bitwarden-browser/src/services/audit.service.ts

import { ApiService } from '../abstractions/api.service';
import { AuditService as AuditServiceAbstraction } from '../abstractions/audit.service';
import { CryptoFunctionService } from '../abstractions/cryptoFunction.service';

import { Utils } from '../misc/utils';

import { BreachAccountResponse } from '../models/response/breachAccountResponse';

const PwnedPasswordsApi = 'https://api.pwnedpasswords.com/range/';
const HibpBreachApi = 'https://haveibeenpwned.com/api/v2/breachedaccount/';

export class AuditService implements AuditServiceAbstraction {
    constructor(private cryptoFunctionService: CryptoFunctionService, private apiService: ApiService) { }

    async passwordLeaked(password: string): Promise<number> {
        const hashBytes = await this.cryptoFunctionService.hash(password, 'sha1');
        const hash = Utils.fromBufferToHex(hashBytes).toUpperCase();
        const hashStart = hash.substr(0, 5);
        const hashEnding = hash.substr(5);

        const response = await fetch(new Request(PwnedPasswordsApi + hashStart));
        const leakedHashes = await response.text();
        const match = leakedHashes.split(/\r?\n/).find((v) => {
            return v.split(':')[0] === hashEnding;
        });

        return match != null ? parseInt(match.split(':')[1], 10) : 0;
    }

    async breachedAccounts(username: string): Promise<BreachAccountResponse[]> {
        const response = await fetch(new Request(HibpBreachApi + username));
        if (response.status === 404) {
            return [];
        } else if (response.status !== 200) {
            throw new Error();
        }
        const responseJson = await response.json();
        return responseJson.map((a: any) => new BreachAccountResponse(a));
    }
}
fetch with proper no-cache 2018-07-08 05:48:58 +02:00			`import { ApiService } from '../abstractions/api.service';`
search service with lunr implementation 2018-02-28 21:15:10 +01:00			`import { AuditService as AuditServiceAbstraction } from '../abstractions/audit.service';`
implement crypto functions in more places 2018-04-22 05:55:21 +02:00			`import { CryptoFunctionService } from '../abstractions/cryptoFunction.service';`
breach report audit api 2018-06-28 17:57:29 +02:00
implement crypto functions in more places 2018-04-22 05:55:21 +02:00			`import { Utils } from '../misc/utils';`
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00
breach report audit api 2018-06-28 17:57:29 +02:00			`import { BreachAccountResponse } from '../models/response/breachAccountResponse';`

AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00			`const PwnedPasswordsApi = 'https://api.pwnedpasswords.com/range/';`
breach report audit api 2018-06-28 17:57:29 +02:00			`const HibpBreachApi = 'https://haveibeenpwned.com/api/v2/breachedaccount/';`
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00
search service with lunr implementation 2018-02-28 21:15:10 +01:00			`export class AuditService implements AuditServiceAbstraction {`
fetch with proper no-cache 2018-07-08 05:48:58 +02:00			`constructor(private cryptoFunctionService: CryptoFunctionService, private apiService: ApiService) { }`
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00
			`async passwordLeaked(password: string): Promise<number> {`
implement crypto functions in more places 2018-04-22 05:55:21 +02:00			`const hashBytes = await this.cryptoFunctionService.hash(password, 'sha1');`
			`const hash = Utils.fromBufferToHex(hashBytes).toUpperCase();`
cleanup auditservice 2018-02-28 16:58:34 +01:00			`const hashStart = hash.substr(0, 5);`
			`const hashEnding = hash.substr(5);`
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00
regular fetch for password check 2018-07-18 21:09:13 +02:00			`const response = await fetch(new Request(PwnedPasswordsApi + hashStart));`
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00			`const leakedHashes = await response.text();`
cleanup auditservice 2018-02-28 16:58:34 +01:00			`const match = leakedHashes.split(/\r?\n/).find((v) => {`
			`return v.split(':')[0] === hashEnding;`
			`});`
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00
cleanup auditservice 2018-02-28 16:58:34 +01:00			`return match != null ? parseInt(match.split(':')[1], 10) : 0;`
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00			`}`
breach report audit api 2018-06-28 17:57:29 +02:00
breach check changed to username 2018-06-29 14:20:28 +02:00			`async breachedAccounts(username: string): Promise<BreachAccountResponse[]> {`
use regualar fetch for hibp apis 2018-09-11 21:54:18 +02:00			`const response = await fetch(new Request(HibpBreachApi + username));`
breach report audit api 2018-06-28 17:57:29 +02:00			`if (response.status === 404) {`
			`return [];`
			`} else if (response.status !== 200) {`
			`throw new Error();`
			`}`
			`const responseJson = await response.json();`
specify any type 2018-06-28 19:48:50 +02:00			`return responseJson.map((a: any) => new BreachAccountResponse(a));`
breach report audit api 2018-06-28 17:57:29 +02:00			`}`
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00			`}`