[PM-13455] Risk insights aggregation in a new service. (#12071)

* Risk insights aggregation in a new service. Initial PR. * Ignoring all non-login items and refactoring into a method * Cleaning up the documentation a little * logic for generating the report summary * application summary to list at risk applications not passwords * Adding more documentation and moving types to it's own file * Awaiting the raw data report and adding the start of the test file * Adding more test cases * Removing unnecessary file * Test cases update * Fixing memeber details test to have new member * Fixing password health tests * Moving to observables * removing commented code * commented code * Switching from ternary to if/else * nullable types * one more nullable type * Adding the fixme for strict types * moving the fixme --------- Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2024-12-18 15:47:57 +01:00 · 2024-12-12 09:55:43 -05:00 · 2024-12-12 09:55:43 -05:00 · 30c151f44a
commit 30c151f44a
parent 1b6b5d3110
7 changed files with 696 additions and 112 deletions
--- a/bitwarden_license/bit-common/src/tools/reports/risk-insights/models/password-health.ts
+++ b/bitwarden_license/bit-common/src/tools/reports/risk-insights/models/password-health.ts
@ -0,0 +1,92 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { BadgeVariant } from "@bitwarden/components";
 /**
 * All applications report summary. The total members,
 * total at risk members, application, and at risk application
 * counts. Aggregated from all calculated applications
 */
 export type ApplicationHealthReportSummary = {
  totalMemberCount: number;
  totalAtRiskMemberCount: number;
  totalApplicationCount: number;
  totalAtRiskApplicationCount: number;
 };
 /**
 * All applications report detail. Application is the cipher
 * uri. Has the at risk, password, and member information
 */
 export type ApplicationHealthReportDetail = {
  applicationName: string;
  passwordCount: number;
  atRiskPasswordCount: number;
  memberCount: number;
  memberDetails: MemberDetailsFlat[];
  atRiskMemberDetails: MemberDetailsFlat[];
 };
 /**
 * Breaks the cipher health info out by uri and passes
 * along the password health and member info
 */
 export type CipherHealthReportUriDetail = {
  cipherId: string;
  reusedPasswordCount: number;
  weakPasswordDetail: WeakPasswordDetail;
  exposedPasswordDetail: ExposedPasswordDetail;
  cipherMembers: MemberDetailsFlat[];
  trimmedUri: string;
 };
 /**
 * Associates a cipher with it's essential information.
 * Gets the password health details, cipher members, and
 * the trimmed uris for the cipher
 */
 export type CipherHealthReportDetail = CipherView & {
  reusedPasswordCount: number;
  weakPasswordDetail: WeakPasswordDetail;
  exposedPasswordDetail: ExposedPasswordDetail;
  cipherMembers: MemberDetailsFlat[];
  trimmedUris: string[];
 };
 /**
 * Weak password details containing the score
 * and the score type for the label and badge
 */
 export type WeakPasswordDetail = {
  score: number;
  detailValue: WeakPasswordScore;
 } | null;
 /**
 * Weak password details containing the badge and
 * the label for the password score
 */
 export type WeakPasswordScore = {
  label: string;
  badgeVariant: BadgeVariant;
 } | null;
 /**
 * How many times a password has been exposed
 */
 export type ExposedPasswordDetail = {
  exposedXTimes: number;
 } | null;
 /**
 * Flattened member details that associates an
 * organization member to a cipher
 */
 export type MemberDetailsFlat = {
  userName: string;
  email: string;
  cipherId: string;
 };
--- a/bitwarden_license/bit-common/src/tools/reports/risk-insights/services/ciphers.mock.ts
+++ b/bitwarden_license/bit-common/src/tools/reports/risk-insights/services/ciphers.mock.ts
@ -1,10 +1,18 @@
 import { LoginUriView } from "@bitwarden/common/vault/models/view/login-uri.view";
 const createLoginUriView = (uri: string): LoginUriView => {
  const view = new LoginUriView();
  view.uri = uri;
  return view;
 };
 export const mockCiphers: any[] = [
  {
    initializerKey: 1,
    id: "cbea34a8-bde4-46ad-9d19-b05001228ab1",
    organizationId: null,
    folderId: null,
-    name: "Cannot Be Edited",
+    name: "Weak Password Cipher",
    notes: null,
    isDeleted: false,
    type: 1,
@ -14,10 +22,11 @@ export const mockCiphers: any[] = [
      password: "123",
      hasUris: true,
      uris: [
-        { uri: "www.google.com" },
+        createLoginUriView("101domain.com"),
-        { uri: "accounts.google.com" },
+        createLoginUriView("www.google.com"),
-        { uri: "https://www.google.com" },
+        createLoginUriView("accounts.google.com"),
-        { uri: "https://www.google.com/login" },
+        createLoginUriView("https://www.google.com"),
        createLoginUriView("https://www.google.com/login"),
      ],
    },
    edit: false,
@ -31,23 +40,18 @@ export const mockCiphers: any[] = [
  },
  {
    initializerKey: 1,
-    id: "cbea34a8-bde4-46ad-9d19-b05001228ab2",
+    id: "cbea34a8-bde4-46ad-9d19-b05001228cd3",
    organizationId: null,
    folderId: null,
-    name: "Can Be Edited id ending 2",
+    name: "Strong Password Cipher",
    notes: null,
    isDeleted: false,
    type: 1,
    favorite: false,
    organizationUseTotp: false,
    login: {
-      password: "123",
+      password: "Password!123",
      hasUris: true,
-      uris: [
+      uris: [createLoginUriView("http://example.com")],
        {
          uri: "http://nothing.com",
        },
      ],
    },
    edit: true,
    viewPassword: true,
@ -60,22 +64,18 @@ export const mockCiphers: any[] = [
  },
  {
    initializerKey: 1,
-    id: "cbea34a8-bde4-46ad-9d19-b05001228cd3",
+    id: "cbea34a8-bde4-46ad-9d19-b05001228ab2",
    organizationId: null,
    folderId: null,
-    name: "Can Be Edited id ending 3",
+    name: "Strong password Cipher",
    notes: null,
    type: 1,
    favorite: false,
    organizationUseTotp: false,
    login: {
      password: "123",
      hasUris: true,
-      uris: [
+      password: "Password!1234",
-        {
+      uris: [createLoginUriView("101domain.com")],
          uri: "http://example.com",
        },
      ],
    },
    edit: true,
    viewPassword: true,
@ -91,14 +91,15 @@ export const mockCiphers: any[] = [
    id: "cbea34a8-bde4-46ad-9d19-b05001228xy4",
    organizationId: null,
    folderId: null,
-    name: "Can Be Edited id ending 4",
+    name: "Strong password Cipher",
    notes: null,
    type: 1,
    favorite: false,
    organizationUseTotp: false,
    login: {
      hasUris: true,
-      uris: [{ uri: "101domain.com" }],
+      password: "Password!123",
      uris: [createLoginUriView("example.com")],
    },
    edit: true,
    viewPassword: true,
@ -114,14 +115,39 @@ export const mockCiphers: any[] = [
    id: "cbea34a8-bde4-46ad-9d19-b05001227nm5",
    organizationId: null,
    folderId: null,
-    name: "Can Be Edited id ending 5",
+    name: "Exposed password Cipher",
    notes: null,
    type: 1,
    favorite: false,
    organizationUseTotp: false,
    login: {
      hasUris: true,
-      uris: [{ uri: "123formbuilder.com" }],
+      password: "123",
      uris: [createLoginUriView("123formbuilder.com"), createLoginUriView("www.google.com")],
    },
    edit: true,
    viewPassword: true,
    collectionIds: [],
    revisionDate: "2023-08-03T17:40:59.793Z",
    creationDate: "2023-08-03T17:40:59.793Z",
    deletedDate: null,
    reprompt: 0,
    localData: null,
  },
  {
    initializerKey: 1,
    id: "cbea34a8-bde4-46ad-9d19-b05001227tt1",
    organizationId: null,
    folderId: null,
    name: "Secure Co Login",
    notes: null,
    type: 1,
    favorite: false,
    organizationUseTotp: false,
    login: {
      hasUris: true,
      password: "4gRyhhOX2Og2p0",
      uris: [createLoginUriView("SecureCo.com")],
    },
    edit: true,
    viewPassword: true,
--- a/bitwarden_license/bit-common/src/tools/reports/risk-insights/services/index.ts
+++ b/bitwarden_license/bit-common/src/tools/reports/risk-insights/services/index.ts
@ -1,2 +1,3 @@
 export * from "./member-cipher-details-api.service";
 export * from "./password-health.service";
 export * from "./risk-insights-report.service";
--- a/bitwarden_license/bit-common/src/tools/reports/risk-insights/services/member-cipher-details-api.service.spec.ts
+++ b/bitwarden_license/bit-common/src/tools/reports/risk-insights/services/member-cipher-details-api.service.spec.ts
@ -69,6 +69,12 @@ export const mockMemberCipherDetails: any = [
      "cbea34a8-bde4-46ad-9d19-b05001228xy4",
    ],
  },
  {
    userName: "Mister Secure",
    email: "mister.secure@secureco.com",
    usesKeyConnector: true,
    cipherIds: ["cbea34a8-bde4-46ad-9d19-b05001227tt1"],
  },
 ];
 describe("Member Cipher Details API Service", () => {
@ -91,7 +97,7 @@ describe("Member Cipher Details API Service", () => {
    const orgId = "1234";
    const result = await memberCipherDetailsApiService.getMemberCipherDetails(orgId);
    expect(result).not.toBeNull();
-    expect(result).toHaveLength(6);
+    expect(result).toHaveLength(7);
    expect(apiService.send).toHaveBeenCalledWith(
      "GET",
      "/reports/member-cipher-details/" + orgId,
--- a/bitwarden_license/bit-common/src/tools/reports/risk-insights/services/password-health.service.spec.ts
+++ b/bitwarden_license/bit-common/src/tools/reports/risk-insights/services/password-health.service.spec.ts
@ -3,18 +3,15 @@ import { TestBed } from "@angular/core/testing";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import { mockCiphers } from "./ciphers.mock";
 import { MemberCipherDetailsApiService } from "./member-cipher-details-api.service";
 import { mockMemberCipherDetails } from "./member-cipher-details-api.service.spec";
 import { PasswordHealthService } from "./password-health.service";
 // FIXME: Remove password-health report service after PR-15498 completion
 describe("PasswordHealthService", () => {
  let service: PasswordHealthService;
  let cipherService: CipherService;
  let memberCipherDetailsApiService: MemberCipherDetailsApiService;
  beforeEach(() => {
    TestBed.configureTestingModule({
      providers: [
@ -51,8 +48,6 @@ describe("PasswordHealthService", () => {
    });
    service = TestBed.inject(PasswordHealthService);
    cipherService = TestBed.inject(CipherService);
    memberCipherDetailsApiService = TestBed.inject(MemberCipherDetailsApiService);
  });
  it("should be created", () => {
@ -67,83 +62,4 @@ describe("PasswordHealthService", () => {
    expect(service.exposedPasswordMap.size).toBe(0);
    expect(service.totalMembersMap.size).toBe(0);
  });
  describe("generateReport", () => {
    beforeEach(async () => {
      await service.generateReport();
    });
    it("should fetch all ciphers for the organization", () => {
      expect(cipherService.getAllFromApiForOrganization).toHaveBeenCalledWith("org1");
    });
    it("should fetch member cipher details", () => {
      expect(memberCipherDetailsApiService.getMemberCipherDetails).toHaveBeenCalledWith("org1");
    });
    it("should populate reportCiphers with ciphers that have issues", () => {
      expect(service.reportCiphers.length).toBeGreaterThan(0);
    });
    it("should detect weak passwords", () => {
      expect(service.passwordStrengthMap.size).toBeGreaterThan(0);
      expect(service.passwordStrengthMap.get("cbea34a8-bde4-46ad-9d19-b05001228ab1")).toEqual([
        "veryWeak",
        "danger",
      ]);
      expect(service.passwordStrengthMap.get("cbea34a8-bde4-46ad-9d19-b05001228ab2")).toEqual([
        "veryWeak",
        "danger",
      ]);
      expect(service.passwordStrengthMap.get("cbea34a8-bde4-46ad-9d19-b05001228cd3")).toEqual([
        "veryWeak",
        "danger",
      ]);
    });
    it("should detect reused passwords", () => {
      expect(service.passwordUseMap.get("123")).toBe(3);
    });
    it("should detect exposed passwords", () => {
      expect(service.exposedPasswordMap.size).toBeGreaterThan(0);
      expect(service.exposedPasswordMap.get("cbea34a8-bde4-46ad-9d19-b05001228ab1")).toBe(100);
    });
    it("should calculate total members per cipher", () => {
      expect(service.totalMembersMap.size).toBeGreaterThan(0);
      expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001228ab1")).toBe(2);
      expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001228ab2")).toBe(4);
      expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001228cd3")).toBe(5);
      expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001227nm5")).toBe(4);
      expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001227nm7")).toBe(1);
      expect(service.totalMembersMap.get("cbea34a8-bde4-46ad-9d19-b05001228xy4")).toBe(6);
    });
  });
  describe("findWeakPassword", () => {
    it("should add weak passwords to passwordStrengthMap", () => {
      const weakCipher = mockCiphers.find((c) => c.login?.password === "123") as CipherView;
      service.findWeakPassword(weakCipher);
      expect(service.passwordStrengthMap.get(weakCipher.id)).toEqual(["veryWeak", "danger"]);
    });
  });
  describe("findReusedPassword", () => {
    it("should detect password reuse", () => {
      mockCiphers.forEach((cipher) => {
        service.findReusedPassword(cipher as CipherView);
      });
      const reuseCounts = Array.from(service.passwordUseMap.values()).filter((count) => count > 1);
      expect(reuseCounts.length).toBeGreaterThan(0);
    });
  });
  describe("findExposedPassword", () => {
    it("should add exposed passwords to exposedPasswordMap", async () => {
      const exposedCipher = mockCiphers.find((c) => c.login?.password === "123") as CipherView;
      await service.findExposedPassword(exposedCipher);
      expect(service.exposedPasswordMap.get(exposedCipher.id)).toBe(100);
    });
  });
 });
--- a/bitwarden_license/bit-common/src/tools/reports/risk-insights/services/risk-insights-report.service.spec.ts
+++ b/bitwarden_license/bit-common/src/tools/reports/risk-insights/services/risk-insights-report.service.spec.ts
@ -0,0 +1,148 @@
 import { TestBed } from "@angular/core/testing";
 import { firstValueFrom } from "rxjs";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { mockCiphers } from "./ciphers.mock";
 import { MemberCipherDetailsApiService } from "./member-cipher-details-api.service";
 import { mockMemberCipherDetails } from "./member-cipher-details-api.service.spec";
 import { RiskInsightsReportService } from "./risk-insights-report.service";
 describe("RiskInsightsReportService", () => {
  let service: RiskInsightsReportService;
  beforeEach(() => {
    TestBed.configureTestingModule({
      providers: [
        RiskInsightsReportService,
        {
          provide: PasswordStrengthServiceAbstraction,
          useValue: {
            getPasswordStrength: (password: string) => {
              const score = password.length < 4 ? 1 : 4;
              return { score };
            },
          },
        },
        {
          provide: AuditService,
          useValue: {
            passwordLeaked: (password: string) => Promise.resolve(password === "123" ? 100 : 0),
          },
        },
        {
          provide: CipherService,
          useValue: {
            getAllFromApiForOrganization: jest.fn().mockResolvedValue(mockCiphers),
          },
        },
        {
          provide: MemberCipherDetailsApiService,
          useValue: {
            getMemberCipherDetails: jest.fn().mockResolvedValue(mockMemberCipherDetails),
          },
        },
      ],
    });
    service = TestBed.inject(RiskInsightsReportService);
  });
  it("should generate the raw data report correctly", async () => {
    const result = await firstValueFrom(service.generateRawDataReport$("orgId"));
    expect(result).toHaveLength(6);
    let testCaseResults = result.filter((x) => x.id === "cbea34a8-bde4-46ad-9d19-b05001228ab1");
    expect(testCaseResults).toHaveLength(1);
    let testCase = testCaseResults[0];
    expect(testCase).toBeTruthy();
    expect(testCase.cipherMembers).toHaveLength(2);
    expect(testCase.trimmedUris).toHaveLength(3);
    expect(testCase.weakPasswordDetail).toBeTruthy();
    expect(testCase.exposedPasswordDetail).toBeTruthy();
    expect(testCase.reusedPasswordCount).toEqual(2);
    testCaseResults = result.filter((x) => x.id === "cbea34a8-bde4-46ad-9d19-b05001227tt1");
    expect(testCaseResults).toHaveLength(1);
    testCase = testCaseResults[0];
    expect(testCase).toBeTruthy();
    expect(testCase.cipherMembers).toHaveLength(1);
    expect(testCase.trimmedUris).toHaveLength(1);
    expect(testCase.weakPasswordDetail).toBeFalsy();
    expect(testCase.exposedPasswordDetail).toBeFalsy();
    expect(testCase.reusedPasswordCount).toEqual(1);
  });
  it("should generate the raw data + uri report correctly", async () => {
    const result = await firstValueFrom(service.generateRawDataUriReport$("orgId"));
    expect(result).toHaveLength(9);
    // Two ciphers that have google.com as their uri. There should be 2 results
    const googleResults = result.filter((x) => x.trimmedUri === "google.com");
    expect(googleResults).toHaveLength(2);
    // Verify the details for one of the googles matches the password health info
    // expected
    const firstGoogle = googleResults.filter(
      (x) => x.cipherId === "cbea34a8-bde4-46ad-9d19-b05001228ab1" && x.trimmedUri === "google.com",
    )[0];
    expect(firstGoogle.weakPasswordDetail).toBeTruthy();
    expect(firstGoogle.exposedPasswordDetail).toBeTruthy();
    expect(firstGoogle.reusedPasswordCount).toEqual(2);
  });
  it("should generate applications health report data correctly", async () => {
    const result = await firstValueFrom(service.generateApplicationsReport$("orgId"));
    expect(result).toHaveLength(6);
    // Two ciphers have google.com associated with them. The first cipher
    // has 2 members and the second has 4. However, the 2 members in the first
    // cipher are also associated with the second. The total amount of members
    // should be 4 not 6
    const googleTestResults = result.filter((x) => x.applicationName === "google.com");
    expect(googleTestResults).toHaveLength(1);
    const googleTest = googleTestResults[0];
    expect(googleTest.memberCount).toEqual(4);
    // Both ciphers have at risk passwords
    expect(googleTest.passwordCount).toEqual(2);
    // All members are at risk since both ciphers are at risk
    expect(googleTest.atRiskMemberDetails).toHaveLength(4);
    expect(googleTest.atRiskPasswordCount).toEqual(2);
    // There are 2 ciphers associated with 101domain.com
    const domain101TestResults = result.filter((x) => x.applicationName === "101domain.com");
    expect(domain101TestResults).toHaveLength(1);
    const domain101Test = domain101TestResults[0];
    expect(domain101Test.passwordCount).toEqual(2);
    // The first cipher is at risk. The second cipher is not at risk
    expect(domain101Test.atRiskPasswordCount).toEqual(1);
    // The first cipher has 2 members. The second cipher the second
    // cipher has 4. One of the members in the first cipher is associated
    // with the second. So there should be 5 members total.
    expect(domain101Test.memberCount).toEqual(5);
    // The first cipher is at risk. The total at risk members is 2 and
    // at risk password count is 1.
    expect(domain101Test.atRiskMemberDetails).toHaveLength(2);
    expect(domain101Test.atRiskPasswordCount).toEqual(1);
  });
  it("should generate applications summary data correctly", async () => {
    const reportResult = await firstValueFrom(service.generateApplicationsReport$("orgId"));
    const reportSummary = service.generateApplicationsSummary(reportResult);
    expect(reportSummary.totalMemberCount).toEqual(7);
    expect(reportSummary.totalAtRiskMemberCount).toEqual(6);
    expect(reportSummary.totalApplicationCount).toEqual(6);
    expect(reportSummary.totalAtRiskApplicationCount).toEqual(5);
  });
 });
--- a/bitwarden_license/bit-common/src/tools/reports/risk-insights/services/risk-insights-report.service.ts
+++ b/bitwarden_license/bit-common/src/tools/reports/risk-insights/services/risk-insights-report.service.ts
@ -0,0 +1,395 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
 import { Injectable } from "@angular/core";
 import { concatMap, first, from, map, Observable, zip } from "rxjs";
 import { AuditService } from "@bitwarden/common/abstractions/audit.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CipherType } from "@bitwarden/common/vault/enums";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
 import {
  ApplicationHealthReportDetail,
  ApplicationHealthReportSummary,
  CipherHealthReportDetail,
  CipherHealthReportUriDetail,
  ExposedPasswordDetail,
  MemberDetailsFlat,
  WeakPasswordDetail,
  WeakPasswordScore,
 } from "../models/password-health";
 import { MemberCipherDetailsApiService } from "./member-cipher-details-api.service";
@Injectable()
 export class RiskInsightsReportService {
  constructor(
    private passwordStrengthService: PasswordStrengthServiceAbstraction,
    private auditService: AuditService,
    private cipherService: CipherService,
    private memberCipherDetailsApiService: MemberCipherDetailsApiService,
  ) {}
  /**
   * Report data from raw cipher health data.
   * Can be used in the Raw Data diagnostic tab (just exclude the members in the view)
   * and can be used in the raw data + members tab when including the members in the view
   * @param organizationId
   * @returns Cipher health report data with members and trimmed uris
   */
  generateRawDataReport$(organizationId: string): Observable<CipherHealthReportDetail[]> {
    const allCiphers$ = from(this.cipherService.getAllFromApiForOrganization(organizationId));
    const memberCiphers$ = from(
      this.memberCipherDetailsApiService.getMemberCipherDetails(organizationId),
    );
    const results$ = zip(allCiphers$, memberCiphers$).pipe(
      map(([allCiphers, memberCiphers]) => {
        const details: MemberDetailsFlat[] = memberCiphers.flatMap((dtl) =>
          dtl.cipherIds.map((c) => this.getMemberDetailsFlat(dtl.userName, dtl.email, c)),
        );
        return [allCiphers, details] as const;
      }),
      concatMap(([ciphers, flattenedDetails]) => this.getCipherDetails(ciphers, flattenedDetails)),
      first(),
    );
    return results$;
  }
  /**
   * Report data for raw cipher health broken out into the uris
   * Can be used in the raw data + members + uri diagnostic report
   * @param organizationId Id of the organization
   * @returns Cipher health report data flattened to the uris
   */
  generateRawDataUriReport$(organizationId: string): Observable<CipherHealthReportUriDetail[]> {
    const cipherHealthDetails$ = this.generateRawDataReport$(organizationId);
    const results$ = cipherHealthDetails$.pipe(
      map((healthDetails) => this.getCipherUriDetails(healthDetails)),
      first(),
    );
    return results$;
  }
  /**
   * Report data for the aggregation of uris to like uris and getting password/member counts,
   * members, and at risk statuses.
   * @param organizationId Id of the organization
   * @returns The all applications health report data
   */
  generateApplicationsReport$(organizationId: string): Observable<ApplicationHealthReportDetail[]> {
    const cipherHealthUriReport$ = this.generateRawDataUriReport$(organizationId);
    const results$ = cipherHealthUriReport$.pipe(
      map((uriDetails) => this.getApplicationHealthReport(uriDetails)),
      first(),
    );
    return results$;
  }
  /**
   * Gets the summary from the application health report. Returns total members and applications as well
   * as the total at risk members and at risk applications
   * @param reports The previously calculated application health report data
   * @returns A summary object containing report totals
   */
  generateApplicationsSummary(
    reports: ApplicationHealthReportDetail[],
  ): ApplicationHealthReportSummary {
    const totalMembers = reports.flatMap((x) => x.memberDetails);
    const uniqueMembers = this.getUniqueMembers(totalMembers);
    const atRiskMembers = reports.flatMap((x) => x.atRiskMemberDetails);
    const uniqueAtRiskMembers = this.getUniqueMembers(atRiskMembers);
    return {
      totalMemberCount: uniqueMembers.length,
      totalAtRiskMemberCount: uniqueAtRiskMembers.length,
      totalApplicationCount: reports.length,
      totalAtRiskApplicationCount: reports.filter((app) => app.atRiskPasswordCount > 0).length,
    };
  }
  /**
   * Associates the members with the ciphers they have access to. Calculates the password health.
   * Finds the trimmed uris.
   * @param ciphers Org ciphers
   * @param memberDetails Org members
   * @returns Cipher password health data with trimmed uris and associated members
   */
  private async getCipherDetails(
    ciphers: CipherView[],
    memberDetails: MemberDetailsFlat[],
  ): Promise<CipherHealthReportDetail[]> {
    const cipherHealthReports: CipherHealthReportDetail[] = [];
    const passwordUseMap = new Map<string, number>();
    for (const cipher of ciphers) {
      if (this.validateCipher(cipher)) {
        const weakPassword = this.findWeakPassword(cipher);
        // Looping over all ciphers needs to happen first to determine reused passwords over all ciphers.
        // Store in the set and evaluate later
        if (passwordUseMap.has(cipher.login.password)) {
          passwordUseMap.set(
            cipher.login.password,
            (passwordUseMap.get(cipher.login.password) || 0) + 1,
          );
        } else {
          passwordUseMap.set(cipher.login.password, 1);
        }
        const exposedPassword = await this.findExposedPassword(cipher);
        // Get the cipher members
        const cipherMembers = memberDetails.filter((x) => x.cipherId === cipher.id);
        // Trim uris to host name and create the cipher health report
        const cipherTrimmedUris = this.getTrimmedCipherUris(cipher);
        const cipherHealth = {
          ...cipher,
          weakPasswordDetail: weakPassword,
          exposedPasswordDetail: exposedPassword,
          cipherMembers: cipherMembers,
          trimmedUris: cipherTrimmedUris,
        } as CipherHealthReportDetail;
        cipherHealthReports.push(cipherHealth);
      }
    }
    // loop for reused passwords
    cipherHealthReports.forEach((detail) => {
      detail.reusedPasswordCount = passwordUseMap.get(detail.login.password) ?? 0;
    });
    return cipherHealthReports;
  }
  /**
   * Flattens the cipher to trimmed uris. Used for the raw data + uri
   * @param cipherHealthReport Cipher health report with uris and members
   * @returns Flattened cipher health details to uri
   */
  private getCipherUriDetails(
    cipherHealthReport: CipherHealthReportDetail[],
  ): CipherHealthReportUriDetail[] {
    return cipherHealthReport.flatMap((rpt) =>
      rpt.trimmedUris.map((u) => this.getFlattenedCipherDetails(rpt, u)),
    );
  }
  /**
   * Loop through the flattened cipher to uri data. If the item exists it's values need to be updated with the new item.
   * If the item is new, create and add the object with the flattened details
   * @param cipherHealthUriReport Cipher and password health info broken out into their uris
   * @returns Application health reports
   */
  private getApplicationHealthReport(
    cipherHealthUriReport: CipherHealthReportUriDetail[],
  ): ApplicationHealthReportDetail[] {
    const appReports: ApplicationHealthReportDetail[] = [];
    cipherHealthUriReport.forEach((uri) => {
      const index = appReports.findIndex((item) => item.applicationName === uri.trimmedUri);
      let atRisk: boolean = false;
      if (uri.exposedPasswordDetail || uri.weakPasswordDetail || uri.reusedPasswordCount > 1) {
        atRisk = true;
      }
      if (index === -1) {
        appReports.push(this.getApplicationReportDetail(uri, atRisk));
      } else {
        appReports[index] = this.getApplicationReportDetail(uri, atRisk, appReports[index]);
      }
    });
    return appReports;
  }
  private async findExposedPassword(cipher: CipherView): Promise<ExposedPasswordDetail> {
    const exposedCount = await this.auditService.passwordLeaked(cipher.login.password);
    if (exposedCount > 0) {
      const exposedDetail = { exposedXTimes: exposedCount } as ExposedPasswordDetail;
      return exposedDetail;
    }
    return null;
  }
  private findWeakPassword(cipher: CipherView): WeakPasswordDetail {
    const hasUserName = this.isUserNameNotEmpty(cipher);
    let userInput: string[] = [];
    if (hasUserName) {
      const atPosition = cipher.login.username.indexOf("@");
      if (atPosition > -1) {
        userInput = userInput
          .concat(
            cipher.login.username
              .substring(0, atPosition)
              .trim()
              .toLowerCase()
              .split(/[^A-Za-z0-9]/),
          )
          .filter((i) => i.length >= 3);
      } else {
        userInput = cipher.login.username
          .trim()
          .toLowerCase()
          .split(/[^A-Za-z0-9]/)
          .filter((i) => i.length >= 3);
      }
    }
    const { score } = this.passwordStrengthService.getPasswordStrength(
      cipher.login.password,
      null,
      userInput.length > 0 ? userInput : null,
    );
    if (score != null && score <= 2) {
      const scoreValue = this.weakPasswordScore(score);
      const weakPasswordDetail = { score: score, detailValue: scoreValue } as WeakPasswordDetail;
      return weakPasswordDetail;
    }
    return null;
  }
  private weakPasswordScore(score: number): WeakPasswordScore {
    switch (score) {
      case 4:
        return { label: "strong", badgeVariant: "success" };
      case 3:
        return { label: "good", badgeVariant: "primary" };
      case 2:
        return { label: "weak", badgeVariant: "warning" };
      default:
        return { label: "veryWeak", badgeVariant: "danger" };
    }
  }
  /**
   * Create the new application health report detail object with the details from the cipher health report uri detail object
   * update or create the at risk values if the item is at risk.
   * @param newUriDetail New cipher uri detail
   * @param isAtRisk If the cipher has a weak, exposed, or reused password it is at risk
   * @param existingUriDetail The previously processed Uri item
   * @returns The new or updated application health report detail
   */
  private getApplicationReportDetail(
    newUriDetail: CipherHealthReportUriDetail,
    isAtRisk: boolean,
    existingUriDetail?: ApplicationHealthReportDetail,
  ): ApplicationHealthReportDetail {
    const reportDetail = {
      applicationName: existingUriDetail
        ? existingUriDetail.applicationName
        : newUriDetail.trimmedUri,
      passwordCount: existingUriDetail ? existingUriDetail.passwordCount + 1 : 1,
      memberDetails: existingUriDetail
        ? this.getUniqueMembers(existingUriDetail.memberDetails.concat(newUriDetail.cipherMembers))
        : newUriDetail.cipherMembers,
      atRiskMemberDetails: existingUriDetail ? existingUriDetail.atRiskMemberDetails : [],
      atRiskPasswordCount: existingUriDetail ? existingUriDetail.atRiskPasswordCount : 0,
    } as ApplicationHealthReportDetail;
    if (isAtRisk) {
      (reportDetail.atRiskPasswordCount = reportDetail.atRiskPasswordCount + 1),
        (reportDetail.atRiskMemberDetails = this.getUniqueMembers(
          reportDetail.atRiskMemberDetails.concat(newUriDetail.cipherMembers),
        ));
    }
    reportDetail.memberCount = reportDetail.memberDetails.length;
    return reportDetail;
  }
  /**
   * Get a distinct array of members from a combined list. Input list may contain
   * duplicate members.
   * @param orgMembers Input list of members
   * @returns Distinct array of members
   */
  private getUniqueMembers(orgMembers: MemberDetailsFlat[]): MemberDetailsFlat[] {
    const existingEmails = new Set<string>();
    const distinctUsers = orgMembers.filter((member) => {
      if (existingEmails.has(member.email)) {
        return false;
      }
      existingEmails.add(member.email);
      return true;
    });
    return distinctUsers;
  }
  private getFlattenedCipherDetails(
    detail: CipherHealthReportDetail,
    uri: string,
  ): CipherHealthReportUriDetail {
    return {
      cipherId: detail.id,
      reusedPasswordCount: detail.reusedPasswordCount,
      weakPasswordDetail: detail.weakPasswordDetail,
      exposedPasswordDetail: detail.exposedPasswordDetail,
      cipherMembers: detail.cipherMembers,
      trimmedUri: uri,
    };
  }
  private getMemberDetailsFlat(
    userName: string,
    email: string,
    cipherId: string,
  ): MemberDetailsFlat {
    return {
      userName: userName,
      email: email,
      cipherId: cipherId,
    };
  }
  /**
   * Trim the cipher uris down to get the password health application.
   * The uri should only exist once after being trimmed. No duplication.
   * Example:
   *   - Untrimmed Uris: https://gmail.com, gmail.com/login
   *   - Both would trim to gmail.com
   *   - The cipher trimmed uri list should only return on instance in the list
   * @param cipher
   * @returns distinct list of trimmed cipher uris
   */
  private getTrimmedCipherUris(cipher: CipherView): string[] {
    const cipherUris: string[] = [];
    const uris = cipher.login?.uris ?? [];
    uris.map((u: { uri: string }) => {
      const uri = Utils.getHostname(u.uri).replace("www.", "");
      if (!cipherUris.includes(uri)) {
        cipherUris.push(uri);
      }
    });
    return cipherUris;
  }
  private isUserNameNotEmpty(c: CipherView): boolean {
    return !Utils.isNullOrWhitespace(c.login.username);
  }
  /**
   * Validates that the cipher is a login item, has a password
   * is not deleted, and the user can view the password
   * @param c the input cipher
   */
  private validateCipher(c: CipherView): boolean {
    const { type, login, isDeleted, viewPassword } = c;
    if (
      type !== CipherType.Login ||
      login.password == null ||
      login.password === "" ||
      isDeleted ||
      !viewPassword
    ) {
      return false;
    }
    return true;
  }
 }