diff --git a/apps/web/src/app/auth/settings/change-password.component.ts b/apps/web/src/app/auth/settings/change-password.component.ts index e1ae15ed703..81e72ea9caf 100644 --- a/apps/web/src/app/auth/settings/change-password.component.ts +++ b/apps/web/src/app/auth/settings/change-password.component.ts @@ -235,6 +235,7 @@ export class ChangePasswordComponent : DEFAULT_OPAQUE_KDF_CONFIG, ); + // TODO: try catch this just in case server feature flag is disabled and clients still has it enabled. const sessionId = await this.opaqueKeyExchangeService.register( this.masterPassword, newUserKey[0], diff --git a/libs/auth/src/common/login-strategies/opaque-login.strategy.ts b/libs/auth/src/common/login-strategies/opaque-login.strategy.ts index bd5f7f9542c..ddcf823b539 100644 --- a/libs/auth/src/common/login-strategies/opaque-login.strategy.ts +++ b/libs/auth/src/common/login-strategies/opaque-login.strategy.ts @@ -1,6 +1,6 @@ // FIXME: Update this file to be type safe and remove this and next line // @ts-strict-ignore -import { BehaviorSubject, firstValueFrom, map, Observable } from "rxjs"; +import { BehaviorSubject, map, Observable } from "rxjs"; import { Jsonify } from "type-fest"; import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction"; @@ -88,9 +88,10 @@ export class OpaqueLoginStrategy extends BaseLoginStrategy { } override async logIn(credentials: OpaqueLoginCredentials) { - this.logService.info("Logging in with OPAQUE"); const { email, masterPassword, kdfConfig, cipherConfiguration, twoFactor } = credentials; + // TODO: login returns export key, but we don't use it yet for decryption + // we must persist export key to cache and use it for decryption in setUserKey const { sessionId } = await this.opaqueKeyExchangeService.login( email, masterPassword, @@ -125,6 +126,7 @@ export class OpaqueLoginStrategy extends BaseLoginStrategy { const [authResult, identityResponse] = await this.startLogIn(); + // TODO: captcha is deprecated remove eventually if (identityResponse instanceof IdentityCaptchaResponse) { return authResult; } @@ -203,14 +205,16 @@ export class OpaqueLoginStrategy extends BaseLoginStrategy { await this.keyService.setMasterKeyEncryptedUserKey(response.key, userId); // TODO: why not re-use master key from strategy data cache? - const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId)); - if (masterKey) { - const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey( - masterKey, - userId, - ); - await this.keyService.setUserKey(userKey, userId); - } + // const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId)); + // if (masterKey) { + // const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey( + // masterKey, + // userId, + // ); + // await this.keyService.setUserKey(userKey, userId); + // } + + // TODO: follow trySetUserKeyWithDeviceKey pattern from SSO login strategy } protected override async setPrivateKey( diff --git a/libs/common/src/auth/models/request/identity-token/opaque-token.request.ts b/libs/common/src/auth/models/request/identity-token/opaque-token.request.ts index 9f8a481360b..015ada3a76b 100644 --- a/libs/common/src/auth/models/request/identity-token/opaque-token.request.ts +++ b/libs/common/src/auth/models/request/identity-token/opaque-token.request.ts @@ -5,8 +5,6 @@ import { DeviceRequest } from "./device.request"; import { TokenTwoFactorRequest } from "./token-two-factor.request"; import { TokenRequest } from "./token.request"; -// TODO: we might have to support both login start and login finish requests within this? -// or, we could have separate OpaqueStartTokenRequest and OpaqueFinishTokenRequest classes export class OpaqueTokenRequest extends TokenRequest { constructor( public email: string, @@ -21,7 +19,6 @@ export class OpaqueTokenRequest extends TokenRequest { toIdentityToken(clientId: ClientType) { const obj = super.toIdentityToken(clientId); - // TODO: what grant type for OPAQUE? obj.grant_type = "opaque-ke"; obj.username = this.email; obj.sessionId = this.sessionId;