[PM-5363] PinService State Providers (#8244)

* move pinKeyEncryptedUserKey * move pinKeyEncryptedUserKeyEphemeral * remove comments, move docs * cleanup * use UserKeyDefinition * refactor methods * add migration * fix browser dependency * add tests for migration * rename to pinService * move state to PinService * add PinService dep to CryptoService * move protectedPin to state provider * update service deps * renaming * move decryptUserKeyWithPin to pinService * update service injection * move more methods our of crypto service * remove CryptoService dep from PinService and update service injection * remove cryptoService reference * add method to FakeMasterPasswordService * fix circular dependency * fix desktop service injection * update browser dependencies * add protectedPin to migrations * move storePinKey to pinService * update and clarify documentation * more jsdoc updates * update import paths * refactor isPinLockSet method * update state definitions * initialize service before injecting into other services * initialize service before injecting into other services (bw.ts) * update clearOn and do additional cleanup * clarify docs and naming * assign abstract & private methods, add clarity to decryptAndMigrateOldPinKeyEncryptedMasterKey() method * derived state (attempt) * fix typos * use accountService to get active user email * use constant userId * add derived state * add get and clear for oldPinKeyEncryptedMasterKey * require userId * move pinProtected * add clear methods * remove pinProtected from account.ts and replace methods * add methods to create and store pinKeyEncryptedUserKey * add pinProtected/oldPinKeyEncrypterMasterKey to migration * update migration tests * update migration rollback tests * update to systemService and decryptAndMigrate... method * remove old test * increase length of state definition name to meet test requirements * rename 'TRANSIENT' to 'EPHEMERAL' for consistency * fix tests for login strategies, vault-export, and fake MP service * more updates to login-strategy tests * write new tests for core pinKeyEncrypterUserKey methods and isPinSet * write new tests for pinProtected and oldPinKeyEncryptedMasterKey methods * minor test reformatting * update test for decryptUserKeyWithPin() * fix bug with oldPinKeyEncryptedMasterKey * fix tests for vault-timeout-settings.service * fix bitwarden-password-protected-importer test * fix login strategy tests and auth-request.service test * update pinService tests * fix crypto service tests * add jsdoc * fix test file import * update jsdocs for decryptAndMigrateOldPinKeyEncryptedMasterKey() * update error messages and jsdocs * add null checks, move userId retrievals * update migration tests * update stateService calls to require userId * update test for decryptUserKeyWithPin() * update oldPinKeyEncryptedMasterKey migration tests * more test updates * fix factory import * update tests for isPinSet() and createProtectedPin() * add test for makePinKey() * add test for createPinKeyEncryptedUserKey() * add tests for getPinLockType() * consolidate userId verification tests * add tests for storePinKeyEncryptedUserKey() * fix service dep * get email based on userId * use MasterPasswordService instead of internal * rename protectedPin to userKeyEncryptedPin * rename to pinKeyEncryptedUserKeyPersistent * update method params * fix CryptoService tests * jsdoc update * use EncString for userKeyEncryptedPin * remove comment * use cryptoFunctionService.compareFast() * update tests * cleanup, remove comments * resolve merge conflict * fix DI of MasterPasswordService * more DI fixes
2025-12-11 22:03:36 +00:00 · 2024-05-08 11:34:47 -07:00
parent c2812fc21d
commit a42de41587
84 changed files with 2182 additions and 998 deletions
--- a/libs/angular/src/auth/components/set-pin.component.ts
+++ b/libs/angular/src/auth/components/set-pin.component.ts
@@ -1,63 +1,66 @@
 import { DialogRef } from "@angular/cdk/dialog";
 import { Directive, OnInit } from "@angular/core";
 import { FormBuilder, Validators } from "@angular/forms";
+import { firstValueFrom } from "rxjs";

-import { KdfConfigService } from "@bitwarden/common/auth/abstractions/kdf-config.service";
+import { PinServiceAbstraction } from "@bitwarden/auth/common";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
-import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";

@Directive()
 export class SetPinComponent implements OnInit {
-  showMasterPassOnRestart = true;
+  showMasterPasswordOnClientRestartOption = true;

  setPinForm = this.formBuilder.group({
    pin: ["", [Validators.required]],
-    masterPassOnRestart: true,
+    requireMasterPasswordOnClientRestart: true,
  });

  constructor(
-    private dialogRef: DialogRef,
+    private accountService: AccountService,
    private cryptoService: CryptoService,
-    private userVerificationService: UserVerificationService,
-    private stateService: StateService,
+    private dialogRef: DialogRef,
    private formBuilder: FormBuilder,
-    private kdfConfigService: KdfConfigService,
+    private pinService: PinServiceAbstraction,
+    private userVerificationService: UserVerificationService,
  ) {}

  async ngOnInit() {
    const hasMasterPassword = await this.userVerificationService.hasMasterPassword();

-    this.setPinForm.controls.masterPassOnRestart.setValue(hasMasterPassword);
-    this.showMasterPassOnRestart = hasMasterPassword;
+    this.setPinForm.controls.requireMasterPasswordOnClientRestart.setValue(hasMasterPassword);
+    this.showMasterPasswordOnClientRestartOption = hasMasterPassword;
  }

  submit = async () => {
    const pin = this.setPinForm.get("pin").value;
-    const masterPassOnRestart = this.setPinForm.get("masterPassOnRestart").value;
+    const requireMasterPasswordOnClientRestart = this.setPinForm.get(
+      "requireMasterPasswordOnClientRestart",
+    ).value;

    if (Utils.isNullOrWhitespace(pin)) {
      this.dialogRef.close(false);
      return;
    }

-    const pinKey = await this.cryptoService.makePinKey(
-      pin,
-      await this.stateService.getEmail(),
-      await this.kdfConfigService.getKdfConfig(),
-    );
+    const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
    const userKey = await this.cryptoService.getUserKey();
-    const pinProtectedKey = await this.cryptoService.encrypt(userKey.key, pinKey);
-    const encPin = await this.cryptoService.encrypt(pin, userKey);

-    await this.stateService.setProtectedPin(encPin.encryptedString);
+    const userKeyEncryptedPin = await this.pinService.createUserKeyEncryptedPin(pin, userKey);
+    await this.pinService.setUserKeyEncryptedPin(userKeyEncryptedPin, userId);

-    if (masterPassOnRestart) {
-      await this.stateService.setPinKeyEncryptedUserKeyEphemeral(pinProtectedKey);
-    } else {
-      await this.stateService.setPinKeyEncryptedUserKey(pinProtectedKey);
-    }
+    const pinKeyEncryptedUserKey = await this.pinService.createPinKeyEncryptedUserKey(
+      pin,
+      userKey,
+      userId,
+    );
+    await this.pinService.storePinKeyEncryptedUserKey(
+      pinKeyEncryptedUserKey,
+      requireMasterPasswordOnClientRestart,
+      userId,
+    );

    this.dialogRef.close(true);
  };