bitwarden-browser/src/services/auth.service.ts

import { TwoFactorProviderType } from '../enums';

import {
    AuthResult,
    SymmetricCryptoKey,
} from '../models/domain';

import {
    DeviceRequest,
    TokenRequest,
} from '../models/request';

import {
    IdentityTokenResponse,
    IdentityTwoFactorResponse,
} from '../models/response';

import { ConstantsService } from '../services/constants.service';

import {
    ApiService,
    AppIdService,
    CryptoService,
    I18nService,
    MessagingService,
    PlatformUtilsService,
    TokenService,
    UserService,
} from '../abstractions';

export const TwoFactorProviders = {
    [TwoFactorProviderType.Authenticator]: {
        type: TwoFactorProviderType.Authenticator,
        name: null as string,
        description: null as string,
        priority: 1,
    },
    [TwoFactorProviderType.Yubikey]: {
        type: TwoFactorProviderType.Yubikey,
        name: null as string,
        description: null as string,
        priority: 3,
    },
    [TwoFactorProviderType.Duo]: {
        type: TwoFactorProviderType.Duo,
        name: 'Duo',
        description: null as string,
        priority: 2,
    },
    [TwoFactorProviderType.U2f]: {
        type: TwoFactorProviderType.U2f,
        name: null as string,
        description: null as string,
        priority: 4,
    },
    [TwoFactorProviderType.Email]: {
        type: TwoFactorProviderType.Email,
        name: null as string,
        description: null as string,
        priority: 0,
    },
};

export class AuthService {
    email: string;
    masterPasswordHash: string;
    twoFactorProviders: Map<TwoFactorProviderType, { [key: string]: string; }>;

    private key: SymmetricCryptoKey;

    constructor(private cryptoService: CryptoService, private apiService: ApiService, private userService: UserService,
        private tokenService: TokenService, private appIdService: AppIdService, private i18nService: I18nService,
        private platformUtilsService: PlatformUtilsService, private constantsService: ConstantsService,
        private messagingService: MessagingService) {
    }

    init() {
        TwoFactorProviders[TwoFactorProviderType.Email].name = this.i18nService.t('emailTitle');
        TwoFactorProviders[TwoFactorProviderType.Email].description = this.i18nService.t('emailDesc');

        TwoFactorProviders[TwoFactorProviderType.Authenticator].name = this.i18nService.t('authenticatorAppTitle');
        TwoFactorProviders[TwoFactorProviderType.Authenticator].description =
            this.i18nService.t('authenticatorAppDesc');

        TwoFactorProviders[TwoFactorProviderType.Duo].description = this.i18nService.t('duoDesc');

        TwoFactorProviders[TwoFactorProviderType.U2f].name = this.i18nService.t('u2fTitle');
        TwoFactorProviders[TwoFactorProviderType.U2f].description = this.i18nService.t('u2fDesc');

        TwoFactorProviders[TwoFactorProviderType.Yubikey].name = this.i18nService.t('yubiKeyTitle');
        TwoFactorProviders[TwoFactorProviderType.Yubikey].description = this.i18nService.t('yubiKeyDesc');
    }

    async logIn(email: string, masterPassword: string): Promise<AuthResult> {
        email = email.toLowerCase();
        const key = this.cryptoService.makeKey(masterPassword, email);
        const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key);
        return await this.logInHelper(email, hashedPassword, key);
    }

    async logInTwoFactor(twoFactorProvider: TwoFactorProviderType, twoFactorToken: string,
        remember?: boolean): Promise<AuthResult> {
        return await this.logInHelper(this.email, this.masterPasswordHash, this.key, twoFactorProvider,
            twoFactorToken, remember);
    }

    logOut(callback: Function) {
        callback();
        this.messagingService.send('loggedOut');
    }

    getDefaultTwoFactorProvider(u2fSupported: boolean): TwoFactorProviderType {
        if (this.twoFactorProviders == null) {
            return null;
        }

        let providerType: TwoFactorProviderType = null;
        let providerPriority = -1;
        this.twoFactorProviders.forEach((value, type) => {
            const provider = (TwoFactorProviders as any)[type];
            if (provider != null && provider.priority > providerPriority) {
                if (type === TwoFactorProviderType.U2f && !u2fSupported) {
                    return;
                }

                providerType = type;
                providerPriority = provider.priority;
            }
        });

        return providerType;
    }

    private async logInHelper(email: string, hashedPassword: string, key: SymmetricCryptoKey,
        twoFactorProvider?: TwoFactorProviderType, twoFactorToken?: string, remember?: boolean): Promise<AuthResult> {
        const storedTwoFactorToken = await this.tokenService.getTwoFactorToken(email);
        const appId = await this.appIdService.getAppId();
        const deviceRequest = new DeviceRequest(appId, this.platformUtilsService);

        let request: TokenRequest;
        if (twoFactorToken != null && twoFactorProvider != null) {
            request = new TokenRequest(email, hashedPassword, twoFactorProvider, twoFactorToken, remember,
                deviceRequest);
        } else if (storedTwoFactorToken != null) {
            request = new TokenRequest(email, hashedPassword, this.constantsService.twoFactorProvider.remember,
                storedTwoFactorToken, false, deviceRequest);
        } else {
            request = new TokenRequest(email, hashedPassword, null, null, false, deviceRequest);
        }

        const response = await this.apiService.postIdentityToken(request);

        this.clearState();
        const result = new AuthResult();
        result.twoFactor = !(response as any).accessToken;

        if (result.twoFactor) {
            // two factor required
            const twoFactorResponse = response as IdentityTwoFactorResponse;
            this.email = email;
            this.masterPasswordHash = hashedPassword;
            this.key = key;
            this.twoFactorProviders = twoFactorResponse.twoFactorProviders2;
            result.twoFactorProviders = twoFactorResponse.twoFactorProviders2;
            return result;
        }

        const tokenResponse = response as IdentityTokenResponse;
        if (tokenResponse.twoFactorToken != null) {
            this.tokenService.setTwoFactorToken(tokenResponse.twoFactorToken, email);
        }

        await this.tokenService.setTokens(tokenResponse.accessToken, tokenResponse.refreshToken);
        await this.cryptoService.setKey(key);
        await this.cryptoService.setKeyHash(hashedPassword);
        await this.userService.setUserIdAndEmail(this.tokenService.getUserId(), this.tokenService.getEmail());
        await this.cryptoService.setEncKey(tokenResponse.key);
        await this.cryptoService.setEncPrivateKey(tokenResponse.privateKey);

        this.messagingService.send('loggedIn');
        return result;
    }

    private clearState(): void {
        this.email = null;
        this.masterPasswordHash = null;
        this.twoFactorProviders = null;
    }
}
reference barrels 2018-02-19 18:33:32 +01:00			`import { TwoFactorProviderType } from '../enums';`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00
reference barrels 2018-02-19 18:33:32 +01:00			`import {`
			`AuthResult,`
			`SymmetricCryptoKey,`
			`} from '../models/domain';`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00
reference barrels 2018-02-19 18:33:32 +01:00			`import {`
			`DeviceRequest,`
			`TokenRequest,`
			`} from '../models/request';`
added auth service 2018-01-23 21:58:13 +01:00
reference barrels 2018-02-19 18:33:32 +01:00			`import {`
			`IdentityTokenResponse,`
			`IdentityTwoFactorResponse,`
			`} from '../models/response';`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00
added auth service 2018-01-23 21:58:13 +01:00			`import { ConstantsService } from '../services/constants.service';`

reference barrels 2018-02-19 18:33:32 +01:00			`import {`
			`ApiService,`
			`AppIdService,`
			`CryptoService,`
			`I18nService,`
			`MessagingService,`
			`PlatformUtilsService,`
			`TokenService,`
			`UserService,`
			`} from '../abstractions';`
added auth service 2018-01-23 21:58:13 +01:00
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`export const TwoFactorProviders = {`
			`[TwoFactorProviderType.Authenticator]: {`
remove unnecessary fields from 2fa providers 2018-02-02 18:03:05 +01:00			`type: TwoFactorProviderType.Authenticator,`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`name: null as string,`
			`description: null as string,`
			`priority: 1,`
			`},`
			`[TwoFactorProviderType.Yubikey]: {`
remove unnecessary fields from 2fa providers 2018-02-02 18:03:05 +01:00			`type: TwoFactorProviderType.Yubikey,`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`name: null as string,`
			`description: null as string,`
			`priority: 3,`
			`},`
			`[TwoFactorProviderType.Duo]: {`
remove unnecessary fields from 2fa providers 2018-02-02 18:03:05 +01:00			`type: TwoFactorProviderType.Duo,`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`name: 'Duo',`
			`description: null as string,`
			`priority: 2,`
			`},`
			`[TwoFactorProviderType.U2f]: {`
remove unnecessary fields from 2fa providers 2018-02-02 18:03:05 +01:00			`type: TwoFactorProviderType.U2f,`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`name: null as string,`
			`description: null as string,`
			`priority: 4,`
			`},`
			`[TwoFactorProviderType.Email]: {`
remove unnecessary fields from 2fa providers 2018-02-02 18:03:05 +01:00			`type: TwoFactorProviderType.Email,`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`name: null as string,`
			`description: null as string,`
			`priority: 0,`
			`},`
			`};`

added auth service 2018-01-23 21:58:13 +01:00			`export class AuthService {`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`email: string;`
			`masterPasswordHash: string;`
			`twoFactorProviders: Map<TwoFactorProviderType, { [key: string]: string; }>;`

			`private key: SymmetricCryptoKey;`

			`constructor(private cryptoService: CryptoService, private apiService: ApiService, private userService: UserService,`
			`private tokenService: TokenService, private appIdService: AppIdService, private i18nService: I18nService,`
			`private platformUtilsService: PlatformUtilsService, private constantsService: ConstantsService,`
			`private messagingService: MessagingService) {`
added auth service 2018-01-23 21:58:13 +01:00			`}`

updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`init() {`
			`TwoFactorProviders[TwoFactorProviderType.Email].name = this.i18nService.t('emailTitle');`
			`TwoFactorProviders[TwoFactorProviderType.Email].description = this.i18nService.t('emailDesc');`

			`TwoFactorProviders[TwoFactorProviderType.Authenticator].name = this.i18nService.t('authenticatorAppTitle');`
			`TwoFactorProviders[TwoFactorProviderType.Authenticator].description =`
			`this.i18nService.t('authenticatorAppDesc');`

			`TwoFactorProviders[TwoFactorProviderType.Duo].description = this.i18nService.t('duoDesc');`
added auth service 2018-01-23 21:58:13 +01:00
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`TwoFactorProviders[TwoFactorProviderType.U2f].name = this.i18nService.t('u2fTitle');`
			`TwoFactorProviders[TwoFactorProviderType.U2f].description = this.i18nService.t('u2fDesc');`

			`TwoFactorProviders[TwoFactorProviderType.Yubikey].name = this.i18nService.t('yubiKeyTitle');`
			`TwoFactorProviders[TwoFactorProviderType.Yubikey].description = this.i18nService.t('yubiKeyDesc');`
			`}`

			`async logIn(email: string, masterPassword: string): Promise<AuthResult> {`
			`email = email.toLowerCase();`
added auth service 2018-01-23 21:58:13 +01:00			`const key = this.cryptoService.makeKey(masterPassword, email);`
			`const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key);`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`return await this.logInHelper(email, hashedPassword, key);`
			`}`

			`async logInTwoFactor(twoFactorProvider: TwoFactorProviderType, twoFactorToken: string,`
			`remember?: boolean): Promise<AuthResult> {`
			`return await this.logInHelper(this.email, this.masterPasswordHash, this.key, twoFactorProvider,`
			`twoFactorToken, remember);`
			`}`
added auth service 2018-01-23 21:58:13 +01:00
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`logOut(callback: Function) {`
			`callback();`
send loggedout message 2018-02-15 19:39:18 +01:00			`this.messagingService.send('loggedOut');`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`}`

			`getDefaultTwoFactorProvider(u2fSupported: boolean): TwoFactorProviderType {`
			`if (this.twoFactorProviders == null) {`
			`return null;`
			`}`

			`let providerType: TwoFactorProviderType = null;`
			`let providerPriority = -1;`
			`this.twoFactorProviders.forEach((value, type) => {`
			`const provider = (TwoFactorProviders as any)[type];`
remove unnecessary fields from 2fa providers 2018-02-02 18:03:05 +01:00			`if (provider != null && provider.priority > providerPriority) {`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`if (type === TwoFactorProviderType.U2f && !u2fSupported) {`
			`return;`
			`}`

			`providerType = type;`
			`providerPriority = provider.priority;`
			`}`
			`});`

			`return providerType;`
			`}`

			`private async logInHelper(email: string, hashedPassword: string, key: SymmetricCryptoKey,`
			`twoFactorProvider?: TwoFactorProviderType, twoFactorToken?: string, remember?: boolean): Promise<AuthResult> {`
			`const storedTwoFactorToken = await this.tokenService.getTwoFactorToken(email);`
			`const appId = await this.appIdService.getAppId();`
added auth service 2018-01-23 21:58:13 +01:00			`const deviceRequest = new DeviceRequest(appId, this.platformUtilsService);`

			`let request: TokenRequest;`
			`if (twoFactorToken != null && twoFactorProvider != null) {`
			`request = new TokenRequest(email, hashedPassword, twoFactorProvider, twoFactorToken, remember,`
			`deviceRequest);`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`} else if (storedTwoFactorToken != null) {`
added auth service 2018-01-23 21:58:13 +01:00			`request = new TokenRequest(email, hashedPassword, this.constantsService.twoFactorProvider.remember,`
			`storedTwoFactorToken, false, deviceRequest);`
			`} else {`
			`request = new TokenRequest(email, hashedPassword, null, null, false, deviceRequest);`
			`}`

			`const response = await this.apiService.postIdentityToken(request);`

updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`this.clearState();`
			`const result = new AuthResult();`
			`result.twoFactor = !(response as any).accessToken;`

			`if (result.twoFactor) {`
added auth service 2018-01-23 21:58:13 +01:00			`// two factor required`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`const twoFactorResponse = response as IdentityTwoFactorResponse;`
			`this.email = email;`
			`this.masterPasswordHash = hashedPassword;`
			`this.key = key;`
			`this.twoFactorProviders = twoFactorResponse.twoFactorProviders2;`
			`result.twoFactorProviders = twoFactorResponse.twoFactorProviders2;`
			`return result;`
added auth service 2018-01-23 21:58:13 +01:00			`}`

updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`const tokenResponse = response as IdentityTokenResponse;`
			`if (tokenResponse.twoFactorToken != null) {`
			`this.tokenService.setTwoFactorToken(tokenResponse.twoFactorToken, email);`
added auth service 2018-01-23 21:58:13 +01:00			`}`

updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`await this.tokenService.setTokens(tokenResponse.accessToken, tokenResponse.refreshToken);`
added auth service 2018-01-23 21:58:13 +01:00			`await this.cryptoService.setKey(key);`
			`await this.cryptoService.setKeyHash(hashedPassword);`
			`await this.userService.setUserIdAndEmail(this.tokenService.getUserId(), this.tokenService.getEmail());`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`await this.cryptoService.setEncKey(tokenResponse.key);`
			`await this.cryptoService.setEncPrivateKey(tokenResponse.privateKey);`
added auth service 2018-01-23 21:58:13 +01:00
			`this.messagingService.send('loggedIn');`
updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`return result;`
added auth service 2018-01-23 21:58:13 +01:00			`}`

updates for 2fa auth services 2018-02-02 04:55:49 +01:00			`private clearState(): void {`
			`this.email = null;`
			`this.masterPasswordHash = null;`
			`this.twoFactorProviders = null;`
added auth service 2018-01-23 21:58:13 +01:00			`}`
			`}`