Auth/PM-7072 - Token Service - Access Token Secure Storage Refactor (#8412)

* PM-5263 - TokenSvc - WIP on access token secure storage refactor * PM-5263 - Add key generation svc to token svc. * PM-5263 - TokenSvc - more progress on encrypt access token work. * PM-5263 - TokenSvc TODO cleanup * PM-5263 - TokenSvc - rename * PM-5263 - TokenSvc - decryptAccess token must return null as that is a valid case. * PM-5263 - Add EncryptSvc dep to TokenSvc * PM-5263 - Add secure storage to token service * PM-5263 - TokenSvc - (1) Finish implementing accessTokenKey stored in secure storage + encrypted access token stored on disk (2) Remove no longer necessary migration flag as the presence of the accessTokenKey now serves the same purpose. Co-authored-by: Jake Fink <jfink@bitwarden.com> * PM-5263 - TokenSvc - (1) Tweak return structure of decryptAccessToken to be more debuggable (2) Add TODO to add more error handling. * PM-5263 - TODO: update tests * PM-5263 - add temp logs * PM-5263 - TokenSvc - remove logs now that I don't need them. * fix tests for access token * PM-5263 - TokenSvc test cleanup - small tweaks / cleanup * PM-5263 - TokenService - per PR feedback from Justin - add error message to error message if possible. Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com> --------- Co-authored-by: Jake Fink <jfink@bitwarden.com> Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2025-12-27 21:53:25 +00:00 · 2024-03-26 18:41:14 -04:00
parent 7f55833974
commit a66e224d32
10 changed files with 354 additions and 228 deletions
--- a/apps/browser/src/auth/background/service-factories/token-service.factory.ts
+++ b/apps/browser/src/auth/background/service-factories/token-service.factory.ts
@@ -1,6 +1,10 @@
 import { TokenService as AbstractTokenService } from "@bitwarden/common/auth/abstractions/token.service";
 import { TokenService } from "@bitwarden/common/auth/services/token.service";

+import {
+  EncryptServiceInitOptions,
+  encryptServiceFactory,
+} from "../../../platform/background/service-factories/encrypt-service.factory";
 import {
  FactoryOptions,
  CachedServices,
@@ -10,6 +14,14 @@ import {
  GlobalStateProviderInitOptions,
  globalStateProviderFactory,
 } from "../../../platform/background/service-factories/global-state-provider.factory";
+import {
+  KeyGenerationServiceInitOptions,
+  keyGenerationServiceFactory,
+} from "../../../platform/background/service-factories/key-generation-service.factory";
+import {
+  LogServiceInitOptions,
+  logServiceFactory,
+} from "../../../platform/background/service-factories/log-service.factory";
 import {
  PlatformUtilsServiceInitOptions,
  platformUtilsServiceFactory,
@@ -29,7 +41,10 @@ export type TokenServiceInitOptions = TokenServiceFactoryOptions &
  SingleUserStateProviderInitOptions &
  GlobalStateProviderInitOptions &
  PlatformUtilsServiceInitOptions &
-  SecureStorageServiceInitOptions;
+  SecureStorageServiceInitOptions &
+  KeyGenerationServiceInitOptions &
+  EncryptServiceInitOptions &
+  LogServiceInitOptions;

 export function tokenServiceFactory(
  cache: { tokenService?: AbstractTokenService } & CachedServices,
@@ -45,6 +60,9 @@ export function tokenServiceFactory(
        await globalStateProviderFactory(cache, opts),
        (await platformUtilsServiceFactory(cache, opts)).supportsSecureStorage(),
        await secureStorageServiceFactory(cache, opts),
+        await keyGenerationServiceFactory(cache, opts),
+        await encryptServiceFactory(cache, opts),
+        await logServiceFactory(cache, opts),
      ),
  );
 }
--- a/apps/browser/src/background/main.background.ts
+++ b/apps/browser/src/background/main.background.ts
@@ -443,6 +443,9 @@ export default class MainBackground {
      this.globalStateProvider,
      this.platformUtilsService.supportsSecureStorage(),
      this.secureStorageService,
+      this.keyGenerationService,
+      this.encryptService,
+      this.logService,
    );

    const migrationRunner = new MigrationRunner(