2018-02-02 04:55:49 +01:00
|
|
|
import { TwoFactorProviderType } from '../enums/twoFactorProviderType';
|
|
|
|
|
|
|
|
import { AuthResult } from '../models/domain/authResult';
|
|
|
|
import { SymmetricCryptoKey } from '../models/domain/symmetricCryptoKey';
|
|
|
|
|
2018-01-23 21:58:13 +01:00
|
|
|
import { DeviceRequest } from '../models/request/deviceRequest';
|
|
|
|
import { TokenRequest } from '../models/request/tokenRequest';
|
|
|
|
|
2018-02-02 04:55:49 +01:00
|
|
|
import { IdentityTokenResponse } from '../models/response/identityTokenResponse';
|
|
|
|
import { IdentityTwoFactorResponse } from '../models/response/identityTwoFactorResponse';
|
|
|
|
|
2018-01-23 21:58:13 +01:00
|
|
|
import { ConstantsService } from '../services/constants.service';
|
|
|
|
|
|
|
|
import { ApiService } from '../abstractions/api.service';
|
|
|
|
import { AppIdService } from '../abstractions/appId.service';
|
|
|
|
import { CryptoService } from '../abstractions/crypto.service';
|
2018-02-02 04:55:49 +01:00
|
|
|
import { I18nService } from '../abstractions/i18n.service';
|
2018-01-23 21:58:13 +01:00
|
|
|
import { MessagingService } from '../abstractions/messaging.service';
|
|
|
|
import { PlatformUtilsService } from '../abstractions/platformUtils.service';
|
|
|
|
import { TokenService } from '../abstractions/token.service';
|
|
|
|
import { UserService } from '../abstractions/user.service';
|
|
|
|
|
2018-02-02 04:55:49 +01:00
|
|
|
export const TwoFactorProviders = {
|
|
|
|
[TwoFactorProviderType.Authenticator]: {
|
2018-02-02 18:03:05 +01:00
|
|
|
type: TwoFactorProviderType.Authenticator,
|
2018-02-02 04:55:49 +01:00
|
|
|
name: null as string,
|
|
|
|
description: null as string,
|
|
|
|
priority: 1,
|
|
|
|
},
|
|
|
|
[TwoFactorProviderType.Yubikey]: {
|
2018-02-02 18:03:05 +01:00
|
|
|
type: TwoFactorProviderType.Yubikey,
|
2018-02-02 04:55:49 +01:00
|
|
|
name: null as string,
|
|
|
|
description: null as string,
|
|
|
|
priority: 3,
|
|
|
|
},
|
|
|
|
[TwoFactorProviderType.Duo]: {
|
2018-02-02 18:03:05 +01:00
|
|
|
type: TwoFactorProviderType.Duo,
|
2018-02-02 04:55:49 +01:00
|
|
|
name: 'Duo',
|
|
|
|
description: null as string,
|
|
|
|
priority: 2,
|
|
|
|
},
|
|
|
|
[TwoFactorProviderType.U2f]: {
|
2018-02-02 18:03:05 +01:00
|
|
|
type: TwoFactorProviderType.U2f,
|
2018-02-02 04:55:49 +01:00
|
|
|
name: null as string,
|
|
|
|
description: null as string,
|
|
|
|
priority: 4,
|
|
|
|
},
|
|
|
|
[TwoFactorProviderType.Email]: {
|
2018-02-02 18:03:05 +01:00
|
|
|
type: TwoFactorProviderType.Email,
|
2018-02-02 04:55:49 +01:00
|
|
|
name: null as string,
|
|
|
|
description: null as string,
|
|
|
|
priority: 0,
|
|
|
|
},
|
|
|
|
};
|
|
|
|
|
2018-01-23 21:58:13 +01:00
|
|
|
export class AuthService {
|
2018-02-02 04:55:49 +01:00
|
|
|
email: string;
|
|
|
|
masterPasswordHash: string;
|
|
|
|
twoFactorProviders: Map<TwoFactorProviderType, { [key: string]: string; }>;
|
|
|
|
|
|
|
|
private key: SymmetricCryptoKey;
|
|
|
|
|
|
|
|
constructor(private cryptoService: CryptoService, private apiService: ApiService, private userService: UserService,
|
|
|
|
private tokenService: TokenService, private appIdService: AppIdService, private i18nService: I18nService,
|
|
|
|
private platformUtilsService: PlatformUtilsService, private constantsService: ConstantsService,
|
|
|
|
private messagingService: MessagingService) {
|
2018-01-23 21:58:13 +01:00
|
|
|
}
|
|
|
|
|
2018-02-02 04:55:49 +01:00
|
|
|
init() {
|
|
|
|
TwoFactorProviders[TwoFactorProviderType.Email].name = this.i18nService.t('emailTitle');
|
|
|
|
TwoFactorProviders[TwoFactorProviderType.Email].description = this.i18nService.t('emailDesc');
|
|
|
|
|
|
|
|
TwoFactorProviders[TwoFactorProviderType.Authenticator].name = this.i18nService.t('authenticatorAppTitle');
|
|
|
|
TwoFactorProviders[TwoFactorProviderType.Authenticator].description =
|
|
|
|
this.i18nService.t('authenticatorAppDesc');
|
|
|
|
|
|
|
|
TwoFactorProviders[TwoFactorProviderType.Duo].description = this.i18nService.t('duoDesc');
|
2018-01-23 21:58:13 +01:00
|
|
|
|
2018-02-02 04:55:49 +01:00
|
|
|
TwoFactorProviders[TwoFactorProviderType.U2f].name = this.i18nService.t('u2fTitle');
|
|
|
|
TwoFactorProviders[TwoFactorProviderType.U2f].description = this.i18nService.t('u2fDesc');
|
|
|
|
|
|
|
|
TwoFactorProviders[TwoFactorProviderType.Yubikey].name = this.i18nService.t('yubiKeyTitle');
|
|
|
|
TwoFactorProviders[TwoFactorProviderType.Yubikey].description = this.i18nService.t('yubiKeyDesc');
|
|
|
|
}
|
|
|
|
|
|
|
|
async logIn(email: string, masterPassword: string): Promise<AuthResult> {
|
|
|
|
email = email.toLowerCase();
|
2018-01-23 21:58:13 +01:00
|
|
|
const key = this.cryptoService.makeKey(masterPassword, email);
|
|
|
|
const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key);
|
2018-02-02 04:55:49 +01:00
|
|
|
return await this.logInHelper(email, hashedPassword, key);
|
|
|
|
}
|
|
|
|
|
|
|
|
async logInTwoFactor(twoFactorProvider: TwoFactorProviderType, twoFactorToken: string,
|
|
|
|
remember?: boolean): Promise<AuthResult> {
|
|
|
|
return await this.logInHelper(this.email, this.masterPasswordHash, this.key, twoFactorProvider,
|
|
|
|
twoFactorToken, remember);
|
|
|
|
}
|
2018-01-23 21:58:13 +01:00
|
|
|
|
2018-02-02 04:55:49 +01:00
|
|
|
logOut(callback: Function) {
|
|
|
|
callback();
|
2018-02-15 19:39:18 +01:00
|
|
|
this.messagingService.send('loggedOut');
|
2018-02-02 04:55:49 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
getDefaultTwoFactorProvider(u2fSupported: boolean): TwoFactorProviderType {
|
|
|
|
if (this.twoFactorProviders == null) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
let providerType: TwoFactorProviderType = null;
|
|
|
|
let providerPriority = -1;
|
|
|
|
this.twoFactorProviders.forEach((value, type) => {
|
|
|
|
const provider = (TwoFactorProviders as any)[type];
|
2018-02-02 18:03:05 +01:00
|
|
|
if (provider != null && provider.priority > providerPriority) {
|
2018-02-02 04:55:49 +01:00
|
|
|
if (type === TwoFactorProviderType.U2f && !u2fSupported) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
providerType = type;
|
|
|
|
providerPriority = provider.priority;
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
return providerType;
|
|
|
|
}
|
|
|
|
|
|
|
|
private async logInHelper(email: string, hashedPassword: string, key: SymmetricCryptoKey,
|
|
|
|
twoFactorProvider?: TwoFactorProviderType, twoFactorToken?: string, remember?: boolean): Promise<AuthResult> {
|
|
|
|
const storedTwoFactorToken = await this.tokenService.getTwoFactorToken(email);
|
|
|
|
const appId = await this.appIdService.getAppId();
|
2018-01-23 21:58:13 +01:00
|
|
|
const deviceRequest = new DeviceRequest(appId, this.platformUtilsService);
|
|
|
|
|
|
|
|
let request: TokenRequest;
|
|
|
|
if (twoFactorToken != null && twoFactorProvider != null) {
|
|
|
|
request = new TokenRequest(email, hashedPassword, twoFactorProvider, twoFactorToken, remember,
|
|
|
|
deviceRequest);
|
2018-02-02 04:55:49 +01:00
|
|
|
} else if (storedTwoFactorToken != null) {
|
2018-01-23 21:58:13 +01:00
|
|
|
request = new TokenRequest(email, hashedPassword, this.constantsService.twoFactorProvider.remember,
|
|
|
|
storedTwoFactorToken, false, deviceRequest);
|
|
|
|
} else {
|
|
|
|
request = new TokenRequest(email, hashedPassword, null, null, false, deviceRequest);
|
|
|
|
}
|
|
|
|
|
|
|
|
const response = await this.apiService.postIdentityToken(request);
|
|
|
|
|
2018-02-02 04:55:49 +01:00
|
|
|
this.clearState();
|
|
|
|
const result = new AuthResult();
|
|
|
|
result.twoFactor = !(response as any).accessToken;
|
|
|
|
|
|
|
|
if (result.twoFactor) {
|
2018-01-23 21:58:13 +01:00
|
|
|
// two factor required
|
2018-02-02 04:55:49 +01:00
|
|
|
const twoFactorResponse = response as IdentityTwoFactorResponse;
|
|
|
|
this.email = email;
|
|
|
|
this.masterPasswordHash = hashedPassword;
|
|
|
|
this.key = key;
|
|
|
|
this.twoFactorProviders = twoFactorResponse.twoFactorProviders2;
|
|
|
|
result.twoFactorProviders = twoFactorResponse.twoFactorProviders2;
|
|
|
|
return result;
|
2018-01-23 21:58:13 +01:00
|
|
|
}
|
|
|
|
|
2018-02-02 04:55:49 +01:00
|
|
|
const tokenResponse = response as IdentityTokenResponse;
|
|
|
|
if (tokenResponse.twoFactorToken != null) {
|
|
|
|
this.tokenService.setTwoFactorToken(tokenResponse.twoFactorToken, email);
|
2018-01-23 21:58:13 +01:00
|
|
|
}
|
|
|
|
|
2018-02-02 04:55:49 +01:00
|
|
|
await this.tokenService.setTokens(tokenResponse.accessToken, tokenResponse.refreshToken);
|
2018-01-23 21:58:13 +01:00
|
|
|
await this.cryptoService.setKey(key);
|
|
|
|
await this.cryptoService.setKeyHash(hashedPassword);
|
|
|
|
await this.userService.setUserIdAndEmail(this.tokenService.getUserId(), this.tokenService.getEmail());
|
2018-02-02 04:55:49 +01:00
|
|
|
await this.cryptoService.setEncKey(tokenResponse.key);
|
|
|
|
await this.cryptoService.setEncPrivateKey(tokenResponse.privateKey);
|
2018-01-23 21:58:13 +01:00
|
|
|
|
|
|
|
this.messagingService.send('loggedIn');
|
2018-02-02 04:55:49 +01:00
|
|
|
return result;
|
2018-01-23 21:58:13 +01:00
|
|
|
}
|
|
|
|
|
2018-02-02 04:55:49 +01:00
|
|
|
private clearState(): void {
|
|
|
|
this.email = null;
|
|
|
|
this.masterPasswordHash = null;
|
|
|
|
this.twoFactorProviders = null;
|
2018-01-23 21:58:13 +01:00
|
|
|
}
|
|
|
|
}
|