mirror of
https://github.com/bitwarden/browser
synced 2026-01-06 18:43:25 +00:00
[PM-5362]Create MP Service for state provider migration (#7623)
* create mp and kdf service * update mp service interface to not rely on active user * rename observable methods * update crypto service with new MP service * add master password service to login strategies - make fake service for easier testing - fix crypto service tests * update auth service and finish strategies * auth request refactors * more service refactors and constructor updates * setMasterKey refactors * remove master key methods from crypto service * remove master key and hash from state service * missed fixes * create migrations and fix references * fix master key imports * default force set password reason to none * add password reset reason observable factory to service * remove kdf changes and migrate only disk data * update migration number * fix sync service deps * use disk for force set password state * fix desktop migration * fix sso test * fix tests * fix more tests * fix even more tests * fix even more tests * fix cli * remove kdf service abstraction * add missing deps for browser * fix merge conflicts * clear reset password reason on lock or logout * fix tests * fix other tests * add jsdocs to abstraction * use state provider in crypto service * inverse master password service factory * add clearOn to master password service * add parameter validation to master password service * add component level userId * add missed userId * migrate key hash * fix login strategy service * delete crypto master key from account * migrate master key encrypted user key * rename key hash to master key hash * use mp service for getMasterKeyEncryptedUserKey * fix tests
This commit is contained in:
Jake Fink
GitHub
@@ -0,0 +1,56 @@
|
||||
import { mock } from "jest-mock-extended";
|
||||
import { ReplaySubject, Observable } from "rxjs";
|
||||
|
||||
import { EncString } from "../../../platform/models/domain/enc-string";
|
||||
import { UserId } from "../../../types/guid";
|
||||
import { MasterKey } from "../../../types/key";
|
||||
import { InternalMasterPasswordServiceAbstraction } from "../../abstractions/master-password.service.abstraction";
|
||||
import { ForceSetPasswordReason } from "../../models/domain/force-set-password-reason";
|
||||
|
||||
export class FakeMasterPasswordService implements InternalMasterPasswordServiceAbstraction {
|
||||
mock = mock<InternalMasterPasswordServiceAbstraction>();
|
||||
|
||||
// eslint-disable-next-line rxjs/no-exposed-subjects -- test class
|
||||
masterKeySubject = new ReplaySubject<MasterKey>(1);
|
||||
// eslint-disable-next-line rxjs/no-exposed-subjects -- test class
|
||||
masterKeyHashSubject = new ReplaySubject<string>(1);
|
||||
// eslint-disable-next-line rxjs/no-exposed-subjects -- test class
|
||||
forceSetPasswordReasonSubject = new ReplaySubject<ForceSetPasswordReason>(1);
|
||||
|
||||
constructor(initialMasterKey?: MasterKey, initialMasterKeyHash?: string) {
|
||||
this.masterKeySubject.next(initialMasterKey);
|
||||
this.masterKeyHashSubject.next(initialMasterKeyHash);
|
||||
}
|
||||
|
||||
masterKey$(userId: UserId): Observable<MasterKey> {
|
||||
return this.masterKeySubject.asObservable();
|
||||
}
|
||||
|
||||
setMasterKey(masterKey: MasterKey, userId: UserId): Promise<void> {
|
||||
return this.mock.setMasterKey(masterKey, userId);
|
||||
}
|
||||
|
||||
masterKeyHash$(userId: UserId): Observable<string> {
|
||||
return this.masterKeyHashSubject.asObservable();
|
||||
}
|
||||
|
||||
getMasterKeyEncryptedUserKey(userId: UserId): Promise<EncString> {
|
||||
return this.mock.getMasterKeyEncryptedUserKey(userId);
|
||||
}
|
||||
|
||||
setMasterKeyEncryptedUserKey(encryptedKey: EncString, userId: UserId): Promise<void> {
|
||||
return this.mock.setMasterKeyEncryptedUserKey(encryptedKey, userId);
|
||||
}
|
||||
|
||||
setMasterKeyHash(masterKeyHash: string, userId: UserId): Promise<void> {
|
||||
return this.mock.setMasterKeyHash(masterKeyHash, userId);
|
||||
}
|
||||
|
||||
forceSetPasswordReason$(userId: UserId): Observable<ForceSetPasswordReason> {
|
||||
return this.forceSetPasswordReasonSubject.asObservable();
|
||||
}
|
||||
|
||||
setForceSetPasswordReason(reason: ForceSetPasswordReason, userId: UserId): Promise<void> {
|
||||
return this.mock.setForceSetPasswordReason(reason, userId);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,125 @@
|
||||
import { firstValueFrom, map, Observable } from "rxjs";
|
||||
|
||||
import { EncString } from "../../../platform/models/domain/enc-string";
|
||||
import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
|
||||
import {
|
||||
MASTER_PASSWORD_DISK,
|
||||
MASTER_PASSWORD_MEMORY,
|
||||
StateProvider,
|
||||
UserKeyDefinition,
|
||||
} from "../../../platform/state";
|
||||
import { UserId } from "../../../types/guid";
|
||||
import { MasterKey } from "../../../types/key";
|
||||
import { InternalMasterPasswordServiceAbstraction } from "../../abstractions/master-password.service.abstraction";
|
||||
import { ForceSetPasswordReason } from "../../models/domain/force-set-password-reason";
|
||||
|
||||
/** Memory since master key shouldn't be available on lock */
|
||||
const MASTER_KEY = new UserKeyDefinition<MasterKey>(MASTER_PASSWORD_MEMORY, "masterKey", {
|
||||
deserializer: (masterKey) => SymmetricCryptoKey.fromJSON(masterKey) as MasterKey,
|
||||
clearOn: ["lock", "logout"],
|
||||
});
|
||||
|
||||
/** Disk since master key hash is used for unlock */
|
||||
const MASTER_KEY_HASH = new UserKeyDefinition<string>(MASTER_PASSWORD_DISK, "masterKeyHash", {
|
||||
deserializer: (masterKeyHash) => masterKeyHash,
|
||||
clearOn: ["logout"],
|
||||
});
|
||||
|
||||
const MASTER_KEY_ENCRYPTED_USER_KEY = new UserKeyDefinition<EncString>(
|
||||
MASTER_PASSWORD_DISK,
|
||||
"masterKeyEncryptedUserKey",
|
||||
{
|
||||
deserializer: (key) => EncString.fromJSON(key),
|
||||
clearOn: ["logout"],
|
||||
},
|
||||
);
|
||||
|
||||
/** Disk to persist through lock and account switches */
|
||||
const FORCE_SET_PASSWORD_REASON = new UserKeyDefinition<ForceSetPasswordReason>(
|
||||
MASTER_PASSWORD_DISK,
|
||||
"forceSetPasswordReason",
|
||||
{
|
||||
deserializer: (reason) => reason,
|
||||
clearOn: ["logout"],
|
||||
},
|
||||
);
|
||||
|
||||
export class MasterPasswordService implements InternalMasterPasswordServiceAbstraction {
|
||||
constructor(private stateProvider: StateProvider) {}
|
||||
|
||||
masterKey$(userId: UserId): Observable<MasterKey> {
|
||||
if (userId == null) {
|
||||
throw new Error("User ID is required.");
|
||||
}
|
||||
return this.stateProvider.getUser(userId, MASTER_KEY).state$;
|
||||
}
|
||||
|
||||
masterKeyHash$(userId: UserId): Observable<string> {
|
||||
if (userId == null) {
|
||||
throw new Error("User ID is required.");
|
||||
}
|
||||
return this.stateProvider.getUser(userId, MASTER_KEY_HASH).state$;
|
||||
}
|
||||
|
||||
forceSetPasswordReason$(userId: UserId): Observable<ForceSetPasswordReason> {
|
||||
if (userId == null) {
|
||||
throw new Error("User ID is required.");
|
||||
}
|
||||
return this.stateProvider
|
||||
.getUser(userId, FORCE_SET_PASSWORD_REASON)
|
||||
.state$.pipe(map((reason) => reason ?? ForceSetPasswordReason.None));
|
||||
}
|
||||
|
||||
// TODO: Remove this method and decrypt directly in the service instead
|
||||
async getMasterKeyEncryptedUserKey(userId: UserId): Promise<EncString> {
|
||||
if (userId == null) {
|
||||
throw new Error("User ID is required.");
|
||||
}
|
||||
const key = await firstValueFrom(
|
||||
this.stateProvider.getUser(userId, MASTER_KEY_ENCRYPTED_USER_KEY).state$,
|
||||
);
|
||||
return key;
|
||||
}
|
||||
|
||||
async setMasterKey(masterKey: MasterKey, userId: UserId): Promise<void> {
|
||||
if (masterKey == null) {
|
||||
throw new Error("Master key is required.");
|
||||
}
|
||||
if (userId == null) {
|
||||
throw new Error("User ID is required.");
|
||||
}
|
||||
await this.stateProvider.getUser(userId, MASTER_KEY).update((_) => masterKey);
|
||||
}
|
||||
|
||||
async setMasterKeyHash(masterKeyHash: string, userId: UserId): Promise<void> {
|
||||
if (masterKeyHash == null) {
|
||||
throw new Error("Master key hash is required.");
|
||||
}
|
||||
if (userId == null) {
|
||||
throw new Error("User ID is required.");
|
||||
}
|
||||
await this.stateProvider.getUser(userId, MASTER_KEY_HASH).update((_) => masterKeyHash);
|
||||
}
|
||||
|
||||
async setMasterKeyEncryptedUserKey(encryptedKey: EncString, userId: UserId): Promise<void> {
|
||||
if (encryptedKey == null) {
|
||||
throw new Error("Encrypted Key is required.");
|
||||
}
|
||||
if (userId == null) {
|
||||
throw new Error("User ID is required.");
|
||||
}
|
||||
await this.stateProvider
|
||||
.getUser(userId, MASTER_KEY_ENCRYPTED_USER_KEY)
|
||||
.update((_) => encryptedKey);
|
||||
}
|
||||
|
||||
async setForceSetPasswordReason(reason: ForceSetPasswordReason, userId: UserId): Promise<void> {
|
||||
if (reason == null) {
|
||||
throw new Error("Reason is required.");
|
||||
}
|
||||
if (userId == null) {
|
||||
throw new Error("User ID is required.");
|
||||
}
|
||||
await this.stateProvider.getUser(userId, FORCE_SET_PASSWORD_REASON).update((_) => reason);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user