mirror of
https://github.com/bitwarden/browser
synced 2025-12-15 15:53:27 +00:00
Auth/PM-7072 - Token Service - Access Token Secure Storage Refactor (#8412)
* PM-5263 - TokenSvc - WIP on access token secure storage refactor * PM-5263 - Add key generation svc to token svc. * PM-5263 - TokenSvc - more progress on encrypt access token work. * PM-5263 - TokenSvc TODO cleanup * PM-5263 - TokenSvc - rename * PM-5263 - TokenSvc - decryptAccess token must return null as that is a valid case. * PM-5263 - Add EncryptSvc dep to TokenSvc * PM-5263 - Add secure storage to token service * PM-5263 - TokenSvc - (1) Finish implementing accessTokenKey stored in secure storage + encrypted access token stored on disk (2) Remove no longer necessary migration flag as the presence of the accessTokenKey now serves the same purpose. Co-authored-by: Jake Fink <jfink@bitwarden.com> * PM-5263 - TokenSvc - (1) Tweak return structure of decryptAccessToken to be more debuggable (2) Add TODO to add more error handling. * PM-5263 - TODO: update tests * PM-5263 - add temp logs * PM-5263 - TokenSvc - remove logs now that I don't need them. * fix tests for access token * PM-5263 - TokenSvc test cleanup - small tweaks / cleanup * PM-5263 - TokenService - per PR feedback from Justin - add error message to error message if possible. Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> --------- Co-authored-by: Jake Fink <jfink@bitwarden.com> Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
This commit is contained in:
Jared Snider
GitHub
@@ -1,6 +1,10 @@
|
||||
import { TokenService as AbstractTokenService } from "@bitwarden/common/auth/abstractions/token.service";
|
||||
import { TokenService } from "@bitwarden/common/auth/services/token.service";
|
||||
|
||||
import {
|
||||
EncryptServiceInitOptions,
|
||||
encryptServiceFactory,
|
||||
} from "../../../platform/background/service-factories/encrypt-service.factory";
|
||||
import {
|
||||
FactoryOptions,
|
||||
CachedServices,
|
||||
@@ -10,6 +14,14 @@ import {
|
||||
GlobalStateProviderInitOptions,
|
||||
globalStateProviderFactory,
|
||||
} from "../../../platform/background/service-factories/global-state-provider.factory";
|
||||
import {
|
||||
KeyGenerationServiceInitOptions,
|
||||
keyGenerationServiceFactory,
|
||||
} from "../../../platform/background/service-factories/key-generation-service.factory";
|
||||
import {
|
||||
LogServiceInitOptions,
|
||||
logServiceFactory,
|
||||
} from "../../../platform/background/service-factories/log-service.factory";
|
||||
import {
|
||||
PlatformUtilsServiceInitOptions,
|
||||
platformUtilsServiceFactory,
|
||||
@@ -29,7 +41,10 @@ export type TokenServiceInitOptions = TokenServiceFactoryOptions &
|
||||
SingleUserStateProviderInitOptions &
|
||||
GlobalStateProviderInitOptions &
|
||||
PlatformUtilsServiceInitOptions &
|
||||
SecureStorageServiceInitOptions;
|
||||
SecureStorageServiceInitOptions &
|
||||
KeyGenerationServiceInitOptions &
|
||||
EncryptServiceInitOptions &
|
||||
LogServiceInitOptions;
|
||||
|
||||
export function tokenServiceFactory(
|
||||
cache: { tokenService?: AbstractTokenService } & CachedServices,
|
||||
@@ -45,6 +60,9 @@ export function tokenServiceFactory(
|
||||
await globalStateProviderFactory(cache, opts),
|
||||
(await platformUtilsServiceFactory(cache, opts)).supportsSecureStorage(),
|
||||
await secureStorageServiceFactory(cache, opts),
|
||||
await keyGenerationServiceFactory(cache, opts),
|
||||
await encryptServiceFactory(cache, opts),
|
||||
await logServiceFactory(cache, opts),
|
||||
),
|
||||
);
|
||||
}
|
||||
|
||||
@@ -443,6 +443,9 @@ export default class MainBackground {
|
||||
this.globalStateProvider,
|
||||
this.platformUtilsService.supportsSecureStorage(),
|
||||
this.secureStorageService,
|
||||
this.keyGenerationService,
|
||||
this.encryptService,
|
||||
this.logService,
|
||||
);
|
||||
|
||||
const migrationRunner = new MigrationRunner(
|
||||
|
||||
@@ -318,11 +318,16 @@ export class Main {
|
||||
this.accountService,
|
||||
);
|
||||
|
||||
this.keyGenerationService = new KeyGenerationService(this.cryptoFunctionService);
|
||||
|
||||
this.tokenService = new TokenService(
|
||||
this.singleUserStateProvider,
|
||||
this.globalStateProvider,
|
||||
this.platformUtilsService.supportsSecureStorage(),
|
||||
this.secureStorageService,
|
||||
this.keyGenerationService,
|
||||
this.encryptService,
|
||||
this.logService,
|
||||
);
|
||||
|
||||
const migrationRunner = new MigrationRunner(
|
||||
@@ -343,8 +348,6 @@ export class Main {
|
||||
migrationRunner,
|
||||
);
|
||||
|
||||
this.keyGenerationService = new KeyGenerationService(this.cryptoFunctionService);
|
||||
|
||||
this.cryptoService = new CryptoService(
|
||||
this.keyGenerationService,
|
||||
this.cryptoFunctionService,
|
||||
|
||||
@@ -6,11 +6,15 @@ import { firstValueFrom } from "rxjs";
|
||||
import { TokenService as TokenServiceAbstraction } from "@bitwarden/common/auth/abstractions/token.service";
|
||||
import { AccountServiceImplementation } from "@bitwarden/common/auth/services/account.service";
|
||||
import { TokenService } from "@bitwarden/common/auth/services/token.service";
|
||||
import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
|
||||
import { KeyGenerationService as KeyGenerationServiceAbstraction } from "@bitwarden/common/platform/abstractions/key-generation.service";
|
||||
import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
|
||||
import { DefaultBiometricStateService } from "@bitwarden/common/platform/biometrics/biometric-state.service";
|
||||
import { StateFactory } from "@bitwarden/common/platform/factories/state-factory";
|
||||
import { GlobalState } from "@bitwarden/common/platform/models/domain/global-state";
|
||||
import { EncryptServiceImplementation } from "@bitwarden/common/platform/services/cryptography/encrypt.service.implementation";
|
||||
import { DefaultEnvironmentService } from "@bitwarden/common/platform/services/default-environment.service";
|
||||
import { KeyGenerationService } from "@bitwarden/common/platform/services/key-generation.service";
|
||||
import { MemoryStorageService } from "@bitwarden/common/platform/services/memory-storage.service";
|
||||
import { MigrationBuilderService } from "@bitwarden/common/platform/services/migration-builder.service";
|
||||
import { MigrationRunner } from "@bitwarden/common/platform/services/migration-runner";
|
||||
@@ -45,6 +49,7 @@ import { ELECTRON_SUPPORTS_SECURE_STORAGE } from "./platform/services/electron-p
|
||||
import { ElectronStateService } from "./platform/services/electron-state.service";
|
||||
import { ElectronStorageService } from "./platform/services/electron-storage.service";
|
||||
import { I18nMainService } from "./platform/services/i18n.main.service";
|
||||
import { IllegalSecureStorageService } from "./platform/services/illegal-secure-storage.service";
|
||||
import { ElectronMainMessagingService } from "./services/electron-main-messaging.service";
|
||||
import { isMacAppStore } from "./utils";
|
||||
|
||||
@@ -62,6 +67,8 @@ export class Main {
|
||||
desktopSettingsService: DesktopSettingsService;
|
||||
migrationRunner: MigrationRunner;
|
||||
tokenService: TokenServiceAbstraction;
|
||||
keyGenerationService: KeyGenerationServiceAbstraction;
|
||||
encryptService: EncryptService;
|
||||
|
||||
windowMain: WindowMain;
|
||||
messagingMain: MessagingMain;
|
||||
@@ -153,11 +160,28 @@ export class Main {
|
||||
|
||||
this.environmentService = new DefaultEnvironmentService(stateProvider, accountService);
|
||||
|
||||
this.mainCryptoFunctionService = new MainCryptoFunctionService();
|
||||
this.mainCryptoFunctionService.init();
|
||||
|
||||
this.keyGenerationService = new KeyGenerationService(this.mainCryptoFunctionService);
|
||||
|
||||
this.encryptService = new EncryptServiceImplementation(
|
||||
this.mainCryptoFunctionService,
|
||||
this.logService,
|
||||
true, // log mac failures
|
||||
);
|
||||
|
||||
// Note: secure storage service is not available and should not be called in the main background process.
|
||||
const illegalSecureStorageService = new IllegalSecureStorageService();
|
||||
|
||||
this.tokenService = new TokenService(
|
||||
singleUserStateProvider,
|
||||
globalStateProvider,
|
||||
ELECTRON_SUPPORTS_SECURE_STORAGE,
|
||||
this.storageService,
|
||||
illegalSecureStorageService,
|
||||
this.keyGenerationService,
|
||||
this.encryptService,
|
||||
this.logService,
|
||||
);
|
||||
|
||||
this.migrationRunner = new MigrationRunner(
|
||||
@@ -239,9 +263,6 @@ export class Main {
|
||||
|
||||
this.clipboardMain = new ClipboardMain();
|
||||
this.clipboardMain.init();
|
||||
|
||||
this.mainCryptoFunctionService = new MainCryptoFunctionService();
|
||||
this.mainCryptoFunctionService.init();
|
||||
}
|
||||
|
||||
bootstrap() {
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
import { AbstractStorageService } from "@bitwarden/common/platform/abstractions/storage.service";
|
||||
import { StorageOptions } from "@bitwarden/common/platform/models/domain/storage-options";
|
||||
|
||||
export class IllegalSecureStorageService implements AbstractStorageService {
|
||||
constructor() {}
|
||||
|
||||
get valuesRequireDeserialization(): boolean {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
has(key: string, options?: StorageOptions): Promise<boolean> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
save<T>(key: string, obj: T, options?: StorageOptions): Promise<void> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
async get<T>(key: string): Promise<T> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
async set<T>(key: string, obj: T): Promise<void> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
async remove(key: string): Promise<void> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
async clear(): Promise<void> {
|
||||
throw new Error("Method not implemented.");
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user