diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 210e7f51..ec7f6e2f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1 +1,62 @@ Code contributions are welcome! Please commit any pull requests against the `master` branch. + +# Setting up your Local Dev environment for jslib +In order to easily test, check and develop against local changes to jslib across each of the TypeScript/JavaScript clients it is recommended to use symlinks for the submodule so that you only have to make the change once and don't need to x-copy or wait for a commit+merge to checkout, pull and test against your other repos. + +## Prerequisites +1. git bash or other git command line + +## Clone Repos +In order for this to work well, you need to use a consistent relative directory structure. Repos should be cloned in the following way: + +* `./`; we'll call this `/dev` ('cause why not) + * jslib - `git clone https://github.com/bitwarden/jslib.git` (/dev/jslib) + * web - `git clone --recurse-submodules https://github.com/bitwarden/web.git` (/dev/web) + * desktop - `git clone --recurse-submodules https://github.com/bitwarden/desktop.git` (/dev/desktop) + * browser - `git clone --recurse-submodules https://github.com/bitwarden/browser.git` (/dev/browser) + * cli - `git clone --recurse-submodules https://github.com/bitwarden/cli` (/dev/cli) + +You should notice web, desktop, browser and cli each reference jslib as a git submodule. If you've already cloned the repos but didn't use `--recurse-submodules` then you'll need to init those: + +`npm run sub:init` + +## Configure Symlinks +Be aware that using git clone will make symlinks added to your repo be seen by git as plain text file paths, lets make sure this is set to true to prevent that. In the project root run, `git config core.symlinks true`. + +For each project other than jslib, run the following: + +For macOS/Linux: `npm run symlink:mac` + +For Windows: `npm run symlink:win` + +## Updates and Cleanup +* Need to update parent repo that has jslib as a submodule to latest from actual jslib repo? + * Create branch from master (`git checkout -b update-jslib`) + * From new local branch: `npm run sub:pull` (`git submodule foreach git pull origin master`) + * Follow Pull Request notes for commit/push instructions + * Once merged, pull master, rebase your feature branch and then do npm run sub:update to catch your submodule up +* Discard changes made to a submodule + * `git submodule foreach git reset —hard` + + +## Merge Conflicts +At times when you need to perform a `git merge master` into your feature or local branch, and there are conflicting version references to the *jslib* repo from your other clients, you will not be able to use the traditional merge or stage functions you would normally use for a file. + +To resolve you must use either `git reset` or update the index directly using `git update-index`. You can use (depending on whether you have symlink'd jslib) one of the following: + +```bash +git reset master -- jslib +git reset master@{upstream} -- jslib +git reset HEAD -- jslib +git reset MERGE_HEAD -- jslib +``` + +Those should automatically stage the change and reset the jslib submodule back to where it needs to be (generally at the latest version from `master`). + +The other option is to update the index directly using the plumbing command git update-index. To do that, you need to know that an object of type gitlink (i.e., directory entry in a parent repository that points to a submodule) is 0160000. You can figure it out from `git ls-files -s` or the following reference (see "1110 (gitlink)" under 4-bit object type): https://github.com/gitster/git/blob/master/Documentation/technical/index-format.txt + +To use that approach, figure out the hash you want to set the submodule to, then run, e.g.: + +`git update-index --cacheinfo 0160000,533da4ea00703f4ad6d5518e1ce81d20261c40c0,jslib` + +see: [https://stackoverflow.com/questions/26617838/how-to-resolve-git-submodule-conflict-if-submodule-is-not-initialized](https://stackoverflow.com/questions/26617838/how-to-resolve-git-submodule-conflict-if-submodule-is-not-initialized) diff --git a/src/abstractions/api.service.ts b/src/abstractions/api.service.ts index a0adc7e5..5ab243a4 100644 --- a/src/abstractions/api.service.ts +++ b/src/abstractions/api.service.ts @@ -141,6 +141,7 @@ export abstract class ApiService { postAccountKeys: (request: KeysRequest) => Promise; postAccountVerifyEmail: () => Promise; postAccountVerifyEmailToken: (request: VerifyEmailRequest) => Promise; + postAccountVerifyPassword: (request: PasswordVerificationRequest) => Promise; postAccountRecoverDelete: (request: DeleteRecoverRequest) => Promise; postAccountRecoverDeleteToken: (request: VerifyDeleteRecoverRequest) => Promise; postAccountKdf: (request: KdfRequest) => Promise; diff --git a/src/abstractions/auth.service.ts b/src/abstractions/auth.service.ts index de7481ce..21bba196 100644 --- a/src/abstractions/auth.service.ts +++ b/src/abstractions/auth.service.ts @@ -6,10 +6,14 @@ import { SymmetricCryptoKey } from '../models/domain/symmetricCryptoKey'; export abstract class AuthService { email: string; masterPasswordHash: string; + code: string; + codeVerifier: string; + ssoRedirectUrl: string; twoFactorProvidersData: Map; selectedTwoFactorProviderType: TwoFactorProviderType; logIn: (email: string, masterPassword: string) => Promise; + logInSso: (code: string, codeVerifier: string, redirectUrl: string) => Promise; logInTwoFactor: (twoFactorProvider: TwoFactorProviderType, twoFactorToken: string, remember?: boolean) => Promise; logInComplete: (email: string, masterPassword: string, twoFactorProvider: TwoFactorProviderType, @@ -18,4 +22,6 @@ export abstract class AuthService { getSupportedTwoFactorProviders: (win: Window) => any[]; getDefaultTwoFactorProvider: (u2fSupported: boolean) => TwoFactorProviderType; makePreloginKey: (masterPassword: string, email: string) => Promise; + authingWithSso: () => boolean; + authingWithPassword: () => boolean; } diff --git a/src/angular/components/add-edit.component.ts b/src/angular/components/add-edit.component.ts index 87c7cd3f..a0909cb2 100644 --- a/src/angular/components/add-edit.component.ts +++ b/src/angular/components/add-edit.component.ts @@ -78,6 +78,7 @@ export class AddEditComponent implements OnInit { addFieldTypeOptions: any[]; uriMatchOptions: any[]; ownershipOptions: any[] = []; + currentDate = new Date(); protected writeableCollections: CollectionView[]; private previousCipherId: string; diff --git a/src/angular/components/lock.component.ts b/src/angular/components/lock.component.ts index 107ab471..0cf22362 100644 --- a/src/angular/components/lock.component.ts +++ b/src/angular/components/lock.component.ts @@ -1,6 +1,7 @@ import { OnInit } from '@angular/core'; import { Router } from '@angular/router'; +import { ApiService } from '../../abstractions/api.service'; import { CryptoService } from '../../abstractions/crypto.service'; import { EnvironmentService } from '../../abstractions/environment.service'; import { I18nService } from '../../abstractions/i18n.service'; @@ -16,6 +17,8 @@ import { ConstantsService } from '../../services/constants.service'; import { CipherString } from '../../models/domain/cipherString'; import { SymmetricCryptoKey } from '../../models/domain/symmetricCryptoKey'; +import { PasswordVerificationRequest } from '../../models/request/passwordVerificationRequest'; + import { Utils } from '../../misc/utils'; export class LockComponent implements OnInit { @@ -25,6 +28,7 @@ export class LockComponent implements OnInit { email: string; pinLock: boolean = false; webVaultHostname: string = ''; + formPromise: Promise; protected successRoute: string = 'vault'; protected onSuccessfulSubmit: () => void; @@ -36,7 +40,8 @@ export class LockComponent implements OnInit { protected platformUtilsService: PlatformUtilsService, protected messagingService: MessagingService, protected userService: UserService, protected cryptoService: CryptoService, protected storageService: StorageService, protected vaultTimeoutService: VaultTimeoutService, - protected environmentService: EnvironmentService, protected stateService: StateService) { } + protected environmentService: EnvironmentService, protected stateService: StateService, + protected apiService: ApiService) { } async ngOnInit() { this.pinSet = await this.vaultTimeoutService.isPinLockSet(); @@ -98,9 +103,26 @@ export class LockComponent implements OnInit { } else { const key = await this.cryptoService.makeKey(this.masterPassword, this.email, kdf, kdfIterations); const keyHash = await this.cryptoService.hashPassword(this.masterPassword, key); - const storedKeyHash = await this.cryptoService.getKeyHash(); - if (storedKeyHash != null && keyHash != null && storedKeyHash === keyHash) { + let passwordValid = false; + + if (keyHash != null) { + const storedKeyHash = await this.cryptoService.getKeyHash(); + if (storedKeyHash != null) { + passwordValid = storedKeyHash === keyHash; + } else { + const request = new PasswordVerificationRequest(); + request.masterPasswordHash = keyHash; + try { + this.formPromise = this.apiService.postAccountVerifyPassword(request); + await this.formPromise; + passwordValid = true; + await this.cryptoService.setKeyHash(keyHash); + } catch { } + } + } + + if (passwordValid) { if (this.pinSet[0]) { const protectedPin = await this.storageService.get(ConstantsService.protectedPin); const encKey = await this.cryptoService.getEncKey(key); diff --git a/src/angular/components/register.component.ts b/src/angular/components/register.component.ts index b3ad95d3..b3f689fc 100644 --- a/src/angular/components/register.component.ts +++ b/src/angular/components/register.component.ts @@ -1,6 +1,7 @@ import { Router } from '@angular/router'; import { KeysRequest } from '../../models/request/keysRequest'; +import { ReferenceEventRequest } from '../../models/request/referenceEventRequest'; import { RegisterRequest } from '../../models/request/registerRequest'; import { ApiService } from '../../abstractions/api.service'; @@ -22,7 +23,7 @@ export class RegisterComponent { showPassword: boolean = false; formPromise: Promise; masterPasswordScore: number; - referenceId: string; + referenceData: ReferenceEventRequest; protected successRoute = 'login'; private masterPasswordStrengthTimeout: any; @@ -111,7 +112,7 @@ export class RegisterComponent { const hashedPassword = await this.cryptoService.hashPassword(this.masterPassword, key); const keys = await this.cryptoService.makeKeyPair(encKey[0]); const request = new RegisterRequest(this.email, this.name, hashedPassword, - this.hint, encKey[1].encryptedString, kdf, kdfIterations, this.referenceId); + this.hint, encKey[1].encryptedString, kdf, kdfIterations, this.referenceData); request.keys = new KeysRequest(keys[0], keys[1].encryptedString); const orgInvite = await this.stateService.get('orgInvitation'); if (orgInvite != null && orgInvite.token != null && orgInvite.organizationUserId != null) { diff --git a/src/angular/components/two-factor.component.ts b/src/angular/components/two-factor.component.ts index 9d337940..94a1e155 100644 --- a/src/angular/components/two-factor.component.ts +++ b/src/angular/components/two-factor.component.ts @@ -52,12 +52,16 @@ export class TwoFactorComponent implements OnInit, OnDestroy { } async ngOnInit() { - if (this.authService.email == null || this.authService.masterPasswordHash == null || + if ((!this.authService.authingWithSso() && !this.authService.authingWithPassword()) || this.authService.twoFactorProvidersData == null) { this.router.navigate([this.loginRoute]); return; } + if (this.authService.authingWithSso()) { + this.successRoute = 'lock'; + } + if (this.initU2f && this.win != null && this.u2fSupported) { let customWebVaultUrl: string = null; if (this.environmentService.baseUrl != null) { diff --git a/src/importers/firefoxCsvImporter.ts b/src/importers/firefoxCsvImporter.ts index 8c5b1c13..a7d6a5b3 100644 --- a/src/importers/firefoxCsvImporter.ts +++ b/src/importers/firefoxCsvImporter.ts @@ -14,10 +14,11 @@ export class FirefoxCsvImporter extends BaseImporter implements Importer { results.forEach((value) => { const cipher = this.initLoginCipher(); - cipher.name = this.getValueOrDefault(this.nameFromUrl(value.hostname), '--'); + const url = this.getValueOrDefault(value.url, this.getValueOrDefault(value.hostname)); + cipher.name = this.getValueOrDefault(this.nameFromUrl(url), '--'); cipher.login.username = this.getValueOrDefault(value.username); cipher.login.password = this.getValueOrDefault(value.password); - cipher.login.uris = this.makeUriArray(value.hostname); + cipher.login.uris = this.makeUriArray(url); this.cleanupCipher(cipher); result.ciphers.push(cipher); }); diff --git a/src/importers/keepass2XmlImporter.ts b/src/importers/keepass2XmlImporter.ts index 1ad213e2..a485d226 100644 --- a/src/importers/keepass2XmlImporter.ts +++ b/src/importers/keepass2XmlImporter.ts @@ -68,6 +68,8 @@ export class KeePass2XmlImporter extends BaseImporter implements Importer { cipher.login.username = value; } else if (key === 'Password') { cipher.login.password = value; + } else if (key === 'otp') { + cipher.login.totp = value.replace('key=', ''); } else if (key === 'Title') { cipher.name = value; } else if (key === 'Notes') { diff --git a/src/misc/utils.ts b/src/misc/utils.ts index e0b70413..4d9bf853 100644 --- a/src/misc/utils.ts +++ b/src/misc/utils.ts @@ -89,6 +89,14 @@ export class Utils { } } + static fromBufferToUrlB64(buffer: ArrayBuffer): string { + const output = this.fromBufferToB64(buffer) + .replace(/\+/g, '-') + .replace(/\//g, '_') + .replace(/=/g, ''); + return output; + } + static fromBufferToUtf8(buffer: ArrayBuffer): string { if (Utils.isNode || Utils.isNativeScript) { return Buffer.from(buffer).toString('utf8'); @@ -204,9 +212,14 @@ export class Utils { } catch (e) { } } - const domain = tldjs != null && tldjs.getDomain != null ? tldjs.getDomain(uriString) : null; - if (domain != null) { - return domain; + try { + const domain = tldjs != null && tldjs.getDomain != null ? tldjs.getDomain(uriString) : null; + + if (domain != null) { + return domain; + } + } catch { + return null; } return null; diff --git a/src/models/data/organizationData.ts b/src/models/data/organizationData.ts index 626691c0..4b0fc769 100644 --- a/src/models/data/organizationData.ts +++ b/src/models/data/organizationData.ts @@ -16,6 +16,7 @@ export class OrganizationData { useTotp: boolean; use2fa: boolean; useApi: boolean; + useBusinessPortal: boolean; selfHost: boolean; usersGetPremium: boolean; seats: number; @@ -35,6 +36,7 @@ export class OrganizationData { this.useTotp = response.useTotp; this.use2fa = response.use2fa; this.useApi = response.useApi; + this.useBusinessPortal = response.useBusinessPortal; this.selfHost = response.selfHost; this.usersGetPremium = response.usersGetPremium; this.seats = response.seats; diff --git a/src/models/domain/authResult.ts b/src/models/domain/authResult.ts index cb4bb57c..0f5b95a5 100644 --- a/src/models/domain/authResult.ts +++ b/src/models/domain/authResult.ts @@ -2,5 +2,6 @@ import { TwoFactorProviderType } from '../../enums/twoFactorProviderType'; export class AuthResult { twoFactor: boolean = false; + resetMasterPassword: boolean = false; twoFactorProviders: Map = null; } diff --git a/src/models/domain/organization.ts b/src/models/domain/organization.ts index 914f8308..21011fb0 100644 --- a/src/models/domain/organization.ts +++ b/src/models/domain/organization.ts @@ -16,6 +16,7 @@ export class Organization { useTotp: boolean; use2fa: boolean; useApi: boolean; + useBusinessPortal: boolean; selfHost: boolean; usersGetPremium: boolean; seats: number; @@ -39,6 +40,7 @@ export class Organization { this.useTotp = obj.useTotp; this.use2fa = obj.use2fa; this.useApi = obj.useApi; + this.useBusinessPortal = obj.useBusinessPortal; this.selfHost = obj.selfHost; this.usersGetPremium = obj.usersGetPremium; this.seats = obj.seats; diff --git a/src/models/request/referenceEventRequest.ts b/src/models/request/referenceEventRequest.ts new file mode 100644 index 00000000..4cd8c507 --- /dev/null +++ b/src/models/request/referenceEventRequest.ts @@ -0,0 +1,5 @@ +export class ReferenceEventRequest { + id: string; + layout: string; + flow: string; +} diff --git a/src/models/request/registerRequest.ts b/src/models/request/registerRequest.ts index f96544e8..a93ac69b 100644 --- a/src/models/request/registerRequest.ts +++ b/src/models/request/registerRequest.ts @@ -1,4 +1,5 @@ import { KeysRequest } from './keysRequest'; +import { ReferenceEventRequest } from './referenceEventRequest'; import { KdfType } from '../../enums/kdfType'; @@ -13,10 +14,10 @@ export class RegisterRequest { organizationUserId: string; kdf: KdfType; kdfIterations: number; - referenceId: string; + referenceData: ReferenceEventRequest; constructor(email: string, name: string, masterPasswordHash: string, masterPasswordHint: string, key: string, - kdf: KdfType, kdfIterations: number, referenceId: string) { + kdf: KdfType, kdfIterations: number, referenceData: ReferenceEventRequest) { this.name = name; this.email = email; this.masterPasswordHash = masterPasswordHash; @@ -24,6 +25,6 @@ export class RegisterRequest { this.key = key; this.kdf = kdf; this.kdfIterations = kdfIterations; - this.referenceId = referenceId; + this.referenceData = referenceData; } } diff --git a/src/models/request/tokenRequest.ts b/src/models/request/tokenRequest.ts index c9bcd5ad..f0ff7024 100644 --- a/src/models/request/tokenRequest.ts +++ b/src/models/request/tokenRequest.ts @@ -5,15 +5,24 @@ import { DeviceRequest } from './deviceRequest'; export class TokenRequest { email: string; masterPasswordHash: string; + code: string; + codeVerifier: string; + redirectUri: string; token: string; provider: TwoFactorProviderType; remember: boolean; device?: DeviceRequest; - constructor(email: string, masterPasswordHash: string, provider: TwoFactorProviderType, + constructor(credentials: string[], codes: string[], provider: TwoFactorProviderType, token: string, remember: boolean, device?: DeviceRequest) { - this.email = email; - this.masterPasswordHash = masterPasswordHash; + if (credentials != null && credentials.length > 1) { + this.email = credentials[0]; + this.masterPasswordHash = credentials[1]; + } else if (codes != null && codes.length > 2) { + this.code = codes[0]; + this.codeVerifier = codes[1]; + this.redirectUri = codes[2]; + } this.token = token; this.provider = provider; this.remember = remember; @@ -22,13 +31,23 @@ export class TokenRequest { toIdentityToken(clientId: string) { const obj: any = { - grant_type: 'password', - username: this.email, - password: this.masterPasswordHash, scope: 'api offline_access', client_id: clientId, }; + if (this.masterPasswordHash != null && this.email != null) { + obj.grant_type = 'password'; + obj.username = this.email; + obj.password = this.masterPasswordHash; + } else if (this.code != null && this.codeVerifier != null && this.redirectUri != null) { + obj.grant_type = 'authorization_code'; + obj.code = this.code; + obj.code_verifier = this.codeVerifier; + obj.redirect_uri = this.redirectUri; + } else { + throw new Error('must provide credentials or codes'); + } + if (this.device) { obj.deviceType = this.device.type; obj.deviceIdentifier = this.device.identifier; diff --git a/src/models/response/identityTokenResponse.ts b/src/models/response/identityTokenResponse.ts index 20adaff7..7ce1afba 100644 --- a/src/models/response/identityTokenResponse.ts +++ b/src/models/response/identityTokenResponse.ts @@ -1,14 +1,19 @@ import { BaseResponse } from './baseResponse'; +import { KdfType } from '../../enums/kdfType'; + export class IdentityTokenResponse extends BaseResponse { accessToken: string; expiresIn: number; refreshToken: string; tokenType: string; + resetMasterPassword: boolean; privateKey: string; key: string; twoFactorToken: string; + kdf: KdfType; + kdfIterations: number; constructor(response: any) { super(response); @@ -17,8 +22,11 @@ export class IdentityTokenResponse extends BaseResponse { this.refreshToken = response.refresh_token; this.tokenType = response.token_type; + this.resetMasterPassword = this.getResponseProperty('ResetMasterPassword'); this.privateKey = this.getResponseProperty('PrivateKey'); this.key = this.getResponseProperty('Key'); this.twoFactorToken = this.getResponseProperty('TwoFactorToken'); + this.kdf = this.getResponseProperty('Kdf'); + this.kdfIterations = this.getResponseProperty('KdfIterations'); } } diff --git a/src/models/response/profileOrganizationResponse.ts b/src/models/response/profileOrganizationResponse.ts index 6a76878c..f14ba971 100644 --- a/src/models/response/profileOrganizationResponse.ts +++ b/src/models/response/profileOrganizationResponse.ts @@ -13,6 +13,7 @@ export class ProfileOrganizationResponse extends BaseResponse { useTotp: boolean; use2fa: boolean; useApi: boolean; + useBusinessPortal: boolean; selfHost: boolean; usersGetPremium: boolean; seats: number; @@ -34,6 +35,7 @@ export class ProfileOrganizationResponse extends BaseResponse { this.useTotp = this.getResponseProperty('UseTotp'); this.use2fa = this.getResponseProperty('Use2fa'); this.useApi = this.getResponseProperty('UseApi'); + this.useBusinessPortal = this.getResponseProperty('UseBusinessPortal'); this.selfHost = this.getResponseProperty('SelfHost'); this.usersGetPremium = this.getResponseProperty('UsersGetPremium'); this.seats = this.getResponseProperty('Seats'); diff --git a/src/models/view/loginUriView.ts b/src/models/view/loginUriView.ts index afa6e200..7ef9fa09 100644 --- a/src/models/view/loginUriView.ts +++ b/src/models/view/loginUriView.ts @@ -26,6 +26,7 @@ export class LoginUriView implements View { private _uri: string = null; private _domain: string = null; private _hostname: string = null; + private _host: string = null; private _canLaunch: boolean = null; // tslint:enable @@ -71,10 +72,28 @@ export class LoginUriView implements View { return this._hostname; } + get host(): string { + if (this.match === UriMatchType.RegularExpression) { + return null; + } + if (this._host == null && this.uri != null) { + this._host = Utils.getHost(this.uri); + if (this._host === '') { + this._host = null; + } + } + + return this._host; + } + get hostnameOrUri(): string { return this.hostname != null ? this.hostname : this.uri; } + get hostOrUri(): string { + return this.host != null ? this.host : this.uri; + } + get isWebsite(): boolean { return this.uri != null && (this.uri.indexOf('http://') === 0 || this.uri.indexOf('https://') === 0 || (this.uri.indexOf('://') < 0 && Utils.tldEndingRegex.test(this.uri))); diff --git a/src/services/api.service.ts b/src/services/api.service.ts index 02d0bd4b..e0981a2f 100644 --- a/src/services/api.service.ts +++ b/src/services/api.service.ts @@ -321,6 +321,10 @@ export class ApiService implements ApiServiceAbstraction { return this.send('POST', '/accounts/verify-email-token', request, false, false); } + postAccountVerifyPassword(request: PasswordVerificationRequest): Promise { + return this.send('POST', '/accounts/verify-password', request, true, false); + } + postAccountRecoverDelete(request: DeleteRecoverRequest): Promise { return this.send('POST', '/accounts/delete-recover', request, false, false); } diff --git a/src/services/auth.service.ts b/src/services/auth.service.ts index ad379f29..9a8d0ec3 100644 --- a/src/services/auth.service.ts +++ b/src/services/auth.service.ts @@ -77,12 +77,13 @@ export const TwoFactorProviders = { export class AuthService implements AuthServiceAbstraction { email: string; masterPasswordHash: string; + code: string; + codeVerifier: string; + ssoRedirectUrl: string; twoFactorProvidersData: Map; selectedTwoFactorProviderType: TwoFactorProviderType = null; private key: SymmetricCryptoKey; - private kdf: KdfType; - private kdfIterations: number; constructor(private cryptoService: CryptoService, private apiService: ApiService, private userService: UserService, private tokenService: TokenService, @@ -116,13 +117,19 @@ export class AuthService implements AuthServiceAbstraction { this.selectedTwoFactorProviderType = null; const key = await this.makePreloginKey(masterPassword, email); const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key); - return await this.logInHelper(email, hashedPassword, key); + return await this.logInHelper(email, hashedPassword, null, null, null, key, + null, null, null); + } + + async logInSso(code: string, codeVerifier: string, redirectUrl: string): Promise { + this.selectedTwoFactorProviderType = null; + return await this.logInHelper(null, null, code, codeVerifier, redirectUrl, null, null, null, null); } async logInTwoFactor(twoFactorProvider: TwoFactorProviderType, twoFactorToken: string, remember?: boolean): Promise { - return await this.logInHelper(this.email, this.masterPasswordHash, this.key, twoFactorProvider, - twoFactorToken, remember); + return await this.logInHelper(this.email, this.masterPasswordHash, this.code, this.codeVerifier, + this.ssoRedirectUrl, this.key, twoFactorProvider, twoFactorToken, remember); } async logInComplete(email: string, masterPassword: string, twoFactorProvider: TwoFactorProviderType, @@ -130,7 +137,8 @@ export class AuthService implements AuthServiceAbstraction { this.selectedTwoFactorProviderType = null; const key = await this.makePreloginKey(masterPassword, email); const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key); - return await this.logInHelper(email, hashedPassword, key, twoFactorProvider, twoFactorToken, remember); + return await this.logInHelper(email, hashedPassword, null, null, null, key, twoFactorProvider, twoFactorToken, + remember); } logOut(callback: Function) { @@ -201,37 +209,59 @@ export class AuthService implements AuthServiceAbstraction { async makePreloginKey(masterPassword: string, email: string): Promise { email = email.trim().toLowerCase(); - this.kdf = null; - this.kdfIterations = null; + let kdf: KdfType = null; + let kdfIterations: number = null; try { const preloginResponse = await this.apiService.postPrelogin(new PreloginRequest(email)); if (preloginResponse != null) { - this.kdf = preloginResponse.kdf; - this.kdfIterations = preloginResponse.kdfIterations; + kdf = preloginResponse.kdf; + kdfIterations = preloginResponse.kdfIterations; } } catch (e) { if (e == null || e.statusCode !== 404) { throw e; } } - return this.cryptoService.makeKey(masterPassword, email, this.kdf, this.kdfIterations); + return this.cryptoService.makeKey(masterPassword, email, kdf, kdfIterations); } - private async logInHelper(email: string, hashedPassword: string, key: SymmetricCryptoKey, - twoFactorProvider?: TwoFactorProviderType, twoFactorToken?: string, remember?: boolean): Promise { + authingWithSso(): boolean { + return this.code != null && this.codeVerifier != null && this.ssoRedirectUrl != null; + } + + authingWithPassword(): boolean { + return this.email != null && this.masterPasswordHash != null; + } + + private async logInHelper(email: string, hashedPassword: string, code: string, codeVerifier: string, + redirectUrl: string, key: SymmetricCryptoKey, twoFactorProvider?: TwoFactorProviderType, + twoFactorToken?: string, remember?: boolean): Promise { const storedTwoFactorToken = await this.tokenService.getTwoFactorToken(email); const appId = await this.appIdService.getAppId(); const deviceRequest = new DeviceRequest(appId, this.platformUtilsService); + let emailPassword: string[] = []; + let codeCodeVerifier: string[] = []; + if (email != null && hashedPassword != null) { + emailPassword = [email, hashedPassword]; + } else { + emailPassword = null; + } + if (code != null && codeVerifier != null && redirectUrl != null) { + codeCodeVerifier = [code, codeVerifier, redirectUrl]; + } else { + codeCodeVerifier = null; + } + let request: TokenRequest; if (twoFactorToken != null && twoFactorProvider != null) { - request = new TokenRequest(email, hashedPassword, twoFactorProvider, twoFactorToken, remember, + request = new TokenRequest(emailPassword, codeCodeVerifier, twoFactorProvider, twoFactorToken, remember, deviceRequest); } else if (storedTwoFactorToken != null) { - request = new TokenRequest(email, hashedPassword, TwoFactorProviderType.Remember, + request = new TokenRequest(emailPassword, codeCodeVerifier, TwoFactorProviderType.Remember, storedTwoFactorToken, false, deviceRequest); } else { - request = new TokenRequest(email, hashedPassword, null, null, false, deviceRequest); + request = new TokenRequest(emailPassword, codeCodeVerifier, null, null, false, deviceRequest); } const response = await this.apiService.postIdentityToken(request); @@ -245,6 +275,9 @@ export class AuthService implements AuthServiceAbstraction { const twoFactorResponse = response as IdentityTwoFactorResponse; this.email = email; this.masterPasswordHash = hashedPassword; + this.code = code; + this.codeVerifier = codeVerifier; + this.ssoRedirectUrl = redirectUrl; this.key = this.setCryptoKeys ? key : null; this.twoFactorProvidersData = twoFactorResponse.twoFactorProviders2; result.twoFactorProviders = twoFactorResponse.twoFactorProviders2; @@ -252,16 +285,21 @@ export class AuthService implements AuthServiceAbstraction { } const tokenResponse = response as IdentityTokenResponse; + result.resetMasterPassword = tokenResponse.resetMasterPassword; if (tokenResponse.twoFactorToken != null) { await this.tokenService.setTwoFactorToken(tokenResponse.twoFactorToken, email); } await this.tokenService.setTokens(tokenResponse.accessToken, tokenResponse.refreshToken); await this.userService.setInformation(this.tokenService.getUserId(), this.tokenService.getEmail(), - this.kdf, this.kdfIterations); + tokenResponse.kdf, tokenResponse.kdfIterations); if (this.setCryptoKeys) { - await this.cryptoService.setKey(key); - await this.cryptoService.setKeyHash(hashedPassword); + if (key != null) { + await this.cryptoService.setKey(key); + } + if (hashedPassword != null) { + await this.cryptoService.setKeyHash(hashedPassword); + } await this.cryptoService.setEncKey(tokenResponse.key); // User doesn't have a key pair yet (old account), let's generate one for them @@ -284,8 +322,12 @@ export class AuthService implements AuthServiceAbstraction { } private clearState(): void { + this.key = null; this.email = null; this.masterPasswordHash = null; + this.code = null; + this.codeVerifier = null; + this.ssoRedirectUrl = null; this.twoFactorProvidersData = null; this.selectedTwoFactorProviderType = null; } diff --git a/src/services/constants.service.ts b/src/services/constants.service.ts index 396ebffa..752648fd 100644 --- a/src/services/constants.service.ts +++ b/src/services/constants.service.ts @@ -23,6 +23,8 @@ export class ConstantsService { static readonly protectedPin: string = 'protectedPin'; static readonly clearClipboardKey: string = 'clearClipboardKey'; static readonly eventCollectionKey: string = 'eventCollection'; + static readonly ssoCodeVerifierKey: string = 'ssoCodeVerifier'; + static readonly ssoStateKey: string = 'ssoState'; readonly environmentUrlsKey: string = ConstantsService.environmentUrlsKey; readonly disableGaKey: string = ConstantsService.disableGaKey; @@ -47,4 +49,6 @@ export class ConstantsService { readonly protectedPin: string = ConstantsService.protectedPin; readonly clearClipboardKey: string = ConstantsService.clearClipboardKey; readonly eventCollectionKey: string = ConstantsService.eventCollectionKey; + readonly ssoCodeVerifierKey: string = ConstantsService.ssoCodeVerifierKey; + readonly ssoStateKey: string = ConstantsService.ssoStateKey; }