mirror of
https://github.com/bitwarden/browser
synced 2025-12-15 15:53:27 +00:00
1f60bcdcc0
* feat(change-password-component): Change Password Update [18720] - Very close to complete. * fix(policy-enforcement): [PM-21085] Fix Bug with Policy Enforcement - Removed temp code to force the state I need to verify correctness. * fix(policy-enforcement): [PM-21085] Fix Bug with Policy Enforcement - Recover account working with change password component. * fix(policy-enforcement): [PM-21085] Fix Bug with Policy Enforcement - Made code more dry. * fix(change-password-component): Change Password Update [18720] - Updates to routing and the extension. Extension is still a wip. * fix(change-password-component): Change Password Update [18720] - Extension routing changes. * feat(change-password-component): Change Password Update [18720] - More extension work * feat(change-password-component): Change Password Update [18720] - Pausing work for now while we wait for product to hear back. * feat(change-password-component): Change Password Update [18720] - Removed duplicated anon layouts. * feat(change-password-component): Change Password Update [18720] - Tidied up code. * feat(change-password-component): Change Password Update [18720] - Small fixes to the styling * feat(change-password-component): Change Password Update [18720] - Adding more content for the routing. * feat(change-password-component): Change Password Update [18720] - Removed circular loop for now. * feat(change-password-component): Change Password Update [18720] - Made comments regarding the change password routing complexities with change-password and auth guard. * feat(change-password-component): Change Password Update [18720] - Undid some changes because they will be conflicts later on. * feat(change-password-component): Change Password Update [18720] - Small directive change. * feat(change-password-component): Change Password Update [18720] - Small changes and added some clarification on where I'm blocked * feat(change-password-component): Change Password Update [18720] - Org invite is seemingly working, found one bug to iron out. * refactor(change-password-component): Change Password Update [18720] - Fixed up policy service to be made more clear. * docs(change-password-component): Change Password Update [18720] - Updated documentation. * refactor(change-password-component): Change Password Update [18720] - Routing changes and policy service changes. * fix(change-password-component): Change Password Update [18720] - Wrapping up changes. * feat(change-password-component): Change Password Update [18720] - Should be working fully * feat(change-password-component): Change Password Update [18720] - Found a bug, working on password policy being present on login. * feat(change-password-component): Change Password Update [18720] - Turned on auth guard on other clients for change-password route. * feat(change-password-component): Change Password Update [18720] - Committing intermediate changes. * feat(change-password-component): Change Password Update [18720] - The master password policy endpoint has been added! Should be working. Testing now. * feat(change-password-component): Change Password Update [18720] - Minor fixes. * feat(change-password-component): Change Password Update [18720] - Undid naming change. * feat(change-password-component): Change Password Update [18720] - Removed comment. * feat(change-password-component): Change Password Update [18720] - Removed unneeded code. * fix(change-password-component): Change Password Update [18720] - Took org invite state out of service and made it accessible. * fix(change-password-component): Change Password Update [18720] - Small changes. * fix(change-password-component): Change Password Update [18720] - Split up org invite service into client specific implementations and have them injected into clients properly * feat(change-password-component): Change Password Update [18720] - Stopping work and going to switch to a new branch to pare down some of the solutions that were made to get this over the finish line * feat(change-password-component): Change Password Update [18720] - Started to remove functionality in the login.component and the password login strategy. * feat(change-password-component): Change Password Update [18720] - Removed more unneded changes. * feat(change-password-component): Change Password Update [18720] - Change password clearing state working properly. * fix(change-password-component): Change Password Update [18720] - Added docs and moved web implementation. * comments(change-password-component): Change Password Update [18720] - Added more notes. * test(change-password-component): Change Password Update [18720] - Added in tests for policy service. * comment(change-password-component): Change Password Update [18720] - Updated doc with correct ticket number. * comment(change-password-component): Change Password Update [18720] - Fixed doc. * test(change-password-component): Change Password Update [18720] - Fixed tests. * test(change-password-component): Change Password Update [18720] - Fixed linting errors. Have more tests to fix. * test(change-password-component): Change Password Update [18720] - Added back in ignore for typesafety. * fix(change-password-component): Change Password Update [18720] - Fixed other type issues. * test(change-password-component): Change Password Update [18720] - Fixed tests. * test(change-password-component): Change Password Update [18720] - Fixed more tests. * test(change-password-component): Change Password Update [18720] - Fixed tiny duplicate code. * fix(change-password-component): Change Password Update [18720] - Fixed desktop component. * fix(change-password-component): Change Password Update [18720] - Removed unused code * fix(change-password-component): Change Password Update [18720] - Fixed locales. * fix(change-password-component): Change Password Update [18720] - Removed tracing. * fix(change-password-component): Change Password Update [18720] - Removed duplicative services module entry. * fix(change-password-component): Change Password Update [18720] - Added comment. * fix(change-password-component): Change Password Update [18720] - Fixed unneeded call in two factor to get user id. * fix(change-password-component): Change Password Update [18720] - Fixed a couple of tiny things. * fix(change-password-component): Change Password Update [18720] - Added comment for later fix. * fix(change-password-component): Change Password Update [18720] - Fixed linting error. * PM-18720 - AuthGuard - move call to get isChangePasswordFlagOn down after other conditions for efficiency. * PM-18720 - PasswordLoginStrategy tests - test new feature flagged combine org invite policies logic for weak password evaluation. * PM-18720 - CLI - fix dep issue * PM-18720 - ChangePasswordComp - extract change password warning up out of input password component * PM-18720 - InputPassword - remove unused dependency. * PM-18720 - ChangePasswordComp - add callout dep * PM-18720 - Revert all anon-layout changes * PM-18720 - Anon Layout - finish reverting changes. * PM-18720 - WIP move of change password out of libs/auth * PM-18720 - Clean up remaining imports from moving change password out of libs/auth * PM-18720 - Add change-password barrel file for better import grouping * PM-18720 - Change Password comp - restore maxWidth * PM-18720 - After merge, fix errors * PM-18720 - Desktop - fix api service import * PM-18720 - NDV - fix routing. * PM-18720 - Change Password Comp - add logout service todo * PM-18720 - PasswordSettings - per feedback, component is already feature flagged behind PM16117_ChangeExistingPasswordRefactor so we can just delete the replaced callout (new text is in change-password comp) * PM-18720 - Routing Modules - properly flag new component behind feature flag. * PM-18720 - SSO Login Strategy - fix config service import since it is now in shared deps from main merge. * PM-18720 - Fix SSO login strategy tests * PM-18720 - Default Policy Service - address AC PR feedback --------- Co-authored-by: Jared Snider <jsnider@bitwarden.com> Co-authored-by: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
259 lines
9.1 KiB
TypeScript
259 lines
9.1 KiB
TypeScript
// FIXME: Update this file to be type safe and remove this and next line
|
|
// @ts-strict-ignore
|
|
import { Component, OnDestroy, OnInit } from "@angular/core";
|
|
import { Router } from "@angular/router";
|
|
import { firstValueFrom, map } from "rxjs";
|
|
|
|
import { ChangePasswordComponent as BaseChangePasswordComponent } from "@bitwarden/angular/auth/components/change-password.component";
|
|
import { AuditService } from "@bitwarden/common/abstractions/audit.service";
|
|
import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
|
|
import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
|
|
import { MasterPasswordApiService } from "@bitwarden/common/auth/abstractions/master-password-api.service.abstraction";
|
|
import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
|
|
import { PasswordRequest } from "@bitwarden/common/auth/models/request/password.request";
|
|
import { getUserId } from "@bitwarden/common/auth/services/account.service";
|
|
import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/key-management/master-password/abstractions/master-password.service.abstraction";
|
|
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
|
|
import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
|
|
import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
|
|
import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
|
|
import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
|
|
import { DialogService, ToastService } from "@bitwarden/components";
|
|
import { KdfConfigService, KeyService } from "@bitwarden/key-management";
|
|
|
|
import { UserKeyRotationService } from "../../key-management/key-rotation/user-key-rotation.service";
|
|
|
|
/**
|
|
* @deprecated use the auth `PasswordSettingsComponent` instead
|
|
*/
|
|
@Component({
|
|
selector: "app-change-password",
|
|
templateUrl: "change-password.component.html",
|
|
standalone: false,
|
|
})
|
|
export class ChangePasswordComponent
|
|
extends BaseChangePasswordComponent
|
|
implements OnInit, OnDestroy
|
|
{
|
|
loading = false;
|
|
rotateUserKey = false;
|
|
currentMasterPassword: string;
|
|
masterPasswordHint: string;
|
|
checkForBreaches = true;
|
|
characterMinimumMessage = "";
|
|
|
|
constructor(
|
|
private auditService: AuditService,
|
|
private cipherService: CipherService,
|
|
private keyRotationService: UserKeyRotationService,
|
|
private masterPasswordApiService: MasterPasswordApiService,
|
|
private router: Router,
|
|
private syncService: SyncService,
|
|
private userVerificationService: UserVerificationService,
|
|
protected accountService: AccountService,
|
|
protected dialogService: DialogService,
|
|
protected i18nService: I18nService,
|
|
protected kdfConfigService: KdfConfigService,
|
|
protected keyService: KeyService,
|
|
protected masterPasswordService: InternalMasterPasswordServiceAbstraction,
|
|
protected messagingService: MessagingService,
|
|
protected platformUtilsService: PlatformUtilsService,
|
|
protected policyService: PolicyService,
|
|
protected toastService: ToastService,
|
|
) {
|
|
super(
|
|
accountService,
|
|
dialogService,
|
|
i18nService,
|
|
kdfConfigService,
|
|
keyService,
|
|
masterPasswordService,
|
|
messagingService,
|
|
platformUtilsService,
|
|
policyService,
|
|
toastService,
|
|
);
|
|
}
|
|
|
|
async ngOnInit() {
|
|
if (!(await this.userVerificationService.hasMasterPassword())) {
|
|
// FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
|
|
// eslint-disable-next-line @typescript-eslint/no-floating-promises
|
|
this.router.navigate(["/settings/security/two-factor"]);
|
|
}
|
|
|
|
await super.ngOnInit();
|
|
|
|
this.characterMinimumMessage = this.i18nService.t("characterMinimum", this.minimumLength);
|
|
}
|
|
|
|
async rotateUserKeyClicked() {
|
|
if (this.rotateUserKey) {
|
|
const activeUserId = await firstValueFrom(this.accountService.activeAccount$.pipe(getUserId));
|
|
|
|
const ciphers = await this.cipherService.getAllDecrypted(activeUserId);
|
|
let hasOldAttachments = false;
|
|
if (ciphers != null) {
|
|
for (let i = 0; i < ciphers.length; i++) {
|
|
if (ciphers[i].organizationId == null && ciphers[i].hasOldAttachments) {
|
|
hasOldAttachments = true;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (hasOldAttachments) {
|
|
const learnMore = await this.dialogService.openSimpleDialog({
|
|
title: { key: "warning" },
|
|
content: { key: "oldAttachmentsNeedFixDesc" },
|
|
acceptButtonText: { key: "learnMore" },
|
|
cancelButtonText: { key: "close" },
|
|
type: "warning",
|
|
});
|
|
|
|
if (learnMore) {
|
|
this.platformUtilsService.launchUri(
|
|
"https://bitwarden.com/help/attachments/#add-storage-space",
|
|
);
|
|
}
|
|
this.rotateUserKey = false;
|
|
return;
|
|
}
|
|
|
|
const result = await this.dialogService.openSimpleDialog({
|
|
title: { key: "rotateEncKeyTitle" },
|
|
content:
|
|
this.i18nService.t("updateEncryptionKeyWarning") +
|
|
" " +
|
|
this.i18nService.t("updateEncryptionKeyAccountExportWarning") +
|
|
" " +
|
|
this.i18nService.t("rotateEncKeyConfirmation"),
|
|
type: "warning",
|
|
});
|
|
|
|
if (!result) {
|
|
this.rotateUserKey = false;
|
|
}
|
|
}
|
|
}
|
|
|
|
async submit() {
|
|
this.loading = true;
|
|
if (this.currentMasterPassword == null || this.currentMasterPassword === "") {
|
|
this.toastService.showToast({
|
|
variant: "error",
|
|
title: this.i18nService.t("errorOccurred"),
|
|
message: this.i18nService.t("masterPasswordRequired"),
|
|
});
|
|
this.loading = false;
|
|
return;
|
|
}
|
|
|
|
if (
|
|
this.masterPasswordHint != null &&
|
|
this.masterPasswordHint.toLowerCase() === this.masterPassword.toLowerCase()
|
|
) {
|
|
this.toastService.showToast({
|
|
variant: "error",
|
|
title: this.i18nService.t("errorOccurred"),
|
|
message: this.i18nService.t("hintEqualsPassword"),
|
|
});
|
|
this.loading = false;
|
|
return;
|
|
}
|
|
|
|
this.leakedPassword = false;
|
|
if (this.checkForBreaches) {
|
|
this.leakedPassword = (await this.auditService.passwordLeaked(this.masterPassword)) > 0;
|
|
}
|
|
|
|
if (!(await this.strongPassword())) {
|
|
this.loading = false;
|
|
return;
|
|
}
|
|
|
|
try {
|
|
if (this.rotateUserKey) {
|
|
await this.syncService.fullSync(true);
|
|
const user = await firstValueFrom(this.accountService.activeAccount$);
|
|
await this.keyRotationService.rotateUserKeyMasterPasswordAndEncryptedData(
|
|
this.currentMasterPassword,
|
|
this.masterPassword,
|
|
user,
|
|
this.masterPasswordHint,
|
|
);
|
|
} else {
|
|
await this.updatePassword(this.masterPassword);
|
|
}
|
|
} catch (e) {
|
|
this.toastService.showToast({
|
|
variant: "error",
|
|
title: this.i18nService.t("errorOccurred"),
|
|
message: e.message,
|
|
});
|
|
} finally {
|
|
this.loading = false;
|
|
}
|
|
}
|
|
|
|
// todo: move this to a service
|
|
// https://bitwarden.atlassian.net/browse/PM-17108
|
|
private async updatePassword(newMasterPassword: string) {
|
|
const currentMasterPassword = this.currentMasterPassword;
|
|
const { userId, email } = await firstValueFrom(
|
|
this.accountService.activeAccount$.pipe(map((a) => ({ userId: a?.id, email: a?.email }))),
|
|
);
|
|
const kdfConfig = await firstValueFrom(this.kdfConfigService.getKdfConfig$(userId));
|
|
|
|
const currentMasterKey = await this.keyService.makeMasterKey(
|
|
currentMasterPassword,
|
|
email,
|
|
kdfConfig,
|
|
);
|
|
const decryptedUserKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(
|
|
currentMasterKey,
|
|
userId,
|
|
);
|
|
if (decryptedUserKey == null) {
|
|
this.toastService.showToast({
|
|
variant: "error",
|
|
title: null,
|
|
message: this.i18nService.t("invalidMasterPassword"),
|
|
});
|
|
return;
|
|
}
|
|
|
|
const newMasterKey = await this.keyService.makeMasterKey(newMasterPassword, email, kdfConfig);
|
|
const newMasterKeyEncryptedUserKey = await this.keyService.encryptUserKeyWithMasterKey(
|
|
newMasterKey,
|
|
decryptedUserKey,
|
|
);
|
|
|
|
const request = new PasswordRequest();
|
|
request.masterPasswordHash = await this.keyService.hashMasterKey(
|
|
this.currentMasterPassword,
|
|
currentMasterKey,
|
|
);
|
|
request.masterPasswordHint = this.masterPasswordHint;
|
|
request.newMasterPasswordHash = await this.keyService.hashMasterKey(
|
|
newMasterPassword,
|
|
newMasterKey,
|
|
);
|
|
request.key = newMasterKeyEncryptedUserKey[1].encryptedString;
|
|
try {
|
|
await this.masterPasswordApiService.postPassword(request);
|
|
this.toastService.showToast({
|
|
variant: "success",
|
|
message: this.i18nService.t("masterPasswordChanged"),
|
|
});
|
|
this.messagingService.send("logout");
|
|
} catch {
|
|
this.toastService.showToast({
|
|
variant: "error",
|
|
title: null,
|
|
message: this.i18nService.t("errorOccurred"),
|
|
});
|
|
}
|
|
}
|
|
}
|