bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-01-08 03:23:50 +00:00
Code Issues Releases Wiki Activity

[PS-616] [PS-795] Fix/withdraw master password reset without user verification (#2845)

Browse Source 
* Limit enroll MPR modal to enrolling

* Withdraw from MPR directly from org options

* [PS-795] Fix Automatic mpr enrollment.

Add reset password key to the accept request

* Linter

* Specify params type in accept components
This commit is contained in:
Matt Gibson
2022-06-08 14:56:26 -05:00
committed by GitHub
parent a65d7370d4
commit d5112cc8cb
11 changed files with 102 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/web/src/app/modules/organizations/users/enroll-master-password-reset.component.html
View File

@@ -14,7 +14,7 @@
>
<div class="modal-header">
<h2 class="modal-title" id="enrollMasterPasswordResetTitle">
{{ (isEnrolled ? "withdrawPasswordReset" : "enrollPasswordReset") | i18n }}
{{ "enrollPasswordReset" | i18n }}
</h2>
<button
type="button"
@@ -26,7 +26,7 @@
</button>
</div>
<div class="modal-body">
<app-callout type="warning" *ngIf="!isEnrolled">
<app-callout type="warning">
{{ "resetPasswordEnrollmentWarning" | i18n }}
</app-callout>
<app-user-verification [(ngModel)]="verification" name="secret"> </app-user-verification>

55
apps/web/src/app/modules/organizations/users/enroll-master-password-reset.component.ts
View File

@@ -47,39 +47,28 @@ export class EnrollMasterPasswordReset {
// Set variables
let keyString: string = null;
// Enrolling
if (!this.organization.resetPasswordEnrolled) {
// Retrieve Public Key
const orgKeys = await this.apiService.getOrganizationKeys(this.organization.id);
if (orgKeys == null) {
throw new Error(this.i18nService.t("resetPasswordOrgKeysError"));
}
const publicKey = Utils.fromB64ToArray(orgKeys.publicKey);
// RSA Encrypt user's encKey.key with organization public key
const encKey = await this.cryptoService.getEncKey();
const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
keyString = encryptedKey.encryptedString;
toastStringRef = "enrollPasswordResetSuccess";
// Create request and execute enrollment
request.resetPasswordKey = keyString;
await this.apiService.putOrganizationUserResetPasswordEnrollment(
this.organization.id,
this.organization.userId,
request
);
} else {
// Withdrawal
request.resetPasswordKey = keyString;
await this.apiService.putOrganizationUserResetPasswordEnrollment(
this.organization.id,
this.organization.userId,
request
);
// Retrieve Public Key
const orgKeys = await this.apiService.getOrganizationKeys(this.organization.id);
if (orgKeys == null) {
throw new Error(this.i18nService.t("resetPasswordOrgKeysError"));
}
const publicKey = Utils.fromB64ToArray(orgKeys.publicKey);
// RSA Encrypt user's encKey.key with organization public key
const encKey = await this.cryptoService.getEncKey();
const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
keyString = encryptedKey.encryptedString;
toastStringRef = "enrollPasswordResetSuccess";
// Create request and execute enrollment
request.resetPasswordKey = keyString;
await this.apiService.putOrganizationUserResetPasswordEnrollment(
this.organization.id,
this.organization.userId,
request
);
await this.syncService.fullSync(true);
});
try {
@@ -90,8 +79,4 @@ export class EnrollMasterPasswordReset {
this.logService.error(e);
}
}
get isEnrolled(): boolean {
return this.organization.resetPasswordEnrolled;
}
}

6
apps/web/src/app/modules/vault-filter/components/organization-options.component.html
View File

@@ -6,7 +6,11 @@
></i>
<span class="sr-only">{{ "loading" | i18n }}</span>
</ng-container>
<div *ngIf="loaded" class="tw-max-w-[300px] tw-min-w-[200px] tw-flex tw-flex-col">
<div
*ngIf="loaded"
class="tw-max-w-[300px] tw-min-w-[200px] tw-flex tw-flex-col"
[appApiAction]="actionPromise"
>
<button
*ngIf="allowEnrollmentChanges(organization) && !organization.resetPasswordEnrolled"
class="dropdown-item"

37
apps/web/src/app/modules/vault-filter/components/organization-options.component.ts
View File

@@ -10,6 +10,7 @@ import { SyncService } from "jslib-common/abstractions/sync.service";
import { PolicyType } from "jslib-common/enums/policyType";
import { Organization } from "jslib-common/models/domain/organization";
import { Policy } from "jslib-common/models/domain/policy";
import { OrganizationUserResetPasswordEnrollmentRequest } from "jslib-common/models/request/organizationUserResetPasswordEnrollmentRequest";
import { EnrollMasterPasswordReset } from "../../organizations/users/enroll-master-password-reset.component";
@@ -82,7 +83,6 @@ export class OrganizationOptionsComponent {
this.platformUtilsService.showToast("success", null, "Unlinked SSO");
await this.load();
} catch (e) {
this.platformUtilsService.showToast("error", this.i18nService.t("errorOccurred"), e.message);
this.logService.error(e);
}
}
@@ -107,17 +107,38 @@ export class OrganizationOptionsComponent {
this.platformUtilsService.showToast("success", null, this.i18nService.t("leftOrganization"));
await this.load();
} catch (e) {
this.platformUtilsService.showToast("error", this.i18nService.t("errorOccurred"), e.message);
this.logService.error(e);
}
}
async toggleResetPasswordEnrollment(org: Organization) {
this.modalService.open(EnrollMasterPasswordReset, {
allowMultipleModals: true,
data: {
organization: org,
},
});
if (!this.organization.resetPasswordEnrolled) {
this.modalService.open(EnrollMasterPasswordReset, {
allowMultipleModals: true,
data: {
organization: org,
},
});
} else {
const request = new OrganizationUserResetPasswordEnrollmentRequest();
request.masterPasswordHash = "ignored";
request.resetPasswordKey = null;
this.actionPromise = this.apiService.putOrganizationUserResetPasswordEnrollment(
this.organization.id,
this.organization.userId,
request
);
try {
await this.actionPromise;
this.platformUtilsService.showToast(
"success",
null,
this.i18nService.t("withdrawPasswordResetSuccess")
);
this.syncService.fullSync(true);
} catch (e) {
this.logService.error(e);
}
}
}
}