diff --git a/apps/browser/src/_locales/en/messages.json b/apps/browser/src/_locales/en/messages.json index 74eb5992dc7..3a8c7f14bc0 100644 --- a/apps/browser/src/_locales/en/messages.json +++ b/apps/browser/src/_locales/en/messages.json @@ -2515,6 +2515,10 @@ "change": { "message": "Change" }, + "changePassword": { + "message": "Change password", + "description": "Change password button for browser at risk notification on login." + }, "changeButtonTitle": { "message": "Change password - $ITEMNAME$", "placeholders": { @@ -2524,6 +2528,9 @@ } } }, + "atRiskPassword": { + "message": "At-risk password" + }, "atRiskPasswords": { "message": "At-risk passwords" }, @@ -2558,6 +2565,26 @@ } } }, + "atRiskChangePrompt": { + "message": "Your password for this site is at-risk. $ORGANIZATION$ has requested that you change it.", + "placeholders": { + "organization": { + "content": "$1", + "example": "Acme Corp" + } + }, + "description": "Notification body when a login triggers an at-risk password change request and the change password domain is known." + }, + "atRiskNavigatePrompt": { + "message": "$ORGANIZATION$ wants you to change this password because it is at-risk. Navigate to your account settings to change the password.", + "placeholders": { + "organization": { + "content": "$1", + "example": "Acme Corp" + } + }, + "description": "Notification body when a login triggers an at-risk password change request and no change password domain is provided." + }, "reviewAndChangeAtRiskPassword": { "message": "Review and change one at-risk password" }, diff --git a/apps/browser/src/autofill/background/abstractions/notification.background.ts b/apps/browser/src/autofill/background/abstractions/notification.background.ts index db110319d20..9c9c5c0e243 100644 --- a/apps/browser/src/autofill/background/abstractions/notification.background.ts +++ b/apps/browser/src/autofill/background/abstractions/notification.background.ts @@ -1,6 +1,9 @@ import { NeverDomains } from "@bitwarden/common/models/domain/domain-service"; import { ServerConfig } from "@bitwarden/common/platform/abstractions/config/server-config"; +import { UserId } from "@bitwarden/common/types/guid"; +import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view"; import { FolderView } from "@bitwarden/common/vault/models/view/folder.view"; +import { SecurityTask } from "@bitwarden/common/vault/tasks"; import { CollectionView } from "../../content/components/common-types"; import { NotificationQueueMessageTypes } from "../../enums/notification-queue-message-type.enum"; @@ -32,10 +35,17 @@ interface AddUnlockVaultQueueMessage extends NotificationQueueMessage { type: "unlock"; } +interface AtRiskPasswordQueueMessage extends NotificationQueueMessage { + type: "at-risk-password"; + organizationName: string; + passwordChangeUri?: string; +} + type NotificationQueueMessageItem = | AddLoginQueueMessage | AddChangePasswordQueueMessage - | AddUnlockVaultQueueMessage; + | AddUnlockVaultQueueMessage + | AtRiskPasswordQueueMessage; type LockedVaultPendingNotificationsData = { commandToRetry: { @@ -50,6 +60,13 @@ type LockedVaultPendingNotificationsData = { target: string; }; +type AtRiskPasswordNotificationsData = { + activeUserId: UserId; + cipher: CipherView; + securityTask: SecurityTask; + uri: string; +}; + type AdjustNotificationBarMessageData = { height: number; }; @@ -76,7 +93,8 @@ type NotificationBackgroundExtensionMessage = { data?: Partial & Partial & Partial & - Partial; + Partial & + Partial; login?: AddLoginMessageData; folder?: string; edit?: boolean; @@ -101,10 +119,20 @@ type NotificationBackgroundExtensionMessageHandlers = { sender, }: BackgroundOnMessageHandlerParams) => Promise; bgCloseNotificationBar: ({ message, sender }: BackgroundOnMessageHandlerParams) => Promise; - bgOpenAtRisksPasswords: ({ message, sender }: BackgroundOnMessageHandlerParams) => Promise; + bgOpenAtRiskPasswords: ({ message, sender }: BackgroundOnMessageHandlerParams) => Promise; bgAdjustNotificationBar: ({ message, sender }: BackgroundOnMessageHandlerParams) => Promise; - bgAddLogin: ({ message, sender }: BackgroundOnMessageHandlerParams) => Promise; - bgChangedPassword: ({ message, sender }: BackgroundOnMessageHandlerParams) => Promise; + bgTriggerAddLoginNotification: ({ + message, + sender, + }: BackgroundOnMessageHandlerParams) => Promise; + bgTriggerChangedPasswordNotification: ({ + message, + sender, + }: BackgroundOnMessageHandlerParams) => Promise; + bgTriggerAtRiskPasswordNotification: ({ + message, + sender, + }: BackgroundOnMessageHandlerParams) => Promise; bgRemoveTabFromNotificationQueue: ({ sender }: BackgroundSenderParam) => void; bgSaveCipher: ({ message, sender }: BackgroundOnMessageHandlerParams) => void; bgOpenAddEditVaultItemPopout: ({ diff --git a/apps/browser/src/autofill/background/notification.background.spec.ts b/apps/browser/src/autofill/background/notification.background.spec.ts index b161200215a..5e7e3ed30f5 100644 --- a/apps/browser/src/autofill/background/notification.background.spec.ts +++ b/apps/browser/src/autofill/background/notification.background.spec.ts @@ -275,7 +275,7 @@ describe("NotificationBackground", () => { }); }); - describe("bgAddLogin message handler", () => { + describe("bgTriggerAddLoginNotification message handler", () => { let tab: chrome.tabs.Tab; let sender: chrome.runtime.MessageSender; let getEnableAddedLoginPromptSpy: jest.SpyInstance; @@ -305,7 +305,7 @@ describe("NotificationBackground", () => { it("skips attempting to add the login if the user is logged out", async () => { const message: NotificationBackgroundExtensionMessage = { - command: "bgAddLogin", + command: "bgTriggerAddLoginNotification", login: { username: "test", password: "password", url: "https://example.com" }, }; activeAccountStatusMock$.next(AuthenticationStatus.LoggedOut); @@ -319,7 +319,7 @@ describe("NotificationBackground", () => { it("skips attempting to add the login if the login data does not contain a valid url", async () => { const message: NotificationBackgroundExtensionMessage = { - command: "bgAddLogin", + command: "bgTriggerAddLoginNotification", login: { username: "test", password: "password", url: "" }, }; activeAccountStatusMock$.next(AuthenticationStatus.Locked); @@ -333,7 +333,7 @@ describe("NotificationBackground", () => { it("skips attempting to add the login if the user with a locked vault has disabled the login notification", async () => { const message: NotificationBackgroundExtensionMessage = { - command: "bgAddLogin", + command: "bgTriggerAddLoginNotification", login: { username: "test", password: "password", url: "https://example.com" }, }; activeAccountStatusMock$.next(AuthenticationStatus.Locked); @@ -350,7 +350,7 @@ describe("NotificationBackground", () => { it("skips attempting to add the login if the user with an unlocked vault has disabled the login notification", async () => { const message: NotificationBackgroundExtensionMessage = { - command: "bgAddLogin", + command: "bgTriggerAddLoginNotification", login: { username: "test", password: "password", url: "https://example.com" }, }; activeAccountStatusMock$.next(AuthenticationStatus.Unlocked); @@ -368,7 +368,7 @@ describe("NotificationBackground", () => { it("skips attempting to change the password for an existing login if the user has disabled changing the password notification", async () => { const message: NotificationBackgroundExtensionMessage = { - command: "bgAddLogin", + command: "bgTriggerAddLoginNotification", login: { username: "test", password: "password", url: "https://example.com" }, }; activeAccountStatusMock$.next(AuthenticationStatus.Unlocked); @@ -390,7 +390,7 @@ describe("NotificationBackground", () => { it("skips attempting to change the password for an existing login if the password has not changed", async () => { const message: NotificationBackgroundExtensionMessage = { - command: "bgAddLogin", + command: "bgTriggerAddLoginNotification", login: { username: "test", password: "password", url: "https://example.com" }, }; activeAccountStatusMock$.next(AuthenticationStatus.Unlocked); @@ -410,7 +410,10 @@ describe("NotificationBackground", () => { it("adds the login to the queue if the user has a locked account", async () => { const login = { username: "test", password: "password", url: "https://example.com" }; - const message: NotificationBackgroundExtensionMessage = { command: "bgAddLogin", login }; + const message: NotificationBackgroundExtensionMessage = { + command: "bgTriggerAddLoginNotification", + login, + }; activeAccountStatusMock$.next(AuthenticationStatus.Locked); getEnableAddedLoginPromptSpy.mockReturnValueOnce(true); @@ -426,7 +429,10 @@ describe("NotificationBackground", () => { password: "password", url: "https://example.com", } as any; - const message: NotificationBackgroundExtensionMessage = { command: "bgAddLogin", login }; + const message: NotificationBackgroundExtensionMessage = { + command: "bgTriggerAddLoginNotification", + login, + }; activeAccountStatusMock$.next(AuthenticationStatus.Unlocked); getEnableAddedLoginPromptSpy.mockReturnValueOnce(true); getAllDecryptedForUrlSpy.mockResolvedValueOnce([ @@ -441,7 +447,10 @@ describe("NotificationBackground", () => { it("adds a change password message to the queue if the user has changed an existing cipher's password", async () => { const login = { username: "tEsT", password: "password", url: "https://example.com" }; - const message: NotificationBackgroundExtensionMessage = { command: "bgAddLogin", login }; + const message: NotificationBackgroundExtensionMessage = { + command: "bgTriggerAddLoginNotification", + login, + }; activeAccountStatusMock$.next(AuthenticationStatus.Unlocked); getEnableAddedLoginPromptSpy.mockResolvedValueOnce(true); getEnableChangedPasswordPromptSpy.mockResolvedValueOnce(true); @@ -464,7 +473,7 @@ describe("NotificationBackground", () => { }); }); - describe("bgChangedPassword message handler", () => { + describe("bgTriggerChangedPasswordNotification message handler", () => { let tab: chrome.tabs.Tab; let sender: chrome.runtime.MessageSender; let pushChangePasswordToQueueSpy: jest.SpyInstance; @@ -482,7 +491,7 @@ describe("NotificationBackground", () => { it("skips attempting to add the change password message to the queue if the passed url is not valid", async () => { const message: NotificationBackgroundExtensionMessage = { - command: "bgChangedPassword", + command: "bgTriggerChangedPasswordNotification", data: { newPassword: "newPassword", currentPassword: "currentPassword", url: "" }, }; @@ -494,7 +503,7 @@ describe("NotificationBackground", () => { it("adds a change password message to the queue if the user does not have an unlocked account", async () => { const message: NotificationBackgroundExtensionMessage = { - command: "bgChangedPassword", + command: "bgTriggerChangedPasswordNotification", data: { newPassword: "newPassword", currentPassword: "currentPassword", @@ -517,7 +526,7 @@ describe("NotificationBackground", () => { it("skips adding a change password message to the queue if the multiple ciphers exist for the passed URL and the current password is not found within the list of ciphers", async () => { const message: NotificationBackgroundExtensionMessage = { - command: "bgChangedPassword", + command: "bgTriggerChangedPasswordNotification", data: { newPassword: "newPassword", currentPassword: "currentPassword", @@ -538,7 +547,7 @@ describe("NotificationBackground", () => { it("skips adding a change password message if more than one existing cipher is found with a matching password ", async () => { const message: NotificationBackgroundExtensionMessage = { - command: "bgChangedPassword", + command: "bgTriggerChangedPasswordNotification", data: { newPassword: "newPassword", currentPassword: "currentPassword", @@ -560,7 +569,7 @@ describe("NotificationBackground", () => { it("adds a change password message to the queue if a single cipher matches the passed current password", async () => { const message: NotificationBackgroundExtensionMessage = { - command: "bgChangedPassword", + command: "bgTriggerChangedPasswordNotification", data: { newPassword: "newPassword", currentPassword: "currentPassword", @@ -588,7 +597,7 @@ describe("NotificationBackground", () => { it("skips adding a change password message if no current password is passed in the message and more than one cipher is found for a url", async () => { const message: NotificationBackgroundExtensionMessage = { - command: "bgChangedPassword", + command: "bgTriggerChangedPasswordNotification", data: { newPassword: "newPassword", url: "https://example.com", @@ -609,7 +618,7 @@ describe("NotificationBackground", () => { it("adds a change password message to the queue if no current password is passed with the message, but a single cipher is matched for the uri", async () => { const message: NotificationBackgroundExtensionMessage = { - command: "bgChangedPassword", + command: "bgTriggerChangedPasswordNotification", data: { newPassword: "newPassword", url: "https://example.com", diff --git a/apps/browser/src/autofill/background/notification.background.ts b/apps/browser/src/autofill/background/notification.background.ts index cb6a67c8137..3c63d423aaa 100644 --- a/apps/browser/src/autofill/background/notification.background.ts +++ b/apps/browser/src/autofill/background/notification.background.ts @@ -3,7 +3,10 @@ import { firstValueFrom, switchMap, map, of } from "rxjs"; import { CollectionService } from "@bitwarden/admin-console/common"; -import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction"; +import { + getOrganizationById, + OrganizationService, +} from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction"; import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction"; import { PolicyType } from "@bitwarden/common/admin-console/enums"; import { AccountService } from "@bitwarden/common/auth/abstractions/account.service"; @@ -55,6 +58,7 @@ import { import { CollectionView } from "../content/components/common-types"; import { NotificationQueueMessageType } from "../enums/notification-queue-message-type.enum"; import { AutofillService } from "../services/abstractions/autofill.service"; +import { TemporaryNotificationChangeLoginService } from "../services/notification-change-login-password.service"; import { AddChangePasswordQueueMessage, @@ -81,14 +85,18 @@ export default class NotificationBackground { ExtensionCommand.AutofillIdentity, ]); private readonly extensionMessageHandlers: NotificationBackgroundExtensionMessageHandlers = { - bgAddLogin: ({ message, sender }) => this.addLogin(message, sender), bgAdjustNotificationBar: ({ message, sender }) => this.handleAdjustNotificationBarMessage(message, sender), - bgChangedPassword: ({ message, sender }) => this.changedPassword(message, sender), + bgTriggerAddLoginNotification: ({ message, sender }) => + this.triggerAddLoginNotification(message, sender), + bgTriggerChangedPasswordNotification: ({ message, sender }) => + this.triggerChangedPasswordNotification(message, sender), + bgTriggerAtRiskPasswordNotification: ({ message, sender }) => + this.triggerAtRiskPasswordNotification(message, sender), bgCloseNotificationBar: ({ message, sender }) => this.handleCloseNotificationBarMessage(message, sender), - bgOpenAtRisksPasswords: ({ message, sender }) => - this.handleOpenAtRisksPasswordsMessage(message, sender), + bgOpenAtRiskPasswords: ({ message, sender }) => + this.handleOpenAtRiskPasswordsMessage(message, sender), bgGetActiveUserServerConfig: () => this.getActiveUserServerConfig(), bgGetDecryptedCiphers: () => this.getNotificationCipherData(), bgGetEnableChangedPasswordPrompt: () => this.getEnableChangedPasswordPrompt(), @@ -341,12 +349,17 @@ export default class NotificationBackground { tab: chrome.tabs.Tab, notificationQueueMessage: NotificationQueueMessageItem, ) { - const notificationType = notificationQueueMessage.type; + const { + type: notificationType, + wasVaultLocked: isVaultLocked, + launchTimestamp, + ...params + } = notificationQueueMessage; const typeData: NotificationTypeData = { - isVaultLocked: notificationQueueMessage.wasVaultLocked, + isVaultLocked, theme: await firstValueFrom(this.themeStateService.selectedTheme$), - launchTimestamp: notificationQueueMessage.launchTimestamp, + launchTimestamp, }; switch (notificationType) { @@ -358,6 +371,7 @@ export default class NotificationBackground { await BrowserApi.tabSendMessageData(tab, "openNotificationBar", { type: notificationType, typeData, + params, }); } @@ -375,6 +389,48 @@ export default class NotificationBackground { } } + /** + * Sends a message to trigger the at risk password notification + * + * @param message - The extension message + * @param sender - The contextual sender of the message + */ + async triggerAtRiskPasswordNotification( + message: NotificationBackgroundExtensionMessage, + sender: chrome.runtime.MessageSender, + ): Promise { + const { activeUserId, securityTask, cipher } = message.data; + const domain = Utils.getDomain(sender.tab.url); + const passwordChangeUri = + await new TemporaryNotificationChangeLoginService().getChangePasswordUrl(cipher); + + const authStatus = await this.getAuthStatus(); + + const wasVaultLocked = authStatus === AuthenticationStatus.Locked; + + const organization = await firstValueFrom( + this.organizationService + .organizations$(activeUserId) + .pipe(getOrganizationById(securityTask.organizationId)), + ); + + this.removeTabFromNotificationQueue(sender.tab); + const launchTimestamp = new Date().getTime(); + const queueMessage: NotificationQueueMessageItem = { + domain, + wasVaultLocked, + type: NotificationQueueMessageType.AtRiskPassword, + passwordChangeUri, + organizationName: organization.name, + tab: sender.tab, + launchTimestamp, + expires: new Date(launchTimestamp + NOTIFICATION_BAR_LIFESPAN_MS), + }; + this.notificationQueue.push(queueMessage); + await this.checkNotificationQueue(sender.tab); + return true; + } + /** * Adds a login message to the notification queue, prompting the user to save * the login if it does not already exist in the vault. If the cipher exists @@ -383,20 +439,20 @@ export default class NotificationBackground { * @param message - The message to add to the queue * @param sender - The contextual sender of the message */ - async addLogin( + async triggerAddLoginNotification( message: NotificationBackgroundExtensionMessage, sender: chrome.runtime.MessageSender, - ) { + ): Promise { const authStatus = await this.getAuthStatus(); if (authStatus === AuthenticationStatus.LoggedOut) { - return; + return false; } const loginInfo = message.login; const normalizedUsername = loginInfo.username ? loginInfo.username.toLowerCase() : ""; const loginDomain = Utils.getDomain(loginInfo.url); if (loginDomain == null) { - return; + return false; } const addLoginIsEnabled = await this.getEnableAddedLoginPrompt(); @@ -406,14 +462,14 @@ export default class NotificationBackground { await this.pushAddLoginToQueue(loginDomain, loginInfo, sender.tab, true); } - return; + return false; } const activeUserId = await firstValueFrom( this.accountService.activeAccount$.pipe(getOptionalUserId), ); if (activeUserId == null) { - return; + return false; } const ciphers = await this.cipherService.getAllDecryptedForUrl(loginInfo.url, activeUserId); @@ -422,7 +478,7 @@ export default class NotificationBackground { ); if (addLoginIsEnabled && usernameMatches.length === 0) { await this.pushAddLoginToQueue(loginDomain, loginInfo, sender.tab); - return; + return true; } const changePasswordIsEnabled = await this.getEnableChangedPasswordPrompt(); @@ -438,7 +494,9 @@ export default class NotificationBackground { loginInfo.password, sender.tab, ); + return true; } + return false; } private async pushAddLoginToQueue( @@ -472,14 +530,14 @@ export default class NotificationBackground { * @param message - The message to add to the queue * @param sender - The contextual sender of the message */ - async changedPassword( + async triggerChangedPasswordNotification( message: NotificationBackgroundExtensionMessage, sender: chrome.runtime.MessageSender, ) { const changeData = message.data as ChangePasswordMessageData; const loginDomain = Utils.getDomain(changeData.url); if (loginDomain == null) { - return; + return false; } if ((await this.getAuthStatus()) < AuthenticationStatus.Unlocked) { @@ -490,7 +548,7 @@ export default class NotificationBackground { sender.tab, true, ); - return; + return true; } let id: string = null; @@ -498,7 +556,7 @@ export default class NotificationBackground { this.accountService.activeAccount$.pipe(getOptionalUserId), ); if (activeUserId == null) { - return; + return false; } const ciphers = await this.cipherService.getAllDecryptedForUrl(changeData.url, activeUserId); @@ -514,7 +572,9 @@ export default class NotificationBackground { } if (id != null) { await this.pushChangePasswordToQueue(id, loginDomain, changeData.newPassword, sender.tab); + return true; } + return false; } /** @@ -900,7 +960,7 @@ export default class NotificationBackground { return null; } - private async getSecurityTasks(userId: UserId) { + async getSecurityTasks(userId: UserId) { let tasks: SecurityTask[] = []; if (userId) { @@ -1074,7 +1134,7 @@ export default class NotificationBackground { * @param message - The extension message * @param sender - The contextual sender of the message */ - private async handleOpenAtRisksPasswordsMessage( + private async handleOpenAtRiskPasswordsMessage( message: NotificationBackgroundExtensionMessage, sender: chrome.runtime.MessageSender, ) { diff --git a/apps/browser/src/autofill/background/overlay-notifications.background.spec.ts b/apps/browser/src/autofill/background/overlay-notifications.background.spec.ts index a51757dabea..00114330bc4 100644 --- a/apps/browser/src/autofill/background/overlay-notifications.background.spec.ts +++ b/apps/browser/src/autofill/background/overlay-notifications.background.spec.ts @@ -1,9 +1,12 @@ import { mock, MockProxy } from "jest-mock-extended"; +import { AccountService } from "@bitwarden/common/auth/abstractions/account.service"; import { CLEAR_NOTIFICATION_LOGIN_DATA_DURATION } from "@bitwarden/common/autofill/constants"; import { ServerConfig } from "@bitwarden/common/platform/abstractions/config/server-config"; import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; import { EnvironmentServerConfigData } from "@bitwarden/common/platform/models/data/server-config.data"; +import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service"; +import { TaskService } from "@bitwarden/common/vault/tasks"; import { BrowserApi } from "../../platform/browser/browser-api"; import AutofillField from "../models/autofill-field"; @@ -24,6 +27,9 @@ import { OverlayNotificationsBackground } from "./overlay-notifications.backgrou describe("OverlayNotificationsBackground", () => { let logService: MockProxy; let notificationBackground: NotificationBackground; + let taskService: TaskService; + let accountService: AccountService; + let cipherService: CipherService; let getEnableChangedPasswordPromptSpy: jest.SpyInstance; let getEnableAddedLoginPromptSpy: jest.SpyInstance; let overlayNotificationsBackground: OverlayNotificationsBackground; @@ -32,6 +38,9 @@ describe("OverlayNotificationsBackground", () => { jest.useFakeTimers(); logService = mock(); notificationBackground = mock(); + taskService = mock(); + accountService = mock(); + cipherService = mock(); getEnableChangedPasswordPromptSpy = jest .spyOn(notificationBackground, "getEnableChangedPasswordPrompt") .mockResolvedValue(true); @@ -41,6 +50,9 @@ describe("OverlayNotificationsBackground", () => { overlayNotificationsBackground = new OverlayNotificationsBackground( logService, notificationBackground, + taskService, + accountService, + cipherService, ); await overlayNotificationsBackground.init(); }); @@ -329,8 +341,11 @@ describe("OverlayNotificationsBackground", () => { tab: { id: 1 }, url: "https://example.com", }); - notificationChangedPasswordSpy = jest.spyOn(notificationBackground, "changedPassword"); - notificationAddLoginSpy = jest.spyOn(notificationBackground, "addLogin"); + notificationChangedPasswordSpy = jest.spyOn( + notificationBackground, + "triggerChangedPasswordNotification", + ); + notificationAddLoginSpy = jest.spyOn(notificationBackground, "triggerAddLoginNotification"); sendMockExtensionMessage( { command: "collectPageDetailsResponse", details: pageDetails }, diff --git a/apps/browser/src/autofill/background/overlay-notifications.background.ts b/apps/browser/src/autofill/background/overlay-notifications.background.ts index 5c85ce132d7..93357113fc4 100644 --- a/apps/browser/src/autofill/background/overlay-notifications.background.ts +++ b/apps/browser/src/autofill/background/overlay-notifications.background.ts @@ -1,9 +1,15 @@ // FIXME: Update this file to be type safe and remove this and next line // @ts-strict-ignore -import { Subject, switchMap, timer } from "rxjs"; +import { firstValueFrom, Subject, switchMap, timer } from "rxjs"; +import { AccountService } from "@bitwarden/common/auth/abstractions/account.service"; +import { getOptionalUserId } from "@bitwarden/common/auth/services/account.service"; import { CLEAR_NOTIFICATION_LOGIN_DATA_DURATION } from "@bitwarden/common/autofill/constants"; import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; +import { UserId } from "@bitwarden/common/types/guid"; +import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service"; +import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view"; +import { SecurityTask, SecurityTaskStatus, TaskService } from "@bitwarden/common/vault/tasks"; import { BrowserApi } from "../../platform/browser/browser-api"; import { generateDomainMatchPatterns, isInvalidResponseStatusCode } from "../utils"; @@ -19,6 +25,12 @@ import { } from "./abstractions/overlay-notifications.background"; import NotificationBackground from "./notification.background"; +type LoginSecurityTaskInfo = { + securityTask: SecurityTask; + cipher: CipherView; + uri: ModifyLoginCipherFormData["uri"]; +}; + export class OverlayNotificationsBackground implements OverlayNotificationsBackgroundInterface { private websiteOriginsWithFields: WebsiteOriginsWithFields = new Map(); private activeFormSubmissionRequests: ActiveFormSubmissionRequests = new Set(); @@ -35,6 +47,9 @@ export class OverlayNotificationsBackground implements OverlayNotificationsBackg constructor( private logService: LogService, private notificationBackground: NotificationBackground, + private taskService: TaskService, + private accountService: AccountService, + private cipherService: CipherService, ) {} /** @@ -259,8 +274,8 @@ export class OverlayNotificationsBackground implements OverlayNotificationsBackg const modifyLoginData = this.modifyLoginCipherFormData.get(tabId); return ( !modifyLoginData || - !this.shouldTriggerAddLoginNotification(modifyLoginData) || - !this.shouldTriggerChangePasswordNotification(modifyLoginData) + !this.shouldAttemptAddLoginNotification(modifyLoginData) || + !this.shouldAttemptChangedPasswordNotification(modifyLoginData) ); }; @@ -404,10 +419,11 @@ export class OverlayNotificationsBackground implements OverlayNotificationsBackg modifyLoginData: ModifyLoginCipherFormData, tab: chrome.tabs.Tab, ) => { - if (this.shouldTriggerChangePasswordNotification(modifyLoginData)) { + let result: string; + if (this.shouldAttemptChangedPasswordNotification(modifyLoginData)) { // These notifications are temporarily setup as "messages" to the notification background. // This will be structured differently in a future refactor. - await this.notificationBackground.changedPassword( + const success = await this.notificationBackground.triggerChangedPasswordNotification( { command: "bgChangedPassword", data: { @@ -418,14 +434,15 @@ export class OverlayNotificationsBackground implements OverlayNotificationsBackg }, { tab }, ); - this.clearCompletedWebRequest(requestId, tab); - return; + if (!success) { + result = "Unqualified changedPassword notification attempt."; + } } - if (this.shouldTriggerAddLoginNotification(modifyLoginData)) { - await this.notificationBackground.addLogin( + if (this.shouldAttemptAddLoginNotification(modifyLoginData)) { + const success = await this.notificationBackground.triggerAddLoginNotification( { - command: "bgAddLogin", + command: "bgTriggerAddLoginNotification", login: { url: modifyLoginData.uri, username: modifyLoginData.username, @@ -434,8 +451,44 @@ export class OverlayNotificationsBackground implements OverlayNotificationsBackg }, { tab }, ); - this.clearCompletedWebRequest(requestId, tab); + if (!success) { + result = "Unqualified addLogin notification attempt."; + } } + + const shouldGetTasks = + (await this.notificationBackground.getNotificationFlag()) && !modifyLoginData.newPassword; + + if (shouldGetTasks) { + const activeUserId = await firstValueFrom( + this.accountService.activeAccount$.pipe(getOptionalUserId), + ); + + if (activeUserId) { + const loginSecurityTaskInfo = await this.getSecurityTaskAndCipherForLoginData( + modifyLoginData, + activeUserId, + ); + + if (loginSecurityTaskInfo) { + await this.notificationBackground.triggerAtRiskPasswordNotification( + { + command: "bgTriggerAtRiskPasswordNotification", + data: { + activeUserId, + cipher: loginSecurityTaskInfo.cipher, + securityTask: loginSecurityTaskInfo.securityTask, + }, + }, + { tab }, + ); + } else { + result = "Unqualified atRiskPassword notification attempt."; + } + } + } + this.clearCompletedWebRequest(requestId, tab); + return result; }; /** @@ -443,7 +496,7 @@ export class OverlayNotificationsBackground implements OverlayNotificationsBackg * * @param modifyLoginData - The modified login form data */ - private shouldTriggerChangePasswordNotification = ( + private shouldAttemptChangedPasswordNotification = ( modifyLoginData: ModifyLoginCipherFormData, ) => { return modifyLoginData?.newPassword && !modifyLoginData.username; @@ -454,10 +507,66 @@ export class OverlayNotificationsBackground implements OverlayNotificationsBackg * * @param modifyLoginData - The modified login form data */ - private shouldTriggerAddLoginNotification = (modifyLoginData: ModifyLoginCipherFormData) => { + private shouldAttemptAddLoginNotification = (modifyLoginData: ModifyLoginCipherFormData) => { return modifyLoginData?.username && (modifyLoginData.password || modifyLoginData.newPassword); }; + /** + * If there is a security task for this cipher at login, return the task, cipher view, and uri. + * + * @param modifyLoginData - The modified login form data + * @param activeUserId - The currently logged in user ID + */ + private async getSecurityTaskAndCipherForLoginData( + modifyLoginData: ModifyLoginCipherFormData, + activeUserId: UserId, + ): Promise { + const tasks: SecurityTask[] = await this.notificationBackground.getSecurityTasks(activeUserId); + if (!tasks?.length) { + return null; + } + + const urlCiphers: CipherView[] = await this.cipherService.getAllDecryptedForUrl( + modifyLoginData.uri, + activeUserId, + ); + if (!urlCiphers?.length) { + return null; + } + + const securityTaskForLogin = urlCiphers.reduce( + (taskInfo: LoginSecurityTaskInfo | null, cipher: CipherView) => { + if ( + // exit early if info was found already + taskInfo || + // exit early if the cipher was deleted + cipher.deletedDate || + // exit early if the entered login info doesn't match an existing cipher + modifyLoginData.username !== cipher.login.username || + modifyLoginData.password !== cipher.login.password + ) { + return taskInfo; + } + + // Find the first security task for the cipherId belonging to the entered login + const cipherSecurityTask = tasks.find( + ({ cipherId, status }) => + cipher.id === cipherId && // match security task cipher id to url cipher id + status === SecurityTaskStatus.Pending, // security task has not been completed + ); + + if (cipherSecurityTask) { + return { securityTask: cipherSecurityTask, cipher, uri: modifyLoginData.uri }; + } + + return taskInfo; + }, + null, + ); + + return securityTaskForLogin; + } + /** * Clears the completed web request and removes the modified login form data for the tab. * diff --git a/apps/browser/src/autofill/content/components/buttons/action-button.ts b/apps/browser/src/autofill/content/components/buttons/action-button.ts index 8d8bfacec77..74ac2518226 100644 --- a/apps/browser/src/autofill/content/components/buttons/action-button.ts +++ b/apps/browser/src/autofill/content/components/buttons/action-button.ts @@ -10,6 +10,7 @@ export type ActionButtonProps = { disabled?: boolean; theme: Theme; handleClick: (e: Event) => void; + fullWidth?: boolean; }; export function ActionButton({ @@ -17,6 +18,7 @@ export function ActionButton({ disabled = false, theme, handleClick, + fullWidth = true, }: ActionButtonProps) { const handleButtonClick = (event: Event) => { if (!disabled) { @@ -26,7 +28,7 @@ export function ActionButton({ return html`