Auth/ps 2298 reorg auth (#4564)

* Move auth service factories to Auth team * Move authentication componenets to Auth team * Move auth guard services to Auth team * Move Duo content script to Auth team * Move auth CLI commands to Auth team * Move Desktop Account components to Auth Team * Move Desktop guards to Auth team * Move two-factor provider images to Auth team * Move web Accounts components to Auth Team * Move web settings components to Auth Team * Move web two factor images to Auth Team * Fix missed import changes for Auth Team * Fix Linting errors * Fix missed CLI imports * Fix missed Desktop imports * Revert images move * Fix missed imports in Web * Move angular lib components to Auth Team * Move angular auth guards to Auth team * Move strategy specs to Auth team * Update .eslintignore for new paths * Move lib common abstractions to Auth team * Move services to Auth team * Move common lib enums to Auth team * Move webauthn iframe to Auth team * Move lib common domain models to Auth team * Move common lib requests to Auth team * Move response models to Auth team * Clean up whitelist * Move bit web components to Auth team * Move SSO and SCIM files to Auth team * Revert move SCIM to Auth team SCIM belongs to Admin Console team * Move captcha to Auth team * Move key connector to Auth team * Move emergency access to auth team * Delete extra file * linter fixes * Move kdf config to auth team * Fix whitelist * Fix duo autoformat * Complete two factor provider request move * Fix whitelist names * Fix login capitalization * Revert hint dependency reordering * Revert hint dependency reordering * Revert hint component This components is being picked up as a move between clients * Move web hint component to Auth team * Move new files to auth team * Fix desktop build * Fix browser build
2025-12-16 16:23:44 +00:00 · 2023-02-06 16:53:37 -05:00
parent 084c89107e
commit cf972e784c
377 changed files with 1030 additions and 998 deletions
--- a/libs/common/src/auth/services/user-verification/user-verification.service.ts
+++ b/libs/common/src/auth/services/user-verification/user-verification.service.ts
@@ -0,0 +1,88 @@
+import { CryptoService } from "../../../abstractions/crypto.service";
+import { I18nService } from "../../../abstractions/i18n.service";
+import { UserVerificationApiServiceAbstraction } from "../../../abstractions/userVerification/userVerification-api.service.abstraction";
+import { UserVerificationService as UserVerificationServiceAbstraction } from "../../../abstractions/userVerification/userVerification.service.abstraction";
+import { Verification } from "../../../types/verification";
+import { VerificationType } from "../../enums/verification-type";
+import { SecretVerificationRequest } from "../../models/request/secret-verification.request";
+import { VerifyOTPRequest } from "../../models/request/verify-otp.request";
+
+/**
+ * Used for general-purpose user verification throughout the app.
+ * Use it to verify the input collected by UserVerificationComponent.
+ */
+export class UserVerificationService implements UserVerificationServiceAbstraction {
+  constructor(
+    private cryptoService: CryptoService,
+    private i18nService: I18nService,
+    private userVerificationApiService: UserVerificationApiServiceAbstraction
+  ) {}
+
+  /**
+   * Create a new request model to be used for server-side verification
+   * @param verification User-supplied verification data (Master Password or OTP)
+   * @param requestClass The request model to create
+   * @param alreadyHashed Whether the master password is already hashed
+   */
+  async buildRequest<T extends SecretVerificationRequest>(
+    verification: Verification,
+    requestClass?: new () => T,
+    alreadyHashed?: boolean
+  ) {
+    this.validateInput(verification);
+
+    const request =
+      requestClass != null ? new requestClass() : (new SecretVerificationRequest() as T);
+
+    if (verification.type === VerificationType.OTP) {
+      request.otp = verification.secret;
+    } else {
+      request.masterPasswordHash = alreadyHashed
+        ? verification.secret
+        : await this.cryptoService.hashPassword(verification.secret, null);
+    }
+
+    return request;
+  }
+
+  /**
+   * Used to verify the Master Password client-side, or send the OTP to the server for verification (with no other data)
+   * Generally used for client-side verification only.
+   * @param verification User-supplied verification data (Master Password or OTP)
+   */
+  async verifyUser(verification: Verification): Promise<boolean> {
+    this.validateInput(verification);
+
+    if (verification.type === VerificationType.OTP) {
+      const request = new VerifyOTPRequest(verification.secret);
+      try {
+        await this.userVerificationApiService.postAccountVerifyOTP(request);
+      } catch (e) {
+        throw new Error(this.i18nService.t("invalidVerificationCode"));
+      }
+    } else {
+      const passwordValid = await this.cryptoService.compareAndUpdateKeyHash(
+        verification.secret,
+        null
+      );
+      if (!passwordValid) {
+        throw new Error(this.i18nService.t("invalidMasterPassword"));
+      }
+    }
+    return true;
+  }
+
+  async requestOTP() {
+    await this.userVerificationApiService.postAccountRequestOTP();
+  }
+
+  private validateInput(verification: Verification) {
+    if (verification?.secret == null || verification.secret === "") {
+      if (verification.type === VerificationType.OTP) {
+        throw new Error(this.i18nService.t("verificationCodeRequired"));
+      } else {
+        throw new Error(this.i18nService.t("masterPasswordRequired"));
+      }
+    }
+  }
+}