bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-06 00:13:28 +00:00
Code Issues Releases Wiki Activity

[PM-16793] port credential generator service to providers (#14071)

Browse Source 
* introduce extension service
* deprecate legacy forwarder types
* eliminate repeat algorithm emissions
* extend logging to preference management
* align forwarder ids with vendor ids
* fix duplicate policy emissions; debugging required logger enhancements

-----

Co-authored-by: Daniel James Smith <2670567+djsmith85@users.noreply.github.com>
This commit is contained in:
✨ Audrey ✨
2025-05-27 09:51:14 -04:00
committed by GitHub
parent f4f659c52a
commit 97a591e738
140 changed files with 3720 additions and 4085 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
apps/browser/src/_locales/en/messages.json
View File

@@ -2204,6 +2204,9 @@
"useThisPassword": {
"message": "Use this password"
},
"useThisPassphrase": {
"message": "Use this passphrase"
},
"useThisUsername": {
"message": "Use this username"
},

39
apps/desktop/src/locales/en/messages.json
View File

@@ -351,12 +351,6 @@
"other": {
"message": "Other"
},
"generatePassword": {
"message": "Generate password"
},
"generatePassphrase": {
"message": "Generate passphrase"
},
"type": {
"message": "Type"
},
@@ -2633,6 +2627,24 @@
"usernameGenerator": {
"message": "Username generator"
},
"generatePassword": {
"message": "Generate password"
},
"generatePassphrase": {
"message": "Generate passphrase"
},
"passwordGenerated": {
"message": "Password generated"
},
"passphraseGenerated": {
"message": "Passphrase generated"
},
"usernameGenerated": {
"message": "Username generated"
},
"emailGenerated": {
"message": "Email generated"
},
"spinboxBoundariesHint": {
"message": "Value must be between $MIN$ and $MAX$.",
"description": "Explains spin box minimum and maximum values to the user",
@@ -2686,6 +2698,15 @@
"useThisEmail": {
"message": "Use this email"
},
"useThisPassword": {
"message": "Use this password"
},
"useThisPassphrase": {
"message": "Use this passphrase"
},
"useThisUsername": {
"message": "Use this username"
},
"random": {
"message": "Random"
},
@@ -3051,12 +3072,6 @@
"weakAndBreachedMasterPasswordDesc": {
"message": "Weak password identified and found in a data breach. Use a strong and unique password to protect your account. Are you sure you want to use this password?"
},
"useThisPassword": {
"message": "Use this password"
},
"useThisUsername": {
"message": "Use this username"
},
"checkForBreaches": {
"message": "Check known data breaches for this password"
},

26
apps/web/src/app/admin-console/organizations/policies/password-generator.component.ts
View File

@@ -7,7 +7,7 @@ import { BehaviorSubject, map } from "rxjs";
import { PolicyType } from "@bitwarden/common/admin-console/enums";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { Generators } from "@bitwarden/generator-core";
import { BuiltIn, Profile } from "@bitwarden/generator-core";
import { BasePolicy, BasePolicyComponent } from "./base-policy.component";
@@ -26,14 +26,22 @@ export class PasswordGeneratorPolicy extends BasePolicy {
export class PasswordGeneratorPolicyComponent extends BasePolicyComponent {
// these properties forward the application default settings to the UI
// for HTML attribute bindings
protected readonly minLengthMin = Generators.password.settings.constraints.length.min;
protected readonly minLengthMax = Generators.password.settings.constraints.length.max;
protected readonly minNumbersMin = Generators.password.settings.constraints.minNumber.min;
protected readonly minNumbersMax = Generators.password.settings.constraints.minNumber.max;
protected readonly minSpecialMin = Generators.password.settings.constraints.minSpecial.min;
protected readonly minSpecialMax = Generators.password.settings.constraints.minSpecial.max;
protected readonly minNumberWordsMin = Generators.passphrase.settings.constraints.numWords.min;
protected readonly minNumberWordsMax = Generators.passphrase.settings.constraints.numWords.max;
protected readonly minLengthMin =
BuiltIn.password.profiles[Profile.account].constraints.default.length.min;
protected readonly minLengthMax =
BuiltIn.password.profiles[Profile.account].constraints.default.length.max;
protected readonly minNumbersMin =
BuiltIn.password.profiles[Profile.account].constraints.default.minNumber.min;
protected readonly minNumbersMax =
BuiltIn.password.profiles[Profile.account].constraints.default.minNumber.max;
protected readonly minSpecialMin =
BuiltIn.password.profiles[Profile.account].constraints.default.minSpecial.min;
protected readonly minSpecialMax =
BuiltIn.password.profiles[Profile.account].constraints.default.minSpecial.max;
protected readonly minNumberWordsMin =
BuiltIn.passphrase.profiles[Profile.account].constraints.default.numWords.min;
protected readonly minNumberWordsMax =
BuiltIn.passphrase.profiles[Profile.account].constraints.default.numWords.max;
data = this.formBuilder.group({
overridePasswordType: [null],

27
apps/web/src/locales/en/messages.json
View File

@@ -547,12 +547,6 @@
"message": "Toggle collapse",
"description": "Toggling an expand/collapse state."
},
"generatePassword": {
"message": "Generate password"
},
"generatePassphrase": {
"message": "Generate passphrase"
},
"checkPassword": {
"message": "Check if password has been exposed."
},
@@ -6825,6 +6819,24 @@
"generateEmail": {
"message": "Generate email"
},
"generatePassword": {
"message": "Generate password"
},
"generatePassphrase": {
"message": "Generate passphrase"
},
"passwordGenerated": {
"message": "Password generated"
},
"passphraseGenerated": {
"message": "Passphrase generated"
},
"usernameGenerated": {
"message": "Username generated"
},
"emailGenerated": {
"message": "Email generated"
},
"spinboxBoundariesHint": {
"message": "Value must be between $MIN$ and $MAX$.",
"description": "Explains spin box minimum and maximum values to the user",
@@ -6888,6 +6900,9 @@
"useThisPassword": {
"message": "Use this password"
},
"useThisPassphrase": {
"message": "Use this passphrase"
},
"useThisUsername": {
"message": "Use this username"
},

1
libs/common/src/tools/extension/extension.service.spec.ts
View File

@@ -60,6 +60,7 @@ const SomeProvider = {
} as LegacyEncryptorProvider,
state: SomeStateProvider,
log: disabledSemanticLoggerProvider,
now: Date.now,
} as UserStateSubjectDependencyProvider;
const SomeExtension: ExtensionMetadata = {

24
libs/common/src/tools/log/disabled-logger.ts Normal file
View File

@@ -0,0 +1,24 @@
import { Jsonify } from "type-fest";
import { deepFreeze } from "../util";
import { SemanticLogger } from "./semantic-logger.abstraction";
/** All disabled loggers emitted by this module are `===` to this logger. */
export const DISABLED_LOGGER: SemanticLogger = deepFreeze({
debug<T>(_content: Jsonify<T>, _message?: string): void {},
info<T>(_content: Jsonify<T>, _message?: string): void {},
warn<T>(_content: Jsonify<T>, _message?: string): void {},
error<T>(_content: Jsonify<T>, _message?: string): void {},
panic<T>(content: Jsonify<T>, message?: string): never {
if (typeof content === "string" && !message) {
throw new Error(content);
} else {
throw new Error(message);
}
},
});

22
libs/common/src/tools/log/disabled-semantic-logger.ts
View File

@@ -1,22 +0,0 @@
import { Jsonify } from "type-fest";
import { SemanticLogger } from "./semantic-logger.abstraction";
/** Disables semantic logs. Still panics. */
export class DisabledSemanticLogger implements SemanticLogger {
debug<T>(_content: Jsonify<T>, _message?: string): void {}
info<T>(_content: Jsonify<T>, _message?: string): void {}
warn<T>(_content: Jsonify<T>, _message?: string): void {}
error<T>(_content: Jsonify<T>, _message?: string): void {}
panic<T>(content: Jsonify<T>, message?: string): never {
if (typeof content === "string" && !message) {
throw new Error(content);
} else {
throw new Error(message);
}
}
}

79
libs/common/src/tools/log/factory.ts
View File

@@ -3,11 +3,10 @@ import { Jsonify } from "type-fest";
import { LogService } from "../../platform/abstractions/log.service";
import { DefaultSemanticLogger } from "./default-semantic-logger";
import { DisabledSemanticLogger } from "./disabled-semantic-logger";
import { DISABLED_LOGGER } from "./disabled-logger";
import { SemanticLogger } from "./semantic-logger.abstraction";
/** A type for injection of a log provider */
export type LogProvider = <Context>(context: Jsonify<Context>) => SemanticLogger;
import { LogProvider } from "./types";
import { warnLoggingEnabled } from "./util";
/** Instantiates a semantic logger that emits nothing when a message
* is logged.
@@ -18,38 +17,72 @@ export type LogProvider = <Context>(context: Jsonify<Context>) => SemanticLogger
export function disabledSemanticLoggerProvider<Context extends object>(
_context: Jsonify<Context>,
): SemanticLogger {
return new DisabledSemanticLogger();
return DISABLED_LOGGER;
}
/** Instantiates a semantic logger that emits logs to the console.
* @param context a static payload that is cloned when the logger
* logs a message. The `messages`, `level`, and `content` fields
* are reserved for use by loggers.
* @param settings specializes how the semantic logger functions.
* If this is omitted, the logger suppresses debug messages.
* @param logService writes semantic logs to the console
*/
export function consoleSemanticLoggerProvider<Context extends object>(
logger: LogService,
context: Jsonify<Context>,
): SemanticLogger {
return new DefaultSemanticLogger(logger, context);
export function consoleSemanticLoggerProvider(logService: LogService): LogProvider {
function provider<Context extends object>(context: Jsonify<Context>) {
const logger = new DefaultSemanticLogger(logService, context);
warnLoggingEnabled(logService, "consoleSemanticLoggerProvider", context);
return logger;
}
return provider;
}
/** Instantiates a semantic logger that emits logs to the console.
/** Instantiates a semantic logger that emits logs to the console when the
* context's `type` matches its values.
* @param logService writes semantic logs to the console
* @param types the values to match against
*/
export function enableLogForTypes(logService: LogService, types: string[]): LogProvider {
if (types.length) {
warnLoggingEnabled(logService, "enableLogForTypes", { types });
}
function provider<Context extends object>(context: Jsonify<Context>) {
const { type } = context as { type?: unknown };
if (typeof type === "string" && types.includes(type)) {
const logger = new DefaultSemanticLogger(logService, context);
warnLoggingEnabled(logService, "enableLogForTypes", {
targetType: type,
available: types,
loggerContext: context,
});
return logger;
} else {
return DISABLED_LOGGER;
}
}
return provider;
}
/** Instantiates a semantic logger that emits logs to the console when its enabled.
* @param enable logs are emitted when this is true
* @param logService writes semantic logs to the console
* @param context a static payload that is cloned when the logger
* logs a message. The `messages`, `level`, and `content` fields
* are reserved for use by loggers.
* @param settings specializes how the semantic logger functions.
* If this is omitted, the logger suppresses debug messages.
* logs a message.
*
* @remarks The `message`, `level`, `provider`, and `content` fields
* are reserved for use by the semantic logging system.
*/
export function ifEnabledSemanticLoggerProvider<Context extends object>(
enable: boolean,
logger: LogService,
logService: LogService,
context: Jsonify<Context>,
) {
if (enable) {
return consoleSemanticLoggerProvider(logger, context);
const logger = new DefaultSemanticLogger(logService, context);
warnLoggingEnabled(logService, "ifEnabledSemanticLoggerProvider", context);
return logger;
} else {
return disabledSemanticLoggerProvider(context);
return DISABLED_LOGGER;
}
}

2
libs/common/src/tools/log/index.ts
View File

@@ -1,2 +1,4 @@
export * from "./factory";
export * from "./disabled-logger";
export { LogProvider } from "./types";
export { SemanticLogger } from "./semantic-logger.abstraction";

11
libs/common/src/tools/log/types.ts Normal file
View File

@@ -0,0 +1,11 @@
import { Jsonify } from "type-fest";
import { SemanticLogger } from "./semantic-logger.abstraction";
/** Creates a semantic logger.
* @param context all logs emitted by the logger are extended with
* these fields.
* @remarks The `message`, `level`, `provider`, and `content` fields
* are reserved for use by the semantic logging system.
*/
export type LogProvider = <Context extends object>(context: Jsonify<Context>) => SemanticLogger;

12
libs/common/src/tools/log/util.ts Normal file
View File

@@ -0,0 +1,12 @@
import { LogService } from "../../platform/abstractions/log.service";
// show our GRIT - these functions implement generalized logging
// controls and should return DISABLED_LOGGER in production.
export function warnLoggingEnabled(logService: LogService, method: string, context?: any) {
logService.warning({
method,
context,
provider: "tools/log",
message: "Semantic logging enabled. 🦟 Please report this bug if you see it 🦟",
});
}

2
libs/common/src/tools/private-classifier.ts
View File

@@ -17,7 +17,7 @@ export class PrivateClassifier<Data> implements Classifier<Data, Record<string,
}
const secret = picked as Jsonify<Data>;
return { disclosed: {}, secret };
return { disclosed: null, secret };
}
declassify(_disclosed: Jsonify<Record<keyof Data, never>>, secret: Jsonify<Data>) {

2
libs/common/src/tools/public-classifier.ts
View File

@@ -16,7 +16,7 @@ export class PublicClassifier<Data> implements Classifier<Data, Data, Record<str
}
const disclosed = picked as Jsonify<Data>;
return { disclosed, secret: "" };
return { disclosed, secret: null };
}
declassify(disclosed: Jsonify<Data>, _secret: Jsonify<Record<keyof Data, never>>) {

13
libs/common/src/tools/rx.rxjs.ts Normal file
View File

@@ -0,0 +1,13 @@
import { Observable } from "rxjs";
/**
* Used to infer types from arguments to functions like {@link withLatestReady}.
* So that you can have `forkJoin([Observable<A>, PromiseLike<B>]): Observable<[A, B]>`
* et al.
* @remarks this type definition is derived from rxjs' {@link ObservableInputTuple}.
* The difference is it *only* works with observables, while the rx version works
* with any thing that can become an observable.
*/
export type ObservableTuple<T> = {
[K in keyof T]: Observable<T[K]>;
};

1504
libs/common/src/tools/rx.spec.ts
View File

File diff suppressed because it is too large Load Diff

82
libs/common/src/tools/rx.ts
View File

@@ -20,8 +20,13 @@ import {
startWith,
pairwise,
MonoTypeOperatorFunction,
Cons,
scan,
filter,
} from "rxjs";
import { ObservableTuple } from "./rx.rxjs";
/** Returns its input. */
function identity(value: any): any {
return value;
@@ -164,26 +169,30 @@ export function ready<T>(watch$: Observable<any> | Observable<any>[]) {
);
}
export function withLatestReady<Source, Watch>(
watch$: Observable<Watch>,
): OperatorFunction<Source, [Source, Watch]> {
export function withLatestReady<Source, Watch extends readonly unknown[]>(
...watches$: [...ObservableTuple<Watch>]
): OperatorFunction<Source, Cons<Source, Watch>> {
return connect((source$) => {
// these subscriptions are safe because `source$` connects only after there
// is an external subscriber.
const source = new ReplaySubject<Source>(1);
source$.subscribe(source);
const watch = new ReplaySubject<Watch>(1);
watch$.subscribe(watch);
const watches = watches$.map((w) => {
const watch$ = new ReplaySubject<unknown>(1);
w.subscribe(watch$);
return watch$;
}) as [...ObservableTuple<Watch>];
// `concat` is subscribed immediately after it's returned, at which point
// `zip` blocks until all items in `watching$` are ready. If that occurs
// `zip` blocks until all items in `watches` are ready. If that occurs
// after `source$` is hot, then the replay subject sends the last-captured
// emission through immediately. Otherwise, `ready` waits for the next
// emission
return concat(zip(watch).pipe(first(), ignoreElements()), source).pipe(
withLatestFrom(watch),
// emission through immediately. Otherwise, `withLatestFrom` waits for the
// next emission
return concat(zip(watches).pipe(first(), ignoreElements()), source).pipe(
withLatestFrom(...watches),
takeUntil(anyComplete(source)),
);
) as Observable<Cons<Source, Watch>>;
});
}
@@ -238,3 +247,54 @@ export function pin<T>(options?: {
}),
);
}
/** maps a value to a result and keeps a cache of the mapping
* @param mapResult - maps the stream to a result; this function must return
* a value. It must not return null or undefined.
* @param options.size - the number of entries in the cache
* @param options.key - maps the source to a cache key
* @remarks this method is useful for optimization of expensive
* `mapResult` calls. It's also useful when an interned reference type
* is needed.
*/
export function memoizedMap<Source, Result extends NonNullable<any>>(
mapResult: (source: Source) => Result,
options?: { size?: number; key?: (source: Source) => unknown },
): OperatorFunction<Source, Result> {
return pipe(
// scan's accumulator contains the cache
scan(
([cache], source) => {
const key: unknown = options?.key?.(source) ?? source;
// cache hit?
let result = cache?.get(key);
if (result) {
return [cache, result] as const;
}
// cache miss
result = mapResult(source);
cache?.set(key, result);
// trim cache
const overage = cache.size - (options?.size ?? 1);
if (overage > 0) {
Array.from(cache?.keys() ?? [])
.slice(0, overage)
.forEach((k) => cache?.delete(k));
}
return [cache, result] as const;
},
// FIXME: upgrade to a least-recently-used cache
[new Map(), null] as [Map<unknown, Result>, Source | null],
),
// encapsulate cache
map(([, result]) => result),
// preserve `NonNullable` constraint on `Result`
filter((result): result is Result => !!result),
);
}

5
libs/common/src/tools/state/user-state-subject-dependency-provider.ts
View File

@@ -15,4 +15,9 @@ export abstract class UserStateSubjectDependencyProvider {
// FIXME: remove `log` and inject the system provider into the USS instead
/** Provides semantic logging */
abstract log: <Context extends object>(_context: Jsonify<Context>) => SemanticLogger;
/** Get the system time as a number of seconds since the unix epoch
* @remarks this can be turned into a date using `new Date(provider.now())`
*/
abstract now: () => number;
}

1
libs/common/src/tools/state/user-state-subject.spec.ts
View File

@@ -90,6 +90,7 @@ const SomeProvider = {
} as LegacyEncryptorProvider,
state: SomeStateProvider,
log: disabledSemanticLoggerProvider,
now: () => 100,
};
function fooMaxLength(maxLength: number): StateConstraints<TestType> {

7
libs/common/src/tools/state/user-state-subject.ts
View File

@@ -477,7 +477,12 @@ export class UserStateSubject<
* @returns the subscription
*/
subscribe(observer?: Partial<Observer<State>> | ((value: State) => void) | null): Subscription {
return this.output.pipe(map((wc) => wc.state)).subscribe(observer);
return this.output
.pipe(
map((wc) => wc.state),
distinctUntilChanged(),
)
.subscribe(observer);
}
// using subjects to ensure the right semantics are followed;

5
libs/common/src/tools/types.ts
View File

@@ -2,6 +2,11 @@ import { Simplify } from "type-fest";
import { IntegrationId } from "./integration";
/** When this is a string, it contains the i18n key. When it is an object, the `literal` member
* contains text that should not be translated.
*/
export type I18nKeyOrLiteral = string | { literal: string };
/** Constraints that are shared by all primitive field types */
type PrimitiveConstraint = {
/** `true` indicates the field is required; otherwise the field is optional */

16
libs/common/src/tools/util.ts
View File

@@ -1,3 +1,5 @@
import { I18nKeyOrLiteral } from "./types";
/** Recursively freeze an object's own keys
* @param value the value to freeze
* @returns `value`
@@ -10,10 +12,22 @@ export function deepFreeze<T extends object>(value: T): Readonly<T> {
for (const key of keys) {
const own = value[key];
if ((own && typeof own === "object") || typeof own === "function") {
if (own && typeof own === "object") {
deepFreeze(own);
}
}
return Object.freeze(value);
}
/** Type guard that returns `true` when the value is an i18n key. */
export function isI18nKey(value: I18nKeyOrLiteral): value is string {
return typeof value === "string";
}
/** Type guard that returns `true` when the value requires no translation.
* @remarks the literal value can be accessed using the `.literal` property.
*/
export function isLiteral(value: I18nKeyOrLiteral): value is { literal: string } {
return typeof value === "object" && "literal" in value;
}

6
libs/tools/export/vault-export/vault-export-ui/src/components/export.component.ts
View File

@@ -57,7 +57,7 @@ import {
ToastService,
} from "@bitwarden/components";
import { GeneratorServicesModule } from "@bitwarden/generator-components";
import { CredentialGeneratorService, GenerateRequest, Generators } from "@bitwarden/generator-core";
import { CredentialGeneratorService, GenerateRequest, Type } from "@bitwarden/generator-core";
import { ExportedVault, VaultExportServiceAbstraction } from "@bitwarden/vault-export-core";
import { EncryptedExportType } from "../enums/encrypted-export-type.enum";
@@ -248,7 +248,7 @@ export class ExportComponent implements OnInit, OnDestroy, AfterViewInit {
}),
);
this.generatorService
.generate$(Generators.password, { on$: this.onGenerate$, account$ })
.generate$({ on$: this.onGenerate$, account$ })
.pipe(takeUntil(this.destroy$))
.subscribe((generated) => {
this.exportForm.patchValue({
@@ -379,7 +379,7 @@ export class ExportComponent implements OnInit, OnDestroy, AfterViewInit {
}
generatePassword = async () => {
this.onGenerate$.next({ source: "export" });
this.onGenerate$.next({ source: "export", type: Type.password });
};
submit = async () => {

19
libs/tools/generator/components/src/catchall-settings.component.ts
View File

@@ -1,5 +1,3 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import {
Component,
EventEmitter,
@@ -17,7 +15,7 @@ import { Account } from "@bitwarden/common/auth/abstractions/account.service";
import {
CatchallGenerationOptions,
CredentialGeneratorService,
Generators,
BuiltIn,
} from "@bitwarden/generator-core";
/** Options group for catchall emails */
@@ -28,7 +26,6 @@ import {
})
export class CatchallSettingsComponent implements OnInit, OnDestroy, OnChanges {
/** Instantiates the component
* @param accountService queries user availability
* @param generatorService settings and policy logic
* @param formBuilder reactive form controls
*/
@@ -37,24 +34,26 @@ export class CatchallSettingsComponent implements OnInit, OnDestroy, OnChanges {
private generatorService: CredentialGeneratorService,
) {}
/** Binds the component to a specific user's settings.
/** Binds the component to a specific user's settings.\
* @remarks this is initialized to null but since it's a required input it'll
* never have that value in practice.
*/
@Input({ required: true })
account: Account;
account!: Account;
private account$ = new ReplaySubject<Account>(1);
/** Emits settings updates and completes if the settings become unavailable.
* @remarks this does not emit the initial settings. If you would like
* to receive live settings updates including the initial update,
* use `CredentialGeneratorService.settings$(...)` instead.
* use `CredentialGeneratorService.settings(...)` instead.
*/
@Output()
readonly onUpdated = new EventEmitter<CatchallGenerationOptions>();
/** The template's control bindings */
protected settings = this.formBuilder.group({
catchallDomain: [Generators.catchall.settings.initial.catchallDomain],
catchallDomain: [""],
});
async ngOnChanges(changes: SimpleChanges) {
@@ -64,7 +63,7 @@ export class CatchallSettingsComponent implements OnInit, OnDestroy, OnChanges {
}
async ngOnInit() {
const settings = await this.generatorService.settings(Generators.catchall, {
const settings = await this.generatorService.settings(BuiltIn.catchall, {
account$: this.account$,
});
@@ -79,7 +78,7 @@ export class CatchallSettingsComponent implements OnInit, OnDestroy, OnChanges {
this.saveSettings
.pipe(
withLatestFrom(this.settings.valueChanges),
map(([, settings]) => settings),
map(([, settings]) => settings as CatchallGenerationOptions),
takeUntil(this.destroyed$),
)
.subscribe(settings);

19
libs/tools/generator/components/src/credential-generator-history.component.ts
View File

@@ -6,6 +6,7 @@ import { BehaviorSubject, ReplaySubject, Subject, map, switchMap, takeUntil, tap
import { JslibModule } from "@bitwarden/angular/jslib.module";
import { Account } from "@bitwarden/common/auth/abstractions/account.service";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
import {
SemanticLogger,
@@ -19,10 +20,11 @@ import {
ItemModule,
NoItemsModule,
} from "@bitwarden/components";
import { CredentialGeneratorService } from "@bitwarden/generator-core";
import { AlgorithmsByType, CredentialGeneratorService } from "@bitwarden/generator-core";
import { GeneratedCredential, GeneratorHistoryService } from "@bitwarden/generator-history";
import { GeneratorModule } from "./generator.module";
import { translate } from "./util";
@Component({
standalone: true,
@@ -45,6 +47,7 @@ export class CredentialGeneratorHistoryComponent implements OnChanges, OnInit, O
constructor(
private generatorService: CredentialGeneratorService,
private history: GeneratorHistoryService,
private i18nService: I18nService,
private logService: LogService,
) {}
@@ -94,13 +97,19 @@ export class CredentialGeneratorHistoryComponent implements OnChanges, OnInit, O
}
protected getCopyText(credential: GeneratedCredential) {
const info = this.generatorService.algorithm(credential.category);
return info.copy;
// there isn't a way way to look up category metadata so
// bodge it by looking up algorithm metadata
const [id] = AlgorithmsByType[credential.category];
const info = this.generatorService.algorithm(id);
return translate(info.i18nKeys.copyCredential, this.i18nService);
}
protected getGeneratedValueText(credential: GeneratedCredential) {
const info = this.generatorService.algorithm(credential.category);
return info.credentialType;
// there isn't a way way to look up category metadata so
// bodge it by looking up algorithm metadata
const [id] = AlgorithmsByType[credential.category];
const info = this.generatorService.algorithm(id);
return translate(info.i18nKeys.credentialType, this.i18nService);
}
ngOnDestroy() {

10
libs/tools/generator/components/src/credential-generator.component.html
View File

@@ -42,13 +42,13 @@
</bit-card>
<tools-password-settings
class="tw-mt-6"
*ngIf="(showAlgorithm$ | async)?.id === 'password'"
*ngIf="(showAlgorithm$ | async)?.id === Algorithm.password"
[account]="account$ | async"
(onUpdated)="generate('password settings')"
/>
<tools-passphrase-settings
class="tw-mt-6"
*ngIf="(showAlgorithm$ | async)?.id === 'passphrase'"
*ngIf="(showAlgorithm$ | async)?.id === Algorithm.passphrase"
[account]="account$ | async"
(onUpdated)="generate('passphrase settings')"
/>
@@ -84,7 +84,7 @@
</bit-form-field>
</form>
<tools-catchall-settings
*ngIf="(showAlgorithm$ | async)?.id === 'catchall'"
*ngIf="(showAlgorithm$ | async)?.id === Algorithm.catchall"
[account]="account$ | async"
(onUpdated)="generate('catchall settings')"
/>
@@ -94,12 +94,12 @@
[forwarder]="forwarderId$ | async"
/>
<tools-subaddress-settings
*ngIf="(showAlgorithm$ | async)?.id === 'subaddress'"
*ngIf="(showAlgorithm$ | async)?.id === Algorithm.plusAddress"
[account]="account$ | async"
(onUpdated)="generate('subaddress settings')"
/>
<tools-username-settings
*ngIf="(showAlgorithm$ | async)?.id === 'username'"
*ngIf="(showAlgorithm$ | async)?.id === Algorithm.username"
[account]="account$ | async"
(onUpdated)="generate('username settings')"
/>

300
libs/tools/generator/components/src/credential-generator.component.ts
View File

@@ -1,5 +1,3 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { LiveAnnouncer } from "@angular/cdk/a11y";
import {
Component,
@@ -24,15 +22,15 @@ import {
map,
ReplaySubject,
Subject,
switchMap,
takeUntil,
tap,
withLatestFrom,
} from "rxjs";
import { Account, AccountService } from "@bitwarden/common/auth/abstractions/account.service";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
import { IntegrationId } from "@bitwarden/common/tools/integration";
import { VendorId } from "@bitwarden/common/tools/extension";
import {
SemanticLogger,
disabledSemanticLoggerProvider,
@@ -41,23 +39,25 @@ import {
import { UserId } from "@bitwarden/common/types/guid";
import { ToastService, Option } from "@bitwarden/components";
import {
AlgorithmInfo,
CredentialAlgorithm,
CredentialCategory,
CredentialType,
CredentialGeneratorService,
GenerateRequest,
GeneratedCredential,
Generators,
getForwarderConfiguration,
isEmailAlgorithm,
isForwarderIntegration,
isPasswordAlgorithm,
isForwarderExtensionId,
isSameAlgorithm,
isEmailAlgorithm,
isUsernameAlgorithm,
toCredentialGeneratorConfiguration,
isPasswordAlgorithm,
CredentialAlgorithm,
AlgorithmMetadata,
Algorithm,
AlgorithmsByType,
Type,
} from "@bitwarden/generator-core";
import { GeneratorHistoryService } from "@bitwarden/generator-history";
import { translate } from "./util";
// constants used to identify navigation selections that are not
// generator algorithms
const IDENTIFIER = "identifier";
@@ -84,11 +84,14 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
private ariaLive: LiveAnnouncer,
) {}
/** exports algorithm symbols to the template */
protected readonly Algorithm = Algorithm;
/** Binds the component to a specific user's settings. When this input is not provided,
* the form binds to the active user
*/
@Input()
account: Account | null;
account: Account | null = null;
/** Send structured debug logs from the credential generator component
* to the debugger console.
@@ -127,7 +130,7 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
@Output()
readonly onGenerated = new EventEmitter<GeneratedCredential>();
protected root$ = new BehaviorSubject<{ nav: string }>({
protected root$ = new BehaviorSubject<{ nav: string | null }>({
nav: null,
});
@@ -141,11 +144,11 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
}
protected username = this.formBuilder.group({
nav: [null as string],
nav: [null as string | null],
});
protected forwarder = this.formBuilder.group({
nav: [null as string],
nav: [null as string | null],
});
async ngOnInit() {
@@ -154,33 +157,52 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
});
if (!this.account) {
this.account = await firstValueFrom(this.accountService.activeAccount$);
this.log.info(
{ userId: this.account.id },
"account not specified; using active account settings",
);
this.account$.next(this.account);
const account = await firstValueFrom(this.accountService.activeAccount$);
if (!account) {
this.log.panic("active account cannot be `null`.");
}
this.log.info({ userId: account.id }, "account not specified; using active account settings");
this.account$.next(account);
}
this.generatorService
.algorithms$(["email", "username"], { account$: this.account$ })
combineLatest([
this.generatorService.algorithms$("email", { account$: this.account$ }),
this.generatorService.algorithms$("username", { account$: this.account$ }),
])
.pipe(
map((algorithms) => algorithms.flat()),
map((algorithms) => {
const usernames = algorithms.filter((a) => !isForwarderIntegration(a.id));
// construct options for username and email algorithms; replace forwarder
// entry with a virtual entry for drill-down
const usernames = algorithms.filter((a) => !isForwarderExtensionId(a.id));
usernames.sort((a, b) => a.weight - b.weight);
const usernameOptions = this.toOptions(usernames);
usernameOptions.push({ value: FORWARDER, label: this.i18nService.t("forwardedEmail") });
usernameOptions.splice(-1, 0, {
value: FORWARDER,
label: this.i18nService.t("forwardedEmail"),
});
const forwarders = algorithms.filter((a) => isForwarderIntegration(a.id));
// construct options for forwarder algorithms; they get their own selection box
const forwarders = algorithms.filter((a) => isForwarderExtensionId(a.id));
forwarders.sort((a, b) => a.weight - b.weight);
const forwarderOptions = this.toOptions(forwarders);
forwarderOptions.unshift({ value: NONE_SELECTED, label: this.i18nService.t("select") });
return [usernameOptions, forwarderOptions] as const;
}),
tap((algorithms) =>
this.log.debug({ algorithms: algorithms as object }, "algorithms loaded"),
),
takeUntil(this.destroyed),
)
.subscribe(([usernames, forwarders]) => {
this.usernameOptions$.next(usernames);
this.forwarderOptions$.next(forwarders);
// update subjects within the angular zone so that the
// template bindings refresh immediately
this.zone.run(() => {
this.usernameOptions$.next(usernames);
this.forwarderOptions$.next(forwarders);
});
});
this.generatorService
@@ -195,9 +217,15 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
)
.subscribe(this.rootOptions$);
this.algorithm$
this.maybeAlgorithm$
.pipe(
map((a) => a?.description),
map((a) => {
if (a?.i18nKeys?.description) {
return translate(a.i18nKeys.description, this.i18nService);
} else {
return "";
}
}),
takeUntil(this.destroyed),
)
.subscribe((hint) => {
@@ -208,9 +236,9 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
});
});
this.algorithm$
this.maybeAlgorithm$
.pipe(
map((a) => a?.category),
map((a) => a?.type),
distinctUntilChanged(),
takeUntil(this.destroyed),
)
@@ -223,10 +251,12 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
});
// wire up the generator
this.algorithm$
this.generatorService
.generate$({
on$: this.generate$,
account$: this.account$,
})
.pipe(
filter((algorithm) => !!algorithm),
switchMap((algorithm) => this.typeToGenerator$(algorithm.id)),
catchError((error: unknown, generator) => {
if (typeof error === "string") {
this.toastService.showToast({
@@ -241,11 +271,14 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
// continue with origin stream
return generator;
}),
withLatestFrom(this.account$, this.algorithm$),
withLatestFrom(this.account$, this.maybeAlgorithm$),
takeUntil(this.destroyed),
)
.subscribe(([generated, account, algorithm]) => {
this.log.debug({ source: generated.source }, "credential generated");
this.log.debug(
{ source: generated.source ?? null, algorithm: algorithm?.id ?? null },
"credential generated",
);
this.generatorHistoryService
.track(account.id, generated.credential, generated.category, generated.generationDate)
@@ -256,8 +289,8 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
// update subjects within the angular zone so that the
// template bindings refresh immediately
this.zone.run(() => {
if (generated.source === this.USER_REQUEST) {
this.announce(algorithm.onGeneratedMessage);
if (algorithm && generated.source === this.USER_REQUEST) {
this.announce(translate(algorithm.i18nKeys.credentialGenerated, this.i18nService));
}
this.generatedCredential$.next(generated);
@@ -274,36 +307,46 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
this.root$
.pipe(
map(
(root): CascadeValue =>
root.nav === IDENTIFIER
? { nav: root.nav }
: { nav: root.nav, algorithm: JSON.parse(root.nav) },
),
map((root): CascadeValue => {
if (root.nav === IDENTIFIER) {
return { nav: root.nav };
} else if (root.nav) {
return { nav: root.nav, algorithm: JSON.parse(root.nav) };
} else {
return { nav: IDENTIFIER };
}
}),
takeUntil(this.destroyed),
)
.subscribe(activeRoot$);
this.username.valueChanges
.pipe(
map(
(username): CascadeValue =>
username.nav === FORWARDER
? { nav: username.nav }
: { nav: username.nav, algorithm: JSON.parse(username.nav) },
),
map((username): CascadeValue => {
if (username.nav === FORWARDER) {
return { nav: username.nav };
} else if (username.nav) {
return { nav: username.nav, algorithm: JSON.parse(username.nav) };
} else {
const [algorithm] = AlgorithmsByType[Type.username];
return { nav: JSON.stringify(algorithm), algorithm };
}
}),
takeUntil(this.destroyed),
)
.subscribe(activeIdentifier$);
this.forwarder.valueChanges
.pipe(
map(
(forwarder): CascadeValue =>
forwarder.nav === NONE_SELECTED
? { nav: forwarder.nav }
: { nav: forwarder.nav, algorithm: JSON.parse(forwarder.nav) },
),
map((forwarder): CascadeValue => {
if (forwarder.nav === NONE_SELECTED) {
return { nav: forwarder.nav };
} else if (forwarder.nav) {
return { nav: forwarder.nav, algorithm: JSON.parse(forwarder.nav) };
} else {
return { nav: NONE_SELECTED };
}
}),
takeUntil(this.destroyed),
)
.subscribe(activeForwarder$);
@@ -314,7 +357,7 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
map(([root, username, forwarder]) => {
const showForwarder = !root.algorithm && !username.algorithm;
const forwarderId =
showForwarder && isForwarderIntegration(forwarder.algorithm)
showForwarder && forwarder.algorithm && isForwarderExtensionId(forwarder.algorithm)
? forwarder.algorithm.forwarder
: null;
return [showForwarder, forwarderId] as const;
@@ -344,47 +387,51 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
return null;
}
}),
distinctUntilChanged((prev, next) => isSameAlgorithm(prev?.id, next?.id)),
distinctUntilChanged((prev, next) => {
if (prev === null || next === null) {
return false;
} else {
return isSameAlgorithm(prev.id, next.id);
}
}),
takeUntil(this.destroyed),
)
.subscribe((algorithm) => {
this.log.debug(algorithm, "algorithm selected");
this.log.debug({ algorithm: algorithm?.id ?? null }, "algorithm selected");
// update subjects within the angular zone so that the
// template bindings refresh immediately
this.zone.run(() => {
this.algorithm$.next(algorithm);
this.maybeAlgorithm$.next(algorithm);
});
});
// assume the last-selected generator algorithm is the user's preferred one
const preferences = await this.generatorService.preferences({ account$: this.account$ });
this.algorithm$
.pipe(
filter((algorithm) => !!algorithm),
withLatestFrom(preferences),
takeUntil(this.destroyed),
)
.pipe(withLatestFrom(preferences), takeUntil(this.destroyed))
.subscribe(([algorithm, preference]) => {
function setPreference(category: CredentialCategory, log: SemanticLogger) {
const p = preference[category];
function setPreference(type: CredentialType) {
const p = preference[type];
p.algorithm = algorithm.id;
p.updated = new Date();
log.info({ algorithm, category }, "algorithm preferences updated");
}
// `is*Algorithm` decides `algorithm`'s type, which flows into `setPreference`
if (isEmailAlgorithm(algorithm.id)) {
setPreference("email", this.log);
setPreference("email");
} else if (isUsernameAlgorithm(algorithm.id)) {
setPreference("username", this.log);
setPreference("username");
} else if (isPasswordAlgorithm(algorithm.id)) {
setPreference("password", this.log);
setPreference("password");
} else {
return;
}
this.log.info(
{ algorithm: algorithm.id, type: algorithm.type },
"algorithm preferences updated",
);
preferences.next(preference);
});
@@ -392,10 +439,12 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
preferences
.pipe(
map(({ email, username, password }) => {
const forwarderPref = isForwarderIntegration(email.algorithm) ? email : null;
const usernamePref = email.updated > username.updated ? email : username;
const forwarderPref = isForwarderExtensionId(usernamePref.algorithm)
? usernamePref
: null;
// inject drilldown flags
// inject drill-down flags
const forwarderNav = !forwarderPref
? NONE_SELECTED
: JSON.stringify(forwarderPref.algorithm);
@@ -411,14 +460,14 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
selection: { nav: rootNav },
active: {
nav: rootNav,
algorithm: rootNav === IDENTIFIER ? null : password.algorithm,
algorithm: rootNav === IDENTIFIER ? undefined : password.algorithm,
} as CascadeValue,
},
username: {
selection: { nav: userNav },
active: {
nav: userNav,
algorithm: forwarderPref ? null : usernamePref.algorithm,
algorithm: forwarderPref ? undefined : usernamePref.algorithm,
},
},
forwarder: {
@@ -435,6 +484,15 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
takeUntil(this.destroyed),
)
.subscribe(({ root, username, forwarder }) => {
this.log.debug(
{
root: root.selection,
username: username.selection,
forwarder: forwarder.selection,
},
"navigation updated",
);
// update navigation; break subscription loop
this.onRootChanged(root.selection);
this.username.setValue(username.selection, { emitEvent: false });
@@ -448,16 +506,16 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
// automatically regenerate when the algorithm switches if the algorithm
// allows it; otherwise set a placeholder
this.algorithm$.pipe(takeUntil(this.destroyed)).subscribe((a) => {
this.maybeAlgorithm$.pipe(takeUntil(this.destroyed)).subscribe((a) => {
this.zone.run(() => {
if (!a || a.onlyOnRequest) {
this.log.debug("autogeneration disabled; clearing generated credential");
this.generatedCredential$.next(null);
} else {
if (a?.capabilities?.autogenerate) {
this.log.debug("autogeneration enabled");
this.generate("autogenerate").catch((e: unknown) => {
this.log.error(e as object, "a failure occurred during autogeneration");
});
} else {
this.log.debug("autogeneration disabled; clearing generated credential");
this.generatedCredential$.next(undefined);
}
});
});
@@ -469,41 +527,6 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
this.ariaLive.announce(message).catch((e) => this.logService.error(e));
}
private typeToGenerator$(algorithm: CredentialAlgorithm) {
const dependencies = {
on$: this.generate$,
account$: this.account$,
};
this.log.debug({ algorithm }, "constructing generation stream");
switch (algorithm) {
case "catchall":
return this.generatorService.generate$(Generators.catchall, dependencies);
case "subaddress":
return this.generatorService.generate$(Generators.subaddress, dependencies);
case "username":
return this.generatorService.generate$(Generators.username, dependencies);
case "password":
return this.generatorService.generate$(Generators.password, dependencies);
case "passphrase":
return this.generatorService.generate$(Generators.passphrase, dependencies);
}
if (isForwarderIntegration(algorithm)) {
const forwarder = getForwarderConfiguration(algorithm.forwarder);
const configuration = toCredentialGeneratorConfiguration(forwarder);
const generator = this.generatorService.generate$(configuration, dependencies);
return generator;
}
this.log.panic({ algorithm }, `Invalid generator type: "${algorithm}"`);
}
/** Lists the top-level credential types supported by the component.
* @remarks This is string-typed because angular doesn't support
* structural equality for objects, which prevents `CredentialAlgorithm`
@@ -519,15 +542,20 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
protected forwarderOptions$ = new BehaviorSubject<Option<string>[]>([]);
/** Tracks the currently selected forwarder. */
protected forwarderId$ = new BehaviorSubject<IntegrationId>(null);
protected forwarderId$ = new BehaviorSubject<VendorId | null>(null);
/** Tracks forwarder control visibility */
protected showForwarder$ = new BehaviorSubject<boolean>(false);
/** tracks the currently selected credential type */
protected algorithm$ = new ReplaySubject<AlgorithmInfo>(1);
protected maybeAlgorithm$ = new ReplaySubject<AlgorithmMetadata | null>(1);
protected showAlgorithm$ = this.algorithm$.pipe(
/** tracks the last valid algorithm selection */
protected algorithm$ = this.maybeAlgorithm$.pipe(
filter((algorithm): algorithm is AlgorithmMetadata => !!algorithm),
);
protected showAlgorithm$ = this.maybeAlgorithm$.pipe(
combineLatestWith(this.showForwarder$),
map(([algorithm, showForwarder]) => (showForwarder ? null : algorithm)),
);
@@ -536,33 +564,32 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
* Emits the copy button aria-label respective of the selected credential type
*/
protected credentialTypeCopyLabel$ = this.algorithm$.pipe(
filter((algorithm) => !!algorithm),
map(({ copy }) => copy),
map(({ i18nKeys: { copyCredential } }) => translate(copyCredential, this.i18nService)),
);
/**
* Emits the generate button aria-label respective of the selected credential type
*/
protected credentialTypeGenerateLabel$ = this.algorithm$.pipe(
filter((algorithm) => !!algorithm),
map(({ generate }) => generate),
map(({ i18nKeys: { generateCredential } }) => translate(generateCredential, this.i18nService)),
);
/**
* Emits the copy credential toast respective of the selected credential type
*/
protected credentialTypeLabel$ = this.algorithm$.pipe(
filter((algorithm) => !!algorithm),
map(({ credentialType }) => credentialType),
map(({ i18nKeys: { credentialType } }) => translate(credentialType, this.i18nService)),
);
/** Emits hint key for the currently selected credential type */
protected credentialTypeHint$ = new ReplaySubject<string>(1);
protected credentialTypeHint$ = new ReplaySubject<string | undefined>(1);
/** tracks the currently selected credential category */
protected category$ = new ReplaySubject<string>(1);
protected category$ = new ReplaySubject<string | undefined>(1);
private readonly generatedCredential$ = new BehaviorSubject<GeneratedCredential>(null);
private readonly generatedCredential$ = new BehaviorSubject<GeneratedCredential | undefined>(
undefined,
);
/** Emits the last generated value. */
protected readonly value$ = this.generatedCredential$.pipe(
@@ -580,15 +607,20 @@ export class CredentialGeneratorComponent implements OnInit, OnChanges, OnDestro
* origin in the debugger.
*/
protected async generate(source: string) {
const request = { source, website: this.website };
const algorithm = await firstValueFrom(this.algorithm$);
const request: GenerateRequest = { source, algorithm: algorithm.id };
if (this.website) {
request.website = this.website;
}
this.log.debug(request, "generation requested");
this.generate$.next(request);
}
private toOptions(algorithms: AlgorithmInfo[]) {
private toOptions(algorithms: AlgorithmMetadata[]) {
const options: Option<string>[] = algorithms.map((algorithm) => ({
value: JSON.stringify(algorithm.id),
label: algorithm.name,
label: translate(algorithm.i18nKeys.name, this.i18nService),
}));
return options;

52
libs/tools/generator/components/src/forwarder-settings.component.ts
View File

@@ -1,5 +1,3 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import {
Component,
EventEmitter,
@@ -14,13 +12,11 @@ import { FormBuilder } from "@angular/forms";
import { map, ReplaySubject, skip, Subject, switchAll, takeUntil, withLatestFrom } from "rxjs";
import { Account } from "@bitwarden/common/auth/abstractions/account.service";
import { IntegrationId } from "@bitwarden/common/tools/integration";
import { VendorId } from "@bitwarden/common/tools/extension";
import {
CredentialGeneratorConfiguration,
CredentialGeneratorService,
getForwarderConfiguration,
NoPolicy,
toCredentialGeneratorConfiguration,
ForwarderOptions,
GeneratorMetadata,
} from "@bitwarden/generator-core";
const Controls = Object.freeze({
@@ -37,7 +33,6 @@ const Controls = Object.freeze({
})
export class ForwarderSettingsComponent implements OnInit, OnChanges, OnDestroy {
/** Instantiates the component
* @param accountService queries user availability
* @param generatorService settings and policy logic
* @param formBuilder reactive form controls
*/
@@ -47,14 +42,16 @@ export class ForwarderSettingsComponent implements OnInit, OnChanges, OnDestroy
) {}
/** Binds the component to a specific user's settings.
* @remarks this is initialized to null but since it's a required input it'll
* never have that value in practice.
*/
@Input({ required: true })
account: Account;
account: Account = null!;
protected account$ = new ReplaySubject<Account>(1);
@Input({ required: true })
forwarder: IntegrationId;
forwarder: VendorId = null!;
/** Emits settings updates and completes if the settings become unavailable.
* @remarks this does not emit the initial settings. If you would like
@@ -71,24 +68,19 @@ export class ForwarderSettingsComponent implements OnInit, OnChanges, OnDestroy
[Controls.baseUrl]: [""],
});
private forwarderId$ = new ReplaySubject<IntegrationId>(1);
private vendor = new ReplaySubject<VendorId>(1);
async ngOnInit() {
const forwarder$ = new ReplaySubject<CredentialGeneratorConfiguration<any, NoPolicy>>(1);
this.forwarderId$
const forwarder$ = new ReplaySubject<GeneratorMetadata<ForwarderOptions>>(1);
this.vendor
.pipe(
map((id) => getForwarderConfiguration(id)),
// type erasure necessary because the configuration properties are
// determined dynamically at runtime
// FIXME: this can be eliminated by unifying the forwarder settings types;
// see `ForwarderConfiguration<...>` for details.
map((forwarder) => toCredentialGeneratorConfiguration<any>(forwarder)),
map((vendor) => this.generatorService.forwarder(vendor)),
takeUntil(this.destroyed$),
)
.subscribe((forwarder) => {
this.displayDomain = forwarder.request.includes("domain");
this.displayToken = forwarder.request.includes("token");
this.displayBaseUrl = forwarder.request.includes("baseUrl");
this.displayDomain = forwarder.capabilities.fields.includes("domain");
this.displayToken = forwarder.capabilities.fields.includes("token");
this.displayBaseUrl = forwarder.capabilities.fields.includes("baseUrl");
forwarder$.next(forwarder);
});
@@ -107,10 +99,10 @@ export class ForwarderSettingsComponent implements OnInit, OnChanges, OnDestroy
forwarder$.pipe(takeUntil(this.destroyed$)).subscribe((forwarder) => {
for (const name in Controls) {
const control = this.settings.get(name);
if (forwarder.request.includes(name as any)) {
control.enable({ emitEvent: false });
if (forwarder.capabilities.fields.includes(name)) {
control?.enable({ emitEvent: false });
} else {
control.disable({ emitEvent: false });
control?.disable({ emitEvent: false });
}
}
});
@@ -128,7 +120,7 @@ export class ForwarderSettingsComponent implements OnInit, OnChanges, OnDestroy
this.saveSettings
.pipe(withLatestFrom(this.settings.valueChanges, settings$), takeUntil(this.destroyed$))
.subscribe(([, value, settings]) => {
settings.next(value);
settings.next(value as ForwarderOptions);
});
}
@@ -140,7 +132,7 @@ export class ForwarderSettingsComponent implements OnInit, OnChanges, OnDestroy
async ngOnChanges(changes: SimpleChanges) {
this.refresh$.complete();
if ("forwarder" in changes) {
this.forwarderId$.next(this.forwarder);
this.vendor.next(this.forwarder);
}
if ("account" in changes) {
@@ -148,9 +140,9 @@ export class ForwarderSettingsComponent implements OnInit, OnChanges, OnDestroy
}
}
protected displayDomain: boolean;
protected displayToken: boolean;
protected displayBaseUrl: boolean;
protected displayDomain: boolean = false;
protected displayToken: boolean = false;
protected displayBaseUrl: boolean = false;
private readonly refresh$ = new Subject<void>();

144
libs/tools/generator/components/src/generator-services.module.ts
View File

@@ -7,19 +7,40 @@ import { ApiService } from "@bitwarden/common/abstractions/api.service";
import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
import { StateProvider } from "@bitwarden/common/platform/state";
import { KeyServiceLegacyEncryptorProvider } from "@bitwarden/common/tools/cryptography/key-service-legacy-encryptor-provider";
import { LegacyEncryptorProvider } from "@bitwarden/common/tools/cryptography/legacy-encryptor-provider";
import { disabledSemanticLoggerProvider } from "@bitwarden/common/tools/log";
import { Site } from "@bitwarden/common/tools/extension";
import { ExtensionRegistry } from "@bitwarden/common/tools/extension/extension-registry.abstraction";
import { ExtensionService } from "@bitwarden/common/tools/extension/extension.service";
import { DefaultFields, DefaultSites, Extension } from "@bitwarden/common/tools/extension/metadata";
import { RuntimeExtensionRegistry } from "@bitwarden/common/tools/extension/runtime-extension-registry";
import { VendorExtensions, Vendors } from "@bitwarden/common/tools/extension/vendor";
import { RestClient } from "@bitwarden/common/tools/integration/rpc";
import {
LogProvider,
disabledSemanticLoggerProvider,
enableLogForTypes,
} from "@bitwarden/common/tools/log";
import { SystemServiceProvider } from "@bitwarden/common/tools/providers";
import { UserStateSubjectDependencyProvider } from "@bitwarden/common/tools/state/user-state-subject-dependency-provider";
import {
BuiltIn,
createRandomizer,
CredentialGeneratorService,
Randomizer,
providers,
DefaultCredentialGeneratorService,
} from "@bitwarden/generator-core";
import { KeyService } from "@bitwarden/key-management";
export const RANDOMIZER = new SafeInjectionToken<Randomizer>("Randomizer");
const GENERATOR_SERVICE_PROVIDER = new SafeInjectionToken<providers.CredentialGeneratorProviders>(
"CredentialGeneratorProviders",
);
const SYSTEM_SERVICE_PROVIDER = new SafeInjectionToken<SystemServiceProvider>("SystemServices");
/** Shared module containing generator component dependencies */
@NgModule({
@@ -35,6 +56,116 @@ export const RANDOMIZER = new SafeInjectionToken<Randomizer>("Randomizer");
useClass: KeyServiceLegacyEncryptorProvider,
deps: [EncryptService, KeyService],
}),
safeProvider({
provide: ExtensionRegistry,
useFactory: () => {
const registry = new RuntimeExtensionRegistry(DefaultSites, DefaultFields);
registry.registerSite(Extension[Site.forwarder]);
for (const vendor of Vendors) {
registry.registerVendor(vendor);
}
for (const extension of VendorExtensions) {
registry.registerExtension(extension);
}
registry.setPermission({ all: true }, "default");
return registry;
},
deps: [],
}),
safeProvider({
provide: SYSTEM_SERVICE_PROVIDER,
useFactory: (
encryptor: LegacyEncryptorProvider,
state: StateProvider,
policy: PolicyService,
registry: ExtensionRegistry,
logger: LogService,
environment: PlatformUtilsService,
) => {
let log: LogProvider;
if (environment.isDev()) {
log = enableLogForTypes(logger, []);
} else {
log = disabledSemanticLoggerProvider;
}
const extension = new ExtensionService(registry, {
encryptor,
state,
log,
now: Date.now,
});
return {
policy,
extension,
log,
};
},
deps: [
LegacyEncryptorProvider,
StateProvider,
PolicyService,
ExtensionRegistry,
LogService,
PlatformUtilsService,
],
}),
safeProvider({
provide: GENERATOR_SERVICE_PROVIDER,
useFactory: (
system: SystemServiceProvider,
random: Randomizer,
encryptor: LegacyEncryptorProvider,
state: StateProvider,
i18n: I18nService,
api: ApiService,
) => {
const userStateDeps = {
encryptor,
state,
log: system.log,
now: Date.now,
} satisfies UserStateSubjectDependencyProvider;
const metadata = new providers.GeneratorMetadataProvider(
userStateDeps,
system,
Object.values(BuiltIn),
);
const profile = new providers.GeneratorProfileProvider(userStateDeps, system.policy);
const generator: providers.GeneratorDependencyProvider = {
randomizer: random,
client: new RestClient(api, i18n),
i18nService: i18n,
};
const userState: UserStateSubjectDependencyProvider = {
encryptor,
state,
log: system.log,
now: Date.now,
};
return {
userState,
generator,
profile,
metadata,
} satisfies providers.CredentialGeneratorProviders;
},
deps: [
SYSTEM_SERVICE_PROVIDER,
RANDOMIZER,
LegacyEncryptorProvider,
StateProvider,
I18nService,
ApiService,
],
}),
safeProvider({
provide: UserStateSubjectDependencyProvider,
useFactory: (encryptor: LegacyEncryptorProvider, state: StateProvider) =>
@@ -42,19 +173,14 @@ export const RANDOMIZER = new SafeInjectionToken<Randomizer>("Randomizer");
encryptor,
state,
log: disabledSemanticLoggerProvider,
now: Date.now,
}),
deps: [LegacyEncryptorProvider, StateProvider],
}),
safeProvider({
provide: CredentialGeneratorService,
useClass: CredentialGeneratorService,
deps: [
RANDOMIZER,
PolicyService,
ApiService,
I18nService,
UserStateSubjectDependencyProvider,
],
useClass: DefaultCredentialGeneratorService,
deps: [GENERATOR_SERVICE_PROVIDER, SYSTEM_SERVICE_PROVIDER],
}),
],
})

88
libs/tools/generator/components/src/passphrase-settings.component.ts
View File

@@ -1,5 +1,3 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { coerceBooleanProperty } from "@angular/cdk/coercion";
import {
OnInit,
@@ -12,14 +10,20 @@ import {
OnChanges,
} from "@angular/core";
import { FormBuilder } from "@angular/forms";
import { skip, takeUntil, Subject, map, withLatestFrom, ReplaySubject } from "rxjs";
import { skip, takeUntil, Subject, map, withLatestFrom, ReplaySubject, tap } from "rxjs";
import { Account } from "@bitwarden/common/auth/abstractions/account.service";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
import {
SemanticLogger,
disabledSemanticLoggerProvider,
ifEnabledSemanticLoggerProvider,
} from "@bitwarden/common/tools/log";
import {
Generators,
CredentialGeneratorService,
PassphraseGenerationOptions,
BuiltIn,
} from "@bitwarden/generator-core";
const Controls = Object.freeze({
@@ -45,12 +49,26 @@ export class PassphraseSettingsComponent implements OnInit, OnChanges, OnDestroy
private formBuilder: FormBuilder,
private generatorService: CredentialGeneratorService,
private i18nService: I18nService,
private logService: LogService,
) {}
/** Send structured debug logs from the credential generator component
* to the debugger console.
*
* @warning this may reveal sensitive information in plaintext.
*/
@Input()
debug: boolean = false;
// this `log` initializer is overridden in `ngOnInit`
private log: SemanticLogger = disabledSemanticLoggerProvider({});
/** Binds the component to a specific user's settings.
* @remarks this is initialized to null but since it's a required input it'll
* never have that value in practice.
*/
@Input({ required: true })
account: Account;
account: Account = null!;
protected account$ = new ReplaySubject<Account>(1);
@@ -70,53 +88,66 @@ export class PassphraseSettingsComponent implements OnInit, OnChanges, OnDestroy
/** Emits settings updates and completes if the settings become unavailable.
* @remarks this does not emit the initial settings. If you would like
* to receive live settings updates including the initial update,
* use `CredentialGeneratorService.settings$(...)` instead.
* use {@link CredentialGeneratorService.settings} instead.
*/
@Output()
readonly onUpdated = new EventEmitter<PassphraseGenerationOptions>();
protected settings = this.formBuilder.group({
[Controls.numWords]: [Generators.passphrase.settings.initial.numWords],
[Controls.wordSeparator]: [Generators.passphrase.settings.initial.wordSeparator],
[Controls.capitalize]: [Generators.passphrase.settings.initial.capitalize],
[Controls.includeNumber]: [Generators.passphrase.settings.initial.includeNumber],
[Controls.numWords]: [0],
[Controls.wordSeparator]: [""],
[Controls.capitalize]: [false],
[Controls.includeNumber]: [false],
});
async ngOnInit() {
const settings = await this.generatorService.settings(Generators.passphrase, {
this.log = ifEnabledSemanticLoggerProvider(this.debug, this.logService, {
type: "PassphraseSettingsComponent",
});
const settings = await this.generatorService.settings(BuiltIn.passphrase, {
account$: this.account$,
});
// skips reactive event emissions to break a subscription cycle
settings.withConstraints$
.pipe(takeUntil(this.destroyed$))
.pipe(
tap((content) => this.log.debug(content, "passphrase settings loaded with constraints")),
takeUntil(this.destroyed$),
)
.subscribe(({ state, constraints }) => {
this.settings.patchValue(state, { emitEvent: false });
let boundariesHint = this.i18nService.t(
"spinboxBoundariesHint",
constraints.numWords.min?.toString(),
constraints.numWords.max?.toString(),
constraints.numWords?.min?.toString(),
constraints.numWords?.max?.toString(),
);
if (state.numWords <= (constraints.numWords.recommendation ?? 0)) {
if ((state.numWords ?? 0) <= (constraints.numWords?.recommendation ?? 0)) {
boundariesHint += this.i18nService.t(
"passphraseNumWordsRecommendationHint",
constraints.numWords.recommendation?.toString(),
constraints.numWords?.recommendation?.toString(),
);
}
this.numWordsBoundariesHint.next(boundariesHint);
});
// the first emission is the current value; subsequent emissions are updates
settings.pipe(skip(1), takeUntil(this.destroyed$)).subscribe(this.onUpdated);
settings
.pipe(
skip(1),
tap((settings) => this.log.debug(settings, "passphrase settings onUpdate event")),
takeUntil(this.destroyed$),
)
.subscribe(this.onUpdated);
// explain policy & disable policy-overridden fields
this.generatorService
.policy$(Generators.passphrase, { account$: this.account$ })
.policy$(BuiltIn.passphrase, { account$: this.account$ })
.pipe(takeUntil(this.destroyed$))
.subscribe(({ constraints }) => {
this.wordSeparatorMaxLength = constraints.wordSeparator.maxLength;
this.policyInEffect = constraints.policyInEffect;
this.wordSeparatorMaxLength = constraints.wordSeparator?.maxLength ?? 0;
this.policyInEffect = constraints.policyInEffect ?? false;
this.toggleEnabled(Controls.capitalize, !constraints.capitalize?.readonly);
this.toggleEnabled(Controls.includeNumber, !constraints.includeNumber?.readonly);
@@ -126,22 +157,25 @@ export class PassphraseSettingsComponent implements OnInit, OnChanges, OnDestroy
this.saveSettings
.pipe(
withLatestFrom(this.settings.valueChanges),
map(([, settings]) => settings),
tap(([source, form]) =>
this.log.debug({ source, form }, "save passphrase settings request"),
),
map(([, settings]) => settings as PassphraseGenerationOptions),
takeUntil(this.destroyed$),
)
.subscribe(settings);
}
/** attribute binding for wordSeparator[maxlength] */
protected wordSeparatorMaxLength: number;
protected wordSeparatorMaxLength: number = 0;
private saveSettings = new Subject<string>();
save(site: string = "component api call") {
this.saveSettings.next(site);
save(source: string = "component api call") {
this.saveSettings.next(source);
}
/** display binding for enterprise policy notice */
protected policyInEffect: boolean;
protected policyInEffect: boolean = false;
private numWordsBoundariesHint = new ReplaySubject<string>(1);
@@ -150,9 +184,9 @@ export class PassphraseSettingsComponent implements OnInit, OnChanges, OnDestroy
private toggleEnabled(setting: keyof typeof Controls, enabled: boolean) {
if (enabled) {
this.settings.get(setting).enable({ emitEvent: false });
this.settings.get(setting)?.enable({ emitEvent: false });
} else {
this.settings.get(setting).disable({ emitEvent: false });
this.settings.get(setting)?.disable({ emitEvent: false });
}
}

5
libs/tools/generator/components/src/password-generator.component.html
View File

@@ -3,6 +3,7 @@
class="tw-mb-4"
[selected]="credentialType$ | async"
(selectedChange)="onCredentialTypeChanged($event)"
*ngIf="showCredentialTypes$ | async"
attr.aria-label="{{ 'type' | i18n }}"
>
<bit-toggle *ngFor="let option of passwordOptions$ | async" [value]="option.value">
@@ -38,14 +39,14 @@
</bit-card>
<tools-password-settings
class="tw-mt-6"
*ngIf="(algorithm$ | async)?.id === 'password'"
*ngIf="(algorithm$ | async)?.id === Algorithm.password"
[account]="account$ | async"
[disableMargin]="disableMargin"
(onUpdated)="generate('password settings')"
/>
<tools-passphrase-settings
class="tw-mt-6"
*ngIf="(algorithm$ | async)?.id === 'passphrase'"
*ngIf="(algorithm$ | async)?.id === Algorithm.passphrase"
[account]="account$ | async"
(onUpdated)="generate('passphrase settings')"
[disableMargin]="disableMargin"

142
libs/tools/generator/components/src/password-generator.component.ts
View File

@@ -1,5 +1,3 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { LiveAnnouncer } from "@angular/cdk/a11y";
import { coerceBooleanProperty } from "@angular/cdk/coercion";
import {
@@ -22,12 +20,12 @@ import {
map,
ReplaySubject,
Subject,
switchMap,
takeUntil,
withLatestFrom,
} from "rxjs";
import { Account, AccountService } from "@bitwarden/common/auth/abstractions/account.service";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
import {
SemanticLogger,
@@ -38,17 +36,22 @@ import { UserId } from "@bitwarden/common/types/guid";
import { ToastService, Option } from "@bitwarden/components";
import {
CredentialGeneratorService,
Generators,
GeneratedCredential,
AlgorithmInfo,
GenerateRequest,
isSameAlgorithm,
CredentialAlgorithm,
isPasswordAlgorithm,
AlgorithmInfo,
isSameAlgorithm,
GenerateRequest,
CredentialCategories,
Algorithm,
AlgorithmMetadata,
Type,
GeneratorProfile,
Profile,
} from "@bitwarden/generator-core";
import { GeneratorHistoryService } from "@bitwarden/generator-history";
import { toAlgorithmInfo, translate } from "./util";
/** Options group for passwords */
@Component({
selector: "tools-password-generator",
@@ -60,17 +63,21 @@ export class PasswordGeneratorComponent implements OnInit, OnChanges, OnDestroy
private generatorService: CredentialGeneratorService,
private generatorHistoryService: GeneratorHistoryService,
private toastService: ToastService,
private i18nService: I18nService,
private logService: LogService,
private accountService: AccountService,
private zone: NgZone,
private ariaLive: LiveAnnouncer,
) {}
/** exports algorithm symbols to the template */
protected readonly Algorithm = Algorithm;
/** Binds the component to a specific user's settings. When this input is not provided,
* the form binds to the active user
*/
@Input()
account: Account | null;
account: Account | null = null;
protected account$ = new ReplaySubject<Account>(1);
@@ -87,7 +94,11 @@ export class PasswordGeneratorComponent implements OnInit, OnChanges, OnDestroy
async ngOnChanges(changes: SimpleChanges) {
const account = changes?.account;
if (account?.previousValue?.id !== account?.currentValue?.id) {
if (
account &&
account.currentValue.id &&
account.previousValue.id !== account.currentValue.id
) {
this.log.debug(
{
previousUserId: account?.previousValue?.id as UserId,
@@ -95,15 +106,19 @@ export class PasswordGeneratorComponent implements OnInit, OnChanges, OnDestroy
},
"account input change detected",
);
this.account$.next(this.account);
this.account$.next(account.currentValue.id);
}
}
@Input()
profile: GeneratorProfile = Profile.account;
/** Removes bottom margin, passed to downstream components */
@Input({ transform: coerceBooleanProperty }) disableMargin = false;
@Input({ transform: coerceBooleanProperty })
disableMargin = false;
/** tracks the currently selected credential type */
protected credentialType$ = new BehaviorSubject<CredentialAlgorithm>(null);
protected credentialType$ = new BehaviorSubject<CredentialAlgorithm | null>(null);
/** Emits the last generated value. */
protected readonly value$ = new BehaviorSubject<string>("");
@@ -119,9 +134,11 @@ export class PasswordGeneratorComponent implements OnInit, OnChanges, OnDestroy
* origin in the debugger.
*/
protected async generate(source: string) {
this.log.debug({ source }, "generation requested");
const algorithm = await firstValueFrom(this.algorithm$);
const request: GenerateRequest = { source, algorithm: algorithm.id, profile: this.profile };
this.generate$.next({ source });
this.log.debug(request, "generation requested");
this.generate$.next(request);
}
/** Tracks changes to the selected credential type
@@ -146,16 +163,17 @@ export class PasswordGeneratorComponent implements OnInit, OnChanges, OnDestroy
async ngOnInit() {
this.log = ifEnabledSemanticLoggerProvider(this.debug, this.logService, {
type: "UsernameGeneratorComponent",
type: "PasswordGeneratorComponent",
});
if (!this.account) {
this.account = await firstValueFrom(this.accountService.activeAccount$);
this.log.info(
{ userId: this.account.id },
"account not specified; using active account settings",
);
this.account$.next(this.account);
const account = await firstValueFrom(this.accountService.activeAccount$);
if (!account) {
this.log.panic("active account cannot be `null`.");
}
this.log.info({ userId: account.id }, "account not specified; using active account settings");
this.account$.next(account);
}
this.generatorService
@@ -167,10 +185,9 @@ export class PasswordGeneratorComponent implements OnInit, OnChanges, OnDestroy
.subscribe(this.passwordOptions$);
// wire up the generator
this.algorithm$
this.generatorService
.generate$({ on$: this.generate$, account$: this.account$ })
.pipe(
filter((algorithm) => !!algorithm),
switchMap((algorithm) => this.typeToGenerator$(algorithm.id)),
catchError((error: unknown, generator) => {
if (typeof error === "string") {
this.toastService.showToast({
@@ -189,7 +206,7 @@ export class PasswordGeneratorComponent implements OnInit, OnChanges, OnDestroy
takeUntil(this.destroyed),
)
.subscribe(([generated, account, algorithm]) => {
this.log.debug({ source: generated.source }, "credential generated");
this.log.debug({ source: generated.source ?? null }, "credential generated");
this.generatorHistoryService
.track(account.id, generated.credential, generated.category, generated.generationDate)
@@ -201,7 +218,7 @@ export class PasswordGeneratorComponent implements OnInit, OnChanges, OnDestroy
// template bindings refresh immediately
this.zone.run(() => {
if (generated.source === this.USER_REQUEST) {
this.announce(algorithm.onGeneratedMessage);
this.announce(translate(algorithm.i18nKeys.credentialGenerated, this.i18nService));
}
this.onGenerated.next(generated);
@@ -219,10 +236,7 @@ export class PasswordGeneratorComponent implements OnInit, OnChanges, OnDestroy
)
.subscribe(([algorithm, preference]) => {
if (isPasswordAlgorithm(algorithm)) {
this.log.info(
{ algorithm, category: CredentialCategories.password },
"algorithm preferences updated",
);
this.log.info({ algorithm, type: Type.password }, "algorithm preferences updated");
preference.password.algorithm = algorithm;
preference.password.updated = new Date();
} else {
@@ -236,11 +250,17 @@ export class PasswordGeneratorComponent implements OnInit, OnChanges, OnDestroy
preferences
.pipe(
map(({ password }) => this.generatorService.algorithm(password.algorithm)),
distinctUntilChanged((prev, next) => isSameAlgorithm(prev?.id, next?.id)),
distinctUntilChanged((prev, next) => {
if (prev === null || next === null) {
return false;
} else {
return isSameAlgorithm(prev.id, next.id);
}
}),
takeUntil(this.destroyed),
)
.subscribe((algorithm) => {
this.log.debug(algorithm, "algorithm selected");
this.log.debug({ algorithm: algorithm.id }, "algorithm selected");
// update navigation
this.onCredentialTypeChanged(algorithm.id);
@@ -248,22 +268,22 @@ export class PasswordGeneratorComponent implements OnInit, OnChanges, OnDestroy
// update subjects within the angular zone so that the
// template bindings refresh immediately
this.zone.run(() => {
this.algorithm$.next(algorithm);
this.onAlgorithm.next(algorithm);
this.maybeAlgorithm$.next(algorithm);
this.onAlgorithm.next(toAlgorithmInfo(algorithm, this.i18nService));
});
});
// generate on load unless the generator prohibits it
this.algorithm$.pipe(takeUntil(this.destroyed)).subscribe((a) => {
this.maybeAlgorithm$.pipe(takeUntil(this.destroyed)).subscribe((a) => {
this.zone.run(() => {
if (!a || a.onlyOnRequest) {
this.log.debug("autogeneration disabled; clearing generated credential");
this.value$.next("-");
} else {
if (a?.capabilities?.autogenerate) {
this.log.debug("autogeneration enabled");
this.generate("autogenerate").catch((e: unknown) => {
this.log.error(e as object, "a failure occurred during autogeneration");
});
} else {
this.log.debug("autogeneration disabled; clearing generated credential");
this.value$.next("-");
}
});
});
@@ -275,59 +295,45 @@ export class PasswordGeneratorComponent implements OnInit, OnChanges, OnDestroy
this.ariaLive.announce(message).catch((e) => this.logService.error(e));
}
private typeToGenerator$(algorithm: CredentialAlgorithm) {
const dependencies = {
on$: this.generate$,
account$: this.account$,
};
this.log.debug({ algorithm }, "constructing generation stream");
switch (algorithm) {
case "password":
return this.generatorService.generate$(Generators.password, dependencies);
case "passphrase":
return this.generatorService.generate$(Generators.passphrase, dependencies);
default:
this.log.panic({ algorithm }, `Invalid generator type: "${algorithm}"`);
}
}
/** Lists the credential types supported by the component. */
protected passwordOptions$ = new BehaviorSubject<Option<CredentialAlgorithm>[]>([]);
/** Determines when the password/passphrase selector is visible. */
protected showCredentialTypes$ = this.passwordOptions$.pipe(map((options) => options.length > 1));
/** tracks the currently selected credential type */
protected algorithm$ = new ReplaySubject<AlgorithmInfo>(1);
protected maybeAlgorithm$ = new ReplaySubject<AlgorithmMetadata>(1);
/** tracks the last valid algorithm selection */
protected algorithm$ = this.maybeAlgorithm$.pipe(
filter((algorithm): algorithm is AlgorithmMetadata => !!algorithm),
);
/**
* Emits the copy button aria-label respective of the selected credential type
*/
protected credentialTypeCopyLabel$ = this.algorithm$.pipe(
filter((algorithm) => !!algorithm),
map(({ copy }) => copy),
map(({ i18nKeys: { copyCredential } }) => translate(copyCredential, this.i18nService)),
);
/**
* Emits the generate button aria-label respective of the selected credential type
*/
protected credentialTypeGenerateLabel$ = this.algorithm$.pipe(
filter((algorithm) => !!algorithm),
map(({ generate }) => generate),
map(({ i18nKeys: { generateCredential } }) => translate(generateCredential, this.i18nService)),
);
/**
* Emits the copy credential toast respective of the selected credential type
*/
protected credentialTypeLabel$ = this.algorithm$.pipe(
filter((algorithm) => !!algorithm),
map(({ credentialType }) => credentialType),
map(({ i18nKeys: { credentialType } }) => translate(credentialType, this.i18nService)),
);
private toOptions(algorithms: AlgorithmInfo[]) {
private toOptions(algorithms: AlgorithmMetadata[]) {
const options: Option<CredentialAlgorithm>[] = algorithms.map((algorithm) => ({
value: algorithm.id,
label: algorithm.name,
label: translate(algorithm.i18nKeys.name, this.i18nService),
}));
return options;

86
libs/tools/generator/components/src/password-settings.component.ts
View File

@@ -1,5 +1,3 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { coerceBooleanProperty } from "@angular/cdk/coercion";
import {
OnInit,
@@ -17,11 +15,13 @@ import { takeUntil, Subject, map, filter, tap, skip, ReplaySubject, withLatestFr
import { Account } from "@bitwarden/common/auth/abstractions/account.service";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import {
Generators,
CredentialGeneratorService,
PasswordGenerationOptions,
BuiltIn,
} from "@bitwarden/generator-core";
import { hasRangeOfValues } from "./util";
const Controls = Object.freeze({
length: "length",
uppercase: "uppercase",
@@ -52,9 +52,11 @@ export class PasswordSettingsComponent implements OnInit, OnChanges, OnDestroy {
) {}
/** Binds the component to a specific user's settings.
* @remarks this is initialized to null but since it's a required input it'll
* never have that value in practice.
*/
@Input({ required: true })
account: Account;
account: Account = null!;
protected account$ = new ReplaySubject<Account>(1);
@@ -78,40 +80,40 @@ export class PasswordSettingsComponent implements OnInit, OnChanges, OnDestroy {
/** Emits settings updates and completes if the settings become unavailable.
* @remarks this does not emit the initial settings. If you would like
* to receive live settings updates including the initial update,
* use `CredentialGeneratorService.settings$(...)` instead.
* use `CredentialGeneratorService.settings(...)` instead.
*/
@Output()
readonly onUpdated = new EventEmitter<PasswordGenerationOptions>();
protected settings = this.formBuilder.group({
[Controls.length]: [Generators.password.settings.initial.length],
[Controls.uppercase]: [Generators.password.settings.initial.uppercase],
[Controls.lowercase]: [Generators.password.settings.initial.lowercase],
[Controls.number]: [Generators.password.settings.initial.number],
[Controls.special]: [Generators.password.settings.initial.special],
[Controls.minNumber]: [Generators.password.settings.initial.minNumber],
[Controls.minSpecial]: [Generators.password.settings.initial.minSpecial],
[Controls.avoidAmbiguous]: [!Generators.password.settings.initial.ambiguous],
[Controls.length]: [0],
[Controls.uppercase]: [false],
[Controls.lowercase]: [false],
[Controls.number]: [false],
[Controls.special]: [false],
[Controls.minNumber]: [0],
[Controls.minSpecial]: [0],
[Controls.avoidAmbiguous]: [false],
});
private get numbers() {
return this.settings.get(Controls.number);
return this.settings.get(Controls.number)!;
}
private get special() {
return this.settings.get(Controls.special);
return this.settings.get(Controls.special)!;
}
private get minNumber() {
return this.settings.get(Controls.minNumber);
return this.settings.get(Controls.minNumber)!;
}
private get minSpecial() {
return this.settings.get(Controls.minSpecial);
return this.settings.get(Controls.minSpecial)!;
}
async ngOnInit() {
const settings = await this.generatorService.settings(Generators.password, {
const settings = await this.generatorService.settings(BuiltIn.password, {
account$: this.account$,
});
@@ -130,13 +132,13 @@ export class PasswordSettingsComponent implements OnInit, OnChanges, OnDestroy {
.subscribe(([state, constraints]) => {
let boundariesHint = this.i18nService.t(
"spinboxBoundariesHint",
constraints.length.min?.toString(),
constraints.length.max?.toString(),
constraints.length?.min?.toString(),
constraints.length?.max?.toString(),
);
if (state.length <= (constraints.length.recommendation ?? 0)) {
if (state.length <= (constraints.length?.recommendation ?? 0)) {
boundariesHint += this.i18nService.t(
"passwordLengthRecommendationHint",
constraints.length.recommendation?.toString(),
constraints.length?.recommendation?.toString(),
);
}
this.lengthBoundariesHint.next(boundariesHint);
@@ -147,19 +149,25 @@ export class PasswordSettingsComponent implements OnInit, OnChanges, OnDestroy {
// explain policy & disable policy-overridden fields
this.generatorService
.policy$(Generators.password, { account$: this.account$ })
.policy$(BuiltIn.password, { account$: this.account$ })
.pipe(takeUntil(this.destroyed$))
.subscribe(({ constraints }) => {
this.policyInEffect = constraints.policyInEffect;
this.policyInEffect = constraints.policyInEffect ?? false;
const toggles = [
[Controls.length, constraints.length.min < constraints.length.max],
[Controls.length, hasRangeOfValues(constraints.length?.min, constraints.length?.max)],
[Controls.uppercase, !constraints.uppercase?.readonly],
[Controls.lowercase, !constraints.lowercase?.readonly],
[Controls.number, !constraints.number?.readonly],
[Controls.special, !constraints.special?.readonly],
[Controls.minNumber, constraints.minNumber.min < constraints.minNumber.max],
[Controls.minSpecial, constraints.minSpecial.min < constraints.minSpecial.max],
[
Controls.minNumber,
hasRangeOfValues(constraints.minNumber?.min, constraints.minNumber?.max),
],
[
Controls.minSpecial,
hasRangeOfValues(constraints.minSpecial?.min, constraints.minSpecial?.max),
],
] as [keyof typeof Controls, boolean][];
for (const [control, enabled] of toggles) {
@@ -172,7 +180,7 @@ export class PasswordSettingsComponent implements OnInit, OnChanges, OnDestroy {
let lastMinNumber = 1;
this.numbers.valueChanges
.pipe(
filter((checked) => !(checked && this.minNumber.value > 0)),
filter((checked) => !(checked && (this.minNumber.value ?? 0) > 0)),
map((checked) => (checked ? lastMinNumber : 0)),
takeUntil(this.destroyed$),
)
@@ -180,8 +188,11 @@ export class PasswordSettingsComponent implements OnInit, OnChanges, OnDestroy {
this.minNumber.valueChanges
.pipe(
map((value) => [value, value > 0] as const),
tap(([value, checkNumbers]) => (lastMinNumber = checkNumbers ? value : lastMinNumber)),
map((value) => [value, (value ?? 0) > 0] as const),
tap(
([value, checkNumbers]) =>
(lastMinNumber = checkNumbers && value ? value : lastMinNumber),
),
takeUntil(this.destroyed$),
)
.subscribe(([, checkNumbers]) => this.numbers.setValue(checkNumbers, { emitEvent: false }));
@@ -189,7 +200,7 @@ export class PasswordSettingsComponent implements OnInit, OnChanges, OnDestroy {
let lastMinSpecial = 1;
this.special.valueChanges
.pipe(
filter((checked) => !(checked && this.minSpecial.value > 0)),
filter((checked) => !(checked && (this.minSpecial.value ?? 0) > 0)),
map((checked) => (checked ? lastMinSpecial : 0)),
takeUntil(this.destroyed$),
)
@@ -197,8 +208,11 @@ export class PasswordSettingsComponent implements OnInit, OnChanges, OnDestroy {
this.minSpecial.valueChanges
.pipe(
map((value) => [value, value > 0] as const),
tap(([value, checkSpecial]) => (lastMinSpecial = checkSpecial ? value : lastMinSpecial)),
map((value) => [value, (value ?? 0) > 0] as const),
tap(
([value, checkSpecial]) =>
(lastMinSpecial = checkSpecial && value ? value : lastMinSpecial),
),
takeUntil(this.destroyed$),
)
.subscribe(([, checkSpecial]) => this.special.setValue(checkSpecial, { emitEvent: false }));
@@ -230,7 +244,7 @@ export class PasswordSettingsComponent implements OnInit, OnChanges, OnDestroy {
}
/** display binding for enterprise policy notice */
protected policyInEffect: boolean;
protected policyInEffect: boolean = false;
private lengthBoundariesHint = new ReplaySubject<string>(1);
@@ -239,9 +253,9 @@ export class PasswordSettingsComponent implements OnInit, OnChanges, OnDestroy {
private toggleEnabled(setting: keyof typeof Controls, enabled: boolean) {
if (enabled) {
this.settings.get(setting).enable({ emitEvent: false });
this.settings.get(setting)?.enable({ emitEvent: false });
} else {
this.settings.get(setting).disable({ emitEvent: false });
this.settings.get(setting)?.disable({ emitEvent: false });
}
}

20
libs/tools/generator/components/src/subaddress-settings.component.ts
View File

@@ -1,5 +1,3 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import {
Component,
EventEmitter,
@@ -13,10 +11,10 @@ import {
import { FormBuilder } from "@angular/forms";
import { map, ReplaySubject, skip, Subject, takeUntil, withLatestFrom } from "rxjs";
import { Account, AccountService } from "@bitwarden/common/auth/abstractions/account.service";
import { Account } from "@bitwarden/common/auth/abstractions/account.service";
import {
CredentialGeneratorService,
Generators,
BuiltIn,
SubaddressGenerationOptions,
} from "@bitwarden/generator-core";
@@ -28,20 +26,20 @@ import {
})
export class SubaddressSettingsComponent implements OnInit, OnChanges, OnDestroy {
/** Instantiates the component
* @param accountService queries user availability
* @param generatorService settings and policy logic
* @param formBuilder reactive form controls
*/
constructor(
private formBuilder: FormBuilder,
private generatorService: CredentialGeneratorService,
private accountService: AccountService,
) {}
/** Binds the component to a specific user's settings.
* @remarks this is initialized to null but since it's a required input it'll
* never have that value in practice.
*/
@Input({ required: true })
account: Account;
account: Account = null!;
protected account$ = new ReplaySubject<Account>(1);
@@ -54,18 +52,18 @@ export class SubaddressSettingsComponent implements OnInit, OnChanges, OnDestroy
/** Emits settings updates and completes if the settings become unavailable.
* @remarks this does not emit the initial settings. If you would like
* to receive live settings updates including the initial update,
* use `CredentialGeneratorService.settings$(...)` instead.
* use `CredentialGeneratorService.settings(...)` instead.
*/
@Output()
readonly onUpdated = new EventEmitter<SubaddressGenerationOptions>();
/** The template's control bindings */
protected settings = this.formBuilder.group({
subaddressEmail: [Generators.subaddress.settings.initial.subaddressEmail],
subaddressEmail: [""],
});
async ngOnInit() {
const settings = await this.generatorService.settings(Generators.subaddress, {
const settings = await this.generatorService.settings(BuiltIn.plusAddress, {
account$: this.account$,
});
@@ -79,7 +77,7 @@ export class SubaddressSettingsComponent implements OnInit, OnChanges, OnDestroy
this.saveSettings
.pipe(
withLatestFrom(this.settings.valueChanges),
map(([, settings]) => settings),
map(([, settings]) => settings as SubaddressGenerationOptions),
takeUntil(this.destroyed$),
)
.subscribe(settings);

6
libs/tools/generator/components/src/username-generator.component.html
View File

@@ -59,7 +59,7 @@
</bit-form-field>
</form>
<tools-catchall-settings
*ngIf="(algorithm$ | async)?.id === 'catchall'"
*ngIf="(showAlgorithm$ | async)?.id === Algorithm.catchall"
[account]="account$ | async"
(onUpdated)="generate('catchall settings')"
/>
@@ -69,12 +69,12 @@
[account]="account$ | async"
/>
<tools-subaddress-settings
*ngIf="(algorithm$ | async)?.id === 'subaddress'"
*ngIf="(showAlgorithm$ | async)?.id === Algorithm.plusAddress"
[account]="account$ | async"
(onUpdated)="generate('subaddress settings')"
/>
<tools-username-settings
*ngIf="(algorithm$ | async)?.id === 'username'"
*ngIf="(showAlgorithm$ | async)?.id === Algorithm.username"
[account]="account$ | async"
(onUpdated)="generate('username settings')"
/>

286
libs/tools/generator/components/src/username-generator.component.ts
View File

@@ -1,5 +1,3 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { LiveAnnouncer } from "@angular/cdk/a11y";
import { coerceBooleanProperty } from "@angular/cdk/coercion";
import {
@@ -25,15 +23,15 @@ import {
map,
ReplaySubject,
Subject,
switchMap,
takeUntil,
tap,
withLatestFrom,
} from "rxjs";
import { Account, AccountService } from "@bitwarden/common/auth/abstractions/account.service";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
import { IntegrationId } from "@bitwarden/common/tools/integration";
import { VendorId } from "@bitwarden/common/tools/extension";
import {
SemanticLogger,
disabledSemanticLoggerProvider,
@@ -43,21 +41,23 @@ import { UserId } from "@bitwarden/common/types/guid";
import { ToastService, Option } from "@bitwarden/components";
import {
AlgorithmInfo,
CredentialAlgorithm,
CredentialCategories,
CredentialGeneratorService,
GenerateRequest,
GeneratedCredential,
Generators,
getForwarderConfiguration,
isForwarderExtensionId,
isEmailAlgorithm,
isForwarderIntegration,
isSameAlgorithm,
isUsernameAlgorithm,
toCredentialGeneratorConfiguration,
isSameAlgorithm,
CredentialAlgorithm,
AlgorithmMetadata,
AlgorithmsByType,
Type,
Algorithm,
} from "@bitwarden/generator-core";
import { GeneratorHistoryService } from "@bitwarden/generator-history";
import { toAlgorithmInfo, translate } from "./util";
// constants used to identify navigation selections that are not
// generator algorithms
const FORWARDER = "forwarder";
@@ -89,11 +89,14 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
private ariaLive: LiveAnnouncer,
) {}
/** exports algorithm symbols to the template */
protected readonly Algorithm = Algorithm;
/** Binds the component to a specific user's settings. When this input is not provided,
* the form binds to the active user
*/
@Input()
account: Account | null;
account: Account | null = null;
protected account$ = new ReplaySubject<Account>(1);
@@ -110,7 +113,11 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
async ngOnChanges(changes: SimpleChanges) {
const account = changes?.account;
if (account?.previousValue?.id !== account?.currentValue?.id) {
if (
account &&
account.currentValue.id &&
account.previousValue.id !== account.currentValue.id
) {
this.log.debug(
{
previousUserId: account?.previousValue?.id as UserId,
@@ -118,7 +125,7 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
},
"account input change detected",
);
this.account$.next(this.account);
this.account$.next(account.currentValue.id);
}
}
@@ -134,18 +141,18 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
/** emits algorithm info when the selected algorithm changes */
@Output()
readonly onAlgorithm = new EventEmitter<AlgorithmInfo>();
readonly onAlgorithm = new EventEmitter<AlgorithmInfo | null>();
/** Removes bottom margin from internal elements */
@Input({ transform: coerceBooleanProperty }) disableMargin = false;
/** Tracks the selected generation algorithm */
protected username = this.formBuilder.group({
nav: [null as string],
nav: [null as string | null],
});
protected forwarder = this.formBuilder.group({
nav: [null as string],
nav: [null as string | null],
});
async ngOnInit() {
@@ -154,38 +161,63 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
});
if (!this.account) {
this.account = await firstValueFrom(this.accountService.activeAccount$);
this.log.info(
{ userId: this.account.id },
"account not specified; using active account settings",
);
this.account$.next(this.account);
const account = await firstValueFrom(this.accountService.activeAccount$);
if (!account) {
this.log.panic("active account cannot be `null`.");
}
this.log.info({ userId: account.id }, "account not specified; using active account settings");
this.account$.next(account);
}
this.generatorService
.algorithms$(["email", "username"], { account$: this.account$ })
combineLatest([
this.generatorService.algorithms$("email", { account$: this.account$ }),
this.generatorService.algorithms$("username", { account$: this.account$ }),
])
.pipe(
map((algorithms) => algorithms.flat()),
map((algorithms) => {
const usernames = algorithms.filter((a) => !isForwarderIntegration(a.id));
// construct options for username and email algorithms; replace forwarder
// entry with a virtual entry for drill-down
const usernames = algorithms.filter((a) => !isForwarderExtensionId(a.id));
usernames.sort((a, b) => a.weight - b.weight);
const usernameOptions = this.toOptions(usernames);
usernameOptions.push({ value: FORWARDER, label: this.i18nService.t("forwardedEmail") });
usernameOptions.splice(-1, 0, {
value: FORWARDER,
label: this.i18nService.t("forwardedEmail"),
});
const forwarders = algorithms.filter((a) => isForwarderIntegration(a.id));
// construct options for forwarder algorithms; they get their own selection box
const forwarders = algorithms.filter((a) => isForwarderExtensionId(a.id));
forwarders.sort((a, b) => a.weight - b.weight);
const forwarderOptions = this.toOptions(forwarders);
forwarderOptions.unshift({ value: NONE_SELECTED, label: this.i18nService.t("select") });
return [usernameOptions, forwarderOptions] as const;
}),
tap((algorithms) =>
this.log.debug({ algorithms: algorithms as object }, "algorithms loaded"),
),
takeUntil(this.destroyed),
)
.subscribe(([usernames, forwarders]) => {
this.typeOptions$.next(usernames);
this.forwarderOptions$.next(forwarders);
// update subjects within the angular zone so that the
// template bindings refresh immediately
this.zone.run(() => {
this.typeOptions$.next(usernames);
this.forwarderOptions$.next(forwarders);
});
});
this.algorithm$
this.maybeAlgorithm$
.pipe(
map((a) => a?.description),
map((a) => {
if (a?.i18nKeys?.description) {
return translate(a.i18nKeys.description, this.i18nService);
} else {
return "";
}
}),
takeUntil(this.destroyed),
)
.subscribe((hint) => {
@@ -197,10 +229,12 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
});
// wire up the generator
this.algorithm$
this.generatorService
.generate$({
on$: this.generate$,
account$: this.account$,
})
.pipe(
filter((algorithm) => !!algorithm),
switchMap((algorithm) => this.typeToGenerator$(algorithm.id)),
catchError((error: unknown, generator) => {
if (typeof error === "string") {
this.toastService.showToast({
@@ -215,11 +249,14 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
// continue with origin stream
return generator;
}),
withLatestFrom(this.account$, this.algorithm$),
withLatestFrom(this.account$, this.maybeAlgorithm$),
takeUntil(this.destroyed),
)
.subscribe(([generated, account, algorithm]) => {
this.log.debug({ source: generated.source }, "credential generated");
this.log.debug(
{ source: generated.source ?? null, algorithm: algorithm?.id ?? null },
"credential generated",
);
this.generatorHistoryService
.track(account.id, generated.credential, generated.category, generated.generationDate)
@@ -230,12 +267,12 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
// update subjects within the angular zone so that the
// template bindings refresh immediately
this.zone.run(() => {
if (generated.source === this.USER_REQUEST) {
this.announce(algorithm.onGeneratedMessage);
if (algorithm && generated.source === this.USER_REQUEST) {
this.announce(translate(algorithm.i18nKeys.credentialGenerated, this.i18nService));
}
this.generatedCredential$.next(generated);
this.onGenerated.next(generated);
this.value$.next(generated.credential);
});
});
@@ -248,24 +285,31 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
this.username.valueChanges
.pipe(
map(
(username): CascadeValue =>
username.nav === FORWARDER
? { nav: username.nav }
: { nav: username.nav, algorithm: JSON.parse(username.nav) },
),
map((username): CascadeValue => {
if (username.nav === FORWARDER) {
return { nav: username.nav };
} else if (username.nav) {
return { nav: username.nav, algorithm: JSON.parse(username.nav) };
} else {
const [algorithm] = AlgorithmsByType[Type.username];
return { nav: JSON.stringify(algorithm), algorithm };
}
}),
takeUntil(this.destroyed),
)
.subscribe(activeIdentifier$);
this.forwarder.valueChanges
.pipe(
map(
(forwarder): CascadeValue =>
forwarder.nav === NONE_SELECTED
? { nav: forwarder.nav }
: { nav: forwarder.nav, algorithm: JSON.parse(forwarder.nav) },
),
map((forwarder): CascadeValue => {
if (forwarder.nav === NONE_SELECTED) {
return { nav: forwarder.nav };
} else if (forwarder.nav) {
return { nav: forwarder.nav, algorithm: JSON.parse(forwarder.nav) };
} else {
return { nav: NONE_SELECTED };
}
}),
takeUntil(this.destroyed),
)
.subscribe(activeForwarder$);
@@ -276,7 +320,7 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
map(([username, forwarder]) => {
const showForwarder = !username.algorithm;
const forwarderId =
showForwarder && isForwarderIntegration(forwarder.algorithm)
showForwarder && forwarder.algorithm && isForwarderExtensionId(forwarder.algorithm)
? forwarder.algorithm.forwarder
: null;
return [showForwarder, forwarderId] as const;
@@ -306,57 +350,61 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
return null;
}
}),
distinctUntilChanged((prev, next) => isSameAlgorithm(prev?.id, next?.id)),
distinctUntilChanged((prev, next) => {
if (prev === null || next === null) {
return false;
} else {
return isSameAlgorithm(prev.id, next.id);
}
}),
takeUntil(this.destroyed),
)
.subscribe((algorithm) => {
this.log.debug(algorithm, "algorithm selected");
this.log.debug({ algorithm: algorithm?.id ?? null }, "algorithm selected");
// update subjects within the angular zone so that the
// template bindings refresh immediately
this.zone.run(() => {
this.algorithm$.next(algorithm);
this.onAlgorithm.next(algorithm);
this.maybeAlgorithm$.next(algorithm);
if (algorithm) {
this.onAlgorithm.next(toAlgorithmInfo(algorithm, this.i18nService));
} else {
this.onAlgorithm.next(null);
}
});
});
// assume the last-visible generator algorithm is the user's preferred one
const preferences = await this.generatorService.preferences({ account$: this.account$ });
this.algorithm$
.pipe(
filter((algorithm) => !!algorithm),
withLatestFrom(preferences),
takeUntil(this.destroyed),
)
.pipe(withLatestFrom(preferences), takeUntil(this.destroyed))
.subscribe(([algorithm, preference]) => {
if (isEmailAlgorithm(algorithm.id)) {
this.log.info(
{ algorithm, category: CredentialCategories.email },
"algorithm preferences updated",
);
preference.email.algorithm = algorithm.id;
preference.email.updated = new Date();
} else if (isUsernameAlgorithm(algorithm.id)) {
this.log.info(
{ algorithm, category: CredentialCategories.username },
"algorithm preferences updated",
);
preference.username.algorithm = algorithm.id;
preference.username.updated = new Date();
} else {
return;
}
this.log.info(
{ algorithm: algorithm.id, type: algorithm.type },
"algorithm preferences updated",
);
preferences.next(preference);
});
preferences
.pipe(
map(({ email, username }) => {
const forwarderPref = isForwarderIntegration(email.algorithm) ? email : null;
const usernamePref = email.updated > username.updated ? email : username;
const forwarderPref = isForwarderExtensionId(usernamePref.algorithm)
? usernamePref
: null;
// inject drilldown flags
// inject drill-down flags
const forwarderNav = !forwarderPref
? NONE_SELECTED
: JSON.stringify(forwarderPref.algorithm);
@@ -368,7 +416,7 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
selection: { nav: userNav },
active: {
nav: userNav,
algorithm: forwarderPref ? null : usernamePref.algorithm,
algorithm: forwarderPref ? undefined : usernamePref.algorithm,
},
},
forwarder: {
@@ -385,6 +433,14 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
takeUntil(this.destroyed),
)
.subscribe(({ username, forwarder }) => {
this.log.debug(
{
username: username.selection,
forwarder: forwarder.selection,
},
"navigation updated",
);
// update navigation; break subscription loop
this.username.setValue(username.selection, { emitEvent: false });
this.forwarder.setValue(forwarder.selection, { emitEvent: false });
@@ -396,17 +452,16 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
// automatically regenerate when the algorithm switches if the algorithm
// allows it; otherwise set a placeholder
this.algorithm$.pipe(takeUntil(this.destroyed)).subscribe((a) => {
this.maybeAlgorithm$.pipe(takeUntil(this.destroyed)).subscribe((a) => {
this.zone.run(() => {
if (!a || a.onlyOnRequest) {
this.log.debug("autogeneration disabled; clearing generated credential");
this.value$.next("-");
} else {
if (a?.capabilities?.autogenerate) {
this.log.debug("autogeneration enabled");
this.generate("autogenerate").catch((e: unknown) => {
this.log.error(e as object, "a failure occurred during autogeneration");
});
} else {
this.log.debug("autogeneration disabled; clearing generated credential");
this.generatedCredential$.next(undefined);
}
});
});
@@ -414,34 +469,6 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
this.log.debug("component initialized");
}
private typeToGenerator$(algorithm: CredentialAlgorithm) {
const dependencies = {
on$: this.generate$,
account$: this.account$,
};
this.log.debug({ algorithm }, "constructing generation stream");
switch (algorithm) {
case "catchall":
return this.generatorService.generate$(Generators.catchall, dependencies);
case "subaddress":
return this.generatorService.generate$(Generators.subaddress, dependencies);
case "username":
return this.generatorService.generate$(Generators.username, dependencies);
}
if (isForwarderIntegration(algorithm)) {
const forwarder = getForwarderConfiguration(algorithm.forwarder);
const configuration = toCredentialGeneratorConfiguration(forwarder);
return this.generatorService.generate$(configuration, dependencies);
}
this.log.panic({ algorithm }, `Invalid generator type: "${algorithm}"`);
}
private announce(message: string) {
this.ariaLive.announce(message).catch((e) => this.logService.error(e));
}
@@ -450,7 +477,7 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
protected typeOptions$ = new BehaviorSubject<Option<string>[]>([]);
/** Tracks the currently selected forwarder. */
protected forwarderId$ = new BehaviorSubject<IntegrationId>(null);
protected forwarderId$ = new BehaviorSubject<VendorId | null>(null);
/** Lists the credential types supported by the component. */
protected forwarderOptions$ = new BehaviorSubject<Option<string>[]>([]);
@@ -458,19 +485,30 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
/** Tracks forwarder control visibility */
protected showForwarder$ = new BehaviorSubject<boolean>(false);
/** tracks the currently selected credential type */
protected algorithm$ = new ReplaySubject<AlgorithmInfo>(1);
/** tracks the currently selected algorithm; emits `null` when no algorithm selected */
protected maybeAlgorithm$ = new ReplaySubject<AlgorithmMetadata | null>(1);
/** tracks the last valid algorithm selection */
protected algorithm$ = this.maybeAlgorithm$.pipe(
filter((algorithm): algorithm is AlgorithmMetadata => !!algorithm),
);
/** Emits hint key for the currently selected credential type */
protected credentialTypeHint$ = new ReplaySubject<string>(1);
private readonly generatedCredential$ = new BehaviorSubject<GeneratedCredential | undefined>(
undefined,
);
/** Emits the last generated value. */
protected readonly value$ = new BehaviorSubject<string>("");
protected readonly value$ = this.generatedCredential$.pipe(
map((generated) => generated?.credential ?? "-"),
);
/** Emits when a new credential is requested */
private readonly generate$ = new Subject<GenerateRequest>();
protected showAlgorithm$ = this.algorithm$.pipe(
protected showAlgorithm$ = this.maybeAlgorithm$.pipe(
combineLatestWith(this.showForwarder$),
map(([algorithm, showForwarder]) => (showForwarder ? null : algorithm)),
);
@@ -479,24 +517,21 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
* Emits the copy button aria-label respective of the selected credential type
*/
protected credentialTypeCopyLabel$ = this.algorithm$.pipe(
filter((algorithm) => !!algorithm),
map(({ copy }) => copy),
map(({ i18nKeys: { copyCredential } }) => translate(copyCredential, this.i18nService)),
);
/**
* Emits the generate button aria-label respective of the selected credential type
*/
protected credentialTypeGenerateLabel$ = this.algorithm$.pipe(
filter((algorithm) => !!algorithm),
map(({ generate }) => generate),
map(({ i18nKeys: { generateCredential } }) => translate(generateCredential, this.i18nService)),
);
/**
* Emits the copy credential toast respective of the selected credential type
*/
protected credentialTypeLabel$ = this.algorithm$.pipe(
filter((algorithm) => !!algorithm),
map(({ credentialType }) => credentialType),
map(({ i18nKeys: { credentialType } }) => translate(credentialType, this.i18nService)),
);
/** Identifies generator requests that were requested by the user */
@@ -507,15 +542,20 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
* origin in the debugger.
*/
protected async generate(source: string) {
const request = { source, website: this.website };
const algorithm = await firstValueFrom(this.algorithm$);
const request: GenerateRequest = { source, algorithm: algorithm.id };
if (this.website) {
request.website = this.website;
}
this.log.debug(request, "generation requested");
this.generate$.next(request);
}
private toOptions(algorithms: AlgorithmInfo[]) {
private toOptions(algorithms: AlgorithmMetadata[]) {
const options: Option<string>[] = algorithms.map((algorithm) => ({
value: JSON.stringify(algorithm.id),
label: algorithm.name,
label: translate(algorithm.i18nKeys.name, this.i18nService),
}));
return options;
@@ -528,9 +568,11 @@ export class UsernameGeneratorComponent implements OnInit, OnChanges, OnDestroy
// finalize subjects
this.generate$.complete();
this.value$.complete();
this.generatedCredential$.complete();
// finalize component bindings
this.onGenerated.complete();
this.log.debug("component destroyed");
}
}

19
libs/tools/generator/components/src/username-settings.component.ts
View File

@@ -1,5 +1,3 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import {
Component,
EventEmitter,
@@ -17,7 +15,7 @@ import { Account } from "@bitwarden/common/auth/abstractions/account.service";
import {
CredentialGeneratorService,
EffUsernameGenerationOptions,
Generators,
BuiltIn,
} from "@bitwarden/generator-core";
/** Options group for usernames */
@@ -28,7 +26,6 @@ import {
})
export class UsernameSettingsComponent implements OnInit, OnChanges, OnDestroy {
/** Instantiates the component
* @param accountService queries user availability
* @param generatorService settings and policy logic
* @param formBuilder reactive form controls
*/
@@ -38,9 +35,11 @@ export class UsernameSettingsComponent implements OnInit, OnChanges, OnDestroy {
) {}
/** Binds the component to a specific user's settings.
* @remarks this is initialized to null but since it's a required input it'll
* never have that value in practice.
*/
@Input({ required: true })
account: Account;
account: Account = null!;
protected account$ = new ReplaySubject<Account>(1);
@@ -53,19 +52,19 @@ export class UsernameSettingsComponent implements OnInit, OnChanges, OnDestroy {
/** Emits settings updates and completes if the settings become unavailable.
* @remarks this does not emit the initial settings. If you would like
* to receive live settings updates including the initial update,
* use `CredentialGeneratorService.settings$(...)` instead.
* use `CredentialGeneratorService.settings(...)` instead.
*/
@Output()
readonly onUpdated = new EventEmitter<EffUsernameGenerationOptions>();
/** The template's control bindings */
protected settings = this.formBuilder.group({
wordCapitalize: [Generators.username.settings.initial.wordCapitalize],
wordIncludeNumber: [Generators.username.settings.initial.wordIncludeNumber],
wordCapitalize: [false],
wordIncludeNumber: [false],
});
async ngOnInit() {
const settings = await this.generatorService.settings(Generators.username, {
const settings = await this.generatorService.settings(BuiltIn.effWordList, {
account$: this.account$,
});
@@ -79,7 +78,7 @@ export class UsernameSettingsComponent implements OnInit, OnChanges, OnDestroy {
this.saveSettings
.pipe(
withLatestFrom(this.settings.valueChanges),
map(([, settings]) => settings),
map(([, settings]) => settings as EffUsernameGenerationOptions),
takeUntil(this.destroyed$),
)
.subscribe(settings);

103
libs/tools/generator/components/src/util.ts
View File

@@ -1,71 +1,46 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { ValidatorFn, Validators } from "@angular/forms";
import { distinctUntilChanged, map, pairwise, pipe, skipWhile, startWith, takeWhile } from "rxjs";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { I18nKeyOrLiteral } from "@bitwarden/common/tools/types";
import { isI18nKey } from "@bitwarden/common/tools/util";
import { AlgorithmInfo, AlgorithmMetadata } from "@bitwarden/generator-core";
import { AnyConstraint, Constraints } from "@bitwarden/common/tools/types";
import { UserId } from "@bitwarden/common/types/guid";
import { CredentialGeneratorConfiguration } from "@bitwarden/generator-core";
/** Adapts {@link AlgorithmMetadata} to legacy {@link AlgorithmInfo} structure. */
export function toAlgorithmInfo(metadata: AlgorithmMetadata, i18n: I18nService) {
const info: AlgorithmInfo = {
id: metadata.id,
type: metadata.type,
name: translate(metadata.i18nKeys.name, i18n),
generate: translate(metadata.i18nKeys.generateCredential, i18n),
onGeneratedMessage: translate(metadata.i18nKeys.credentialGenerated, i18n),
credentialType: translate(metadata.i18nKeys.credentialType, i18n),
copy: translate(metadata.i18nKeys.copyCredential, i18n),
useGeneratedValue: translate(metadata.i18nKeys.useCredential, i18n),
onlyOnRequest: !metadata.capabilities.autogenerate,
request: metadata.capabilities.fields,
};
export function completeOnAccountSwitch() {
return pipe(
map(({ id }: { id: UserId | null }) => id),
skipWhile((id) => !id),
startWith(null as UserId),
pairwise(),
takeWhile(([prev, next]) => (prev ?? next) === next),
map(([_, id]) => id),
distinctUntilChanged(),
);
if (metadata.i18nKeys.description) {
info.description = translate(metadata.i18nKeys.description, i18n);
}
return info;
}
export function toValidators<Policy, Settings>(
target: keyof Settings,
configuration: CredentialGeneratorConfiguration<Settings, Policy>,
policy?: Constraints<Settings>,
) {
const validators: Array<ValidatorFn> = [];
// widen the types to avoid typecheck issues
const config: AnyConstraint = configuration.settings.constraints[target];
const runtime: AnyConstraint = policy[target];
const required = getConstraint("required", config, runtime) ?? false;
if (required) {
validators.push(Validators.required);
}
const maxLength = getConstraint("maxLength", config, runtime);
if (maxLength !== undefined) {
validators.push(Validators.maxLength(maxLength));
}
const minLength = getConstraint("minLength", config, runtime);
if (minLength !== undefined) {
validators.push(Validators.minLength(config.minLength));
}
const min = getConstraint("min", config, runtime);
if (min !== undefined) {
validators.push(Validators.min(min));
}
const max = getConstraint("max", config, runtime);
if (max !== undefined) {
validators.push(Validators.max(max));
}
return validators;
/** Translates an internationalization key
* @param key the key to translate
* @param i18n the service providing translations
* @returns the translated key; if the key is a literal the literal
* is returned instead.
*/
export function translate(key: I18nKeyOrLiteral, i18n: I18nService) {
return isI18nKey(key) ? i18n.t(key) : key.literal;
}
function getConstraint<Key extends keyof AnyConstraint>(
key: Key,
config: AnyConstraint,
policy?: AnyConstraint,
) {
if (policy && key in policy) {
return policy[key] ?? config[key];
} else if (config && key in config) {
return config[key];
}
/** Returns true when min < max
* @param min the minimum value to check; when this is nullish it becomes 0.
* @param max the maximum value to check; when this is nullish it becomes +Infinity.
*/
export function hasRangeOfValues(min?: number, max?: number) {
const minimum = min ?? 0;
const maximum = max ?? Number.POSITIVE_INFINITY;
return minimum < maximum;
}

104
libs/tools/generator/core/src/abstractions/credential-generator-service.abstraction.ts Normal file
View File

@@ -0,0 +1,104 @@
import { Observable } from "rxjs";
import { Account } from "@bitwarden/common/auth/abstractions/account.service";
import { BoundDependency, OnDependency } from "@bitwarden/common/tools/dependencies";
import { VendorId } from "@bitwarden/common/tools/extension";
import { UserStateSubject } from "@bitwarden/common/tools/state/user-state-subject";
import {
CredentialAlgorithm,
GeneratorMetadata,
GeneratorProfile,
CredentialType,
} from "../metadata";
import { AlgorithmMetadata } from "../metadata/algorithm-metadata";
import {
CredentialPreference,
ForwarderOptions,
GeneratedCredential,
GenerateRequest,
} from "../types";
import { GeneratorConstraints } from "../types/generator-constraints";
/** Generates credentials used in identity and/or authentication flows.
*/
export abstract class CredentialGeneratorService {
/** Generates a stream of credentials
* @param dependencies.on$ Required. A new credential is emitted when this emits.
*/
abstract generate$: (
dependencies: OnDependency<GenerateRequest> & BoundDependency<"account", Account>,
) => Observable<GeneratedCredential>;
/** Emits metadata for the set of algorithms available to a user.
* @param type the set of algorithms
* @param dependencies.account$ algorithms are filtered to only
* those matching the provided account's policy.
* @returns An observable that emits algorithm metadata.
*/
abstract algorithms$: (
type: CredentialType,
dependencies: BoundDependency<"account", Account>,
) => Observable<AlgorithmMetadata[]>;
/** Lists metadata for a set of algorithms.
* @param type the type or types of algorithms
* @returns A list containing the requested metadata.
* @remarks this is a raw data interface. To apply rules such as algorithm availability,
* use {@link algorithms$} instead.
*/
abstract algorithms: (type: CredentialType | CredentialType[]) => AlgorithmMetadata[];
/** Look up the metadata for a specific generator algorithm
* @param id identifies the algorithm
* @returns the requested metadata, or `null` if the metadata wasn't found.
*/
abstract algorithm: (id: CredentialAlgorithm) => AlgorithmMetadata;
/** Look up the forwarder metadata for a vendor.
* @param id identifies the vendor proving the forwarder
*/
abstract forwarder: (id: VendorId) => GeneratorMetadata<ForwarderOptions>;
/** Get a subject bound to credential generator preferences.
* @param dependencies.account$ identifies the account to which the preferences are bound
* @returns a subject bound to the user's preferences
* @remarks Preferences determine which algorithms are used when generating a
* credential from a credential category (e.g. `PassX` or `Username`). Preferences
* should not be used to hold navigation history. Use {@link @bitwarden/generator-navigation}
* instead.
*/
abstract preferences: (
dependencies: BoundDependency<"account", Account>,
) => UserStateSubject<CredentialPreference>;
/** Get a subject bound to a specific user's settings. the subject enforces policy for the
* settings by automatically updating incorrect values to those allowed by policy.
* @param metadata determines which generator's settings are loaded
* @param dependencies.account$ identifies the account to which the settings are bound
* @param profile identifies the generator profile to load; when this is not specified
* the user's account profile is loaded.
* @returns a subject bound to the requested user's generator settings
* @remarks Generator metadata can be looked up using {@link BuiltIn} and {@link forwarder}.
*/
abstract settings: <Settings extends object>(
metadata: Readonly<GeneratorMetadata<Settings>>,
dependencies: BoundDependency<"account", Account>,
profile?: GeneratorProfile,
) => UserStateSubject<Settings>;
/** Get the policy constraints for the provided configuration
* @param metadata determines which generator's policy is loaded
* @param dependencies.account$ determines which user's policy is loaded
* @param profile identifies the generator profile to load; when this is not specified
* the user's account profile is loaded.
* @returns an observable that emits the policy once `dependencies.account$`
* and the policy become available.
* @remarks Generator metadata can be looked up using {@link BuiltIn} and {@link forwarder}.
*/
abstract policy$: <Settings>(
metadata: Readonly<GeneratorMetadata<Settings>>,
dependencies: BoundDependency<"account", Account>,
profile?: GeneratorProfile,
) => Observable<GeneratorConstraints<Settings>>;
}

1
libs/tools/generator/core/src/abstractions/generator.service.abstraction.ts
View File

@@ -9,6 +9,7 @@ import { PolicyEvaluator } from "./policy-evaluator.abstraction";
/** Generates credentials used for user authentication
* @typeParam Options the credential generation configuration
* @typeParam Policy the policy enforced by the generator
* @deprecated Use {@link CredentialGeneratorService} instead.
*/
export abstract class GeneratorService<Options, Policy> {
/** An observable monitoring the options saved to disk.

1
libs/tools/generator/core/src/abstractions/index.ts
View File

@@ -1,3 +1,4 @@
export { CredentialGeneratorService } from "./credential-generator-service.abstraction";
export { GeneratorService } from "./generator.service.abstraction";
export { GeneratorStrategy } from "./generator-strategy.abstraction";
export { PolicyEvaluator } from "./policy-evaluator.abstraction";

8
libs/tools/generator/core/src/data/default-addy-io-options.ts
View File

@@ -1,8 +0,0 @@
import { EmailDomainOptions, SelfHostedApiOptions } from "../types";
export const DefaultAddyIoOptions: SelfHostedApiOptions & EmailDomainOptions = Object.freeze({
website: null,
baseUrl: "https://app.addy.io",
token: "",
domain: "",
});

18
libs/tools/generator/core/src/data/default-credential-preferences.ts
View File

@@ -1,18 +0,0 @@
import { CredentialPreference } from "../types";
import { EmailAlgorithms, PasswordAlgorithms, UsernameAlgorithms } from "./generator-types";
export const DefaultCredentialPreferences: CredentialPreference = Object.freeze({
email: Object.freeze({
algorithm: EmailAlgorithms[0],
updated: new Date(0),
}),
password: Object.freeze({
algorithm: PasswordAlgorithms[0],
updated: new Date(0),
}),
username: Object.freeze({
algorithm: UsernameAlgorithms[0],
updated: new Date(0),
}),
});

6
libs/tools/generator/core/src/data/default-duck-duck-go-options.ts
View File

@@ -1,6 +0,0 @@
import { ApiOptions } from "../types";
export const DefaultDuckDuckGoOptions: ApiOptions = Object.freeze({
website: null,
token: "",
});

8
libs/tools/generator/core/src/data/default-fastmail-options.ts
View File

@@ -1,8 +0,0 @@
import { ApiOptions, EmailPrefixOptions } from "../types";
export const DefaultFastmailOptions: ApiOptions & EmailPrefixOptions = Object.freeze({
website: "",
domain: "",
prefix: "",
token: "",
});

6
libs/tools/generator/core/src/data/default-firefox-relay-options.ts
View File

@@ -1,6 +0,0 @@
import { ApiOptions } from "../types";
export const DefaultFirefoxRelayOptions: ApiOptions = Object.freeze({
website: null,
token: "",
});

7
libs/tools/generator/core/src/data/default-forward-email-options.ts
View File

@@ -1,7 +0,0 @@
import { ApiOptions, EmailDomainOptions } from "../types";
export const DefaultForwardEmailOptions: ApiOptions & EmailDomainOptions = Object.freeze({
website: null,
token: "",
domain: "",
});

7
libs/tools/generator/core/src/data/default-simple-login-options.ts
View File

@@ -1,7 +0,0 @@
import { SelfHostedApiOptions } from "../types";
export const DefaultSimpleLoginOptions: SelfHostedApiOptions = Object.freeze({
website: null,
baseUrl: "https://app.simplelogin.io",
token: "",
});

15
libs/tools/generator/core/src/data/generator-types.ts
View File

@@ -1,15 +0,0 @@
/** Types of passwords that may be generated by the credential generator */
export const PasswordAlgorithms = Object.freeze(["password", "passphrase"] as const);
/** Types of usernames that may be generated by the credential generator */
export const UsernameAlgorithms = Object.freeze(["username"] as const);
/** Types of email addresses that may be generated by the credential generator */
export const EmailAlgorithms = Object.freeze(["catchall", "subaddress"] as const);
/** All types of credentials that may be generated by the credential generator */
export const CredentialAlgorithms = Object.freeze([
...PasswordAlgorithms,
...UsernameAlgorithms,
...EmailAlgorithms,
] as const);

422
libs/tools/generator/core/src/data/generators.ts
View File

@@ -1,422 +0,0 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { PolicyType } from "@bitwarden/common/admin-console/enums";
import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
import { GENERATOR_DISK } from "@bitwarden/common/platform/state";
import { ApiSettings } from "@bitwarden/common/tools/integration/rpc";
import { PublicClassifier } from "@bitwarden/common/tools/public-classifier";
import { IdentityConstraint } from "@bitwarden/common/tools/state/identity-state-constraint";
import { ObjectKey } from "@bitwarden/common/tools/state/object-key";
import {
EmailRandomizer,
ForwarderConfiguration,
PasswordRandomizer,
UsernameRandomizer,
} from "../engine";
import { Forwarder } from "../engine/forwarder";
import {
DefaultPolicyEvaluator,
DynamicPasswordPolicyConstraints,
PassphraseGeneratorOptionsEvaluator,
passphraseLeastPrivilege,
PassphrasePolicyConstraints,
PasswordGeneratorOptionsEvaluator,
passwordLeastPrivilege,
} from "../policies";
import { CatchallConstraints } from "../policies/catchall-constraints";
import { SubaddressConstraints } from "../policies/subaddress-constraints";
import {
CatchallGenerationOptions,
CredentialGenerator,
CredentialGeneratorConfiguration,
EffUsernameGenerationOptions,
GeneratorDependencyProvider,
NoPolicy,
PassphraseGenerationOptions,
PassphraseGeneratorPolicy,
PasswordGenerationOptions,
PasswordGeneratorPolicy,
SubaddressGenerationOptions,
} from "../types";
import { DefaultCatchallOptions } from "./default-catchall-options";
import { DefaultEffUsernameOptions } from "./default-eff-username-options";
import { DefaultPassphraseBoundaries } from "./default-passphrase-boundaries";
import { DefaultPassphraseGenerationOptions } from "./default-passphrase-generation-options";
import { DefaultPasswordBoundaries } from "./default-password-boundaries";
import { DefaultPasswordGenerationOptions } from "./default-password-generation-options";
import { DefaultSubaddressOptions } from "./default-subaddress-generator-options";
const PASSPHRASE: CredentialGeneratorConfiguration<
PassphraseGenerationOptions,
PassphraseGeneratorPolicy
> = Object.freeze({
id: "passphrase",
category: "password",
nameKey: "passphrase",
generateKey: "generatePassphrase",
onGeneratedMessageKey: "passphraseGenerated",
credentialTypeKey: "passphrase",
copyKey: "copyPassphrase",
useGeneratedValueKey: "useThisPassword",
onlyOnRequest: false,
request: [],
engine: {
create(
dependencies: GeneratorDependencyProvider,
): CredentialGenerator<PassphraseGenerationOptions> {
return new PasswordRandomizer(dependencies.randomizer);
},
},
settings: {
initial: DefaultPassphraseGenerationOptions,
constraints: {
numWords: {
min: DefaultPassphraseBoundaries.numWords.min,
max: DefaultPassphraseBoundaries.numWords.max,
recommendation: DefaultPassphraseGenerationOptions.numWords,
},
wordSeparator: { maxLength: 1 },
},
account: {
key: "passphraseGeneratorSettings",
target: "object",
format: "plain",
classifier: new PublicClassifier<PassphraseGenerationOptions>([
"numWords",
"wordSeparator",
"capitalize",
"includeNumber",
]),
state: GENERATOR_DISK,
initial: DefaultPassphraseGenerationOptions,
options: {
deserializer: (value) => value,
clearOn: ["logout"],
},
} satisfies ObjectKey<PassphraseGenerationOptions>,
},
policy: {
type: PolicyType.PasswordGenerator,
disabledValue: Object.freeze({
minNumberWords: 0,
capitalize: false,
includeNumber: false,
}),
combine: passphraseLeastPrivilege,
createEvaluator: (policy) => new PassphraseGeneratorOptionsEvaluator(policy),
toConstraints: (policy) =>
new PassphrasePolicyConstraints(policy, PASSPHRASE.settings.constraints),
},
});
const PASSWORD: CredentialGeneratorConfiguration<
PasswordGenerationOptions,
PasswordGeneratorPolicy
> = Object.freeze({
id: "password",
category: "password",
nameKey: "password",
generateKey: "generatePassword",
onGeneratedMessageKey: "passwordGenerated",
credentialTypeKey: "password",
copyKey: "copyPassword",
useGeneratedValueKey: "useThisPassword",
onlyOnRequest: false,
request: [],
engine: {
create(
dependencies: GeneratorDependencyProvider,
): CredentialGenerator<PasswordGenerationOptions> {
return new PasswordRandomizer(dependencies.randomizer);
},
},
settings: {
initial: DefaultPasswordGenerationOptions,
constraints: {
length: {
min: DefaultPasswordBoundaries.length.min,
max: DefaultPasswordBoundaries.length.max,
recommendation: DefaultPasswordGenerationOptions.length,
},
minNumber: {
min: DefaultPasswordBoundaries.minDigits.min,
max: DefaultPasswordBoundaries.minDigits.max,
},
minSpecial: {
min: DefaultPasswordBoundaries.minSpecialCharacters.min,
max: DefaultPasswordBoundaries.minSpecialCharacters.max,
},
},
account: {
key: "passwordGeneratorSettings",
target: "object",
format: "plain",
classifier: new PublicClassifier<PasswordGenerationOptions>([
"length",
"ambiguous",
"uppercase",
"minUppercase",
"lowercase",
"minLowercase",
"number",
"minNumber",
"special",
"minSpecial",
]),
state: GENERATOR_DISK,
initial: DefaultPasswordGenerationOptions,
options: {
deserializer: (value) => value,
clearOn: ["logout"],
},
} satisfies ObjectKey<PasswordGenerationOptions>,
},
policy: {
type: PolicyType.PasswordGenerator,
disabledValue: Object.freeze({
minLength: 0,
useUppercase: false,
useLowercase: false,
useNumbers: false,
numberCount: 0,
useSpecial: false,
specialCount: 0,
}),
combine: passwordLeastPrivilege,
createEvaluator: (policy) => new PasswordGeneratorOptionsEvaluator(policy),
toConstraints: (policy) =>
new DynamicPasswordPolicyConstraints(policy, PASSWORD.settings.constraints),
},
});
const USERNAME: CredentialGeneratorConfiguration<EffUsernameGenerationOptions, NoPolicy> =
Object.freeze({
id: "username",
category: "username",
nameKey: "randomWord",
generateKey: "generateUsername",
onGeneratedMessageKey: "usernameGenerated",
credentialTypeKey: "username",
copyKey: "copyUsername",
useGeneratedValueKey: "useThisUsername",
onlyOnRequest: false,
request: [],
engine: {
create(
dependencies: GeneratorDependencyProvider,
): CredentialGenerator<EffUsernameGenerationOptions> {
return new UsernameRandomizer(dependencies.randomizer);
},
},
settings: {
initial: DefaultEffUsernameOptions,
constraints: {},
account: {
key: "effUsernameGeneratorSettings",
target: "object",
format: "plain",
classifier: new PublicClassifier<EffUsernameGenerationOptions>([
"wordCapitalize",
"wordIncludeNumber",
]),
state: GENERATOR_DISK,
initial: DefaultEffUsernameOptions,
options: {
deserializer: (value) => value,
clearOn: ["logout"],
},
} satisfies ObjectKey<EffUsernameGenerationOptions>,
},
policy: {
type: PolicyType.PasswordGenerator,
disabledValue: {},
combine(_acc: NoPolicy, _policy: Policy) {
return {};
},
createEvaluator(_policy: NoPolicy) {
return new DefaultPolicyEvaluator<EffUsernameGenerationOptions>();
},
toConstraints(_policy: NoPolicy) {
return new IdentityConstraint<EffUsernameGenerationOptions>();
},
},
});
const CATCHALL: CredentialGeneratorConfiguration<CatchallGenerationOptions, NoPolicy> =
Object.freeze({
id: "catchall",
category: "email",
nameKey: "catchallEmail",
descriptionKey: "catchallEmailDesc",
generateKey: "generateEmail",
onGeneratedMessageKey: "emailGenerated",
credentialTypeKey: "email",
copyKey: "copyEmail",
useGeneratedValueKey: "useThisEmail",
onlyOnRequest: false,
request: [],
engine: {
create(
dependencies: GeneratorDependencyProvider,
): CredentialGenerator<CatchallGenerationOptions> {
return new EmailRandomizer(dependencies.randomizer);
},
},
settings: {
initial: DefaultCatchallOptions,
constraints: { catchallDomain: { minLength: 1 } },
account: {
key: "catchallGeneratorSettings",
target: "object",
format: "plain",
classifier: new PublicClassifier<CatchallGenerationOptions>([
"catchallType",
"catchallDomain",
]),
state: GENERATOR_DISK,
initial: {
catchallType: "random",
catchallDomain: "",
},
options: {
deserializer: (value) => value,
clearOn: ["logout"],
},
} satisfies ObjectKey<CatchallGenerationOptions>,
},
policy: {
type: PolicyType.PasswordGenerator,
disabledValue: {},
combine(_acc: NoPolicy, _policy: Policy) {
return {};
},
createEvaluator(_policy: NoPolicy) {
return new DefaultPolicyEvaluator<CatchallGenerationOptions>();
},
toConstraints(_policy: NoPolicy, email: string) {
return new CatchallConstraints(email);
},
},
});
const SUBADDRESS: CredentialGeneratorConfiguration<SubaddressGenerationOptions, NoPolicy> =
Object.freeze({
id: "subaddress",
category: "email",
nameKey: "plusAddressedEmail",
descriptionKey: "plusAddressedEmailDesc",
generateKey: "generateEmail",
onGeneratedMessageKey: "emailGenerated",
credentialTypeKey: "email",
copyKey: "copyEmail",
useGeneratedValueKey: "useThisEmail",
onlyOnRequest: false,
request: [],
engine: {
create(
dependencies: GeneratorDependencyProvider,
): CredentialGenerator<SubaddressGenerationOptions> {
return new EmailRandomizer(dependencies.randomizer);
},
},
settings: {
initial: DefaultSubaddressOptions,
constraints: {},
account: {
key: "subaddressGeneratorSettings",
target: "object",
format: "plain",
classifier: new PublicClassifier<SubaddressGenerationOptions>([
"subaddressType",
"subaddressEmail",
]),
state: GENERATOR_DISK,
initial: {
subaddressType: "random",
subaddressEmail: "",
},
options: {
deserializer: (value) => value,
clearOn: ["logout"],
},
} satisfies ObjectKey<SubaddressGenerationOptions>,
},
policy: {
type: PolicyType.PasswordGenerator,
disabledValue: {},
combine(_acc: NoPolicy, _policy: Policy) {
return {};
},
createEvaluator(_policy: NoPolicy) {
return new DefaultPolicyEvaluator<SubaddressGenerationOptions>();
},
toConstraints(_policy: NoPolicy, email: string) {
return new SubaddressConstraints(email);
},
},
});
export function toCredentialGeneratorConfiguration<Settings extends ApiSettings = ApiSettings>(
configuration: ForwarderConfiguration<Settings>,
) {
const forwarder = Object.freeze({
id: { forwarder: configuration.id },
category: "email",
nameKey: configuration.name,
descriptionKey: "forwardedEmailDesc",
generateKey: "generateEmail",
onGeneratedMessageKey: "emailGenerated",
credentialTypeKey: "email",
copyKey: "copyEmail",
useGeneratedValueKey: "useThisEmail",
onlyOnRequest: true,
request: configuration.forwarder.request,
engine: {
create(dependencies: GeneratorDependencyProvider) {
// FIXME: figure out why `configuration` fails to typecheck
const config: any = configuration;
return new Forwarder(config, dependencies.client, dependencies.i18nService);
},
},
settings: {
initial: configuration.forwarder.defaultSettings,
constraints: configuration.forwarder.settingsConstraints,
account: configuration.forwarder.local.settings,
},
policy: {
type: PolicyType.PasswordGenerator,
disabledValue: {},
combine(_acc: NoPolicy, _policy: Policy) {
return {};
},
createEvaluator(_policy: NoPolicy) {
return new DefaultPolicyEvaluator<Settings>();
},
toConstraints(_policy: NoPolicy) {
return new IdentityConstraint<Settings>();
},
},
} satisfies CredentialGeneratorConfiguration<Settings, NoPolicy>);
return forwarder;
}
/** Generator configurations */
export const Generators = Object.freeze({
/** Passphrase generator configuration */
passphrase: PASSPHRASE,
/** Password generator configuration */
password: PASSWORD,
/** Username generator configuration */
username: USERNAME,
/** Catchall email generator configuration */
catchall: CATCHALL,
/** Email subaddress generator configuration */
subaddress: SUBADDRESS,
});

12
libs/tools/generator/core/src/data/index.ts
View File

@@ -1,20 +1,8 @@
export * from "./generators";
export * from "./default-addy-io-options";
export * from "./default-catchall-options";
export * from "./default-duck-duck-go-options";
export * from "./default-fastmail-options";
export * from "./default-forward-email-options";
export * from "./default-passphrase-boundaries";
export * from "./default-password-boundaries";
export * from "./default-eff-username-options";
export * from "./default-firefox-relay-options";
export * from "./default-passphrase-generation-options";
export * from "./default-password-generation-options";
export * from "./default-credential-preferences";
export * from "./default-subaddress-generator-options";
export * from "./default-simple-login-options";
export * from "./forwarders";
export * from "./integrations";
export * from "./policies";
export * from "./username-digits";
export * from "./generator-types";

23
libs/tools/generator/core/src/data/policies.ts
View File

@@ -1,23 +0,0 @@
import {
PassphraseGenerationOptions,
PassphraseGeneratorPolicy,
PasswordGenerationOptions,
PasswordGeneratorPolicy,
PolicyConfiguration,
} from "../types";
import { Generators } from "./generators";
/** Policy configurations
* @deprecated use Generator.*.policy instead
*/
export const Policies = Object.freeze({
Passphrase: Generators.passphrase.policy,
Password: Generators.password.policy,
} satisfies {
/** Passphrase policy configuration */
Passphrase: PolicyConfiguration<PassphraseGeneratorPolicy, PassphraseGenerationOptions>;
/** Password policy configuration */
Password: PolicyConfiguration<PasswordGeneratorPolicy, PasswordGenerationOptions>;
});

4
libs/tools/generator/core/src/data/username-digits.ts
View File

@@ -1,4 +0,0 @@
export const UsernameDigits = Object.freeze({
enabled: 4,
disabled: 0,
});

21
libs/tools/generator/core/src/engine/email-randomizer.spec.ts
View File

@@ -2,6 +2,8 @@ import { mock } from "jest-mock-extended";
import { EFFLongWordList } from "@bitwarden/common/platform/misc/wordlist";
import { Algorithm, Type } from "../metadata";
import { Randomizer } from "./abstractions";
import { EmailRandomizer } from "./email-randomizer";
@@ -41,7 +43,8 @@ describe("EmailRandomizer", () => {
async (email) => {
const emailRandomizer = new EmailRandomizer(randomizer);
const result = await emailRandomizer.randomAsciiSubaddress(email);
// this tests what happens when the type system is subverted
const result = await emailRandomizer.randomAsciiSubaddress(email!);
expect(result).toEqual("");
},
@@ -100,7 +103,8 @@ describe("EmailRandomizer", () => {
it.each([[null], [undefined], [""]])("returns null if the domain is %p", async (domain) => {
const emailRandomizer = new EmailRandomizer(randomizer);
const result = await emailRandomizer.randomAsciiCatchall(domain);
// this tests what happens when the type system is subverted
const result = await emailRandomizer.randomAsciiCatchall(domain!);
expect(result).toBeNull();
});
@@ -150,7 +154,8 @@ describe("EmailRandomizer", () => {
it.each([[null], [undefined], [""]])("returns null if the domain is %p", async (domain) => {
const emailRandomizer = new EmailRandomizer(randomizer);
const result = await emailRandomizer.randomWordsCatchall(domain);
// this tests what happens when the type system is subverted
const result = await emailRandomizer.randomWordsCatchall(domain!);
expect(result).toBeNull();
});
@@ -214,32 +219,32 @@ describe("EmailRandomizer", () => {
const email = new EmailRandomizer(randomizer);
const result = await email.generate(
{},
{ algorithm: Algorithm.catchall },
{
catchallDomain: "example.com",
},
);
expect(result.category).toEqual("catchall");
expect(result.category).toEqual(Type.email);
});
it("processes subaddress generation options", async () => {
const email = new EmailRandomizer(randomizer);
const result = await email.generate(
{},
{ algorithm: Algorithm.plusAddress },
{
subaddressEmail: "foo@example.com",
},
);
expect(result.category).toEqual("subaddress");
expect(result.category).toEqual(Type.email);
});
it("throws when it cannot recognize the options type", async () => {
const email = new EmailRandomizer(randomizer);
const result = email.generate({}, {});
const result = email.generate({ algorithm: Algorithm.password }, {});
await expect(result).rejects.toBeInstanceOf(Error);
});

5
libs/tools/generator/core/src/engine/email-randomizer.ts
View File

@@ -2,6 +2,7 @@
// @ts-strict-ignore
import { EFFLongWordList } from "@bitwarden/common/platform/misc/wordlist";
import { Type } from "../metadata";
import {
CatchallGenerationOptions,
CredentialGenerator,
@@ -128,7 +129,7 @@ export class EmailRandomizer
return new GeneratedCredential(
email,
"catchall",
Type.email,
Date.now(),
request.source,
request.website,
@@ -138,7 +139,7 @@ export class EmailRandomizer
return new GeneratedCredential(
email,
"subaddress",
Type.email,
Date.now(),
request.source,
request.website,

4
libs/tools/generator/core/src/engine/forwarder.ts
View File

@@ -8,6 +8,7 @@ import {
} from "@bitwarden/common/tools/integration/rpc";
import { GenerationRequest } from "@bitwarden/common/tools/types";
import { Type } from "../metadata";
import { CredentialGenerator, GeneratedCredential } from "../types";
import { AccountRequest, ForwarderConfiguration } from "./forwarder-configuration";
@@ -40,9 +41,8 @@ export class Forwarder implements CredentialGenerator<ApiSettings> {
const create = this.createForwardingAddress(this.configuration, settings);
const result = await this.client.fetchJson(create, requestOptions);
const id = { forwarder: this.configuration.id };
return new GeneratedCredential(result, id, Date.now());
return new GeneratedCredential(result, Type.email, Date.now());
}
private createContext<Settings>(

11
libs/tools/generator/core/src/engine/password-randomizer.spec.ts
View File

@@ -3,6 +3,7 @@ import { mock } from "jest-mock-extended";
import { EFFLongWordList } from "@bitwarden/common/platform/misc/wordlist";
import { Randomizer } from "../abstractions";
import { Algorithm, Type } from "../metadata";
import { Ascii } from "./data";
import { PasswordRandomizer } from "./password-randomizer";
@@ -341,32 +342,32 @@ describe("PasswordRandomizer", () => {
const password = new PasswordRandomizer(randomizer);
const result = await password.generate(
{},
{ algorithm: Algorithm.password },
{
length: 10,
},
);
expect(result.category).toEqual("password");
expect(result.category).toEqual(Type.password);
});
it("processes passphrase generation options", async () => {
const password = new PasswordRandomizer(randomizer);
const result = await password.generate(
{},
{ algorithm: Algorithm.passphrase },
{
numWords: 10,
},
);
expect(result.category).toEqual("passphrase");
expect(result.category).toEqual(Type.password);
});
it("throws when it cannot recognize the options type", async () => {
const password = new PasswordRandomizer(randomizer);
const result = password.generate({}, {});
const result = password.generate({ algorithm: Algorithm.username }, {});
await expect(result).rejects.toBeInstanceOf(Error);
});

5
libs/tools/generator/core/src/engine/password-randomizer.ts
View File

@@ -2,6 +2,7 @@
// @ts-strict-ignore
import { EFFLongWordList } from "@bitwarden/common/platform/misc/wordlist";
import { Type } from "../metadata";
import {
CredentialGenerator,
GenerateRequest,
@@ -86,7 +87,7 @@ export class PasswordRandomizer
return new GeneratedCredential(
password,
"password",
Type.password,
Date.now(),
request.source,
request.website,
@@ -97,7 +98,7 @@ export class PasswordRandomizer
return new GeneratedCredential(
passphrase,
"passphrase",
Type.password,
Date.now(),
request.source,
request.website,

8
libs/tools/generator/core/src/engine/username-randomizer.spec.ts
View File

@@ -2,6 +2,8 @@ import { mock } from "jest-mock-extended";
import { EFFLongWordList } from "@bitwarden/common/platform/misc/wordlist";
import { Algorithm, Type } from "../metadata";
import { Randomizer } from "./abstractions";
import { UsernameRandomizer } from "./username-randomizer";
@@ -108,19 +110,19 @@ describe("UsernameRandomizer", () => {
const username = new UsernameRandomizer(randomizer);
const result = await username.generate(
{},
{ algorithm: Algorithm.username },
{
wordIncludeNumber: true,
},
);
expect(result.category).toEqual("username");
expect(result.category).toEqual(Type.username);
});
it("throws when it cannot recognize the options type", async () => {
const username = new UsernameRandomizer(randomizer);
const result = username.generate({}, {});
const result = username.generate({ algorithm: Algorithm.passphrase }, {});
await expect(result).rejects.toBeInstanceOf(Error);
});

23
libs/tools/generator/core/src/index.ts
View File

@@ -3,13 +3,34 @@ export * from "./abstractions";
export * from "./data";
export { createRandomizer } from "./factories";
export * from "./types";
export { CredentialGeneratorService } from "./services";
export { DefaultCredentialGeneratorService } from "./services";
export {
CredentialType,
CredentialAlgorithm,
PasswordAlgorithm,
Algorithm,
BuiltIn,
Type,
Profile,
GeneratorMetadata,
GeneratorProfile,
AlgorithmMetadata,
AlgorithmsByType,
} from "./metadata";
export {
isForwarderExtensionId,
isEmailAlgorithm,
isUsernameAlgorithm,
isPasswordAlgorithm,
isSameAlgorithm,
} from "./metadata/util";
// These internal interfacess are exposed for use by other generator modules
// They are unstable and may change arbitrarily
export * as engine from "./engine";
export * as integration from "./integration";
export * as policies from "./policies";
export * as providers from "./providers";
export * as rx from "./rx";
export * as services from "./services";
export * as strategies from "./strategies";

3
libs/tools/generator/core/src/integration/addy-io.ts
View File

@@ -4,6 +4,7 @@ import {
UserKeyDefinition,
} from "@bitwarden/common/platform/state";
import { VendorId } from "@bitwarden/common/tools/extension";
import { Vendor } from "@bitwarden/common/tools/extension/vendor/data";
import { IntegrationContext, IntegrationId } from "@bitwarden/common/tools/integration";
import {
ApiSettings,
@@ -101,7 +102,7 @@ const forwarder = Object.freeze({
export const AddyIo = Object.freeze({
// integration
id: "anonaddy" as IntegrationId & VendorId,
id: Vendor.addyio as IntegrationId & VendorId,
name: "Addy.io",
extends: ["forwarder"],

3
libs/tools/generator/core/src/integration/duck-duck-go.ts
View File

@@ -4,6 +4,7 @@ import {
UserKeyDefinition,
} from "@bitwarden/common/platform/state";
import { VendorId } from "@bitwarden/common/tools/extension";
import { Vendor } from "@bitwarden/common/tools/extension/vendor/data";
import { IntegrationContext, IntegrationId } from "@bitwarden/common/tools/integration";
import { ApiSettings, IntegrationRequest } from "@bitwarden/common/tools/integration/rpc";
import { PrivateClassifier } from "@bitwarden/common/tools/private-classifier";
@@ -90,7 +91,7 @@ const forwarder = Object.freeze({
// integration-wide configuration
export const DuckDuckGo = Object.freeze({
id: "duckduckgo" as IntegrationId & VendorId,
id: Vendor.duckduckgo as IntegrationId & VendorId,
name: "DuckDuckGo",
baseUrl: "https://quack.duckduckgo.com/api",
selfHost: "never",

3
libs/tools/generator/core/src/integration/fastmail.ts
View File

@@ -6,6 +6,7 @@ import {
UserKeyDefinition,
} from "@bitwarden/common/platform/state";
import { VendorId } from "@bitwarden/common/tools/extension";
import { Vendor } from "@bitwarden/common/tools/extension/vendor/data";
import { IntegrationContext, IntegrationId } from "@bitwarden/common/tools/integration";
import { ApiSettings, IntegrationRequest } from "@bitwarden/common/tools/integration/rpc";
import { PrivateClassifier } from "@bitwarden/common/tools/private-classifier";
@@ -160,7 +161,7 @@ const forwarder = Object.freeze({
// integration-wide configuration
export const Fastmail = Object.freeze({
id: "fastmail" as IntegrationId & VendorId,
id: Vendor.fastmail as IntegrationId & VendorId,
name: "Fastmail",
baseUrl: "https://api.fastmail.com",
selfHost: "maybe",

3
libs/tools/generator/core/src/integration/firefox-relay.ts
View File

@@ -4,6 +4,7 @@ import {
UserKeyDefinition,
} from "@bitwarden/common/platform/state";
import { VendorId } from "@bitwarden/common/tools/extension";
import { Vendor } from "@bitwarden/common/tools/extension/vendor/data";
import { IntegrationContext, IntegrationId } from "@bitwarden/common/tools/integration";
import { ApiSettings, IntegrationRequest } from "@bitwarden/common/tools/integration/rpc";
import { PrivateClassifier } from "@bitwarden/common/tools/private-classifier";
@@ -98,7 +99,7 @@ const forwarder = Object.freeze({
// integration-wide configuration
export const FirefoxRelay = Object.freeze({
id: "firefoxrelay" as IntegrationId & VendorId,
id: Vendor.mozilla as IntegrationId & VendorId,
name: "Firefox Relay",
baseUrl: "https://relay.firefox.com/api",
selfHost: "never",

3
libs/tools/generator/core/src/integration/forward-email.ts
View File

@@ -4,6 +4,7 @@ import {
UserKeyDefinition,
} from "@bitwarden/common/platform/state";
import { VendorId } from "@bitwarden/common/tools/extension";
import { Vendor } from "@bitwarden/common/tools/extension/vendor/data";
import { IntegrationContext, IntegrationId } from "@bitwarden/common/tools/integration";
import { ApiSettings, IntegrationRequest } from "@bitwarden/common/tools/integration/rpc";
import { PrivateClassifier } from "@bitwarden/common/tools/private-classifier";
@@ -102,7 +103,7 @@ const forwarder = Object.freeze({
export const ForwardEmail = Object.freeze({
// integration metadata
id: "forwardemail" as IntegrationId & VendorId,
id: Vendor.forwardemail as IntegrationId & VendorId,
name: "Forward Email",
extends: ["forwarder"],

3
libs/tools/generator/core/src/integration/simple-login.ts
View File

@@ -4,6 +4,7 @@ import {
UserKeyDefinition,
} from "@bitwarden/common/platform/state";
import { VendorId } from "@bitwarden/common/tools/extension";
import { Vendor } from "@bitwarden/common/tools/extension/vendor/data";
import { IntegrationContext, IntegrationId } from "@bitwarden/common/tools/integration";
import {
ApiSettings,
@@ -104,7 +105,7 @@ const forwarder = Object.freeze({
// integration-wide configuration
export const SimpleLogin = Object.freeze({
id: "simplelogin" as IntegrationId & VendorId,
id: Vendor.simplelogin as IntegrationId & VendorId,
name: "SimpleLogin",
selfHost: "maybe",
extends: ["forwarder"],

10
libs/tools/generator/core/src/metadata/algorithm-metadata.ts
View File

@@ -1,6 +1,6 @@
import { CredentialAlgorithm, CredentialType } from "./type";
import { I18nKeyOrLiteral } from "@bitwarden/common/tools/types";
type I18nKeyOrLiteral = string | { literal: string };
import { CredentialAlgorithm, CredentialType } from "./type";
/** Credential generator metadata common across credential generators */
export type AlgorithmMetadata = {
@@ -14,7 +14,7 @@ export type AlgorithmMetadata = {
id: CredentialAlgorithm;
/** The kind of credential generated by this configuration */
category: CredentialType;
type: CredentialType;
/** Used to order credential algorithms for display purposes.
* Items with lesser weights appear before entries with greater
@@ -23,6 +23,10 @@ export type AlgorithmMetadata = {
weight: number;
/** Localization keys */
// FIXME: in practice, keys like `credentialGenerated` all align
// with credential types and contain duplicate keys. Extract
// them into a "credential type metadata" type and integrate
// that type with the algorithm metadata instead.
i18nKeys: {
/** descriptive name of the algorithm */
name: I18nKeyOrLiteral;

3
libs/tools/generator/core/src/metadata/email/catchall.spec.ts
View File

@@ -2,7 +2,8 @@ import { mock } from "jest-mock-extended";
import { EmailRandomizer } from "../../engine";
import { CatchallConstraints } from "../../policies/catchall-constraints";
import { CatchallGenerationOptions, GeneratorDependencyProvider } from "../../types";
import { GeneratorDependencyProvider } from "../../providers";
import { CatchallGenerationOptions } from "../../types";
import { Profile } from "../data";
import { CoreProfileMetadata } from "../profile-metadata";
import { isCoreProfile } from "../util";

9
libs/tools/generator/core/src/metadata/email/catchall.ts
View File

@@ -4,17 +4,14 @@ import { deepFreeze } from "@bitwarden/common/tools/util";
import { EmailRandomizer } from "../../engine";
import { CatchallConstraints } from "../../policies/catchall-constraints";
import {
CatchallGenerationOptions,
CredentialGenerator,
GeneratorDependencyProvider,
} from "../../types";
import { GeneratorDependencyProvider } from "../../providers";
import { CatchallGenerationOptions, CredentialGenerator } from "../../types";
import { Algorithm, Type, Profile } from "../data";
import { GeneratorMetadata } from "../generator-metadata";
const catchall: GeneratorMetadata<CatchallGenerationOptions> = deepFreeze({
id: Algorithm.catchall,
category: Type.email,
type: Type.email,
weight: 210,
i18nKeys: {
name: "catchallEmail",

17
libs/tools/generator/core/src/metadata/email/forwarder.ts
View File

@@ -1,19 +1,14 @@
import { ExtensionMetadata, ExtensionStorageKey } from "@bitwarden/common/tools/extension/type";
import { SelfHostedApiSettings } from "@bitwarden/common/tools/integration/rpc";
import { IdentityConstraint } from "@bitwarden/common/tools/state/identity-state-constraint";
import { getForwarderConfiguration } from "../../data";
import { EmailDomainSettings, EmailPrefixSettings } from "../../engine";
import { Forwarder } from "../../engine/forwarder";
import { GeneratorDependencyProvider } from "../../types";
import { GeneratorDependencyProvider } from "../../providers";
import { ForwarderOptions } from "../../types";
import { Profile, Type } from "../data";
import { GeneratorMetadata } from "../generator-metadata";
import { ForwarderProfileMetadata } from "../profile-metadata";
// These options are used by all forwarders; each forwarder uses a different set,
// as defined by `GeneratorMetadata<T>.capabilities.fields`.
type ForwarderOptions = Partial<EmailDomainSettings & EmailPrefixSettings & SelfHostedApiSettings>;
// update the extension metadata
export function toForwarderMetadata(
extension: ExtensionMetadata,
@@ -28,7 +23,7 @@ export function toForwarderMetadata(
const generator: GeneratorMetadata<ForwarderOptions> = {
id: { forwarder: extension.product.vendor.id },
category: Type.email,
type: Type.email,
weight: 300,
i18nKeys: {
name,
@@ -56,6 +51,12 @@ export function toForwarderMetadata(
storage: {
key: "forwarder",
frame: 512,
initial: {
token: "",
baseUrl: "",
domain: "",
prefix: "",
},
options: {
deserializer: (value) => value,
clearOn: ["logout"],

3
libs/tools/generator/core/src/metadata/email/plus-address.spec.ts
View File

@@ -2,7 +2,8 @@ import { mock } from "jest-mock-extended";
import { EmailRandomizer } from "../../engine";
import { SubaddressConstraints } from "../../policies/subaddress-constraints";
import { SubaddressGenerationOptions, GeneratorDependencyProvider } from "../../types";
import { GeneratorDependencyProvider } from "../../providers";
import { SubaddressGenerationOptions } from "../../types";
import { Profile } from "../data";
import { CoreProfileMetadata } from "../profile-metadata";
import { isCoreProfile } from "../util";

9
libs/tools/generator/core/src/metadata/email/plus-address.ts
View File

@@ -4,17 +4,14 @@ import { deepFreeze } from "@bitwarden/common/tools/util";
import { EmailRandomizer } from "../../engine";
import { SubaddressConstraints } from "../../policies/subaddress-constraints";
import {
CredentialGenerator,
GeneratorDependencyProvider,
SubaddressGenerationOptions,
} from "../../types";
import { GeneratorDependencyProvider } from "../../providers";
import { CredentialGenerator, SubaddressGenerationOptions } from "../../types";
import { Algorithm, Profile, Type } from "../data";
import { GeneratorMetadata } from "../generator-metadata";
const plusAddress: GeneratorMetadata<SubaddressGenerationOptions> = deepFreeze({
id: Algorithm.plusAddress,
category: Type.email,
type: Type.email,
weight: 200,
i18nKeys: {
name: "plusAddressedEmail",

3
libs/tools/generator/core/src/metadata/generator-metadata.ts
View File

@@ -1,4 +1,5 @@
import { CredentialGenerator, GeneratorDependencyProvider } from "../types";
import { GeneratorDependencyProvider } from "../providers";
import { CredentialGenerator } from "../types";
import { AlgorithmMetadata } from "./algorithm-metadata";
import { Profile } from "./data";

42
libs/tools/generator/core/src/metadata/index.ts
View File

@@ -3,7 +3,32 @@ import {
AlgorithmsByType as AlgorithmsByTypeData,
Type as TypeData,
} from "./data";
import catchall from "./email/catchall";
import plusAddress from "./email/plus-address";
import passphrase from "./password/eff-word-list";
import password from "./password/random-password";
import { CredentialType, CredentialAlgorithm } from "./type";
import effWordList from "./username/eff-word-list";
/** Credential generators hosted natively by the credential generator system.
* These are supplemented by generators from the {@link ExtensionService}.
*/
export const BuiltIn = Object.freeze({
/** Catchall email address generator */
catchall,
/** plus-addressed email address generator */
plusAddress,
/** passphrase generator using the EFF word list */
passphrase,
/** password generator */
password,
/** username generator using the EFF word list */
effWordList,
});
// `CredentialAlgorithm` is defined in terms of `ABT`; supplying
// type information in the barrel file breaks a circular dependency.
@@ -12,14 +37,29 @@ export const AlgorithmsByType: Record<
CredentialType,
ReadonlyArray<CredentialAlgorithm>
> = AlgorithmsByTypeData;
/** A list of all built-in algorithm identifiers
* @remarks this is useful when you need to filter invalid values
*/
export const Algorithms: ReadonlyArray<CredentialAlgorithm> = Object.freeze(
Object.values(AlgorithmData),
);
/** A list of all built-in algorithm types
* @remarks this is useful when you need to filter invalid values
*/
export const Types: ReadonlyArray<CredentialType> = Object.freeze(Object.values(TypeData));
export { Profile, Type, Algorithm } from "./data";
export { toForwarderMetadata } from "./email/forwarder";
export { AlgorithmMetadata } from "./algorithm-metadata";
export { GeneratorMetadata } from "./generator-metadata";
export { ProfileContext, CoreProfileMetadata, ProfileMetadata } from "./profile-metadata";
export { GeneratorProfile, CredentialAlgorithm, CredentialType } from "./type";
export {
GeneratorProfile,
CredentialAlgorithm,
PasswordAlgorithm,
CredentialType,
ForwarderExtensionId,
} from "./type";
export { isForwarderProfile, toVendorId, isForwarderExtensionId } from "./util";

3
libs/tools/generator/core/src/metadata/password/eff-word-list.spec.ts
View File

@@ -5,7 +5,8 @@ import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
import { PasswordRandomizer } from "../../engine";
import { PassphrasePolicyConstraints } from "../../policies";
import { PassphraseGenerationOptions, GeneratorDependencyProvider } from "../../types";
import { GeneratorDependencyProvider } from "../../providers";
import { PassphraseGenerationOptions } from "../../types";
import { Profile } from "../data";
import { CoreProfileMetadata } from "../profile-metadata";
import { isCoreProfile } from "../util";

11
libs/tools/generator/core/src/metadata/password/eff-word-list.ts
View File

@@ -5,17 +5,14 @@ import { ObjectKey } from "@bitwarden/common/tools/state/object-key";
import { PasswordRandomizer } from "../../engine";
import { passphraseLeastPrivilege, PassphrasePolicyConstraints } from "../../policies";
import {
CredentialGenerator,
GeneratorDependencyProvider,
PassphraseGenerationOptions,
} from "../../types";
import { GeneratorDependencyProvider } from "../../providers";
import { CredentialGenerator, PassphraseGenerationOptions } from "../../types";
import { Algorithm, Profile, Type } from "../data";
import { GeneratorMetadata } from "../generator-metadata";
const passphrase: GeneratorMetadata<PassphraseGenerationOptions> = {
id: Algorithm.passphrase,
category: Type.password,
type: Type.password,
weight: 110,
i18nKeys: {
name: "passphrase",
@@ -26,7 +23,7 @@ const passphrase: GeneratorMetadata<PassphraseGenerationOptions> = {
useCredential: "useThisPassphrase",
},
capabilities: {
autogenerate: false,
autogenerate: true,
fields: [],
},
engine: {

3
libs/tools/generator/core/src/metadata/password/random-password.spec.ts
View File

@@ -5,7 +5,8 @@ import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
import { PasswordRandomizer } from "../../engine";
import { DynamicPasswordPolicyConstraints } from "../../policies";
import { PasswordGenerationOptions, GeneratorDependencyProvider } from "../../types";
import { GeneratorDependencyProvider } from "../../providers";
import { PasswordGenerationOptions } from "../../types";
import { Profile } from "../data";
import { CoreProfileMetadata } from "../profile-metadata";
import { isCoreProfile } from "../util";

9
libs/tools/generator/core/src/metadata/password/random-password.ts
View File

@@ -5,17 +5,14 @@ import { deepFreeze } from "@bitwarden/common/tools/util";
import { PasswordRandomizer } from "../../engine";
import { DynamicPasswordPolicyConstraints, passwordLeastPrivilege } from "../../policies";
import {
CredentialGenerator,
GeneratorDependencyProvider,
PasswordGeneratorSettings,
} from "../../types";
import { GeneratorDependencyProvider } from "../../providers";
import { CredentialGenerator, PasswordGeneratorSettings } from "../../types";
import { Algorithm, Profile, Type } from "../data";
import { GeneratorMetadata } from "../generator-metadata";
const password: GeneratorMetadata<PasswordGeneratorSettings> = deepFreeze({
id: Algorithm.password,
category: Type.password,
type: Type.password,
weight: 100,
i18nKeys: {
name: "password",

3
libs/tools/generator/core/src/metadata/username/eff-word-list.spec.ts
View File

@@ -3,7 +3,8 @@ import { mock } from "jest-mock-extended";
import { IdentityConstraint } from "@bitwarden/common/tools/state/identity-state-constraint";
import { UsernameRandomizer } from "../../engine";
import { EffUsernameGenerationOptions, GeneratorDependencyProvider } from "../../types";
import { GeneratorDependencyProvider } from "../../providers";
import { EffUsernameGenerationOptions } from "../../types";
import { Profile } from "../data";
import { CoreProfileMetadata } from "../profile-metadata";
import { isCoreProfile } from "../util";

9
libs/tools/generator/core/src/metadata/username/eff-word-list.ts
View File

@@ -4,17 +4,14 @@ import { IdentityConstraint } from "@bitwarden/common/tools/state/identity-state
import { deepFreeze } from "@bitwarden/common/tools/util";
import { UsernameRandomizer } from "../../engine";
import {
CredentialGenerator,
EffUsernameGenerationOptions,
GeneratorDependencyProvider,
} from "../../types";
import { GeneratorDependencyProvider } from "../../providers";
import { CredentialGenerator, EffUsernameGenerationOptions } from "../../types";
import { Algorithm, Profile, Type } from "../data";
import { GeneratorMetadata } from "../generator-metadata";
const effWordList: GeneratorMetadata<EffUsernameGenerationOptions> = deepFreeze({
id: Algorithm.username,
category: Type.username,
type: Type.username,
weight: 400,
i18nKeys: {
name: "randomWord",

8
libs/tools/generator/core/src/metadata/util.ts
View File

@@ -12,23 +12,23 @@ import {
/** Returns true when the input algorithm is a password algorithm. */
export function isPasswordAlgorithm(
algorithm: CredentialAlgorithm,
algorithm: CredentialAlgorithm | null,
): algorithm is PasswordAlgorithm {
return AlgorithmsByType.password.includes(algorithm as any);
}
/** Returns true when the input algorithm is a username algorithm. */
export function isUsernameAlgorithm(
algorithm: CredentialAlgorithm,
algorithm: CredentialAlgorithm | null,
): algorithm is UsernameAlgorithm {
return AlgorithmsByType.username.includes(algorithm as any);
}
/** Returns true when the input algorithm is a forwarder integration. */
export function isForwarderExtensionId(
algorithm: CredentialAlgorithm,
algorithm: CredentialAlgorithm | null,
): algorithm is ForwarderExtensionId {
return algorithm && typeof algorithm === "object" && "forwarder" in algorithm;
return !!(algorithm && typeof algorithm === "object" && "forwarder" in algorithm);
}
/** Extract a `VendorId` from a `CredentialAlgorithm`.

76
libs/tools/generator/core/src/policies/available-algorithms-constraint.ts Normal file
View File

@@ -0,0 +1,76 @@
import { SemanticLogger } from "@bitwarden/common/tools/log";
import { UserStateSubjectDependencyProvider } from "@bitwarden/common/tools/state/user-state-subject-dependency-provider";
import { Constraints, StateConstraints } from "@bitwarden/common/tools/types";
import { CredentialAlgorithm, CredentialType } from "../metadata";
import { CredentialPreference } from "../types";
import { TypeRequest } from "../types/metadata-request";
export class AvailableAlgorithmsConstraint implements StateConstraints<CredentialPreference> {
/** Well-known constraints of `State` */
readonly constraints: Readonly<Constraints<CredentialPreference>> = {};
/** Creates a password policy constraints
* @param algorithms loads the algorithms for an algorithm type
* @param isAvailable returns `true` when `algorithm` is enabled by policy
* @param system provides logging facilities
*/
constructor(
readonly algorithms: (request: TypeRequest) => CredentialAlgorithm[],
readonly isAvailable: (algorithm: CredentialAlgorithm) => boolean,
readonly system: UserStateSubjectDependencyProvider,
) {
this.log = system.log({ type: "AvailableAlgorithmsConstraint" });
}
private readonly log: SemanticLogger;
adjust(preferences: CredentialPreference): CredentialPreference {
const result: any = {};
const types = Object.keys(preferences) as CredentialType[];
for (const t of types) {
result[t] = this.adjustPreference(t, preferences[t]);
}
return result;
}
private adjustPreference(type: CredentialType, preference: { algorithm: CredentialAlgorithm }) {
if (this.isAvailable(preference.algorithm)) {
this.log.debug({ preference, type }, "using preferred algorithm");
return preference;
}
// choose a default - this algorithm is arbitrary, but stable.
const algorithms = type ? this.algorithms({ type: type }) : [];
const defaultAlgorithm = algorithms.find(this.isAvailable) ?? null;
// adjust the preference
let adjustedPreference;
if (defaultAlgorithm) {
adjustedPreference = {
...preference,
algorithm: defaultAlgorithm,
updated: this.system.now(),
};
this.log.debug(
{ preference, defaultAlgorithm, type },
"preference not available; defaulting the algorithm",
);
} else {
// FIXME: hard-code a fallback in category metadata
this.log.warn(
{ preference, type },
"preference not available and default algorithm not found; continuing with preference",
);
adjustedPreference = preference;
}
return adjustedPreference;
}
fix(preferences: CredentialPreference): CredentialPreference {
return preferences;
}
}

18
libs/tools/generator/core/src/policies/available-algorithms-policy.spec.ts
View File

@@ -2,15 +2,15 @@ import { PolicyType } from "@bitwarden/common/admin-console/enums";
import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
import { PolicyId } from "@bitwarden/common/types/guid";
import { CredentialAlgorithms, PasswordAlgorithms } from "../data";
import { Algorithm, Algorithms, AlgorithmsByType } from "../metadata";
import { availableAlgorithms } from "./available-algorithms-policy";
describe("availableAlgorithmsPolicy", () => {
describe("availableAlgorithms_vNextPolicy", () => {
it("returns all algorithms", () => {
const result = availableAlgorithms([]);
for (const expected of CredentialAlgorithms) {
for (const expected of Algorithms) {
expect(result).toContain(expected);
}
});
@@ -30,7 +30,7 @@ describe("availableAlgorithmsPolicy", () => {
expect(result).toContain(override);
for (const expected of PasswordAlgorithms.filter((a) => a !== override)) {
for (const expected of AlgorithmsByType[Algorithm.password].filter((a) => a !== override)) {
expect(result).not.toContain(expected);
}
});
@@ -50,7 +50,7 @@ describe("availableAlgorithmsPolicy", () => {
expect(result).toContain(override);
for (const expected of PasswordAlgorithms.filter((a) => a !== override)) {
for (const expected of AlgorithmsByType[Algorithm.password].filter((a) => a !== override)) {
expect(result).not.toContain(expected);
}
});
@@ -79,7 +79,7 @@ describe("availableAlgorithmsPolicy", () => {
expect(result).toContain("password");
for (const expected of PasswordAlgorithms.filter((a) => a !== "password")) {
for (const expected of AlgorithmsByType[Algorithm.password].filter((a) => a !== "password")) {
expect(result).not.toContain(expected);
}
});
@@ -97,7 +97,7 @@ describe("availableAlgorithmsPolicy", () => {
const result = availableAlgorithms([policy]);
for (const expected of CredentialAlgorithms) {
for (const expected of Algorithms) {
expect(result).toContain(expected);
}
});
@@ -115,7 +115,7 @@ describe("availableAlgorithmsPolicy", () => {
const result = availableAlgorithms([policy]);
for (const expected of CredentialAlgorithms) {
for (const expected of Algorithms) {
expect(result).toContain(expected);
}
});
@@ -133,7 +133,7 @@ describe("availableAlgorithmsPolicy", () => {
const result = availableAlgorithms([policy]);
for (const expected of CredentialAlgorithms) {
for (const expected of Algorithms) {
expect(result).toContain(expected);
}
});

43
libs/tools/generator/core/src/policies/available-algorithms-policy.ts
View File

@@ -1,57 +1,30 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { PolicyType } from "@bitwarden/common/admin-console/enums";
// FIXME: use index.ts imports once policy abstractions and models
// implement ADR-0002
import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
import {
CredentialAlgorithm as LegacyAlgorithm,
EmailAlgorithms,
PasswordAlgorithms,
UsernameAlgorithms,
} from "..";
import { CredentialAlgorithm } from "../metadata";
import { AlgorithmsByType, CredentialAlgorithm, Type } from "../metadata";
/** Reduces policies to a set of available algorithms
* @param policies the policies to reduce
* @returns the resulting `AlgorithmAvailabilityPolicy`
*/
export function availableAlgorithms(policies: Policy[]): LegacyAlgorithm[] {
export function availableAlgorithms(policies: Policy[]): CredentialAlgorithm[] {
const overridePassword = policies
.filter((policy) => policy.type === PolicyType.PasswordGenerator && policy.enabled)
.reduce(
(type, policy) => (type === "password" ? type : (policy.data.overridePasswordType ?? type)),
null as LegacyAlgorithm,
null as CredentialAlgorithm | null,
);
const policy: LegacyAlgorithm[] = [...EmailAlgorithms, ...UsernameAlgorithms];
const policy: CredentialAlgorithm[] = [
...AlgorithmsByType[Type.email],
...AlgorithmsByType[Type.username],
];
if (overridePassword) {
policy.push(overridePassword);
} else {
policy.push(...PasswordAlgorithms);
}
return policy;
}
/** Reduces policies to a set of available algorithms
* @param policies the policies to reduce
* @returns the resulting `AlgorithmAvailabilityPolicy`
*/
export function availableAlgorithms_vNext(policies: Policy[]): CredentialAlgorithm[] {
const overridePassword = policies
.filter((policy) => policy.type === PolicyType.PasswordGenerator && policy.enabled)
.reduce(
(type, policy) => (type === "password" ? type : (policy.data.overridePasswordType ?? type)),
null as CredentialAlgorithm,
);
const policy: CredentialAlgorithm[] = [...EmailAlgorithms, ...UsernameAlgorithms];
if (overridePassword) {
policy.push(overridePassword);
} else {
policy.push(...PasswordAlgorithms);
policy.push(...AlgorithmsByType[Type.password]);
}
return policy;

50
libs/tools/generator/core/src/policies/dynamic-password-policy-constraints.spec.ts
View File

@@ -1,15 +1,25 @@
import { ObjectKey } from "@bitwarden/common/tools/state/object-key";
import { Generators } from "../data";
import { BuiltIn, Profile } from "../metadata";
import { PasswordGeneratorSettings } from "../types";
import { AtLeastOne, Zero } from "./constraints";
import { DynamicPasswordPolicyConstraints } from "./dynamic-password-policy-constraints";
const accoutSettings = Generators.password.settings.account as ObjectKey<PasswordGeneratorSettings>;
const defaultOptions = accoutSettings.initial;
const disabledPolicy = Generators.password.policy.disabledValue;
const someConstraints = Generators.password.settings.constraints;
// non-null assertions used because these are always-defined constants
const accoutSettings = BuiltIn.password.profiles[Profile.account]!
.storage as ObjectKey<PasswordGeneratorSettings>;
const defaultOptions = accoutSettings.initial!;
const disabledPolicy = {
minLength: 0,
useUppercase: false,
useLowercase: false,
useNumbers: false,
numberCount: 0,
useSpecial: false,
specialCount: 0,
};
const someConstraints = BuiltIn.password.profiles[Profile.account]!.constraints.default;
describe("DynamicPasswordPolicyConstraints", () => {
describe("constructor", () => {
@@ -33,8 +43,8 @@ describe("DynamicPasswordPolicyConstraints", () => {
const { constraints } = new DynamicPasswordPolicyConstraints(policy, someConstraints);
expect(constraints.policyInEffect).toBeTruthy();
expect(constraints.lowercase.readonly).toEqual(true);
expect(constraints.lowercase.requiredValue).toEqual(true);
expect(constraints.lowercase?.readonly).toEqual(true);
expect(constraints.lowercase?.requiredValue).toEqual(true);
expect(constraints.minLowercase).toEqual({ min: 1 });
});
@@ -43,8 +53,8 @@ describe("DynamicPasswordPolicyConstraints", () => {
const { constraints } = new DynamicPasswordPolicyConstraints(policy, someConstraints);
expect(constraints.policyInEffect).toBeTruthy();
expect(constraints.uppercase.readonly).toEqual(true);
expect(constraints.uppercase.requiredValue).toEqual(true);
expect(constraints.uppercase?.readonly).toEqual(true);
expect(constraints.uppercase?.requiredValue).toEqual(true);
expect(constraints.minUppercase).toEqual({ min: 1 });
});
@@ -53,8 +63,8 @@ describe("DynamicPasswordPolicyConstraints", () => {
const { constraints } = new DynamicPasswordPolicyConstraints(policy, someConstraints);
expect(constraints.policyInEffect).toBeTruthy();
expect(constraints.number.readonly).toEqual(true);
expect(constraints.number.requiredValue).toEqual(true);
expect(constraints.number?.readonly).toEqual(true);
expect(constraints.number?.requiredValue).toEqual(true);
expect(constraints.minNumber).toEqual({ min: 1, max: 9 });
});
@@ -63,8 +73,8 @@ describe("DynamicPasswordPolicyConstraints", () => {
const { constraints } = new DynamicPasswordPolicyConstraints(policy, someConstraints);
expect(constraints.policyInEffect).toBeTruthy();
expect(constraints.special.readonly).toEqual(true);
expect(constraints.special.requiredValue).toEqual(true);
expect(constraints.special?.readonly).toEqual(true);
expect(constraints.special?.requiredValue).toEqual(true);
expect(constraints.minSpecial).toEqual({ min: 1, max: 9 });
});
@@ -73,8 +83,8 @@ describe("DynamicPasswordPolicyConstraints", () => {
const { constraints } = new DynamicPasswordPolicyConstraints(policy, someConstraints);
expect(constraints.policyInEffect).toBeTruthy();
expect(constraints.number.readonly).toEqual(true);
expect(constraints.number.requiredValue).toEqual(true);
expect(constraints.number?.readonly).toEqual(true);
expect(constraints.number?.requiredValue).toEqual(true);
expect(constraints.minNumber).toEqual({ min: 2, max: 9 });
});
@@ -83,8 +93,8 @@ describe("DynamicPasswordPolicyConstraints", () => {
const { constraints } = new DynamicPasswordPolicyConstraints(policy, someConstraints);
expect(constraints.policyInEffect).toBeTruthy();
expect(constraints.special.readonly).toEqual(true);
expect(constraints.special.requiredValue).toEqual(true);
expect(constraints.special?.readonly).toEqual(true);
expect(constraints.special?.requiredValue).toEqual(true);
expect(constraints.minSpecial).toEqual({ min: 2, max: 9 });
});
@@ -140,7 +150,8 @@ describe("DynamicPasswordPolicyConstraints", () => {
const dynamic = new DynamicPasswordPolicyConstraints(
{
...disabledPolicy,
useLowercase,
// the `undefined` case is testing behavior when the type system is bypassed
useLowercase: useLowercase!,
},
someConstraints,
);
@@ -185,7 +196,8 @@ describe("DynamicPasswordPolicyConstraints", () => {
const dynamic = new DynamicPasswordPolicyConstraints(
{
...disabledPolicy,
useUppercase,
// the `undefined` case is testing behavior when the type system is bypassed
useUppercase: useUppercase!,
},
someConstraints,
);

2
libs/tools/generator/core/src/policies/index.ts
View File

@@ -5,3 +5,5 @@ export { PassphrasePolicyConstraints } from "./passphrase-policy-constraints";
export { PasswordGeneratorOptionsEvaluator } from "./password-generator-options-evaluator";
export { passphraseLeastPrivilege } from "./passphrase-least-privilege";
export { passwordLeastPrivilege } from "./password-least-privilege";
export { AvailableAlgorithmsConstraint } from "./available-algorithms-constraint";
export { availableAlgorithms } from "./available-algorithms-policy";

70
libs/tools/generator/core/src/policies/passphrase-generator-options-evaluator.spec.ts
View File

@@ -1,12 +1,32 @@
import { Policies, DefaultPassphraseBoundaries } from "../data";
import { PassphraseGenerationOptions } from "../types";
import { PolicyType } from "@bitwarden/common/admin-console/enums";
import { deepFreeze } from "@bitwarden/common/tools/util";
import { DefaultPassphraseBoundaries } from "../data";
import {
PassphraseGenerationOptions,
PassphraseGeneratorPolicy,
PolicyConfiguration,
} from "../types";
import { PassphraseGeneratorOptionsEvaluator } from "./passphrase-generator-options-evaluator";
import { passphraseLeastPrivilege } from "./passphrase-least-privilege";
describe("Password generator options builder", () => {
const Passphrase: PolicyConfiguration<PassphraseGeneratorPolicy, PassphraseGenerationOptions> =
deepFreeze({
type: PolicyType.PasswordGenerator,
disabledValue: {
minNumberWords: 0,
capitalize: false,
includeNumber: false,
},
combine: passphraseLeastPrivilege,
createEvaluator: (policy) => new PassphraseGeneratorOptionsEvaluator(policy),
});
describe("Passphrase generator options builder", () => {
describe("constructor()", () => {
it("should set the policy object to a copy of the input policy", () => {
const policy: any = Object.assign({}, Policies.Passphrase.disabledValue);
const policy: any = Object.assign({}, Passphrase.disabledValue);
policy.minNumberWords = 10; // arbitrary change for deep equality check
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
@@ -16,7 +36,7 @@ describe("Password generator options builder", () => {
});
it("should set default boundaries when a default policy is used", () => {
const policy = Object.assign({}, Policies.Passphrase.disabledValue);
const policy = Object.assign({}, Passphrase.disabledValue);
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
expect(builder.numWords).toEqual(DefaultPassphraseBoundaries.numWords);
@@ -25,7 +45,7 @@ describe("Password generator options builder", () => {
it.each([1, 2])(
"should use the default word boundaries when they are greater than `policy.minNumberWords` (= %i)",
(minNumberWords) => {
const policy: any = Object.assign({}, Policies.Passphrase.disabledValue);
const policy: any = Object.assign({}, Passphrase.disabledValue);
policy.minNumberWords = minNumberWords;
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
@@ -37,7 +57,7 @@ describe("Password generator options builder", () => {
it.each([8, 12, 18])(
"should use `policy.minNumberWords` (= %i) when it is greater than the default minimum words",
(minNumberWords) => {
const policy: any = Object.assign({}, Policies.Passphrase.disabledValue);
const policy: any = Object.assign({}, Passphrase.disabledValue);
policy.minNumberWords = minNumberWords;
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
@@ -50,7 +70,7 @@ describe("Password generator options builder", () => {
it.each([150, 300, 9000])(
"should use `policy.minNumberWords` (= %i) when it is greater than the default boundaries",
(minNumberWords) => {
const policy: any = Object.assign({}, Policies.Passphrase.disabledValue);
const policy: any = Object.assign({}, Passphrase.disabledValue);
policy.minNumberWords = minNumberWords;
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
@@ -63,14 +83,14 @@ describe("Password generator options builder", () => {
describe("policyInEffect", () => {
it("should return false when the policy has no effect", () => {
const policy = Object.assign({}, Policies.Passphrase.disabledValue);
const policy = Object.assign({}, Passphrase.disabledValue);
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
expect(builder.policyInEffect).toEqual(false);
});
it("should return true when the policy has a numWords greater than the default boundary", () => {
const policy: any = Object.assign({}, Policies.Passphrase.disabledValue);
const policy: any = Object.assign({}, Passphrase.disabledValue);
policy.minNumberWords = DefaultPassphraseBoundaries.numWords.min + 1;
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
@@ -78,7 +98,7 @@ describe("Password generator options builder", () => {
});
it("should return true when the policy has capitalize enabled", () => {
const policy: any = Object.assign({}, Policies.Passphrase.disabledValue);
const policy: any = Object.assign({}, Passphrase.disabledValue);
policy.capitalize = true;
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
@@ -86,7 +106,7 @@ describe("Password generator options builder", () => {
});
it("should return true when the policy has includeNumber enabled", () => {
const policy: any = Object.assign({}, Policies.Passphrase.disabledValue);
const policy: any = Object.assign({}, Passphrase.disabledValue);
policy.includeNumber = true;
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
@@ -98,7 +118,7 @@ describe("Password generator options builder", () => {
// All tests should freeze the options to ensure they are not modified
it("should set `capitalize` to `false` when the policy does not override it", () => {
const policy = Object.assign({}, Policies.Passphrase.disabledValue);
const policy = Object.assign({}, Passphrase.disabledValue);
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
const options = Object.freeze({});
@@ -108,7 +128,7 @@ describe("Password generator options builder", () => {
});
it("should set `capitalize` to `true` when the policy overrides it", () => {
const policy: any = Object.assign({}, Policies.Passphrase.disabledValue);
const policy: any = Object.assign({}, Passphrase.disabledValue);
policy.capitalize = true;
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ capitalize: false });
@@ -119,7 +139,7 @@ describe("Password generator options builder", () => {
});
it("should set `includeNumber` to false when the policy does not override it", () => {
const policy = Object.assign({}, Policies.Passphrase.disabledValue);
const policy = Object.assign({}, Passphrase.disabledValue);
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
const options = Object.freeze({});
@@ -129,7 +149,7 @@ describe("Password generator options builder", () => {
});
it("should set `includeNumber` to true when the policy overrides it", () => {
const policy: any = Object.assign({}, Policies.Passphrase.disabledValue);
const policy: any = Object.assign({}, Passphrase.disabledValue);
policy.includeNumber = true;
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ includeNumber: false });
@@ -140,7 +160,7 @@ describe("Password generator options builder", () => {
});
it("should set `numWords` to the minimum value when it isn't supplied", () => {
const policy = Object.assign({}, Policies.Passphrase.disabledValue);
const policy = Object.assign({}, Passphrase.disabledValue);
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
const options = Object.freeze({});
@@ -154,7 +174,7 @@ describe("Password generator options builder", () => {
(numWords) => {
expect(numWords).toBeLessThan(DefaultPassphraseBoundaries.numWords.min);
const policy = Object.assign({}, Policies.Passphrase.disabledValue);
const policy = Object.assign({}, Passphrase.disabledValue);
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ numWords });
@@ -170,7 +190,7 @@ describe("Password generator options builder", () => {
expect(numWords).toBeGreaterThanOrEqual(DefaultPassphraseBoundaries.numWords.min);
expect(numWords).toBeLessThanOrEqual(DefaultPassphraseBoundaries.numWords.max);
const policy = Object.assign({}, Policies.Passphrase.disabledValue);
const policy = Object.assign({}, Passphrase.disabledValue);
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ numWords });
@@ -185,7 +205,7 @@ describe("Password generator options builder", () => {
(numWords) => {
expect(numWords).toBeGreaterThan(DefaultPassphraseBoundaries.numWords.max);
const policy = Object.assign({}, Policies.Passphrase.disabledValue);
const policy = Object.assign({}, Passphrase.disabledValue);
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ numWords });
@@ -196,7 +216,7 @@ describe("Password generator options builder", () => {
);
it("should preserve unknown properties", () => {
const policy = Object.assign({}, Policies.Passphrase.disabledValue);
const policy = Object.assign({}, Passphrase.disabledValue);
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
const options = Object.freeze({
unknown: "property",
@@ -214,7 +234,7 @@ describe("Password generator options builder", () => {
// All tests should freeze the options to ensure they are not modified
it("should return the input options without altering them", () => {
const policy = Object.assign({}, Policies.Passphrase.disabledValue);
const policy = Object.assign({}, Passphrase.disabledValue);
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ wordSeparator: "%" });
@@ -224,7 +244,7 @@ describe("Password generator options builder", () => {
});
it("should set `wordSeparator` to '-' when it isn't supplied and there is no policy override", () => {
const policy = Object.assign({}, Policies.Passphrase.disabledValue);
const policy = Object.assign({}, Passphrase.disabledValue);
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
const options = Object.freeze({});
@@ -234,7 +254,7 @@ describe("Password generator options builder", () => {
});
it("should leave `wordSeparator` as the empty string '' when it is the empty string", () => {
const policy = Object.assign({}, Policies.Passphrase.disabledValue);
const policy = Object.assign({}, Passphrase.disabledValue);
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ wordSeparator: "" });
@@ -244,7 +264,7 @@ describe("Password generator options builder", () => {
});
it("should preserve unknown properties", () => {
const policy = Object.assign({}, Policies.Passphrase.disabledValue);
const policy = Object.assign({}, Passphrase.disabledValue);
const builder = new PassphraseGeneratorOptionsEvaluator(policy);
const options = Object.freeze({
unknown: "property",

20
libs/tools/generator/core/src/policies/passphrase-least-privilege.spec.ts
View File

@@ -4,8 +4,6 @@ import { PolicyType } from "@bitwarden/common/admin-console/enums";
import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
import { PolicyId } from "@bitwarden/common/types/guid";
import { Policies } from "../data";
import { passphraseLeastPrivilege } from "./passphrase-least-privilege";
function createPolicy(
@@ -22,21 +20,27 @@ function createPolicy(
});
}
const disabledValue = Object.freeze({
minNumberWords: 0,
capitalize: false,
includeNumber: false,
});
describe("passphraseLeastPrivilege", () => {
it("should return the accumulator when the policy type does not apply", () => {
const policy = createPolicy({}, PolicyType.RequireSso);
const result = passphraseLeastPrivilege(Policies.Passphrase.disabledValue, policy);
const result = passphraseLeastPrivilege(disabledValue, policy);
expect(result).toEqual(Policies.Passphrase.disabledValue);
expect(result).toEqual(disabledValue);
});
it("should return the accumulator when the policy is not enabled", () => {
const policy = createPolicy({}, PolicyType.PasswordGenerator, false);
const result = passphraseLeastPrivilege(Policies.Passphrase.disabledValue, policy);
const result = passphraseLeastPrivilege(disabledValue, policy);
expect(result).toEqual(Policies.Passphrase.disabledValue);
expect(result).toEqual(disabledValue);
});
it.each([
@@ -46,8 +50,8 @@ describe("passphraseLeastPrivilege", () => {
])("should take the %p from the policy", (input, value) => {
const policy = createPolicy({ [input]: value });
const result = passphraseLeastPrivilege(Policies.Passphrase.disabledValue, policy);
const result = passphraseLeastPrivilege(disabledValue, policy);
expect(result).toEqual({ ...Policies.Passphrase.disabledValue, [input]: value });
expect(result).toEqual({ ...disabledValue, [input]: value });
});
});

20
libs/tools/generator/core/src/policies/passphrase-policy-constraints.spec.ts
View File

@@ -1,4 +1,4 @@
import { Generators } from "../data";
import { BuiltIn, Profile } from "../metadata";
import { PassphrasePolicyConstraints } from "./passphrase-policy-constraints";
@@ -9,8 +9,12 @@ const SomeSettings = {
wordSeparator: "-",
};
const disabledPolicy = Generators.passphrase.policy.disabledValue;
const someConstraints = Generators.passphrase.settings.constraints;
const disabledPolicy = {
minNumberWords: 0,
capitalize: false,
includeNumber: false,
};
const someConstraints = BuiltIn.passphrase.profiles[Profile.account]!.constraints.default;
describe("PassphrasePolicyConstraints", () => {
describe("constructor", () => {
@@ -61,7 +65,7 @@ describe("PassphrasePolicyConstraints", () => {
expect(constraints.policyInEffect).toBeTruthy();
expect(constraints.numWords).toMatchObject({
min: 10,
max: someConstraints.numWords.max,
max: someConstraints.numWords?.max,
});
});
});
@@ -84,8 +88,8 @@ describe("PassphrasePolicyConstraints", () => {
});
it.each([
[1, someConstraints.numWords.min, 3, someConstraints.numWords.max],
[21, someConstraints.numWords.min, 20, someConstraints.numWords.max],
[1, someConstraints.numWords?.min, 3, someConstraints.numWords?.max],
[21, someConstraints.numWords?.min, 20, someConstraints.numWords?.max],
])(
`fits numWords (=%p) within the default bounds (%p <= %p <= %p)`,
(value, _, expected, __) => {
@@ -98,8 +102,8 @@ describe("PassphrasePolicyConstraints", () => {
);
it.each([
[1, 6, 6, someConstraints.numWords.max],
[21, 20, 20, someConstraints.numWords.max],
[1, 6, 6, someConstraints.numWords?.max],
[21, 20, 20, someConstraints.numWords?.max],
])(
"fits numWords (=%p) within the policy bounds (%p <= %p <= %p)",
(value, minNumberWords, expected, _) => {

126
libs/tools/generator/core/src/policies/password-generator-options-evaluator.spec.ts
View File

@@ -1,14 +1,34 @@
import { DefaultPasswordBoundaries, Policies } from "../data";
import { PasswordGenerationOptions } from "../types";
import { PolicyType } from "@bitwarden/common/admin-console/enums";
import { deepFreeze } from "@bitwarden/common/tools/util";
import { DefaultPasswordBoundaries } from "../data";
import { PasswordGenerationOptions, PasswordGeneratorPolicy, PolicyConfiguration } from "../types";
import { PasswordGeneratorOptionsEvaluator } from "./password-generator-options-evaluator";
import { passwordLeastPrivilege } from "./password-least-privilege";
const Password: PolicyConfiguration<PasswordGeneratorPolicy, PasswordGenerationOptions> =
deepFreeze({
type: PolicyType.PasswordGenerator,
disabledValue: {
minLength: 0,
useUppercase: false,
useLowercase: false,
useNumbers: false,
numberCount: 0,
useSpecial: false,
specialCount: 0,
},
combine: passwordLeastPrivilege,
createEvaluator: (policy) => new PasswordGeneratorOptionsEvaluator(policy),
});
describe("Password generator options builder", () => {
const defaultOptions = Object.freeze({ minLength: 0 });
describe("constructor()", () => {
it("should set the policy object to a copy of the input policy", () => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.minLength = 10; // arbitrary change for deep equality check
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -18,7 +38,7 @@ describe("Password generator options builder", () => {
});
it("should set default boundaries when a default policy is used", () => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -32,7 +52,7 @@ describe("Password generator options builder", () => {
(minLength) => {
expect(minLength).toBeLessThan(DefaultPasswordBoundaries.length.min);
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.minLength = minLength;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -47,7 +67,7 @@ describe("Password generator options builder", () => {
expect(expectedLength).toBeGreaterThan(DefaultPasswordBoundaries.length.min);
expect(expectedLength).toBeLessThanOrEqual(DefaultPasswordBoundaries.length.max);
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.minLength = expectedLength;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -62,7 +82,7 @@ describe("Password generator options builder", () => {
(expectedLength) => {
expect(expectedLength).toBeGreaterThan(DefaultPasswordBoundaries.length.max);
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.minLength = expectedLength;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -78,7 +98,7 @@ describe("Password generator options builder", () => {
expect(expectedMinDigits).toBeGreaterThan(DefaultPasswordBoundaries.minDigits.min);
expect(expectedMinDigits).toBeLessThanOrEqual(DefaultPasswordBoundaries.minDigits.max);
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.numberCount = expectedMinDigits;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -93,7 +113,7 @@ describe("Password generator options builder", () => {
(expectedMinDigits) => {
expect(expectedMinDigits).toBeGreaterThan(DefaultPasswordBoundaries.minDigits.max);
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.numberCount = expectedMinDigits;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -113,7 +133,7 @@ describe("Password generator options builder", () => {
DefaultPasswordBoundaries.minSpecialCharacters.max,
);
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.specialCount = expectedSpecialCharacters;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -132,7 +152,7 @@ describe("Password generator options builder", () => {
DefaultPasswordBoundaries.minSpecialCharacters.max,
);
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.specialCount = expectedSpecialCharacters;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -151,7 +171,7 @@ describe("Password generator options builder", () => {
(expectedLength, numberCount, specialCount) => {
expect(expectedLength).toBeGreaterThanOrEqual(DefaultPasswordBoundaries.length.min);
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.numberCount = numberCount;
policy.specialCount = specialCount;
@@ -164,14 +184,14 @@ describe("Password generator options builder", () => {
describe("policyInEffect", () => {
it("should return false when the policy has no effect", () => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
expect(builder.policyInEffect).toEqual(false);
});
it("should return true when the policy has a minlength greater than the default boundary", () => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.minLength = DefaultPasswordBoundaries.length.min + 1;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -179,7 +199,7 @@ describe("Password generator options builder", () => {
});
it("should return true when the policy has a number count greater than the default boundary", () => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.numberCount = DefaultPasswordBoundaries.minDigits.min + 1;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -187,7 +207,7 @@ describe("Password generator options builder", () => {
});
it("should return true when the policy has a special character count greater than the default boundary", () => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.specialCount = DefaultPasswordBoundaries.minSpecialCharacters.min + 1;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -195,7 +215,7 @@ describe("Password generator options builder", () => {
});
it("should return true when the policy has uppercase enabled", () => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.useUppercase = true;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -203,7 +223,7 @@ describe("Password generator options builder", () => {
});
it("should return true when the policy has lowercase enabled", () => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.useLowercase = true;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -211,7 +231,7 @@ describe("Password generator options builder", () => {
});
it("should return true when the policy has numbers enabled", () => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.useNumbers = true;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -219,7 +239,7 @@ describe("Password generator options builder", () => {
});
it("should return true when the policy has special characters enabled", () => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.useSpecial = true;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
@@ -237,7 +257,7 @@ describe("Password generator options builder", () => {
])(
"should set `options.uppercase` to '%s' when `policy.useUppercase` is false and `options.uppercase` is '%s'",
(expectedUppercase, uppercase) => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.useUppercase = false;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ ...defaultOptions, uppercase });
@@ -251,7 +271,7 @@ describe("Password generator options builder", () => {
it.each([false, true, undefined])(
"should set `options.uppercase` (= %s) to true when `policy.useUppercase` is true",
(uppercase) => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.useUppercase = true;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ ...defaultOptions, uppercase });
@@ -269,7 +289,7 @@ describe("Password generator options builder", () => {
])(
"should set `options.lowercase` to '%s' when `policy.useLowercase` is false and `options.lowercase` is '%s'",
(expectedLowercase, lowercase) => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.useLowercase = false;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ ...defaultOptions, lowercase });
@@ -283,7 +303,7 @@ describe("Password generator options builder", () => {
it.each([false, true, undefined])(
"should set `options.lowercase` (= %s) to true when `policy.useLowercase` is true",
(lowercase) => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.useLowercase = true;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ ...defaultOptions, lowercase });
@@ -301,7 +321,7 @@ describe("Password generator options builder", () => {
])(
"should set `options.number` to '%s' when `policy.useNumbers` is false and `options.number` is '%s'",
(expectedNumber, number) => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.useNumbers = false;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ ...defaultOptions, number });
@@ -315,7 +335,7 @@ describe("Password generator options builder", () => {
it.each([false, true, undefined])(
"should set `options.number` (= %s) to true when `policy.useNumbers` is true",
(number) => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.useNumbers = true;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ ...defaultOptions, number });
@@ -333,7 +353,7 @@ describe("Password generator options builder", () => {
])(
"should set `options.special` to '%s' when `policy.useSpecial` is false and `options.special` is '%s'",
(expectedSpecial, special) => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.useSpecial = false;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ ...defaultOptions, special });
@@ -347,7 +367,7 @@ describe("Password generator options builder", () => {
it.each([false, true, undefined])(
"should set `options.special` (= %s) to true when `policy.useSpecial` is true",
(special) => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.useSpecial = true;
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ ...defaultOptions, special });
@@ -361,7 +381,7 @@ describe("Password generator options builder", () => {
it.each([1, 2, 3, 4])(
"should set `options.length` (= %i) to the minimum it is less than the minimum length",
(length) => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
expect(length).toBeLessThan(builder.length.min);
@@ -376,7 +396,7 @@ describe("Password generator options builder", () => {
it.each([5, 10, 50, 100, 128])(
"should not change `options.length` (= %i) when it is within the boundaries",
(length) => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
expect(length).toBeGreaterThanOrEqual(builder.length.min);
expect(length).toBeLessThanOrEqual(builder.length.max);
@@ -392,7 +412,7 @@ describe("Password generator options builder", () => {
it.each([129, 500, 9000])(
"should set `options.length` (= %i) to the maximum length when it is exceeded",
(length) => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
expect(length).toBeGreaterThan(builder.length.max);
@@ -414,7 +434,7 @@ describe("Password generator options builder", () => {
])(
"should set `options.number === %s` when `options.minNumber` (= %i) is set to a value greater than 0",
(expectedNumber, minNumber) => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ ...defaultOptions, minNumber });
@@ -425,7 +445,7 @@ describe("Password generator options builder", () => {
);
it("should set `options.minNumber` to the minimum value when `options.number` is true", () => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ ...defaultOptions, number: true });
@@ -435,7 +455,7 @@ describe("Password generator options builder", () => {
});
it("should set `options.minNumber` to 0 when `options.number` is false", () => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ ...defaultOptions, number: false });
@@ -447,7 +467,7 @@ describe("Password generator options builder", () => {
it.each([1, 2, 3, 4])(
"should set `options.minNumber` (= %i) to the minimum it is less than the minimum number",
(minNumber) => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.numberCount = 5; // arbitrary value greater than minNumber
expect(minNumber).toBeLessThan(policy.numberCount);
@@ -463,7 +483,7 @@ describe("Password generator options builder", () => {
it.each([1, 3, 5, 7, 9])(
"should not change `options.minNumber` (= %i) when it is within the boundaries",
(minNumber) => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
expect(minNumber).toBeGreaterThanOrEqual(builder.minDigits.min);
expect(minNumber).toBeLessThanOrEqual(builder.minDigits.max);
@@ -479,7 +499,7 @@ describe("Password generator options builder", () => {
it.each([10, 20, 400])(
"should set `options.minNumber` (= %i) to the maximum digit boundary when it is exceeded",
(minNumber) => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
expect(minNumber).toBeGreaterThan(builder.minDigits.max);
@@ -501,7 +521,7 @@ describe("Password generator options builder", () => {
])(
"should set `options.special === %s` when `options.minSpecial` (= %i) is set to a value greater than 0",
(expectedSpecial, minSpecial) => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ ...defaultOptions, minSpecial });
@@ -512,7 +532,7 @@ describe("Password generator options builder", () => {
);
it("should set `options.minSpecial` to the minimum value when `options.special` is true", () => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ ...defaultOptions, special: true });
@@ -522,7 +542,7 @@ describe("Password generator options builder", () => {
});
it("should set `options.minSpecial` to 0 when `options.special` is false", () => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ ...defaultOptions, special: false });
@@ -534,7 +554,7 @@ describe("Password generator options builder", () => {
it.each([1, 2, 3, 4])(
"should set `options.minSpecial` (= %i) to the minimum it is less than the minimum special characters",
(minSpecial) => {
const policy: any = Object.assign({}, Policies.Password.disabledValue);
const policy: any = Object.assign({}, Password.disabledValue);
policy.specialCount = 5; // arbitrary value greater than minSpecial
expect(minSpecial).toBeLessThan(policy.specialCount);
@@ -550,7 +570,7 @@ describe("Password generator options builder", () => {
it.each([1, 3, 5, 7, 9])(
"should not change `options.minSpecial` (= %i) when it is within the boundaries",
(minSpecial) => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
expect(minSpecial).toBeGreaterThanOrEqual(builder.minSpecialCharacters.min);
expect(minSpecial).toBeLessThanOrEqual(builder.minSpecialCharacters.max);
@@ -566,7 +586,7 @@ describe("Password generator options builder", () => {
it.each([10, 20, 400])(
"should set `options.minSpecial` (= %i) to the maximum special character boundary when it is exceeded",
(minSpecial) => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
expect(minSpecial).toBeGreaterThan(builder.minSpecialCharacters.max);
@@ -579,7 +599,7 @@ describe("Password generator options builder", () => {
);
it("should preserve unknown properties", () => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({
unknown: "property",
@@ -602,7 +622,7 @@ describe("Password generator options builder", () => {
])(
"should output `options.minLowercase === %i` when `options.lowercase` is %s",
(expectedMinLowercase, lowercase) => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ lowercase, ...defaultOptions });
@@ -618,7 +638,7 @@ describe("Password generator options builder", () => {
])(
"should output `options.minUppercase === %i` when `options.uppercase` is %s",
(expectedMinUppercase, uppercase) => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ uppercase, ...defaultOptions });
@@ -634,7 +654,7 @@ describe("Password generator options builder", () => {
])(
"should output `options.minNumber === %i` when `options.number` is %s and `options.minNumber` is not set",
(expectedMinNumber, number) => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ number, ...defaultOptions });
@@ -652,7 +672,7 @@ describe("Password generator options builder", () => {
])(
"should output `options.number === %s` when `options.minNumber` is %i and `options.number` is not set",
(expectedNumber, minNumber) => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ minNumber, ...defaultOptions });
@@ -668,7 +688,7 @@ describe("Password generator options builder", () => {
])(
"should output `options.minSpecial === %i` when `options.special` is %s and `options.minSpecial` is not set",
(special, expectedMinSpecial) => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ special, ...defaultOptions });
@@ -686,7 +706,7 @@ describe("Password generator options builder", () => {
])(
"should output `options.special === %s` when `options.minSpecial` is %i and `options.special` is not set",
(minSpecial, expectedSpecial) => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({ minSpecial, ...defaultOptions });
@@ -707,7 +727,7 @@ describe("Password generator options builder", () => {
const sumOfMinimums = minLowercase + minUppercase + minNumber + minSpecial;
expect(sumOfMinimums).toBeLessThan(DefaultPasswordBoundaries.length.min);
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({
minLowercase,
@@ -732,7 +752,7 @@ describe("Password generator options builder", () => {
(expectedMinLength, minLowercase, minUppercase, minNumber, minSpecial) => {
expect(expectedMinLength).toBeGreaterThanOrEqual(DefaultPasswordBoundaries.length.min);
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({
minLowercase,
@@ -749,7 +769,7 @@ describe("Password generator options builder", () => {
);
it("should preserve unknown properties", () => {
const policy = Object.assign({}, Policies.Password.disabledValue);
const policy = Object.assign({}, Password.disabledValue);
const builder = new PasswordGeneratorOptionsEvaluator(policy);
const options = Object.freeze({
unknown: "property",

24
libs/tools/generator/core/src/policies/password-least-privilege.spec.ts
View File

@@ -4,8 +4,6 @@ import { PolicyType } from "@bitwarden/common/admin-console/enums";
import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
import { PolicyId } from "@bitwarden/common/types/guid";
import { Policies } from "../data";
import { passwordLeastPrivilege } from "./password-least-privilege";
function createPolicy(
@@ -22,21 +20,31 @@ function createPolicy(
});
}
const disabledValue = Object.freeze({
minLength: 0,
useUppercase: false,
useLowercase: false,
useNumbers: false,
numberCount: 0,
useSpecial: false,
specialCount: 0,
});
describe("passwordLeastPrivilege", () => {
it("should return the accumulator when the policy type does not apply", () => {
const policy = createPolicy({}, PolicyType.RequireSso);
const result = passwordLeastPrivilege(Policies.Password.disabledValue, policy);
const result = passwordLeastPrivilege(disabledValue, policy);
expect(result).toEqual(Policies.Password.disabledValue);
expect(result).toEqual(disabledValue);
});
it("should return the accumulator when the policy is not enabled", () => {
const policy = createPolicy({}, PolicyType.PasswordGenerator, false);
const result = passwordLeastPrivilege(Policies.Password.disabledValue, policy);
const result = passwordLeastPrivilege(disabledValue, policy);
expect(result).toEqual(Policies.Password.disabledValue);
expect(result).toEqual(disabledValue);
});
it.each([
@@ -50,8 +58,8 @@ describe("passwordLeastPrivilege", () => {
])("should take the %p from the policy", (input, value, expected) => {
const policy = createPolicy({ [input]: value });
const result = passwordLeastPrivilege(Policies.Password.disabledValue, policy);
const result = passwordLeastPrivilege(disabledValue, policy);
expect(result).toEqual({ ...Policies.Password.disabledValue, [expected]: value });
expect(result).toEqual({ ...disabledValue, [expected]: value });
});
});

14
libs/tools/generator/core/src/providers/credential-generator-providers.ts Normal file
View File

@@ -0,0 +1,14 @@
import { UserStateSubjectDependencyProvider } from "@bitwarden/common/tools/state/user-state-subject-dependency-provider";
import { GeneratorDependencyProvider } from "./generator-dependency-provider";
import { GeneratorMetadataProvider } from "./generator-metadata-provider";
import { GeneratorProfileProvider } from "./generator-profile-provider";
// FIXME: find a better way to manage common dependencies than smashing them all
// together into a mega-type.
export type CredentialGeneratorProviders = {
readonly userState: UserStateSubjectDependencyProvider;
readonly generator: GeneratorDependencyProvider;
readonly profile: GeneratorProfileProvider;
readonly metadata: GeneratorMetadataProvider;
};

105
libs/tools/generator/core/src/providers/credential-preferences.spec.ts Normal file
View File

@@ -0,0 +1,105 @@
import { AlgorithmsByType, Type } from "../metadata";
import { CredentialPreference } from "../types";
import { PREFERENCES } from "./credential-preferences";
const SomeCredentialPreferences: CredentialPreference = Object.freeze({
email: Object.freeze({
algorithm: AlgorithmsByType[Type.email][0],
updated: new Date(0),
}),
password: Object.freeze({
algorithm: AlgorithmsByType[Type.password][0],
updated: new Date(0),
}),
username: Object.freeze({
algorithm: AlgorithmsByType[Type.username][0],
updated: new Date(0),
}),
});
describe("PREFERENCES", () => {
describe("deserializer", () => {
it.each([[null], [undefined]])("creates new preferences (= %p)", (value) => {
// this case tests what happens when the type system is bypassed
const result = PREFERENCES.deserializer(value!);
expect(result).toMatchObject({
email: {
algorithm: AlgorithmsByType[Type.email][0],
},
password: {
algorithm: AlgorithmsByType[Type.password][0],
},
username: {
algorithm: AlgorithmsByType[Type.username][0],
},
});
});
it("fills missing password preferences", () => {
const input: any = structuredClone(SomeCredentialPreferences);
delete input.password;
const result = PREFERENCES.deserializer(input);
expect(result).toMatchObject({
password: {
algorithm: AlgorithmsByType[Type.password][0],
},
});
});
it("fills missing email preferences", () => {
const input: any = structuredClone(SomeCredentialPreferences);
delete input.email;
const result = PREFERENCES.deserializer(input);
expect(result).toMatchObject({
email: {
algorithm: AlgorithmsByType[Type.email][0],
},
});
});
it("fills missing username preferences", () => {
const input: any = structuredClone(SomeCredentialPreferences);
delete input.username;
const result = PREFERENCES.deserializer(input);
expect(result).toMatchObject({
username: {
algorithm: AlgorithmsByType[Type.username][0],
},
});
});
it("converts string fields to Dates", () => {
const input: any = structuredClone(SomeCredentialPreferences);
input.email.updated = "1970-01-01T00:00:00.100Z";
input.password.updated = "1970-01-01T00:00:00.200Z";
input.username.updated = "1970-01-01T00:00:00.300Z";
const result = PREFERENCES.deserializer(input);
expect(result?.email.updated).toEqual(new Date(100));
expect(result?.password.updated).toEqual(new Date(200));
expect(result?.username.updated).toEqual(new Date(300));
});
it("converts number fields to Dates", () => {
const input: any = structuredClone(SomeCredentialPreferences);
input.email.updated = 100;
input.password.updated = 200;
input.username.updated = 300;
const result = PREFERENCES.deserializer(input);
expect(result?.email.updated).toEqual(new Date(100));
expect(result?.password.updated).toEqual(new Date(200));
expect(result?.username.updated).toEqual(new Date(300));
});
});
});

28
libs/tools/generator/core/src/providers/credential-preferences.ts Normal file
View File

@@ -0,0 +1,28 @@
import { GENERATOR_DISK, UserKeyDefinition } from "@bitwarden/common/platform/state";
import { AlgorithmsByType, CredentialType } from "../metadata";
import { CredentialPreference } from "../types";
/** plaintext password generation options */
export const PREFERENCES = new UserKeyDefinition<CredentialPreference>(
GENERATOR_DISK,
"credentialPreferences",
{
deserializer: (value) => {
const result = (value as any) ?? {};
for (const key in AlgorithmsByType) {
const type = key as CredentialType;
if (result[type]) {
result[type].updated = new Date(result[type].updated);
} else {
const [algorithm] = AlgorithmsByType[type];
result[type] = { algorithm, updated: new Date() };
}
}
return result;
},
clearOn: ["logout"],
},
);

12
libs/tools/generator/core/src/providers/generator-dependency-provider.ts Normal file
View File

@@ -0,0 +1,12 @@
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { RestClient } from "@bitwarden/common/tools/integration/rpc";
import { Randomizer } from "../abstractions";
export type GeneratorDependencyProvider = {
randomizer: Randomizer;
client: RestClient;
// FIXME: introduce `I18nKeyOrLiteral` into forwarder
// structures and remove this dependency
i18nService: I18nService;
};

5
libs/tools/generator/core/src/services/generator-metadata-provider.spec.ts → libs/tools/generator/core/src/providers/generator-metadata-provider.spec.ts
View File

@@ -75,6 +75,7 @@ const SystemProvider = {
} as LegacyEncryptorProvider,
state: SomeStateProvider,
log: disabledSemanticLoggerProvider,
now: Date.now,
} as UserStateSubjectDependencyProvider;
const SomeSiteId: SiteId = Site.forwarder;
@@ -415,14 +416,14 @@ describe("GeneratorMetadataProvider", () => {
await expect(firstValueFrom(result)).resolves.toEqual(plusAddress.id);
});
it("emits undefined when the user's preference is unavailable and there is no metadata", async () => {
it("emits the original preference when the user's preference is unavailable and there is no metadata", async () => {
SomePolicyService.policiesByType$.mockReturnValue(new BehaviorSubject([]));
const provider = new GeneratorMetadataProvider(SystemProvider, ApplicationProvider, []);
const result = new ReplaySubject<CredentialAlgorithm | undefined>(1);
provider.preference$(Type.email, { account$: SomeAccount$ }).subscribe(result);
await expect(firstValueFrom(result)).resolves.toBeUndefined();
await expect(firstValueFrom(result)).resolves.toEqual(preferences[Type.email].algorithm);
});
});

56
libs/tools/generator/core/src/services/generator-metadata-provider.ts → libs/tools/generator/core/src/providers/generator-metadata-provider.ts
View File

@@ -1,12 +1,4 @@
import {
Observable,
combineLatestWith,
distinctUntilChanged,
map,
shareReplay,
switchMap,
takeUntil,
} from "rxjs";
import { Observable, distinctUntilChanged, map, shareReplay, switchMap, takeUntil } from "rxjs";
import { PolicyType } from "@bitwarden/common/admin-console/enums";
import { Account } from "@bitwarden/common/auth/abstractions/account.service";
@@ -14,7 +6,7 @@ import { BoundDependency } from "@bitwarden/common/tools/dependencies";
import { ExtensionSite } from "@bitwarden/common/tools/extension";
import { SemanticLogger } from "@bitwarden/common/tools/log";
import { SystemServiceProvider } from "@bitwarden/common/tools/providers";
import { anyComplete, pin } from "@bitwarden/common/tools/rx";
import { anyComplete, memoizedMap, pin } from "@bitwarden/common/tools/rx";
import { UserStateSubject } from "@bitwarden/common/tools/state/user-state-subject";
import { UserStateSubjectDependencyProvider } from "@bitwarden/common/tools/state/user-state-subject-dependency-provider";
@@ -29,7 +21,7 @@ import {
Algorithms,
Types,
} from "../metadata";
import { availableAlgorithms_vNext } from "../policies/available-algorithms-policy";
import { AvailableAlgorithmsConstraint, availableAlgorithms } from "../policies";
import { CredentialPreference } from "../types";
import {
AlgorithmRequest,
@@ -148,8 +140,15 @@ export class GeneratorMetadataProvider {
const policies$ = this.application.policy
.policiesByType$(PolicyType.PasswordGenerator, id)
.pipe(
map((p) => availableAlgorithms_vNext(p).filter((a) => this._metadata.has(a))),
map((p) => new Set(p)),
map((p) =>
availableAlgorithms(p)
.filter((a) => this._metadata.has(a))
.sort(),
),
// interning the set transformation lets `distinctUntilChanged()` eliminate
// repeating policy emissions using reference equality
memoizedMap((a) => new Set(a), { key: (a) => a.join(":") }),
distinctUntilChanged(),
// complete policy emissions otherwise `switchMap` holds `available$` open indefinitely
takeUntil(anyComplete(id$)),
);
@@ -211,24 +210,7 @@ export class GeneratorMetadataProvider {
const account$ = dependencies.account$.pipe(shareReplay({ bufferSize: 1, refCount: true }));
const algorithm$ = this.preferences({ account$ }).pipe(
combineLatestWith(this.isAvailable$({ account$ })),
map(([preferences, isAvailable]) => {
const algorithm: CredentialAlgorithm = preferences[type].algorithm;
if (isAvailable(algorithm)) {
return algorithm;
}
const algorithms = type ? this.algorithms({ type: type }) : [];
// `?? null` because logging types must be `Jsonify<T>`
const defaultAlgorithm = algorithms.find(isAvailable) ?? null;
this.log.debug(
{ algorithm, defaultAlgorithm, credentialType: type },
"preference not available; defaulting the generator algorithm",
);
// `?? undefined` so that interface is ADR-14 compliant
return defaultAlgorithm ?? undefined;
}),
map((preferences) => preferences[type].algorithm),
distinctUntilChanged(),
);
@@ -246,8 +228,16 @@ export class GeneratorMetadataProvider {
preferences(
dependencies: BoundDependency<"account", Account>,
): UserStateSubject<CredentialPreference> {
// FIXME: enforce policy
const subject = new UserStateSubject(PREFERENCES, this.system, dependencies);
const account$ = dependencies.account$.pipe(shareReplay({ bufferSize: 1, refCount: true }));
const constraints$ = this.isAvailable$({ account$ }).pipe(
map(
(isAvailable) =>
new AvailableAlgorithmsConstraint(this.algorithms.bind(this), isAvailable, this.system),
),
);
const subject = new UserStateSubject(PREFERENCES, this.system, { account$, constraints$ });
return subject;
}

1
libs/tools/generator/core/src/services/generator-profile-provider.spec.ts → libs/tools/generator/core/src/providers/generator-profile-provider.spec.ts
View File

@@ -67,6 +67,7 @@ const dependencyProvider: UserStateSubjectDependencyProvider = {
encryptor: encryptorProvider,
state: stateProvider,
log: disabledSemanticLoggerProvider,
now: Date.now,
};
// settings storage location

6
libs/tools/generator/core/src/services/generator-profile-provider.ts → libs/tools/generator/core/src/providers/generator-profile-provider.ts
View File

@@ -19,6 +19,7 @@ import { UserStateSubjectDependencyProvider } from "@bitwarden/common/tools/stat
import { ProfileContext, CoreProfileMetadata, ProfileMetadata } from "../metadata";
import { GeneratorConstraints } from "../types/generator-constraints";
import { equivalent } from "../util";
/** Surfaces contextual information to credential generators */
export class GeneratorProfileProvider {
@@ -99,7 +100,10 @@ export class GeneratorProfileProvider {
const constraints$ = policies$.pipe(
map((policies) => profile.constraints.create(policies, context)),
tap(() => this.log.debug("constraints created")),
distinctUntilChanged((previous, next) => {
return equivalent(previous, next);
}),
tap((constraints) => this.log.debug(constraints as object, "constraints updated")),
);
return constraints$;

4
libs/tools/generator/core/src/providers/index.ts Normal file
View File

@@ -0,0 +1,4 @@
export { CredentialGeneratorProviders } from "./credential-generator-providers";
export { GeneratorMetadataProvider } from "./generator-metadata-provider";
export { GeneratorProfileProvider } from "./generator-profile-provider";
export { GeneratorDependencyProvider } from "./generator-dependency-provider";

14
libs/tools/generator/core/src/rx.ts
View File

@@ -18,20 +18,6 @@ export function mapPolicyToEvaluator<Policy, Evaluator>(
);
}
/** Maps an administrative console policy to constraints using the provided configuration.
* @param configuration the configuration that constructs the constraints.
*/
export function mapPolicyToConstraints<Policy, Evaluator>(
configuration: PolicyConfiguration<Policy, Evaluator>,
email: string,
) {
return pipe(
reduceCollection(configuration.combine, configuration.disabledValue),
distinctIfShallowMatch(),
map((policy) => configuration.toConstraints(policy, email)),
);
}
/** Constructs a method that maps a policy to the default (no-op) policy. */
export function newDefaultEvaluator<Target>() {
return () => {

Some files were not shown because too many files have changed in this diff Show More