Add / clean up TODOs

apps/web/src/app/auth/settings/change-password.component.ts

@@ -235,6 +235,7 @@ export class ChangePasswordComponent
             : DEFAULT_OPAQUE_KDF_CONFIG,
         );
 
+        // TODO: try catch this just in case server feature flag is disabled and clients still has it enabled.
         const sessionId = await this.opaqueKeyExchangeService.register(
           this.masterPassword,
           newUserKey[0],

libs/auth/src/common/login-strategies/opaque-login.strategy.ts

@@ -1,6 +1,6 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
-import { BehaviorSubject, firstValueFrom, map, Observable } from "rxjs";
+import { BehaviorSubject, map, Observable } from "rxjs";
 import { Jsonify } from "type-fest";
 
 import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
@@ -88,9 +88,10 @@ export class OpaqueLoginStrategy extends BaseLoginStrategy {
   }
 
   override async logIn(credentials: OpaqueLoginCredentials) {
-    this.logService.info("Logging in with OPAQUE");
     const { email, masterPassword, kdfConfig, cipherConfiguration, twoFactor } = credentials;
 
+    // TODO: login returns export key, but we don't use it yet for decryption
+    // we must persist export key to cache and use it for decryption in setUserKey
     const { sessionId } = await this.opaqueKeyExchangeService.login(
       email,
       masterPassword,
@@ -125,6 +126,7 @@ export class OpaqueLoginStrategy extends BaseLoginStrategy {
 
     const [authResult, identityResponse] = await this.startLogIn();
 
+    // TODO: captcha is deprecated remove eventually
     if (identityResponse instanceof IdentityCaptchaResponse) {
       return authResult;
     }
@@ -203,14 +205,16 @@ export class OpaqueLoginStrategy extends BaseLoginStrategy {
     await this.keyService.setMasterKeyEncryptedUserKey(response.key, userId);
 
     // TODO: why not re-use master key from strategy data cache?
-    const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId));
-    if (masterKey) {
-      const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(
-        masterKey,
-        userId,
-      );
-      await this.keyService.setUserKey(userKey, userId);
-    }
+    // const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId));
+    // if (masterKey) {
+    //   const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(
+    //     masterKey,
+    //     userId,
+    //   );
+    //   await this.keyService.setUserKey(userKey, userId);
+    // }
+
+    // TODO: follow trySetUserKeyWithDeviceKey pattern from SSO login strategy
   }
 
   protected override async setPrivateKey(

libs/common/src/auth/models/request/identity-token/opaque-token.request.ts

@@ -5,8 +5,6 @@ import { DeviceRequest } from "./device.request";
 import { TokenTwoFactorRequest } from "./token-two-factor.request";
 import { TokenRequest } from "./token.request";
 
-// TODO: we might have to support both login start and login finish requests within this?
-// or, we could have separate OpaqueStartTokenRequest and OpaqueFinishTokenRequest classes
 export class OpaqueTokenRequest extends TokenRequest {
   constructor(
     public email: string,
@@ -21,7 +19,6 @@ export class OpaqueTokenRequest extends TokenRequest {
   toIdentityToken(clientId: ClientType) {
     const obj = super.toIdentityToken(clientId);
 
-    // TODO: what grant type for OPAQUE?
     obj.grant_type = "opaque-ke";
     obj.username = this.email;
     obj.sessionId = this.sessionId;