Auth/ps 2298 reorg auth (#4564)

* Move auth service factories to Auth team * Move authentication componenets to Auth team * Move auth guard services to Auth team * Move Duo content script to Auth team * Move auth CLI commands to Auth team * Move Desktop Account components to Auth Team * Move Desktop guards to Auth team * Move two-factor provider images to Auth team * Move web Accounts components to Auth Team * Move web settings components to Auth Team * Move web two factor images to Auth Team * Fix missed import changes for Auth Team * Fix Linting errors * Fix missed CLI imports * Fix missed Desktop imports * Revert images move * Fix missed imports in Web * Move angular lib components to Auth Team * Move angular auth guards to Auth team * Move strategy specs to Auth team * Update .eslintignore for new paths * Move lib common abstractions to Auth team * Move services to Auth team * Move common lib enums to Auth team * Move webauthn iframe to Auth team * Move lib common domain models to Auth team * Move common lib requests to Auth team * Move response models to Auth team * Clean up whitelist * Move bit web components to Auth team * Move SSO and SCIM files to Auth team * Revert move SCIM to Auth team SCIM belongs to Admin Console team * Move captcha to Auth team * Move key connector to Auth team * Move emergency access to auth team * Delete extra file * linter fixes * Move kdf config to auth team * Fix whitelist * Fix duo autoformat * Complete two factor provider request move * Fix whitelist names * Fix login capitalization * Revert hint dependency reordering * Revert hint dependency reordering * Revert hint component This components is being picked up as a move between clients * Move web hint component to Auth team * Move new files to auth team * Fix desktop build * Fix browser build
2025-12-29 22:53:44 +00:00 · 2023-02-06 16:53:37 -05:00
parent 084c89107e
commit cf972e784c
377 changed files with 1030 additions and 998 deletions
--- a/apps/web/src/auth/settings/two-factor-setup.component.ts
+++ b/apps/web/src/auth/settings/two-factor-setup.component.ts
@@ -0,0 +1,210 @@
+import { Component, OnDestroy, OnInit, Type, ViewChild, ViewContainerRef } from "@angular/core";
+import { Subject, takeUntil } from "rxjs";
+
+import { ModalRef } from "@bitwarden/angular/components/modal/modal.ref";
+import { ModalService } from "@bitwarden/angular/services/modal.service";
+import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";
+import { PolicyService } from "@bitwarden/common/abstractions/policy/policy.service.abstraction";
+import { StateService } from "@bitwarden/common/abstractions/state.service";
+import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
+import { TwoFactorProviders } from "@bitwarden/common/auth/services/two-factor.service";
+import { PolicyType } from "@bitwarden/common/enums/policyType";
+
+import { TwoFactorAuthenticatorComponent } from "./two-factor-authenticator.component";
+import { TwoFactorDuoComponent } from "./two-factor-duo.component";
+import { TwoFactorEmailComponent } from "./two-factor-email.component";
+import { TwoFactorRecoveryComponent } from "./two-factor-recovery.component";
+import { TwoFactorWebAuthnComponent } from "./two-factor-webauthn.component";
+import { TwoFactorYubiKeyComponent } from "./two-factor-yubikey.component";
+
+@Component({
+  selector: "app-two-factor-setup",
+  templateUrl: "two-factor-setup.component.html",
+})
+export class TwoFactorSetupComponent implements OnInit, OnDestroy {
+  @ViewChild("recoveryTemplate", { read: ViewContainerRef, static: true })
+  recoveryModalRef: ViewContainerRef;
+  @ViewChild("authenticatorTemplate", { read: ViewContainerRef, static: true })
+  authenticatorModalRef: ViewContainerRef;
+  @ViewChild("yubikeyTemplate", { read: ViewContainerRef, static: true })
+  yubikeyModalRef: ViewContainerRef;
+  @ViewChild("duoTemplate", { read: ViewContainerRef, static: true }) duoModalRef: ViewContainerRef;
+  @ViewChild("emailTemplate", { read: ViewContainerRef, static: true })
+  emailModalRef: ViewContainerRef;
+  @ViewChild("webAuthnTemplate", { read: ViewContainerRef, static: true })
+  webAuthnModalRef: ViewContainerRef;
+
+  organizationId: string;
+  providers: any[] = [];
+  canAccessPremium: boolean;
+  showPolicyWarning = false;
+  loading = true;
+  modal: ModalRef;
+  formPromise: Promise<any>;
+
+  private destroy$ = new Subject<void>();
+  private twoFactorAuthPolicyAppliesToActiveUser: boolean;
+
+  constructor(
+    protected apiService: ApiService,
+    protected modalService: ModalService,
+    protected messagingService: MessagingService,
+    protected policyService: PolicyService,
+    private stateService: StateService
+  ) {}
+
+  async ngOnInit() {
+    this.canAccessPremium = await this.stateService.getCanAccessPremium();
+
+    for (const key in TwoFactorProviders) {
+      // eslint-disable-next-line
+      if (!TwoFactorProviders.hasOwnProperty(key)) {
+        continue;
+      }
+
+      const p = (TwoFactorProviders as any)[key];
+      if (this.filterProvider(p.type)) {
+        continue;
+      }
+
+      this.providers.push({
+        type: p.type,
+        name: p.name,
+        description: p.description,
+        enabled: false,
+        premium: p.premium,
+        sort: p.sort,
+      });
+    }
+
+    this.providers.sort((a: any, b: any) => a.sort - b.sort);
+
+    this.policyService
+      .policyAppliesToActiveUser$(PolicyType.TwoFactorAuthentication)
+      .pipe(takeUntil(this.destroy$))
+      .subscribe((policyAppliesToActiveUser) => {
+        this.twoFactorAuthPolicyAppliesToActiveUser = policyAppliesToActiveUser;
+      });
+
+    await this.load();
+  }
+
+  ngOnDestroy(): void {
+    this.destroy$.next();
+    this.destroy$.complete();
+  }
+
+  async load() {
+    this.loading = true;
+    const providerList = await this.getTwoFactorProviders();
+    providerList.data.forEach((p) => {
+      this.providers.forEach((p2) => {
+        if (p.type === p2.type) {
+          p2.enabled = p.enabled;
+        }
+      });
+    });
+    this.evaluatePolicies();
+    this.loading = false;
+  }
+
+  async manage(type: TwoFactorProviderType) {
+    switch (type) {
+      case TwoFactorProviderType.Authenticator: {
+        const authComp = await this.openModal(
+          this.authenticatorModalRef,
+          TwoFactorAuthenticatorComponent
+        );
+        // eslint-disable-next-line rxjs-angular/prefer-takeuntil
+        authComp.onUpdated.subscribe((enabled: boolean) => {
+          this.updateStatus(enabled, TwoFactorProviderType.Authenticator);
+        });
+        break;
+      }
+      case TwoFactorProviderType.Yubikey: {
+        const yubiComp = await this.openModal(this.yubikeyModalRef, TwoFactorYubiKeyComponent);
+        // eslint-disable-next-line rxjs-angular/prefer-takeuntil
+        yubiComp.onUpdated.subscribe((enabled: boolean) => {
+          this.updateStatus(enabled, TwoFactorProviderType.Yubikey);
+        });
+        break;
+      }
+      case TwoFactorProviderType.Duo: {
+        const duoComp = await this.openModal(this.duoModalRef, TwoFactorDuoComponent);
+        // eslint-disable-next-line rxjs-angular/prefer-takeuntil
+        duoComp.onUpdated.subscribe((enabled: boolean) => {
+          this.updateStatus(enabled, TwoFactorProviderType.Duo);
+        });
+        break;
+      }
+      case TwoFactorProviderType.Email: {
+        const emailComp = await this.openModal(this.emailModalRef, TwoFactorEmailComponent);
+        // eslint-disable-next-line rxjs-angular/prefer-takeuntil
+        emailComp.onUpdated.subscribe((enabled: boolean) => {
+          this.updateStatus(enabled, TwoFactorProviderType.Email);
+        });
+        break;
+      }
+      case TwoFactorProviderType.WebAuthn: {
+        const webAuthnComp = await this.openModal(
+          this.webAuthnModalRef,
+          TwoFactorWebAuthnComponent
+        );
+        // eslint-disable-next-line rxjs-angular/prefer-takeuntil
+        webAuthnComp.onUpdated.subscribe((enabled: boolean) => {
+          this.updateStatus(enabled, TwoFactorProviderType.WebAuthn);
+        });
+        break;
+      }
+      default:
+        break;
+    }
+  }
+
+  recoveryCode() {
+    this.openModal(this.recoveryModalRef, TwoFactorRecoveryComponent);
+  }
+
+  async premiumRequired() {
+    if (!this.canAccessPremium) {
+      this.messagingService.send("premiumRequired");
+      return;
+    }
+  }
+
+  protected getTwoFactorProviders() {
+    return this.apiService.getTwoFactorProviders();
+  }
+
+  protected filterProvider(type: TwoFactorProviderType) {
+    return type === TwoFactorProviderType.OrganizationDuo;
+  }
+
+  protected async openModal<T>(ref: ViewContainerRef, type: Type<T>): Promise<T> {
+    const [modal, childComponent] = await this.modalService.openViewRef(type, ref);
+    this.modal = modal;
+
+    return childComponent;
+  }
+
+  protected updateStatus(enabled: boolean, type: TwoFactorProviderType) {
+    if (!enabled && this.modal != null) {
+      this.modal.close();
+    }
+    this.providers.forEach((p) => {
+      if (p.type === type) {
+        p.enabled = enabled;
+      }
+    });
+    this.evaluatePolicies();
+  }
+
+  private async evaluatePolicies() {
+    if (this.organizationId == null && this.providers.filter((p) => p.enabled).length === 1) {
+      this.showPolicyWarning = this.twoFactorAuthPolicyAppliesToActiveUser;
+    } else {
+      this.showPolicyWarning = false;
+    }
+  }
+}