1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-12-12 14:56:58 +01:00
bitwarden-browser/common/src/services/crypto.service.ts

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

974 lines
32 KiB
TypeScript
Raw Normal View History

2018-11-08 04:54:56 +01:00
import * as bigInt from "big-integer";
import { EncryptionType } from "../enums/encryptionType";
import { HashPurpose } from "../enums/hashPurpose";
2018-08-14 21:12:10 +02:00
import { KdfType } from "../enums/kdfType";
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
import { KeySuffixOptions } from "../enums/keySuffixOptions";
import { EncArrayBuffer } from "../models/domain/encArrayBuffer";
import { EncryptedObject } from "../models/domain/encryptedObject";
import { EncString } from "../models/domain/encString";
import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";
import { CryptoService as CryptoServiceAbstraction } from "../abstractions/crypto.service";
import { CryptoFunctionService } from "../abstractions/cryptoFunction.service";
import { LogService } from "../abstractions/log.service";
import { PlatformUtilsService } from "../abstractions/platformUtils.service";
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
import { StateService } from "../abstractions/state.service";
import { sequentialize } from "../misc/sequentialize";
import { Utils } from "../misc/utils";
2018-11-08 04:54:56 +01:00
import { EEFLongWordList } from "../misc/wordlist";
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
import { ProfileOrganizationResponse } from "../models/response/profileOrganizationResponse";
import { ProfileProviderOrganizationResponse } from "../models/response/profileProviderOrganizationResponse";
import { ProfileProviderResponse } from "../models/response/profileProviderResponse";
2018-01-25 20:26:09 +01:00
export class CryptoService implements CryptoServiceAbstraction {
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
constructor(
private cryptoFunctionService: CryptoFunctionService,
protected platformUtilService: PlatformUtilsService,
protected logService: LogService,
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
protected stateService: StateService
) {}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
async setKey(key: SymmetricCryptoKey, userId?: string): Promise<any> {
await this.stateService.setCryptoMasterKey(key, { userId: userId });
await this.storeKey(key, userId);
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
async setKeyHash(keyHash: string): Promise<void> {
await this.stateService.setKeyHash(keyHash);
}
async setEncKey(encKey: string): Promise<void> {
if (encKey == null) {
return;
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
await this.stateService.setDecryptedCryptoSymmetricKey(null);
await this.stateService.setEncryptedCryptoSymmetricKey(encKey);
}
async setEncPrivateKey(encPrivateKey: string): Promise<void> {
if (encPrivateKey == null) {
return;
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
await this.stateService.setDecryptedPrivateKey(null);
await this.stateService.setEncryptedPrivateKey(encPrivateKey);
}
async setOrgKeys(
orgs: ProfileOrganizationResponse[],
providerOrgs: ProfileProviderOrganizationResponse[]
): Promise<void> {
const orgKeys: any = {};
orgs.forEach((org) => {
orgKeys[org.id] = org.key;
});
for (const providerOrg of providerOrgs) {
// Convert provider encrypted keys to user encrypted.
const providerKey = await this.getProviderKey(providerOrg.providerId);
const decValue = await this.decryptToBytes(new EncString(providerOrg.key), providerKey);
orgKeys[providerOrg.id] = (await this.rsaEncrypt(decValue)).encryptedString;
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
await this.stateService.setDecryptedOrganizationKeys(null);
return await this.stateService.setEncryptedOrganizationKeys(orgKeys);
2018-06-13 22:48:00 +02:00
}
async setProviderKeys(providers: ProfileProviderResponse[]): Promise<void> {
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
const providerKeys: any = {};
providers.forEach((provider) => {
providerKeys[provider.id] = provider.key;
});
await this.stateService.setDecryptedProviderKeys(null);
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
return await this.stateService.setEncryptedProviderKeys(providerKeys);
}
async getKey(keySuffix?: KeySuffixOptions, userId?: string): Promise<SymmetricCryptoKey> {
const inMemoryKey = await this.stateService.getCryptoMasterKey({ userId: userId });
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
if (inMemoryKey != null) {
return inMemoryKey;
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
keySuffix ||= KeySuffixOptions.Auto;
const symmetricKey = await this.getKeyFromStorage(keySuffix, userId);
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
if (symmetricKey != null) {
// TODO: Refactor here so get key doesn't also set key
this.setKey(symmetricKey, userId);
}
return symmetricKey;
2018-11-08 04:54:56 +01:00
}
async getKeyFromStorage(
keySuffix: KeySuffixOptions,
userId?: string
): Promise<SymmetricCryptoKey> {
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
const key = await this.retrieveKeyFromStorage(keySuffix, userId);
if (key != null) {
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
const symmetricKey = new SymmetricCryptoKey(Utils.fromB64ToArray(key).buffer);
if (!(await this.validateKey(symmetricKey))) {
this.logService.warning("Wrong key, throwing away stored key");
await this.clearSecretKeyStore(userId);
return null;
2021-12-16 13:36:21 +01:00
}
return symmetricKey;
2021-12-16 13:36:21 +01:00
}
return null;
}
2021-12-16 13:36:21 +01:00
async getKeyHash(): Promise<string> {
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
return await this.stateService.getKeyHash();
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
async compareAndUpdateKeyHash(masterPassword: string, key: SymmetricCryptoKey): Promise<boolean> {
const storedKeyHash = await this.getKeyHash();
if (masterPassword != null && storedKeyHash != null) {
const localKeyHash = await this.hashPassword(
masterPassword,
2021-12-16 13:36:21 +01:00
key,
HashPurpose.LocalAuthorization
2021-12-16 13:36:21 +01:00
);
if (localKeyHash != null && storedKeyHash === localKeyHash) {
return true;
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
// TODO: remove serverKeyHash check in 1-2 releases after everyone's keyHash has been updated
const serverKeyHash = await this.hashPassword(
masterPassword,
2021-12-16 13:36:21 +01:00
key,
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
HashPurpose.ServerAuthorization
2021-12-16 13:36:21 +01:00
);
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
if (serverKeyHash != null && storedKeyHash === serverKeyHash) {
await this.setKeyHash(localKeyHash);
return true;
2021-12-16 13:36:21 +01:00
}
}
return false;
}
2018-07-23 21:12:32 +02:00
@sequentialize(() => "getEncKey")
getEncKey(key: SymmetricCryptoKey = null): Promise<SymmetricCryptoKey> {
return this.getEncKeyHelper(key);
2021-12-16 13:36:21 +01:00
}
2018-06-13 23:10:52 +02:00
2018-07-12 23:07:06 +02:00
async getPublicKey(): Promise<ArrayBuffer> {
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
const inMemoryPublicKey = await this.stateService.getPublicKey();
if (inMemoryPublicKey != null) {
return inMemoryPublicKey;
2018-07-12 23:07:06 +02:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
const privateKey = await this.getPrivateKey();
if (privateKey == null) {
return null;
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
const publicKey = await this.cryptoFunctionService.rsaExtractPublicKey(privateKey);
await this.stateService.setPublicKey(publicKey);
return publicKey;
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
async getPrivateKey(): Promise<ArrayBuffer> {
const decryptedPrivateKey = await this.stateService.getDecryptedPrivateKey();
if (decryptedPrivateKey != null) {
return decryptedPrivateKey;
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
const encPrivateKey = await this.stateService.getEncryptedPrivateKey();
if (encPrivateKey == null) {
return null;
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
const privateKey = await this.decryptToBytes(new EncString(encPrivateKey), null);
await this.stateService.setDecryptedPrivateKey(privateKey);
return privateKey;
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
async getFingerprint(userId: string, publicKey?: ArrayBuffer): Promise<string[]> {
if (publicKey == null) {
publicKey = await this.getPublicKey();
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
if (publicKey === null) {
throw new Error("No public key available.");
}
2018-11-08 04:54:56 +01:00
const keyFingerprint = await this.cryptoFunctionService.hash(publicKey, "sha256");
const userFingerprint = await this.cryptoFunctionService.hkdfExpand(
keyFingerprint,
2021-12-16 13:36:21 +01:00
userId,
32,
"sha256"
);
return this.hashPhrase(userFingerprint);
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
@sequentialize(() => "getOrgKeys")
async getOrgKeys(): Promise<Map<string, SymmetricCryptoKey>> {
const orgKeys: Map<string, SymmetricCryptoKey> = new Map<string, SymmetricCryptoKey>();
const decryptedOrganizationKeys = await this.stateService.getDecryptedOrganizationKeys();
if (decryptedOrganizationKeys != null && decryptedOrganizationKeys.size > 0) {
return decryptedOrganizationKeys;
2019-02-13 05:52:50 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
const encOrgKeys = await this.stateService.getEncryptedOrganizationKeys();
if (encOrgKeys == null) {
return null;
}
let setKey = false;
for (const orgId in encOrgKeys) {
if (!encOrgKeys.hasOwnProperty(orgId)) {
continue;
}
2018-08-14 21:12:10 +02:00
const decValue = await this.rsaDecrypt(encOrgKeys[orgId]);
orgKeys.set(orgId, new SymmetricCryptoKey(decValue));
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
setKey = true;
2019-03-05 22:36:11 +01:00
}
if (setKey) {
await this.stateService.setDecryptedOrganizationKeys(orgKeys);
}
2018-07-03 17:41:55 +02:00
return orgKeys;
}
async getOrgKey(orgId: string): Promise<SymmetricCryptoKey> {
if (orgId == null) {
2019-02-13 05:52:50 +01:00
return null;
}
const orgKeys = await this.getOrgKeys();
if (orgKeys == null || !orgKeys.has(orgId)) {
return null;
}
2018-05-16 03:11:20 +02:00
return orgKeys.get(orgId);
}
@sequentialize(() => "getProviderKeys")
async getProviderKeys(): Promise<Map<string, SymmetricCryptoKey>> {
const providerKeys: Map<string, SymmetricCryptoKey> = new Map<string, SymmetricCryptoKey>();
const decryptedProviderKeys = await this.stateService.getDecryptedProviderKeys();
if (decryptedProviderKeys != null && decryptedProviderKeys.size > 0) {
return decryptedProviderKeys;
}
2018-06-13 22:48:00 +02:00
const encProviderKeys = await this.stateService.getEncryptedProviderKeys();
2018-11-14 02:43:45 +01:00
if (encProviderKeys == null) {
return null;
2018-08-28 01:06:36 +02:00
}
let setKey = false;
for (const orgId in encProviderKeys) {
if (!encProviderKeys.hasOwnProperty(orgId)) {
2018-05-09 22:00:15 +02:00
continue;
}
2018-05-09 22:00:15 +02:00
const decValue = await this.rsaDecrypt(encProviderKeys[orgId]);
providerKeys.set(orgId, new SymmetricCryptoKey(decValue));
setKey = true;
}
if (setKey) {
await this.stateService.setDecryptedProviderKeys(providerKeys);
}
return providerKeys;
}
async getProviderKey(providerId: string): Promise<SymmetricCryptoKey> {
if (providerId == null) {
return null;
}
const providerKeys = await this.getProviderKeys();
if (providerKeys == null || !providerKeys.has(providerId)) {
return null;
}
2018-04-23 19:03:47 +02:00
return providerKeys.get(providerId);
}
async hasKey(): Promise<boolean> {
return (
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
(await this.hasKeyInMemory()) ||
2018-04-23 19:03:47 +02:00
(await this.hasKeyStored(KeySuffixOptions.Auto)) ||
(await this.hasKeyStored(KeySuffixOptions.Biometric))
);
}
async hasKeyInMemory(userId?: string): Promise<boolean> {
return (await this.stateService.getCryptoMasterKey({ userId: userId })) != null;
2021-12-16 13:36:21 +01:00
}
2018-04-23 19:03:47 +02:00
async hasKeyStored(keySuffix: KeySuffixOptions, userId?: string): Promise<boolean> {
switch (keySuffix) {
case KeySuffixOptions.Auto:
return (await this.stateService.getCryptoMasterKeyAuto({ userId: userId })) != null;
case KeySuffixOptions.Biometric:
return (await this.stateService.hasCryptoMasterKeyBiometric({ userId: userId })) === true;
default:
return false;
}
2018-04-23 19:03:47 +02:00
}
async hasEncKey(): Promise<boolean> {
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
return (await this.stateService.getEncryptedCryptoSymmetricKey()) != null;
}
async clearKey(clearSecretStorage: boolean = true, userId?: string): Promise<any> {
await this.stateService.setCryptoMasterKey(null, { userId: userId });
await this.stateService.setLegacyEtmKey(null, { userId: userId });
if (clearSecretStorage) {
await this.clearSecretKeyStore(userId);
}
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
async clearStoredKey(keySuffix: KeySuffixOptions) {
keySuffix === KeySuffixOptions.Auto
? await this.stateService.setCryptoMasterKeyAuto(null)
: await this.stateService.setCryptoMasterKeyBiometric(null);
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
async clearKeyHash(userId?: string): Promise<any> {
return await this.stateService.setKeyHash(null, { userId: userId });
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
async clearEncKey(memoryOnly?: boolean, userId?: string): Promise<void> {
await this.stateService.setDecryptedCryptoSymmetricKey(null, { userId: userId });
if (!memoryOnly) {
await this.stateService.setEncryptedCryptoSymmetricKey(null, { userId: userId });
2021-12-16 13:36:21 +01:00
}
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
async clearKeyPair(memoryOnly?: boolean, userId?: string): Promise<any> {
const keysToClear: Promise<void>[] = [
this.stateService.setDecryptedPrivateKey(null, { userId: userId }),
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
this.stateService.setPublicKey(null, { userId: userId }),
2021-12-16 13:36:21 +01:00
];
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
if (!memoryOnly) {
keysToClear.push(this.stateService.setEncryptedPrivateKey(null, { userId: userId }));
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
return Promise.all(keysToClear);
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
async clearOrgKeys(memoryOnly?: boolean, userId?: string): Promise<void> {
await this.stateService.setDecryptedOrganizationKeys(null, { userId: userId });
if (!memoryOnly) {
await this.stateService.setEncryptedOrganizationKeys(null, { userId: userId });
2021-12-16 13:36:21 +01:00
}
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
async clearProviderKeys(memoryOnly?: boolean, userId?: string): Promise<void> {
await this.stateService.setDecryptedProviderKeys(null, { userId: userId });
if (!memoryOnly) {
await this.stateService.setEncryptedProviderKeys(null, { userId: userId });
2021-12-16 13:36:21 +01:00
}
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
async clearPinProtectedKey(userId?: string): Promise<any> {
return await this.stateService.setEncryptedPinProtected(null, { userId: userId });
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
async clearKeys(userId?: string): Promise<any> {
await this.clearKey(true, userId);
await this.clearKeyHash(userId);
await this.clearOrgKeys(false, userId);
await this.clearProviderKeys(false, userId);
await this.clearEncKey(false, userId);
await this.clearKeyPair(false, userId);
await this.clearPinProtectedKey(userId);
2021-12-16 13:36:21 +01:00
}
async toggleKey(): Promise<any> {
const key = await this.getKey();
2021-12-16 13:36:21 +01:00
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
await this.setKey(key);
2021-12-16 13:36:21 +01:00
}
async makeKey(
password: string,
2019-08-29 15:40:50 +02:00
salt: string,
kdf: KdfType,
kdfIterations: number
): Promise<SymmetricCryptoKey> {
2018-08-14 21:12:10 +02:00
let key: ArrayBuffer = null;
2018-08-28 01:58:49 +02:00
if (kdf == null || kdf === KdfType.PBKDF2_SHA256) {
2018-08-14 21:12:10 +02:00
if (kdfIterations == null) {
kdfIterations = 5000;
} else if (kdfIterations < 5000) {
throw new Error("PBKDF2 iteration minimum is 5000.");
2021-12-16 13:36:21 +01:00
}
2018-08-14 21:12:10 +02:00
key = await this.cryptoFunctionService.pbkdf2(password, salt, "sha256", kdfIterations);
2021-12-16 13:36:21 +01:00
} else {
2018-08-14 21:12:10 +02:00
throw new Error("Unknown Kdf.");
2021-12-16 13:36:21 +01:00
}
2019-03-05 22:36:11 +01:00
return new SymmetricCryptoKey(key);
2021-12-16 13:36:21 +01:00
}
2019-08-29 15:40:50 +02:00
async makeKeyFromPin(
pin: string,
salt: string,
kdf: KdfType,
2019-08-29 15:40:50 +02:00
kdfIterations: number,
protectedKeyCs: EncString = null
): Promise<SymmetricCryptoKey> {
2019-08-29 15:40:50 +02:00
if (protectedKeyCs == null) {
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
const pinProtectedKey = await this.stateService.getEncryptedPinProtected();
2019-08-29 15:40:50 +02:00
if (pinProtectedKey == null) {
throw new Error("No PIN protected key found.");
2021-12-16 13:36:21 +01:00
}
protectedKeyCs = new EncString(pinProtectedKey);
2021-12-16 13:36:21 +01:00
}
2019-03-05 22:36:11 +01:00
const pinKey = await this.makePinKey(pin, salt, kdf, kdfIterations);
const decKey = await this.decryptToBytes(protectedKeyCs, pinKey);
return new SymmetricCryptoKey(decKey);
2021-12-16 13:36:21 +01:00
}
async makeShareKey(): Promise<[EncString, SymmetricCryptoKey]> {
2018-04-23 19:03:47 +02:00
const shareKey = await this.cryptoFunctionService.randomBytes(64);
const publicKey = await this.getPublicKey();
const encShareKey = await this.rsaEncrypt(shareKey, publicKey);
return [encShareKey, new SymmetricCryptoKey(shareKey)];
2021-12-16 13:36:21 +01:00
}
async makeKeyPair(key?: SymmetricCryptoKey): Promise<[string, EncString]> {
2018-07-03 17:41:55 +02:00
const keyPair = await this.cryptoFunctionService.rsaGenerateKeyPair(2048);
const publicB64 = Utils.fromBufferToB64(keyPair[0]);
const privateEnc = await this.encrypt(keyPair[1], key);
return [publicB64, privateEnc];
2021-12-16 13:36:21 +01:00
}
async makePinKey(
pin: string,
salt: string,
kdf: KdfType,
kdfIterations: number
): Promise<SymmetricCryptoKey> {
2019-03-05 22:36:11 +01:00
const pinKey = await this.makeKey(pin, salt, kdf, kdfIterations);
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
return await this.stretchKey(pinKey);
2021-12-16 13:36:21 +01:00
}
async makeSendKey(keyMaterial: ArrayBuffer): Promise<SymmetricCryptoKey> {
const sendKey = await this.cryptoFunctionService.hkdf(
keyMaterial,
"bitwarden-send",
2021-12-16 13:36:21 +01:00
"send",
64,
"sha256"
);
return new SymmetricCryptoKey(sendKey);
2021-12-16 13:36:21 +01:00
}
async hashPassword(
password: string,
key: SymmetricCryptoKey,
hashPurpose?: HashPurpose
): Promise<string> {
2018-05-16 03:11:20 +02:00
if (key == null) {
2019-08-29 15:40:50 +02:00
key = await this.getKey();
2021-12-16 13:36:21 +01:00
}
if (password == null || key == null) {
throw new Error("Invalid parameters.");
2021-12-16 13:36:21 +01:00
}
const iterations = hashPurpose === HashPurpose.LocalAuthorization ? 2 : 1;
const hash = await this.cryptoFunctionService.pbkdf2(key.key, password, "sha256", iterations);
return Utils.fromBufferToB64(hash);
2021-12-16 13:36:21 +01:00
}
async makeEncKey(key: SymmetricCryptoKey): Promise<[SymmetricCryptoKey, EncString]> {
2018-11-14 02:43:45 +01:00
const theKey = await this.getKeyForEncryption(key);
2018-04-23 19:03:47 +02:00
const encKey = await this.cryptoFunctionService.randomBytes(64);
2018-08-28 01:06:36 +02:00
return this.buildEncKey(theKey, encKey);
2021-12-16 13:36:21 +01:00
}
async remakeEncKey(
key: SymmetricCryptoKey,
encKey?: SymmetricCryptoKey
): Promise<[SymmetricCryptoKey, EncString]> {
if (encKey == null) {
encKey = await this.getEncKey();
2021-12-16 13:36:21 +01:00
}
2018-08-28 01:06:36 +02:00
return this.buildEncKey(key, encKey.key);
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
async encrypt(plainValue: string | ArrayBuffer, key?: SymmetricCryptoKey): Promise<EncString> {
if (plainValue == null) {
return Promise.resolve(null);
2021-12-16 13:36:21 +01:00
}
let plainBuf: ArrayBuffer;
if (typeof plainValue === "string") {
plainBuf = Utils.fromUtf8ToArray(plainValue).buffer;
2021-12-16 13:36:21 +01:00
} else {
plainBuf = plainValue;
2021-12-16 13:36:21 +01:00
}
const encObj = await this.aesEncrypt(plainBuf, key);
const iv = Utils.fromBufferToB64(encObj.iv);
2018-05-09 22:00:15 +02:00
const data = Utils.fromBufferToB64(encObj.data);
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
const mac = encObj.mac != null ? Utils.fromBufferToB64(encObj.mac) : null;
return new EncString(encObj.key.encType, data, iv, mac);
2021-12-16 13:36:21 +01:00
}
async encryptToBytes(plainValue: ArrayBuffer, key?: SymmetricCryptoKey): Promise<EncArrayBuffer> {
const encValue = await this.aesEncrypt(plainValue, key);
let macLen = 0;
if (encValue.mac != null) {
macLen = encValue.mac.byteLength;
2021-12-16 13:36:21 +01:00
}
2018-05-09 22:00:15 +02:00
const encBytes = new Uint8Array(1 + encValue.iv.byteLength + macLen + encValue.data.byteLength);
encBytes.set([encValue.key.encType]);
encBytes.set(new Uint8Array(encValue.iv), 1);
if (encValue.mac != null) {
encBytes.set(new Uint8Array(encValue.mac), 1 + encValue.iv.byteLength);
2021-12-16 13:36:21 +01:00
}
encBytes.set(new Uint8Array(encValue.data), 1 + encValue.iv.byteLength + macLen);
return new EncArrayBuffer(encBytes.buffer);
2021-12-16 13:36:21 +01:00
}
async rsaEncrypt(data: ArrayBuffer, publicKey?: ArrayBuffer): Promise<EncString> {
2018-07-11 19:30:06 +02:00
if (publicKey == null) {
publicKey = await this.getPublicKey();
2021-12-16 13:36:21 +01:00
}
2018-07-11 19:30:06 +02:00
if (publicKey == null) {
throw new Error("Public key unavailable.");
2021-12-16 13:36:21 +01:00
}
2018-07-11 19:30:06 +02:00
const encBytes = await this.cryptoFunctionService.rsaEncrypt(data, publicKey, "sha1");
return new EncString(EncryptionType.Rsa2048_OaepSha1_B64, Utils.fromBufferToB64(encBytes));
2021-12-16 13:36:21 +01:00
}
async rsaDecrypt(encValue: string, privateKeyValue?: ArrayBuffer): Promise<ArrayBuffer> {
const headerPieces = encValue.split(".");
let encType: EncryptionType = null;
let encPieces: string[];
2021-12-16 13:36:21 +01:00
if (headerPieces.length === 1) {
encType = EncryptionType.Rsa2048_OaepSha256_B64;
encPieces = [headerPieces[0]];
} else if (headerPieces.length === 2) {
2021-12-16 13:36:21 +01:00
try {
encType = parseInt(headerPieces[0], null);
encPieces = headerPieces[1].split("|");
} catch (e) {
this.logService.error(e);
2021-12-16 13:36:21 +01:00
}
}
switch (encType) {
case EncryptionType.Rsa2048_OaepSha256_B64:
case EncryptionType.Rsa2048_OaepSha1_B64:
// HmacSha256 types are deprecated
case EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64:
case EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64:
2021-12-16 13:36:21 +01:00
break;
default:
throw new Error("encType unavailable.");
2021-12-16 13:36:21 +01:00
}
if (encPieces == null || encPieces.length <= 0) {
throw new Error("encPieces unavailable.");
2021-12-16 13:36:21 +01:00
}
const data = Utils.fromB64ToArray(encPieces[0]).buffer;
const privateKey = privateKeyValue ?? (await this.getPrivateKey());
if (privateKey == null) {
throw new Error("No private key.");
2021-12-16 13:36:21 +01:00
}
let alg: "sha1" | "sha256" = "sha1";
switch (encType) {
case EncryptionType.Rsa2048_OaepSha256_B64:
case EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64:
alg = "sha256";
2021-12-16 13:36:21 +01:00
break;
case EncryptionType.Rsa2048_OaepSha1_B64:
case EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64:
2021-12-16 13:36:21 +01:00
break;
default:
throw new Error("encType unavailable.");
2021-12-16 13:36:21 +01:00
}
return this.cryptoFunctionService.rsaDecrypt(data, privateKey, alg);
2021-12-16 13:36:21 +01:00
}
async decryptToBytes(encString: EncString, key?: SymmetricCryptoKey): Promise<ArrayBuffer> {
const iv = Utils.fromB64ToArray(encString.iv).buffer;
const data = Utils.fromB64ToArray(encString.data).buffer;
const mac = encString.mac ? Utils.fromB64ToArray(encString.mac).buffer : null;
const decipher = await this.aesDecryptToBytes(encString.encryptionType, data, iv, mac, key);
if (decipher == null) {
return null;
2021-12-16 13:36:21 +01:00
}
2018-05-09 22:00:15 +02:00
return decipher;
}
2021-12-16 13:36:21 +01:00
async decryptToUtf8(encString: EncString, key?: SymmetricCryptoKey): Promise<string> {
2018-05-07 15:00:49 +02:00
return await this.aesDecryptToUtf8(
encString.encryptionType,
encString.data,
encString.iv,
encString.mac,
2021-12-16 13:36:21 +01:00
key
);
}
async decryptFromBytes(encBuf: ArrayBuffer, key: SymmetricCryptoKey): Promise<ArrayBuffer> {
if (encBuf == null) {
throw new Error("no encBuf.");
2021-12-16 13:36:21 +01:00
}
const encBytes = new Uint8Array(encBuf);
const encType = encBytes[0];
let ctBytes: Uint8Array = null;
let ivBytes: Uint8Array = null;
let macBytes: Uint8Array = null;
2021-12-16 13:36:21 +01:00
switch (encType) {
case EncryptionType.AesCbc128_HmacSha256_B64:
case EncryptionType.AesCbc256_HmacSha256_B64:
if (encBytes.length <= 49) {
// 1 + 16 + 32 + ctLength
return null;
2021-12-16 13:36:21 +01:00
}
ivBytes = encBytes.slice(1, 17);
macBytes = encBytes.slice(17, 49);
ctBytes = encBytes.slice(49);
2021-12-16 13:36:21 +01:00
break;
case EncryptionType.AesCbc256_B64:
if (encBytes.length <= 17) {
// 1 + 16 + ctLength
return null;
2021-12-16 13:36:21 +01:00
}
ivBytes = encBytes.slice(1, 17);
ctBytes = encBytes.slice(17);
2021-12-16 13:36:21 +01:00
break;
default:
return null;
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
return await this.aesDecryptToBytes(
encType,
ctBytes.buffer,
ivBytes.buffer,
macBytes != null ? macBytes.buffer : null,
key
);
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
// EFForg/OpenWireless
// ref https://github.com/EFForg/OpenWireless/blob/master/app/js/diceware.js
async randomNumber(min: number, max: number): Promise<number> {
let rval = 0;
const range = max - min + 1;
const bitsNeeded = Math.ceil(Math.log2(range));
if (bitsNeeded > 53) {
throw new Error("We cannot generate numbers larger than 53 bits.");
}
const bytesNeeded = Math.ceil(bitsNeeded / 8);
2018-05-09 22:00:15 +02:00
const mask = Math.pow(2, bitsNeeded) - 1;
// 7776 -> (2^13 = 8192) -1 == 8191 or 0x00001111 11111111
2018-05-09 22:00:15 +02:00
// Fill a byte array with N random numbers
const byteArray = new Uint8Array(await this.cryptoFunctionService.randomBytes(bytesNeeded));
let p = (bytesNeeded - 1) * 8;
2018-04-23 19:03:47 +02:00
for (let i = 0; i < bytesNeeded; i++) {
rval += byteArray[i] * Math.pow(2, p);
2021-12-16 13:36:21 +01:00
p -= 8;
}
// Use & to apply the mask and reduce the number of recursive lookups
// tslint:disable-next-line
2018-05-07 18:14:40 +02:00
rval = rval & mask;
2018-05-07 15:00:49 +02:00
if (rval >= range) {
// Integer out of acceptable range
return this.randomNumber(min, max);
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
// Return an integer that falls within the range
return min + rval;
2018-05-07 15:00:49 +02:00
}
2018-06-13 23:10:52 +02:00
async validateKey(key: SymmetricCryptoKey) {
2021-12-16 13:36:21 +01:00
try {
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
const encPrivateKey = await this.stateService.getEncryptedPrivateKey();
const encKey = await this.getEncKeyHelper(key);
2018-05-09 22:00:15 +02:00
if (encPrivateKey == null || encKey == null) {
return false;
2021-12-16 13:36:21 +01:00
}
2018-05-09 22:00:15 +02:00
const privateKey = await this.decryptToBytes(new EncString(encPrivateKey), encKey);
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
await this.cryptoFunctionService.rsaExtractPublicKey(privateKey);
} catch (e) {
return false;
2021-12-16 13:36:21 +01:00
}
2018-05-09 22:00:15 +02:00
return true;
2021-12-16 13:36:21 +01:00
}
2018-05-09 22:00:15 +02:00
// Helpers
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
protected async storeKey(key: SymmetricCryptoKey, userId?: string) {
if (await this.shouldStoreKey(KeySuffixOptions.Auto, userId)) {
await this.stateService.setCryptoMasterKeyAuto(key.keyB64, { userId: userId });
} else if (await this.shouldStoreKey(KeySuffixOptions.Biometric, userId)) {
await this.stateService.setCryptoMasterKeyBiometric(key.keyB64, { userId: userId });
2021-12-16 13:36:21 +01:00
} else {
await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
await this.stateService.setCryptoMasterKeyBiometric(null, { userId: userId });
2021-12-16 13:36:21 +01:00
}
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
protected async shouldStoreKey(keySuffix: KeySuffixOptions, userId?: string) {
let shouldStoreKey = false;
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
if (keySuffix === KeySuffixOptions.Auto) {
const vaultTimeout = await this.stateService.getVaultTimeout({ userId: userId });
shouldStoreKey = vaultTimeout == null;
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
} else if (keySuffix === KeySuffixOptions.Biometric) {
const biometricUnlock = await this.stateService.getBiometricUnlock({ userId: userId });
shouldStoreKey = biometricUnlock && this.platformUtilService.supportsSecureStorage();
2021-12-16 13:36:21 +01:00
}
return shouldStoreKey;
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
protected async retrieveKeyFromStorage(keySuffix: KeySuffixOptions, userId?: string) {
return keySuffix === KeySuffixOptions.Auto
? await this.stateService.getCryptoMasterKeyAuto({ userId: userId })
: await this.stateService.getCryptoMasterKeyBiometric({ userId: userId });
2021-12-16 13:36:21 +01:00
}
2018-05-09 22:00:15 +02:00
private async aesEncrypt(data: ArrayBuffer, key: SymmetricCryptoKey): Promise<EncryptedObject> {
const obj = new EncryptedObject();
obj.key = await this.getKeyForEncryption(key);
2018-04-23 19:03:47 +02:00
obj.iv = await this.cryptoFunctionService.randomBytes(16);
2018-05-09 22:00:15 +02:00
obj.data = await this.cryptoFunctionService.aesEncrypt(data, obj.iv, obj.key.encKey);
2021-12-16 13:36:21 +01:00
if (obj.key.macKey != null) {
2018-05-09 22:00:15 +02:00
const macData = new Uint8Array(obj.iv.byteLength + obj.data.byteLength);
macData.set(new Uint8Array(obj.iv), 0);
2018-05-09 22:00:15 +02:00
macData.set(new Uint8Array(obj.data), obj.iv.byteLength);
2018-05-07 15:00:49 +02:00
obj.mac = await this.cryptoFunctionService.hmac(macData.buffer, obj.key.macKey, "sha256");
2021-12-16 13:36:21 +01:00
}
return obj;
2021-12-16 13:36:21 +01:00
}
2018-05-09 22:00:15 +02:00
private async aesDecryptToUtf8(
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
encType: EncryptionType,
2018-05-09 22:00:15 +02:00
data: string,
iv: string,
mac: string,
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
key: SymmetricCryptoKey
2018-05-07 15:00:49 +02:00
): Promise<string> {
const keyForEnc = await this.getKeyForEncryption(key);
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
const theKey = await this.resolveLegacyKey(encType, keyForEnc);
2021-12-16 13:36:21 +01:00
2018-05-07 15:00:49 +02:00
if (theKey.macKey != null && mac == null) {
this.logService.error("mac required.");
2018-05-07 15:00:49 +02:00
return null;
2021-12-16 13:36:21 +01:00
}
2018-05-07 15:00:49 +02:00
if (theKey.encType !== encType) {
this.logService.error("encType unavailable.");
2018-05-07 15:00:49 +02:00
return null;
2021-12-16 13:36:21 +01:00
}
2018-05-09 22:00:15 +02:00
const fastParams = this.cryptoFunctionService.aesDecryptFastParameters(data, iv, mac, theKey);
2018-05-07 15:00:49 +02:00
if (fastParams.macKey != null && fastParams.mac != null) {
const computedMac = await this.cryptoFunctionService.hmacFast(
fastParams.macData,
fastParams.macKey,
2021-12-16 13:36:21 +01:00
"sha256"
);
2018-05-07 18:14:40 +02:00
const macsEqual = await this.cryptoFunctionService.compareFast(fastParams.mac, computedMac);
2018-05-07 15:00:49 +02:00
if (!macsEqual) {
this.logService.error("mac failed.");
2018-05-07 15:00:49 +02:00
return null;
2021-12-16 13:36:21 +01:00
}
}
return this.cryptoFunctionService.aesDecryptFast(fastParams);
}
private async aesDecryptToBytes(
encType: EncryptionType,
2018-05-09 22:00:15 +02:00
data: ArrayBuffer,
iv: ArrayBuffer,
mac: ArrayBuffer,
key: SymmetricCryptoKey
): Promise<ArrayBuffer> {
const keyForEnc = await this.getKeyForEncryption(key);
const theKey = await this.resolveLegacyKey(encType, keyForEnc);
if (theKey.macKey != null && mac == null) {
return null;
}
if (theKey.encType !== encType) {
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
return null;
}
2018-06-13 22:48:00 +02:00
2018-06-13 23:10:52 +02:00
if (theKey.macKey != null && mac != null) {
const macData = new Uint8Array(iv.byteLength + data.byteLength);
macData.set(new Uint8Array(iv), 0);
2018-11-09 14:20:54 +01:00
macData.set(new Uint8Array(data), iv.byteLength);
2018-11-08 04:54:56 +01:00
const computedMac = await this.cryptoFunctionService.hmac(
2019-04-09 15:06:05 +02:00
macData.buffer,
theKey.macKey,
2021-12-16 13:36:21 +01:00
"sha256"
);
2018-08-28 01:06:36 +02:00
if (computedMac === null) {
return null;
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
2018-05-07 18:14:40 +02:00
const macsMatch = await this.cryptoFunctionService.compare(mac, computedMac);
2018-05-07 15:00:49 +02:00
if (!macsMatch) {
this.logService.error("mac failed.");
2018-05-07 15:00:49 +02:00
return null;
2021-12-16 13:36:21 +01:00
}
}
2018-05-09 22:00:15 +02:00
return await this.cryptoFunctionService.aesDecrypt(data, iv, theKey.encKey);
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
private async getKeyForEncryption(key?: SymmetricCryptoKey): Promise<SymmetricCryptoKey> {
if (key != null) {
return key;
2021-12-16 13:36:21 +01:00
}
const encKey = await this.getEncKey();
if (encKey != null) {
return encKey;
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
return await this.getKey();
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
private async resolveLegacyKey(
encType: EncryptionType,
key: SymmetricCryptoKey
): Promise<SymmetricCryptoKey> {
2021-12-16 13:36:21 +01:00
if (
encType === EncryptionType.AesCbc128_HmacSha256_B64 &&
2018-06-13 22:48:00 +02:00
key.encType === EncryptionType.AesCbc256_B64
2021-12-16 13:36:21 +01:00
) {
// Old encrypt-then-mac scheme, make a new key
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
let legacyKey = await this.stateService.getLegacyEtmKey();
if (legacyKey == null) {
legacyKey = new SymmetricCryptoKey(key.key, EncryptionType.AesCbc128_HmacSha256_B64);
await this.stateService.setLegacyEtmKey(legacyKey);
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
return legacyKey;
2021-12-16 13:36:21 +01:00
}
return key;
2021-12-16 13:36:21 +01:00
}
2018-06-13 23:10:52 +02:00
private async stretchKey(key: SymmetricCryptoKey): Promise<SymmetricCryptoKey> {
2018-04-23 19:03:47 +02:00
const newKey = new Uint8Array(64);
const encKey = await this.cryptoFunctionService.hkdfExpand(key.key, "enc", 32, "sha256");
const macKey = await this.cryptoFunctionService.hkdfExpand(key.key, "mac", 32, "sha256");
newKey.set(new Uint8Array(encKey));
newKey.set(new Uint8Array(macKey), 32);
2018-06-13 23:10:52 +02:00
return new SymmetricCryptoKey(newKey.buffer);
2021-12-16 13:36:21 +01:00
}
2018-11-09 14:20:54 +01:00
private async hashPhrase(hash: ArrayBuffer, minimumEntropy: number = 64) {
const entropyPerWord = Math.log(EEFLongWordList.length) / Math.log(2);
2018-11-08 04:54:56 +01:00
let numWords = Math.ceil(minimumEntropy / entropyPerWord);
2021-12-16 13:36:21 +01:00
2018-11-09 14:20:54 +01:00
const hashArr = Array.from(new Uint8Array(hash));
const entropyAvailable = hashArr.length * 4;
2018-11-08 04:54:56 +01:00
if (numWords * entropyPerWord > entropyAvailable) {
throw new Error("Output entropy of hash function is too small");
2021-12-16 13:36:21 +01:00
}
2018-11-08 04:54:56 +01:00
const phrase: string[] = [];
2018-11-09 14:20:54 +01:00
let hashNumber = bigInt.fromArray(hashArr, 256);
2018-11-08 04:54:56 +01:00
while (numWords--) {
const remainder = hashNumber.mod(EEFLongWordList.length);
hashNumber = hashNumber.divide(EEFLongWordList.length);
2018-11-08 04:54:56 +01:00
phrase.push(EEFLongWordList[remainder as any]);
2021-12-16 13:36:21 +01:00
}
2018-11-08 04:54:56 +01:00
return phrase;
2021-12-16 13:36:21 +01:00
}
2019-04-09 15:06:05 +02:00
private async buildEncKey(
key: SymmetricCryptoKey,
2018-06-13 22:48:00 +02:00
encKey: ArrayBuffer
): Promise<[SymmetricCryptoKey, EncString]> {
let encKeyEnc: EncString = null;
2018-08-28 01:06:36 +02:00
if (key.key.byteLength === 32) {
const newKey = await this.stretchKey(key);
encKeyEnc = await this.encrypt(encKey, newKey);
} else if (key.key.byteLength === 64) {
encKeyEnc = await this.encrypt(encKey, key);
2021-12-16 13:36:21 +01:00
} else {
2018-08-28 01:06:36 +02:00
throw new Error("Invalid key size.");
2021-12-16 13:36:21 +01:00
}
2018-08-28 01:06:36 +02:00
return [new SymmetricCryptoKey(encKey), encKeyEnc];
2021-12-16 13:36:21 +01:00
}
[Account Switching] [Feature] Allow clients to store data for more than one user (#491) * [refactor] Extract, rename, and expand StorageServiceOptions * Pulled StorageServiceOptions into its own file * Renamed StorageServiceOptions to StorageOptions * Pulled KeySuffixOpptions into its own file * Converted KeySuffixOptions into an enum from a union type * [refactor] Expand StateService into a full coverage storage proxy * Expand StateService to allow it to manage all data points of the application state regardless of memory. * Expand StateService to allow for storing and managing multiple accounts * [refactor] Create helper services for managing organization and provider state data * [refactor] Implement StateService across service layer * Remove service level variables used for in memory data storage and replaced with calls to StateService * Remove direct calls to StorageService in favor of using StateService as a proxy * [feature] Implement account switching capable services across components and processes * Replace calls to StorageService and deprecated services with calls to a StateService * [chore] Remove unused services Several services are no longer in use because of the expanded state service. These have simply been removed. * [bug] Add loginRedirect to the account model * [bug] Add awaits to newly async calls in TokenService * [bug] Add several missing awaits * [bug] Add state service handlers for AutoConfirmFingerprint * [bug] Move TwoFactorToken to global state * Update unauth-guard.service.ts Add back return true * [refactor] Slim down the boilerplate needed to manage options on StateService calls * [bug] Allow the lock message handler to manipulate a specific acount * [bug] Add missing await to auth guard * [bug] Adjust state scope of several biometric data points * [bug] Ensure vault locking logic can operate over non-active accounts * [style] Fix lint complaints * [bug] Move disableFavicon to global state * [refactor] Remove an unecassary parameter from a StorageOptions instance * [bug] Ensure HtmlStorageService paths are accounted for in StateService * [feature] Add a server url helper to the account model for the account switcher * [refactor] Remove some unused getters from the account model * [bug] Ensure locking and logging out can function over any user * Fix account getting set to null in getAccountFromDisk * [bug] Ensure lock component is always working with the latest active account in state * [chore] Update recent KeyConnector changes to use stateService * [style] Fix lint complaints * [chore] Resolve TokenService merge issues from KeyConnector * [bug] Add missing service arguement * [bug] Correct several default storage option types * [bug] Check for the right key in hasEncKey * [bug] Add enableFullWidth to the account model * [style] Fix lint complaints * [review] Revist remember email * [refactor] Remove RememberEmail from state * setDisableFavicon to correct storage location * [bug] Convert vault lock loop returns into continues to not skip secondary accounts * [review] Sorted state service methods * [bug] Correct neverDomains type on the account model * [review] Rename stateService.purge to stateService.clean * [review] [refactor] Extract lock refresh logic to a load function * [review] [refactor] Extract some timeout logic to dedicated functions * [review] [refactor] Move AuthenticationStatus to a dedicated file * [review] [refactor] Rename Globals to GlobalState * [style] Fix lint complaints * [review] Remove unused global state property for decodedToken * [review] [bug] Adjust state scope for OrganizationInvitation * [review] [bug] Put back the homepage variable in lock guard * [review] Un-try-catch the window creation function * Revert "[review] [bug] Adjust state scope for OrganizationInvitation" This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497. * [bug] Change || to && in recent vault timeout refactor * [bug] Keep up with entire state in storage instead of just accounts and globals Not having access to the last active user was creating issues across clients when restarting the process. For example: when refreshing the page on web we no longer maintain an understanding of who is logged in. To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals. This allows for more flexible saving, like saving activeUserId as a top level storage item. * [style] Fix lint complaints * Revert "[bug] Keep up with entire state in storage instead of just accounts and globals" This reverts commit e8970725be472386358c1e2f06f53663c4979e0e. * [bug] Initialize GlobalState by default * [bug] Only get key hash from storage * [bug] Remove settings storage location overrides * [bug] Only save accessToken to storage * [refactor] Remove unecassary argements from electron crypto state calls * [bug] Ensure keys and tokens load and save to the right locations for web * [style] Fix lint complaints * [bug] Remove keySuffix storage option and split uses into unique methods The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state. This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly. * [bug] Add default vault timeouts to new accounts * [bug] Save appId as a top level storage item * [bug] Add missing await to timeout logic * [bug] Adjust state scope for everBeenUnlocked * [bug] Clear access tokens when loading account state from disk * [bug] Adjust theme to be a global state item * [bug] Adjust null checking for window in state * [bug] Correct getGlobals not pulling from the stored state item * [bug] Null check in memory account before claiming it has a userId * [bug] Scaffold secure storage service when building storage objects on init * [bug] Adjusted state scope of event collection * [bug] Adjusted state scope of vault timeout and action * [bug] Grab account from normal storage if secure storage is requested but does not exist * [bug] Create a State if one is requested from memory before it exists * [bug] Ensure all storage locations are cleared on state clean * [style] Fix lint complaints * [bug] Remove uneeded clearing of access token * [bug] Reset tokens when toggling * [refactor] Split up the Account model Until this point the account model has been very flat, holding many kinds of data. In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale, the Account model has been divided into logical chunks. * [bug] Correct the serverUrl helpers return * Fix sends always coming back as empty in browser * Get settings properly (I think) * [bug] Fix lint error * [bug] Add missing await to identity token refresh This was causing weird behavior in web that was creating a lot of 429s * [bug] Scaffold memory storage for web Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in. Namely, encrypted data that was recently synced had nowhere to save to and was lost. * [bug] Implement better null handling in a few places for retrieving state * [bug] Update correct storage locations on account removal * [bug] Added missing awaits to lock component * [bug] Reload lock component on account switching vs. account update * [bug] Store master keys correctly * [bug] Move some biometrics storage items to global state * [feature] Add platform helper isMac() * [refactor] Comment emphasis and call order refresh * [refactor] Remove unecassary using * [bug] Relocate authenticationStatus check logic to component * [bug] Stop not clearing everything on state clean * [style] Fix lint complaints * [bug] Correct mismatched uses of encrypted and decrypted pin states * Add browser specific state classes and methods * lint fixes * [bug] Migrate existing persistant data to new schema * [style] Fix lint complaints * [bug] Dont clear settings on state clean * [bug] Maintain the right storage items on logout * [chore] resolve issues from merge * [bug] Resolve settings clearing on lock * [chore] Added a comment * [review] fromatting for code review * Revert browser state items Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com> Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 17:15:16 +01:00
private async clearSecretKeyStore(userId?: string): Promise<void> {
await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
await this.stateService.setCryptoMasterKeyBiometric(null, { userId: userId });
}
private async getEncKeyHelper(key: SymmetricCryptoKey = null): Promise<SymmetricCryptoKey> {
const inMemoryKey = await this.stateService.getDecryptedCryptoSymmetricKey();
if (inMemoryKey != null) {
return inMemoryKey;
}
const encKey = await this.stateService.getEncryptedCryptoSymmetricKey();
if (encKey == null) {
return null;
}
if (key == null) {
key = await this.getKey();
}
if (key == null) {
return null;
}
let decEncKey: ArrayBuffer;
const encKeyCipher = new EncString(encKey);
if (encKeyCipher.encryptionType === EncryptionType.AesCbc256_B64) {
decEncKey = await this.decryptToBytes(encKeyCipher, key);
} else if (encKeyCipher.encryptionType === EncryptionType.AesCbc256_HmacSha256_B64) {
const newKey = await this.stretchKey(key);
decEncKey = await this.decryptToBytes(encKeyCipher, newKey);
} else {
throw new Error("Unsupported encKey type.");
}
if (decEncKey == null) {
return null;
}
const symmetricCryptoKey = new SymmetricCryptoKey(decEncKey);
await this.stateService.setDecryptedCryptoSymmetricKey(symmetricCryptoKey);
return symmetricCryptoKey;
}
}