bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-16 00:03:56 +00:00
Code Issues Releases Wiki Activity

[PM-15061] extract encryptors from generator service (#12068)

Browse Source 
* introduce legacy encryptor provider
* port credential generation service to encryptor provider
This commit is contained in:
✨ Audrey ✨
2024-11-28 05:02:21 -05:00
committed by GitHub
parent 927c2fce43
commit ab21b78c53
33 changed files with 1384 additions and 299 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libs/tools/generator/core/src/data/generators.ts
View File

@@ -369,7 +369,7 @@ export function toCredentialGeneratorConfiguration<Settings extends ApiSettings
settings: {
initial: configuration.forwarder.defaultSettings,
constraints: configuration.forwarder.settingsConstraints,
account: configuration.forwarder.settings,
account: configuration.forwarder.local.settings,
},
policy: {
type: PolicyType.PasswordGenerator,

4
libs/tools/generator/core/src/integration/addy-io.ts
View File

@@ -27,6 +27,7 @@ export type AddyIoConfiguration = ForwarderConfiguration<AddyIoSettings>;
const defaultSettings = Object.freeze({
token: "",
domain: "",
baseUrl: "",
});
// supported RPC calls
@@ -65,9 +66,10 @@ const forwarder = Object.freeze({
// e.g. key: "forwarder.AddyIo.local.settings",
key: "addyIoForwarder",
target: "object",
format: "classified",
format: "secret-state",
classifier: new PrivateClassifier<AddyIoSettings>(),
state: GENERATOR_DISK,
initial: defaultSettings,
options: {
deserializer: (value) => value,
clearOn: ["logout"],

3
libs/tools/generator/core/src/integration/duck-duck-go.ts
View File

@@ -55,9 +55,10 @@ const forwarder = Object.freeze({
// e.g. key: "forwarder.DuckDuckGo.local.settings",
key: "duckDuckGoForwarder",
target: "object",
format: "classified",
format: "secret-state",
classifier: new PrivateClassifier<DuckDuckGoSettings>(),
state: GENERATOR_DISK,
initial: defaultSettings,
options: {
deserializer: (value) => value,
clearOn: ["logout"],

3
libs/tools/generator/core/src/integration/fastmail.ts
View File

@@ -123,9 +123,10 @@ const forwarder = Object.freeze({
// e.g. key: "forwarder.Fastmail.local.settings"
key: "fastmailForwarder",
target: "object",
format: "classified",
format: "secret-state",
classifier: new PrivateClassifier<FastmailSettings>(),
state: GENERATOR_DISK,
initial: defaultSettings,
options: {
deserializer: (value) => value,
clearOn: ["logout"],

3
libs/tools/generator/core/src/integration/firefox-relay.ts
View File

@@ -59,9 +59,10 @@ const forwarder = Object.freeze({
// e.g. key: "forwarder.Firefox.local.settings",
key: "firefoxRelayForwarder",
target: "object",
format: "classified",
format: "secret-state",
classifier: new PrivateClassifier<FirefoxRelaySettings>(),
state: GENERATOR_DISK,
initial: defaultSettings,
options: {
deserializer: (value) => value,
clearOn: ["logout"],

3
libs/tools/generator/core/src/integration/forward-email.ts
View File

@@ -62,9 +62,10 @@ const forwarder = Object.freeze({
// e.g. key: "forwarder.ForwardEmail.local.settings",
key: "forwardEmailForwarder",
target: "object",
format: "classified",
format: "secret-state",
classifier: new PrivateClassifier<ForwardEmailSettings>(),
state: GENERATOR_DISK,
initial: defaultSettings,
options: {
deserializer: (value) => value,
clearOn: ["logout"],

4
libs/tools/generator/core/src/integration/simple-login.ts
View File

@@ -27,6 +27,7 @@ export type SimpleLoginConfiguration = ForwarderConfiguration<SimpleLoginSetting
const defaultSettings = Object.freeze({
token: "",
domain: "",
baseUrl: "",
});
// supported RPC calls
@@ -64,9 +65,10 @@ const forwarder = Object.freeze({
// e.g. key: "forwarder.SimpleLogin.local.settings",
key: "simpleLoginForwarder",
target: "object",
format: "classified",
format: "secret-state",
classifier: new PrivateClassifier<SimpleLoginSettings>(),
state: GENERATOR_DISK,
initial: defaultSettings,
options: {
deserializer: (value) => value,
clearOn: ["logout"],

149
libs/tools/generator/core/src/services/credential-generator.service.spec.ts
View File

@@ -5,13 +5,12 @@ import { ApiService } from "@bitwarden/common/abstractions/api.service";
import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
import { PolicyType } from "@bitwarden/common/admin-console/enums";
import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { GENERATOR_DISK, UserKeyDefinition } from "@bitwarden/common/platform/state";
import { LegacyEncryptorProvider } from "@bitwarden/common/tools/cryptography/legacy-encryptor-provider";
import { UserEncryptor } from "@bitwarden/common/tools/cryptography/user-encryptor.abstraction";
import { StateConstraints } from "@bitwarden/common/tools/types";
import { OrganizationId, PolicyId, UserId } from "@bitwarden/common/types/guid";
import { UserKey } from "@bitwarden/common/types/key";
import { KeyService } from "@bitwarden/key-management";
import {
FakeStateProvider,
@@ -175,9 +174,8 @@ const i18nService = mock<I18nService>();
const apiService = mock<ApiService>();
const encryptService = mock<EncryptService>();
const keyService = mock<KeyService>();
const encryptor = mock<UserEncryptor>();
const encryptorProvider = mock<LegacyEncryptorProvider>();
describe("CredentialGeneratorService", () => {
beforeEach(async () => {
@@ -185,8 +183,8 @@ describe("CredentialGeneratorService", () => {
policyService.getAll$.mockImplementation(() => new BehaviorSubject([]).asObservable());
i18nService.t.mockImplementation((key) => key);
apiService.fetch.mockImplementation(() => Promise.resolve(mock<Response>()));
const keyAvailable = new BehaviorSubject({} as UserKey);
keyService.userKey$.mockReturnValue(keyAvailable);
const encryptor$ = new BehaviorSubject({ userId: SomeUser, encryptor });
encryptorProvider.userEncryptor$.mockReturnValue(encryptor$);
jest.clearAllMocks();
});
@@ -200,8 +198,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const generated = new ObservableTracker(generator.generate$(SomeConfiguration));
@@ -222,8 +219,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const generated = new ObservableTracker(generator.generate$(SomeConfiguration));
@@ -248,8 +244,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const generated = new ObservableTracker(generator.generate$(SomeConfiguration));
@@ -277,8 +272,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const website$ = new BehaviorSubject("some website");
@@ -299,8 +293,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const website$ = new BehaviorSubject("some website");
@@ -325,8 +318,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const website$ = new BehaviorSubject("some website");
@@ -352,8 +344,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId$ = new BehaviorSubject(AnotherUser).asObservable();
@@ -373,8 +364,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId = new BehaviorSubject(SomeUser);
@@ -398,8 +388,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId$ = new BehaviorSubject(SomeUser);
@@ -424,8 +413,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId$ = new BehaviorSubject(SomeUser);
@@ -451,8 +439,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const on$ = new Subject<void>();
@@ -494,8 +481,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const on$ = new Subject<void>();
@@ -521,8 +507,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const on$ = new Subject<void>();
@@ -553,8 +538,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
@@ -575,8 +559,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
@@ -596,8 +579,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
@@ -618,8 +600,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
@@ -644,8 +625,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
@@ -662,8 +642,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
@@ -679,8 +658,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
@@ -697,8 +675,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
@@ -720,8 +697,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
@@ -746,8 +722,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const results: any = [];
@@ -784,8 +759,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId$ = new BehaviorSubject(AnotherUser).asObservable();
@@ -806,8 +780,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId = new BehaviorSubject(SomeUser);
@@ -837,8 +810,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId = new BehaviorSubject(SomeUser);
@@ -864,8 +836,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId = new BehaviorSubject(SomeUser);
@@ -891,8 +862,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId = new BehaviorSubject(SomeUser);
@@ -924,8 +894,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
@@ -943,8 +912,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
@@ -964,8 +932,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
@@ -990,8 +957,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const results: any = [];
@@ -1016,8 +982,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId$ = new BehaviorSubject(AnotherUser).asObservable();
@@ -1038,8 +1003,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId = new BehaviorSubject(SomeUser);
@@ -1066,8 +1030,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId = new BehaviorSubject(SomeUser);
@@ -1093,8 +1056,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId = new BehaviorSubject(SomeUser);
@@ -1120,8 +1082,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId = new BehaviorSubject(SomeUser);
@@ -1153,8 +1114,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const subject = await generator.settings(SomeConfiguration, { singleUserId$ });
@@ -1179,8 +1139,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
@@ -1206,8 +1165,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId$ = new BehaviorSubject(SomeUser).asObservable();
@@ -1224,8 +1182,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId$ = new BehaviorSubject(SomeUser).asObservable();
@@ -1244,8 +1201,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId = new BehaviorSubject(SomeUser);
@@ -1274,8 +1230,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId = new BehaviorSubject(SomeUser);
@@ -1305,8 +1260,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId = new BehaviorSubject(SomeUser);
@@ -1332,8 +1286,7 @@ describe("CredentialGeneratorService", () => {
policyService,
apiService,
i18nService,
encryptService,
keyService,
encryptorProvider,
accountService,
);
const userId = new BehaviorSubject(SomeUser);

66
libs/tools/generator/core/src/services/credential-generator.service.ts
View File

@@ -11,11 +11,11 @@ import {
ignoreElements,
map,
Observable,
ReplaySubject,
share,
skipUntil,
switchMap,
takeUntil,
takeWhile,
withLatestFrom,
} from "rxjs";
import { Simplify } from "type-fest";
@@ -24,24 +24,19 @@ import { ApiService } from "@bitwarden/common/abstractions/api.service";
import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
import { PolicyType } from "@bitwarden/common/admin-console/enums";
import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { StateProvider } from "@bitwarden/common/platform/state";
import { LegacyEncryptorProvider } from "@bitwarden/common/tools/cryptography/legacy-encryptor-provider";
import {
OnDependency,
SingleUserDependency,
UserBound,
UserDependency,
} from "@bitwarden/common/tools/dependencies";
import { IntegrationId, IntegrationMetadata } from "@bitwarden/common/tools/integration";
import { RestClient } from "@bitwarden/common/tools/integration/rpc";
import { anyComplete } from "@bitwarden/common/tools/rx";
import { PaddedDataPacker } from "@bitwarden/common/tools/state/padded-data-packer";
import { UserEncryptor } from "@bitwarden/common/tools/state/user-encryptor.abstraction";
import { UserKeyEncryptor } from "@bitwarden/common/tools/state/user-key-encryptor";
import { UserStateSubject } from "@bitwarden/common/tools/state/user-state-subject";
import { UserId } from "@bitwarden/common/types/guid";
import { KeyService } from "@bitwarden/key-management";
import { Randomizer } from "../abstractions";
import {
@@ -97,8 +92,7 @@ export class CredentialGeneratorService {
private readonly policyService: PolicyService,
private readonly apiService: ApiService,
private readonly i18nService: I18nService,
private readonly encryptService: EncryptService,
private readonly keyService: KeyService,
private readonly encryptorProvider: LegacyEncryptorProvider,
private readonly accountService: AccountService,
) {}
@@ -273,21 +267,6 @@ export class CredentialGeneratorService {
return info;
}
private encryptor$(userId: UserId) {
const packer = new PaddedDataPacker(OPTIONS_FRAME_SIZE);
const encryptor$ = this.keyService.userKey$(userId).pipe(
// complete when the account locks
takeWhile((key) => !!key),
map((key) => {
const encryptor = new UserKeyEncryptor(userId, this.encryptService, key, packer);
return { userId, encryptor } satisfies UserBound<"encryptor", UserEncryptor>;
}),
);
return encryptor$;
}
/** Get the settings for the provided configuration
* @param configuration determines which generator's settings are loaded
* @param dependencies.userId$ identifies the user to which the settings are bound.
@@ -307,10 +286,15 @@ export class CredentialGeneratorService {
filter((userId) => !!userId),
distinctUntilChanged(),
switchMap((userId) => {
const singleUserId$ = new BehaviorSubject(userId);
const singleUserEncryptor$ = this.encryptorProvider.userEncryptor$(OPTIONS_FRAME_SIZE, {
singleUserId$,
});
const state$ = new UserStateSubject(
configuration.settings.account,
(key) => this.stateProvider.getUser(userId, key),
{ constraints$, singleUserEncryptor$: this.encryptor$(userId) },
{ constraints$, singleUserEncryptor$ },
);
return state$;
}),
@@ -333,15 +317,23 @@ export class CredentialGeneratorService {
async preferences(
dependencies: SingleUserDependency,
): Promise<UserStateSubject<CredentialPreference>> {
const userId = await firstValueFrom(
dependencies.singleUserId$.pipe(filter((userId) => !!userId)),
);
const singleUserId$ = new ReplaySubject<UserId>(1);
dependencies.singleUserId$
.pipe(
filter((userId) => !!userId),
distinctUntilChanged(),
)
.subscribe(singleUserId$);
const singleUserEncryptor$ = this.encryptorProvider.userEncryptor$(OPTIONS_FRAME_SIZE, {
singleUserId$,
});
const userId = await firstValueFrom(singleUserId$);
// FIXME: enforce policy
const subject = new UserStateSubject(
PREFERENCES,
(key) => this.stateProvider.getUser(userId, key),
{ singleUserEncryptor$: this.encryptor$(userId) },
{ singleUserEncryptor$ },
);
return subject;
@@ -358,16 +350,24 @@ export class CredentialGeneratorService {
configuration: Readonly<Configuration<Settings, Policy>>,
dependencies: SingleUserDependency,
) {
const userId = await firstValueFrom(
dependencies.singleUserId$.pipe(filter((userId) => !!userId)),
);
const singleUserId$ = new ReplaySubject<UserId>(1);
dependencies.singleUserId$
.pipe(
filter((userId) => !!userId),
distinctUntilChanged(),
)
.subscribe(singleUserId$);
const singleUserEncryptor$ = this.encryptorProvider.userEncryptor$(OPTIONS_FRAME_SIZE, {
singleUserId$,
});
const userId = await firstValueFrom(singleUserId$);
const constraints$ = this.policy$(configuration, { userId$: dependencies.singleUserId$ });
const subject = new UserStateSubject(
configuration.settings.account,
(key) => this.stateProvider.getUser(userId, key),
{ constraints$, singleUserEncryptor$: this.encryptor$(userId) },
{ constraints$, singleUserEncryptor$ },
);
return subject;

2
libs/tools/generator/core/src/strategies/forwarder-generator-strategy.ts
View File

@@ -5,6 +5,7 @@ import { PolicyType } from "@bitwarden/common/admin-console/enums";
import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
import { SingleUserState, StateProvider } from "@bitwarden/common/platform/state";
import { UserKeyEncryptor } from "@bitwarden/common/tools/cryptography/user-key-encryptor";
import {
ApiSettings,
IntegrationRequest,
@@ -14,7 +15,6 @@ import { BufferedState } from "@bitwarden/common/tools/state/buffered-state";
import { PaddedDataPacker } from "@bitwarden/common/tools/state/padded-data-packer";
import { SecretKeyDefinition } from "@bitwarden/common/tools/state/secret-key-definition";
import { SecretState } from "@bitwarden/common/tools/state/secret-state";
import { UserKeyEncryptor } from "@bitwarden/common/tools/state/user-key-encryptor";
import { UserId } from "@bitwarden/common/types/guid";
import { KeyService } from "@bitwarden/key-management";