PM-19061 - Innovation Sprint - add OPAQUE Login Strategy (#13832)

* ChangePassword - add TODOs to clean up code * LoginComp - Add TODOs for identifying the login strategy ahead of time. * DefaultOpaqueService - Add TODOs * PasswordLoginStrategy - add TODO for renaming * WIP first draft of opaque login strategy * Per discussion with platform, we don't need an abstraction for api services so clean that up. * Extract pre-login method into own service from ApiService + move request model to auth * LoginStrategyService - add todo for adding support for opaque login strategy * PreLoginApiService - add renaming todo * LoginComp + PasswordLoginCredentials - (1) Start integrating pre-login logic into login comp (2) update PasswordLoginCredentials to include kdfConfig to pass into login strat * LoginStrategyServiceAbstraction - login - add OpaqueLoginCredentials * CLI - add todos * LoginComp - add TODO * Add createKdfConfig factory function * LoginStrategyService: switch out to more specific password strategy * Fix type errors * Add jsdoc * Revert / remove TODOs and old draft work * add missing dep * PreLoginResponse - Adjust KM import * PreLogin renamed to PrePasswordLogin * Renames + some login strategy service test updates * LoginComp - remove unused import * KdfConfig - Rename validateKdfConfigForPrelogin to validateKdfConfigForPreLogin * LoginStrategyService - (1) Rename makePreloginKey to makePrePasswordLoginMasterKey (2) Refactor makePrePasswordLoginMasterKey to accept an optional KdfConfig so we can keep the logic tested on the LoginStrategyService * LoginStrategyService - add TODOs * Fix non-sdk build errors --------- Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2026-02-23 16:13:21 +00:00 · 2025-03-17 06:41:46 -04:00
parent b2d949dd1c
commit a2ba965abd
35 changed files with 695 additions and 254 deletions
--- a/apps/web/src/app/auth/recover-two-factor.component.ts
+++ b/apps/web/src/app/auth/recover-two-factor.component.ts
@@ -88,8 +88,16 @@ export class RecoverTwoFactorComponent implements OnInit {
    const request = new TwoFactorRecoveryRequest();
    request.recoveryCode = this.recoveryCode.replace(/\s/g, "").toLowerCase();
    request.email = this.email.trim().toLowerCase();
-    const key = await this.loginStrategyService.makePreloginKey(this.masterPassword, request.email);
-    request.masterPasswordHash = await this.keyService.hashMasterKey(this.masterPassword, key);
+
+    const masterKey = await this.loginStrategyService.makePrePasswordLoginMasterKey(
+      this.masterPassword,
+      request.email,
+    );
+
+    request.masterPasswordHash = await this.keyService.hashMasterKey(
+      this.masterPassword,
+      masterKey,
+    );

    if (this.recoveryCodeLoginFeatureFlagEnabled) {
      await this.handleRecoveryLogin(request);
--- a/apps/web/src/app/auth/settings/change-password.component.ts
+++ b/apps/web/src/app/auth/settings/change-password.component.ts
@@ -231,11 +231,10 @@ export class ChangePasswordComponent
        this.formPromise = this.apiService.postPassword(request);
      }

-      await this.formPromise;
-      await this.opaqueService.login(this.email, this.masterPassword, {
-        memory: 256 * 1024,
-        iterations: 3,
-        parallelism: 4,
+      // TODO: remove this test code
+      await this.opaqueService.register(this.masterPassword, newUserKey[0], {
+        algorithm: "argon2id",
+        parameters: { memory: 256 * 1024, iterations: 3, parallelism: 4 },
      });

      this.toastService.showToast({