bitwarden-browser/src/services/audit.service.ts

import { ApiService } from '../abstractions/api.service';
import { AuditService as AuditServiceAbstraction } from '../abstractions/audit.service';
import { CryptoFunctionService } from '../abstractions/cryptoFunction.service';

import { Utils } from '../misc/utils';

import { BreachAccountResponse } from '../models/response/breachAccountResponse';
import { ErrorResponse } from '../models/response/errorResponse';

const PwnedPasswordsApi = 'https://api.pwnedpasswords.com/range/';

export class AuditService implements AuditServiceAbstraction {
    constructor(private cryptoFunctionService: CryptoFunctionService, private apiService: ApiService) { }

    async passwordLeaked(password: string): Promise<number> {
        const hashBytes = await this.cryptoFunctionService.hash(password, 'sha1');
        const hash = Utils.fromBufferToHex(hashBytes).toUpperCase();
        const hashStart = hash.substr(0, 5);
        const hashEnding = hash.substr(5);

        const response = await fetch(PwnedPasswordsApi + hashStart);
        const leakedHashes = await response.text();
        const match = leakedHashes.split(/\r?\n/).find((v) => {
            return v.split(':')[0] === hashEnding;
        });

        return match != null ? parseInt(match.split(':')[1], 10) : 0;
    }

    async breachedAccounts(username: string): Promise<BreachAccountResponse[]> {
        try {
            return await this.apiService.getHibpBreach(username);
        } catch (e) {
            const error = e as ErrorResponse;
            if (error.statusCode === 404) {
                return [];
            }
            throw new Error();
        }
    }
}
fetch with proper no-cache 2018-07-08 05:48:58 +02:00			`import { ApiService } from '../abstractions/api.service';`
search service with lunr implementation 2018-02-28 21:15:10 +01:00			`import { AuditService as AuditServiceAbstraction } from '../abstractions/audit.service';`
implement crypto functions in more places 2018-04-22 05:55:21 +02:00			`import { CryptoFunctionService } from '../abstractions/cryptoFunction.service';`
breach report audit api 2018-06-28 17:57:29 +02:00
implement crypto functions in more places 2018-04-22 05:55:21 +02:00			`import { Utils } from '../misc/utils';`
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00
breach report audit api 2018-06-28 17:57:29 +02:00			`import { BreachAccountResponse } from '../models/response/breachAccountResponse';`
use getHibpBreach proxy 2019-01-17 16:46:24 +01:00			`import { ErrorResponse } from '../models/response/errorResponse';`
breach report audit api 2018-06-28 17:57:29 +02:00
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00			`const PwnedPasswordsApi = 'https://api.pwnedpasswords.com/range/';`

search service with lunr implementation 2018-02-28 21:15:10 +01:00			`export class AuditService implements AuditServiceAbstraction {`
fetch with proper no-cache 2018-07-08 05:48:58 +02:00			`constructor(private cryptoFunctionService: CryptoFunctionService, private apiService: ApiService) { }`
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00
			`async passwordLeaked(password: string): Promise<number> {`
implement crypto functions in more places 2018-04-22 05:55:21 +02:00			`const hashBytes = await this.cryptoFunctionService.hash(password, 'sha1');`
			`const hash = Utils.fromBufferToHex(hashBytes).toUpperCase();`
cleanup auditservice 2018-02-28 16:58:34 +01:00			`const hashStart = hash.substr(0, 5);`
			`const hashEnding = hash.substr(5);`
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00
use getHibpBreach proxy 2019-01-17 16:46:24 +01:00			`const response = await fetch(PwnedPasswordsApi + hashStart);`
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00			`const leakedHashes = await response.text();`
cleanup auditservice 2018-02-28 16:58:34 +01:00			`const match = leakedHashes.split(/\r?\n/).find((v) => {`
			`return v.split(':')[0] === hashEnding;`
			`});`
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00
cleanup auditservice 2018-02-28 16:58:34 +01:00			`return match != null ? parseInt(match.split(':')[1], 10) : 0;`
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00			`}`
breach report audit api 2018-06-28 17:57:29 +02:00
breach check changed to username 2018-06-29 14:20:28 +02:00			`async breachedAccounts(username: string): Promise<BreachAccountResponse[]> {`
use getHibpBreach proxy 2019-01-17 16:46:24 +01:00			`try {`
			`return await this.apiService.getHibpBreach(username);`
			`} catch (e) {`
			`const error = e as ErrorResponse;`
			`if (error.statusCode === 404) {`
			`return [];`
			`}`
breach report audit api 2018-06-28 17:57:29 +02:00			`throw new Error();`
			`}`
			`}`
AuditService (#2) * Add AuditService. * Change sha1 to use Webcrypto. * Add interface for AuditService. * Move PwnedPasswodsApi constant outside class. * Change FromBufferToHex implementation to simpler code. * Use correct string to array function. * Change auditService interface to abstract class. Add missing type to utils. 2018-02-28 16:52:35 +01:00			`}`