2021-04-22 21:17:14 +02:00
|
|
|
import { Directive, OnDestroy, OnInit } from '@angular/core';
|
2020-08-26 17:54:16 +02:00
|
|
|
|
2020-10-13 22:21:03 +02:00
|
|
|
import {
|
|
|
|
ActivatedRoute,
|
|
|
|
Router,
|
|
|
|
} from '@angular/router';
|
2018-04-04 15:47:43 +02:00
|
|
|
|
|
|
|
import { TwoFactorProviderType } from '../../enums/twoFactorProviderType';
|
|
|
|
|
|
|
|
import { TwoFactorEmailRequest } from '../../models/request/twoFactorEmailRequest';
|
|
|
|
|
2020-08-26 17:54:16 +02:00
|
|
|
import { AuthResult } from '../../models/domain';
|
|
|
|
|
2018-04-04 15:47:43 +02:00
|
|
|
import { ApiService } from '../../abstractions/api.service';
|
|
|
|
import { AuthService } from '../../abstractions/auth.service';
|
2018-04-04 22:27:30 +02:00
|
|
|
import { EnvironmentService } from '../../abstractions/environment.service';
|
2018-04-04 15:47:43 +02:00
|
|
|
import { I18nService } from '../../abstractions/i18n.service';
|
|
|
|
import { PlatformUtilsService } from '../../abstractions/platformUtils.service';
|
2019-07-02 14:13:33 +02:00
|
|
|
import { StateService } from '../../abstractions/state.service';
|
|
|
|
import { StorageService } from '../../abstractions/storage.service';
|
2018-04-04 15:47:43 +02:00
|
|
|
|
|
|
|
import { TwoFactorProviders } from '../../services/auth.service';
|
2019-07-02 14:13:33 +02:00
|
|
|
import { ConstantsService } from '../../services/constants.service';
|
2018-04-04 15:47:43 +02:00
|
|
|
|
2018-12-18 23:00:07 +01:00
|
|
|
import * as DuoWebSDK from 'duo_web_sdk';
|
2021-03-15 16:16:51 +01:00
|
|
|
import { WebAuthn } from '../../misc/webauthn';
|
2018-04-04 22:27:30 +02:00
|
|
|
|
2021-04-22 21:17:14 +02:00
|
|
|
@Directive()
|
2018-04-04 22:27:30 +02:00
|
|
|
export class TwoFactorComponent implements OnInit, OnDestroy {
|
2018-04-04 15:47:43 +02:00
|
|
|
token: string = '';
|
|
|
|
remember: boolean = false;
|
2021-03-15 16:16:51 +01:00
|
|
|
webAuthnReady: boolean = false;
|
|
|
|
webAuthnNewTab: boolean = false;
|
2018-04-04 15:47:43 +02:00
|
|
|
providers = TwoFactorProviders;
|
|
|
|
providerType = TwoFactorProviderType;
|
|
|
|
selectedProviderType: TwoFactorProviderType = TwoFactorProviderType.Authenticator;
|
2021-03-15 16:16:51 +01:00
|
|
|
webAuthnSupported: boolean = false;
|
|
|
|
webAuthn: WebAuthn = null;
|
2018-04-04 15:47:43 +02:00
|
|
|
title: string = '';
|
|
|
|
twoFactorEmail: string = null;
|
|
|
|
formPromise: Promise<any>;
|
|
|
|
emailPromise: Promise<any>;
|
2020-10-13 22:21:03 +02:00
|
|
|
identifier: string = null;
|
2018-07-13 16:49:37 +02:00
|
|
|
onSuccessfulLogin: () => Promise<any>;
|
|
|
|
onSuccessfulLoginNavigate: () => Promise<any>;
|
2018-04-04 15:47:43 +02:00
|
|
|
|
2018-04-05 04:59:14 +02:00
|
|
|
protected loginRoute = 'login';
|
2018-04-04 15:47:43 +02:00
|
|
|
protected successRoute = 'vault';
|
|
|
|
|
|
|
|
constructor(protected authService: AuthService, protected router: Router,
|
|
|
|
protected i18nService: I18nService, protected apiService: ApiService,
|
2018-04-25 18:08:18 +02:00
|
|
|
protected platformUtilsService: PlatformUtilsService, protected win: Window,
|
2019-07-02 14:13:33 +02:00
|
|
|
protected environmentService: EnvironmentService, protected stateService: StateService,
|
2020-10-13 22:21:03 +02:00
|
|
|
protected storageService: StorageService, protected route: ActivatedRoute) {
|
2021-03-15 16:16:51 +01:00
|
|
|
this.webAuthnSupported = this.platformUtilsService.supportsWebAuthn(win);
|
2018-04-04 15:47:43 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
async ngOnInit() {
|
2020-11-10 21:15:40 +01:00
|
|
|
if (!this.authing || this.authService.twoFactorProvidersData == null) {
|
2018-04-05 04:59:14 +02:00
|
|
|
this.router.navigate([this.loginRoute]);
|
2018-04-04 15:47:43 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2021-02-04 16:49:23 +01:00
|
|
|
const queryParamsSub = this.route.queryParams.subscribe(async qParams => {
|
2020-10-13 22:21:03 +02:00
|
|
|
if (qParams.identifier != null) {
|
|
|
|
this.identifier = qParams.identifier;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (queryParamsSub != null) {
|
|
|
|
queryParamsSub.unsubscribe();
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
2020-11-10 21:15:40 +01:00
|
|
|
if (this.needsLock) {
|
2020-08-26 17:54:16 +02:00
|
|
|
this.successRoute = 'lock';
|
2020-07-16 14:59:29 +02:00
|
|
|
}
|
|
|
|
|
2021-03-15 16:16:51 +01:00
|
|
|
if (this.win != null && this.webAuthnSupported) {
|
|
|
|
let webVaultUrl = this.environmentService.getWebVaultUrl();
|
|
|
|
if (webVaultUrl == null) {
|
|
|
|
webVaultUrl = 'https://vault.bitwarden.com';
|
2018-04-04 22:27:30 +02:00
|
|
|
}
|
2021-03-15 16:16:51 +01:00
|
|
|
this.webAuthn = new WebAuthn(this.win, webVaultUrl, this.webAuthnNewTab, this.platformUtilsService,
|
|
|
|
this.i18nService, (token: string) => {
|
|
|
|
this.token = token;
|
|
|
|
this.submit();
|
|
|
|
}, (error: string) => {
|
|
|
|
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'), error);
|
|
|
|
}, (info: string) => {
|
|
|
|
if (info === 'ready') {
|
|
|
|
this.webAuthnReady = true;
|
|
|
|
}
|
2018-04-04 22:27:30 +02:00
|
|
|
}
|
2021-03-15 16:16:51 +01:00
|
|
|
);
|
2018-04-04 22:27:30 +02:00
|
|
|
}
|
|
|
|
|
2021-03-15 16:16:51 +01:00
|
|
|
this.selectedProviderType = this.authService.getDefaultTwoFactorProvider(this.webAuthnSupported);
|
2018-04-04 15:47:43 +02:00
|
|
|
await this.init();
|
|
|
|
}
|
|
|
|
|
2018-04-04 22:27:30 +02:00
|
|
|
ngOnDestroy(): void {
|
2021-03-15 16:16:51 +01:00
|
|
|
this.cleanupWebAuthn();
|
|
|
|
this.webAuthn = null;
|
2018-04-04 22:27:30 +02:00
|
|
|
}
|
|
|
|
|
2018-04-04 15:47:43 +02:00
|
|
|
async init() {
|
|
|
|
if (this.selectedProviderType == null) {
|
|
|
|
this.title = this.i18nService.t('loginUnavailable');
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2021-03-15 16:16:51 +01:00
|
|
|
this.cleanupWebAuthn();
|
2018-04-04 15:47:43 +02:00
|
|
|
this.title = (TwoFactorProviders as any)[this.selectedProviderType].name;
|
2019-05-27 16:29:09 +02:00
|
|
|
const providerData = this.authService.twoFactorProvidersData.get(this.selectedProviderType);
|
2018-04-04 15:47:43 +02:00
|
|
|
switch (this.selectedProviderType) {
|
2021-03-15 16:16:51 +01:00
|
|
|
case TwoFactorProviderType.WebAuthn:
|
|
|
|
if (!this.webAuthnSupported || this.webAuthn == null) {
|
2018-04-04 15:47:43 +02:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2021-03-15 16:16:51 +01:00
|
|
|
setTimeout(() => {
|
|
|
|
this.webAuthn.init(providerData);
|
|
|
|
}, 500);
|
2018-04-04 15:47:43 +02:00
|
|
|
break;
|
|
|
|
case TwoFactorProviderType.Duo:
|
|
|
|
case TwoFactorProviderType.OrganizationDuo:
|
|
|
|
setTimeout(() => {
|
2018-06-11 19:32:53 +02:00
|
|
|
DuoWebSDK.init({
|
|
|
|
iframe: undefined,
|
2019-05-27 16:29:09 +02:00
|
|
|
host: providerData.Host,
|
|
|
|
sig_request: providerData.Signature,
|
2018-04-04 15:47:43 +02:00
|
|
|
submit_callback: async (f: HTMLFormElement) => {
|
|
|
|
const sig = f.querySelector('input[name="sig_response"]') as HTMLInputElement;
|
|
|
|
if (sig != null) {
|
|
|
|
this.token = sig.value;
|
|
|
|
await this.submit();
|
|
|
|
}
|
|
|
|
},
|
|
|
|
});
|
2018-06-11 19:32:53 +02:00
|
|
|
}, 0);
|
2018-04-04 15:47:43 +02:00
|
|
|
break;
|
|
|
|
case TwoFactorProviderType.Email:
|
2019-05-27 16:29:09 +02:00
|
|
|
this.twoFactorEmail = providerData.Email;
|
|
|
|
if (this.authService.twoFactorProvidersData.size > 1) {
|
2018-04-04 15:47:43 +02:00
|
|
|
await this.sendEmail(false);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
async submit() {
|
|
|
|
if (this.token == null || this.token === '') {
|
2018-10-03 05:09:19 +02:00
|
|
|
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
|
2018-04-04 15:47:43 +02:00
|
|
|
this.i18nService.t('verificationCodeRequired'));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2021-03-15 16:16:51 +01:00
|
|
|
if (this.selectedProviderType === TwoFactorProviderType.WebAuthn) {
|
|
|
|
if (this.webAuthn != null) {
|
|
|
|
this.webAuthn.stop();
|
2018-04-04 22:27:30 +02:00
|
|
|
} else {
|
|
|
|
return;
|
|
|
|
}
|
2018-04-04 15:47:43 +02:00
|
|
|
} else if (this.selectedProviderType === TwoFactorProviderType.Email ||
|
|
|
|
this.selectedProviderType === TwoFactorProviderType.Authenticator) {
|
|
|
|
this.token = this.token.replace(' ', '').trim();
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
2021-03-15 16:16:51 +01:00
|
|
|
await this.doSubmit();
|
2018-08-25 14:47:38 +02:00
|
|
|
} catch {
|
2021-03-15 16:16:51 +01:00
|
|
|
if (this.selectedProviderType === TwoFactorProviderType.WebAuthn && this.webAuthn != null) {
|
|
|
|
this.webAuthn.start();
|
2018-04-04 15:47:43 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-03-15 16:16:51 +01:00
|
|
|
async doSubmit() {
|
|
|
|
this.formPromise = this.authService.logInTwoFactor(this.selectedProviderType, this.token, this.remember);
|
|
|
|
const response: AuthResult = await this.formPromise;
|
|
|
|
const disableFavicon = await this.storageService.get<boolean>(ConstantsService.disableFaviconKey);
|
|
|
|
await this.stateService.save(ConstantsService.disableFaviconKey, !!disableFavicon);
|
|
|
|
if (this.onSuccessfulLogin != null) {
|
|
|
|
this.onSuccessfulLogin();
|
|
|
|
}
|
|
|
|
if (response.resetMasterPassword) {
|
|
|
|
this.successRoute = 'set-password';
|
|
|
|
}
|
|
|
|
if (this.onSuccessfulLoginNavigate != null) {
|
|
|
|
this.onSuccessfulLoginNavigate();
|
|
|
|
} else {
|
|
|
|
this.router.navigate([this.successRoute], {
|
|
|
|
queryParams: {
|
|
|
|
identifier: this.identifier,
|
|
|
|
},
|
|
|
|
});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-04-04 15:47:43 +02:00
|
|
|
async sendEmail(doToast: boolean) {
|
|
|
|
if (this.selectedProviderType !== TwoFactorProviderType.Email) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (this.emailPromise != null) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
|
|
|
const request = new TwoFactorEmailRequest(this.authService.email, this.authService.masterPasswordHash);
|
|
|
|
this.emailPromise = this.apiService.postTwoFactorEmail(request);
|
|
|
|
await this.emailPromise;
|
|
|
|
if (doToast) {
|
2018-10-03 05:09:19 +02:00
|
|
|
this.platformUtilsService.showToast('success', null,
|
2018-04-04 15:47:43 +02:00
|
|
|
this.i18nService.t('verificationCodeEmailSent', this.twoFactorEmail));
|
|
|
|
}
|
|
|
|
} catch { }
|
|
|
|
|
|
|
|
this.emailPromise = null;
|
|
|
|
}
|
2018-04-04 22:27:30 +02:00
|
|
|
|
2021-03-15 16:16:51 +01:00
|
|
|
private cleanupWebAuthn() {
|
|
|
|
if (this.webAuthn != null) {
|
|
|
|
this.webAuthn.stop();
|
|
|
|
this.webAuthn.cleanup();
|
2018-04-04 22:27:30 +02:00
|
|
|
}
|
|
|
|
}
|
2020-11-10 21:15:40 +01:00
|
|
|
|
|
|
|
get authing(): boolean {
|
2020-12-08 18:29:57 +01:00
|
|
|
return this.authService.authingWithPassword() || this.authService.authingWithSso() || this.authService.authingWithApiKey();
|
2020-11-10 21:15:40 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
get needsLock(): boolean {
|
|
|
|
return this.authService.authingWithSso() || this.authService.authingWithApiKey();
|
|
|
|
}
|
2018-04-04 15:47:43 +02:00
|
|
|
}
|