Add support for requesting and using otp for verifying some requests (#527)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2025-12-18 09:13:33 +00:00 · 2021-11-09 17:01:22 +01:00
parent 99ff3feb53
commit 8f177e2d3a
54 changed files with 746 additions and 223 deletions
--- a/common/src/services/auth.service.ts
+++ b/common/src/services/auth.service.ts
@@ -5,9 +5,9 @@ import { TwoFactorProviderType } from '../enums/twoFactorProviderType';
 import { AuthResult } from '../models/domain/authResult';
 import { SymmetricCryptoKey } from '../models/domain/symmetricCryptoKey';

-import { SetCryptoAgentKeyRequest } from '../models/request/account/setCryptoAgentKeyRequest';
-import { CryptoAgentUserKeyRequest } from '../models/request/cryptoAgentUserKeyRequest';
+import { SetKeyConnectorKeyRequest } from '../models/request/account/setKeyConnectorKeyRequest';
 import { DeviceRequest } from '../models/request/deviceRequest';
+import { KeyConnectorUserKeyRequest } from '../models/request/keyConnectorUserKeyRequest';
 import { KeysRequest } from '../models/request/keysRequest';
 import { PreloginRequest } from '../models/request/preloginRequest';
 import { TokenRequest } from '../models/request/tokenRequest';
@@ -20,7 +20,9 @@ import { AppIdService } from '../abstractions/appId.service';
 import { AuthService as AuthServiceAbstraction } from '../abstractions/auth.service';
 import { CryptoService } from '../abstractions/crypto.service';
 import { CryptoFunctionService } from '../abstractions/cryptoFunction.service';
+import { EnvironmentService } from '../abstractions/environment.service';
 import { I18nService } from '../abstractions/i18n.service';
+import { KeyConnectorService } from '../abstractions/keyConnector.service';
 import { LogService } from '../abstractions/log.service';
 import { MessagingService } from '../abstractions/messaging.service';
 import { PlatformUtilsService } from '../abstractions/platformUtils.service';
@@ -101,7 +103,8 @@ export class AuthService implements AuthServiceAbstraction {
        protected appIdService: AppIdService, private i18nService: I18nService,
        protected platformUtilsService: PlatformUtilsService, private messagingService: MessagingService,
        private vaultTimeoutService: VaultTimeoutService, private logService: LogService,
-        private cryptoFunctionService: CryptoFunctionService, private setCryptoKeys = true) {
+        private cryptoFunctionService: CryptoFunctionService, private environmentService: EnvironmentService,
+        private keyConnectorService: KeyConnectorService, private setCryptoKeys = true) {
    }

    init() {
@@ -365,16 +368,10 @@ export class AuthService implements AuthServiceAbstraction {
            // Skip this step during SSO new user flow. No key is returned from server.
            if (code == null || tokenResponse.key != null) {

-                if (tokenResponse.cryptoAgentUrl != null) {
-                    try {
-                        const userKeyResponse = await this.apiService.getUserKeyFromCryptoAgent(tokenResponse.cryptoAgentUrl);
-                        const keyArr = Utils.fromB64ToArray(userKeyResponse.key);
-                        const k = new SymmetricCryptoKey(keyArr);
-                        await this.cryptoService.setKey(k);
-                    } catch (e) {
-                        this.logService.error(e);
-                        throw new Error('Unable to reach crypto agent');
-                    }
+                if (tokenResponse.keyConnectorUrl != null) {
+                    await this.keyConnectorService.getAndSetKey(tokenResponse.keyConnectorUrl);
+                } else if (this.environmentService.getKeyConnectorUrl() != null) {
+                    await this.keyConnectorService.getAndSetKey();
                }

                await this.cryptoService.setEncKey(tokenResponse.key);
@@ -391,11 +388,11 @@ export class AuthService implements AuthServiceAbstraction {
                }

                await this.cryptoService.setEncPrivateKey(tokenResponse.privateKey);
-            } else if (tokenResponse.cryptoAgentUrl != null) {
+            } else if (tokenResponse.keyConnectorUrl != null) {
                const password = await this.cryptoFunctionService.randomBytes(64);

                const k = await this.cryptoService.makeKey(Utils.fromBufferToB64(password), this.tokenService.getEmail(), tokenResponse.kdf, tokenResponse.kdfIterations);
-                const cryptoAgentRequest = new CryptoAgentUserKeyRequest(k.encKeyB64);
+                const keyConnectorRequest = new KeyConnectorUserKeyRequest(k.encKeyB64);
                await this.cryptoService.setKey(k);

                const encKey = await this.cryptoService.makeEncKey(k);
@@ -404,16 +401,16 @@ export class AuthService implements AuthServiceAbstraction {
                const [pubKey, privKey] = await this.cryptoService.makeKeyPair();

                try {
-                    await this.apiService.postUserKeyToCryptoAgent(tokenResponse.cryptoAgentUrl, cryptoAgentRequest);
+                    await this.apiService.postUserKeyToKeyConnector(tokenResponse.keyConnectorUrl, keyConnectorRequest);
                } catch (e) {
-                    throw new Error('Unable to reach crypto agent');
+                    throw new Error('Unable to reach key connector');
                }

                const keys = new KeysRequest(pubKey, privKey.encryptedString);
-                const setPasswordRequest = new SetCryptoAgentKeyRequest(
+                const setPasswordRequest = new SetKeyConnectorKeyRequest(
                    encKey[1].encryptedString, tokenResponse.kdf, tokenResponse.kdfIterations, orgId, keys
                );
-                await this.apiService.postSetCryptoAgentKey(setPasswordRequest);
+                await this.apiService.postSetKeyConnectorKey(setPasswordRequest);
            }
        }