mirror of
https://github.com/bitwarden/browser
synced 2025-12-15 07:43:35 +00:00
4f9ae785988c1798bf26dbe3658177e37ec965b1
33 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Bernd Schoolmann
|
4f9ae78598 |
[PM-27515] Fix 2fa settings not working after KDF change (#17070)
* Always derive authentication data fresh for UV * Cleanup * Add tests * Fix remote UV * Fix test * Fix test * Address feedback * Fix build * Update libs/common/src/auth/types/verification.ts Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> * Remove unused var * Fix relative import * Fix types --------- Co-authored-by: Maciej Zieniuk <167752252+mzieniukbw@users.noreply.github.com> |
||
|
Bernd Schoolmann
|
6bd8638ad8 |
[PM-24126] Move pin service to km ownership (#15821)
* Move pin service to km ownership * Run format * Eslint * Fix tsconfig * Fix imports and test * Clean up imports * Remove unused dependency on PinService * Fix comments --------- Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com> |
||
Addison Beck
|
56a3b14583 |
Introduce eslint errors for risky/circular imports (#14804)
* first draft at an idea dependency graph * ignore existing errors * remove conflicting rule regarding internal platform logic in libs * review: allow components to import from platform |
||
Thomas Avery
|
d43e4757df |
[PM-7604] Require target UserID for KdfConfigService (#14380)
* Require userId for KdfConfigService * Update auth team callers * Update tools team callers |
||
|
Bernd Schoolmann
|
8c6a33d7b8 |
[PM-16603] Implement userkey rotation v2 (#12646)
* Implement key rotation v2 * Pass through masterpassword hint * Properly split old and new code * Mark legacy rotation as deprecated * Throw when data is null * Cleanup * Add tests * Fix build * Update libs/key-management/src/key.service.spec.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update apps/web/src/app/auth/settings/change-password.component.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Add documentation * Centralize loading logic * Fix build * Remove sharedlib from legacymigration component --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> |
||
|
Thomas Avery
|
81335978d8 |
[PM-17669] Move MasterPasswordService to KM (#13148)
* Move MasterPasswordService to KM |
||
renovate[bot]
|
62e879940c |
[deps] SM: Update typescript-eslint monorepo to v8 (major) (#10601)
* [deps] SM: Update typescript-eslint monorepo to v8 --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Hinton <hinton@users.noreply.github.com> Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com> |
||
Oscar Hinton
|
db84ccf935 |
[PM-16838] Forbid imports containing /src/ (#12744)
Forbids bad imports containing /src/. |
||
|
Bernd Schoolmann
|
72121cda94 | [PM-10741] Refactor biometrics interface & add dynamic status (#10973) | ||
Matt Gibson
|
9c1e2ebd67 |
Typescript-strict-plugin (#12235)
* Use typescript-strict-plugin to iteratively turn on strict * Add strict testing to pipeline Can be executed locally through either `npm run test:types` for full type checking including spec files, or `npx tsc-strict` for only tsconfig.json included files. * turn on strict for scripts directory * Use plugin for all tsconfigs in monorepo vscode is capable of executing tsc with plugins, but uses the most relevant tsconfig to do so. If the plugin is not a part of that config, it is skipped and developers get no feedback of strict compile time issues. These updates remedy that at the cost of slightly more complex removal of the plugin when the time comes. * remove plugin from configs that extend one that already has it * Update workspace settings to honor strict plugin * Apply strict-plugin to native message test runner * Update vscode workspace to use root tsc version * `./node_modules/.bin/update-strict-comments` 🤖 This is a one-time operation. All future files should adhere to strict type checking. * Add fixme to `ts-strict-ignore` comments * `update-strict-comments` 🤖 repeated for new merge files |
||
|
Bernd Schoolmann
|
38c4eeb27d |
[PM-14542] Move kdf to km ownership (#11877)
* Move kdf to km ownership * Fix duplicate import * Remove whitespace * Fix double imports * Fix desktop build * Fix test error * Fix imports * Move ownership of kdftype to km * Fix imports --------- Co-authored-by: Matt Bishop <mbishop@bitwarden.com> |
||
Justin Baur
|
f41365ce48 |
[PM-13673] Require UserId In CompareHash Method (#11568)
* Require UserId In CompareHash Method * Throw on null-ish 'masterKey' * Update Test |
||
|
Bernd Schoolmann
|
b486fcc689 |
[Pm-13097] Rename cryptoservice to keyservice and move it to km ownership (#11358)
* Rename cryptoservice to keyservice * Rename cryptoservice to keyservice * Move key service to key management ownership * Remove accidentally added file * Fix cli build * Fix browser build * Run prettier * Fix builds * Fix cli build * Fix tests * Fix incorrect renames * Rename webauthn-login-crypto-service * Fix build errors due to merge conflicts * Fix linting |
||
Jared Snider
|
a13e99ebe9 |
Auth/PM-10601 - Tech Debt Cleanup - Refactor Lock Component and User Verification to use PinService (#10408)
* PM-10601 - PinSvc new unlock check first draft * PM-10601 - PinSvc - add new method for determining if pin decryption is available. * PM-10601 - Add more docs on PinSvc * PM-10601 - Update Lock Comp & User Verification service + tests to use new isPinDecryptionAvailable method |
||
Jake Fink
|
1043a582c1 |
[PM-7879, PM-7635] Add server verification for master password to user verification (#9523)
* add MP server verification * add tests and minor service enhancements * fix tests * fix initializations for cli and browser * fix CLI * pr feedback |
||
|
Jared Snider
|
01648e2cc3 |
Auth/PM-8358 - User Verification dialog & form input fix for empty submit displaying wrong error (#9363)
* PM-8358 - UserVerificatonFormInput - fix incorrect init logic. We needed to execute the processSecretChanges logic to convert null into { type: 0, secret: null } (VerificationWithSecret) for all non-biometric verification flows. .
* PM-8358 - UserVerificationService - verifyUser(...) - throw error if called with null. It should only happen if a dev makes a mistake in theory.
|
||
|
Matt Gibson
|
ee690cd1ef |
Use account service for getting account profile data. (#9133)
* Use account service for getting account profile data. * desktop build fixes * CLI build fixes * Remove state service methods |
||
rr-bw
|
a42de41587 |
[PM-5363] PinService State Providers (#8244)
* move pinKeyEncryptedUserKey * move pinKeyEncryptedUserKeyEphemeral * remove comments, move docs * cleanup * use UserKeyDefinition * refactor methods * add migration * fix browser dependency * add tests for migration * rename to pinService * move state to PinService * add PinService dep to CryptoService * move protectedPin to state provider * update service deps * renaming * move decryptUserKeyWithPin to pinService * update service injection * move more methods our of crypto service * remove CryptoService dep from PinService and update service injection * remove cryptoService reference * add method to FakeMasterPasswordService * fix circular dependency * fix desktop service injection * update browser dependencies * add protectedPin to migrations * move storePinKey to pinService * update and clarify documentation * more jsdoc updates * update import paths * refactor isPinLockSet method * update state definitions * initialize service before injecting into other services * initialize service before injecting into other services (bw.ts) * update clearOn and do additional cleanup * clarify docs and naming * assign abstract & private methods, add clarity to decryptAndMigrateOldPinKeyEncryptedMasterKey() method * derived state (attempt) * fix typos * use accountService to get active user email * use constant userId * add derived state * add get and clear for oldPinKeyEncryptedMasterKey * require userId * move pinProtected * add clear methods * remove pinProtected from account.ts and replace methods * add methods to create and store pinKeyEncryptedUserKey * add pinProtected/oldPinKeyEncrypterMasterKey to migration * update migration tests * update migration rollback tests * update to systemService and decryptAndMigrate... method * remove old test * increase length of state definition name to meet test requirements * rename 'TRANSIENT' to 'EPHEMERAL' for consistency * fix tests for login strategies, vault-export, and fake MP service * more updates to login-strategy tests * write new tests for core pinKeyEncrypterUserKey methods and isPinSet * write new tests for pinProtected and oldPinKeyEncryptedMasterKey methods * minor test reformatting * update test for decryptUserKeyWithPin() * fix bug with oldPinKeyEncryptedMasterKey * fix tests for vault-timeout-settings.service * fix bitwarden-password-protected-importer test * fix login strategy tests and auth-request.service test * update pinService tests * fix crypto service tests * add jsdoc * fix test file import * update jsdocs for decryptAndMigrateOldPinKeyEncryptedMasterKey() * update error messages and jsdocs * add null checks, move userId retrievals * update migration tests * update stateService calls to require userId * update test for decryptUserKeyWithPin() * update oldPinKeyEncryptedMasterKey migration tests * more test updates * fix factory import * update tests for isPinSet() and createProtectedPin() * add test for makePinKey() * add test for createPinKeyEncryptedUserKey() * add tests for getPinLockType() * consolidate userId verification tests * add tests for storePinKeyEncryptedUserKey() * fix service dep * get email based on userId * use MasterPasswordService instead of internal * rename protectedPin to userKeyEncryptedPin * rename to pinKeyEncryptedUserKeyPersistent * update method params * fix CryptoService tests * jsdoc update * use EncString for userKeyEncryptedPin * remove comment * use cryptoFunctionService.compareFast() * update tests * cleanup, remove comments * resolve merge conflict * fix DI of MasterPasswordService * more DI fixes |
||
Ike
|
1e4158fd87 |
[PM-5735] Create kdf Service (#8715)
* key connector migration initial * migrator complete * fix dependencies * finalized tests * fix deps and sync main * clean up definition file * fixing tests * fixed tests * fixing CLI, Browser, Desktop builds * fixed factory options * reverting exports * implemented UserKeyDefinition clearOn * Initial Kdf Service Changes * rename and account setting kdfconfig * fixing tests and renaming migration * fixed DI ordering for browser * rename and fix DI * Clean up Migrations * fixing migrations * begin data structure changes for kdf config * Make KDF more type safe; co-author: jlf0dev * fixing tests * Fixed CLI login and comments * set now accepts userId and test updates --------- Co-authored-by: Jake Fink <jfink@bitwarden.com> |
||
|
Jake Fink
|
9d10825dbd |
[PM-5362] Add MP Service (attempt #2) (#8619)
* create mp and kdf service * update mp service interface to not rely on active user * rename observable methods * update crypto service with new MP service * add master password service to login strategies - make fake service for easier testing - fix crypto service tests * update auth service and finish strategies * auth request refactors * more service refactors and constructor updates * setMasterKey refactors * remove master key methods from crypto service * remove master key and hash from state service * missed fixes * create migrations and fix references * fix master key imports * default force set password reason to none * add password reset reason observable factory to service * remove kdf changes and migrate only disk data * update migration number * fix sync service deps * use disk for force set password state * fix desktop migration * fix sso test * fix tests * fix more tests * fix even more tests * fix even more tests * fix cli * remove kdf service abstraction * add missing deps for browser * fix merge conflicts * clear reset password reason on lock or logout * fix tests * fix other tests * add jsdocs to abstraction * use state provider in crypto service * inverse master password service factory * add clearOn to master password service * add parameter validation to master password service * add component level userId * add missed userId * migrate key hash * fix login strategy service * delete crypto master key from account * migrate master key encrypted user key * rename key hash to master key hash * use mp service for getMasterKeyEncryptedUserKey * fix tests * fix user key decryption logic * add clear methods to mp service * fix circular dep and encryption issue * fix test * remove extra account service call * use EncString in state provider * fix tests * return to using encrypted string for serialization |
||
|
Jake Fink
|
775c8a1bbe |
Revert "[PM-5362]Create MP Service for state provider migration (#7623)" (#8617)
This reverts commit
|
||
|
Jake Fink
|
b1abfb0a5c |
[PM-5362]Create MP Service for state provider migration (#7623)
* create mp and kdf service * update mp service interface to not rely on active user * rename observable methods * update crypto service with new MP service * add master password service to login strategies - make fake service for easier testing - fix crypto service tests * update auth service and finish strategies * auth request refactors * more service refactors and constructor updates * setMasterKey refactors * remove master key methods from crypto service * remove master key and hash from state service * missed fixes * create migrations and fix references * fix master key imports * default force set password reason to none * add password reset reason observable factory to service * remove kdf changes and migrate only disk data * update migration number * fix sync service deps * use disk for force set password state * fix desktop migration * fix sso test * fix tests * fix more tests * fix even more tests * fix even more tests * fix cli * remove kdf service abstraction * add missing deps for browser * fix merge conflicts * clear reset password reason on lock or logout * fix tests * fix other tests * add jsdocs to abstraction * use state provider in crypto service * inverse master password service factory * add clearOn to master password service * add parameter validation to master password service * add component level userId * add missed userId * migrate key hash * fix login strategy service * delete crypto master key from account * migrate master key encrypted user key * rename key hash to master key hash * use mp service for getMasterKeyEncryptedUserKey * fix tests |
||
|
Jake Fink
|
7f14ee4994 | add back call to verify by PIN (#8495) | ||
|
Jake Fink
|
2111b37c32 |
[PM-5404, PM-3518] Migrate user decryption options to new service (#7344)
* create new user decryption options service * rename new service to user decryption options * add hasMasterPassword to user decryption options service * migrate device trust service to new user decryption options service * add migration for user-decryption-options * migrate sync service and calls to trust-device-service * rename abstraction file * migrate two factor component * migrate two factor spec * migrate sso component * migrate set-password component * migrate base login decryption component * migrate organization options component * fix component imports * add missing imports - remove state service calls - add update user decryption options method * remove acct decryption options from account * lint * fix tests and linting * fix browser * fix desktop * add user decryption options service to cli * remove default value from migration * bump migration number * fix merge conflict * fix vault timeout settings * fix cli * more fixes * add user decryption options service to deps of vault timeout settings service * update login strategy service with user decryption options * remove early return from sync bandaid for user decryption options * move user decryption options service to lib/auth * move user decryption options to libs/auth * fix reference * fix browser * check user decryption options after 2fa check * update migration and revert tsconfig changes * add more documentation * clear user decryption options on logout * fix tests by creating helper for user decryption options * fix tests * pr feedback * fix factory * update migration * add tests * update missed migration num in test |
||
|
Jared Snider
|
2c1d215b71 |
Auth/PM-5242 - Create new User Verification dialog and form input components which support PIN and biometrics verification (#7536)
* PM-5242 - First working draft of copying out web CL implementation of user verification form and dialog components into standalone libs/auth components which could be used in any client. * PM-5242 - Rename UserVerificationFormComponent to UserVerificationFormInputComponent b/c it doesn't actually have a form and is meant to slot into a form as an input. * PM-5242 - Update libs/auth angular index to take renamed component into account * PM-5242 - Clean up UserVerificationDialogComponent as have much cleaner design approach now (maintain existing func while simply adding new requirements for client side validation for passkeys) * PM-5242 - UserVerificationFormInput component - WIP draft of new client and server split of user verification logic * PM-5242 - UserVerificationFormInput - WIP - Lots of progress on client side verification layout - more to do * PM-5242 - UserVerificationFormInputComponent - Add hasMultipleVerificationMethods property so we can only show alternate methods if user has them. * PM-5242 - UserVerificationFormInputComponent - rename hasMultipleVerificationMethods to hasMultipleClientVerificationOptions * PM-5242 - Add new user verification biometrics fingerprint icon with proper secondary fill so it displays properly on all themes. * PM-5242 - Create enum for tracking client user verification states * PM-5242 - UserVerificationFormInputComponent - WIP - (1) Got biometrics layout working except for error state (2) Emitting active client verification option and biometrics result to dialog (3) Properly identifying if biometrics is enabled in a platform agnostic way (4) Translations TODO * PM-5242 - UserVerificationDialogComponent - (1) Wire up new inputs and outputs for UserVerificationFormInput (2) Don't show submit button when clientside biometrics verification active * PM-5242 - UserVerificationFormInputComponent - wired up biometrics failure and retry handling + re-arranged comp properties to put inputs & outputs at the top * PM-5242 - UserVerificationFormInput component - Add logic to prevent currently active client verification method from being shown an option * PM-5242 - UserVerificationFormInput - adjust margins * PM-5242 - User verification dialog and form input comps - replace Verification with VerificationWithSecret type where applicable * PM-5242 - UserVerificationFormComp - Default to server for backwards compatibility and to avoid requiring the input at all * PM-5242 - UserVerificationFormInputComp - (1) Rename processChanges to processSecretChanges (2) Short circuit processSecretChanges when biometrics is active (3) Add new function for determining type of verification that has a secret. * PM-5242 - UserVerificationDialog - Support custom, optional callout in dialog body. * PM-5242 - UserVerificationDialogComp - support custom confirm button text and type. * PM-5242 - UserVerificationDialog - Add user verification dialog result type to allow for handling all possible verification scenarios * PM-5242 - UserVerificationFormInputComp - tweak comment * PM-5242 - UserVerificationFormInput comp html - add placeholder text for no client verifications found scenario * PM-5242 - UserVerificationDialogComponent - (1) Add confirm & cancel to dialog result (2) Add cancel method vs using bitDialogClose for specificity (3) Adjust naming of output property to properly specify that it is scoped to client verification (4) Adjust layout of dialog html to handle when no client side verification methods are found. * PM-5242 - UserVerificationFormInput - Clean up test code * PM-5242 - UserVerificationFormInput - For server verification, we don't need to check if the user has a local master key hash as we will generate a hash to send to the server for comparison. * PM-5242 - UserVerificationFormInput html - Remove now unnecessary dev warning as I've provided a default * PM-5242 - UserVerification Dialog & Form Input - add translations on all clients for all visible text. * PM-5242 - UserVerificationFormInput html - remove no active client verification handling from form input comp as it is instead emitted upwards to parent dialog component to be handled there. * PM-5242 - UserVerificationDialogComp - (1) Make UserVerificationDialogResult.noAvailableClientVerificationMethods optional because it isn't needed in cancel flows (thanks Will) (2) Modify static open to intercept closed observable event in order to always return a UserVerificationDialogResult as BitDialog returns empty string when the user clicks the x * PM-5242 - UserVerificationDialogComp - Simplify dialog param names to remove redundant dialog * PM-5242 - UserVerificationDialogParams - update comments to match new names * PM-5242 - UserVerificationDialog Storybook - WIP first draft * PM-5242 - UserVerificationDialogStoryComponent - WIP - try out having imports the same as the standalone component * PM-5242 - UserVerificationDialogStoryComponent - more WIP - building now - some stuff displaying * PM-5242 - UserVerificationDialogStoryComponent - some progress on providers setup * PM-5242 - Not going to use storybook for user verification dialog * PM-5242 - UserVerificationDialogComp - move types into own file + add docs * PM-5242 - Update auth index to export user-verification-dialog.types * PM-5242 - UserVerificationFormInput & UserVerificationService - Extract out getAvailableVerificationOptions logic into service * PM-5242 -UserVerificationDialogComponent - Update close logic to handle escape key undefined scenario * PM-5242 - UserVerificationFormInput - add getInvalidSecretErrorMessage for properly determining invalid secret translation * PM-5242 - UserVerificationDialogComp - Refactor submit logic to handle different return methodologies in existing MP and OTP user verification service code vs new PIN flow (e.g., throwing an error instead of returning false) * PM-5242 - PinCryptoService - change error logs to warnings per discussion with Justin * PM-5242 - UserVerificationFormInput - Biometrics flow on desktop - remove accidentally added period in couldNotCompleteBiometrics translation key. * PM-5242 - UserVerificationFormInput HTML - Re-arrange order of other client verification options to match design * PM-5242 - UserVerificationFormInputComponent - Reset inputs as untouched on change of client verification method. * PM-5242 - UserVerificationDialogComponent - Remove TODO as existing secret change logic turns invalidSecret false when biometrics is swapped to. * PM-5242 - UserVerificationFormInputComponent - getInvalidSecretErrorMessage - fix PIN error message not being returned. * PM-5242 - UserVerificationDialogComponent - Add documentation and examples to open method. * PM-5242 - UserVerificationDialogComponent - tweak open docs * PM-5242 - Remove accidental period from translation keys on browser & web * PM-5242 - UserVerificationFormInputComponent - OTP flow needed button module to work * PM-5242 - UserVerificationDialogParams - Add docs explaining that noAvailableClientVerificationMethods is only for desktop & browser. * PM-5242 - User-verification-form-input - Adjust layout to meet new design requirements - (1) On load, send OTP without user clicking a button (2) Allow resending of the codes (3) show a code sent message for 3 seconds * PM-5242 - Browser User Verification - Instantiate PinCryptoService and UserVerification service AFTER instantiating vaultTimeoutSettingsService so that it isn't undefined at run time. * PM-5242 - JslibServices Module - UserVerificationService - add missing PlatformUtilsServiceAbstraction dependency. * PM-5242 - Desktop Native Messaging Service - Wrap biometric getUserKeyFromStorage call in try catch because it throws an error if the user cancels the biometrics prompt and doesn't send a response to the browser extension when using the biometrics unlock bridge to the desktop app and OS. * PM-5242 - Browser Extension - NativeMessagingBackground - if the desktop biometricUnlock command is executed with a canceled (not adjusting misspelling to keep side effects at a min) response, don't bother continuing. * PM-5242 - BrowserCryptoService - When retrieving the user key via desktop biometrics, return null for user key if the user fails or cancels the biometrics prompt. Otherwise, if there is a user key in memory after unlock, biometrics user verification will always just return the user key from state regardless of if the user has successfully passed the biometrics prompt or not. * PM-5242 - BrowserCryptoService - extra comments * PM-5242 - Clean up translations - (1) Remove unused defaultUserVerificationDialogConfirmBtnText (2) Refactor name of defaultUserVerificationDialogTitle to just be verificationRequired which matches existing naming conventions. * PM-5242 - CLI - fix order of service instantiations to ensure that vaultTimeoutSettingsService isn't undefined for PinCryptoService and UserVerificationService * PM-5242 - Rename UserVerificationDialogParams to UserVerificationDialogOptions to match existing naming conventions of other CL comps. * PM-5242 - UserVerificationDialogComponent - dialogParams renamed to dialogOptions * PM-5242 - UserVerificationService Abstraction - Per PR feedback, use keyof for verificationType * PM-5242 - UserVerificationBiometricsIcon - Per PR feedback, use https://jakearchibald.github.io/svgomg/ to optimize SVG by 50%. * PM-5242 - Per PR feedback, clarify UserVerificationDialogOptions.clientSideOnlyVerification comment. * PM-5242 - UserVerificationTypes - Add comments clarifying all text passed to the UserVerificationDialog are translation keys * PM-5242 - UserVerificationDialogComp - fix extra new line per PR feedback * PM-5242 - UserVerificationDialogTypes - per PR feedback and discussion with Will M., export ButtonType from CL so we (and consumers of the dialog) can properly import it via standard CL import. * PM-5242 - BrowserCryptoService - Adjust comments per PR feedback. * PM-5242 - UserVerificationDialogComponent - make ActiveClientVerificationOption readonly as it only for component html * PM-5242 - UserVerificationDialogComp html - finish comment * PM-5242 - BrowserCryptoService - add returns js doc per PR feedback. * PM-5242 - UserVerificationDialogComponent - per PR feedback, add unexpected error toast. * PM-5242 - UserVerificationService - getAvailableVerificationOptions - update params to use keyof like abstraction * PM-5242 - Mark all existing client specific implemetations of user verification as deprecated. |
||
|
Matt Gibson
|
160a636fa0 | Move key types to central location (#7531) | ||
|
Jared Snider
|
756c02cec2 |
Auth/PM-4596 - Extract PIN and Biometrics unlock method logic into re-useable services for user verification (#7107)
* PM-4596 - PinCryptoService first draft * PM-4596 - PinCryptoService - Refactor pinKeyEncryptedKey retrievals out into own method getPinKeyEncryptedKeys * PM-4596 - npm ci + npm run prettier to fix lint issues * PM-4596 - PinCryptoService - Add kdf types * PM-4596 - PinCryptoService - Refactor pin validation into own helper method. * PM-4596 - Rename pin-crypto.service.ts to pin-crypto.service.implementation.ts * PM-4596 - PinCryptoService - add additional logging for error states. * PM-4596 - JslibServicesModule - register new PinCryptoService and PinCryptoServiceAbstraction * PM-4596 - PinCryptoService - modify decryptUserKeyWithPin signature to not require email to match MP verification process in user verification service. * PM-4596 - Lock components - use new PinCryptoService.decryptUserKeyWithPin(...) to get user key + refactor base comp unlock with pin method to improve * PM-4596 - Lock component - if too many invalid attempts, added toast explaining that we were logging the user out due to excess PIN entry attempts * PM-4596 - UserVerificationService - (1) Refactor verifyUser(...) to use switch + separate methods for a cleaner parent method + better extensibility for PIN & biometrics which are TBD (2) Add PIN support to validateInput(...) * PM-4596 - UserVerificationService - add PIN and biometrics functions to verifyUser(...) * PM-4596 - PinCryptoService Spec - start test file - instantiates properly * PM-4596 - PinCryptoService tests - WIP * PM-4596 - PinCryptoService tests - WIP - got success cases working * PM-4596 - pin-crypto.service.implementation.spec.ts renamed to pin-crypto.service.spec.ts * PM-4596 - PinCryptoService.getPinKeyEncryptedKeys(...) - add comment + var name change for clarity * PM-4596 - PinCryptoService tests - test invalid, null return scenarios * PM-4596 - CLI - bw.ts - update UserVerificationService instantiation to include new pinCryptoService * PM-4596 - PinCryptoService - import VaultTimeoutSettingsServiceAbstraction instead of implementation for factory creation to get browser building * PM-4596 - (1) Create pinCryptoServiceFactory for browser background (2) Add it to the existing userVerificationServiceFactory * PM-4596 - Browser - Main.background.ts - Add pinCryptoService and add to userVerificationService dependencies * PM-4596 - UserVerificationService - per PR feedback simplify returns of verifyUserByPIN(...) and verifyUserByBiometrics(...) * PM-4596 - Messages.json on desktop & browser - per PR feedback, adjust tooManyInvalidPinEntryAttemptsLoggingOut translation text to remove "you" * PM-4596 - VerificationType enum - fix line copy mistake and give BIOMETRICS own, unique value. * PM-4596 - VerificationType - rename BIOMETRICS to Biometrics to match existing MasterPassword value case. * PM-4596 - Update verification type to consider whether or not a secret exists as we have added a new verification which doesn't have a type. Add new server and client side verification types. Update all relevant code to pass compilation checks. * PM-4596 - More verification type tweaking * PM-4596 - Verification - verificationHasSecret - tweak logic to be more dynamic and flexible for future verification types * PM-4596 - UpdateTempPasswordComp - use new MasterPasswordVerification * PM-4596 - Desktop - DeleteAcctComp - use VerificationWithSecret to solve compile error w/ accessing secret * PM-4596 - Per discussions with Andreas & Will, move new Pin Crypto services into libs/auth + added @bitwarden/auth path to CLI tsconfig + added new, required index.ts files for exporting service abstractions & implementations * PM-4596 - Fixed missed import fixes for lock components across clients for pin crypto service after moving into @bitwarden/auth * PM-4596 - More PinCryptoService import fixes to get browser & desktop building * PM-4596 - Update desktop lock comp tests to pass by providing new pin crypto service. * PM-4596 - User verification service -update todo * PM-4596 - PinCryptoService - per PR feedback, fix auto import wrong paths. * PM-4596 - PinCryptoService tests - fix imports per PR feedback * PM-4596 - UserVerificationSvc - rename method to validateSecretInput per PR feedback * Fix imports * PM-4596 - PinCryptoService - Refactor naming for clarity and move test cases into describes per PR feedback * reorg libs/auth; expose only libs/auth/core to cli app * PM-4596 - UserVerification - Resolve import issue with importing from libs/auth. Can't use @bitwarden/auth for whatever reason. * PM-4596 - Fix desktop build by fixing import * PM-4596 - Provide PinCryptoService to UserVerificationService * PM-4596 - PinCryptoServiceFactory - you cannot import services from @bitwarden/auth in the background b/c it brings along the libs/auth/components and introduces angular into the background context which doesn't have access to angular which causes random test failures. So, we must separate out the core services just like the CLI to only bring along the angular agnostic services from core. * PM-4596 - Refactor libs/auth to have angular / common + update all imports per discussion with Matt & Will. Introduced circular dep between PinCryptoService + VaultTimeoutSettingsService + UserVerificationService * PM-4596 - VaultTimeoutSettingsService - Refactor UserVerificationService out of the service and update all service instantiations and tests. The use of the UserVerificationService.hasMasterPassword method no longer needs to be used for backwards compatibility. This resolves the circular dependency between the PinCryptoService, the UserVerificationService, and the VaultTimeoutSettingsService. We will likely refactor the hasMasterPassword method out of the UserVerificationService in the future. * PM-4596 - Update CL tsconfig.libs.json to add new auth/common and auth/angular paths for jslib-services.module imports of pin crypto service to work and for test code coverage to run successfully. * PM-4596 - Address PR feedback * PM-4596 - Update root tsconfig (only used by storybook) to add new libs/auth paths to fix chromatic build pipeline. * PM-4596 - Actually update tsconfig with proper routes to fix storybook * PM-4596 - UserVerificationService - verifyUserByBiometrics - add error handling logic to convert failed or cancelled biometrics verification to a usable boolean * PM-4596 - Add missing await * PM-4596 - (1) Add log service and log to user verification service biometric flow to ensure errors are at least revealed to the console (2) Fix factory missing PinCryptoServiceInitOptions * PM-4596 - Use the correct log service abstraction * PM-4596 - Remove unused types per PR review --------- Co-authored-by: William Martin <contact@willmartian.com> |
||
|
renovate[bot]
|
28de9439be |
[deps] Autofill: Update prettier to v3 (#7014)
* [deps] Autofill: Update prettier to v3 * prettier formatting updates --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jonathan Prusik <jprusik@classynemesis.com> |
||
|
Oscar Hinton
|
a5e3432f85 |
Assign ownership to many libs files (#6928)
Assign ownership to many of the remaining libs/common files. Criteria for ownership: * Files used by a single team, is now owned by that team. * Files related to a domain owned by a team is now owned by that team. * Where ownership is unclear the "lowest level" service takes ownership. |
||
Todd Martin
|
5665576147 |
Trusted Device Encryption feature (#5950)
* PM-1049 - Create first display draft of login-decryption-options base and web components (no data loading or user actions wired up yet; WIP) * PM-1049 - Update DeviceResponse to match latest properties on backend * PM-1049 - Add getDevices call to retrieve all user devices to API service * PM-1049 - WIP on figuring out login decryption options component requirements * PM-1049 - Add empty login decryption options to desktop * PM-1049 - Desktop - Update "Log in initiated" translation to be "Login Initiated" per figma and product request * PM-1049 - Desktop - login decryption options component html done * PM-1049 - Move login-decryption-options in web into own folder * PM-1049 - Browser - created html for login-decryption-options component * PM-1049 - Move newly created getDevices() method out of api.service into proper place in new devices-api.service. * PM-1049 -Comment cleanup and TODO added * PM-1049 - Comment cleanup and dependency cleanup across all login-decryption-options comps * PM-1049 - WIP of building out needed response and regular models for saving new UserDecryptionOptions on the Account in state. * PM-1049 - Update all User Decryption Options response and state models in light of the back end changes from a list to an object. Web building now with decryption options stored on state under the account successfully. Must now build out state service methods for retrieving / setting account decryption options for use elsewhere. * PM-1049 - State Service - setup setters / getters for UserDecryptionOptions off the account * PM-1049 - StateService - replace User with Acct for decryption options * PM-1049 - Create domain models vs using response models as response models have a response property w/ the full response nested underneath which we don't need to persist for the user decryption options stored on the account. * PM-1049 - AcctDecryptionOptions now persist across page refreshes of the login-initiated page to act similarly to refreshes on the lock screen. Accomplished via persisting AcctDecryptionOptions in local storage -- still cleared on logout. * PM-1049 - IdTokenResponse - only userDecryptionOptions if they exist on the response from the server; I saw a few instances where it did not. Wasn't able to replicate consistently, but I put this check here to be safe. * PM-1049 - Login Initiated route can only be accessed if user is AuthN w/ locked vault + TDE feature flag is on. * PM-1049 - LoginDecryptionOptions - (1) Wire up loading logic (2) Retrieve User Acct Decryption options to determine whether or not to show request admin approval btn and approve w/ MP (3) Write up future logic for requestAdminApproval (4) approveWithMasterPassword takes you to the lock screen to login. * PM-1049 - Apply same guards as in web to login-decryption-options in desktop & browser. * PM-1049 - (1) Updated dependencies in parent BaseLoginDecryptionOptionsComponent class + child components (2) Retrieve userEmail b/c needed for displaying which email the user is logging in with (3) Add log out functionality (4) Add comments regarding future implementation details for each login approval flow. * PM-1049 - Web/Browser/Desktop LoginDecryptionOptions - (1) Wire up approval buttons (2) Add conditional margins (3) Loading spinner added (4) Display userEmail + "not you" logout link * PM-1049 - Add TODOs for future changes needed as part of the Login Approval flows for TDE * PM-1049 - TODO: replace base component with business service * add new storage to replace MasterKey with UserSymKey * add storage for master key encrypted user symmetric key * Begin refactor of crypto service to support new key structure * remove provided key from getKeyForUserEncryption * add decryption with MasterKey method to crypto service * update makeKeyPair on crypto service to be generic * add type to parameter of setUserKey in abstraction of crypto service * add setUserSymKeyMasterKey so we can set the encrypted user sym key from server * update cli with new crypto service methods - decrypt user sym key and set when unlocking * separate the user key in memory from user keys in storage * add new memory concept to crypto service calls in cli * update auth service to use new crypto service * update register component in lib to use new crypto service * update register component again with more crypto service * update sync service to use new crypto service methods * update send service to use new crypto service methods * update folder service to use new crypto service methods * update cipher service to use new crypto service * update password generation service to use new crypto service * update vault timeout service with new crypto service * update collection service to use new crypto service * update emergency access components to use new crypto service methods * migrate login strategies to new key model - decrypt and set user symmetric key if Master Key is available - rename keys where applicable - update unit tests * migrate pin to use user's symmetric key instead of master key - set up new state - migrate on lock component - use new crypto service methods * update pin key when the user symmetric key is set - always set the protected pin so we can recreate pin key from user symmetric key - stop using EncryptionPair in account - use EncString for both pin key storage - update migration from old strategy on lock component * set user symmetric key on lock component - add missed key suffix types to crypto service methods * migrate auto key - add helper to internal crypto service method to migrate * remove additional keys in state service clean * clean up the old pin keys in more flows - in the case that the app is updated while logged in and the user changes their pin, this will clear the old pin keys * finish migrate auto key if needed - migrate whenever retrieved from storage - add back the user symmetric key toggle * migrate biometrics key - migrate only on retrieval * fix crypto calls for key connector and vault timeout settings * update change password components with new crypto service * update assortment of leftover old crypto service calls * update device-crypto service with new crypto service * remove old EncKey methods from crypto service * remove clearEncKey from crypto service * move crypto service jsdoc to abstraction * add org key type and new method to build a data enc key for orgs * fix typing of bulk confirm component * fix EncString serialization issues & various fixes Co-authored-by: Matt Gibson <MGibson1@users.noreply.github.com> * update account model with new keys serialization * migrate native messaging for biometrics to use new key model - support backwards compatibility - update safari web extension to send user key - add error handling * add early exit to native messaging flow for errors * improve error strings in crypto service * disable disk cache for browser due to bg script/popup race conditions * clear bio key when pin is migrated as bio is refreshed * share disk cache to fix syncing issues between contexts * check for ephemeral pin before process reload * remove state no longer needed and add JSDOC * fix linter * add new types to tests * remove cryptoMasterKeyB64 from account * fix tests imports * use master key for device approvals still * cleanup old TODOs, add missing crypto service parameters * fix cli crypto service calls * share disk cache between contexts on browser * Revert "share disk cache between contexts on browser" This reverts commit |
||
Andreas Coroiu
|
a73525a80c |
[PM-2135] [BEEEP] Refactor and refresh web user verification components (#5377)
* [PM-2135] feat: create new user-verification module
* [PM-2136] feat: add ability to remove form field bottom margin
(cherry picked from commit 05925ff77ed47f3865c2aecade8271390d9e2fa6)
* [PM-2135] feat: refactor user-verification component
* [PM-2135] feat: refactor user-verification-prompt
* [PM-2135] feat: use form validation in prompt
* [PM-2135] feat: change autofocus target
* [PM-2135] chore: clean up old code
* [PM-2135] feat: allow user verification to show invalid password error
* [PM-2135] feat: hack mark as touched to get error to display
* [PM-2135] chore: move to auth
* [PM-2135] fix: hardcoded dialog buttons
* [PM-2135] feat: add onDestroy handler
* [PM-2135] fix: remove unecessary directive input
* [PM-2135] feat: add password toggle
* [PM-2135] chore: add hack comment
* [PM-2135] chore: move services to auth folder and rename
* [PM-2135] fix: show correct error messages
* [PM-2135] fix: re-add non-existant files to whitelist
I honestly don't know why the linter is complaining about this
* Fix capital letters whitelist
* [PM-2135] chore: remove rows that were mistakenly added during merge from master
* [PM-2135] chore: remove rows that were mistakenly added during merge from master
* [PM-2135] feat: disable built-in browser validations
* Revert "[PM-2135] feat: disable built-in browser validations"
This reverts commit
|
||
|
Matt Gibson
|
78248db590 |
Platform/pm 19/platform team file moves (#5460)
* Rename service-factory folder * Move cryptographic service factories * Move crypto models * Move crypto services * Move domain base class * Platform code owners * Move desktop log services * Move log files * Establish component library ownership * Move background listeners * Move background background * Move localization to Platform * Move browser alarms to Platform * Move browser state to Platform * Move CLI state to Platform * Move Desktop native concerns to Platform * Move flag and misc to Platform * Lint fixes * Move electron state to platform * Move web state to Platform * Move lib state to Platform * Fix broken tests * Rename interface to idiomatic TS * `npm run prettier` 🤖 * Resolve review feedback * Set platform as owners of web core and shared * Expand moved services * Fix test types --------- Co-authored-by: Hinton <hinton@users.noreply.github.com> |
||
|
Matt Gibson
|
cf972e784c |
Auth/ps 2298 reorg auth (#4564)
* Move auth service factories to Auth team * Move authentication componenets to Auth team * Move auth guard services to Auth team * Move Duo content script to Auth team * Move auth CLI commands to Auth team * Move Desktop Account components to Auth Team * Move Desktop guards to Auth team * Move two-factor provider images to Auth team * Move web Accounts components to Auth Team * Move web settings components to Auth Team * Move web two factor images to Auth Team * Fix missed import changes for Auth Team * Fix Linting errors * Fix missed CLI imports * Fix missed Desktop imports * Revert images move * Fix missed imports in Web * Move angular lib components to Auth Team * Move angular auth guards to Auth team * Move strategy specs to Auth team * Update .eslintignore for new paths * Move lib common abstractions to Auth team * Move services to Auth team * Move common lib enums to Auth team * Move webauthn iframe to Auth team * Move lib common domain models to Auth team * Move common lib requests to Auth team * Move response models to Auth team * Clean up whitelist * Move bit web components to Auth team * Move SSO and SCIM files to Auth team * Revert move SCIM to Auth team SCIM belongs to Admin Console team * Move captcha to Auth team * Move key connector to Auth team * Move emergency access to auth team * Delete extra file * linter fixes * Move kdf config to auth team * Fix whitelist * Fix duo autoformat * Complete two factor provider request move * Fix whitelist names * Fix login capitalization * Revert hint dependency reordering * Revert hint dependency reordering * Revert hint component This components is being picked up as a move between clients * Move web hint component to Auth team * Move new files to auth team * Fix desktop build * Fix browser build |