mirror of
https://github.com/bitwarden/browser.git
synced 2025-01-20 21:01:29 +01:00
add enc key rotation option during master password change
This commit is contained in:
parent
4231ed74ba
commit
2d0acc7663
@ -26,6 +26,15 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="form-group">
|
||||||
|
<div class="form-check">
|
||||||
|
<input class="form-check-input" type="checkbox" id="rotateEncKey" name="RotateEncKey" [(ngModel)]="rotateEncKey"
|
||||||
|
(change)="showEncKeyWarning()">
|
||||||
|
<label class="form-check-label" for="rotateEncKey">
|
||||||
|
{{'rotateAccountEncKey' | i18n}}
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
<button type="submit" class="btn btn-primary btn-submit" [disabled]="form.loading">
|
<button type="submit" class="btn btn-primary btn-submit" [disabled]="form.loading">
|
||||||
<i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}"></i>
|
<i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}"></i>
|
||||||
<span>{{'changeMasterPassword' | i18n}}</span>
|
<span>{{'changeMasterPassword' | i18n}}</span>
|
||||||
|
@ -7,14 +7,23 @@ import { ToasterService } from 'angular2-toaster';
|
|||||||
import { Angulartics2 } from 'angulartics2';
|
import { Angulartics2 } from 'angulartics2';
|
||||||
|
|
||||||
import { ApiService } from 'jslib/abstractions/api.service';
|
import { ApiService } from 'jslib/abstractions/api.service';
|
||||||
|
import { CipherService } from 'jslib/abstractions/cipher.service';
|
||||||
import { CryptoService } from 'jslib/abstractions/crypto.service';
|
import { CryptoService } from 'jslib/abstractions/crypto.service';
|
||||||
|
import { FolderService } from 'jslib/abstractions/folder.service';
|
||||||
import { I18nService } from 'jslib/abstractions/i18n.service';
|
import { I18nService } from 'jslib/abstractions/i18n.service';
|
||||||
import { MessagingService } from 'jslib/abstractions/messaging.service';
|
import { MessagingService } from 'jslib/abstractions/messaging.service';
|
||||||
import { PasswordGenerationService } from 'jslib/abstractions/passwordGeneration.service';
|
import { PasswordGenerationService } from 'jslib/abstractions/passwordGeneration.service';
|
||||||
import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
|
import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
|
||||||
|
import { SyncService } from 'jslib/abstractions/sync.service';
|
||||||
import { UserService } from 'jslib/abstractions/user.service';
|
import { UserService } from 'jslib/abstractions/user.service';
|
||||||
|
|
||||||
|
import { CipherString } from 'jslib/models/domain/cipherString';
|
||||||
|
import { SymmetricCryptoKey } from 'jslib/models/domain/symmetricCryptoKey';
|
||||||
|
|
||||||
|
import { CipherWithIdRequest } from 'jslib/models/request/cipherWithIdRequest';
|
||||||
|
import { FolderWithIdRequest } from 'jslib/models/request/folderWithIdRequest';
|
||||||
import { PasswordRequest } from 'jslib/models/request/passwordRequest';
|
import { PasswordRequest } from 'jslib/models/request/passwordRequest';
|
||||||
|
import { UpdateKeyRequest } from 'jslib/models/request/updateKeyRequest';
|
||||||
|
|
||||||
@Component({
|
@Component({
|
||||||
selector: 'app-change-password',
|
selector: 'app-change-password',
|
||||||
@ -26,6 +35,7 @@ export class ChangePasswordComponent implements OnInit {
|
|||||||
confirmNewMasterPassword: string;
|
confirmNewMasterPassword: string;
|
||||||
formPromise: Promise<any>;
|
formPromise: Promise<any>;
|
||||||
masterPasswordScore: number;
|
masterPasswordScore: number;
|
||||||
|
rotateEncKey = false;
|
||||||
|
|
||||||
private masterPasswordStrengthTimeout: any;
|
private masterPasswordStrengthTimeout: any;
|
||||||
private email: string;
|
private email: string;
|
||||||
@ -34,7 +44,8 @@ export class ChangePasswordComponent implements OnInit {
|
|||||||
private analytics: Angulartics2, private toasterService: ToasterService,
|
private analytics: Angulartics2, private toasterService: ToasterService,
|
||||||
private cryptoService: CryptoService, private messagingService: MessagingService,
|
private cryptoService: CryptoService, private messagingService: MessagingService,
|
||||||
private userService: UserService, private passwordGenerationService: PasswordGenerationService,
|
private userService: UserService, private passwordGenerationService: PasswordGenerationService,
|
||||||
private platformUtilsService: PlatformUtilsService) { }
|
private platformUtilsService: PlatformUtilsService, private folderService: FolderService,
|
||||||
|
private cipherService: CipherService, private syncService: SyncService) { }
|
||||||
|
|
||||||
async ngOnInit() {
|
async ngOnInit() {
|
||||||
this.email = await this.userService.getEmail();
|
this.email = await this.userService.getEmail();
|
||||||
@ -75,6 +86,10 @@ export class ChangePasswordComponent implements OnInit {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (this.rotateEncKey) {
|
||||||
|
await this.syncService.fullSync(true);
|
||||||
|
}
|
||||||
|
|
||||||
const request = new PasswordRequest();
|
const request = new PasswordRequest();
|
||||||
request.masterPasswordHash = await this.cryptoService.hashPassword(this.currentMasterPassword, null);
|
request.masterPasswordHash = await this.cryptoService.hashPassword(this.currentMasterPassword, null);
|
||||||
const email = await this.userService.getEmail();
|
const email = await this.userService.getEmail();
|
||||||
@ -85,7 +100,15 @@ export class ChangePasswordComponent implements OnInit {
|
|||||||
const newEncKey = await this.cryptoService.remakeEncKey(newKey);
|
const newEncKey = await this.cryptoService.remakeEncKey(newKey);
|
||||||
request.key = newEncKey[1].encryptedString;
|
request.key = newEncKey[1].encryptedString;
|
||||||
try {
|
try {
|
||||||
this.formPromise = this.apiService.postPassword(request);
|
if (this.rotateEncKey) {
|
||||||
|
this.formPromise = this.apiService.postPassword(request).then(() => {
|
||||||
|
return this.makeRequest(newKey, request.newMasterPasswordHash);
|
||||||
|
}).then((updateKeyRequest) => {
|
||||||
|
return this.apiService.postAccountKey(updateKeyRequest);
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
this.formPromise = this.apiService.postPassword(request);
|
||||||
|
}
|
||||||
await this.formPromise;
|
await this.formPromise;
|
||||||
this.analytics.eventTrack.next({ action: 'Changed Password' });
|
this.analytics.eventTrack.next({ action: 'Changed Password' });
|
||||||
this.toasterService.popAsync('success', this.i18nService.t('masterPasswordChanged'),
|
this.toasterService.popAsync('success', this.i18nService.t('masterPasswordChanged'),
|
||||||
@ -105,6 +128,18 @@ export class ChangePasswordComponent implements OnInit {
|
|||||||
}, 300);
|
}, 300);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async showEncKeyWarning() {
|
||||||
|
if (this.rotateEncKey) {
|
||||||
|
const result = await this.platformUtilsService.showDialog(
|
||||||
|
this.i18nService.t('updateEncryptionKeyWarning') + ' ' +
|
||||||
|
this.i18nService.t('rotateEncKeyConfirmation'), this.i18nService.t('rotateEncKeyTitle'),
|
||||||
|
this.i18nService.t('yes'), this.i18nService.t('no'), 'warning');
|
||||||
|
if (!result) {
|
||||||
|
this.rotateEncKey = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private getPasswordStrengthUserInput() {
|
private getPasswordStrengthUserInput() {
|
||||||
let userInput: string[] = [];
|
let userInput: string[] = [];
|
||||||
const atPosition = this.email.indexOf('@');
|
const atPosition = this.email.indexOf('@');
|
||||||
@ -113,4 +148,38 @@ export class ChangePasswordComponent implements OnInit {
|
|||||||
}
|
}
|
||||||
return userInput;
|
return userInput;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private async makeRequest(key: SymmetricCryptoKey, masterPasswordHash: string): Promise<UpdateKeyRequest> {
|
||||||
|
const encKey = await this.cryptoService.makeEncKey(key);
|
||||||
|
const privateKey = await this.cryptoService.getPrivateKey();
|
||||||
|
let encPrivateKey: CipherString = null;
|
||||||
|
if (privateKey != null) {
|
||||||
|
encPrivateKey = await this.cryptoService.encrypt(privateKey, encKey[0]);
|
||||||
|
}
|
||||||
|
const request = new UpdateKeyRequest();
|
||||||
|
request.privateKey = encPrivateKey != null ? encPrivateKey.encryptedString : null;
|
||||||
|
request.key = encKey[1].encryptedString;
|
||||||
|
request.masterPasswordHash = masterPasswordHash;
|
||||||
|
|
||||||
|
const folders = await this.folderService.getAllDecrypted();
|
||||||
|
for (let i = 0; i < folders.length; i++) {
|
||||||
|
if (folders[i].id == null) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
const folder = await this.folderService.encrypt(folders[i], encKey[0]);
|
||||||
|
request.folders.push(new FolderWithIdRequest(folder));
|
||||||
|
}
|
||||||
|
|
||||||
|
const ciphers = await this.cipherService.getAllDecrypted();
|
||||||
|
for (let i = 0; i < ciphers.length; i++) {
|
||||||
|
if (ciphers[i].organizationId != null) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
const cipher = await this.cipherService.encrypt(ciphers[i], encKey[0]);
|
||||||
|
request.ciphers.push(new CipherWithIdRequest(cipher));
|
||||||
|
}
|
||||||
|
|
||||||
|
return request;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -2530,5 +2530,14 @@
|
|||||||
},
|
},
|
||||||
"weakMasterPasswordDesc": {
|
"weakMasterPasswordDesc": {
|
||||||
"message": "The master password you have chosen is weak. You should use a strong master password (or a passphrase) to properly protect your Bitwarden account. Are you sure you want to use this master password?"
|
"message": "The master password you have chosen is weak. You should use a strong master password (or a passphrase) to properly protect your Bitwarden account. Are you sure you want to use this master password?"
|
||||||
|
},
|
||||||
|
"rotateAccountEncKey": {
|
||||||
|
"message": "Also rotate my account's encryption key"
|
||||||
|
},
|
||||||
|
"rotateEncKeyTitle": {
|
||||||
|
"message": "Rotate Encryption Key"
|
||||||
|
},
|
||||||
|
"rotateEncKeyConfirmation": {
|
||||||
|
"message": "Are you sure you want to rotate your account's encryption key?"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user