mirror of
https://github.com/bitwarden/browser
synced 2025-12-15 15:53:27 +00:00
25f55e1368
* Create ForegroundSyncService For Delegating `fullSync` calls to the background * Relax `isExternalMessage` to Allow For Typed Payload * Null Coalesce The `startListening` Method * Filter To Only External Messages
332 lines
13 KiB
TypeScript
332 lines
13 KiB
TypeScript
import { firstValueFrom } from "rxjs";
|
|
|
|
import { UserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
|
|
|
|
import { ApiService } from "../../../abstractions/api.service";
|
|
import { InternalOrganizationServiceAbstraction } from "../../../admin-console/abstractions/organization/organization.service.abstraction";
|
|
import { InternalPolicyService } from "../../../admin-console/abstractions/policy/policy.service.abstraction";
|
|
import { ProviderService } from "../../../admin-console/abstractions/provider.service";
|
|
import { OrganizationUserType } from "../../../admin-console/enums";
|
|
import { OrganizationData } from "../../../admin-console/models/data/organization.data";
|
|
import { PolicyData } from "../../../admin-console/models/data/policy.data";
|
|
import { ProviderData } from "../../../admin-console/models/data/provider.data";
|
|
import { PolicyResponse } from "../../../admin-console/models/response/policy.response";
|
|
import { AccountService } from "../../../auth/abstractions/account.service";
|
|
import { AuthService } from "../../../auth/abstractions/auth.service";
|
|
import { AvatarService } from "../../../auth/abstractions/avatar.service";
|
|
import { KeyConnectorService } from "../../../auth/abstractions/key-connector.service";
|
|
import { InternalMasterPasswordServiceAbstraction } from "../../../auth/abstractions/master-password.service.abstraction";
|
|
import { TokenService } from "../../../auth/abstractions/token.service";
|
|
import { ForceSetPasswordReason } from "../../../auth/models/domain/force-set-password-reason";
|
|
import { DomainSettingsService } from "../../../autofill/services/domain-settings.service";
|
|
import { BillingAccountProfileStateService } from "../../../billing/abstractions/account/billing-account-profile-state.service";
|
|
import { DomainsResponse } from "../../../models/response/domains.response";
|
|
import { ProfileResponse } from "../../../models/response/profile.response";
|
|
import { CryptoService } from "../../../platform/abstractions/crypto.service";
|
|
import { LogService } from "../../../platform/abstractions/log.service";
|
|
import { StateService } from "../../../platform/abstractions/state.service";
|
|
import { MessageSender } from "../../../platform/messaging";
|
|
import { sequentialize } from "../../../platform/misc/sequentialize";
|
|
import { CoreSyncService } from "../../../platform/sync/core-sync.service";
|
|
import { SendData } from "../../../tools/send/models/data/send.data";
|
|
import { SendResponse } from "../../../tools/send/models/response/send.response";
|
|
import { SendApiService } from "../../../tools/send/services/send-api.service.abstraction";
|
|
import { InternalSendService } from "../../../tools/send/services/send.service.abstraction";
|
|
import { CipherService } from "../../../vault/abstractions/cipher.service";
|
|
import { FolderApiServiceAbstraction } from "../../../vault/abstractions/folder/folder-api.service.abstraction";
|
|
import { InternalFolderService } from "../../../vault/abstractions/folder/folder.service.abstraction";
|
|
import { CipherData } from "../../../vault/models/data/cipher.data";
|
|
import { FolderData } from "../../../vault/models/data/folder.data";
|
|
import { CipherResponse } from "../../../vault/models/response/cipher.response";
|
|
import { FolderResponse } from "../../../vault/models/response/folder.response";
|
|
import { CollectionService } from "../../abstractions/collection.service";
|
|
import { CollectionData } from "../../models/data/collection.data";
|
|
import { CollectionDetailsResponse } from "../../models/response/collection.response";
|
|
|
|
export class SyncService extends CoreSyncService {
|
|
constructor(
|
|
private masterPasswordService: InternalMasterPasswordServiceAbstraction,
|
|
accountService: AccountService,
|
|
apiService: ApiService,
|
|
private domainSettingsService: DomainSettingsService,
|
|
folderService: InternalFolderService,
|
|
cipherService: CipherService,
|
|
private cryptoService: CryptoService,
|
|
collectionService: CollectionService,
|
|
messageSender: MessageSender,
|
|
private policyService: InternalPolicyService,
|
|
sendService: InternalSendService,
|
|
logService: LogService,
|
|
private keyConnectorService: KeyConnectorService,
|
|
stateService: StateService,
|
|
private providerService: ProviderService,
|
|
folderApiService: FolderApiServiceAbstraction,
|
|
private organizationService: InternalOrganizationServiceAbstraction,
|
|
sendApiService: SendApiService,
|
|
private userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
|
|
private avatarService: AvatarService,
|
|
private logoutCallback: (expired: boolean) => Promise<void>,
|
|
private billingAccountProfileStateService: BillingAccountProfileStateService,
|
|
private tokenService: TokenService,
|
|
authService: AuthService,
|
|
) {
|
|
super(
|
|
stateService,
|
|
folderService,
|
|
folderApiService,
|
|
messageSender,
|
|
logService,
|
|
cipherService,
|
|
collectionService,
|
|
apiService,
|
|
accountService,
|
|
authService,
|
|
sendService,
|
|
sendApiService,
|
|
);
|
|
}
|
|
|
|
@sequentialize(() => "fullSync")
|
|
override async fullSync(forceSync: boolean, allowThrowOnError = false): Promise<boolean> {
|
|
this.syncStarted();
|
|
const isAuthenticated = await this.stateService.getIsAuthenticated();
|
|
if (!isAuthenticated) {
|
|
return this.syncCompleted(false);
|
|
}
|
|
|
|
const now = new Date();
|
|
let needsSync = false;
|
|
try {
|
|
needsSync = await this.needsSyncing(forceSync);
|
|
} catch (e) {
|
|
if (allowThrowOnError) {
|
|
this.syncCompleted(false);
|
|
throw e;
|
|
}
|
|
}
|
|
|
|
if (!needsSync) {
|
|
await this.setLastSync(now);
|
|
return this.syncCompleted(false);
|
|
}
|
|
|
|
try {
|
|
await this.apiService.refreshIdentityToken();
|
|
const response = await this.apiService.getSync();
|
|
|
|
await this.syncProfile(response.profile);
|
|
await this.syncFolders(response.folders);
|
|
await this.syncCollections(response.collections);
|
|
await this.syncCiphers(response.ciphers);
|
|
await this.syncSends(response.sends);
|
|
await this.syncSettings(response.domains);
|
|
await this.syncPolicies(response.policies);
|
|
|
|
await this.setLastSync(now);
|
|
return this.syncCompleted(true);
|
|
} catch (e) {
|
|
if (allowThrowOnError) {
|
|
this.syncCompleted(false);
|
|
throw e;
|
|
} else {
|
|
return this.syncCompleted(false);
|
|
}
|
|
}
|
|
}
|
|
|
|
private async needsSyncing(forceSync: boolean) {
|
|
if (forceSync) {
|
|
return true;
|
|
}
|
|
|
|
const lastSync = await this.getLastSync();
|
|
if (lastSync == null || lastSync.getTime() === 0) {
|
|
return true;
|
|
}
|
|
|
|
const response = await this.apiService.getAccountRevisionDate();
|
|
if (new Date(response) <= lastSync) {
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
private async syncProfile(response: ProfileResponse) {
|
|
const stamp = await this.tokenService.getSecurityStamp(response.id);
|
|
if (stamp != null && stamp !== response.securityStamp) {
|
|
if (this.logoutCallback != null) {
|
|
await this.logoutCallback(true);
|
|
}
|
|
|
|
throw new Error("Stamp has changed");
|
|
}
|
|
|
|
await this.cryptoService.setMasterKeyEncryptedUserKey(response.key);
|
|
await this.cryptoService.setPrivateKey(response.privateKey, response.id);
|
|
await this.cryptoService.setProviderKeys(response.providers, response.id);
|
|
await this.cryptoService.setOrgKeys(
|
|
response.organizations,
|
|
response.providerOrganizations,
|
|
response.id,
|
|
);
|
|
await this.avatarService.setSyncAvatarColor(response.id, response.avatarColor);
|
|
await this.tokenService.setSecurityStamp(response.securityStamp, response.id);
|
|
await this.accountService.setAccountEmailVerified(response.id, response.emailVerified);
|
|
|
|
await this.billingAccountProfileStateService.setHasPremium(
|
|
response.premiumPersonally,
|
|
response.premiumFromOrganization,
|
|
);
|
|
await this.keyConnectorService.setUsesKeyConnector(response.usesKeyConnector);
|
|
|
|
await this.setForceSetPasswordReasonIfNeeded(response);
|
|
|
|
const providers: { [id: string]: ProviderData } = {};
|
|
response.providers.forEach((p) => {
|
|
providers[p.id] = new ProviderData(p);
|
|
});
|
|
|
|
await this.providerService.save(providers);
|
|
|
|
await this.syncProfileOrganizations(response);
|
|
|
|
if (await this.keyConnectorService.userNeedsMigration()) {
|
|
await this.keyConnectorService.setConvertAccountRequired(true);
|
|
this.messageSender.send("convertAccountToKeyConnector");
|
|
} else {
|
|
// FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
|
|
// eslint-disable-next-line @typescript-eslint/no-floating-promises
|
|
this.keyConnectorService.removeConvertAccountRequired();
|
|
}
|
|
}
|
|
|
|
private async setForceSetPasswordReasonIfNeeded(profileResponse: ProfileResponse) {
|
|
// The `forcePasswordReset` flag indicates an admin has reset the user's password and must be updated
|
|
if (profileResponse.forcePasswordReset) {
|
|
await this.masterPasswordService.setForceSetPasswordReason(
|
|
ForceSetPasswordReason.AdminForcePasswordReset,
|
|
profileResponse.id,
|
|
);
|
|
}
|
|
|
|
const userDecryptionOptions = await firstValueFrom(
|
|
this.userDecryptionOptionsService.userDecryptionOptionsById$(profileResponse.id),
|
|
);
|
|
|
|
if (userDecryptionOptions === null || userDecryptionOptions === undefined) {
|
|
this.logService.error("Sync: Account decryption options are null or undefined.");
|
|
}
|
|
|
|
// Even though TDE users should only be in a single org (per single org policy), check
|
|
// through all orgs for the manageResetPassword permission. If they have it in any org,
|
|
// they should be forced to set a password.
|
|
let hasManageResetPasswordPermission = false;
|
|
for (const org of profileResponse.organizations) {
|
|
const isAdmin = org.type === OrganizationUserType.Admin;
|
|
const isOwner = org.type === OrganizationUserType.Owner;
|
|
|
|
// Note: apparently permissions only come down populated for custom roles.
|
|
if (isAdmin || isOwner || (org.permissions && org.permissions.manageResetPassword)) {
|
|
hasManageResetPasswordPermission = true;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (
|
|
userDecryptionOptions.trustedDeviceOption !== undefined &&
|
|
!userDecryptionOptions.hasMasterPassword &&
|
|
hasManageResetPasswordPermission
|
|
) {
|
|
// TDE user w/out MP went from having no password reset permission to having it.
|
|
// Must set the force password reset reason so the auth guard will redirect to the set password page.
|
|
const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
|
|
await this.masterPasswordService.setForceSetPasswordReason(
|
|
ForceSetPasswordReason.TdeUserWithoutPasswordHasPasswordResetPermission,
|
|
userId,
|
|
);
|
|
}
|
|
}
|
|
|
|
private async syncProfileOrganizations(response: ProfileResponse) {
|
|
const organizations: { [id: string]: OrganizationData } = {};
|
|
response.organizations.forEach((o) => {
|
|
organizations[o.id] = new OrganizationData(o, {
|
|
isMember: true,
|
|
isProviderUser: false,
|
|
});
|
|
});
|
|
|
|
response.providerOrganizations.forEach((o) => {
|
|
if (organizations[o.id] == null) {
|
|
organizations[o.id] = new OrganizationData(o, {
|
|
isMember: false,
|
|
isProviderUser: true,
|
|
});
|
|
} else {
|
|
organizations[o.id].isProviderUser = true;
|
|
}
|
|
});
|
|
|
|
await this.organizationService.replace(organizations);
|
|
}
|
|
|
|
private async syncFolders(response: FolderResponse[]) {
|
|
const folders: { [id: string]: FolderData } = {};
|
|
response.forEach((f) => {
|
|
folders[f.id] = new FolderData(f);
|
|
});
|
|
return await this.folderService.replace(folders);
|
|
}
|
|
|
|
private async syncCollections(response: CollectionDetailsResponse[]) {
|
|
const collections: { [id: string]: CollectionData } = {};
|
|
response.forEach((c) => {
|
|
collections[c.id] = new CollectionData(c);
|
|
});
|
|
return await this.collectionService.replace(collections);
|
|
}
|
|
|
|
private async syncCiphers(response: CipherResponse[]) {
|
|
const ciphers: { [id: string]: CipherData } = {};
|
|
response.forEach((c) => {
|
|
ciphers[c.id] = new CipherData(c);
|
|
});
|
|
return await this.cipherService.replace(ciphers);
|
|
}
|
|
|
|
private async syncSends(response: SendResponse[]) {
|
|
const sends: { [id: string]: SendData } = {};
|
|
response.forEach((s) => {
|
|
sends[s.id] = new SendData(s);
|
|
});
|
|
return await this.sendService.replace(sends);
|
|
}
|
|
|
|
private async syncSettings(response: DomainsResponse) {
|
|
let eqDomains: string[][] = [];
|
|
if (response != null && response.equivalentDomains != null) {
|
|
eqDomains = eqDomains.concat(response.equivalentDomains);
|
|
}
|
|
|
|
if (response != null && response.globalEquivalentDomains != null) {
|
|
response.globalEquivalentDomains.forEach((global) => {
|
|
if (global.domains.length > 0) {
|
|
eqDomains.push(global.domains);
|
|
}
|
|
});
|
|
}
|
|
|
|
return this.domainSettingsService.setEquivalentDomains(eqDomains);
|
|
}
|
|
|
|
private async syncPolicies(response: PolicyResponse[]) {
|
|
const policies: { [id: string]: PolicyData } = {};
|
|
if (response != null) {
|
|
response.forEach((p) => {
|
|
policies[p.id] = new PolicyData(p);
|
|
});
|
|
}
|
|
return await this.policyService.replace(policies);
|
|
}
|
|
}
|