Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-02-18 01:41:27 +01:00
Code Issues Projects Releases Wiki Activity

PM-1049 - Add TODOs for future changes needed as part of the Login Approval flows for TDE

Browse Source
This commit is contained in:
Jared Snider 2023-06-10 20:20:42 -04:00
parent 3768903b35
commit 5afc9ffd75
No known key found for this signature in database
GPG Key ID: A149DDD612516286
2 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libs/angular/src/auth/components/lock.component.ts
View File

@ -310,6 +310,9 @@ export class LockComponent implements OnInit, OnDestroy {
const usesKeyConnector = await this.keyConnectorService.getUsesKeyConnector();
this.hideInput = usesKeyConnector && !this.pinLock;
// TODO: might have to duplicate/extend this check a bit - should it use new AcctDecryptionOptions?
// if the user has no MP hash via TDE and they get here without biometric / pin as well, they should logout as well.
// Users with key connector and without biometric or pin has no MP to unlock using
if (usesKeyConnector && !(this.biometricLock || this.pinLock)) {
await this.vaultTimeoutService.logOut();

14
libs/angular/src/auth/components/login-with-device.component.ts
View File

@ -117,6 +117,13 @@ export class LoginWithDeviceComponent
private async confirmResponse(requestId: string) {
try {
// TODO for TDE: We are going to have to make changes here to support the new unlock flow as the user is already AuthN via SSO
// The existing flow currently works for unauthN users and authenticates them AND unlocks their vault.
// We only need the unlock portion of the logic to run.
// We need to make the approving device treats the MP hash as optional
// and make sure the server can handle that.
const response = await this.apiService.getAuthResponse(
requestId,
this.passwordlessRequest.accessCode
@ -126,6 +133,13 @@ export class LoginWithDeviceComponent
return;
}
// TODO for TDE:
// Add a check here to see if the user is already AuthN via SSO, then we
// have to figure out how to handle the unlock portion of the logic.
// Taken from PasswordlessLogInStrategy:
// await this.cryptoService.setKey(this.passwordlessCredentials.decKey);
// navigate to vault
const credentials = await this.buildLoginCredentials(requestId, response);
const loginResponse = await this.authService.logIn(credentials);