Revert "Auth/PM-6689 - Migrate Security Stamp to Token Service and State Prov…" (#8860)

This reverts commit 91f1d9fb86.
2024-11-21 11:35:34 +01:00 · 2024-04-22 12:06:43 -04:00 · 2024-04-22 12:06:43 -04:00 · 100b43dd8f
commit 100b43dd8f
parent 300b17aaeb
16 changed files with 63 additions and 126 deletions
--- a/apps/browser/src/background/main.background.ts
+++ b/apps/browser/src/background/main.background.ts
@ -813,7 +813,6 @@ export default class MainBackground {
      this.avatarService,
      logoutCallback,
      this.billingAccountProfileStateService,
-      this.tokenService,
    );
    this.eventUploadService = new EventUploadService(
      this.apiService,
--- a/apps/cli/src/bw.ts
+++ b/apps/cli/src/bw.ts
@ -631,7 +631,6 @@ export class Main {
      this.avatarService,
      async (expired: boolean) => await this.logout(),
      this.billingAccountProfileStateService,
-      this.tokenService,
    );

    this.totpService = new TotpService(this.cryptoFunctionService, this.logService);
--- a/libs/angular/src/services/jslib-services.module.ts
+++ b/libs/angular/src/services/jslib-services.module.ts
@ -628,7 +628,6 @@ const safeProviders: SafeProvider[] = [
      AvatarServiceAbstraction,
      LOGOUT_CALLBACK,
      BillingAccountProfileStateService,
-      TokenServiceAbstraction,
    ],
  }),
  safeProvider({
--- a/libs/auth/src/common/login-strategies/login.strategy.spec.ts
+++ b/libs/auth/src/common/login-strategies/login.strategy.spec.ts
@ -27,6 +27,7 @@ import { Utils } from "@bitwarden/common/platform/misc/utils";
 import {
  Account,
  AccountProfile,
+  AccountTokens,
  AccountKeys,
 } from "@bitwarden/common/platform/models/domain/account";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
@ -212,6 +213,9 @@ describe("LoginStrategy", () => {
              kdfType: kdf,
            },
          },
+          tokens: {
+            ...new AccountTokens(),
+          },
          keys: new AccountKeys(),
        }),
      );
--- a/libs/auth/src/common/login-strategies/login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/login.strategy.ts
@ -27,7 +27,11 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
-import { Account, AccountProfile } from "@bitwarden/common/platform/models/domain/account";
+import {
+  Account,
+  AccountProfile,
+  AccountTokens,
+} from "@bitwarden/common/platform/models/domain/account";
 import { UserId } from "@bitwarden/common/types/guid";

 import { InternalUserDecryptionOptionsServiceAbstraction } from "../abstractions/user-decryption-options.service.abstraction";
@ -188,6 +192,9 @@ export abstract class LoginStrategy {
            kdfType: tokenResponse.kdf,
          },
        },
+        tokens: {
+          ...new AccountTokens(),
+        },
      }),
    );

--- a/libs/common/src/auth/abstractions/token.service.ts
+++ b/libs/common/src/auth/abstractions/token.service.ts
@ -213,10 +213,4 @@ export abstract class TokenService {
   * @returns A promise that resolves with a boolean representing the user's external authN status.
   */
  getIsExternal: () => Promise<boolean>;
-
-  /** Gets the active or passed in user's security stamp */
-  getSecurityStamp: (userId?: UserId) => Promise<string | null>;
-
-  /** Sets the security stamp for the active or passed in user */
-  setSecurityStamp: (securityStamp: string, userId?: UserId) => Promise<void>;
 }
--- a/libs/common/src/auth/services/token.service.spec.ts
+++ b/libs/common/src/auth/services/token.service.spec.ts
@ -23,7 +23,6 @@ import {
  EMAIL_TWO_FACTOR_TOKEN_RECORD_DISK_LOCAL,
  REFRESH_TOKEN_DISK,
  REFRESH_TOKEN_MEMORY,
-  SECURITY_STAMP_MEMORY,
 } from "./token.state";

 describe("TokenService", () => {
@ -2192,84 +2191,6 @@ describe("TokenService", () => {
    });
  });

-  describe("Security Stamp methods", () => {
-    const mockSecurityStamp = "securityStamp";
-
-    describe("setSecurityStamp", () => {
-      it("should throw an error if no user id is provided and there is no active user in global state", async () => {
-        // Act
-        // note: don't await here because we want to test the error
-        const result = tokenService.setSecurityStamp(mockSecurityStamp);
-        // Assert
-        await expect(result).rejects.toThrow("User id not found. Cannot set security stamp.");
-      });
-
-      it("should set the security stamp in memory when there is an active user in global state", async () => {
-        // Arrange
-        globalStateProvider
-          .getFake(ACCOUNT_ACTIVE_ACCOUNT_ID)
-          .stateSubject.next(userIdFromAccessToken);
-
-        // Act
-        await tokenService.setSecurityStamp(mockSecurityStamp);
-
-        // Assert
-        expect(
-          singleUserStateProvider.getFake(userIdFromAccessToken, SECURITY_STAMP_MEMORY).nextMock,
-        ).toHaveBeenCalledWith(mockSecurityStamp);
-      });
-
-      it("should set the security stamp in memory for the specified user id", async () => {
-        // Act
-        await tokenService.setSecurityStamp(mockSecurityStamp, userIdFromAccessToken);
-
-        // Assert
-        expect(
-          singleUserStateProvider.getFake(userIdFromAccessToken, SECURITY_STAMP_MEMORY).nextMock,
-        ).toHaveBeenCalledWith(mockSecurityStamp);
-      });
-    });
-
-    describe("getSecurityStamp", () => {
-      it("should throw an error if no user id is provided and there is no active user in global state", async () => {
-        // Act
-        // note: don't await here because we want to test the error
-        const result = tokenService.getSecurityStamp();
-        // Assert
-        await expect(result).rejects.toThrow("User id not found. Cannot get security stamp.");
-      });
-
-      it("should return the security stamp from memory with no user id specified (uses global active user)", async () => {
-        // Arrange
-        globalStateProvider
-          .getFake(ACCOUNT_ACTIVE_ACCOUNT_ID)
-          .stateSubject.next(userIdFromAccessToken);
-
-        singleUserStateProvider
-          .getFake(userIdFromAccessToken, SECURITY_STAMP_MEMORY)
-          .stateSubject.next([userIdFromAccessToken, mockSecurityStamp]);
-
-        // Act
-        const result = await tokenService.getSecurityStamp();
-
-        // Assert
-        expect(result).toEqual(mockSecurityStamp);
-      });
-
-      it("should return the security stamp from memory for the specified user id", async () => {
-        // Arrange
-        singleUserStateProvider
-          .getFake(userIdFromAccessToken, SECURITY_STAMP_MEMORY)
-          .stateSubject.next([userIdFromAccessToken, mockSecurityStamp]);
-
-        // Act
-        const result = await tokenService.getSecurityStamp(userIdFromAccessToken);
-        // Assert
-        expect(result).toEqual(mockSecurityStamp);
-      });
-    });
-  });
-
  // Helpers
  function createTokenService(supportsSecureStorage: boolean) {
    return new TokenService(
--- a/libs/common/src/auth/services/token.service.ts
+++ b/libs/common/src/auth/services/token.service.ts
@ -32,7 +32,6 @@ import {
  EMAIL_TWO_FACTOR_TOKEN_RECORD_DISK_LOCAL,
  REFRESH_TOKEN_DISK,
  REFRESH_TOKEN_MEMORY,
-  SECURITY_STAMP_MEMORY,
 } from "./token.state";

 export enum TokenStorageLocation {
@ -851,30 +850,6 @@ export class TokenService implements TokenServiceAbstraction {
    return Array.isArray(decoded.amr) && decoded.amr.includes("external");
  }

-  async getSecurityStamp(userId?: UserId): Promise<string | null> {
-    userId ??= await firstValueFrom(this.activeUserIdGlobalState.state$);
-
-    if (!userId) {
-      throw new Error("User id not found. Cannot get security stamp.");
-    }
-
-    const securityStamp = await this.getStateValueByUserIdAndKeyDef(userId, SECURITY_STAMP_MEMORY);
-
-    return securityStamp;
-  }
-
-  async setSecurityStamp(securityStamp: string, userId?: UserId): Promise<void> {
-    userId ??= await firstValueFrom(this.activeUserIdGlobalState.state$);
-
-    if (!userId) {
-      throw new Error("User id not found. Cannot set security stamp.");
-    }
-
-    await this.singleUserStateProvider
-      .get(userId, SECURITY_STAMP_MEMORY)
-      .update((_) => securityStamp);
-  }
-
  private async getStateValueByUserIdAndKeyDef(
    userId: UserId,
    storageLocation: UserKeyDefinition<string>,
--- a/libs/common/src/auth/services/token.state.spec.ts
+++ b/libs/common/src/auth/services/token.state.spec.ts
@ -10,7 +10,6 @@ import {
  EMAIL_TWO_FACTOR_TOKEN_RECORD_DISK_LOCAL,
  REFRESH_TOKEN_DISK,
  REFRESH_TOKEN_MEMORY,
-  SECURITY_STAMP_MEMORY,
 } from "./token.state";

 describe.each([
@ -23,7 +22,6 @@ describe.each([
  [API_KEY_CLIENT_ID_MEMORY, "apiKeyClientIdMemory"],
  [API_KEY_CLIENT_SECRET_DISK, "apiKeyClientSecretDisk"],
  [API_KEY_CLIENT_SECRET_MEMORY, "apiKeyClientSecretMemory"],
-  [SECURITY_STAMP_MEMORY, "securityStamp"],
 ])(
  "deserializes state key definitions",
  (
--- a/libs/common/src/auth/services/token.state.ts
+++ b/libs/common/src/auth/services/token.state.ts
@ -69,8 +69,3 @@ export const API_KEY_CLIENT_SECRET_MEMORY = new UserKeyDefinition<string>(
    clearOn: [], // Manually handled
  },
 );
-
-export const SECURITY_STAMP_MEMORY = new UserKeyDefinition<string>(TOKEN_MEMORY, "securityStamp", {
-  deserializer: (securityStamp) => securityStamp,
-  clearOn: ["logout"],
-});
--- a/libs/common/src/platform/abstractions/state.service.ts
+++ b/libs/common/src/platform/abstractions/state.service.ts
@ -181,6 +181,8 @@ export abstract class StateService<T extends Account = Account> {
   * Sets the user's Pin, encrypted by the user key
   */
  setProtectedPin: (value: string, options?: StorageOptions) => Promise<void>;
+  getSecurityStamp: (options?: StorageOptions) => Promise<string>;
+  setSecurityStamp: (value: string, options?: StorageOptions) => Promise<void>;
  getUserId: (options?: StorageOptions) => Promise<string>;
  getVaultTimeout: (options?: StorageOptions) => Promise<number>;
  setVaultTimeout: (value: number, options?: StorageOptions) => Promise<void>;
--- a/libs/common/src/platform/models/domain/account-tokens.spec.ts
+++ b/libs/common/src/platform/models/domain/account-tokens.spec.ts
@ -0,0 +1,9 @@
+import { AccountTokens } from "./account";
+
+describe("AccountTokens", () => {
+  describe("fromJSON", () => {
+    it("should deserialize to an instance of itself", () => {
+      expect(AccountTokens.fromJSON({})).toBeInstanceOf(AccountTokens);
+    });
+  });
+});
--- a/libs/common/src/platform/models/domain/account.spec.ts
+++ b/libs/common/src/platform/models/domain/account.spec.ts
@ -1,4 +1,4 @@
-import { Account, AccountKeys, AccountProfile, AccountSettings } from "./account";
+import { Account, AccountKeys, AccountProfile, AccountSettings, AccountTokens } from "./account";

 describe("Account", () => {
  describe("fromJSON", () => {
@ -10,12 +10,14 @@ describe("Account", () => {
      const keysSpy = jest.spyOn(AccountKeys, "fromJSON");
      const profileSpy = jest.spyOn(AccountProfile, "fromJSON");
      const settingsSpy = jest.spyOn(AccountSettings, "fromJSON");
+      const tokensSpy = jest.spyOn(AccountTokens, "fromJSON");

      Account.fromJSON({});

      expect(keysSpy).toHaveBeenCalled();
      expect(profileSpy).toHaveBeenCalled();
      expect(settingsSpy).toHaveBeenCalled();
+      expect(tokensSpy).toHaveBeenCalled();
    });
  });
 });
--- a/libs/common/src/platform/models/domain/account.ts
+++ b/libs/common/src/platform/models/domain/account.ts
@ -171,11 +171,24 @@ export class AccountSettings {
  }
 }

+export class AccountTokens {
+  securityStamp?: string;
+
+  static fromJSON(obj: Jsonify<AccountTokens>): AccountTokens {
+    if (obj == null) {
+      return null;
+    }
+
+    return Object.assign(new AccountTokens(), obj);
+  }
+}
+
 export class Account {
  data?: AccountData = new AccountData();
  keys?: AccountKeys = new AccountKeys();
  profile?: AccountProfile = new AccountProfile();
  settings?: AccountSettings = new AccountSettings();
+  tokens?: AccountTokens = new AccountTokens();

  constructor(init: Partial<Account>) {
    Object.assign(this, {
@ -195,6 +208,10 @@ export class Account {
        ...new AccountSettings(),
        ...init?.settings,
      },
+      tokens: {
+        ...new AccountTokens(),
+        ...init?.tokens,
+      },
    });
  }

@ -208,6 +225,7 @@ export class Account {
      data: AccountData.fromJSON(json?.data),
      profile: AccountProfile.fromJSON(json?.profile),
      settings: AccountSettings.fromJSON(json?.settings),
+      tokens: AccountTokens.fromJSON(json?.tokens),
    });
  }
 }
--- a/libs/common/src/platform/services/state.service.ts
+++ b/libs/common/src/platform/services/state.service.ts
@ -839,6 +839,23 @@ export class StateService<
    );
  }

+  async getSecurityStamp(options?: StorageOptions): Promise<string> {
+    return (
+      await this.getAccount(this.reconcileOptions(options, await this.defaultInMemoryOptions()))
+    )?.tokens?.securityStamp;
+  }
+
+  async setSecurityStamp(value: string, options?: StorageOptions): Promise<void> {
+    const account = await this.getAccount(
+      this.reconcileOptions(options, await this.defaultInMemoryOptions()),
+    );
+    account.tokens.securityStamp = value;
+    await this.saveAccount(
+      account,
+      this.reconcileOptions(options, await this.defaultInMemoryOptions()),
+    );
+  }
+
  async getUserId(options?: StorageOptions): Promise<string> {
    return (
      await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
--- a/libs/common/src/vault/services/sync/sync.service.ts
+++ b/libs/common/src/vault/services/sync/sync.service.ts
@ -15,7 +15,6 @@ import { AccountService } from "../../../auth/abstractions/account.service";
 import { AvatarService } from "../../../auth/abstractions/avatar.service";
 import { KeyConnectorService } from "../../../auth/abstractions/key-connector.service";
 import { InternalMasterPasswordServiceAbstraction } from "../../../auth/abstractions/master-password.service.abstraction";
-import { TokenService } from "../../../auth/abstractions/token.service";
 import { ForceSetPasswordReason } from "../../../auth/models/domain/force-set-password-reason";
 import { DomainSettingsService } from "../../../autofill/services/domain-settings.service";
 import { BillingAccountProfileStateService } from "../../../billing/abstractions/account/billing-account-profile-state.service";
@ -74,7 +73,6 @@ export class SyncService implements SyncServiceAbstraction {
    private avatarService: AvatarService,
    private logoutCallback: (expired: boolean) => Promise<void>,
    private billingAccountProfileStateService: BillingAccountProfileStateService,
-    private tokenService: TokenService,
  ) {}

  async getLastSync(): Promise<Date> {
@ -311,7 +309,7 @@ export class SyncService implements SyncServiceAbstraction {
  }

  private async syncProfile(response: ProfileResponse) {
-    const stamp = await this.tokenService.getSecurityStamp(response.id as UserId);
+    const stamp = await this.stateService.getSecurityStamp();
    if (stamp != null && stamp !== response.securityStamp) {
      if (this.logoutCallback != null) {
        await this.logoutCallback(true);
@ -325,7 +323,7 @@ export class SyncService implements SyncServiceAbstraction {
    await this.cryptoService.setProviderKeys(response.providers);
    await this.cryptoService.setOrgKeys(response.organizations, response.providerOrganizations);
    await this.avatarService.setSyncAvatarColor(response.id as UserId, response.avatarColor);
-    await this.tokenService.setSecurityStamp(response.securityStamp, response.id as UserId);
+    await this.stateService.setSecurityStamp(response.securityStamp);
    await this.stateService.setEmailVerified(response.emailVerified);

    await this.billingAccountProfileStateService.setHasPremium(