[userId] = status;
|
||||
return acc;
|
||||
},
|
||||
{} as Record<UserId, AuthenticationStatus>,
|
||||
);
|
||||
}),
|
||||
);
|
||||
}
|
||||
|
||||
authStatusFor$(userId: UserId): Observable<AuthenticationStatus> {
|
||||
|
||||
@@ -8,7 +8,6 @@ import { OrganizationAutoEnrollStatusResponse } from "../../admin-console/models
|
||||
import { CryptoService } from "../../platform/abstractions/crypto.service";
|
||||
import { I18nService } from "../../platform/abstractions/i18n.service";
|
||||
import { AccountInfo, AccountService } from "../abstractions/account.service";
|
||||
import { AuthenticationStatus } from "../enums/authentication-status";
|
||||
|
||||
import { PasswordResetEnrollmentServiceImplementation } from "./password-reset-enrollment.service.implementation";
|
||||
|
||||
@@ -91,7 +90,6 @@ describe("PasswordResetEnrollmentServiceImplementation", () => {
|
||||
const user1AccountInfo: AccountInfo = {
|
||||
name: "Test User 1",
|
||||
email: "test1@email.com",
|
||||
status: AuthenticationStatus.Unlocked,
|
||||
};
|
||||
activeAccountSubject.next(Object.assign(user1AccountInfo, { id: "userId" as UserId }));
|
||||
|
||||
|
||||
@@ -33,10 +33,6 @@ export type InitOptions = {
|
||||
export abstract class StateService<T extends Account = Account> {
|
||||
accounts$: Observable<{ [userId: string]: T }>;
|
||||
activeAccount$: Observable<string>;
|
||||
/**
|
||||
* @deprecated use accountService.activeAccount$ instead
|
||||
*/
|
||||
activeAccountUnlocked$: Observable<boolean>;
|
||||
|
||||
addAccount: (account: T) => Promise<void>;
|
||||
setActiveUser: (userId: string) => Promise<void>;
|
||||
|
||||
@@ -4,7 +4,6 @@ import { firstValueFrom, of, tap } from "rxjs";
|
||||
import { FakeAccountService, mockAccountServiceWith } from "../../../spec/fake-account-service";
|
||||
import { FakeActiveUserState, FakeSingleUserState } from "../../../spec/fake-state";
|
||||
import { FakeStateProvider } from "../../../spec/fake-state-provider";
|
||||
import { AuthenticationStatus } from "../../auth/enums/authentication-status";
|
||||
import { FakeMasterPasswordService } from "../../auth/services/master-password/fake-master-password.service";
|
||||
import { CsprngArray } from "../../types/csprng";
|
||||
import { UserId } from "../../types/guid";
|
||||
@@ -273,15 +272,6 @@ describe("cryptoService", () => {
|
||||
await expect(cryptoService.setUserKey(null, mockUserId)).rejects.toThrow("No key provided.");
|
||||
});
|
||||
|
||||
it("should update the user's lock state", async () => {
|
||||
await cryptoService.setUserKey(mockUserKey, mockUserId);
|
||||
|
||||
expect(accountService.mock.setAccountStatus).toHaveBeenCalledWith(
|
||||
mockUserId,
|
||||
AuthenticationStatus.Unlocked,
|
||||
);
|
||||
});
|
||||
|
||||
describe("Pin Key refresh", () => {
|
||||
let cryptoSvcMakePinKey: jest.SpyInstance;
|
||||
const protectedPin =
|
||||
@@ -353,23 +343,6 @@ describe("cryptoService", () => {
|
||||
accountService.activeAccount$ = accountService.activeAccountSubject.asObservable();
|
||||
});
|
||||
|
||||
it("sets the maximum account status of the active user id to locked when user id is not specified", async () => {
|
||||
await cryptoService.clearKeys();
|
||||
expect(accountService.mock.setMaxAccountStatus).toHaveBeenCalledWith(
|
||||
mockUserId,
|
||||
AuthenticationStatus.Locked,
|
||||
);
|
||||
});
|
||||
|
||||
it("sets the maximum account status of the specified user id to locked when user id is specified", async () => {
|
||||
const userId = "someOtherUser" as UserId;
|
||||
await cryptoService.clearKeys(userId);
|
||||
expect(accountService.mock.setMaxAccountStatus).toHaveBeenCalledWith(
|
||||
userId,
|
||||
AuthenticationStatus.Locked,
|
||||
);
|
||||
});
|
||||
|
||||
describe.each([
|
||||
USER_ENCRYPTED_ORGANIZATION_KEYS,
|
||||
USER_ENCRYPTED_PROVIDER_KEYS,
|
||||
|
||||
@@ -7,7 +7,6 @@ import { ProfileProviderOrganizationResponse } from "../../admin-console/models/
|
||||
import { ProfileProviderResponse } from "../../admin-console/models/response/profile-provider.response";
|
||||
import { AccountService } from "../../auth/abstractions/account.service";
|
||||
import { InternalMasterPasswordServiceAbstraction } from "../../auth/abstractions/master-password.service.abstraction";
|
||||
import { AuthenticationStatus } from "../../auth/enums/authentication-status";
|
||||
import { KdfConfig } from "../../auth/models/domain/kdf-config";
|
||||
import { Utils } from "../../platform/misc/utils";
|
||||
import { CsprngArray } from "../../types/csprng";
|
||||
@@ -152,8 +151,6 @@ export class CryptoService implements CryptoServiceAbstraction {
|
||||
[userId, key] = await this.stateProvider.setUserState(USER_KEY, key, userId);
|
||||
await this.stateProvider.setUserState(USER_EVER_HAD_USER_KEY, true, userId);
|
||||
|
||||
await this.accountService.setAccountStatus(userId, AuthenticationStatus.Unlocked);
|
||||
|
||||
await this.storeAdditionalKeys(key, userId);
|
||||
}
|
||||
|
||||
@@ -256,14 +253,13 @@ export class CryptoService implements CryptoServiceAbstraction {
|
||||
* Clears the user key. Clears all stored versions of the user keys as well, such as the biometrics key
|
||||
* @param userId The desired user
|
||||
*/
|
||||
async clearUserKey(userId: UserId): Promise<void> {
|
||||
private async clearUserKey(userId: UserId): Promise<void> {
|
||||
if (userId == null) {
|
||||
// nothing to do
|
||||
return;
|
||||
}
|
||||
// Set userId to ensure we have one for the account status update
|
||||
await this.stateProvider.setUserState(USER_KEY, null, userId);
|
||||
await this.accountService.setMaxAccountStatus(userId, AuthenticationStatus.Locked);
|
||||
await this.clearAllStoredUserKeys(userId);
|
||||
}
|
||||
|
||||
|
||||
@@ -2,7 +2,6 @@ import { firstValueFrom } from "rxjs";
|
||||
|
||||
import { FakeStateProvider, awaitAsync } from "../../../spec";
|
||||
import { FakeAccountService } from "../../../spec/fake-account-service";
|
||||
import { AuthenticationStatus } from "../../auth/enums/authentication-status";
|
||||
import { UserId } from "../../types/guid";
|
||||
import { CloudRegion, Region } from "../abstractions/environment.service";
|
||||
|
||||
@@ -32,12 +31,10 @@ describe("EnvironmentService", () => {
|
||||
[testUser]: {
|
||||
name: "name",
|
||||
email: "email",
|
||||
status: AuthenticationStatus.Locked,
|
||||
},
|
||||
[alternateTestUser]: {
|
||||
name: "name",
|
||||
email: "email",
|
||||
status: AuthenticationStatus.Locked,
|
||||
},
|
||||
});
|
||||
stateProvider = new FakeStateProvider(accountService);
|
||||
@@ -50,7 +47,6 @@ describe("EnvironmentService", () => {
|
||||
id: userId,
|
||||
email: "test@example.com",
|
||||
name: `Test Name ${userId}`,
|
||||
status: AuthenticationStatus.Unlocked,
|
||||
});
|
||||
await awaitAsync();
|
||||
};
|
||||
|
||||
@@ -1,9 +1,8 @@
|
||||
import { BehaviorSubject, Observable, map } from "rxjs";
|
||||
import { BehaviorSubject } from "rxjs";
|
||||
import { Jsonify, JsonValue } from "type-fest";
|
||||
|
||||
import { AccountService } from "../../auth/abstractions/account.service";
|
||||
import { TokenService } from "../../auth/abstractions/token.service";
|
||||
import { AuthenticationStatus } from "../../auth/enums/authentication-status";
|
||||
import { AdminAuthRequestStorable } from "../../auth/models/domain/admin-auth-req-storable";
|
||||
import { KdfConfig } from "../../auth/models/domain/kdf-config";
|
||||
import { BiometricKey } from "../../auth/types/biometric-key";
|
||||
@@ -68,8 +67,6 @@ export class StateService<
|
||||
protected activeAccountSubject = new BehaviorSubject<string | null>(null);
|
||||
activeAccount$ = this.activeAccountSubject.asObservable();
|
||||
|
||||
activeAccountUnlocked$: Observable<boolean>;
|
||||
|
||||
private hasBeenInited = false;
|
||||
protected isRecoveredSession = false;
|
||||
|
||||
@@ -89,13 +86,7 @@ export class StateService<
|
||||
protected tokenService: TokenService,
|
||||
private migrationRunner: MigrationRunner,
|
||||
protected useAccountCache: boolean = true,
|
||||
) {
|
||||
this.activeAccountUnlocked$ = this.accountService.activeAccount$.pipe(
|
||||
map((a) => {
|
||||
return a?.status === AuthenticationStatus.Unlocked;
|
||||
}),
|
||||
);
|
||||
}
|
||||
) {}
|
||||
|
||||
async init(initOptions: InitOptions = {}): Promise<void> {
|
||||
// Deconstruct and apply defaults
|
||||
@@ -151,7 +142,6 @@ export class StateService<
|
||||
await this.accountService.addAccount(state.activeUserId as UserId, {
|
||||
name: activeDiskAccount.profile.name,
|
||||
email: activeDiskAccount.profile.email,
|
||||
status: AuthenticationStatus.LoggedOut,
|
||||
});
|
||||
}
|
||||
await this.accountService.switchAccount(state.activeUserId as UserId);
|
||||
@@ -177,16 +167,7 @@ export class StateService<
|
||||
|
||||
// TODO: Temporary update to avoid routing all account status changes through account service for now.
|
||||
// The determination of state should be handled by the various services that control those values.
|
||||
const token = await this.tokenService.getAccessToken(userId as UserId);
|
||||
const autoKey = await this.getUserKeyAutoUnlock({ userId: userId });
|
||||
const accountStatus =
|
||||
token == null
|
||||
? AuthenticationStatus.LoggedOut
|
||||
: autoKey == null
|
||||
? AuthenticationStatus.Locked
|
||||
: AuthenticationStatus.Unlocked;
|
||||
await this.accountService.addAccount(userId as UserId, {
|
||||
status: accountStatus,
|
||||
name: diskAccount.profile.name,
|
||||
email: diskAccount.profile.email,
|
||||
});
|
||||
@@ -206,7 +187,6 @@ export class StateService<
|
||||
await this.setLastActive(new Date().getTime(), { userId: account.profile.userId });
|
||||
// TODO: Temporary update to avoid routing all account status changes through account service for now.
|
||||
await this.accountService.addAccount(account.profile.userId as UserId, {
|
||||
status: AuthenticationStatus.Locked,
|
||||
name: account.profile.name,
|
||||
email: account.profile.email,
|
||||
});
|
||||
@@ -1406,8 +1386,6 @@ export class StateService<
|
||||
|
||||
return state;
|
||||
});
|
||||
// TODO: Invert this logic, we should remove accounts based on logged out emit
|
||||
await this.accountService.setAccountStatus(userId as UserId, AuthenticationStatus.LoggedOut);
|
||||
}
|
||||
|
||||
// settings persist even on reset, and are not affected by this method
|
||||
|
||||
@@ -9,7 +9,6 @@ import { Jsonify } from "type-fest";
|
||||
import { awaitAsync, trackEmissions } from "../../../../spec";
|
||||
import { FakeStorageService } from "../../../../spec/fake-storage.service";
|
||||
import { AccountInfo } from "../../../auth/abstractions/account.service";
|
||||
import { AuthenticationStatus } from "../../../auth/enums/authentication-status";
|
||||
import { UserId } from "../../../types/guid";
|
||||
import { StorageServiceProvider } from "../../services/storage-service.provider";
|
||||
import { StateDefinition } from "../state-definition";
|
||||
@@ -84,7 +83,6 @@ describe("DefaultActiveUserState", () => {
|
||||
id: userId,
|
||||
email: `test${id}@example.com`,
|
||||
name: `Test User ${id}`,
|
||||
status: AuthenticationStatus.Unlocked,
|
||||
});
|
||||
await awaitAsync();
|
||||
};
|
||||
|
||||
@@ -3,7 +3,7 @@ import { firstValueFrom, map, from, zip } from "rxjs";
|
||||
import { EventCollectionService as EventCollectionServiceAbstraction } from "../../abstractions/event/event-collection.service";
|
||||
import { EventUploadService } from "../../abstractions/event/event-upload.service";
|
||||
import { OrganizationService } from "../../admin-console/abstractions/organization/organization.service.abstraction";
|
||||
import { AccountService } from "../../auth/abstractions/account.service";
|
||||
import { AuthService } from "../../auth/abstractions/auth.service";
|
||||
import { AuthenticationStatus } from "../../auth/enums/authentication-status";
|
||||
import { EventType } from "../../enums";
|
||||
import { EventData } from "../../models/data/event.data";
|
||||
@@ -18,7 +18,7 @@ export class EventCollectionService implements EventCollectionServiceAbstraction
|
||||
private stateProvider: StateProvider,
|
||||
private organizationService: OrganizationService,
|
||||
private eventUploadService: EventUploadService,
|
||||
private accountService: AccountService,
|
||||
private authService: AuthService,
|
||||
) {}
|
||||
|
||||
/** Adds an event to the active user's event collection
|
||||
@@ -71,12 +71,12 @@ export class EventCollectionService implements EventCollectionServiceAbstraction
|
||||
|
||||
const cipher$ = from(this.cipherService.get(cipherId));
|
||||
|
||||
const [accountInfo, orgIds, cipher] = await firstValueFrom(
|
||||
zip(this.accountService.activeAccount$, orgIds$, cipher$),
|
||||
const [authStatus, orgIds, cipher] = await firstValueFrom(
|
||||
zip(this.authService.activeAccountStatus$, orgIds$, cipher$),
|
||||
);
|
||||
|
||||
// The user must be authorized
|
||||
if (accountInfo.status != AuthenticationStatus.Unlocked) {
|
||||
if (authStatus != AuthenticationStatus.Unlocked) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@ import { firstValueFrom, map } from "rxjs";
|
||||
|
||||
import { ApiService } from "../../abstractions/api.service";
|
||||
import { EventUploadService as EventUploadServiceAbstraction } from "../../abstractions/event/event-upload.service";
|
||||
import { AccountService } from "../../auth/abstractions/account.service";
|
||||
import { AuthService } from "../../auth/abstractions/auth.service";
|
||||
import { AuthenticationStatus } from "../../auth/enums/authentication-status";
|
||||
import { EventData } from "../../models/data/event.data";
|
||||
import { EventRequest } from "../../models/request/event.request";
|
||||
@@ -18,7 +18,7 @@ export class EventUploadService implements EventUploadServiceAbstraction {
|
||||
private apiService: ApiService,
|
||||
private stateProvider: StateProvider,
|
||||
private logService: LogService,
|
||||
private accountService: AccountService,
|
||||
private authService: AuthService,
|
||||
) {}
|
||||
|
||||
init(checkOnInterval: boolean) {
|
||||
@@ -43,13 +43,16 @@ export class EventUploadService implements EventUploadServiceAbstraction {
|
||||
userId = await firstValueFrom(this.stateProvider.activeUserId$);
|
||||
}
|
||||
|
||||
// Get the auth status from the provided user or the active user
|
||||
const userAuth$ = this.accountService.accounts$.pipe(
|
||||
map((accounts) => accounts[userId]?.status === AuthenticationStatus.Unlocked),
|
||||
);
|
||||
if (!userId) {
|
||||
return;
|
||||
}
|
||||
|
||||
const isAuthenticated = await firstValueFrom(userAuth$);
|
||||
if (!isAuthenticated) {
|
||||
const isUnlocked = await firstValueFrom(
|
||||
this.authService
|
||||
.authStatusFor$(userId)
|
||||
.pipe(map((status) => status === AuthenticationStatus.Unlocked)),
|
||||
);
|
||||
if (!isUnlocked) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -138,7 +138,6 @@ describe("VaultTimeoutService", () => {
|
||||
if (globalSetups?.userId) {
|
||||
accountService.activeAccountSubject.next({
|
||||
id: globalSetups.userId as UserId,
|
||||
status: accounts[globalSetups.userId]?.authStatus,
|
||||
email: null,
|
||||
name: null,
|
||||
});
|
||||
|
||||
@@ -8,7 +8,6 @@ import {
|
||||
awaitAsync,
|
||||
mockAccountServiceWith,
|
||||
} from "../../../../spec";
|
||||
import { AuthenticationStatus } from "../../../auth/enums/authentication-status";
|
||||
import { CryptoService } from "../../../platform/abstractions/crypto.service";
|
||||
import { EncryptService } from "../../../platform/abstractions/encrypt.service";
|
||||
import { I18nService } from "../../../platform/abstractions/i18n.service";
|
||||
@@ -64,7 +63,6 @@ describe("SendService", () => {
|
||||
id: mockUserId,
|
||||
email: "email",
|
||||
name: "name",
|
||||
status: AuthenticationStatus.Unlocked,
|
||||
});
|
||||
|
||||
// Initial encrypted state
|
||||
|
||||
Reference in New Issue
Block a user