bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-01-05 01:53:55 +00:00
Code Issues Releases Wiki Activity
15,003 Commits 1,227 Branches 572 Tags
36c6dc27e5fc707b6539c340e8d8c0016d43587c
Commit Graph

5 Commits

Author SHA1 Message Date
Jared Snider
756c02cec2 Auth/PM-4596 - Extract PIN and Biometrics unlock method logic into re-useable services for user verification (#7107) 
* PM-4596 - PinCryptoService first draft

* PM-4596 - PinCryptoService - Refactor pinKeyEncryptedKey retrievals out into own method getPinKeyEncryptedKeys

* PM-4596 - npm ci + npm run prettier to fix lint issues

* PM-4596 - PinCryptoService - Add kdf types

* PM-4596 - PinCryptoService - Refactor pin validation into own helper method.

* PM-4596 - Rename pin-crypto.service.ts to pin-crypto.service.implementation.ts

* PM-4596 - PinCryptoService - add additional logging for error states.

* PM-4596 - JslibServicesModule - register new PinCryptoService and PinCryptoServiceAbstraction

* PM-4596 - PinCryptoService - modify decryptUserKeyWithPin signature to not require email to match MP verification process in user verification service.

* PM-4596 - Lock components - use new PinCryptoService.decryptUserKeyWithPin(...) to get user key + refactor base comp unlock with pin method to improve

* PM-4596 - Lock component - if too many invalid attempts, added toast explaining that we were logging the user out due to excess PIN entry attempts

* PM-4596 - UserVerificationService - (1) Refactor verifyUser(...) to use switch + separate methods for a cleaner parent method + better extensibility for PIN & biometrics which are TBD (2) Add PIN support to validateInput(...)

* PM-4596 - UserVerificationService - add PIN and biometrics functions to verifyUser(...)

* PM-4596 - PinCryptoService Spec - start test file - instantiates properly

* PM-4596 - PinCryptoService tests - WIP

* PM-4596 - PinCryptoService tests - WIP - got success cases working

* PM-4596 - pin-crypto.service.implementation.spec.ts renamed to pin-crypto.service.spec.ts

* PM-4596 - PinCryptoService.getPinKeyEncryptedKeys(...) - add comment + var name change for clarity

* PM-4596 - PinCryptoService tests - test invalid, null return scenarios

* PM-4596 - CLI - bw.ts - update UserVerificationService instantiation to include new pinCryptoService

* PM-4596 - PinCryptoService - import VaultTimeoutSettingsServiceAbstraction instead of implementation for factory creation to get browser building

* PM-4596 - (1) Create pinCryptoServiceFactory for browser background (2) Add it to the existing userVerificationServiceFactory

* PM-4596 - Browser - Main.background.ts - Add pinCryptoService and add to userVerificationService dependencies

* PM-4596 - UserVerificationService - per PR feedback simplify returns of verifyUserByPIN(...) and verifyUserByBiometrics(...)

* PM-4596 - Messages.json on desktop & browser - per PR feedback, adjust tooManyInvalidPinEntryAttemptsLoggingOut translation text to remove "you"

* PM-4596 - VerificationType enum - fix line copy mistake and give BIOMETRICS own, unique value.

* PM-4596 - VerificationType - rename BIOMETRICS to Biometrics to match existing MasterPassword value case.

* PM-4596  - Update verification type to consider whether or not a secret exists as we have added a new verification which doesn't have a type. Add new server and client side verification types.  Update all relevant code to pass compilation checks.

* PM-4596 - More verification type tweaking

* PM-4596 - Verification - verificationHasSecret - tweak logic to be more dynamic and flexible for future verification types

* PM-4596 - UpdateTempPasswordComp - use new MasterPasswordVerification

* PM-4596 - Desktop - DeleteAcctComp - use VerificationWithSecret to solve compile error w/ accessing secret

* PM-4596 - Per discussions with Andreas & Will, move new Pin Crypto services into libs/auth + added @bitwarden/auth path to CLI tsconfig + added new, required index.ts files for exporting service abstractions & implementations

* PM-4596 - Fixed missed import fixes for lock components across clients for pin crypto service after moving into @bitwarden/auth

* PM-4596 - More PinCryptoService import fixes to get browser & desktop building

* PM-4596 - Update desktop lock comp tests to pass by providing new pin crypto service.

* PM-4596 - User verification service -update todo

* PM-4596 - PinCryptoService - per PR feedback, fix auto import wrong paths.

* PM-4596 - PinCryptoService tests - fix imports per PR feedback

* PM-4596 - UserVerificationSvc - rename method to validateSecretInput per PR feedback

* Fix imports

* PM-4596 - PinCryptoService - Refactor naming for clarity and move test cases into describes per PR feedback

* reorg libs/auth; expose only libs/auth/core to cli app

* PM-4596 - UserVerification - Resolve import issue with importing from libs/auth. Can't use @bitwarden/auth for whatever reason.

* PM-4596 - Fix desktop build by fixing import

* PM-4596 - Provide PinCryptoService to UserVerificationService

* PM-4596 - PinCryptoServiceFactory - you cannot import services from @bitwarden/auth in the background b/c it brings along the libs/auth/components and introduces angular into the background context which doesn't have access to angular which causes random test failures. So, we must separate out the core services just like the CLI to only bring along the angular agnostic services from core.

* PM-4596 - Refactor libs/auth to have angular / common + update all imports per discussion with Matt & Will. Introduced circular dep between PinCryptoService + VaultTimeoutSettingsService + UserVerificationService

* PM-4596 - VaultTimeoutSettingsService - Refactor UserVerificationService out of the service and update all service instantiations and tests. The use of the UserVerificationService.hasMasterPassword method no longer needs to be used for backwards compatibility. This resolves the circular dependency between the PinCryptoService, the UserVerificationService, and the VaultTimeoutSettingsService. We will likely refactor the hasMasterPassword method out of the UserVerificationService in the future.

* PM-4596 - Update CL tsconfig.libs.json to add new auth/common and auth/angular paths for jslib-services.module imports of pin crypto service to work and for test code coverage to run successfully.

* PM-4596 - Address PR feedback

* PM-4596 - Update root tsconfig (only used by storybook) to add new libs/auth paths to fix chromatic build pipeline.

* PM-4596 - Actually update tsconfig with proper routes to fix storybook

* PM-4596 - UserVerificationService - verifyUserByBiometrics - add error handling logic to convert failed or cancelled biometrics verification to a usable boolean

* PM-4596 - Add missing await

* PM-4596 - (1) Add log service and log to user verification service biometric flow to ensure errors are at least revealed to the console (2) Fix factory missing PinCryptoServiceInitOptions

* PM-4596 - Use the correct log service abstraction

* PM-4596 - Remove unused types per PR review

---------

Co-authored-by: William Martin <contact@willmartian.com>
 2024-01-16 14:52:06 -05:00
Jake Fink
a62f8cd652 [PM-3797] Client changes to use new key rotation process (#6881) 
## Type of change

<!-- (mark with an `X`) -->

```
- [ ] Bug fix
- [ ] New feature development
- [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other
```

## Objective

<!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding-->
Final Client changes for Key Rotation Improvements. 

- Introduces a new `KeyRotationService` that is responsible for owning rotation process.
- Moves `Send` re-encryption to the `SendService` (`KeyRotationService` shouldn't have knowledge about how domains are encrypted).
- Moves `EmergencyAccess` re-encryption to the `EmergencyAccessService`.
- Renames `AccountRecoveryService` to `OrganizationUserResetPasswordService` after feedback from Admin Console


## Code changes

<!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes-->
<!--Also refer to any related changes or PRs in other repositories-->

Auth
- **emergency-access-update.request.ts:** New request model for domain updates that includes Id
- **emergency-access.service.ts:** Moved `EmergencyAccess` re-encryption to the `EmergencyAccessService`. Add deprecated method for legacy key rotations if feature flag is off
- **key-rotation.service/api/spec/module:** New key rotation service for owning the rotation process. Added api service, module, and spec file.
- **update-key.request.ts:** Moved to Auth ownership. Also added new properties for including other domains.
- **migrate-legacy-encryption.component.ts:** Use new key rotation service instead of old component specific service. Delete old service.
- **change-password.component.ts:** Use new key rotation service.
- **settings.module.ts:** Import key rotation module.

Admin Console
- **organization-user-reset-password.service.ts/spec:** Responsible for re-encryption of reset password keys during key rotation. Added tests.
- **organization-user-reset-password-enrollment.request.ts:** New request model for key rotations
- **reset-password.component.ts:** Update `AccountRecoveryService` to `OrganizationUserResetPasswordService`
- **enroll-master-password-reset.component.ts:** Update `AccountRecoveryService` to `OrganizationUserResetPasswordService`

Tools
- **send.service/spec.ts:** Responsible only for re-encryption of sends during key rotation. Added tests.

Other
- **api.service.ts:** Move `postAccountKey` to `KeyRotationApiService`
- **feature-flag.enum.ts:** add new feature flag

## Screenshots

<!--Required for any UI changes. Delete if not applicable-->

## Before you submit

- Please add **unit tests** where it makes sense to do so (encouraged but not required)
- If this change requires a **documentation update** - notify the documentation team
- If this change has particular **deployment requirements** - notify the DevOps team
- Ensure that all UI additions follow [WCAG AA requirements](https://contributing.bitwarden.com/contributing/accessibility/)
 2023-12-22 10:31:24 -05:00
Jake Fink
929a08339f [PM-3797 Part 1] Add Emergency Access Service (#6612) 
* lazy load and move accept emergency component

* create emergency access services
- move api calls to specific api service and refactor

* remove any from emergency api service

* move emergency access logic to service

* create emergency access view

* move view ciphers logic to service

* move models to web folder

* move takeover logic to service

* remove emergency api service dependency from other files

* write tests for emergency access service

* import shared module into component

* fix imports

* Revert "fix imports"

This reverts commit d21cb02bd8.

* create emergency access module for service

* move emergency access out of core folder
- add more organization to components under settings

* change EA views to domain models

* move EA enums to folder

* resolve PR feedback
 2023-11-08 16:03:10 -05:00
Andreas Coroiu
56a1229803 [PM-4016] Address feedback on [PM-2014] (#6532) 
* [PM-4016] feat: use dialog `loading` attribute

* [PM-4016] chore: move constant to service

* [PM-4016] chore: simplify paddings

* [PM-4016] chore: rename to `AuthSettingsModule`

* [PM-4016] fix: move request creation to service

* [PM-4016] feat: simplify module structure

Remove core.module and use `@Injectable({ providedIn: "root" })` instead.
 2023-10-11 16:09:01 +02:00
Andreas Coroiu
725ee08640 [PM-2014] Passkey registration (#5396) 
* [PM-2014] feat: scaffold new fido2 login component and module

* [PM-1024] feat: add content to login settings component

* [PM-1024] feat: add badge and button aria label

* [PM-2014] feat: create new dialog

* feat: add ability to remove form field bottom margin

(cherry picked from commit 05925ff77ed47f3865c2aecade8271390d9e2fa6)

* [PM-2014] feat: disable dialog close button

* [PM-2014] feat: implement mocked failing wizard flow

* [PM-2014] feat: add icons and other content

* [PM-2014] feat: change wording to "creating" password

* [PM-2014] feat: add new auth and auth core modules

* [PM-2014] chore: move fido2-login-settings to auth module

* [PM-2014] chore: expose using barrel files

* [PM-2014] feat: fetch webauthn challenge

* [PM-2014] chore: refactor api logic into new api service and move ui logic into existing service

* [PM-2014] feat: add tests for new credential options

* [PM-2014] feat: return undefined when credential creation fails

* [PM-2014] feat: implement credential creation

* [PM-2014] feat: add passkey naming ui

* [PM-2014] feat: add support for creation token

* [PM-2014] feat: implement credential saving

* [PM-2014] feat: Basic list of credentials

* [PM-2014] feat: improve async data loading

* [PM-2014] feat: finish up list UI

* [PM-2014] fix: loading state not being set properly

* [PM-2014] feat: improve aria labels

* [PM-2014] feat: show toast on passkey saved

* [PM-2014] feat: add delete dialog

* [PM-2014] feat: implement deletion without user verification

* [PM-2014] feat: add user verification to delete

* [PM-2014] feat: change to danger button

* [PM-2014] feat: show `save` if passkeys already exist

* [PM-2014] feat: add passkey limit

* [PM-2014] feat: improve error on delete

* [PM-2014] feat: add support for feature flag

* [PM-2014] feat: update copy

* [PM-2014] feat: reduce remove button margin

* [PM-2014] feat: refactor submit method

* [PM-2014] feat: autofocus fields

* [PM-2014] fix: move error handling to components

After discussing it with Jake we decided that following convention was best.

* [PM-2014] feat: change toast depending on existing passkeys

* [PM-2014] chore: rename everything from `fido2` to `webauthn`

* [PM-2014] fix: `CoreAuthModule` duplicate import

* [PM-2014] feat: change to new figma design `Encryption not supported`

* [PM-2014] fix: add missing href

* [PM-2014] fix: misaligned badge

* [PM-2014] chore: remove whitespace

* [PM-2014] fix: dialog close bug

* [PM-2014] fix: badge alignment not applying properly

* [PM-2014] fix: remove redundant align class

* [PM-2014] chore: move CoreAuthModule to AuthModule

* [PM-2014] feat: create new settings module

* [PM-2014] feat: move change password component to settings module

* [PM-2014] chore: tweak loose components recommendation

* [PM-2014] fix: remove deprecated pattern

* [PM-2014] chore: rename everything to `WebauthnLogin` to follow new naming scheme

* [PM-2014] chore: document requests and responses

* [PM-2014] fix: remove `undefined`

* [PM-2014] fix: clarify webauthn login service

* [PM-2014] fix: use `getCredentials$()`

* [PM-2014] fix: badge alignment using important statement

* [PM-2014] fix: remove sm billing flag

* [PM-2014] fix: `CoreAuthModule` double import

* [PM-2014] fix: unimported component (issue due to conflict with master)

* [PM-2014] fix: unawaited promise bug
 2023-10-10 15:10:26 +02:00