mirror of
https://github.com/bitwarden/browser.git
synced 2025-01-23 21:31:29 +01:00
Merge branch 'main' into autofill/pm-5189-fix-issues-present-with-inline-menu-rendering-in-iframes
This commit is contained in:
commit
5e875b29b8
@ -206,11 +206,29 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"files": ["libs/tools/generator/extensions/src/**/*.ts"],
|
"files": ["libs/tools/generator/extensions/history/src/**/*.ts"],
|
||||||
"rules": {
|
"rules": {
|
||||||
"no-restricted-imports": [
|
"no-restricted-imports": [
|
||||||
"error",
|
"error",
|
||||||
{ "patterns": ["@bitwarden/generator-extensions/*", "src/**/*"] }
|
{ "patterns": ["@bitwarden/generator-history/*", "src/**/*"] }
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"files": ["libs/tools/generator/extensions/legacy/src/**/*.ts"],
|
||||||
|
"rules": {
|
||||||
|
"no-restricted-imports": [
|
||||||
|
"error",
|
||||||
|
{ "patterns": ["@bitwarden/generator-legacy/*", "src/**/*"] }
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"files": ["libs/tools/generator/extensions/navigation/src/**/*.ts"],
|
||||||
|
"rules": {
|
||||||
|
"no-restricted-imports": [
|
||||||
|
"error",
|
||||||
|
{ "patterns": ["@bitwarden/generator-navigation/*", "src/**/*"] }
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "@bitwarden/browser",
|
"name": "@bitwarden/browser",
|
||||||
"version": "2024.6.2",
|
"version": "2024.6.3",
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"build": "cross-env MANIFEST_VERSION=3 webpack",
|
"build": "cross-env MANIFEST_VERSION=3 webpack",
|
||||||
"build:mv2": "webpack",
|
"build:mv2": "webpack",
|
||||||
|
@ -12,7 +12,7 @@ import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authenticatio
|
|||||||
import { BrowserRouterService } from "../../platform/popup/services/browser-router.service";
|
import { BrowserRouterService } from "../../platform/popup/services/browser-router.service";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This guard verifies the user's authetication status.
|
* This guard verifies the user's authentication status.
|
||||||
* If "Locked", it saves the intended route in memory and redirects to the lock screen. Otherwise, the intended route is allowed.
|
* If "Locked", it saves the intended route in memory and redirects to the lock screen. Otherwise, the intended route is allowed.
|
||||||
*/
|
*/
|
||||||
export const fido2AuthGuard: CanActivateFn = async (
|
export const fido2AuthGuard: CanActivateFn = async (
|
||||||
@ -27,8 +27,10 @@ export const fido2AuthGuard: CanActivateFn = async (
|
|||||||
|
|
||||||
if (authStatus === AuthenticationStatus.Locked) {
|
if (authStatus === AuthenticationStatus.Locked) {
|
||||||
// Appending fromLock=true to the query params to indicate that the user is being redirected from the lock screen, this is used for user verification.
|
// Appending fromLock=true to the query params to indicate that the user is being redirected from the lock screen, this is used for user verification.
|
||||||
const previousUrl = `${state.url}&fromLock=true`;
|
// TODO: Revert to use previousUrl once user verification for passkeys is approved for production.
|
||||||
routerService.setPreviousUrl(previousUrl);
|
// PM-4577 - https://github.com/bitwarden/clients/pull/8746
|
||||||
|
// const previousUrl = `${state.url}&fromLock=true`;
|
||||||
|
routerService.setPreviousUrl(state.url);
|
||||||
return router.createUrlTree(["/lock"], { queryParams: route.queryParams });
|
return router.createUrlTree(["/lock"], { queryParams: route.queryParams });
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
"manifest_version": 2,
|
"manifest_version": 2,
|
||||||
"name": "__MSG_extName__",
|
"name": "__MSG_extName__",
|
||||||
"short_name": "__MSG_appName__",
|
"short_name": "__MSG_appName__",
|
||||||
"version": "2024.6.2",
|
"version": "2024.6.3",
|
||||||
"description": "__MSG_extDesc__",
|
"description": "__MSG_extDesc__",
|
||||||
"default_locale": "en",
|
"default_locale": "en",
|
||||||
"author": "Bitwarden Inc.",
|
"author": "Bitwarden Inc.",
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
"minimum_chrome_version": "102.0",
|
"minimum_chrome_version": "102.0",
|
||||||
"name": "__MSG_extName__",
|
"name": "__MSG_extName__",
|
||||||
"short_name": "__MSG_appName__",
|
"short_name": "__MSG_appName__",
|
||||||
"version": "2024.6.2",
|
"version": "2024.6.3",
|
||||||
"description": "__MSG_extDesc__",
|
"description": "__MSG_extDesc__",
|
||||||
"default_locale": "en",
|
"default_locale": "en",
|
||||||
"author": "Bitwarden Inc.",
|
"author": "Bitwarden Inc.",
|
||||||
|
@ -27,6 +27,7 @@ import { LoginUriView } from "@bitwarden/common/vault/models/view/login-uri.view
|
|||||||
import { LoginView } from "@bitwarden/common/vault/models/view/login.view";
|
import { LoginView } from "@bitwarden/common/vault/models/view/login.view";
|
||||||
import { SecureNoteView } from "@bitwarden/common/vault/models/view/secure-note.view";
|
import { SecureNoteView } from "@bitwarden/common/vault/models/view/secure-note.view";
|
||||||
import { DialogService } from "@bitwarden/components";
|
import { DialogService } from "@bitwarden/components";
|
||||||
|
import { PasswordRepromptService } from "@bitwarden/vault";
|
||||||
|
|
||||||
import { ZonedMessageListenerService } from "../../../../platform/browser/zoned-message-listener.service";
|
import { ZonedMessageListenerService } from "../../../../platform/browser/zoned-message-listener.service";
|
||||||
import {
|
import {
|
||||||
@ -59,7 +60,6 @@ export class Fido2Component implements OnInit, OnDestroy {
|
|||||||
protected data$: Observable<ViewData>;
|
protected data$: Observable<ViewData>;
|
||||||
protected sessionId?: string;
|
protected sessionId?: string;
|
||||||
protected senderTabId?: string;
|
protected senderTabId?: string;
|
||||||
protected fromLock?: boolean;
|
|
||||||
protected ciphers?: CipherView[] = [];
|
protected ciphers?: CipherView[] = [];
|
||||||
protected displayedCiphers?: CipherView[] = [];
|
protected displayedCiphers?: CipherView[] = [];
|
||||||
protected loading = false;
|
protected loading = false;
|
||||||
@ -78,6 +78,7 @@ export class Fido2Component implements OnInit, OnDestroy {
|
|||||||
private logService: LogService,
|
private logService: LogService,
|
||||||
private dialogService: DialogService,
|
private dialogService: DialogService,
|
||||||
private browserMessagingApi: ZonedMessageListenerService,
|
private browserMessagingApi: ZonedMessageListenerService,
|
||||||
|
private passwordRepromptService: PasswordRepromptService,
|
||||||
private fido2UserVerificationService: Fido2UserVerificationService,
|
private fido2UserVerificationService: Fido2UserVerificationService,
|
||||||
) {}
|
) {}
|
||||||
|
|
||||||
@ -90,7 +91,6 @@ export class Fido2Component implements OnInit, OnDestroy {
|
|||||||
sessionId: queryParamMap.get("sessionId"),
|
sessionId: queryParamMap.get("sessionId"),
|
||||||
senderTabId: queryParamMap.get("senderTabId"),
|
senderTabId: queryParamMap.get("senderTabId"),
|
||||||
senderUrl: queryParamMap.get("senderUrl"),
|
senderUrl: queryParamMap.get("senderUrl"),
|
||||||
fromLock: queryParamMap.get("fromLock"),
|
|
||||||
})),
|
})),
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -103,7 +103,6 @@ export class Fido2Component implements OnInit, OnDestroy {
|
|||||||
this.sessionId = queryParams.sessionId;
|
this.sessionId = queryParams.sessionId;
|
||||||
this.senderTabId = queryParams.senderTabId;
|
this.senderTabId = queryParams.senderTabId;
|
||||||
this.url = queryParams.senderUrl;
|
this.url = queryParams.senderUrl;
|
||||||
this.fromLock = queryParams.fromLock === "true";
|
|
||||||
// For a 'NewSessionCreatedRequest', abort if it doesn't belong to the current session.
|
// For a 'NewSessionCreatedRequest', abort if it doesn't belong to the current session.
|
||||||
if (
|
if (
|
||||||
message.type === "NewSessionCreatedRequest" &&
|
message.type === "NewSessionCreatedRequest" &&
|
||||||
@ -213,11 +212,9 @@ export class Fido2Component implements OnInit, OnDestroy {
|
|||||||
protected async submit() {
|
protected async submit() {
|
||||||
const data = this.message$.value;
|
const data = this.message$.value;
|
||||||
if (data?.type === "PickCredentialRequest") {
|
if (data?.type === "PickCredentialRequest") {
|
||||||
const userVerified = await this.fido2UserVerificationService.handleUserVerification(
|
// TODO: Revert to use fido2 user verification service once user verification for passkeys is approved for production.
|
||||||
data.userVerification,
|
// PM-4577 - https://github.com/bitwarden/clients/pull/8746
|
||||||
this.cipher,
|
const userVerified = await this.handleUserVerification(data.userVerification, this.cipher);
|
||||||
this.fromLock,
|
|
||||||
);
|
|
||||||
|
|
||||||
this.send({
|
this.send({
|
||||||
sessionId: this.sessionId,
|
sessionId: this.sessionId,
|
||||||
@ -238,11 +235,9 @@ export class Fido2Component implements OnInit, OnDestroy {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
const userVerified = await this.fido2UserVerificationService.handleUserVerification(
|
// TODO: Revert to use fido2 user verification service once user verification for passkeys is approved for production.
|
||||||
data.userVerification,
|
// PM-4577 - https://github.com/bitwarden/clients/pull/8746
|
||||||
this.cipher,
|
const userVerified = await this.handleUserVerification(data.userVerification, this.cipher);
|
||||||
this.fromLock,
|
|
||||||
);
|
|
||||||
|
|
||||||
this.send({
|
this.send({
|
||||||
sessionId: this.sessionId,
|
sessionId: this.sessionId,
|
||||||
@ -259,21 +254,16 @@ export class Fido2Component implements OnInit, OnDestroy {
|
|||||||
const data = this.message$.value;
|
const data = this.message$.value;
|
||||||
if (data?.type === "ConfirmNewCredentialRequest") {
|
if (data?.type === "ConfirmNewCredentialRequest") {
|
||||||
const name = data.credentialName || data.rpId;
|
const name = data.credentialName || data.rpId;
|
||||||
const userVerified = await this.fido2UserVerificationService.handleUserVerification(
|
// TODO: Revert to check for user verification once user verification for passkeys is approved for production.
|
||||||
data.userVerification,
|
// PM-4577 - https://github.com/bitwarden/clients/pull/8746
|
||||||
this.cipher,
|
|
||||||
this.fromLock,
|
|
||||||
);
|
|
||||||
|
|
||||||
if (!data.userVerification || userVerified) {
|
|
||||||
await this.createNewCipher(name);
|
await this.createNewCipher(name);
|
||||||
}
|
|
||||||
|
|
||||||
|
// We are bypassing user verification pending approval.
|
||||||
this.send({
|
this.send({
|
||||||
sessionId: this.sessionId,
|
sessionId: this.sessionId,
|
||||||
cipherId: this.cipher?.id,
|
cipherId: this.cipher?.id,
|
||||||
type: "ConfirmNewCredentialResponse",
|
type: "ConfirmNewCredentialResponse",
|
||||||
userVerified,
|
userVerified: data.userVerification,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -322,7 +312,6 @@ export class Fido2Component implements OnInit, OnDestroy {
|
|||||||
uilocation: "popout",
|
uilocation: "popout",
|
||||||
senderTabId: this.senderTabId,
|
senderTabId: this.senderTabId,
|
||||||
sessionId: this.sessionId,
|
sessionId: this.sessionId,
|
||||||
fromLock: this.fromLock,
|
|
||||||
userVerification: data.userVerification,
|
userVerification: data.userVerification,
|
||||||
singleActionPopout: `${VaultPopoutType.fido2Popout}_${this.sessionId}`,
|
singleActionPopout: `${VaultPopoutType.fido2Popout}_${this.sessionId}`,
|
||||||
},
|
},
|
||||||
@ -393,6 +382,20 @@ export class Fido2Component implements OnInit, OnDestroy {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: Remove and use fido2 user verification service once user verification for passkeys is approved for production.
|
||||||
|
private async handleUserVerification(
|
||||||
|
userVerificationRequested: boolean,
|
||||||
|
cipher: CipherView,
|
||||||
|
): Promise<boolean> {
|
||||||
|
const masterPasswordRepromptRequired = cipher && cipher.reprompt !== 0;
|
||||||
|
|
||||||
|
if (masterPasswordRepromptRequired) {
|
||||||
|
return await this.passwordRepromptService.showPasswordPrompt();
|
||||||
|
}
|
||||||
|
|
||||||
|
return userVerificationRequested;
|
||||||
|
}
|
||||||
|
|
||||||
private send(msg: BrowserFido2Message) {
|
private send(msg: BrowserFido2Message) {
|
||||||
BrowserFido2UserInterfaceSession.sendMessage({
|
BrowserFido2UserInterfaceSession.sendMessage({
|
||||||
sessionId: this.sessionId,
|
sessionId: this.sessionId,
|
||||||
|
@ -144,6 +144,7 @@
|
|||||||
appStopClick
|
appStopClick
|
||||||
(click)="removePasskey()"
|
(click)="removePasskey()"
|
||||||
appA11yTitle="{{ 'removePasskey' | i18n }}"
|
appA11yTitle="{{ 'removePasskey' | i18n }}"
|
||||||
|
*ngIf="!(!cipher.edit && editMode)"
|
||||||
>
|
>
|
||||||
<i class="bwi bwi-fw bwi-minus-circle bwi-lg" aria-hidden="true"></i>
|
<i class="bwi bwi-fw bwi-minus-circle bwi-lg" aria-hidden="true"></i>
|
||||||
</button>
|
</button>
|
||||||
@ -542,6 +543,7 @@
|
|||||||
>
|
>
|
||||||
<button
|
<button
|
||||||
type="button"
|
type="button"
|
||||||
|
*ngIf="!(!cipher.edit && editMode)"
|
||||||
appStopClick
|
appStopClick
|
||||||
(click)="removeUri(u)"
|
(click)="removeUri(u)"
|
||||||
appA11yTitle="{{ 'remove' | i18n }}"
|
appA11yTitle="{{ 'remove' | i18n }}"
|
||||||
@ -558,6 +560,7 @@
|
|||||||
[hidden]="$any(u).showUriOptionsInput === true"
|
[hidden]="$any(u).showUriOptionsInput === true"
|
||||||
placeholder="{{ 'ex' | i18n }} https://google.com"
|
placeholder="{{ 'ex' | i18n }} https://google.com"
|
||||||
inputmode="url"
|
inputmode="url"
|
||||||
|
[readonly]="!cipher.edit && editMode"
|
||||||
appInputVerbatim
|
appInputVerbatim
|
||||||
/>
|
/>
|
||||||
<label for="loginUriMatch{{ i }}" class="sr-only">
|
<label for="loginUriMatch{{ i }}" class="sr-only">
|
||||||
@ -607,6 +610,7 @@
|
|||||||
appA11yTitle="{{ 'toggleOptions' | i18n }}"
|
appA11yTitle="{{ 'toggleOptions' | i18n }}"
|
||||||
(click)="toggleUriOptions(u)"
|
(click)="toggleUriOptions(u)"
|
||||||
[attr.aria-pressed]="$any(u).showOptions === true"
|
[attr.aria-pressed]="$any(u).showOptions === true"
|
||||||
|
[disabled]="!cipher.edit && editMode"
|
||||||
>
|
>
|
||||||
<i class="bwi bwi-fw bwi-lg bwi-cog" aria-hidden="true"></i>
|
<i class="bwi bwi-fw bwi-lg bwi-cog" aria-hidden="true"></i>
|
||||||
</button>
|
</button>
|
||||||
|
@ -170,17 +170,14 @@ export class AddEditComponent extends BaseAddEditComponent {
|
|||||||
|
|
||||||
async submit(): Promise<boolean> {
|
async submit(): Promise<boolean> {
|
||||||
const fido2SessionData = await firstValueFrom(this.fido2PopoutSessionData$);
|
const fido2SessionData = await firstValueFrom(this.fido2PopoutSessionData$);
|
||||||
const { isFido2Session, sessionId, userVerification, fromLock } = fido2SessionData;
|
const { isFido2Session, sessionId, userVerification } = fido2SessionData;
|
||||||
const inFido2PopoutWindow = BrowserPopupUtils.inPopout(window) && isFido2Session;
|
const inFido2PopoutWindow = BrowserPopupUtils.inPopout(window) && isFido2Session;
|
||||||
|
|
||||||
|
// TODO: Revert to use fido2 user verification service once user verification for passkeys is approved for production.
|
||||||
|
// PM-4577 - https://github.com/bitwarden/clients/pull/8746
|
||||||
if (
|
if (
|
||||||
inFido2PopoutWindow &&
|
inFido2PopoutWindow &&
|
||||||
userVerification &&
|
!(await this.handleFido2UserVerification(sessionId, userVerification))
|
||||||
!(await this.fido2UserVerificationService.handleUserVerification(
|
|
||||||
userVerification,
|
|
||||||
this.cipher,
|
|
||||||
fromLock,
|
|
||||||
))
|
|
||||||
) {
|
) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@ -389,4 +386,13 @@ export class AddEditComponent extends BaseAddEditComponent {
|
|||||||
this.load().catch((error) => this.logService.error(error));
|
this.load().catch((error) => this.logService.error(error));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO: Remove and use fido2 user verification service once user verification for passkeys is approved for production.
|
||||||
|
private async handleFido2UserVerification(
|
||||||
|
sessionId: string,
|
||||||
|
userVerification: boolean,
|
||||||
|
): Promise<boolean> {
|
||||||
|
// We are bypassing user verification pending approval for production.
|
||||||
|
return true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -21,7 +21,9 @@
|
|||||||
"@bitwarden/components": ["../../libs/components/src"],
|
"@bitwarden/components": ["../../libs/components/src"],
|
||||||
"@bitwarden/generator-components": ["../../libs/tools/generator/components/src"],
|
"@bitwarden/generator-components": ["../../libs/tools/generator/components/src"],
|
||||||
"@bitwarden/generator-core": ["../../libs/tools/generator/core/src"],
|
"@bitwarden/generator-core": ["../../libs/tools/generator/core/src"],
|
||||||
"@bitwarden/generator-extensions": ["../../libs/tools/generator/extensions/src"],
|
"@bitwarden/generator-history": ["../../libs/tools/generator/extensions/history/src"],
|
||||||
|
"@bitwarden/generator-legacy": ["../../libs/tools/generator/extensions/legacy/src"],
|
||||||
|
"@bitwarden/generator-navigation": ["../../libs/tools/generator/extensions/navigation/src"],
|
||||||
"@bitwarden/vault-export-core": [
|
"@bitwarden/vault-export-core": [
|
||||||
"../../libs/tools/export/vault-export/vault-export-core/src"
|
"../../libs/tools/export/vault-export/vault-export-core/src"
|
||||||
],
|
],
|
||||||
|
@ -127,7 +127,7 @@
|
|||||||
appStopClick
|
appStopClick
|
||||||
(click)="removePasskey()"
|
(click)="removePasskey()"
|
||||||
appA11yTitle="{{ 'removePasskey' | i18n }}"
|
appA11yTitle="{{ 'removePasskey' | i18n }}"
|
||||||
[disabled]="!cipher.edit && editMode"
|
*ngIf="!(!cipher.edit && editMode)"
|
||||||
>
|
>
|
||||||
<i class="bwi bwi-fw bwi-minus-circle bwi-lg" aria-hidden="true"></i>
|
<i class="bwi bwi-fw bwi-minus-circle bwi-lg" aria-hidden="true"></i>
|
||||||
</button>
|
</button>
|
||||||
@ -488,7 +488,7 @@
|
|||||||
appStopClick
|
appStopClick
|
||||||
(click)="removeUri(u)"
|
(click)="removeUri(u)"
|
||||||
appA11yTitle="{{ 'remove' | i18n }}"
|
appA11yTitle="{{ 'remove' | i18n }}"
|
||||||
[disabled]="!cipher.edit && editMode"
|
*ngIf="!(!cipher.edit && editMode)"
|
||||||
>
|
>
|
||||||
<i class="bwi bwi-minus-circle bwi-lg" aria-hidden="true"></i>
|
<i class="bwi bwi-minus-circle bwi-lg" aria-hidden="true"></i>
|
||||||
</button>
|
</button>
|
||||||
@ -500,6 +500,7 @@
|
|||||||
name="Login.Uris[{{ i }}].Uri"
|
name="Login.Uris[{{ i }}].Uri"
|
||||||
[(ngModel)]="u.uri"
|
[(ngModel)]="u.uri"
|
||||||
placeholder="{{ 'ex' | i18n }} https://google.com"
|
placeholder="{{ 'ex' | i18n }} https://google.com"
|
||||||
|
[readonly]="!cipher.edit && editMode"
|
||||||
appInputVerbatim
|
appInputVerbatim
|
||||||
/>
|
/>
|
||||||
<label for="loginUriMatch{{ i }}" class="sr-only">
|
<label for="loginUriMatch{{ i }}" class="sr-only">
|
||||||
@ -533,6 +534,7 @@
|
|||||||
($any(u).showOptions == null && u.match == null)
|
($any(u).showOptions == null && u.match == null)
|
||||||
)
|
)
|
||||||
"
|
"
|
||||||
|
[disabled]="!cipher.edit && editMode"
|
||||||
>
|
>
|
||||||
<i class="bwi bwi-lg bwi-cog" aria-hidden="true"></i>
|
<i class="bwi bwi-lg bwi-cog" aria-hidden="true"></i>
|
||||||
</button>
|
</button>
|
||||||
|
@ -19,7 +19,9 @@
|
|||||||
"@bitwarden/components": ["../../libs/components/src"],
|
"@bitwarden/components": ["../../libs/components/src"],
|
||||||
"@bitwarden/generator-components": ["../../libs/tools/generator/components/src"],
|
"@bitwarden/generator-components": ["../../libs/tools/generator/components/src"],
|
||||||
"@bitwarden/generator-core": ["../../libs/tools/generator/core/src"],
|
"@bitwarden/generator-core": ["../../libs/tools/generator/core/src"],
|
||||||
"@bitwarden/generator-extensions": ["../../libs/tools/generator/extensions/src"],
|
"@bitwarden/generator-history": ["../../libs/tools/generator/extensions/history/src"],
|
||||||
|
"@bitwarden/generator-legacy": ["../../libs/tools/generator/extensions/legacy/src"],
|
||||||
|
"@bitwarden/generator-navigation": ["../../libs/tools/generator/extensions/navigation/src"],
|
||||||
"@bitwarden/vault-export-core": [
|
"@bitwarden/vault-export-core": [
|
||||||
"../../libs/tools/export/vault-export/vault-export-core/src"
|
"../../libs/tools/export/vault-export/vault-export-core/src"
|
||||||
],
|
],
|
||||||
|
@ -3,9 +3,9 @@
|
|||||||
<p class="tw-text-xl tw-text-center tw-mb-4">{{ "deleteOrganization" | i18n }}</p>
|
<p class="tw-text-xl tw-text-center tw-mb-4">{{ "deleteOrganization" | i18n }}</p>
|
||||||
<div class="tw-rounded-md tw-border tw-border-solid tw-border-secondary-300 tw-bg-background">
|
<div class="tw-rounded-md tw-border tw-border-solid tw-border-secondary-300 tw-bg-background">
|
||||||
<div class="tw-p-5">
|
<div class="tw-p-5">
|
||||||
<app-callout type="warning">{{
|
<bit-callout type="warning">
|
||||||
"deletingOrganizationIsPermanentWarning" | i18n: name
|
{{ "deletingOrganizationIsPermanentWarning" | i18n: name }}
|
||||||
}}</app-callout>
|
</bit-callout>
|
||||||
<p class="tw-text-center">
|
<p class="tw-text-center">
|
||||||
<strong>{{ name }}</strong>
|
<strong>{{ name }}</strong>
|
||||||
</p>
|
</p>
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
<bit-dialog dialogSize="large" [title]="'confirmUsers' | i18n" [loading]="loading">
|
<bit-dialog dialogSize="large" [title]="'confirmUsers' | i18n" [loading]="loading">
|
||||||
<ng-container bitDialogContent>
|
<ng-container bitDialogContent>
|
||||||
<app-callout type="danger" *ngIf="filteredUsers.length <= 0">
|
<bit-callout type="danger" *ngIf="filteredUsers.length <= 0">
|
||||||
{{ "noSelectedUsersApplicable" | i18n }}
|
{{ "noSelectedUsersApplicable" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
<app-callout type="error" *ngIf="error">
|
<bit-callout type="danger" [title]="'error' | i18n" *ngIf="error">
|
||||||
{{ error }}
|
{{ error }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
<ng-container *ngIf="!loading && !done">
|
<ng-container *ngIf="!loading && !done">
|
||||||
<p bitTypography="body1">
|
<p bitTypography="body1">
|
||||||
{{ "fingerprintEnsureIntegrityVerify" | i18n }}
|
{{ "fingerprintEnsureIntegrityVerify" | i18n }}
|
||||||
|
@ -1,18 +1,18 @@
|
|||||||
<bit-dialog dialogSize="large" [title]="'removeUsers' | i18n">
|
<bit-dialog dialogSize="large" [title]="'removeUsers' | i18n">
|
||||||
<ng-container bitDialogContent>
|
<ng-container bitDialogContent>
|
||||||
<app-callout type="danger" *ngIf="users.length <= 0">
|
<bit-callout type="danger" *ngIf="users.length <= 0">
|
||||||
{{ "noSelectedUsersApplicable" | i18n }}
|
{{ "noSelectedUsersApplicable" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
<app-callout type="error" *ngIf="error">
|
<bit-callout type="danger" [title]="'error' | i18n" *ngIf="error">
|
||||||
{{ error }}
|
{{ error }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
<ng-container *ngIf="!done">
|
<ng-container *ngIf="!done">
|
||||||
<app-callout type="warning" *ngIf="users.length > 0 && !error">
|
<bit-callout type="warning" *ngIf="users.length > 0 && !error">
|
||||||
<p bitTypography="body1">{{ removeUsersWarning }}</p>
|
<p bitTypography="body1">{{ removeUsersWarning }}</p>
|
||||||
<p *ngIf="this.showNoMasterPasswordWarning" bitTypography="body1">
|
<p *ngIf="this.showNoMasterPasswordWarning" bitTypography="body1">
|
||||||
{{ "removeMembersWithoutMasterPasswordWarning" | i18n }}
|
{{ "removeMembersWithoutMasterPasswordWarning" | i18n }}
|
||||||
</p>
|
</p>
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
<bit-table>
|
<bit-table>
|
||||||
<ng-container header>
|
<ng-container header>
|
||||||
<tr>
|
<tr>
|
||||||
|
@ -48,14 +48,14 @@
|
|||||||
<ng-container *ngIf="firstLoaded">
|
<ng-container *ngIf="firstLoaded">
|
||||||
<p *ngIf="!dataSource.filteredData.length">{{ "noMembersInList" | i18n }}</p>
|
<p *ngIf="!dataSource.filteredData.length">{{ "noMembersInList" | i18n }}</p>
|
||||||
<ng-container *ngIf="dataSource.filteredData.length">
|
<ng-container *ngIf="dataSource.filteredData.length">
|
||||||
<app-callout
|
<bit-callout
|
||||||
type="info"
|
type="info"
|
||||||
title="{{ 'confirmUsers' | i18n }}"
|
title="{{ 'confirmUsers' | i18n }}"
|
||||||
icon="bwi bwi-check-circle"
|
icon="bwi-check-circle"
|
||||||
*ngIf="showConfirmUsers"
|
*ngIf="showConfirmUsers"
|
||||||
>
|
>
|
||||||
{{ "usersNeedConfirmed" | i18n }}
|
{{ "usersNeedConfirmed" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
<!-- The padding on the bottom of the cdk-virtual-scroll-viewport element is required to prevent table row content
|
<!-- The padding on the bottom of the cdk-virtual-scroll-viewport element is required to prevent table row content
|
||||||
from overflowing the <main> element. -->
|
from overflowing the <main> element. -->
|
||||||
<cdk-virtual-scroll-viewport scrollWindow [itemSize]="rowHeight" class="tw-pb-8">
|
<cdk-virtual-scroll-viewport scrollWindow [itemSize]="rowHeight" class="tw-pb-8">
|
||||||
|
@ -13,6 +13,7 @@ import { EncryptionType, KdfType } from "@bitwarden/common/platform/enums";
|
|||||||
import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
|
import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
|
||||||
import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
|
import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
|
||||||
import { CsprngArray } from "@bitwarden/common/types/csprng";
|
import { CsprngArray } from "@bitwarden/common/types/csprng";
|
||||||
|
import { UserId } from "@bitwarden/common/types/guid";
|
||||||
import { UserKey, OrgKey, MasterKey } from "@bitwarden/common/types/key";
|
import { UserKey, OrgKey, MasterKey } from "@bitwarden/common/types/key";
|
||||||
|
|
||||||
import { OrganizationUserResetPasswordService } from "./organization-user-reset-password.service";
|
import { OrganizationUserResetPasswordService } from "./organization-user-reset-password.service";
|
||||||
@ -157,7 +158,7 @@ describe("OrganizationUserResetPasswordService", () => {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe("getRotatedKeys", () => {
|
describe("getRotatedData", () => {
|
||||||
beforeEach(() => {
|
beforeEach(() => {
|
||||||
organizationService.getAll.mockResolvedValue([
|
organizationService.getAll.mockResolvedValue([
|
||||||
createOrganization("1", "org1"),
|
createOrganization("1", "org1"),
|
||||||
@ -175,12 +176,24 @@ describe("OrganizationUserResetPasswordService", () => {
|
|||||||
});
|
});
|
||||||
|
|
||||||
it("should return all re-encrypted account recovery keys", async () => {
|
it("should return all re-encrypted account recovery keys", async () => {
|
||||||
const result = await sut.getRotatedKeys(
|
const result = await sut.getRotatedData(
|
||||||
new SymmetricCryptoKey(new Uint8Array(64)) as UserKey,
|
new SymmetricCryptoKey(new Uint8Array(64)) as UserKey,
|
||||||
|
new SymmetricCryptoKey(new Uint8Array(64)) as UserKey,
|
||||||
|
"mockUserId" as UserId,
|
||||||
);
|
);
|
||||||
|
|
||||||
expect(result).toHaveLength(2);
|
expect(result).toHaveLength(2);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it("throws if the new user key is null", async () => {
|
||||||
|
await expect(
|
||||||
|
sut.getRotatedData(
|
||||||
|
new SymmetricCryptoKey(new Uint8Array(64)) as UserKey,
|
||||||
|
null,
|
||||||
|
"mockUserId" as UserId,
|
||||||
|
),
|
||||||
|
).rejects.toThrow("New user key is required for rotation.");
|
||||||
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
import { Injectable } from "@angular/core";
|
import { Injectable } from "@angular/core";
|
||||||
|
|
||||||
|
import { UserKeyRotationDataProvider } from "@bitwarden/auth/common";
|
||||||
import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
|
import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
|
||||||
import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
|
import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
|
||||||
import { OrganizationUserService } from "@bitwarden/common/admin-console/abstractions/organization-user/organization-user.service";
|
import { OrganizationUserService } from "@bitwarden/common/admin-console/abstractions/organization-user/organization-user.service";
|
||||||
@ -19,12 +20,15 @@ import { KdfType } from "@bitwarden/common/platform/enums";
|
|||||||
import { Utils } from "@bitwarden/common/platform/misc/utils";
|
import { Utils } from "@bitwarden/common/platform/misc/utils";
|
||||||
import { EncryptedString, EncString } from "@bitwarden/common/platform/models/domain/enc-string";
|
import { EncryptedString, EncString } from "@bitwarden/common/platform/models/domain/enc-string";
|
||||||
import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
|
import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
|
||||||
|
import { UserId } from "@bitwarden/common/types/guid";
|
||||||
import { UserKey } from "@bitwarden/common/types/key";
|
import { UserKey } from "@bitwarden/common/types/key";
|
||||||
|
|
||||||
@Injectable({
|
@Injectable({
|
||||||
providedIn: "root",
|
providedIn: "root",
|
||||||
})
|
})
|
||||||
export class OrganizationUserResetPasswordService {
|
export class OrganizationUserResetPasswordService
|
||||||
|
implements UserKeyRotationDataProvider<OrganizationUserResetPasswordWithIdRequest>
|
||||||
|
{
|
||||||
constructor(
|
constructor(
|
||||||
private cryptoService: CryptoService,
|
private cryptoService: CryptoService,
|
||||||
private encryptService: EncryptService,
|
private encryptService: EncryptService,
|
||||||
@ -129,11 +133,16 @@ export class OrganizationUserResetPasswordService {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns existing account recovery keys re-encrypted with the new user key.
|
* Returns existing account recovery keys re-encrypted with the new user key.
|
||||||
|
* @param originalUserKey the original user key
|
||||||
* @param newUserKey the new user key
|
* @param newUserKey the new user key
|
||||||
|
* @param userId the user id
|
||||||
* @throws Error if new user key is null
|
* @throws Error if new user key is null
|
||||||
|
* @returns a list of account recovery keys that have been re-encrypted with the new user key
|
||||||
*/
|
*/
|
||||||
async getRotatedKeys(
|
async getRotatedData(
|
||||||
|
originalUserKey: UserKey,
|
||||||
newUserKey: UserKey,
|
newUserKey: UserKey,
|
||||||
|
userId: UserId,
|
||||||
): Promise<OrganizationUserResetPasswordWithIdRequest[] | null> {
|
): Promise<OrganizationUserResetPasswordWithIdRequest[] | null> {
|
||||||
if (newUserKey == null) {
|
if (newUserKey == null) {
|
||||||
throw new Error("New user key is required for rotation.");
|
throw new Error("New user key is required for rotation.");
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
<app-callout type="warning">
|
<bit-callout type="warning">
|
||||||
{{ "disableSendExemption" | i18n }}
|
{{ "disableSendExemption" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
|
|
||||||
<bit-form-control>
|
<bit-form-control>
|
||||||
<input type="checkbox" bitCheckbox [formControl]="enabled" id="enabled" />
|
<input type="checkbox" bitCheckbox [formControl]="enabled" id="enabled" />
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
<app-callout type="info" *ngIf="showKeyConnectorInfo">
|
<bit-callout type="info" *ngIf="showKeyConnectorInfo">
|
||||||
{{ "keyConnectorPolicyRestriction" | i18n }}
|
{{ "keyConnectorPolicyRestriction" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
|
|
||||||
<div [formGroup]="data">
|
<div [formGroup]="data">
|
||||||
<bit-form-control>
|
<bit-form-control>
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
<app-callout type="warning">
|
<bit-callout type="warning">
|
||||||
{{ "personalOwnershipExemption" | i18n }}
|
{{ "personalOwnershipExemption" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<div class="form-check">
|
<div class="form-check">
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
<app-callout type="tip" title="{{ 'prerequisite' | i18n }}">
|
<bit-callout type="info" title="{{ 'prerequisite' | i18n }}">
|
||||||
{{ "requireSsoPolicyReq" | i18n }}
|
{{ "requireSsoPolicyReq" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
<app-callout type="warning">
|
<bit-callout type="warning">
|
||||||
{{ "requireSsoExemption" | i18n }}
|
{{ "requireSsoExemption" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
|
|
||||||
<bit-form-control>
|
<bit-form-control>
|
||||||
<input type="checkbox" bitCheckbox [formControl]="enabled" id="enabled" />
|
<input type="checkbox" bitCheckbox [formControl]="enabled" id="enabled" />
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
<app-callout type="warning">
|
<bit-callout type="warning">
|
||||||
{{ "sendOptionsExemption" | i18n }}
|
{{ "sendOptionsExemption" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
|
|
||||||
<bit-form-control>
|
<bit-form-control>
|
||||||
<input type="checkbox" bitCheckbox [formControl]="enabled" id="enabled" />
|
<input type="checkbox" bitCheckbox [formControl]="enabled" id="enabled" />
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
<app-callout type="warning">
|
<bit-callout type="warning">
|
||||||
{{ "singleOrgPolicyWarning" | i18n }}
|
{{ "singleOrgPolicyWarning" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
|
|
||||||
<bit-form-control>
|
<bit-form-control>
|
||||||
<input type="checkbox" bitCheckbox [formControl]="enabled" id="enabled" />
|
<input type="checkbox" bitCheckbox [formControl]="enabled" id="enabled" />
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
<app-callout type="warning">
|
<bit-callout type="warning">
|
||||||
{{ "twoStepLoginPolicyWarning" | i18n }}
|
{{ "twoStepLoginPolicyWarning" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
|
|
||||||
<bit-form-control>
|
<bit-form-control>
|
||||||
<input type="checkbox" id="enabled" bitCheckbox [formControl]="enabled" />
|
<input type="checkbox" id="enabled" bitCheckbox [formControl]="enabled" />
|
||||||
|
@ -2,9 +2,9 @@
|
|||||||
<bit-dialog [loading]="!loaded">
|
<bit-dialog [loading]="!loaded">
|
||||||
<span bitDialogTitle>{{ "deleteOrganization" | i18n }}</span>
|
<span bitDialogTitle>{{ "deleteOrganization" | i18n }}</span>
|
||||||
<div bitDialogContent>
|
<div bitDialogContent>
|
||||||
<app-callout type="warning">{{
|
<bit-callout type="warning">
|
||||||
"deletingOrganizationIsPermanentWarning" | i18n: organization?.name
|
{{ "deletingOrganizationIsPermanentWarning" | i18n: organization?.name }}
|
||||||
}}</app-callout>
|
</bit-callout>
|
||||||
<p id="organizationDeleteDescription">
|
<p id="organizationDeleteDescription">
|
||||||
<ng-container
|
<ng-container
|
||||||
*ngIf="
|
*ngIf="
|
||||||
|
@ -190,7 +190,7 @@ describe("WebauthnAdminService", () => {
|
|||||||
it("should throw when old userkey is null", async () => {
|
it("should throw when old userkey is null", async () => {
|
||||||
const newUserKey = makeSymmetricCryptoKey(64) as UserKey;
|
const newUserKey = makeSymmetricCryptoKey(64) as UserKey;
|
||||||
try {
|
try {
|
||||||
await service.rotateWebAuthnKeys(null, newUserKey);
|
await service.getRotatedData(null, newUserKey, null);
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
expect(error).toEqual(new Error("oldUserKey is required"));
|
expect(error).toEqual(new Error("oldUserKey is required"));
|
||||||
}
|
}
|
||||||
@ -198,7 +198,7 @@ describe("WebauthnAdminService", () => {
|
|||||||
it("should throw when new userkey is null", async () => {
|
it("should throw when new userkey is null", async () => {
|
||||||
const oldUserKey = makeSymmetricCryptoKey(64) as UserKey;
|
const oldUserKey = makeSymmetricCryptoKey(64) as UserKey;
|
||||||
try {
|
try {
|
||||||
await service.rotateWebAuthnKeys(oldUserKey, null);
|
await service.getRotatedData(oldUserKey, null, null);
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
expect(error).toEqual(new Error("newUserKey is required"));
|
expect(error).toEqual(new Error("newUserKey is required"));
|
||||||
}
|
}
|
||||||
@ -222,7 +222,7 @@ describe("WebauthnAdminService", () => {
|
|||||||
.mockResolvedValue(
|
.mockResolvedValue(
|
||||||
new RotateableKeySet<PrfKey>(mockEncryptedUserKey, mockEncryptedPublicKey),
|
new RotateableKeySet<PrfKey>(mockEncryptedUserKey, mockEncryptedPublicKey),
|
||||||
);
|
);
|
||||||
await service.rotateWebAuthnKeys(oldUserKey, newUserKey);
|
await service.getRotatedData(oldUserKey, newUserKey, null);
|
||||||
expect(rotateKeySetMock).toHaveBeenCalledWith(
|
expect(rotateKeySetMock).toHaveBeenCalledWith(
|
||||||
expect.any(RotateableKeySet),
|
expect.any(RotateableKeySet),
|
||||||
oldUserKey,
|
oldUserKey,
|
||||||
@ -242,7 +242,7 @@ describe("WebauthnAdminService", () => {
|
|||||||
],
|
],
|
||||||
} as any);
|
} as any);
|
||||||
const rotateKeySetMock = jest.spyOn(rotateableKeySetService, "rotateKeySet");
|
const rotateKeySetMock = jest.spyOn(rotateableKeySetService, "rotateKeySet");
|
||||||
await service.rotateWebAuthnKeys(oldUserKey, newUserKey);
|
await service.getRotatedData(oldUserKey, newUserKey, null);
|
||||||
expect(rotateKeySetMock).not.toHaveBeenCalled();
|
expect(rotateKeySetMock).not.toHaveBeenCalled();
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
import { Injectable, Optional } from "@angular/core";
|
import { Injectable, Optional } from "@angular/core";
|
||||||
import { BehaviorSubject, filter, from, map, Observable, shareReplay, switchMap, tap } from "rxjs";
|
import { BehaviorSubject, filter, from, map, Observable, shareReplay, switchMap, tap } from "rxjs";
|
||||||
|
|
||||||
import { PrfKeySet } from "@bitwarden/auth/common";
|
import { PrfKeySet, UserKeyRotationDataProvider } from "@bitwarden/auth/common";
|
||||||
import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
|
import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
|
||||||
import { WebAuthnLoginPrfCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/webauthn/webauthn-login-prf-crypto.service.abstraction";
|
import { WebAuthnLoginPrfCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/webauthn/webauthn-login-prf-crypto.service.abstraction";
|
||||||
import { WebauthnRotateCredentialRequest } from "@bitwarden/common/auth/models/request/webauthn-rotate-credential.request";
|
import { WebauthnRotateCredentialRequest } from "@bitwarden/common/auth/models/request/webauthn-rotate-credential.request";
|
||||||
@ -9,6 +9,7 @@ import { WebAuthnLoginCredentialAssertionOptionsView } from "@bitwarden/common/a
|
|||||||
import { WebAuthnLoginCredentialAssertionView } from "@bitwarden/common/auth/models/view/webauthn-login/webauthn-login-credential-assertion.view";
|
import { WebAuthnLoginCredentialAssertionView } from "@bitwarden/common/auth/models/view/webauthn-login/webauthn-login-credential-assertion.view";
|
||||||
import { Verification } from "@bitwarden/common/auth/types/verification";
|
import { Verification } from "@bitwarden/common/auth/types/verification";
|
||||||
import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
|
import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
|
||||||
|
import { UserId } from "@bitwarden/common/types/guid";
|
||||||
import { UserKey } from "@bitwarden/common/types/key";
|
import { UserKey } from "@bitwarden/common/types/key";
|
||||||
|
|
||||||
import { CredentialCreateOptionsView } from "../../views/credential-create-options.view";
|
import { CredentialCreateOptionsView } from "../../views/credential-create-options.view";
|
||||||
@ -25,7 +26,9 @@ import { WebAuthnLoginAdminApiService } from "./webauthn-login-admin-api.service
|
|||||||
/**
|
/**
|
||||||
* Service for managing WebAuthnLogin credentials.
|
* Service for managing WebAuthnLogin credentials.
|
||||||
*/
|
*/
|
||||||
export class WebauthnLoginAdminService {
|
export class WebauthnLoginAdminService
|
||||||
|
implements UserKeyRotationDataProvider<WebauthnRotateCredentialRequest>
|
||||||
|
{
|
||||||
static readonly MaxCredentialCount = 5;
|
static readonly MaxCredentialCount = 5;
|
||||||
|
|
||||||
private navigatorCredentials: CredentialsContainer;
|
private navigatorCredentials: CredentialsContainer;
|
||||||
@ -283,11 +286,13 @@ export class WebauthnLoginAdminService {
|
|||||||
*
|
*
|
||||||
* @param oldUserKey The old user key
|
* @param oldUserKey The old user key
|
||||||
* @param newUserKey The new user key
|
* @param newUserKey The new user key
|
||||||
|
* @param userId The user id
|
||||||
* @returns A promise that returns an array of rotate credential requests when resolved.
|
* @returns A promise that returns an array of rotate credential requests when resolved.
|
||||||
*/
|
*/
|
||||||
async rotateWebAuthnKeys(
|
async getRotatedData(
|
||||||
oldUserKey: UserKey,
|
oldUserKey: UserKey,
|
||||||
newUserKey: UserKey,
|
newUserKey: UserKey,
|
||||||
|
userId: UserId,
|
||||||
): Promise<WebauthnRotateCredentialRequest[]> {
|
): Promise<WebauthnRotateCredentialRequest[]> {
|
||||||
if (!oldUserKey) {
|
if (!oldUserKey) {
|
||||||
throw new Error("oldUserKey is required");
|
throw new Error("oldUserKey is required");
|
||||||
|
@ -11,6 +11,7 @@ import { EncryptionType, KdfType } from "@bitwarden/common/platform/enums";
|
|||||||
import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
|
import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
|
||||||
import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
|
import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
|
||||||
import { CsprngArray } from "@bitwarden/common/types/csprng";
|
import { CsprngArray } from "@bitwarden/common/types/csprng";
|
||||||
|
import { UserId } from "@bitwarden/common/types/guid";
|
||||||
import { UserKey, MasterKey } from "@bitwarden/common/types/key";
|
import { UserKey, MasterKey } from "@bitwarden/common/types/key";
|
||||||
import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
|
import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
|
||||||
|
|
||||||
@ -223,8 +224,11 @@ describe("EmergencyAccessService", () => {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe("getRotatedKeys", () => {
|
describe("getRotatedData", () => {
|
||||||
let mockUserKey: UserKey;
|
const mockRandomBytes = new Uint8Array(64) as CsprngArray;
|
||||||
|
const mockOriginalUserKey = new SymmetricCryptoKey(mockRandomBytes) as UserKey;
|
||||||
|
const mockNewUserKey = new SymmetricCryptoKey(mockRandomBytes) as UserKey;
|
||||||
|
|
||||||
const allowedStatuses = [
|
const allowedStatuses = [
|
||||||
EmergencyAccessStatusType.Confirmed,
|
EmergencyAccessStatusType.Confirmed,
|
||||||
EmergencyAccessStatusType.RecoveryInitiated,
|
EmergencyAccessStatusType.RecoveryInitiated,
|
||||||
@ -242,9 +246,6 @@ describe("EmergencyAccessService", () => {
|
|||||||
} as ListResponse<EmergencyAccessGranteeDetailsResponse>;
|
} as ListResponse<EmergencyAccessGranteeDetailsResponse>;
|
||||||
|
|
||||||
beforeEach(() => {
|
beforeEach(() => {
|
||||||
const mockRandomBytes = new Uint8Array(64) as CsprngArray;
|
|
||||||
mockUserKey = new SymmetricCryptoKey(mockRandomBytes) as UserKey;
|
|
||||||
|
|
||||||
emergencyAccessApiService.getEmergencyAccessTrusted.mockResolvedValue(mockEmergencyAccess);
|
emergencyAccessApiService.getEmergencyAccessTrusted.mockResolvedValue(mockEmergencyAccess);
|
||||||
apiService.getUserPublicKey.mockResolvedValue({
|
apiService.getUserPublicKey.mockResolvedValue({
|
||||||
userId: "mockUserId",
|
userId: "mockUserId",
|
||||||
@ -259,10 +260,20 @@ describe("EmergencyAccessService", () => {
|
|||||||
});
|
});
|
||||||
|
|
||||||
it("Only returns emergency accesses with allowed statuses", async () => {
|
it("Only returns emergency accesses with allowed statuses", async () => {
|
||||||
const result = await emergencyAccessService.getRotatedKeys(mockUserKey);
|
const result = await emergencyAccessService.getRotatedData(
|
||||||
|
mockOriginalUserKey,
|
||||||
|
mockNewUserKey,
|
||||||
|
"mockUserId" as UserId,
|
||||||
|
);
|
||||||
|
|
||||||
expect(result).toHaveLength(allowedStatuses.length);
|
expect(result).toHaveLength(allowedStatuses.length);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it("throws if new user key is null", async () => {
|
||||||
|
await expect(
|
||||||
|
emergencyAccessService.getRotatedData(mockOriginalUserKey, null, "mockUserId" as UserId),
|
||||||
|
).rejects.toThrow("New user key is required for rotation.");
|
||||||
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -1,5 +1,6 @@
|
|||||||
import { Injectable } from "@angular/core";
|
import { Injectable } from "@angular/core";
|
||||||
|
|
||||||
|
import { UserKeyRotationDataProvider } from "@bitwarden/auth/common";
|
||||||
import { ApiService } from "@bitwarden/common/abstractions/api.service";
|
import { ApiService } from "@bitwarden/common/abstractions/api.service";
|
||||||
import { PolicyData } from "@bitwarden/common/admin-console/models/data/policy.data";
|
import { PolicyData } from "@bitwarden/common/admin-console/models/data/policy.data";
|
||||||
import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
|
import { Policy } from "@bitwarden/common/admin-console/models/domain/policy";
|
||||||
@ -15,6 +16,7 @@ import { KdfType } from "@bitwarden/common/platform/enums";
|
|||||||
import { Utils } from "@bitwarden/common/platform/misc/utils";
|
import { Utils } from "@bitwarden/common/platform/misc/utils";
|
||||||
import { EncryptedString } from "@bitwarden/common/platform/models/domain/enc-string";
|
import { EncryptedString } from "@bitwarden/common/platform/models/domain/enc-string";
|
||||||
import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
|
import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
|
||||||
|
import { UserId } from "@bitwarden/common/types/guid";
|
||||||
import { UserKey } from "@bitwarden/common/types/key";
|
import { UserKey } from "@bitwarden/common/types/key";
|
||||||
import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
|
import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
|
||||||
import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
|
import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
|
||||||
@ -35,7 +37,9 @@ import {
|
|||||||
import { EmergencyAccessApiService } from "./emergency-access-api.service";
|
import { EmergencyAccessApiService } from "./emergency-access-api.service";
|
||||||
|
|
||||||
@Injectable()
|
@Injectable()
|
||||||
export class EmergencyAccessService {
|
export class EmergencyAccessService
|
||||||
|
implements UserKeyRotationDataProvider<EmergencyAccessWithIdRequest>
|
||||||
|
{
|
||||||
constructor(
|
constructor(
|
||||||
private emergencyAccessApiService: EmergencyAccessApiService,
|
private emergencyAccessApiService: EmergencyAccessApiService,
|
||||||
private apiService: ApiService,
|
private apiService: ApiService,
|
||||||
@ -286,9 +290,21 @@ export class EmergencyAccessService {
|
|||||||
/**
|
/**
|
||||||
* Returns existing emergency access keys re-encrypted with new user key.
|
* Returns existing emergency access keys re-encrypted with new user key.
|
||||||
* Intended for grantor.
|
* Intended for grantor.
|
||||||
|
* @param originalUserKey the original user key
|
||||||
* @param newUserKey the new user key
|
* @param newUserKey the new user key
|
||||||
|
* @param userId the user id
|
||||||
|
* @throws Error if newUserKey is nullish
|
||||||
|
* @returns an array of re-encrypted emergency access requests or an empty array if there are no requests
|
||||||
*/
|
*/
|
||||||
async getRotatedKeys(newUserKey: UserKey): Promise<EmergencyAccessWithIdRequest[]> {
|
async getRotatedData(
|
||||||
|
originalUserKey: UserKey,
|
||||||
|
newUserKey: UserKey,
|
||||||
|
userId: UserId,
|
||||||
|
): Promise<EmergencyAccessWithIdRequest[]> {
|
||||||
|
if (newUserKey == null) {
|
||||||
|
throw new Error("New user key is required for rotation.");
|
||||||
|
}
|
||||||
|
|
||||||
const requests: EmergencyAccessWithIdRequest[] = [];
|
const requests: EmergencyAccessWithIdRequest[] = [];
|
||||||
const existingEmergencyAccess =
|
const existingEmergencyAccess =
|
||||||
await this.emergencyAccessApiService.getEmergencyAccessTrusted();
|
await this.emergencyAccessApiService.getEmergencyAccessTrusted();
|
||||||
|
@ -1,37 +1,30 @@
|
|||||||
import { mock, MockProxy } from "jest-mock-extended";
|
import { mock, MockProxy } from "jest-mock-extended";
|
||||||
import { BehaviorSubject, of } from "rxjs";
|
import { BehaviorSubject } from "rxjs";
|
||||||
|
|
||||||
|
import { OrganizationUserResetPasswordWithIdRequest } from "@bitwarden/common/admin-console/abstractions/organization-user/requests";
|
||||||
import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
|
import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
|
||||||
import { KdfConfigService } from "@bitwarden/common/auth/abstractions/kdf-config.service";
|
import { KdfConfigService } from "@bitwarden/common/auth/abstractions/kdf-config.service";
|
||||||
|
import { WebauthnRotateCredentialRequest } from "@bitwarden/common/auth/models/request/webauthn-rotate-credential.request";
|
||||||
import { FakeMasterPasswordService } from "@bitwarden/common/auth/services/master-password/fake-master-password.service";
|
import { FakeMasterPasswordService } from "@bitwarden/common/auth/services/master-password/fake-master-password.service";
|
||||||
import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
|
import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
|
||||||
import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
|
import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
|
||||||
import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
|
import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
|
||||||
import { EncryptionType } from "@bitwarden/common/platform/enums";
|
|
||||||
import { Utils } from "@bitwarden/common/platform/misc/utils";
|
|
||||||
import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
|
|
||||||
import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
|
import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
|
||||||
import { Send } from "@bitwarden/common/tools/send/models/domain/send";
|
import { SendWithIdRequest } from "@bitwarden/common/tools/send/models/request/send-with-id.request";
|
||||||
import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
|
import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
|
||||||
import { UserId } from "@bitwarden/common/types/guid";
|
import { UserId } from "@bitwarden/common/types/guid";
|
||||||
import { UserKey } from "@bitwarden/common/types/key";
|
import { UserKey, UserPrivateKey } from "@bitwarden/common/types/key";
|
||||||
import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
|
import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
|
||||||
import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
|
import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
|
||||||
import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
|
import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
|
||||||
import { CipherType } from "@bitwarden/common/vault/enums/cipher-type";
|
import { CipherType } from "@bitwarden/common/vault/enums";
|
||||||
import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
|
import { CipherWithIdRequest } from "@bitwarden/common/vault/models/request/cipher-with-id.request";
|
||||||
import { Folder } from "@bitwarden/common/vault/models/domain/folder";
|
import { FolderWithIdRequest } from "@bitwarden/common/vault/models/request/folder-with-id.request";
|
||||||
import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
|
|
||||||
import { FolderView } from "@bitwarden/common/vault/models/view/folder.view";
|
|
||||||
|
|
||||||
import {
|
|
||||||
FakeAccountService,
|
|
||||||
mockAccountServiceWith,
|
|
||||||
} from "../../../../../../libs/common/spec/fake-account-service";
|
|
||||||
import { OrganizationUserResetPasswordService } from "../../admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service";
|
import { OrganizationUserResetPasswordService } from "../../admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service";
|
||||||
import { StateService } from "../../core";
|
|
||||||
import { WebauthnLoginAdminService } from "../core";
|
import { WebauthnLoginAdminService } from "../core";
|
||||||
import { EmergencyAccessService } from "../emergency-access";
|
import { EmergencyAccessService } from "../emergency-access";
|
||||||
|
import { EmergencyAccessWithIdRequest } from "../emergency-access/request/emergency-access-update.request";
|
||||||
|
|
||||||
import { UserKeyRotationApiService } from "./user-key-rotation-api.service";
|
import { UserKeyRotationApiService } from "./user-key-rotation-api.service";
|
||||||
import { UserKeyRotationService } from "./user-key-rotation.service";
|
import { UserKeyRotationService } from "./user-key-rotation.service";
|
||||||
@ -48,16 +41,19 @@ describe("KeyRotationService", () => {
|
|||||||
let mockDeviceTrustService: MockProxy<DeviceTrustServiceAbstraction>;
|
let mockDeviceTrustService: MockProxy<DeviceTrustServiceAbstraction>;
|
||||||
let mockCryptoService: MockProxy<CryptoService>;
|
let mockCryptoService: MockProxy<CryptoService>;
|
||||||
let mockEncryptService: MockProxy<EncryptService>;
|
let mockEncryptService: MockProxy<EncryptService>;
|
||||||
let mockStateService: MockProxy<StateService>;
|
|
||||||
let mockConfigService: MockProxy<ConfigService>;
|
let mockConfigService: MockProxy<ConfigService>;
|
||||||
let mockKdfConfigService: MockProxy<KdfConfigService>;
|
let mockKdfConfigService: MockProxy<KdfConfigService>;
|
||||||
let mockSyncService: MockProxy<SyncService>;
|
let mockSyncService: MockProxy<SyncService>;
|
||||||
let mockWebauthnLoginAdminService: MockProxy<WebauthnLoginAdminService>;
|
let mockWebauthnLoginAdminService: MockProxy<WebauthnLoginAdminService>;
|
||||||
|
|
||||||
const mockUserId = Utils.newGuid() as UserId;
|
|
||||||
const mockAccountService: FakeAccountService = mockAccountServiceWith(mockUserId);
|
|
||||||
let mockMasterPasswordService: FakeMasterPasswordService = new FakeMasterPasswordService();
|
let mockMasterPasswordService: FakeMasterPasswordService = new FakeMasterPasswordService();
|
||||||
|
|
||||||
|
const mockUser = {
|
||||||
|
id: "mockUserId" as UserId,
|
||||||
|
email: "mockEmail",
|
||||||
|
emailVerified: true,
|
||||||
|
name: "mockName",
|
||||||
|
};
|
||||||
|
|
||||||
beforeAll(() => {
|
beforeAll(() => {
|
||||||
mockMasterPasswordService = new FakeMasterPasswordService();
|
mockMasterPasswordService = new FakeMasterPasswordService();
|
||||||
mockApiService = mock<UserKeyRotationApiService>();
|
mockApiService = mock<UserKeyRotationApiService>();
|
||||||
@ -69,7 +65,6 @@ describe("KeyRotationService", () => {
|
|||||||
mockDeviceTrustService = mock<DeviceTrustServiceAbstraction>();
|
mockDeviceTrustService = mock<DeviceTrustServiceAbstraction>();
|
||||||
mockCryptoService = mock<CryptoService>();
|
mockCryptoService = mock<CryptoService>();
|
||||||
mockEncryptService = mock<EncryptService>();
|
mockEncryptService = mock<EncryptService>();
|
||||||
mockStateService = mock<StateService>();
|
|
||||||
mockConfigService = mock<ConfigService>();
|
mockConfigService = mock<ConfigService>();
|
||||||
mockKdfConfigService = mock<KdfConfigService>();
|
mockKdfConfigService = mock<KdfConfigService>();
|
||||||
mockSyncService = mock<SyncService>();
|
mockSyncService = mock<SyncService>();
|
||||||
@ -86,8 +81,6 @@ describe("KeyRotationService", () => {
|
|||||||
mockDeviceTrustService,
|
mockDeviceTrustService,
|
||||||
mockCryptoService,
|
mockCryptoService,
|
||||||
mockEncryptService,
|
mockEncryptService,
|
||||||
mockStateService,
|
|
||||||
mockAccountService,
|
|
||||||
mockKdfConfigService,
|
mockKdfConfigService,
|
||||||
mockSyncService,
|
mockSyncService,
|
||||||
mockWebauthnLoginAdminService,
|
mockWebauthnLoginAdminService,
|
||||||
@ -98,91 +91,82 @@ describe("KeyRotationService", () => {
|
|||||||
jest.clearAllMocks();
|
jest.clearAllMocks();
|
||||||
});
|
});
|
||||||
|
|
||||||
it("instantiates", () => {
|
|
||||||
expect(keyRotationService).not.toBeFalsy();
|
|
||||||
});
|
|
||||||
|
|
||||||
describe("rotateUserKeyAndEncryptedData", () => {
|
describe("rotateUserKeyAndEncryptedData", () => {
|
||||||
let folderViews: BehaviorSubject<FolderView[]>;
|
let privateKey: BehaviorSubject<UserPrivateKey>;
|
||||||
let sends: BehaviorSubject<Send[]>;
|
|
||||||
|
|
||||||
beforeAll(() => {
|
beforeEach(() => {
|
||||||
mockCryptoService.makeMasterKey.mockResolvedValue("mockMasterKey" as any);
|
mockCryptoService.makeMasterKey.mockResolvedValue("mockMasterKey" as any);
|
||||||
mockCryptoService.makeUserKey.mockResolvedValue([
|
mockCryptoService.makeUserKey.mockResolvedValue([
|
||||||
new SymmetricCryptoKey(new Uint8Array(64)) as UserKey,
|
new SymmetricCryptoKey(new Uint8Array(64)) as UserKey,
|
||||||
{
|
{
|
||||||
encryptedString: "mockEncryptedUserKey",
|
encryptedString: "mockNewUserKey",
|
||||||
} as any,
|
} as any,
|
||||||
]);
|
]);
|
||||||
mockCryptoService.hashMasterKey.mockResolvedValue("mockMasterPasswordHash");
|
mockCryptoService.hashMasterKey.mockResolvedValue("mockMasterPasswordHash");
|
||||||
mockConfigService.getFeatureFlag.mockResolvedValue(true);
|
mockConfigService.getFeatureFlag.mockResolvedValue(true);
|
||||||
|
|
||||||
// Mock private key
|
|
||||||
mockCryptoService.getPrivateKey.mockResolvedValue("MockPrivateKey" as any);
|
|
||||||
mockCryptoService.userKey$.mockReturnValue(
|
|
||||||
of(new SymmetricCryptoKey(new Uint8Array(64)) as UserKey),
|
|
||||||
);
|
|
||||||
|
|
||||||
// Mock ciphers
|
|
||||||
const mockCiphers = [createMockCipher("1", "Cipher 1"), createMockCipher("2", "Cipher 2")];
|
|
||||||
mockCipherService.getAllDecrypted.mockResolvedValue(mockCiphers);
|
|
||||||
|
|
||||||
// Mock folders
|
|
||||||
const mockFolders = [createMockFolder("1", "Folder 1"), createMockFolder("2", "Folder 2")];
|
|
||||||
folderViews = new BehaviorSubject<FolderView[]>(mockFolders);
|
|
||||||
mockFolderService.folderViews$ = folderViews;
|
|
||||||
|
|
||||||
// Mock sends
|
|
||||||
const mockSends = [createMockSend("1", "Send 1"), createMockSend("2", "Send 2")];
|
|
||||||
sends = new BehaviorSubject<Send[]>(mockSends);
|
|
||||||
mockSendService.sends$ = sends;
|
|
||||||
|
|
||||||
mockWebauthnLoginAdminService.rotateWebAuthnKeys.mockResolvedValue([]);
|
|
||||||
|
|
||||||
// Mock encryption methods
|
|
||||||
mockEncryptService.encrypt.mockResolvedValue({
|
mockEncryptService.encrypt.mockResolvedValue({
|
||||||
encryptedString: "mockEncryptedData",
|
encryptedString: "mockEncryptedData",
|
||||||
} as any);
|
} as any);
|
||||||
|
|
||||||
mockFolderService.encrypt.mockImplementation((folder, userKey) => {
|
// Mock user key
|
||||||
const encryptedFolder = new Folder();
|
mockCryptoService.userKey$.mockReturnValue(new BehaviorSubject("mockOriginalUserKey" as any));
|
||||||
encryptedFolder.id = folder.id;
|
|
||||||
encryptedFolder.name = new EncString(
|
|
||||||
EncryptionType.AesCbc256_HmacSha256_B64,
|
|
||||||
"Encrypted: " + folder.name,
|
|
||||||
);
|
|
||||||
return Promise.resolve(encryptedFolder);
|
|
||||||
});
|
|
||||||
|
|
||||||
mockCipherService.encrypt.mockImplementation((cipher, userKey) => {
|
// Mock private key
|
||||||
const encryptedCipher = new Cipher();
|
privateKey = new BehaviorSubject("mockPrivateKey" as any);
|
||||||
encryptedCipher.id = cipher.id;
|
mockCryptoService.userPrivateKeyWithLegacySupport$.mockReturnValue(privateKey);
|
||||||
encryptedCipher.name = new EncString(
|
|
||||||
EncryptionType.AesCbc256_HmacSha256_B64,
|
// Mock ciphers
|
||||||
"Encrypted: " + cipher.name,
|
const mockCiphers = [createMockCipher("1", "Cipher 1"), createMockCipher("2", "Cipher 2")];
|
||||||
);
|
mockCipherService.getRotatedData.mockResolvedValue(mockCiphers);
|
||||||
return Promise.resolve(encryptedCipher);
|
|
||||||
});
|
// Mock folders
|
||||||
|
const mockFolders = [createMockFolder("1", "Folder 1"), createMockFolder("2", "Folder 2")];
|
||||||
|
mockFolderService.getRotatedData.mockResolvedValue(mockFolders);
|
||||||
|
|
||||||
|
// Mock sends
|
||||||
|
const mockSends = [createMockSend("1", "Send 1"), createMockSend("2", "Send 2")];
|
||||||
|
mockSendService.getRotatedData.mockResolvedValue(mockSends);
|
||||||
|
|
||||||
|
// Mock emergency access
|
||||||
|
const emergencyAccess = [createMockEmergencyAccess("13")];
|
||||||
|
mockEmergencyAccessService.getRotatedData.mockResolvedValue(emergencyAccess);
|
||||||
|
|
||||||
|
// Mock reset password
|
||||||
|
const resetPassword = [createMockResetPassword("12")];
|
||||||
|
mockResetPasswordService.getRotatedData.mockResolvedValue(resetPassword);
|
||||||
|
|
||||||
|
// Mock Webauthn
|
||||||
|
const webauthn = [createMockWebauthn("13"), createMockWebauthn("14")];
|
||||||
|
mockWebauthnLoginAdminService.getRotatedData.mockResolvedValue(webauthn);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("rotates the user key and encrypted data", async () => {
|
it("rotates the user key and encrypted data", async () => {
|
||||||
await keyRotationService.rotateUserKeyAndEncryptedData("mockMasterPassword");
|
await keyRotationService.rotateUserKeyAndEncryptedData("mockMasterPassword", mockUser);
|
||||||
|
|
||||||
expect(mockApiService.postUserKeyUpdate).toHaveBeenCalled();
|
expect(mockApiService.postUserKeyUpdate).toHaveBeenCalled();
|
||||||
const arg = mockApiService.postUserKeyUpdate.mock.calls[0][0];
|
const arg = mockApiService.postUserKeyUpdate.mock.calls[0][0];
|
||||||
|
expect(arg.key).toBe("mockNewUserKey");
|
||||||
|
expect(arg.privateKey).toBe("mockEncryptedData");
|
||||||
expect(arg.ciphers.length).toBe(2);
|
expect(arg.ciphers.length).toBe(2);
|
||||||
expect(arg.folders.length).toBe(2);
|
expect(arg.folders.length).toBe(2);
|
||||||
|
expect(arg.sends.length).toBe(2);
|
||||||
|
expect(arg.emergencyAccessKeys.length).toBe(1);
|
||||||
|
expect(arg.resetPasswordKeys.length).toBe(1);
|
||||||
|
expect(arg.webauthnKeys.length).toBe(2);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("throws if master password provided is falsey", async () => {
|
it("throws if master password provided is falsey", async () => {
|
||||||
await expect(keyRotationService.rotateUserKeyAndEncryptedData("")).rejects.toThrow();
|
await expect(
|
||||||
|
keyRotationService.rotateUserKeyAndEncryptedData("", mockUser),
|
||||||
|
).rejects.toThrow();
|
||||||
});
|
});
|
||||||
|
|
||||||
it("throws if master key creation fails", async () => {
|
it("throws if master key creation fails", async () => {
|
||||||
mockCryptoService.makeMasterKey.mockResolvedValueOnce(null);
|
mockCryptoService.makeMasterKey.mockResolvedValueOnce(null);
|
||||||
|
|
||||||
await expect(
|
await expect(
|
||||||
keyRotationService.rotateUserKeyAndEncryptedData("mockMasterPassword"),
|
keyRotationService.rotateUserKeyAndEncryptedData("mockMasterPassword", mockUser),
|
||||||
).rejects.toThrow();
|
).rejects.toThrow();
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -190,16 +174,24 @@ describe("KeyRotationService", () => {
|
|||||||
mockCryptoService.makeUserKey.mockResolvedValueOnce([null, null]);
|
mockCryptoService.makeUserKey.mockResolvedValueOnce([null, null]);
|
||||||
|
|
||||||
await expect(
|
await expect(
|
||||||
keyRotationService.rotateUserKeyAndEncryptedData("mockMasterPassword"),
|
keyRotationService.rotateUserKeyAndEncryptedData("mockMasterPassword", mockUser),
|
||||||
|
).rejects.toThrow();
|
||||||
|
});
|
||||||
|
|
||||||
|
it("throws if no private key is found", async () => {
|
||||||
|
privateKey.next(null);
|
||||||
|
|
||||||
|
await expect(
|
||||||
|
keyRotationService.rotateUserKeyAndEncryptedData("mockMasterPassword", mockUser),
|
||||||
).rejects.toThrow();
|
).rejects.toThrow();
|
||||||
});
|
});
|
||||||
|
|
||||||
it("saves the master key in state after creation", async () => {
|
it("saves the master key in state after creation", async () => {
|
||||||
await keyRotationService.rotateUserKeyAndEncryptedData("mockMasterPassword");
|
await keyRotationService.rotateUserKeyAndEncryptedData("mockMasterPassword", mockUser);
|
||||||
|
|
||||||
expect(mockMasterPasswordService.mock.setMasterKey).toHaveBeenCalledWith(
|
expect(mockMasterPasswordService.mock.setMasterKey).toHaveBeenCalledWith(
|
||||||
"mockMasterKey" as any,
|
"mockMasterKey" as any,
|
||||||
mockUserId,
|
mockUser.id,
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -207,30 +199,51 @@ describe("KeyRotationService", () => {
|
|||||||
mockApiService.postUserKeyUpdate.mockRejectedValueOnce(new Error("mockError"));
|
mockApiService.postUserKeyUpdate.mockRejectedValueOnce(new Error("mockError"));
|
||||||
|
|
||||||
await expect(
|
await expect(
|
||||||
keyRotationService.rotateUserKeyAndEncryptedData("mockMasterPassword"),
|
keyRotationService.rotateUserKeyAndEncryptedData("mockMasterPassword", mockUser),
|
||||||
).rejects.toThrow();
|
).rejects.toThrow();
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
function createMockFolder(id: string, name: string): FolderView {
|
function createMockFolder(id: string, name: string): FolderWithIdRequest {
|
||||||
const folder = new FolderView();
|
return {
|
||||||
folder.id = id;
|
id: id,
|
||||||
folder.name = name;
|
name: name,
|
||||||
return folder;
|
} as FolderWithIdRequest;
|
||||||
}
|
}
|
||||||
|
|
||||||
function createMockCipher(id: string, name: string): CipherView {
|
function createMockCipher(id: string, name: string): CipherWithIdRequest {
|
||||||
const cipher = new CipherView();
|
return {
|
||||||
cipher.id = id;
|
id: id,
|
||||||
cipher.name = name;
|
name: name,
|
||||||
cipher.type = CipherType.Login;
|
type: CipherType.Login,
|
||||||
return cipher;
|
} as CipherWithIdRequest;
|
||||||
}
|
}
|
||||||
|
|
||||||
function createMockSend(id: string, name: string): Send {
|
function createMockSend(id: string, name: string): SendWithIdRequest {
|
||||||
const send = new Send();
|
return {
|
||||||
send.id = id;
|
id: id,
|
||||||
send.name = new EncString(EncryptionType.AesCbc256_HmacSha256_B64, name);
|
name: name,
|
||||||
return send;
|
} as SendWithIdRequest;
|
||||||
|
}
|
||||||
|
|
||||||
|
function createMockEmergencyAccess(id: string): EmergencyAccessWithIdRequest {
|
||||||
|
return {
|
||||||
|
id: id,
|
||||||
|
type: 0,
|
||||||
|
waitTimeDays: 5,
|
||||||
|
} as EmergencyAccessWithIdRequest;
|
||||||
|
}
|
||||||
|
|
||||||
|
function createMockResetPassword(id: string): OrganizationUserResetPasswordWithIdRequest {
|
||||||
|
return {
|
||||||
|
organizationId: id,
|
||||||
|
resetPasswordKey: "mockResetPasswordKey",
|
||||||
|
} as OrganizationUserResetPasswordWithIdRequest;
|
||||||
|
}
|
||||||
|
|
||||||
|
function createMockWebauthn(id: string): any {
|
||||||
|
return {
|
||||||
|
id: id,
|
||||||
|
} as WebauthnRotateCredentialRequest;
|
||||||
}
|
}
|
||||||
|
@ -1,21 +1,19 @@
|
|||||||
import { Injectable } from "@angular/core";
|
import { Injectable } from "@angular/core";
|
||||||
import { firstValueFrom, map } from "rxjs";
|
import { firstValueFrom } from "rxjs";
|
||||||
|
|
||||||
import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
|
import { AccountInfo } from "@bitwarden/common/auth/abstractions/account.service";
|
||||||
import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
|
import { DeviceTrustServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust.service.abstraction";
|
||||||
import { KdfConfigService } from "@bitwarden/common/auth/abstractions/kdf-config.service";
|
import { KdfConfigService } from "@bitwarden/common/auth/abstractions/kdf-config.service";
|
||||||
import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
|
import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
|
||||||
import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
|
import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
|
||||||
import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
|
import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
|
||||||
import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
|
|
||||||
import { EncryptedString } from "@bitwarden/common/platform/models/domain/enc-string";
|
import { EncryptedString } from "@bitwarden/common/platform/models/domain/enc-string";
|
||||||
import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
|
import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
|
||||||
|
import { UserId } from "@bitwarden/common/types/guid";
|
||||||
import { UserKey } from "@bitwarden/common/types/key";
|
import { UserKey } from "@bitwarden/common/types/key";
|
||||||
import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
|
import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
|
||||||
import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
|
import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
|
||||||
import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
|
import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
|
||||||
import { CipherWithIdRequest } from "@bitwarden/common/vault/models/request/cipher-with-id.request";
|
|
||||||
import { FolderWithIdRequest } from "@bitwarden/common/vault/models/request/folder-with-id.request";
|
|
||||||
|
|
||||||
import { OrganizationUserResetPasswordService } from "../../admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service";
|
import { OrganizationUserResetPasswordService } from "../../admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service";
|
||||||
import { WebauthnLoginAdminService } from "../core";
|
import { WebauthnLoginAdminService } from "../core";
|
||||||
@ -37,8 +35,6 @@ export class UserKeyRotationService {
|
|||||||
private deviceTrustService: DeviceTrustServiceAbstraction,
|
private deviceTrustService: DeviceTrustServiceAbstraction,
|
||||||
private cryptoService: CryptoService,
|
private cryptoService: CryptoService,
|
||||||
private encryptService: EncryptService,
|
private encryptService: EncryptService,
|
||||||
private stateService: StateService,
|
|
||||||
private accountService: AccountService,
|
|
||||||
private kdfConfigService: KdfConfigService,
|
private kdfConfigService: KdfConfigService,
|
||||||
private syncService: SyncService,
|
private syncService: SyncService,
|
||||||
private webauthnLoginAdminService: WebauthnLoginAdminService,
|
private webauthnLoginAdminService: WebauthnLoginAdminService,
|
||||||
@ -48,7 +44,10 @@ export class UserKeyRotationService {
|
|||||||
* Creates a new user key and re-encrypts all required data with the it.
|
* Creates a new user key and re-encrypts all required data with the it.
|
||||||
* @param masterPassword current master password (used for validation)
|
* @param masterPassword current master password (used for validation)
|
||||||
*/
|
*/
|
||||||
async rotateUserKeyAndEncryptedData(masterPassword: string): Promise<void> {
|
async rotateUserKeyAndEncryptedData(
|
||||||
|
masterPassword: string,
|
||||||
|
user: { id: UserId } & AccountInfo,
|
||||||
|
): Promise<void> {
|
||||||
if (!masterPassword) {
|
if (!masterPassword) {
|
||||||
throw new Error("Invalid master password");
|
throw new Error("Invalid master password");
|
||||||
}
|
}
|
||||||
@ -62,7 +61,7 @@ export class UserKeyRotationService {
|
|||||||
// Create master key to validate the master password
|
// Create master key to validate the master password
|
||||||
const masterKey = await this.cryptoService.makeMasterKey(
|
const masterKey = await this.cryptoService.makeMasterKey(
|
||||||
masterPassword,
|
masterPassword,
|
||||||
await firstValueFrom(this.accountService.activeAccount$.pipe(map((a) => a?.email))),
|
user.email,
|
||||||
await this.kdfConfigService.getKdfConfig(),
|
await this.kdfConfigService.getKdfConfig(),
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -71,9 +70,7 @@ export class UserKeyRotationService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Set master key again in case it was lost (could be lost on refresh)
|
// Set master key again in case it was lost (could be lost on refresh)
|
||||||
const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
|
await this.masterPasswordService.setMasterKey(masterKey, user.id);
|
||||||
const oldUserKey = await firstValueFrom(this.cryptoService.userKey$(userId));
|
|
||||||
await this.masterPasswordService.setMasterKey(masterKey, userId);
|
|
||||||
const [newUserKey, newEncUserKey] = await this.cryptoService.makeUserKey(masterKey);
|
const [newUserKey, newEncUserKey] = await this.cryptoService.makeUserKey(masterKey);
|
||||||
|
|
||||||
if (!newUserKey || !newEncUserKey) {
|
if (!newUserKey || !newEncUserKey) {
|
||||||
@ -90,61 +87,86 @@ export class UserKeyRotationService {
|
|||||||
const masterPasswordHash = await this.cryptoService.hashMasterKey(masterPassword, masterKey);
|
const masterPasswordHash = await this.cryptoService.hashMasterKey(masterPassword, masterKey);
|
||||||
request.masterPasswordHash = masterPasswordHash;
|
request.masterPasswordHash = masterPasswordHash;
|
||||||
|
|
||||||
|
// Get original user key
|
||||||
|
// Note: We distribute the legacy key, but not all domains actually use it. If any of those
|
||||||
|
// domains break their legacy support it will break the migration process for legacy users.
|
||||||
|
const originalUserKey = await this.cryptoService.getUserKeyWithLegacySupport(user.id);
|
||||||
|
|
||||||
// Add re-encrypted data
|
// Add re-encrypted data
|
||||||
request.privateKey = await this.encryptPrivateKey(newUserKey);
|
request.privateKey = await this.encryptPrivateKey(newUserKey, user.id);
|
||||||
request.ciphers = await this.encryptCiphers(newUserKey);
|
|
||||||
request.folders = await this.encryptFolders(newUserKey);
|
const rotatedCiphers = await this.cipherService.getRotatedData(
|
||||||
request.sends = await this.sendService.getRotatedKeys(newUserKey);
|
originalUserKey,
|
||||||
request.emergencyAccessKeys = await this.emergencyAccessService.getRotatedKeys(newUserKey);
|
|
||||||
request.resetPasswordKeys = await this.resetPasswordService.getRotatedKeys(newUserKey);
|
|
||||||
request.webauthnKeys = await this.webauthnLoginAdminService.rotateWebAuthnKeys(
|
|
||||||
oldUserKey,
|
|
||||||
newUserKey,
|
newUserKey,
|
||||||
|
user.id,
|
||||||
);
|
);
|
||||||
|
if (rotatedCiphers != null) {
|
||||||
|
request.ciphers = rotatedCiphers;
|
||||||
|
}
|
||||||
|
|
||||||
|
const rotatedFolders = await this.folderService.getRotatedData(
|
||||||
|
originalUserKey,
|
||||||
|
newUserKey,
|
||||||
|
user.id,
|
||||||
|
);
|
||||||
|
if (rotatedFolders != null) {
|
||||||
|
request.folders = rotatedFolders;
|
||||||
|
}
|
||||||
|
|
||||||
|
const rotatedSends = await this.sendService.getRotatedData(
|
||||||
|
originalUserKey,
|
||||||
|
newUserKey,
|
||||||
|
user.id,
|
||||||
|
);
|
||||||
|
if (rotatedSends != null) {
|
||||||
|
request.sends = rotatedSends;
|
||||||
|
}
|
||||||
|
|
||||||
|
const rotatedEmergencyAccessKeys = await this.emergencyAccessService.getRotatedData(
|
||||||
|
originalUserKey,
|
||||||
|
newUserKey,
|
||||||
|
user.id,
|
||||||
|
);
|
||||||
|
if (rotatedEmergencyAccessKeys != null) {
|
||||||
|
request.emergencyAccessKeys = rotatedEmergencyAccessKeys;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Note: Reset password keys request model has user verification
|
||||||
|
// properties, but the rotation endpoint uses its own MP hash.
|
||||||
|
const rotatedResetPasswordKeys = await this.resetPasswordService.getRotatedData(
|
||||||
|
originalUserKey,
|
||||||
|
newUserKey,
|
||||||
|
user.id,
|
||||||
|
);
|
||||||
|
if (rotatedResetPasswordKeys != null) {
|
||||||
|
request.resetPasswordKeys = rotatedResetPasswordKeys;
|
||||||
|
}
|
||||||
|
|
||||||
|
const rotatedWebauthnKeys = await this.webauthnLoginAdminService.getRotatedData(
|
||||||
|
originalUserKey,
|
||||||
|
newUserKey,
|
||||||
|
user.id,
|
||||||
|
);
|
||||||
|
if (rotatedWebauthnKeys != null) {
|
||||||
|
request.webauthnKeys = rotatedWebauthnKeys;
|
||||||
|
}
|
||||||
|
|
||||||
await this.apiService.postUserKeyUpdate(request);
|
await this.apiService.postUserKeyUpdate(request);
|
||||||
|
|
||||||
const activeAccount = await firstValueFrom(this.accountService.activeAccount$);
|
// TODO PM-2199: Add device trust rotation support to the user key rotation endpoint
|
||||||
await this.deviceTrustService.rotateDevicesTrust(
|
await this.deviceTrustService.rotateDevicesTrust(user.id, newUserKey, masterPasswordHash);
|
||||||
activeAccount.id,
|
|
||||||
newUserKey,
|
|
||||||
masterPasswordHash,
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private async encryptPrivateKey(newUserKey: UserKey): Promise<EncryptedString | null> {
|
private async encryptPrivateKey(
|
||||||
const privateKey = await this.cryptoService.getPrivateKey();
|
newUserKey: UserKey,
|
||||||
|
userId: UserId,
|
||||||
|
): Promise<EncryptedString | null> {
|
||||||
|
const privateKey = await firstValueFrom(
|
||||||
|
this.cryptoService.userPrivateKeyWithLegacySupport$(userId),
|
||||||
|
);
|
||||||
if (!privateKey) {
|
if (!privateKey) {
|
||||||
return;
|
throw new Error("No private key found for user key rotation");
|
||||||
}
|
}
|
||||||
return (await this.encryptService.encrypt(privateKey, newUserKey)).encryptedString;
|
return (await this.encryptService.encrypt(privateKey, newUserKey)).encryptedString;
|
||||||
}
|
}
|
||||||
|
|
||||||
private async encryptCiphers(newUserKey: UserKey): Promise<CipherWithIdRequest[]> {
|
|
||||||
const ciphers = await this.cipherService.getAllDecrypted();
|
|
||||||
if (!ciphers) {
|
|
||||||
// Must return an empty array for backwards compatibility
|
|
||||||
return [];
|
|
||||||
}
|
|
||||||
return await Promise.all(
|
|
||||||
ciphers.map(async (cipher) => {
|
|
||||||
const encryptedCipher = await this.cipherService.encrypt(cipher, newUserKey);
|
|
||||||
return new CipherWithIdRequest(encryptedCipher);
|
|
||||||
}),
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
private async encryptFolders(newUserKey: UserKey): Promise<FolderWithIdRequest[]> {
|
|
||||||
const folders = await firstValueFrom(this.folderService.folderViews$);
|
|
||||||
if (!folders) {
|
|
||||||
// Must return an empty array for backwards compatibility
|
|
||||||
return [];
|
|
||||||
}
|
|
||||||
return await Promise.all(
|
|
||||||
folders.map(async (folder) => {
|
|
||||||
const encryptedFolder = await this.folderService.encrypt(folder, newUserKey);
|
|
||||||
return new FolderWithIdRequest(encryptedFolder);
|
|
||||||
}),
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
import { Component } from "@angular/core";
|
import { Component } from "@angular/core";
|
||||||
import { FormControl, FormGroup, Validators } from "@angular/forms";
|
import { FormControl, FormGroup, Validators } from "@angular/forms";
|
||||||
|
import { firstValueFrom } from "rxjs";
|
||||||
|
|
||||||
|
import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
|
||||||
import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
|
import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
|
||||||
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
|
import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
|
||||||
import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
|
import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
|
||||||
@ -25,6 +27,7 @@ export class MigrateFromLegacyEncryptionComponent {
|
|||||||
});
|
});
|
||||||
|
|
||||||
constructor(
|
constructor(
|
||||||
|
private accountService: AccountService,
|
||||||
private keyRotationService: UserKeyRotationService,
|
private keyRotationService: UserKeyRotationService,
|
||||||
private i18nService: I18nService,
|
private i18nService: I18nService,
|
||||||
private platformUtilsService: PlatformUtilsService,
|
private platformUtilsService: PlatformUtilsService,
|
||||||
@ -41,7 +44,9 @@ export class MigrateFromLegacyEncryptionComponent {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const hasUserKey = await this.cryptoService.hasUserKey();
|
const activeUser = await firstValueFrom(this.accountService.activeAccount$);
|
||||||
|
|
||||||
|
const hasUserKey = await this.cryptoService.hasUserKey(activeUser.id);
|
||||||
if (hasUserKey) {
|
if (hasUserKey) {
|
||||||
this.messagingService.send("logout");
|
this.messagingService.send("logout");
|
||||||
throw new Error("User key already exists, cannot migrate legacy encryption.");
|
throw new Error("User key already exists, cannot migrate legacy encryption.");
|
||||||
@ -52,7 +57,7 @@ export class MigrateFromLegacyEncryptionComponent {
|
|||||||
try {
|
try {
|
||||||
await this.syncService.fullSync(false, true);
|
await this.syncService.fullSync(false, true);
|
||||||
|
|
||||||
await this.keyRotationService.rotateUserKeyAndEncryptedData(masterPassword);
|
await this.keyRotationService.rotateUserKeyAndEncryptedData(masterPassword, activeUser);
|
||||||
|
|
||||||
this.platformUtilsService.showToast(
|
this.platformUtilsService.showToast(
|
||||||
"success",
|
"success",
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
bitButton
|
bitButton
|
||||||
type="button"
|
type="button"
|
||||||
buttonType="primary"
|
buttonType="primary"
|
||||||
class="tw-w-full"
|
class="tw-w-full tw-mb-2"
|
||||||
[bitAction]="convert"
|
[bitAction]="convert"
|
||||||
[block]="true"
|
[block]="true"
|
||||||
>
|
>
|
||||||
|
@ -4,9 +4,6 @@
|
|||||||
<i class="bwi bwi-spinner bwi-spin" title="{{ 'loading' | i18n }}" aria-hidden="true"></i>
|
<i class="bwi bwi-spinner bwi-spin" title="{{ 'loading' | i18n }}" aria-hidden="true"></i>
|
||||||
{{ "loading" | i18n }}
|
{{ "loading" | i18n }}
|
||||||
</div>
|
</div>
|
||||||
<app-callout type="error" *ngIf="error">
|
|
||||||
{{ error }}
|
|
||||||
</app-callout>
|
|
||||||
<p class="tw-text-lg">{{ "pickAnAvatarColor" | i18n }}</p>
|
<p class="tw-text-lg">{{ "pickAnAvatarColor" | i18n }}</p>
|
||||||
<div class="tw-flex tw-flex-wrap tw-justify-center tw-gap-8">
|
<div class="tw-flex tw-flex-wrap tw-justify-center tw-gap-8">
|
||||||
<ng-container *ngFor="let c of defaultColorPalette">
|
<ng-container *ngFor="let c of defaultColorPalette">
|
||||||
|
@ -31,7 +31,6 @@ export class ChangeAvatarDialogComponent implements OnInit, OnDestroy {
|
|||||||
@ViewChild("colorPicker") colorPickerElement: ElementRef<HTMLElement>;
|
@ViewChild("colorPicker") colorPickerElement: ElementRef<HTMLElement>;
|
||||||
|
|
||||||
loading = false;
|
loading = false;
|
||||||
error: string;
|
|
||||||
defaultColorPalette: NamedAvatarColor[] = [
|
defaultColorPalette: NamedAvatarColor[] = [
|
||||||
{ name: "brightBlue", color: "#16cbfc" },
|
{ name: "brightBlue", color: "#16cbfc" },
|
||||||
{ name: "green", color: "#94cc4b" },
|
{ name: "green", color: "#94cc4b" },
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
<form [formGroup]="formGroup" [bitSubmit]="submit">
|
<form [formGroup]="formGroup" [bitSubmit]="submit">
|
||||||
<app-callout type="warning" *ngIf="showTwoFactorEmailWarning">
|
<bit-callout type="warning" *ngIf="showTwoFactorEmailWarning">
|
||||||
{{ "changeEmailTwoFactorWarning" | i18n }}
|
{{ "changeEmailTwoFactorWarning" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
|
|
||||||
<div class="tw-w-1/2 tw-pr-2" formGroupName="step1">
|
<div class="tw-w-1/2 tw-pr-2" formGroupName="step1">
|
||||||
<bit-form-field>
|
<bit-form-field>
|
||||||
@ -29,7 +29,7 @@
|
|||||||
<ng-container *ngIf="tokenSent">
|
<ng-container *ngIf="tokenSent">
|
||||||
<hr />
|
<hr />
|
||||||
<p>{{ "changeEmailDesc" | i18n: formGroup.controls.step1.value.newEmail }}</p>
|
<p>{{ "changeEmailDesc" | i18n: formGroup.controls.step1.value.newEmail }}</p>
|
||||||
<app-callout type="warning">{{ "loggedOutWarning" | i18n }}</app-callout>
|
<bit-callout type="warning">{{ "loggedOutWarning" | i18n }}</bit-callout>
|
||||||
|
|
||||||
<div class="tw-w-1/2 tw-pr-2">
|
<div class="tw-w-1/2 tw-pr-2">
|
||||||
<bit-form-field>
|
<bit-form-field>
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
</div>
|
</div>
|
||||||
<div class="modal-body">
|
<div class="modal-body">
|
||||||
<p>{{ "deauthorizeSessionsDesc" | i18n }}</p>
|
<p>{{ "deauthorizeSessionsDesc" | i18n }}</p>
|
||||||
<app-callout type="warning">{{ "deauthorizeSessionsWarning" | i18n }}</app-callout>
|
<bit-callout type="warning">{{ "deauthorizeSessionsWarning" | i18n }}</bit-callout>
|
||||||
<app-user-verification [(ngModel)]="masterPassword" ngDefaultControl name="secret">
|
<app-user-verification [(ngModel)]="masterPassword" ngDefaultControl name="secret">
|
||||||
</app-user-verification>
|
</app-user-verification>
|
||||||
</div>
|
</div>
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
<bit-dialog dialogSize="default" [title]="'deleteAccount' | i18n">
|
<bit-dialog dialogSize="default" [title]="'deleteAccount' | i18n">
|
||||||
<ng-container bitDialogContent>
|
<ng-container bitDialogContent>
|
||||||
<p bitTypography="body1">{{ "deleteAccountDesc" | i18n }}</p>
|
<p bitTypography="body1">{{ "deleteAccountDesc" | i18n }}</p>
|
||||||
<app-callout type="warning">{{ "deleteAccountWarning" | i18n }}</app-callout>
|
<bit-callout type="warning">{{ "deleteAccountWarning" | i18n }}</bit-callout>
|
||||||
<app-user-verification-form-input
|
<app-user-verification-form-input
|
||||||
formControlName="verification"
|
formControlName="verification"
|
||||||
name="verification"
|
name="verification"
|
||||||
|
@ -220,6 +220,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private async updateKey() {
|
private async updateKey() {
|
||||||
await this.keyRotationService.rotateUserKeyAndEncryptedData(this.masterPassword);
|
const user = await firstValueFrom(this.accountService.activeAccount$);
|
||||||
|
await this.keyRotationService.rotateUserKeyAndEncryptedData(this.masterPassword, user);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
<small class="tw-text-muted" *ngIf="params.name">{{ params.name }}</small>
|
<small class="tw-text-muted" *ngIf="params.name">{{ params.name }}</small>
|
||||||
</span>
|
</span>
|
||||||
<div bitDialogContent>
|
<div bitDialogContent>
|
||||||
<app-callout type="warning">{{ "loggedOutWarning" | i18n }}</app-callout>
|
<bit-callout type="warning">{{ "loggedOutWarning" | i18n }}</bit-callout>
|
||||||
<auth-password-callout [policy]="enforcedPolicyOptions" *ngIf="enforcedPolicyOptions">
|
<auth-password-callout [policy]="enforcedPolicyOptions" *ngIf="enforcedPolicyOptions">
|
||||||
</auth-password-callout>
|
</auth-password-callout>
|
||||||
<div class="tw-w-full tw-flex tw-gap-4">
|
<div class="tw-w-full tw-flex tw-gap-4">
|
||||||
|
@ -5,11 +5,11 @@
|
|||||||
<p bitTypography="body1">{{ data.apiKeyDescription | i18n }}</p>
|
<p bitTypography="body1">{{ data.apiKeyDescription | i18n }}</p>
|
||||||
<app-user-verification-form-input formControlName="masterPassword" *ngIf="!clientSecret">
|
<app-user-verification-form-input formControlName="masterPassword" *ngIf="!clientSecret">
|
||||||
</app-user-verification-form-input>
|
</app-user-verification-form-input>
|
||||||
<app-callout type="warning" *ngIf="clientSecret">{{ data.apiKeyWarning | i18n }}</app-callout>
|
<bit-callout type="warning" *ngIf="clientSecret">{{ data.apiKeyWarning | i18n }}</bit-callout>
|
||||||
<app-callout
|
<bit-callout
|
||||||
type="info"
|
type="info"
|
||||||
title="{{ 'oauth2ClientCredentials' | i18n }}"
|
title="{{ 'oauth2ClientCredentials' | i18n }}"
|
||||||
icon="bwi bwi-key"
|
icon="bwi-key"
|
||||||
*ngIf="clientSecret"
|
*ngIf="clientSecret"
|
||||||
>
|
>
|
||||||
<p bitTypography="body1" class="tw-mb-1">
|
<p bitTypography="body1" class="tw-mb-1">
|
||||||
@ -28,7 +28,7 @@
|
|||||||
<strong>grant_type:</strong><br />
|
<strong>grant_type:</strong><br />
|
||||||
<code>{{ data.grantType }}</code>
|
<code>{{ data.grantType }}</code>
|
||||||
</p>
|
</p>
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
</div>
|
</div>
|
||||||
<div bitDialogFooter>
|
<div bitDialogFooter>
|
||||||
<button type="submit" buttonType="primary" *ngIf="!clientSecret" bitButton bitFormButton>
|
<button type="submit" buttonType="primary" *ngIf="!clientSecret" bitButton bitFormButton>
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
<form *ngIf="authed" [formGroup]="formGroup" [bitSubmit]="submit">
|
<form *ngIf="authed" [formGroup]="formGroup" [bitSubmit]="submit">
|
||||||
<bit-dialog dialogSize="default">
|
<bit-dialog dialogSize="default">
|
||||||
<span bitDialogTitle
|
<span bitDialogTitle>
|
||||||
>{{ "twoStepLogin" | i18n }}
|
{{ "twoStepLogin" | i18n }}
|
||||||
<span bitTypography="body1">{{ "authenticatorAppTitle" | i18n }}</span>
|
<span bitTypography="body1">{{ "authenticatorAppTitle" | i18n }}</span>
|
||||||
</span>
|
</span>
|
||||||
<ng-container bitDialogContent>
|
<ng-container bitDialogContent>
|
||||||
@ -13,10 +13,10 @@
|
|||||||
</p>
|
</p>
|
||||||
</ng-container>
|
</ng-container>
|
||||||
<ng-container *ngIf="enabled">
|
<ng-container *ngIf="enabled">
|
||||||
<app-callout type="success" title="{{ 'enabled' | i18n }}" icon="bwi bwi-check-circle">
|
<bit-callout type="success" title="{{ 'enabled' | i18n }}" icon="bwi-check-circle">
|
||||||
<p bitTypography="body1">{{ "twoStepLoginProviderEnabled" | i18n }}</p>
|
<p bitTypography="body1">{{ "twoStepLoginProviderEnabled" | i18n }}</p>
|
||||||
{{ "twoStepAuthenticatorReaddDesc" | i18n }}
|
{{ "twoStepAuthenticatorReaddDesc" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
<img class="float-right mfaType0" alt="Authenticator app logo" />
|
<img class="float-right mfaType0" alt="Authenticator app logo" />
|
||||||
<p bitTypography="body1">{{ "twoStepAuthenticatorNeedApp" | i18n }}</p>
|
<p bitTypography="body1">{{ "twoStepAuthenticatorNeedApp" | i18n }}</p>
|
||||||
</ng-container>
|
</ng-container>
|
||||||
|
@ -6,9 +6,9 @@
|
|||||||
</span>
|
</span>
|
||||||
<ng-container bitDialogContent>
|
<ng-container bitDialogContent>
|
||||||
<ng-container *ngIf="enabled">
|
<ng-container *ngIf="enabled">
|
||||||
<app-callout type="success" title="{{ 'enabled' | i18n }}" icon="bwi bwi-check-circle">
|
<bit-callout type="success" title="{{ 'enabled' | i18n }}" icon="bwi-check-circle">
|
||||||
{{ "twoStepLoginProviderEnabled" | i18n }}
|
{{ "twoStepLoginProviderEnabled" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
<strong>{{ "email" | i18n }}:</strong> {{ email }}
|
<strong>{{ "email" | i18n }}:</strong> {{ email }}
|
||||||
</ng-container>
|
</ng-container>
|
||||||
<ng-container *ngIf="!enabled">
|
<ng-container *ngIf="!enabled">
|
||||||
|
@ -455,7 +455,9 @@
|
|||||||
</ng-container>
|
</ng-container>
|
||||||
</bit-section>
|
</bit-section>
|
||||||
<bit-section *ngIf="singleOrgPolicyBlock">
|
<bit-section *ngIf="singleOrgPolicyBlock">
|
||||||
<app-callout [type]="'error'">{{ "singleOrgBlockCreateMessage" | i18n }}</app-callout>
|
<bit-callout type="danger" [title]="'error' | i18n">
|
||||||
|
{{ "singleOrgBlockCreateMessage" | i18n }}
|
||||||
|
</bit-callout>
|
||||||
</bit-section>
|
</bit-section>
|
||||||
<bit-section>
|
<bit-section>
|
||||||
<button
|
<button
|
||||||
|
@ -63,9 +63,9 @@
|
|||||||
</div>
|
</div>
|
||||||
</ng-container>
|
</ng-container>
|
||||||
<ng-container *ngIf="showMethods && method === paymentMethodType.BankAccount">
|
<ng-container *ngIf="showMethods && method === paymentMethodType.BankAccount">
|
||||||
<app-callout type="warning" title="{{ 'verifyBankAccount' | i18n }}">
|
<bit-callout type="warning" title="{{ 'verifyBankAccount' | i18n }}">
|
||||||
{{ "verifyBankAccountInitialDesc" | i18n }} {{ "verifyBankAccountFailureWarning" | i18n }}
|
{{ "verifyBankAccountInitialDesc" | i18n }} {{ "verifyBankAccountFailureWarning" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
<div class="tw-grid tw-grid-cols-12 tw-gap-4" formGroupName="bank">
|
<div class="tw-grid tw-grid-cols-12 tw-gap-4" formGroupName="bank">
|
||||||
<bit-form-field class="tw-col-span-6">
|
<bit-form-field class="tw-col-span-6">
|
||||||
<bit-label>{{ "routingNumber" | i18n }}</bit-label>
|
<bit-label>{{ "routingNumber" | i18n }}</bit-label>
|
||||||
@ -106,8 +106,8 @@
|
|||||||
</div>
|
</div>
|
||||||
</ng-container>
|
</ng-container>
|
||||||
<ng-container *ngIf="showMethods && method === paymentMethodType.Credit">
|
<ng-container *ngIf="showMethods && method === paymentMethodType.Credit">
|
||||||
<app-callout type="note">
|
<bit-callout>
|
||||||
{{ "makeSureEnoughCredit" | i18n }}
|
{{ "makeSureEnoughCredit" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
</ng-container>
|
</ng-container>
|
||||||
</div>
|
</div>
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
<bit-container>
|
<bit-container>
|
||||||
<p bitTypography="body1">{{ "preferencesDesc" | i18n }}</p>
|
<p bitTypography="body1">{{ "preferencesDesc" | i18n }}</p>
|
||||||
<form [formGroup]="form" [bitSubmit]="submit" class="tw-w-1/2">
|
<form [formGroup]="form" [bitSubmit]="submit" class="tw-w-1/2">
|
||||||
<app-callout type="info" *ngIf="vaultTimeoutPolicyCallout | async as policy">
|
<bit-callout type="info" *ngIf="vaultTimeoutPolicyCallout | async as policy">
|
||||||
<span *ngIf="policy.timeout && policy.action">
|
<span *ngIf="policy.timeout && policy.action">
|
||||||
{{
|
{{
|
||||||
"vaultTimeoutPolicyWithActionInEffect"
|
"vaultTimeoutPolicyWithActionInEffect"
|
||||||
@ -16,7 +16,7 @@
|
|||||||
<span *ngIf="!policy.timeout && policy.action">
|
<span *ngIf="!policy.timeout && policy.action">
|
||||||
{{ "vaultTimeoutActionPolicyInEffect" | i18n: (policy.action | i18n) }}
|
{{ "vaultTimeoutActionPolicyInEffect" | i18n: (policy.action | i18n) }}
|
||||||
</span>
|
</span>
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
<app-vault-timeout-input
|
<app-vault-timeout-input
|
||||||
[vaultTimeoutOptions]="vaultTimeoutOptions"
|
[vaultTimeoutOptions]="vaultTimeoutOptions"
|
||||||
[formControl]="form.controls.vaultTimeout"
|
[formControl]="form.controls.vaultTimeout"
|
||||||
|
@ -20,9 +20,9 @@
|
|||||||
</button>
|
</button>
|
||||||
</div>
|
</div>
|
||||||
<div class="modal-body" *ngIf="cipher">
|
<div class="modal-body" *ngIf="cipher">
|
||||||
<app-callout type="info" *ngIf="allowOwnershipAssignment() && !allowPersonal">
|
<bit-callout type="info" *ngIf="allowOwnershipAssignment() && !allowPersonal">
|
||||||
{{ "personalOwnershipPolicyInEffect" | i18n }}
|
{{ "personalOwnershipPolicyInEffect" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
<div class="row" *ngIf="!editMode && !viewOnly">
|
<div class="row" *ngIf="!editMode && !viewOnly">
|
||||||
<div class="col-6 form-group">
|
<div class="col-6 form-group">
|
||||||
<label for="type">{{ "whatTypeOfItem" | i18n }}</label>
|
<label for="type">{{ "whatTypeOfItem" | i18n }}</label>
|
||||||
|
@ -94,6 +94,7 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
|
|||||||
async ngOnInit() {
|
async ngOnInit() {
|
||||||
await super.ngOnInit();
|
await super.ngOnInit();
|
||||||
await this.load();
|
await this.load();
|
||||||
|
this.viewOnly = !this.cipher.edit && this.editMode;
|
||||||
// remove when all the title for all clients are updated to New Item
|
// remove when all the title for all clients are updated to New Item
|
||||||
if (this.cloneMode || !this.editMode) {
|
if (this.cloneMode || !this.editMode) {
|
||||||
this.title = this.i18nService.t("newItem");
|
this.title = this.i18nService.t("newItem");
|
||||||
|
@ -33,9 +33,9 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="tw-basis-3/4 tw-max-w-3/4 tw-px-2.5">
|
<div class="tw-basis-3/4 tw-max-w-3/4 tw-px-2.5">
|
||||||
<app-callout type="warning" *ngIf="activeFilter.isDeleted" icon="bwi-exclamation-triangle">
|
<bit-callout type="warning" *ngIf="activeFilter.isDeleted">
|
||||||
{{ trashCleanupWarning }}
|
{{ trashCleanupWarning }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
<app-vault-items
|
<app-vault-items
|
||||||
[ciphers]="ciphers"
|
[ciphers]="ciphers"
|
||||||
[collections]="collections"
|
[collections]="collections"
|
||||||
|
@ -41,9 +41,9 @@
|
|||||||
{{ "addAccess" | i18n }}
|
{{ "addAccess" | i18n }}
|
||||||
</bit-toggle>
|
</bit-toggle>
|
||||||
</bit-toggle-group>
|
</bit-toggle-group>
|
||||||
<app-callout type="warning" *ngIf="activeFilter.isDeleted" icon="bwi bwi-exclamation-triangle">
|
<bit-callout type="warning" *ngIf="activeFilter.isDeleted">
|
||||||
{{ trashCleanupWarning }}
|
{{ trashCleanupWarning }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
<app-vault-items
|
<app-vault-items
|
||||||
[ciphers]="ciphers"
|
[ciphers]="ciphers"
|
||||||
[collections]="collections"
|
[collections]="collections"
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
<p bitTypography="body1">
|
<p bitTypography="body1">
|
||||||
{{ (organizationId ? "purgeOrgVaultDesc" : "purgeVaultDesc") | i18n }}
|
{{ (organizationId ? "purgeOrgVaultDesc" : "purgeVaultDesc") | i18n }}
|
||||||
</p>
|
</p>
|
||||||
<app-callout type="warning">{{ "purgeVaultWarning" | i18n }}</app-callout>
|
<bit-callout type="warning">{{ "purgeVaultWarning" | i18n }}</bit-callout>
|
||||||
<app-user-verification formControlName="masterPassword"></app-user-verification>
|
<app-user-verification formControlName="masterPassword"></app-user-verification>
|
||||||
</ng-container>
|
</ng-container>
|
||||||
<ng-container bitDialogFooter>
|
<ng-container bitDialogFooter>
|
||||||
|
@ -8429,5 +8429,23 @@
|
|||||||
},
|
},
|
||||||
"providerReinstate":{
|
"providerReinstate":{
|
||||||
"message": " Contact Customer Support to reinstate your subscription."
|
"message": " Contact Customer Support to reinstate your subscription."
|
||||||
|
},
|
||||||
|
"secretPeopleDescription": {
|
||||||
|
"message": "Grant groups or people access to this secret. Permissions set for people will override permissions set by groups."
|
||||||
|
},
|
||||||
|
"secretPeopleEmptyMessage": {
|
||||||
|
"message": "Add people or groups to share access to this secret"
|
||||||
|
},
|
||||||
|
"secretMachineAccountsDescription": {
|
||||||
|
"message": "Grant machine accounts access to this secret."
|
||||||
|
},
|
||||||
|
"secretMachineAccountsEmptyMessage": {
|
||||||
|
"message": "Add machine accounts to grant access to this secret"
|
||||||
|
},
|
||||||
|
"smAccessRemovalWarningSecretTitle": {
|
||||||
|
"message": "Remove access to this secret"
|
||||||
|
},
|
||||||
|
"smAccessRemovalSecretMessage": {
|
||||||
|
"message": "This action will remove your access to this secret."
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -14,7 +14,9 @@
|
|||||||
"@bitwarden/components": ["../../libs/components/src"],
|
"@bitwarden/components": ["../../libs/components/src"],
|
||||||
"@bitwarden/generator-components": ["../../libs/tools/generator/components/src"],
|
"@bitwarden/generator-components": ["../../libs/tools/generator/components/src"],
|
||||||
"@bitwarden/generator-core": ["../../libs/tools/generator/core/src"],
|
"@bitwarden/generator-core": ["../../libs/tools/generator/core/src"],
|
||||||
"@bitwarden/generator-extensions": ["../../libs/tools/generator/extensions/src"],
|
"@bitwarden/generator-history": ["../../libs/tools/generator/extensions/history/src"],
|
||||||
|
"@bitwarden/generator-legacy": ["../../libs/tools/generator/extensions/legacy/src"],
|
||||||
|
"@bitwarden/generator-navigation": ["../../libs/tools/generator/extensions/navigation/src"],
|
||||||
"@bitwarden/vault-export-core": [
|
"@bitwarden/vault-export-core": [
|
||||||
"../../libs/tools/export/vault-export/vault-export-core/src"
|
"../../libs/tools/export/vault-export/vault-export-core/src"
|
||||||
],
|
],
|
||||||
|
@ -13,7 +13,9 @@
|
|||||||
"@bitwarden/components": ["../../libs/components/src"],
|
"@bitwarden/components": ["../../libs/components/src"],
|
||||||
"@bitwarden/generator-components": ["../../libs/tools/generator/components/src"],
|
"@bitwarden/generator-components": ["../../libs/tools/generator/components/src"],
|
||||||
"@bitwarden/generator-core": ["../../libs/tools/generator/core/src"],
|
"@bitwarden/generator-core": ["../../libs/tools/generator/core/src"],
|
||||||
"@bitwarden/generator-extensions": ["../../libs/tools/generator/extensions/src"],
|
"@bitwarden/generator-history": ["../../libs/tools/generator/extensions/history/src"],
|
||||||
|
"@bitwarden/generator-legacy": ["../../libs/tools/generator/extensions/legacy/src"],
|
||||||
|
"@bitwarden/generator-navigation": ["../../libs/tools/generator/extensions/navigation/src"],
|
||||||
"@bitwarden/vault-export-core": [
|
"@bitwarden/vault-export-core": [
|
||||||
"../../libs/tools/export/vault-export/vault-export-core/src"
|
"../../libs/tools/export/vault-export/vault-export-core/src"
|
||||||
],
|
],
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
<app-callout type="warning">
|
<bit-callout type="warning">
|
||||||
{{ "experimentalFeature" | i18n }}
|
{{ "experimentalFeature" | i18n }}
|
||||||
<a href="https://bitwarden.com/help/auto-fill-browser/" target="_blank" rel="noreferrer">{{
|
<a href="https://bitwarden.com/help/auto-fill-browser/" target="_blank" rel="noreferrer">{{
|
||||||
"learnMoreAboutAutofill" | i18n
|
"learnMoreAboutAutofill" | i18n
|
||||||
}}</a>
|
}}</a>
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
|
|
||||||
<bit-form-control>
|
<bit-form-control>
|
||||||
<input type="checkbox" id="enabled" bitCheckbox [formControl]="enabled" />
|
<input type="checkbox" id="enabled" bitCheckbox [formControl]="enabled" />
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
<app-callout type="tip" title="{{ 'prerequisite' | i18n }}">
|
<bit-callout title="{{ 'prerequisite' | i18n }}">
|
||||||
{{ "requireSsoPolicyReq" | i18n }}
|
{{ "requireSsoPolicyReq" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
|
|
||||||
<bit-form-control>
|
<bit-form-control>
|
||||||
<input type="checkbox" id="enabled" bitCheckbox [formControl]="enabled" />
|
<input type="checkbox" id="enabled" bitCheckbox [formControl]="enabled" />
|
||||||
|
@ -106,9 +106,9 @@
|
|||||||
showKeyConnectorOptions
|
showKeyConnectorOptions
|
||||||
"
|
"
|
||||||
>
|
>
|
||||||
<app-callout type="warning" [useAlertRole]="true">
|
<bit-callout type="warning" [useAlertRole]="true">
|
||||||
{{ "keyConnectorWarning" | i18n }}
|
{{ "keyConnectorWarning" | i18n }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
|
|
||||||
<bit-form-field>
|
<bit-form-field>
|
||||||
<bit-label>{{ "keyConnectorUrl" | i18n }}</bit-label>
|
<bit-label>{{ "keyConnectorUrl" | i18n }}</bit-label>
|
||||||
|
@ -1,16 +1,17 @@
|
|||||||
<form [formGroup]="formGroup" [bitSubmit]="submit">
|
<form [formGroup]="formGroup" [bitSubmit]="submit">
|
||||||
<bit-dialog dialogSize="large">
|
<bit-dialog
|
||||||
<ng-container bitDialogTitle>{{ title | i18n }}</ng-container>
|
dialogSize="large"
|
||||||
<div bitDialogContent class="tw-relative">
|
[disablePadding]="true"
|
||||||
<div
|
[loading]="loading"
|
||||||
*ngIf="showSpinner"
|
[title]="title | i18n"
|
||||||
class="tw-absolute tw-flex tw-h-full tw-w-full tw-items-center tw-justify-center tw-bg-text-contrast"
|
[subtitle]="subtitle"
|
||||||
>
|
>
|
||||||
<i class="bwi bwi-spinner bwi-spin bwi-3x"></i>
|
<div bitDialogContent class="tw-relative">
|
||||||
</div>
|
<bit-tab-group [(selectedIndex)]="tabIndex">
|
||||||
|
<bit-tab label="{{ 'nameValuePair' | i18n }}">
|
||||||
<div class="tw-flex tw-gap-4 tw-pt-4">
|
<div class="tw-flex tw-gap-4 tw-pt-4">
|
||||||
<bit-form-field class="tw-w-1/3">
|
<bit-form-field class="tw-w-1/3">
|
||||||
<bit-label for="secret-name">{{ "name" | i18n }}</bit-label>
|
<bit-label>{{ "name" | i18n }}</bit-label>
|
||||||
<input appAutofocus formControlName="name" bitInput />
|
<input appAutofocus formControlName="name" bitInput />
|
||||||
</bit-form-field>
|
</bit-form-field>
|
||||||
<bit-form-field class="tw-w-full">
|
<bit-form-field class="tw-w-full">
|
||||||
@ -43,29 +44,59 @@
|
|||||||
<bit-label>{{ "projectName" | i18n }}</bit-label>
|
<bit-label>{{ "projectName" | i18n }}</bit-label>
|
||||||
<input formControlName="newProjectName" bitInput />
|
<input formControlName="newProjectName" bitInput />
|
||||||
</bit-form-field>
|
</bit-form-field>
|
||||||
|
</bit-tab>
|
||||||
|
|
||||||
|
<bit-tab label="{{ 'people' | i18n }}">
|
||||||
|
<p>
|
||||||
|
{{ "secretPeopleDescription" | i18n }}
|
||||||
|
</p>
|
||||||
|
<sm-access-policy-selector
|
||||||
|
formControlName="peopleAccessPolicies"
|
||||||
|
[addButtonMode]="false"
|
||||||
|
[items]="peopleAccessPolicyItems"
|
||||||
|
[label]="'people' | i18n"
|
||||||
|
[hint]="'projectPeopleSelectHint' | i18n"
|
||||||
|
[columnTitle]="'name' | i18n"
|
||||||
|
[emptyMessage]="'secretPeopleEmptyMessage' | i18n"
|
||||||
|
>
|
||||||
|
</sm-access-policy-selector>
|
||||||
|
</bit-tab>
|
||||||
|
|
||||||
|
<bit-tab label="{{ 'machineAccounts' | i18n }}">
|
||||||
|
<p>
|
||||||
|
{{ "secretMachineAccountsDescription" | i18n }}
|
||||||
|
</p>
|
||||||
|
<sm-access-policy-selector
|
||||||
|
formControlName="serviceAccountAccessPolicies"
|
||||||
|
[addButtonMode]="false"
|
||||||
|
[items]="serviceAccountAccessPolicyItems"
|
||||||
|
[label]="'machineAccounts' | i18n"
|
||||||
|
[hint]="'projectMachineAccountsSelectHint' | i18n"
|
||||||
|
[columnTitle]="'machineAccounts' | i18n"
|
||||||
|
[emptyMessage]="'secretMachineAccountsEmptyMessage' | i18n"
|
||||||
|
>
|
||||||
|
</sm-access-policy-selector>
|
||||||
|
</bit-tab>
|
||||||
|
</bit-tab-group>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<ng-container bitDialogFooter>
|
<ng-container bitDialogFooter>
|
||||||
<button type="submit" bitButton buttonType="primary" bitFormButton>
|
<button [loading]="loading" type="submit" bitButton buttonType="primary" bitFormButton>
|
||||||
{{ "save" | i18n }}
|
{{ "save" | i18n }}
|
||||||
</button>
|
</button>
|
||||||
<button
|
<button bitButton buttonType="secondary" type="button" bitDialogClose>
|
||||||
type="button"
|
|
||||||
bitButton
|
|
||||||
buttonType="secondary"
|
|
||||||
bitFormButton
|
|
||||||
bitDialogClose
|
|
||||||
[disabled]="false"
|
|
||||||
>
|
|
||||||
{{ "cancel" | i18n }}
|
{{ "cancel" | i18n }}
|
||||||
</button>
|
</button>
|
||||||
<button
|
<button
|
||||||
*ngIf="deleteButtonIsVisible"
|
*ngIf="deleteButtonIsVisible"
|
||||||
class="tw-ml-auto"
|
class="tw-ml-auto"
|
||||||
|
[disabled]="loading"
|
||||||
type="button"
|
type="button"
|
||||||
bitIconButton="bwi-trash"
|
|
||||||
buttonType="danger"
|
buttonType="danger"
|
||||||
|
bitIconButton="bwi-trash"
|
||||||
bitFormButton
|
bitFormButton
|
||||||
(click)="openDeleteSecretDialog()"
|
[appA11yTitle]="'delete' | i18n"
|
||||||
|
[bitAction]="delete"
|
||||||
></button>
|
></button>
|
||||||
</ng-container>
|
</ng-container>
|
||||||
</bit-dialog>
|
</bit-dialog>
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
import { DialogRef, DIALOG_DATA } from "@angular/cdk/dialog";
|
import { DialogRef, DIALOG_DATA } from "@angular/cdk/dialog";
|
||||||
import { Component, Inject, OnInit } from "@angular/core";
|
import { ChangeDetectorRef, Component, Inject, OnInit } from "@angular/core";
|
||||||
import { FormControl, FormGroup, Validators } from "@angular/forms";
|
import { FormControl, FormGroup, Validators } from "@angular/forms";
|
||||||
import { lastValueFrom, Subject, takeUntil } from "rxjs";
|
import { lastValueFrom, Subject, takeUntil } from "rxjs";
|
||||||
|
|
||||||
@ -9,12 +9,25 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
|
|||||||
import { Utils } from "@bitwarden/common/platform/misc/utils";
|
import { Utils } from "@bitwarden/common/platform/misc/utils";
|
||||||
import { DialogService, BitValidators } from "@bitwarden/components";
|
import { DialogService, BitValidators } from "@bitwarden/components";
|
||||||
|
|
||||||
|
import { SecretAccessPoliciesView } from "../../models/view/access-policies/secret-access-policies.view";
|
||||||
import { ProjectListView } from "../../models/view/project-list.view";
|
import { ProjectListView } from "../../models/view/project-list.view";
|
||||||
import { ProjectView } from "../../models/view/project.view";
|
import { ProjectView } from "../../models/view/project.view";
|
||||||
import { SecretListView } from "../../models/view/secret-list.view";
|
import { SecretListView } from "../../models/view/secret-list.view";
|
||||||
import { SecretProjectView } from "../../models/view/secret-project.view";
|
import { SecretProjectView } from "../../models/view/secret-project.view";
|
||||||
import { SecretView } from "../../models/view/secret.view";
|
import { SecretView } from "../../models/view/secret.view";
|
||||||
import { ProjectService } from "../../projects/project.service";
|
import { ProjectService } from "../../projects/project.service";
|
||||||
|
import { AccessPolicySelectorService } from "../../shared/access-policies/access-policy-selector/access-policy-selector.service";
|
||||||
|
import {
|
||||||
|
ApItemValueType,
|
||||||
|
convertToSecretAccessPoliciesView,
|
||||||
|
} from "../../shared/access-policies/access-policy-selector/models/ap-item-value.type";
|
||||||
|
import {
|
||||||
|
ApItemViewType,
|
||||||
|
convertPotentialGranteesToApItemViewType,
|
||||||
|
convertSecretAccessPoliciesToApItemViews,
|
||||||
|
} from "../../shared/access-policies/access-policy-selector/models/ap-item-view.type";
|
||||||
|
import { ApItemEnum } from "../../shared/access-policies/access-policy-selector/models/enums/ap-item.enum";
|
||||||
|
import { AccessPolicyService } from "../../shared/access-policies/access-policy.service";
|
||||||
import { SecretService } from "../secret.service";
|
import { SecretService } from "../secret.service";
|
||||||
|
|
||||||
import { SecretDeleteDialogComponent, SecretDeleteOperation } from "./secret-delete.component";
|
import { SecretDeleteDialogComponent, SecretDeleteOperation } from "./secret-delete.component";
|
||||||
@ -24,6 +37,12 @@ export enum OperationType {
|
|||||||
Edit,
|
Edit,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
export enum SecretDialogTabType {
|
||||||
|
NameValuePair = 0,
|
||||||
|
People = 1,
|
||||||
|
ServiceAccounts = 2,
|
||||||
|
}
|
||||||
|
|
||||||
export interface SecretOperation {
|
export interface SecretOperation {
|
||||||
organizationId: string;
|
organizationId: string;
|
||||||
operation: OperationType;
|
operation: OperationType;
|
||||||
@ -36,6 +55,12 @@ export interface SecretOperation {
|
|||||||
templateUrl: "./secret-dialog.component.html",
|
templateUrl: "./secret-dialog.component.html",
|
||||||
})
|
})
|
||||||
export class SecretDialogComponent implements OnInit {
|
export class SecretDialogComponent implements OnInit {
|
||||||
|
loading = true;
|
||||||
|
projects: ProjectListView[];
|
||||||
|
addNewProject = false;
|
||||||
|
newProjectGuid = Utils.newGuid();
|
||||||
|
tabIndex: SecretDialogTabType = SecretDialogTabType.NameValuePair;
|
||||||
|
|
||||||
protected formGroup = new FormGroup({
|
protected formGroup = new FormGroup({
|
||||||
name: new FormControl("", {
|
name: new FormControl("", {
|
||||||
validators: [Validators.required, Validators.maxLength(500), BitValidators.trimValidator],
|
validators: [Validators.required, Validators.maxLength(500), BitValidators.trimValidator],
|
||||||
@ -51,77 +76,60 @@ export class SecretDialogComponent implements OnInit {
|
|||||||
validators: [Validators.maxLength(500), BitValidators.trimValidator],
|
validators: [Validators.maxLength(500), BitValidators.trimValidator],
|
||||||
updateOn: "submit",
|
updateOn: "submit",
|
||||||
}),
|
}),
|
||||||
|
peopleAccessPolicies: new FormControl([] as ApItemValueType[]),
|
||||||
|
serviceAccountAccessPolicies: new FormControl([] as ApItemValueType[]),
|
||||||
});
|
});
|
||||||
|
protected peopleAccessPolicyItems: ApItemViewType[];
|
||||||
|
protected serviceAccountAccessPolicyItems: ApItemViewType[];
|
||||||
|
|
||||||
private destroy$ = new Subject<void>();
|
private destroy$ = new Subject<void>();
|
||||||
private loading = true;
|
private currentPeopleAccessPolicies: ApItemViewType[];
|
||||||
projects: ProjectListView[];
|
|
||||||
addNewProject = false;
|
|
||||||
newProjectGuid = Utils.newGuid();
|
|
||||||
|
|
||||||
constructor(
|
constructor(
|
||||||
public dialogRef: DialogRef,
|
public dialogRef: DialogRef,
|
||||||
@Inject(DIALOG_DATA) private data: SecretOperation,
|
@Inject(DIALOG_DATA) private data: SecretOperation,
|
||||||
private secretService: SecretService,
|
private secretService: SecretService,
|
||||||
|
private changeDetectorRef: ChangeDetectorRef,
|
||||||
private i18nService: I18nService,
|
private i18nService: I18nService,
|
||||||
private platformUtilsService: PlatformUtilsService,
|
private platformUtilsService: PlatformUtilsService,
|
||||||
private projectService: ProjectService,
|
private projectService: ProjectService,
|
||||||
private dialogService: DialogService,
|
private dialogService: DialogService,
|
||||||
private organizationService: OrganizationService,
|
private organizationService: OrganizationService,
|
||||||
|
private accessPolicyService: AccessPolicyService,
|
||||||
|
private accessPolicySelectorService: AccessPolicySelectorService,
|
||||||
) {}
|
) {}
|
||||||
|
|
||||||
|
get title() {
|
||||||
|
return this.data.operation === OperationType.Add ? "newSecret" : "editSecret";
|
||||||
|
}
|
||||||
|
|
||||||
|
get subtitle(): string | undefined {
|
||||||
|
if (this.data.operation === OperationType.Edit) {
|
||||||
|
return this.formGroup.get("name").value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
get deleteButtonIsVisible(): boolean {
|
||||||
|
return this.data.operation === OperationType.Edit;
|
||||||
|
}
|
||||||
|
|
||||||
async ngOnInit() {
|
async ngOnInit() {
|
||||||
|
this.loading = true;
|
||||||
if (this.data.operation === OperationType.Edit && this.data.secretId) {
|
if (this.data.operation === OperationType.Edit && this.data.secretId) {
|
||||||
await this.loadData();
|
await this.loadEditDialog();
|
||||||
} else if (this.data.operation !== OperationType.Add) {
|
} else if (this.data.operation !== OperationType.Add) {
|
||||||
this.dialogRef.close();
|
this.dialogRef.close();
|
||||||
throw new Error(`The secret dialog was not called with the appropriate operation values.`);
|
throw new Error(`The secret dialog was not called with the appropriate operation values.`);
|
||||||
} else if (this.data.operation == OperationType.Add) {
|
} else if (this.data.operation === OperationType.Add) {
|
||||||
await this.loadProjects(true);
|
await this.loadAddDialog();
|
||||||
if (this.data.projectId == null || this.data.projectId == "") {
|
|
||||||
this.addNewProjectOptionToProjectsDropDown();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (this.data.projectId) {
|
|
||||||
this.formGroup.get("project").setValue(this.data.projectId);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((await this.organizationService.get(this.data.organizationId))?.isAdmin) {
|
if ((await this.organizationService.get(this.data.organizationId))?.isAdmin) {
|
||||||
this.formGroup.get("project").removeValidators(Validators.required);
|
this.formGroup.get("project").removeValidators(Validators.required);
|
||||||
this.formGroup.get("project").updateValueAndValidity();
|
this.formGroup.get("project").updateValueAndValidity();
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
async loadData() {
|
|
||||||
this.formGroup.disable();
|
|
||||||
const secret: SecretView = await this.secretService.getBySecretId(this.data.secretId);
|
|
||||||
|
|
||||||
await this.loadProjects(secret.write);
|
|
||||||
|
|
||||||
this.formGroup.setValue({
|
|
||||||
name: secret.name,
|
|
||||||
value: secret.value,
|
|
||||||
notes: secret.note,
|
|
||||||
project: secret.projects[0]?.id ?? "",
|
|
||||||
newProjectName: "",
|
|
||||||
});
|
|
||||||
|
|
||||||
this.loading = false;
|
this.loading = false;
|
||||||
|
|
||||||
if (secret.write) {
|
|
||||||
this.formGroup.enable();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
async loadProjects(filterByPermission: boolean) {
|
|
||||||
this.projects = await this.projectService
|
|
||||||
.getProjects(this.data.organizationId)
|
|
||||||
.then((projects) => projects.sort((a, b) => a.name.localeCompare(b.name)));
|
|
||||||
|
|
||||||
if (filterByPermission) {
|
|
||||||
this.projects = this.projects.filter((p) => p.write);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ngOnDestroy(): void {
|
ngOnDestroy(): void {
|
||||||
@ -129,6 +137,152 @@ export class SecretDialogComponent implements OnInit {
|
|||||||
this.destroy$.complete();
|
this.destroy$.complete();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
submit = async () => {
|
||||||
|
if (!this.data.organizationEnabled) {
|
||||||
|
this.platformUtilsService.showToast("error", null, this.i18nService.t("secretsCannotCreate"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (this.isFormInvalid()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
const secretView = this.getSecretView();
|
||||||
|
const secretAccessPoliciesView = convertToSecretAccessPoliciesView([
|
||||||
|
...this.formGroup.value.peopleAccessPolicies,
|
||||||
|
...this.formGroup.value.serviceAccountAccessPolicies,
|
||||||
|
]);
|
||||||
|
|
||||||
|
const showAccessRemovalWarning =
|
||||||
|
this.data.operation === OperationType.Edit &&
|
||||||
|
(await this.accessPolicySelectorService.showSecretAccessRemovalWarning(
|
||||||
|
this.data.organizationId,
|
||||||
|
this.currentPeopleAccessPolicies,
|
||||||
|
this.formGroup.value.peopleAccessPolicies,
|
||||||
|
));
|
||||||
|
|
||||||
|
if (showAccessRemovalWarning) {
|
||||||
|
const confirmed = await this.showWarning();
|
||||||
|
if (!confirmed) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (this.addNewProject) {
|
||||||
|
const newProject = await this.createProject(this.getNewProjectView());
|
||||||
|
secretView.projects = [newProject];
|
||||||
|
}
|
||||||
|
|
||||||
|
if (this.data.operation === OperationType.Add) {
|
||||||
|
await this.createSecret(secretView, secretAccessPoliciesView);
|
||||||
|
} else {
|
||||||
|
secretView.id = this.data.secretId;
|
||||||
|
await this.updateSecret(secretView, secretAccessPoliciesView);
|
||||||
|
}
|
||||||
|
this.dialogRef.close();
|
||||||
|
};
|
||||||
|
|
||||||
|
delete = async () => {
|
||||||
|
const secretListView: SecretListView[] = this.getSecretListView();
|
||||||
|
|
||||||
|
const dialogRef = this.dialogService.open<unknown, SecretDeleteOperation>(
|
||||||
|
SecretDeleteDialogComponent,
|
||||||
|
{
|
||||||
|
data: {
|
||||||
|
secrets: secretListView,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
);
|
||||||
|
|
||||||
|
await lastValueFrom(dialogRef.closed).then(
|
||||||
|
(closeData) => closeData !== undefined && this.dialogRef.close(),
|
||||||
|
);
|
||||||
|
};
|
||||||
|
|
||||||
|
private async loadEditDialog() {
|
||||||
|
const secret = await this.secretService.getBySecretId(this.data.secretId);
|
||||||
|
await this.loadProjects(secret.projects);
|
||||||
|
|
||||||
|
const currentAccessPolicies = await this.getCurrentAccessPolicies(
|
||||||
|
this.data.organizationId,
|
||||||
|
this.data.secretId,
|
||||||
|
);
|
||||||
|
this.currentPeopleAccessPolicies = currentAccessPolicies.filter(
|
||||||
|
(p) => p.type === ApItemEnum.User || p.type === ApItemEnum.Group,
|
||||||
|
);
|
||||||
|
const currentServiceAccountPolicies = currentAccessPolicies.filter(
|
||||||
|
(p) => p.type === ApItemEnum.ServiceAccount,
|
||||||
|
);
|
||||||
|
|
||||||
|
this.peopleAccessPolicyItems = await this.getPeoplePotentialGrantees(this.data.organizationId);
|
||||||
|
this.serviceAccountAccessPolicyItems = await this.getServiceAccountItems(
|
||||||
|
this.data.organizationId,
|
||||||
|
currentServiceAccountPolicies,
|
||||||
|
);
|
||||||
|
|
||||||
|
// Must detect changes so that AccessSelector @Inputs() are aware of the latest
|
||||||
|
// potentialGrantees, otherwise no selected values will be patched below
|
||||||
|
this.changeDetectorRef.detectChanges();
|
||||||
|
|
||||||
|
this.formGroup.patchValue({
|
||||||
|
name: secret.name,
|
||||||
|
value: secret.value,
|
||||||
|
notes: secret.note,
|
||||||
|
project: secret.projects[0]?.id ?? "",
|
||||||
|
newProjectName: "",
|
||||||
|
peopleAccessPolicies: this.currentPeopleAccessPolicies.map((m) => ({
|
||||||
|
type: m.type,
|
||||||
|
id: m.id,
|
||||||
|
permission: m.permission,
|
||||||
|
currentUser: m.type === ApItemEnum.User ? m.currentUser : null,
|
||||||
|
currentUserInGroup: m.type === ApItemEnum.Group ? m.currentUserInGroup : null,
|
||||||
|
})),
|
||||||
|
serviceAccountAccessPolicies: currentServiceAccountPolicies.map((m) => ({
|
||||||
|
type: m.type,
|
||||||
|
id: m.id,
|
||||||
|
permission: m.permission,
|
||||||
|
})),
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
private async loadAddDialog() {
|
||||||
|
await this.loadProjects();
|
||||||
|
this.peopleAccessPolicyItems = await this.getPeoplePotentialGrantees(this.data.organizationId);
|
||||||
|
this.serviceAccountAccessPolicyItems = await this.getServiceAccountItems(
|
||||||
|
this.data.organizationId,
|
||||||
|
);
|
||||||
|
|
||||||
|
if (
|
||||||
|
this.data.projectId === null ||
|
||||||
|
this.data.projectId === "" ||
|
||||||
|
this.data.projectId === undefined
|
||||||
|
) {
|
||||||
|
this.addNewProjectOptionToProjectsDropDown();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (this.data.projectId) {
|
||||||
|
this.formGroup.get("project").setValue(this.data.projectId);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private async loadProjects(currentProjects?: SecretProjectView[]) {
|
||||||
|
this.projects = await this.projectService
|
||||||
|
.getProjects(this.data.organizationId)
|
||||||
|
.then((projects) => projects.filter((p) => p.write));
|
||||||
|
|
||||||
|
if (currentProjects?.length > 0) {
|
||||||
|
const currentProject = currentProjects?.[0];
|
||||||
|
if (this.projects.find((p) => p.id === currentProject.id) === undefined) {
|
||||||
|
const listView = new ProjectListView();
|
||||||
|
listView.id = currentProject.id;
|
||||||
|
listView.name = currentProject.name;
|
||||||
|
this.projects.push(listView);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
this.projects = this.projects.sort((a, b) => a.name.localeCompare(b.name));
|
||||||
|
}
|
||||||
|
|
||||||
private addNewProjectOptionToProjectsDropDown() {
|
private addNewProjectOptionToProjectsDropDown() {
|
||||||
this.formGroup
|
this.formGroup
|
||||||
.get("project")
|
.get("project")
|
||||||
@ -155,70 +309,15 @@ export class SecretDialogComponent implements OnInit {
|
|||||||
this.formGroup.get("newProjectName").updateValueAndValidity();
|
this.formGroup.get("newProjectName").updateValueAndValidity();
|
||||||
}
|
}
|
||||||
|
|
||||||
get title() {
|
|
||||||
return this.data.operation === OperationType.Add ? "newSecret" : "editSecret";
|
|
||||||
}
|
|
||||||
|
|
||||||
get showSpinner() {
|
|
||||||
return this.data.operation === OperationType.Edit && this.loading;
|
|
||||||
}
|
|
||||||
|
|
||||||
submit = async () => {
|
|
||||||
if (!this.data.organizationEnabled) {
|
|
||||||
this.platformUtilsService.showToast("error", null, this.i18nService.t("secretsCannotCreate"));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
this.formGroup.markAllAsTouched();
|
|
||||||
|
|
||||||
if (this.formGroup.invalid) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
const secretView = this.getSecretView();
|
|
||||||
|
|
||||||
if (this.addNewProject) {
|
|
||||||
const newProject = await this.createProject(this.getNewProjectView());
|
|
||||||
secretView.projects = [newProject];
|
|
||||||
}
|
|
||||||
|
|
||||||
if (this.data.operation === OperationType.Add) {
|
|
||||||
await this.createSecret(secretView);
|
|
||||||
} else {
|
|
||||||
secretView.id = this.data.secretId;
|
|
||||||
await this.updateSecret(secretView);
|
|
||||||
}
|
|
||||||
this.dialogRef.close();
|
|
||||||
};
|
|
||||||
|
|
||||||
get deleteButtonIsVisible(): boolean {
|
|
||||||
return this.data.operation === OperationType.Edit;
|
|
||||||
}
|
|
||||||
|
|
||||||
private async createProject(projectView: ProjectView) {
|
private async createProject(projectView: ProjectView) {
|
||||||
return await this.projectService.create(this.data.organizationId, projectView);
|
return await this.projectService.create(this.data.organizationId, projectView);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected async openDeleteSecretDialog() {
|
private async createSecret(
|
||||||
const secretListView: SecretListView[] = this.getSecretListView();
|
secretView: SecretView,
|
||||||
|
secretAccessPoliciesView: SecretAccessPoliciesView,
|
||||||
const dialogRef = this.dialogService.open<unknown, SecretDeleteOperation>(
|
) {
|
||||||
SecretDeleteDialogComponent,
|
await this.secretService.create(this.data.organizationId, secretView, secretAccessPoliciesView);
|
||||||
{
|
|
||||||
data: {
|
|
||||||
secrets: secretListView,
|
|
||||||
},
|
|
||||||
},
|
|
||||||
);
|
|
||||||
|
|
||||||
// If the secret is deleted, chain close this dialog after the delete dialog
|
|
||||||
await lastValueFrom(dialogRef.closed).then(
|
|
||||||
(closeData) => closeData !== undefined && this.dialogRef.close(),
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
private async createSecret(secretView: SecretView) {
|
|
||||||
await this.secretService.create(this.data.organizationId, secretView);
|
|
||||||
this.platformUtilsService.showToast("success", null, this.i18nService.t("secretCreated"));
|
this.platformUtilsService.showToast("success", null, this.i18nService.t("secretCreated"));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -229,8 +328,11 @@ export class SecretDialogComponent implements OnInit {
|
|||||||
return projectView;
|
return projectView;
|
||||||
}
|
}
|
||||||
|
|
||||||
private async updateSecret(secretView: SecretView) {
|
private async updateSecret(
|
||||||
await this.secretService.update(this.data.organizationId, secretView);
|
secretView: SecretView,
|
||||||
|
secretAccessPoliciesView: SecretAccessPoliciesView,
|
||||||
|
) {
|
||||||
|
await this.secretService.update(this.data.organizationId, secretView, secretAccessPoliciesView);
|
||||||
this.platformUtilsService.showToast("success", null, this.i18nService.t("secretEdited"));
|
this.platformUtilsService.showToast("success", null, this.i18nService.t("secretEdited"));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -265,4 +367,63 @@ export class SecretDialogComponent implements OnInit {
|
|||||||
secretListViews.push(secretListView);
|
secretListViews.push(secretListView);
|
||||||
return secretListViews;
|
return secretListViews;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private async getCurrentAccessPolicies(
|
||||||
|
organizationId: string,
|
||||||
|
secretId: string,
|
||||||
|
): Promise<ApItemViewType[]> {
|
||||||
|
return convertSecretAccessPoliciesToApItemViews(
|
||||||
|
await this.accessPolicyService.getSecretAccessPolicies(organizationId, secretId),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
private async getPeoplePotentialGrantees(organizationId: string): Promise<ApItemViewType[]> {
|
||||||
|
return convertPotentialGranteesToApItemViewType(
|
||||||
|
await this.accessPolicyService.getPeoplePotentialGrantees(organizationId),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
private async getServiceAccountItems(
|
||||||
|
organizationId: string,
|
||||||
|
currentAccessPolicies?: ApItemViewType[],
|
||||||
|
): Promise<ApItemViewType[]> {
|
||||||
|
const potentialGrantees = convertPotentialGranteesToApItemViewType(
|
||||||
|
await this.accessPolicyService.getServiceAccountsPotentialGrantees(organizationId),
|
||||||
|
);
|
||||||
|
const items = [...potentialGrantees];
|
||||||
|
if (currentAccessPolicies) {
|
||||||
|
for (const policy of currentAccessPolicies) {
|
||||||
|
const exists = potentialGrantees.some((grantee) => grantee.id === policy.id);
|
||||||
|
if (!exists) {
|
||||||
|
items.push(policy);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return items;
|
||||||
|
}
|
||||||
|
|
||||||
|
private async showWarning(): Promise<boolean> {
|
||||||
|
const confirmed = await this.dialogService.openSimpleDialog({
|
||||||
|
title: { key: "smAccessRemovalWarningSecretTitle" },
|
||||||
|
content: { key: "smAccessRemovalSecretMessage" },
|
||||||
|
acceptButtonText: { key: "removeAccess" },
|
||||||
|
cancelButtonText: { key: "cancel" },
|
||||||
|
type: "warning",
|
||||||
|
});
|
||||||
|
return confirmed;
|
||||||
|
}
|
||||||
|
|
||||||
|
private isFormInvalid(): boolean {
|
||||||
|
this.formGroup.markAllAsTouched();
|
||||||
|
|
||||||
|
if (this.formGroup.invalid && this.tabIndex !== SecretDialogTabType.NameValuePair) {
|
||||||
|
this.platformUtilsService.showToast(
|
||||||
|
"error",
|
||||||
|
null,
|
||||||
|
this.i18nService.t("fieldOnTabRequiresAttention", this.i18nService.t("nameValuePair")),
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
return this.formGroup.invalid;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,6 +1,9 @@
|
|||||||
|
import { SecretAccessPoliciesRequest } from "../../shared/access-policies/models/requests/secret-access-policies.request";
|
||||||
|
|
||||||
export class SecretRequest {
|
export class SecretRequest {
|
||||||
key: string;
|
key: string;
|
||||||
value: string;
|
value: string;
|
||||||
note: string;
|
note: string;
|
||||||
projectIds?: string[];
|
projectIds?: string[];
|
||||||
|
accessPoliciesRequests: SecretAccessPoliciesRequest;
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,125 @@
|
|||||||
|
import { mock } from "jest-mock-extended";
|
||||||
|
|
||||||
|
import { ApiService } from "@bitwarden/common/abstractions/api.service";
|
||||||
|
import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
|
||||||
|
import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
|
||||||
|
import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
|
||||||
|
|
||||||
|
import { SecretAccessPoliciesView } from "../models/view/access-policies/secret-access-policies.view";
|
||||||
|
import { SecretView } from "../models/view/secret.view";
|
||||||
|
import { AccessPolicyService } from "../shared/access-policies/access-policy.service";
|
||||||
|
|
||||||
|
import { SecretService } from "./secret.service";
|
||||||
|
|
||||||
|
describe("SecretService", () => {
|
||||||
|
let sut: SecretService;
|
||||||
|
|
||||||
|
const cryptoService = mock<CryptoService>();
|
||||||
|
const apiService = mock<ApiService>();
|
||||||
|
const encryptService = mock<EncryptService>();
|
||||||
|
const accessPolicyService = mock<AccessPolicyService>();
|
||||||
|
|
||||||
|
beforeEach(() => {
|
||||||
|
jest.resetAllMocks();
|
||||||
|
|
||||||
|
sut = new SecretService(cryptoService, apiService, encryptService, accessPolicyService);
|
||||||
|
|
||||||
|
encryptService.encrypt.mockResolvedValue({
|
||||||
|
encryptedString: "mockEncryptedString",
|
||||||
|
} as EncString);
|
||||||
|
encryptService.decryptToUtf8.mockResolvedValue(mockUnencryptedData);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("instantiates", () => {
|
||||||
|
expect(sut).not.toBeFalsy();
|
||||||
|
});
|
||||||
|
|
||||||
|
describe("create", () => {
|
||||||
|
it("emits the secret created", async () => {
|
||||||
|
apiService.send.mockResolvedValue(mockedSecretResponse);
|
||||||
|
|
||||||
|
sut.secret$.subscribe((secret) => {
|
||||||
|
expect(secret).toBeDefined();
|
||||||
|
expect(secret).toEqual(expectedSecretView);
|
||||||
|
});
|
||||||
|
|
||||||
|
await sut.create("organizationId", secretView, secretAccessPoliciesView);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
describe("update", () => {
|
||||||
|
it("emits the secret updated", async () => {
|
||||||
|
apiService.send.mockResolvedValue(mockedSecretResponse);
|
||||||
|
|
||||||
|
sut.secret$.subscribe((secret) => {
|
||||||
|
expect(secret).toBeDefined();
|
||||||
|
expect(secret).toEqual(expectedSecretView);
|
||||||
|
});
|
||||||
|
|
||||||
|
await sut.update("organizationId", secretView, secretAccessPoliciesView);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
const mockedSecretResponse: any = {
|
||||||
|
id: "001f835c-aa41-4f25-bfbf-b18d0103a1db",
|
||||||
|
organizationId: "da0eea55-8604-4307-8a24-b187015e3071",
|
||||||
|
key: "mockEncryptedString",
|
||||||
|
value: "mockEncryptedString",
|
||||||
|
note: "mockEncryptedString",
|
||||||
|
creationDate: "2024-07-12T15:45:17.49823Z",
|
||||||
|
revisionDate: "2024-07-12T15:45:17.49823Z",
|
||||||
|
projects: [
|
||||||
|
{
|
||||||
|
id: "502d93ae-a084-490a-8a64-b187015eb69c",
|
||||||
|
name: "mockEncryptedString",
|
||||||
|
},
|
||||||
|
],
|
||||||
|
read: true,
|
||||||
|
write: true,
|
||||||
|
object: "secret",
|
||||||
|
};
|
||||||
|
|
||||||
|
const secretView: SecretView = {
|
||||||
|
id: "001f835c-aa41-4f25-bfbf-b18d0103a1db",
|
||||||
|
organizationId: "da0eea55-8604-4307-8a24-b187015e3071",
|
||||||
|
name: "key",
|
||||||
|
value: "value",
|
||||||
|
note: "note",
|
||||||
|
creationDate: "2024-06-12T15:45:17.49823Z",
|
||||||
|
revisionDate: "2024-06-12T15:45:17.49823Z",
|
||||||
|
projects: [
|
||||||
|
{
|
||||||
|
id: "502d93ae-a084-490a-8a64-b187015eb69c",
|
||||||
|
name: "project-name",
|
||||||
|
},
|
||||||
|
],
|
||||||
|
read: true,
|
||||||
|
write: true,
|
||||||
|
};
|
||||||
|
|
||||||
|
const secretAccessPoliciesView: SecretAccessPoliciesView = {
|
||||||
|
userAccessPolicies: [],
|
||||||
|
groupAccessPolicies: [],
|
||||||
|
serviceAccountAccessPolicies: [],
|
||||||
|
};
|
||||||
|
|
||||||
|
const mockUnencryptedData = "mockUnEncryptedString";
|
||||||
|
|
||||||
|
const expectedSecretView: SecretView = {
|
||||||
|
id: "001f835c-aa41-4f25-bfbf-b18d0103a1db",
|
||||||
|
organizationId: "da0eea55-8604-4307-8a24-b187015e3071",
|
||||||
|
name: mockUnencryptedData,
|
||||||
|
value: mockUnencryptedData,
|
||||||
|
note: mockUnencryptedData,
|
||||||
|
creationDate: "2024-07-12T15:45:17.49823Z",
|
||||||
|
revisionDate: "2024-07-12T15:45:17.49823Z",
|
||||||
|
projects: [
|
||||||
|
{
|
||||||
|
id: "502d93ae-a084-490a-8a64-b187015eb69c",
|
||||||
|
name: mockUnencryptedData,
|
||||||
|
},
|
||||||
|
],
|
||||||
|
read: true,
|
||||||
|
write: true,
|
||||||
|
};
|
@ -7,9 +7,11 @@ import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.
|
|||||||
import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
|
import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
|
||||||
import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
|
import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
|
||||||
|
|
||||||
|
import { SecretAccessPoliciesView } from "../models/view/access-policies/secret-access-policies.view";
|
||||||
import { SecretListView } from "../models/view/secret-list.view";
|
import { SecretListView } from "../models/view/secret-list.view";
|
||||||
import { SecretProjectView } from "../models/view/secret-project.view";
|
import { SecretProjectView } from "../models/view/secret-project.view";
|
||||||
import { SecretView } from "../models/view/secret.view";
|
import { SecretView } from "../models/view/secret.view";
|
||||||
|
import { AccessPolicyService } from "../shared/access-policies/access-policy.service";
|
||||||
import { BulkOperationStatus } from "../shared/dialogs/bulk-status-dialog.component";
|
import { BulkOperationStatus } from "../shared/dialogs/bulk-status-dialog.component";
|
||||||
|
|
||||||
import { SecretRequest } from "./requests/secret.request";
|
import { SecretRequest } from "./requests/secret.request";
|
||||||
@ -30,6 +32,7 @@ export class SecretService {
|
|||||||
private cryptoService: CryptoService,
|
private cryptoService: CryptoService,
|
||||||
private apiService: ApiService,
|
private apiService: ApiService,
|
||||||
private encryptService: EncryptService,
|
private encryptService: EncryptService,
|
||||||
|
private accessPolicyService: AccessPolicyService,
|
||||||
) {}
|
) {}
|
||||||
|
|
||||||
async getBySecretId(secretId: string): Promise<SecretView> {
|
async getBySecretId(secretId: string): Promise<SecretView> {
|
||||||
@ -65,8 +68,16 @@ export class SecretService {
|
|||||||
return await this.createSecretsListView(organizationId, results);
|
return await this.createSecretsListView(organizationId, results);
|
||||||
}
|
}
|
||||||
|
|
||||||
async create(organizationId: string, secretView: SecretView) {
|
async create(
|
||||||
const request = await this.getSecretRequest(organizationId, secretView);
|
organizationId: string,
|
||||||
|
secretView: SecretView,
|
||||||
|
secretAccessPoliciesView: SecretAccessPoliciesView,
|
||||||
|
) {
|
||||||
|
const request = await this.getSecretRequest(
|
||||||
|
organizationId,
|
||||||
|
secretView,
|
||||||
|
secretAccessPoliciesView,
|
||||||
|
);
|
||||||
const r = await this.apiService.send(
|
const r = await this.apiService.send(
|
||||||
"POST",
|
"POST",
|
||||||
"/organizations/" + organizationId + "/secrets",
|
"/organizations/" + organizationId + "/secrets",
|
||||||
@ -77,8 +88,16 @@ export class SecretService {
|
|||||||
this._secret.next(await this.createSecretView(new SecretResponse(r)));
|
this._secret.next(await this.createSecretView(new SecretResponse(r)));
|
||||||
}
|
}
|
||||||
|
|
||||||
async update(organizationId: string, secretView: SecretView) {
|
async update(
|
||||||
const request = await this.getSecretRequest(organizationId, secretView);
|
organizationId: string,
|
||||||
|
secretView: SecretView,
|
||||||
|
secretAccessPoliciesView: SecretAccessPoliciesView,
|
||||||
|
) {
|
||||||
|
const request = await this.getSecretRequest(
|
||||||
|
organizationId,
|
||||||
|
secretView,
|
||||||
|
secretAccessPoliciesView,
|
||||||
|
);
|
||||||
const r = await this.apiService.send("PUT", "/secrets/" + secretView.id, request, true, true);
|
const r = await this.apiService.send("PUT", "/secrets/" + secretView.id, request, true, true);
|
||||||
this._secret.next(await this.createSecretView(new SecretResponse(r)));
|
this._secret.next(await this.createSecretView(new SecretResponse(r)));
|
||||||
}
|
}
|
||||||
@ -140,6 +159,7 @@ export class SecretService {
|
|||||||
private async getSecretRequest(
|
private async getSecretRequest(
|
||||||
organizationId: string,
|
organizationId: string,
|
||||||
secretView: SecretView,
|
secretView: SecretView,
|
||||||
|
secretAccessPoliciesView: SecretAccessPoliciesView,
|
||||||
): Promise<SecretRequest> {
|
): Promise<SecretRequest> {
|
||||||
const orgKey = await this.getOrganizationKey(organizationId);
|
const orgKey = await this.getOrganizationKey(organizationId);
|
||||||
const request = new SecretRequest();
|
const request = new SecretRequest();
|
||||||
@ -155,6 +175,9 @@ export class SecretService {
|
|||||||
|
|
||||||
secretView.projects?.forEach((e) => request.projectIds.push(e.id));
|
secretView.projects?.forEach((e) => request.projectIds.push(e.id));
|
||||||
|
|
||||||
|
request.accessPoliciesRequests =
|
||||||
|
this.accessPolicyService.getSecretAccessPoliciesRequest(secretAccessPoliciesView);
|
||||||
|
|
||||||
return request;
|
return request;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2,9 +2,9 @@
|
|||||||
|
|
||||||
<form [formGroup]="formGroup" [bitSubmit]="submit">
|
<form [formGroup]="formGroup" [bitSubmit]="submit">
|
||||||
<div class="tw-my-4 tw-max-w-xl">
|
<div class="tw-my-4 tw-max-w-xl">
|
||||||
<app-callout type="info" title="{{ 'exportingOrganizationSecretDataTitle' | i18n }}">
|
<bit-callout type="info" title="{{ 'exportingOrganizationSecretDataTitle' | i18n }}">
|
||||||
{{ "exportingOrganizationSecretDataDescription" | i18n: orgName }}
|
{{ "exportingOrganizationSecretDataDescription" | i18n: orgName }}
|
||||||
</app-callout>
|
</bit-callout>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<bit-form-field class="tw-max-w-sm">
|
<bit-form-field class="tw-max-w-sm">
|
||||||
|
@ -64,10 +64,12 @@ describe("AccessPolicySelectorService", () => {
|
|||||||
|
|
||||||
const selectedPolicyValues: ApItemValueType[] = [];
|
const selectedPolicyValues: ApItemValueType[] = [];
|
||||||
selectedPolicyValues.push(
|
selectedPolicyValues.push(
|
||||||
createApItemValueType({
|
createApItemValueType(
|
||||||
|
{
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUser: true,
|
},
|
||||||
}),
|
true,
|
||||||
|
),
|
||||||
);
|
);
|
||||||
|
|
||||||
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
||||||
@ -80,15 +82,17 @@ describe("AccessPolicySelectorService", () => {
|
|||||||
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
const selectedPolicyValues: ApItemValueType[] = [
|
const selectedPolicyValues: ApItemValueType[] = [
|
||||||
createApItemValueType({
|
createApItemValueType(
|
||||||
|
{
|
||||||
permission: ApPermissionEnum.CanReadWrite,
|
permission: ApPermissionEnum.CanReadWrite,
|
||||||
currentUser: true,
|
},
|
||||||
}),
|
true,
|
||||||
|
),
|
||||||
];
|
];
|
||||||
|
|
||||||
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
||||||
|
|
||||||
expect(result).toBe(true);
|
expect(result).toBe(false);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("returns true when current user isn't owner/admin and a group Read policy is submitted that the user is a member of", async () => {
|
it("returns true when current user isn't owner/admin and a group Read policy is submitted that the user is a member of", async () => {
|
||||||
@ -96,12 +100,15 @@ describe("AccessPolicySelectorService", () => {
|
|||||||
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
const selectedPolicyValues: ApItemValueType[] = [
|
const selectedPolicyValues: ApItemValueType[] = [
|
||||||
createApItemValueType({
|
createApItemValueType(
|
||||||
|
{
|
||||||
id: "groupId",
|
id: "groupId",
|
||||||
type: ApItemEnum.Group,
|
type: ApItemEnum.Group,
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUserInGroup: true,
|
},
|
||||||
}),
|
false,
|
||||||
|
true,
|
||||||
|
),
|
||||||
];
|
];
|
||||||
|
|
||||||
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
||||||
@ -114,12 +121,15 @@ describe("AccessPolicySelectorService", () => {
|
|||||||
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
const selectedPolicyValues: ApItemValueType[] = [
|
const selectedPolicyValues: ApItemValueType[] = [
|
||||||
createApItemValueType({
|
createApItemValueType(
|
||||||
|
{
|
||||||
id: "groupId",
|
id: "groupId",
|
||||||
type: ApItemEnum.Group,
|
type: ApItemEnum.Group,
|
||||||
permission: ApPermissionEnum.CanReadWrite,
|
permission: ApPermissionEnum.CanReadWrite,
|
||||||
currentUserInGroup: true,
|
},
|
||||||
}),
|
false,
|
||||||
|
true,
|
||||||
|
),
|
||||||
];
|
];
|
||||||
|
|
||||||
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
||||||
@ -132,12 +142,15 @@ describe("AccessPolicySelectorService", () => {
|
|||||||
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
const selectedPolicyValues: ApItemValueType[] = [
|
const selectedPolicyValues: ApItemValueType[] = [
|
||||||
createApItemValueType({
|
createApItemValueType(
|
||||||
|
{
|
||||||
id: "groupId",
|
id: "groupId",
|
||||||
type: ApItemEnum.Group,
|
type: ApItemEnum.Group,
|
||||||
permission: ApPermissionEnum.CanReadWrite,
|
permission: ApPermissionEnum.CanReadWrite,
|
||||||
currentUserInGroup: false,
|
},
|
||||||
}),
|
false,
|
||||||
|
false,
|
||||||
|
),
|
||||||
];
|
];
|
||||||
|
|
||||||
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
||||||
@ -150,16 +163,21 @@ describe("AccessPolicySelectorService", () => {
|
|||||||
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
const selectedPolicyValues: ApItemValueType[] = [
|
const selectedPolicyValues: ApItemValueType[] = [
|
||||||
createApItemValueType({
|
createApItemValueType(
|
||||||
|
{
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUser: true,
|
},
|
||||||
}),
|
true,
|
||||||
createApItemValueType({
|
),
|
||||||
|
createApItemValueType(
|
||||||
|
{
|
||||||
id: "groupId",
|
id: "groupId",
|
||||||
type: ApItemEnum.Group,
|
type: ApItemEnum.Group,
|
||||||
permission: ApPermissionEnum.CanReadWrite,
|
permission: ApPermissionEnum.CanReadWrite,
|
||||||
currentUserInGroup: true,
|
},
|
||||||
}),
|
false,
|
||||||
|
true,
|
||||||
|
),
|
||||||
];
|
];
|
||||||
|
|
||||||
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
||||||
@ -172,16 +190,21 @@ describe("AccessPolicySelectorService", () => {
|
|||||||
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
const selectedPolicyValues: ApItemValueType[] = [
|
const selectedPolicyValues: ApItemValueType[] = [
|
||||||
createApItemValueType({
|
createApItemValueType(
|
||||||
|
{
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUser: true,
|
},
|
||||||
}),
|
true,
|
||||||
createApItemValueType({
|
),
|
||||||
|
createApItemValueType(
|
||||||
|
{
|
||||||
id: "groupId",
|
id: "groupId",
|
||||||
type: ApItemEnum.Group,
|
type: ApItemEnum.Group,
|
||||||
permission: ApPermissionEnum.CanReadWrite,
|
permission: ApPermissionEnum.CanReadWrite,
|
||||||
currentUserInGroup: false,
|
},
|
||||||
}),
|
false,
|
||||||
|
false,
|
||||||
|
),
|
||||||
];
|
];
|
||||||
|
|
||||||
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
||||||
@ -194,16 +217,21 @@ describe("AccessPolicySelectorService", () => {
|
|||||||
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
const selectedPolicyValues: ApItemValueType[] = [
|
const selectedPolicyValues: ApItemValueType[] = [
|
||||||
createApItemValueType({
|
createApItemValueType(
|
||||||
|
{
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUser: true,
|
},
|
||||||
}),
|
true,
|
||||||
createApItemValueType({
|
),
|
||||||
|
createApItemValueType(
|
||||||
|
{
|
||||||
id: "groupId",
|
id: "groupId",
|
||||||
type: ApItemEnum.Group,
|
type: ApItemEnum.Group,
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUserInGroup: true,
|
},
|
||||||
}),
|
false,
|
||||||
|
true,
|
||||||
|
),
|
||||||
];
|
];
|
||||||
|
|
||||||
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
const result = await sut.showAccessRemovalWarning(org.id, selectedPolicyValues);
|
||||||
@ -211,6 +239,246 @@ describe("AccessPolicySelectorService", () => {
|
|||||||
expect(result).toBe(true);
|
expect(result).toBe(true);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
describe("showSecretAccessRemovalWarning", () => {
|
||||||
|
it("returns false when there are no current access policies", async () => {
|
||||||
|
const org = orgFactory();
|
||||||
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
|
const currentAccessPolicies: ApItemViewType[] = [];
|
||||||
|
const selectedPolicyValues: ApItemValueType[] = [];
|
||||||
|
|
||||||
|
const result = await sut.showSecretAccessRemovalWarning(
|
||||||
|
org.id,
|
||||||
|
currentAccessPolicies,
|
||||||
|
selectedPolicyValues,
|
||||||
|
);
|
||||||
|
|
||||||
|
expect(result).toBe(false);
|
||||||
|
});
|
||||||
|
it("returns false when current user is admin", async () => {
|
||||||
|
const org = orgFactory();
|
||||||
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
|
const currentAccessPolicies: ApItemViewType[] = [
|
||||||
|
createApItemViewType(
|
||||||
|
{
|
||||||
|
id: "example",
|
||||||
|
permission: ApPermissionEnum.CanRead,
|
||||||
|
},
|
||||||
|
true,
|
||||||
|
),
|
||||||
|
];
|
||||||
|
const selectedPolicyValues: ApItemValueType[] = [];
|
||||||
|
|
||||||
|
const result = await sut.showSecretAccessRemovalWarning(
|
||||||
|
org.id,
|
||||||
|
currentAccessPolicies,
|
||||||
|
selectedPolicyValues,
|
||||||
|
);
|
||||||
|
|
||||||
|
expect(result).toBe(false);
|
||||||
|
});
|
||||||
|
it("returns false when current user is owner", async () => {
|
||||||
|
const org = orgFactory();
|
||||||
|
org.type = OrganizationUserType.Owner;
|
||||||
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
|
const currentAccessPolicies: ApItemViewType[] = [
|
||||||
|
createApItemViewType(
|
||||||
|
{
|
||||||
|
id: "example",
|
||||||
|
permission: ApPermissionEnum.CanRead,
|
||||||
|
},
|
||||||
|
true,
|
||||||
|
),
|
||||||
|
];
|
||||||
|
const selectedPolicyValues: ApItemValueType[] = [];
|
||||||
|
|
||||||
|
const result = await sut.showSecretAccessRemovalWarning(
|
||||||
|
org.id,
|
||||||
|
currentAccessPolicies,
|
||||||
|
selectedPolicyValues,
|
||||||
|
);
|
||||||
|
|
||||||
|
expect(result).toBe(false);
|
||||||
|
});
|
||||||
|
it("returns false when current non-admin user doesn't have Read, Write access with current access policies -- user policy", async () => {
|
||||||
|
const org = setupUserOrg();
|
||||||
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
|
const currentAccessPolicies: ApItemViewType[] = [
|
||||||
|
createApItemViewType(
|
||||||
|
{
|
||||||
|
id: "example",
|
||||||
|
permission: ApPermissionEnum.CanRead,
|
||||||
|
},
|
||||||
|
true,
|
||||||
|
),
|
||||||
|
];
|
||||||
|
const selectedPolicyValues: ApItemValueType[] = [];
|
||||||
|
|
||||||
|
const result = await sut.showSecretAccessRemovalWarning(
|
||||||
|
org.id,
|
||||||
|
currentAccessPolicies,
|
||||||
|
selectedPolicyValues,
|
||||||
|
);
|
||||||
|
|
||||||
|
expect(result).toBe(false);
|
||||||
|
});
|
||||||
|
it("returns false when current non-admin user doesn't have Read, Write access with current access policies -- group policy", async () => {
|
||||||
|
const org = setupUserOrg();
|
||||||
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
|
const currentAccessPolicies: ApItemViewType[] = [
|
||||||
|
createApItemViewType(
|
||||||
|
{
|
||||||
|
id: "example",
|
||||||
|
type: ApItemEnum.Group,
|
||||||
|
permission: ApPermissionEnum.CanRead,
|
||||||
|
},
|
||||||
|
false,
|
||||||
|
true,
|
||||||
|
),
|
||||||
|
];
|
||||||
|
const selectedPolicyValues: ApItemValueType[] = [];
|
||||||
|
|
||||||
|
const result = await sut.showSecretAccessRemovalWarning(
|
||||||
|
org.id,
|
||||||
|
currentAccessPolicies,
|
||||||
|
selectedPolicyValues,
|
||||||
|
);
|
||||||
|
|
||||||
|
expect(result).toBe(false);
|
||||||
|
});
|
||||||
|
it("returns true when current non-admin user has Read, Write access with current access policies and doesn't with selected -- user policy", async () => {
|
||||||
|
const org = setupUserOrg();
|
||||||
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
|
const currentAccessPolicies: ApItemViewType[] = [
|
||||||
|
createApItemViewType(
|
||||||
|
{
|
||||||
|
id: "example",
|
||||||
|
permission: ApPermissionEnum.CanReadWrite,
|
||||||
|
},
|
||||||
|
true,
|
||||||
|
),
|
||||||
|
];
|
||||||
|
const selectedPolicyValues: ApItemValueType[] = [
|
||||||
|
createApItemValueType({
|
||||||
|
type: ApItemEnum.User,
|
||||||
|
permission: ApPermissionEnum.CanRead,
|
||||||
|
currentUser: true,
|
||||||
|
}),
|
||||||
|
];
|
||||||
|
|
||||||
|
const result = await sut.showSecretAccessRemovalWarning(
|
||||||
|
org.id,
|
||||||
|
currentAccessPolicies,
|
||||||
|
selectedPolicyValues,
|
||||||
|
);
|
||||||
|
|
||||||
|
expect(result).toBe(true);
|
||||||
|
});
|
||||||
|
it("returns true when current non-admin user has Read, Write access with current access policies and doesn't with selected -- group policy", async () => {
|
||||||
|
const org = setupUserOrg();
|
||||||
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
|
const currentAccessPolicies: ApItemViewType[] = [
|
||||||
|
createApItemViewType(
|
||||||
|
{
|
||||||
|
id: "example",
|
||||||
|
type: ApItemEnum.Group,
|
||||||
|
permission: ApPermissionEnum.CanReadWrite,
|
||||||
|
},
|
||||||
|
false,
|
||||||
|
true,
|
||||||
|
),
|
||||||
|
];
|
||||||
|
const selectedPolicyValues: ApItemValueType[] = [
|
||||||
|
createApItemValueType(
|
||||||
|
{
|
||||||
|
type: ApItemEnum.Group,
|
||||||
|
permission: ApPermissionEnum.CanRead,
|
||||||
|
},
|
||||||
|
false,
|
||||||
|
true,
|
||||||
|
),
|
||||||
|
];
|
||||||
|
|
||||||
|
const result = await sut.showSecretAccessRemovalWarning(
|
||||||
|
org.id,
|
||||||
|
currentAccessPolicies,
|
||||||
|
selectedPolicyValues,
|
||||||
|
);
|
||||||
|
|
||||||
|
expect(result).toBe(true);
|
||||||
|
});
|
||||||
|
it("returns false when current non-admin user has Read, Write access with current access policies and does with selected -- user policy", async () => {
|
||||||
|
const org = setupUserOrg();
|
||||||
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
|
const currentAccessPolicies: ApItemViewType[] = [
|
||||||
|
createApItemViewType(
|
||||||
|
{
|
||||||
|
id: "example",
|
||||||
|
permission: ApPermissionEnum.CanReadWrite,
|
||||||
|
},
|
||||||
|
true,
|
||||||
|
),
|
||||||
|
];
|
||||||
|
const selectedPolicyValues: ApItemValueType[] = [
|
||||||
|
createApItemValueType(
|
||||||
|
{
|
||||||
|
type: ApItemEnum.User,
|
||||||
|
permission: ApPermissionEnum.CanReadWrite,
|
||||||
|
},
|
||||||
|
true,
|
||||||
|
),
|
||||||
|
];
|
||||||
|
|
||||||
|
const result = await sut.showSecretAccessRemovalWarning(
|
||||||
|
org.id,
|
||||||
|
currentAccessPolicies,
|
||||||
|
selectedPolicyValues,
|
||||||
|
);
|
||||||
|
|
||||||
|
expect(result).toBe(false);
|
||||||
|
});
|
||||||
|
it("returns false when current non-admin user has Read, Write access with current access policies and does with selected -- group policy", async () => {
|
||||||
|
const org = setupUserOrg();
|
||||||
|
organizationService.get.calledWith(org.id).mockResolvedValue(org);
|
||||||
|
|
||||||
|
const currentAccessPolicies: ApItemViewType[] = [
|
||||||
|
createApItemViewType(
|
||||||
|
{
|
||||||
|
id: "example",
|
||||||
|
type: ApItemEnum.Group,
|
||||||
|
permission: ApPermissionEnum.CanReadWrite,
|
||||||
|
},
|
||||||
|
false,
|
||||||
|
true,
|
||||||
|
),
|
||||||
|
];
|
||||||
|
const selectedPolicyValues: ApItemValueType[] = [
|
||||||
|
createApItemValueType(
|
||||||
|
{
|
||||||
|
type: ApItemEnum.Group,
|
||||||
|
permission: ApPermissionEnum.CanReadWrite,
|
||||||
|
},
|
||||||
|
false,
|
||||||
|
true,
|
||||||
|
),
|
||||||
|
];
|
||||||
|
|
||||||
|
const result = await sut.showSecretAccessRemovalWarning(
|
||||||
|
org.id,
|
||||||
|
currentAccessPolicies,
|
||||||
|
selectedPolicyValues,
|
||||||
|
);
|
||||||
|
|
||||||
|
expect(result).toBe(false);
|
||||||
|
});
|
||||||
|
});
|
||||||
describe("isAccessRemoval", () => {
|
describe("isAccessRemoval", () => {
|
||||||
it("returns false when there are no previous policies and no selected policies", async () => {
|
it("returns false when there are no previous policies and no selected policies", async () => {
|
||||||
const currentAccessPolicies: ApItemViewType[] = [];
|
const currentAccessPolicies: ApItemViewType[] = [];
|
||||||
@ -223,11 +491,13 @@ describe("AccessPolicySelectorService", () => {
|
|||||||
it("returns false when there are no previous policies", async () => {
|
it("returns false when there are no previous policies", async () => {
|
||||||
const currentAccessPolicies: ApItemViewType[] = [];
|
const currentAccessPolicies: ApItemViewType[] = [];
|
||||||
const selectedPolicyValues: ApItemValueType[] = [
|
const selectedPolicyValues: ApItemValueType[] = [
|
||||||
createApItemValueType({
|
createApItemValueType(
|
||||||
|
{
|
||||||
id: "example",
|
id: "example",
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUser: true,
|
},
|
||||||
}),
|
true,
|
||||||
|
),
|
||||||
];
|
];
|
||||||
|
|
||||||
const result = sut.isAccessRemoval(currentAccessPolicies, selectedPolicyValues);
|
const result = sut.isAccessRemoval(currentAccessPolicies, selectedPolicyValues);
|
||||||
@ -236,18 +506,22 @@ describe("AccessPolicySelectorService", () => {
|
|||||||
});
|
});
|
||||||
it("returns false when previous policies and selected policies are the same", async () => {
|
it("returns false when previous policies and selected policies are the same", async () => {
|
||||||
const currentAccessPolicies: ApItemViewType[] = [
|
const currentAccessPolicies: ApItemViewType[] = [
|
||||||
createApItemViewType({
|
createApItemViewType(
|
||||||
|
{
|
||||||
id: "example",
|
id: "example",
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUser: true,
|
},
|
||||||
}),
|
true,
|
||||||
|
),
|
||||||
];
|
];
|
||||||
const selectedPolicyValues: ApItemValueType[] = [
|
const selectedPolicyValues: ApItemValueType[] = [
|
||||||
createApItemValueType({
|
createApItemValueType(
|
||||||
|
{
|
||||||
id: "example",
|
id: "example",
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUser: true,
|
},
|
||||||
}),
|
true,
|
||||||
|
),
|
||||||
];
|
];
|
||||||
|
|
||||||
const result = sut.isAccessRemoval(currentAccessPolicies, selectedPolicyValues);
|
const result = sut.isAccessRemoval(currentAccessPolicies, selectedPolicyValues);
|
||||||
@ -256,23 +530,29 @@ describe("AccessPolicySelectorService", () => {
|
|||||||
});
|
});
|
||||||
it("returns false when previous policies are still selected", async () => {
|
it("returns false when previous policies are still selected", async () => {
|
||||||
const currentAccessPolicies: ApItemViewType[] = [
|
const currentAccessPolicies: ApItemViewType[] = [
|
||||||
createApItemViewType({
|
createApItemViewType(
|
||||||
|
{
|
||||||
id: "example",
|
id: "example",
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUser: true,
|
},
|
||||||
}),
|
true,
|
||||||
|
),
|
||||||
];
|
];
|
||||||
const selectedPolicyValues: ApItemValueType[] = [
|
const selectedPolicyValues: ApItemValueType[] = [
|
||||||
createApItemValueType({
|
createApItemValueType(
|
||||||
|
{
|
||||||
id: "example",
|
id: "example",
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUser: true,
|
},
|
||||||
}),
|
true,
|
||||||
createApItemValueType({
|
),
|
||||||
|
createApItemValueType(
|
||||||
|
{
|
||||||
id: "example-2",
|
id: "example-2",
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUser: true,
|
},
|
||||||
}),
|
true,
|
||||||
|
),
|
||||||
];
|
];
|
||||||
|
|
||||||
const result = sut.isAccessRemoval(currentAccessPolicies, selectedPolicyValues);
|
const result = sut.isAccessRemoval(currentAccessPolicies, selectedPolicyValues);
|
||||||
@ -281,23 +561,29 @@ describe("AccessPolicySelectorService", () => {
|
|||||||
});
|
});
|
||||||
it("returns true when previous policies are not selected", async () => {
|
it("returns true when previous policies are not selected", async () => {
|
||||||
const currentAccessPolicies: ApItemViewType[] = [
|
const currentAccessPolicies: ApItemViewType[] = [
|
||||||
createApItemViewType({
|
createApItemViewType(
|
||||||
|
{
|
||||||
id: "example",
|
id: "example",
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUser: true,
|
},
|
||||||
}),
|
true,
|
||||||
|
),
|
||||||
];
|
];
|
||||||
const selectedPolicyValues: ApItemValueType[] = [
|
const selectedPolicyValues: ApItemValueType[] = [
|
||||||
createApItemValueType({
|
createApItemValueType(
|
||||||
|
{
|
||||||
id: "test",
|
id: "test",
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUser: true,
|
},
|
||||||
}),
|
true,
|
||||||
createApItemValueType({
|
),
|
||||||
|
createApItemValueType(
|
||||||
|
{
|
||||||
id: "example-2",
|
id: "example-2",
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUser: true,
|
},
|
||||||
}),
|
true,
|
||||||
|
),
|
||||||
];
|
];
|
||||||
|
|
||||||
const result = sut.isAccessRemoval(currentAccessPolicies, selectedPolicyValues);
|
const result = sut.isAccessRemoval(currentAccessPolicies, selectedPolicyValues);
|
||||||
@ -306,10 +592,12 @@ describe("AccessPolicySelectorService", () => {
|
|||||||
});
|
});
|
||||||
it("returns true when there are previous policies and nothing was selected", async () => {
|
it("returns true when there are previous policies and nothing was selected", async () => {
|
||||||
const currentAccessPolicies: ApItemViewType[] = [
|
const currentAccessPolicies: ApItemViewType[] = [
|
||||||
createApItemViewType({
|
createApItemViewType(
|
||||||
|
{
|
||||||
permission: ApPermissionEnum.CanRead,
|
permission: ApPermissionEnum.CanRead,
|
||||||
currentUser: true,
|
},
|
||||||
}),
|
true,
|
||||||
|
),
|
||||||
];
|
];
|
||||||
const selectedPolicyValues: ApItemValueType[] = [];
|
const selectedPolicyValues: ApItemValueType[] = [];
|
||||||
|
|
||||||
@ -331,17 +619,31 @@ const orgFactory = (props: Partial<Organization> = {}) =>
|
|||||||
props,
|
props,
|
||||||
);
|
);
|
||||||
|
|
||||||
function createApItemValueType(options: Partial<ApItemValueType> = {}) {
|
function createApItemValueType(
|
||||||
return {
|
options: Partial<ApItemValueType> = {},
|
||||||
|
currentUser = false,
|
||||||
|
currentUserInGroup = false,
|
||||||
|
) {
|
||||||
|
const item: ApItemValueType = {
|
||||||
id: options?.id ?? "test",
|
id: options?.id ?? "test",
|
||||||
type: options?.type ?? ApItemEnum.User,
|
type: options?.type ?? ApItemEnum.User,
|
||||||
permission: options?.permission ?? ApPermissionEnum.CanRead,
|
permission: options?.permission ?? ApPermissionEnum.CanRead,
|
||||||
currentUserInGroup: options?.currentUserInGroup ?? false,
|
|
||||||
};
|
};
|
||||||
|
if (item.type === ApItemEnum.User) {
|
||||||
|
item.currentUser = currentUser;
|
||||||
|
}
|
||||||
|
if (item.type === ApItemEnum.Group) {
|
||||||
|
item.currentUserInGroup = currentUserInGroup;
|
||||||
|
}
|
||||||
|
return item;
|
||||||
}
|
}
|
||||||
|
|
||||||
function createApItemViewType(options: Partial<ApItemViewType> = {}) {
|
function createApItemViewType(
|
||||||
return {
|
options: Partial<ApItemViewType> = {},
|
||||||
|
currentUser = false,
|
||||||
|
currentUserInGroup = false,
|
||||||
|
) {
|
||||||
|
const item: ApItemViewType = {
|
||||||
id: options?.id ?? "test",
|
id: options?.id ?? "test",
|
||||||
listName: options?.listName ?? "test",
|
listName: options?.listName ?? "test",
|
||||||
labelName: options?.labelName ?? "test",
|
labelName: options?.labelName ?? "test",
|
||||||
@ -349,6 +651,13 @@ function createApItemViewType(options: Partial<ApItemViewType> = {}) {
|
|||||||
permission: options?.permission ?? ApPermissionEnum.CanRead,
|
permission: options?.permission ?? ApPermissionEnum.CanRead,
|
||||||
readOnly: options?.readOnly ?? false,
|
readOnly: options?.readOnly ?? false,
|
||||||
};
|
};
|
||||||
|
if (item.type === ApItemEnum.User) {
|
||||||
|
item.currentUser = currentUser;
|
||||||
|
}
|
||||||
|
if (item.type === ApItemEnum.Group) {
|
||||||
|
item.currentUserInGroup = currentUserInGroup;
|
||||||
|
}
|
||||||
|
return item;
|
||||||
}
|
}
|
||||||
|
|
||||||
function setupUserOrg() {
|
function setupUserOrg() {
|
||||||
|
@ -22,26 +22,29 @@ export class AccessPolicySelectorService {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
const selectedUserReadWritePolicy = selectedPoliciesValues.find(
|
if (!this.userHasReadWriteAccess(selectedPoliciesValues)) {
|
||||||
(s) =>
|
|
||||||
s.type === ApItemEnum.User &&
|
|
||||||
s.currentUser &&
|
|
||||||
s.permission === ApPermissionEnum.CanReadWrite,
|
|
||||||
);
|
|
||||||
|
|
||||||
const selectedGroupReadWritePolicies = selectedPoliciesValues.filter(
|
|
||||||
(s) =>
|
|
||||||
s.type === ApItemEnum.Group &&
|
|
||||||
s.permission == ApPermissionEnum.CanReadWrite &&
|
|
||||||
s.currentUserInGroup,
|
|
||||||
);
|
|
||||||
|
|
||||||
if (selectedGroupReadWritePolicies == null || selectedGroupReadWritePolicies.length == 0) {
|
|
||||||
if (selectedUserReadWritePolicy == null) {
|
|
||||||
return true;
|
return true;
|
||||||
} else {
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async showSecretAccessRemovalWarning(
|
||||||
|
organizationId: string,
|
||||||
|
current: ApItemViewType[],
|
||||||
|
selectedPoliciesValues: ApItemValueType[],
|
||||||
|
): Promise<boolean> {
|
||||||
|
if (current.length === 0) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
const organization = await this.organizationService.get(organizationId);
|
||||||
|
if (organization.isOwner || organization.isAdmin || !this.userHasReadWriteAccess(current)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!this.userHasReadWriteAccess(selectedPoliciesValues)) {
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
@ -67,4 +70,25 @@ export class AccessPolicySelectorService {
|
|||||||
const selectedIds = selected.map((x) => x.id);
|
const selectedIds = selected.map((x) => x.id);
|
||||||
return !currentIds.every((id) => selectedIds.includes(id));
|
return !currentIds.every((id) => selectedIds.includes(id));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private userHasReadWriteAccess(policies: ApItemValueType[] | ApItemViewType[]): boolean {
|
||||||
|
const userReadWritePolicy = (policies as Array<ApItemValueType | ApItemViewType>).find(
|
||||||
|
(s) =>
|
||||||
|
s.type === ApItemEnum.User &&
|
||||||
|
s.currentUser &&
|
||||||
|
s.permission === ApPermissionEnum.CanReadWrite,
|
||||||
|
);
|
||||||
|
|
||||||
|
const groupReadWritePolicies = (policies as Array<ApItemValueType | ApItemViewType>).filter(
|
||||||
|
(s) =>
|
||||||
|
s.type === ApItemEnum.Group &&
|
||||||
|
s.permission === ApPermissionEnum.CanReadWrite &&
|
||||||
|
s.currentUserInGroup,
|
||||||
|
);
|
||||||
|
|
||||||
|
if (groupReadWritePolicies.length > 0 || userReadWritePolicy !== undefined) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -27,6 +27,7 @@ import { ServiceAccountGrantedPoliciesRequest } from "../access-policies/models/
|
|||||||
|
|
||||||
import { AccessPolicyRequest } from "./models/requests/access-policy.request";
|
import { AccessPolicyRequest } from "./models/requests/access-policy.request";
|
||||||
import { ProjectServiceAccountsAccessPoliciesRequest } from "./models/requests/project-service-accounts-access-policies.request";
|
import { ProjectServiceAccountsAccessPoliciesRequest } from "./models/requests/project-service-accounts-access-policies.request";
|
||||||
|
import { SecretAccessPoliciesRequest } from "./models/requests/secret-access-policies.request";
|
||||||
import {
|
import {
|
||||||
GroupAccessPolicyResponse,
|
GroupAccessPolicyResponse,
|
||||||
UserAccessPolicyResponse,
|
UserAccessPolicyResponse,
|
||||||
@ -233,6 +234,20 @@ export class AccessPolicyService {
|
|||||||
return await this.createPotentialGranteeViews(organizationId, results.data);
|
return await this.createPotentialGranteeViews(organizationId, results.data);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
getSecretAccessPoliciesRequest(view: SecretAccessPoliciesView): SecretAccessPoliciesRequest {
|
||||||
|
return {
|
||||||
|
userAccessPolicyRequests: view.userAccessPolicies.map((ap) => {
|
||||||
|
return this.getAccessPolicyRequest(ap.organizationUserId, ap);
|
||||||
|
}),
|
||||||
|
groupAccessPolicyRequests: view.groupAccessPolicies.map((ap) => {
|
||||||
|
return this.getAccessPolicyRequest(ap.groupId, ap);
|
||||||
|
}),
|
||||||
|
serviceAccountAccessPolicyRequests: view.serviceAccountAccessPolicies.map((ap) => {
|
||||||
|
return this.getAccessPolicyRequest(ap.serviceAccountId, ap);
|
||||||
|
}),
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
private async getOrganizationKey(organizationId: string): Promise<SymmetricCryptoKey> {
|
private async getOrganizationKey(organizationId: string): Promise<SymmetricCryptoKey> {
|
||||||
return await this.cryptoService.getOrgKey(organizationId);
|
return await this.cryptoService.getOrgKey(organizationId);
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,7 @@
|
|||||||
|
import { AccessPolicyRequest } from "./access-policy.request";
|
||||||
|
|
||||||
|
export class SecretAccessPoliciesRequest {
|
||||||
|
userAccessPolicyRequests: AccessPolicyRequest[];
|
||||||
|
groupAccessPolicyRequests: AccessPolicyRequest[];
|
||||||
|
serviceAccountAccessPolicyRequests: AccessPolicyRequest[];
|
||||||
|
}
|
@ -14,7 +14,9 @@
|
|||||||
"@bitwarden/components": ["../../libs/components/src"],
|
"@bitwarden/components": ["../../libs/components/src"],
|
||||||
"@bitwarden/generator-components": ["../../libs/tools/generator/components/src"],
|
"@bitwarden/generator-components": ["../../libs/tools/generator/components/src"],
|
||||||
"@bitwarden/generator-core": ["../../libs/tools/generator/core/src"],
|
"@bitwarden/generator-core": ["../../libs/tools/generator/core/src"],
|
||||||
"@bitwarden/generator-extensions": ["../../libs/tools/generator/extensions/src"],
|
"@bitwarden/generator-history": ["../../libs/tools/generator/extensions/history/src"],
|
||||||
|
"@bitwarden/generator-legacy": ["../../libs/tools/generator/extensions/legacy/src"],
|
||||||
|
"@bitwarden/generator-navigation": ["../../libs/tools/generator/extensions/navigation/src"],
|
||||||
"@bitwarden/vault-export-core": [
|
"@bitwarden/vault-export-core": [
|
||||||
"../../libs/tools/export/vault-export/vault-export-core/src"
|
"../../libs/tools/export/vault-export/vault-export-core/src"
|
||||||
],
|
],
|
||||||
|
@ -32,6 +32,9 @@ module.exports = {
|
|||||||
"<rootDir>/libs/components/jest.config.js",
|
"<rootDir>/libs/components/jest.config.js",
|
||||||
"<rootDir>/libs/tools/export/vault-export/vault-export-core/jest.config.js",
|
"<rootDir>/libs/tools/export/vault-export/vault-export-core/jest.config.js",
|
||||||
"<rootDir>/libs/tools/generator/core/jest.config.js",
|
"<rootDir>/libs/tools/generator/core/jest.config.js",
|
||||||
|
"<rootDir>/libs/tools/generator/extensions/history/jest.config.js",
|
||||||
|
"<rootDir>/libs/tools/generator/extensions/legacy/jest.config.js",
|
||||||
|
"<rootDir>/libs/tools/generator/extensions/navigation/jest.config.js",
|
||||||
"<rootDir>/libs/importer/jest.config.js",
|
"<rootDir>/libs/importer/jest.config.js",
|
||||||
"<rootDir>/libs/platform/jest.config.js",
|
"<rootDir>/libs/platform/jest.config.js",
|
||||||
"<rootDir>/libs/node/jest.config.js",
|
"<rootDir>/libs/node/jest.config.js",
|
||||||
|
@ -41,7 +41,7 @@ export class RemovePasswordComponent implements OnInit {
|
|||||||
this.loading = false;
|
this.loading = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
async convert() {
|
convert = async () => {
|
||||||
this.continuing = true;
|
this.continuing = true;
|
||||||
this.actionPromise = this.keyConnectorService.migrateUser();
|
this.actionPromise = this.keyConnectorService.migrateUser();
|
||||||
|
|
||||||
@ -59,9 +59,9 @@ export class RemovePasswordComponent implements OnInit {
|
|||||||
} catch (e) {
|
} catch (e) {
|
||||||
this.platformUtilsService.showToast("error", this.i18nService.t("errorOccurred"), e.message);
|
this.platformUtilsService.showToast("error", this.i18nService.t("errorOccurred"), e.message);
|
||||||
}
|
}
|
||||||
}
|
};
|
||||||
|
|
||||||
async leave() {
|
leave = async () => {
|
||||||
const confirmed = await this.dialogService.openSimpleDialog({
|
const confirmed = await this.dialogService.openSimpleDialog({
|
||||||
title: this.organization.name,
|
title: this.organization.name,
|
||||||
content: { key: "leaveOrganizationConfirmation" },
|
content: { key: "leaveOrganizationConfirmation" },
|
||||||
@ -84,5 +84,5 @@ export class RemovePasswordComponent implements OnInit {
|
|||||||
} catch (e) {
|
} catch (e) {
|
||||||
this.platformUtilsService.showToast("error", this.i18nService.t("errorOccurred"), e);
|
this.platformUtilsService.showToast("error", this.i18nService.t("errorOccurred"), e);
|
||||||
}
|
}
|
||||||
}
|
};
|
||||||
}
|
}
|
||||||
|
@ -3,3 +3,4 @@ export * from "./login-email.service";
|
|||||||
export * from "./login-strategy.service";
|
export * from "./login-strategy.service";
|
||||||
export * from "./user-decryption-options.service.abstraction";
|
export * from "./user-decryption-options.service.abstraction";
|
||||||
export * from "./auth-request.service.abstraction";
|
export * from "./auth-request.service.abstraction";
|
||||||
|
export * from "./user-key-rotation-data-provider.abstraction";
|
||||||
|
@ -0,0 +1,23 @@
|
|||||||
|
import { UserId } from "@bitwarden/common/types/guid";
|
||||||
|
import { UserKey } from "@bitwarden/common/types/key";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Constructs key rotation requests for data encryption by the user key.
|
||||||
|
* @typeparam TRequest A request model that contains re-encrypted data, must have an id property
|
||||||
|
*/
|
||||||
|
export interface UserKeyRotationDataProvider<
|
||||||
|
TRequest extends { id: string } | { organizationId: string },
|
||||||
|
> {
|
||||||
|
/**
|
||||||
|
* Provides re-encrypted data for the user key rotation process
|
||||||
|
* @param originalUserKey The original user key, useful for decrypting data
|
||||||
|
* @param newUserKey The new user key to use for re-encryption
|
||||||
|
* @param userId The owner of the data, useful for fetching data
|
||||||
|
* @returns A list of data that has been re-encrypted with the new user key
|
||||||
|
*/
|
||||||
|
getRotatedData(
|
||||||
|
originalUserKey: UserKey,
|
||||||
|
newUserKey: UserKey,
|
||||||
|
userId: UserId,
|
||||||
|
): Promise<TRequest[]>;
|
||||||
|
}
|
@ -269,6 +269,15 @@ export abstract class CryptoService {
|
|||||||
*/
|
*/
|
||||||
abstract userPrivateKey$(userId: UserId): Observable<UserPrivateKey>;
|
abstract userPrivateKey$(userId: UserId): Observable<UserPrivateKey>;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets an observable stream of the given users decrypted private key with legacy support,
|
||||||
|
* will emit null if the user doesn't have a UserKey to decrypt the encrypted private key
|
||||||
|
* or null if the user doesn't have an encrypted private key at all.
|
||||||
|
*
|
||||||
|
* @param userId The user id of the user to get the data for.
|
||||||
|
*/
|
||||||
|
abstract userPrivateKeyWithLegacySupport$(userId: UserId): Observable<UserPrivateKey>;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Generates a fingerprint phrase for the user based on their public key
|
* Generates a fingerprint phrase for the user based on their public key
|
||||||
* @param fingerprintMaterial Fingerprint material
|
* @param fingerprintMaterial Fingerprint material
|
||||||
|
@ -929,6 +929,10 @@ export class CryptoService implements CryptoServiceAbstraction {
|
|||||||
return this.userPrivateKeyHelper$(userId, false).pipe(map((keys) => keys?.userPrivateKey));
|
return this.userPrivateKeyHelper$(userId, false).pipe(map((keys) => keys?.userPrivateKey));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
userPrivateKeyWithLegacySupport$(userId: UserId): Observable<UserPrivateKey> {
|
||||||
|
return this.userPrivateKeyHelper$(userId, true).pipe(map((keys) => keys?.userPrivateKey));
|
||||||
|
}
|
||||||
|
|
||||||
private userPrivateKeyHelper$(userId: UserId, legacySupport: boolean) {
|
private userPrivateKeyHelper$(userId: UserId, legacySupport: boolean) {
|
||||||
const userKey$ = legacySupport ? this.userKeyWithLegacySupport$(userId) : this.userKey$(userId);
|
const userKey$ = legacySupport ? this.userKeyWithLegacySupport$(userId) : this.userKey$(userId);
|
||||||
return userKey$.pipe(
|
return userKey$.pipe(
|
||||||
@ -1010,7 +1014,7 @@ export class CryptoService implements CryptoServiceAbstraction {
|
|||||||
}
|
}
|
||||||
|
|
||||||
orgKeys$(userId: UserId) {
|
orgKeys$(userId: UserId) {
|
||||||
return this.cipherDecryptionKeys$(userId).pipe(map((keys) => keys?.orgKeys));
|
return this.cipherDecryptionKeys$(userId, true).pipe(map((keys) => keys?.orgKeys));
|
||||||
}
|
}
|
||||||
|
|
||||||
cipherDecryptionKeys$(
|
cipherDecryptionKeys$(
|
||||||
|
@ -1,14 +1,17 @@
|
|||||||
import { Observable } from "rxjs";
|
import { Observable } from "rxjs";
|
||||||
|
|
||||||
|
import { UserKeyRotationDataProvider } from "@bitwarden/auth/common";
|
||||||
|
|
||||||
import { EncArrayBuffer } from "../../../platform/models/domain/enc-array-buffer";
|
import { EncArrayBuffer } from "../../../platform/models/domain/enc-array-buffer";
|
||||||
import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
|
import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
|
||||||
|
import { UserId } from "../../../types/guid";
|
||||||
import { UserKey } from "../../../types/key";
|
import { UserKey } from "../../../types/key";
|
||||||
import { SendData } from "../models/data/send.data";
|
import { SendData } from "../models/data/send.data";
|
||||||
import { Send } from "../models/domain/send";
|
import { Send } from "../models/domain/send";
|
||||||
import { SendWithIdRequest } from "../models/request/send-with-id.request";
|
import { SendWithIdRequest } from "../models/request/send-with-id.request";
|
||||||
import { SendView } from "../models/view/send.view";
|
import { SendView } from "../models/view/send.view";
|
||||||
|
|
||||||
export abstract class SendService {
|
export abstract class SendService implements UserKeyRotationDataProvider<SendWithIdRequest> {
|
||||||
sends$: Observable<Send[]>;
|
sends$: Observable<Send[]>;
|
||||||
sendViews$: Observable<SendView[]>;
|
sendViews$: Observable<SendView[]>;
|
||||||
|
|
||||||
@ -31,7 +34,11 @@ export abstract class SendService {
|
|||||||
* @throws Error if the new user key is null or undefined
|
* @throws Error if the new user key is null or undefined
|
||||||
* @returns A list of user sends that have been re-encrypted with the new user key
|
* @returns A list of user sends that have been re-encrypted with the new user key
|
||||||
*/
|
*/
|
||||||
getRotatedKeys: (newUserKey: UserKey) => Promise<SendWithIdRequest[]>;
|
getRotatedData: (
|
||||||
|
originalUserKey: UserKey,
|
||||||
|
newUserKey: UserKey,
|
||||||
|
userId: UserId,
|
||||||
|
) => Promise<SendWithIdRequest[]>;
|
||||||
/**
|
/**
|
||||||
* @deprecated Do not call this, use the sends$ observable collection
|
* @deprecated Do not call this, use the sends$ observable collection
|
||||||
*/
|
*/
|
||||||
|
@ -400,8 +400,11 @@ describe("SendService", () => {
|
|||||||
expect(sends[0]).toMatchObject(testSendViewData("1", "Test Send"));
|
expect(sends[0]).toMatchObject(testSendViewData("1", "Test Send"));
|
||||||
});
|
});
|
||||||
|
|
||||||
describe("getRotatedKeys", () => {
|
describe("getRotatedData", () => {
|
||||||
|
const originalUserKey = new SymmetricCryptoKey(new Uint8Array(32)) as UserKey;
|
||||||
|
const newUserKey = new SymmetricCryptoKey(new Uint8Array(32)) as UserKey;
|
||||||
let encryptedKey: EncString;
|
let encryptedKey: EncString;
|
||||||
|
|
||||||
beforeEach(() => {
|
beforeEach(() => {
|
||||||
encryptService.decryptToBytes.mockResolvedValue(new Uint8Array(32));
|
encryptService.decryptToBytes.mockResolvedValue(new Uint8Array(32));
|
||||||
encryptedKey = new EncString("Re-encrypted Send Key");
|
encryptedKey = new EncString("Re-encrypted Send Key");
|
||||||
@ -409,27 +412,30 @@ describe("SendService", () => {
|
|||||||
});
|
});
|
||||||
|
|
||||||
it("returns re-encrypted user sends", async () => {
|
it("returns re-encrypted user sends", async () => {
|
||||||
const newUserKey = new SymmetricCryptoKey(new Uint8Array(32)) as UserKey;
|
const result = await sendService.getRotatedData(originalUserKey, newUserKey, mockUserId);
|
||||||
const result = await sendService.getRotatedKeys(newUserKey);
|
|
||||||
|
|
||||||
expect(result).toMatchObject([{ id: "1", key: "Re-encrypted Send Key" }]);
|
expect(result).toMatchObject([{ id: "1", key: "Re-encrypted Send Key" }]);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("returns null if there are no sends", async () => {
|
it("returns empty array if there are no sends", async () => {
|
||||||
// FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
|
await sendService.replace(null);
|
||||||
// eslint-disable-next-line @typescript-eslint/no-floating-promises
|
|
||||||
sendService.replace(null);
|
|
||||||
|
|
||||||
await awaitAsync();
|
await awaitAsync();
|
||||||
|
|
||||||
const newUserKey = new SymmetricCryptoKey(new Uint8Array(32)) as UserKey;
|
const newUserKey = new SymmetricCryptoKey(new Uint8Array(32)) as UserKey;
|
||||||
const result = await sendService.getRotatedKeys(newUserKey);
|
const result = await sendService.getRotatedData(originalUserKey, newUserKey, mockUserId);
|
||||||
|
|
||||||
expect(result).toEqual([]);
|
expect(result).toEqual([]);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it("throws if the original user key is null", async () => {
|
||||||
|
await expect(sendService.getRotatedData(null, newUserKey, mockUserId)).rejects.toThrow(
|
||||||
|
"Original user key is required for rotation.",
|
||||||
|
);
|
||||||
|
});
|
||||||
|
|
||||||
it("throws if the new user key is null", async () => {
|
it("throws if the new user key is null", async () => {
|
||||||
await expect(sendService.getRotatedKeys(null)).rejects.toThrowError(
|
await expect(sendService.getRotatedData(originalUserKey, null, mockUserId)).rejects.toThrow(
|
||||||
"New user key is required for rotation.",
|
"New user key is required for rotation.",
|
||||||
);
|
);
|
||||||
});
|
});
|
||||||
|
@ -9,6 +9,7 @@ import { Utils } from "../../../platform/misc/utils";
|
|||||||
import { EncArrayBuffer } from "../../../platform/models/domain/enc-array-buffer";
|
import { EncArrayBuffer } from "../../../platform/models/domain/enc-array-buffer";
|
||||||
import { EncString } from "../../../platform/models/domain/enc-string";
|
import { EncString } from "../../../platform/models/domain/enc-string";
|
||||||
import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
|
import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
|
||||||
|
import { UserId } from "../../../types/guid";
|
||||||
import { UserKey } from "../../../types/key";
|
import { UserKey } from "../../../types/key";
|
||||||
import { SendType } from "../enums/send-type";
|
import { SendType } from "../enums/send-type";
|
||||||
import { SendData } from "../models/data/send.data";
|
import { SendData } from "../models/data/send.data";
|
||||||
@ -258,12 +259,17 @@ export class SendService implements InternalSendServiceAbstraction {
|
|||||||
await this.stateProvider.setEncryptedSends(sends);
|
await this.stateProvider.setEncryptedSends(sends);
|
||||||
}
|
}
|
||||||
|
|
||||||
async getRotatedKeys(newUserKey: UserKey): Promise<SendWithIdRequest[]> {
|
async getRotatedData(
|
||||||
|
originalUserKey: UserKey,
|
||||||
|
newUserKey: UserKey,
|
||||||
|
userId: UserId,
|
||||||
|
): Promise<SendWithIdRequest[]> {
|
||||||
if (newUserKey == null) {
|
if (newUserKey == null) {
|
||||||
throw new Error("New user key is required for rotation.");
|
throw new Error("New user key is required for rotation.");
|
||||||
}
|
}
|
||||||
|
if (originalUserKey == null) {
|
||||||
const originalUserKey = await this.cryptoService.getUserKey();
|
throw new Error("Original user key is required for rotation.");
|
||||||
|
}
|
||||||
|
|
||||||
const req = await firstValueFrom(
|
const req = await firstValueFrom(
|
||||||
this.sends$.pipe(
|
this.sends$.pipe(
|
||||||
|
@ -1,19 +1,22 @@
|
|||||||
import { Observable } from "rxjs";
|
import { Observable } from "rxjs";
|
||||||
|
|
||||||
|
import { UserKeyRotationDataProvider } from "@bitwarden/auth/common";
|
||||||
import { LocalData } from "@bitwarden/common/vault/models/data/local.data";
|
import { LocalData } from "@bitwarden/common/vault/models/data/local.data";
|
||||||
|
|
||||||
import { UriMatchStrategySetting } from "../../models/domain/domain-service";
|
import { UriMatchStrategySetting } from "../../models/domain/domain-service";
|
||||||
import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
|
import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
|
||||||
import { CipherId, CollectionId, OrganizationId } from "../../types/guid";
|
import { CipherId, CollectionId, OrganizationId, UserId } from "../../types/guid";
|
||||||
|
import { UserKey } from "../../types/key";
|
||||||
import { CipherType } from "../enums/cipher-type";
|
import { CipherType } from "../enums/cipher-type";
|
||||||
import { CipherData } from "../models/data/cipher.data";
|
import { CipherData } from "../models/data/cipher.data";
|
||||||
import { Cipher } from "../models/domain/cipher";
|
import { Cipher } from "../models/domain/cipher";
|
||||||
import { Field } from "../models/domain/field";
|
import { Field } from "../models/domain/field";
|
||||||
|
import { CipherWithIdRequest } from "../models/request/cipher-with-id.request";
|
||||||
import { CipherView } from "../models/view/cipher.view";
|
import { CipherView } from "../models/view/cipher.view";
|
||||||
import { FieldView } from "../models/view/field.view";
|
import { FieldView } from "../models/view/field.view";
|
||||||
import { AddEditCipherInfo } from "../types/add-edit-cipher-info";
|
import { AddEditCipherInfo } from "../types/add-edit-cipher-info";
|
||||||
|
|
||||||
export abstract class CipherService {
|
export abstract class CipherService implements UserKeyRotationDataProvider<CipherWithIdRequest> {
|
||||||
cipherViews$: Observable<Record<CipherId, CipherView>>;
|
cipherViews$: Observable<Record<CipherId, CipherView>>;
|
||||||
ciphers$: Observable<Record<CipherId, CipherData>>;
|
ciphers$: Observable<Record<CipherId, CipherData>>;
|
||||||
localData$: Observable<Record<CipherId, LocalData>>;
|
localData$: Observable<Record<CipherId, LocalData>>;
|
||||||
@ -146,4 +149,17 @@ export abstract class CipherService {
|
|||||||
restoreManyWithServer: (ids: string[], orgId?: string) => Promise<void>;
|
restoreManyWithServer: (ids: string[], orgId?: string) => Promise<void>;
|
||||||
getKeyForCipherKeyDecryption: (cipher: Cipher) => Promise<any>;
|
getKeyForCipherKeyDecryption: (cipher: Cipher) => Promise<any>;
|
||||||
setAddEditCipherInfo: (value: AddEditCipherInfo) => Promise<void>;
|
setAddEditCipherInfo: (value: AddEditCipherInfo) => Promise<void>;
|
||||||
|
/**
|
||||||
|
* Returns user ciphers re-encrypted with the new user key.
|
||||||
|
* @param originalUserKey the original user key
|
||||||
|
* @param newUserKey the new user key
|
||||||
|
* @param userId the user id
|
||||||
|
* @throws Error if new user key is null
|
||||||
|
* @returns a list of user ciphers that have been re-encrypted with the new user key
|
||||||
|
*/
|
||||||
|
getRotatedData: (
|
||||||
|
originalUserKey: UserKey,
|
||||||
|
newUserKey: UserKey,
|
||||||
|
userId: UserId,
|
||||||
|
) => Promise<CipherWithIdRequest[]>;
|
||||||
}
|
}
|
||||||
|
@ -1,11 +1,16 @@
|
|||||||
import { Observable } from "rxjs";
|
import { Observable } from "rxjs";
|
||||||
|
|
||||||
|
import { UserKeyRotationDataProvider } from "@bitwarden/auth/common";
|
||||||
|
|
||||||
import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
|
import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
|
||||||
|
import { UserId } from "../../../types/guid";
|
||||||
|
import { UserKey } from "../../../types/key";
|
||||||
import { FolderData } from "../../models/data/folder.data";
|
import { FolderData } from "../../models/data/folder.data";
|
||||||
import { Folder } from "../../models/domain/folder";
|
import { Folder } from "../../models/domain/folder";
|
||||||
|
import { FolderWithIdRequest } from "../../models/request/folder-with-id.request";
|
||||||
import { FolderView } from "../../models/view/folder.view";
|
import { FolderView } from "../../models/view/folder.view";
|
||||||
|
|
||||||
export abstract class FolderService {
|
export abstract class FolderService implements UserKeyRotationDataProvider<FolderWithIdRequest> {
|
||||||
folders$: Observable<Folder[]>;
|
folders$: Observable<Folder[]>;
|
||||||
folderViews$: Observable<FolderView[]>;
|
folderViews$: Observable<FolderView[]>;
|
||||||
|
|
||||||
@ -22,6 +27,19 @@ export abstract class FolderService {
|
|||||||
*/
|
*/
|
||||||
getAllDecryptedFromState: () => Promise<FolderView[]>;
|
getAllDecryptedFromState: () => Promise<FolderView[]>;
|
||||||
decryptFolders: (folders: Folder[]) => Promise<FolderView[]>;
|
decryptFolders: (folders: Folder[]) => Promise<FolderView[]>;
|
||||||
|
/**
|
||||||
|
* Returns user folders re-encrypted with the new user key.
|
||||||
|
* @param originalUserKey the original user key
|
||||||
|
* @param newUserKey the new user key
|
||||||
|
* @param userId the user id
|
||||||
|
* @throws Error if new user key is null
|
||||||
|
* @returns a list of user folders that have been re-encrypted with the new user key
|
||||||
|
*/
|
||||||
|
getRotatedData: (
|
||||||
|
originalUserKey: UserKey,
|
||||||
|
newUserKey: UserKey,
|
||||||
|
userId: UserId,
|
||||||
|
) => Promise<FolderWithIdRequest[]>;
|
||||||
}
|
}
|
||||||
|
|
||||||
export abstract class InternalFolderService extends FolderService {
|
export abstract class InternalFolderService extends FolderService {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
import { mock } from "jest-mock-extended";
|
import { mock } from "jest-mock-extended";
|
||||||
import { of } from "rxjs";
|
import { BehaviorSubject, of } from "rxjs";
|
||||||
|
|
||||||
import { FakeAccountService, mockAccountServiceWith } from "../../../spec/fake-account-service";
|
import { FakeAccountService, mockAccountServiceWith } from "../../../spec/fake-account-service";
|
||||||
import { FakeStateProvider } from "../../../spec/fake-state-provider";
|
import { FakeStateProvider } from "../../../spec/fake-state-provider";
|
||||||
@ -10,7 +10,7 @@ import { AutofillSettingsService } from "../../autofill/services/autofill-settin
|
|||||||
import { DomainSettingsService } from "../../autofill/services/domain-settings.service";
|
import { DomainSettingsService } from "../../autofill/services/domain-settings.service";
|
||||||
import { UriMatchStrategy } from "../../models/domain/domain-service";
|
import { UriMatchStrategy } from "../../models/domain/domain-service";
|
||||||
import { ConfigService } from "../../platform/abstractions/config/config.service";
|
import { ConfigService } from "../../platform/abstractions/config/config.service";
|
||||||
import { CryptoService } from "../../platform/abstractions/crypto.service";
|
import { CipherDecryptionKeys, CryptoService } from "../../platform/abstractions/crypto.service";
|
||||||
import { EncryptService } from "../../platform/abstractions/encrypt.service";
|
import { EncryptService } from "../../platform/abstractions/encrypt.service";
|
||||||
import { I18nService } from "../../platform/abstractions/i18n.service";
|
import { I18nService } from "../../platform/abstractions/i18n.service";
|
||||||
import { StateService } from "../../platform/abstractions/state.service";
|
import { StateService } from "../../platform/abstractions/state.service";
|
||||||
@ -19,8 +19,8 @@ import { EncArrayBuffer } from "../../platform/models/domain/enc-array-buffer";
|
|||||||
import { EncString } from "../../platform/models/domain/enc-string";
|
import { EncString } from "../../platform/models/domain/enc-string";
|
||||||
import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
|
import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key";
|
||||||
import { ContainerService } from "../../platform/services/container.service";
|
import { ContainerService } from "../../platform/services/container.service";
|
||||||
import { UserId } from "../../types/guid";
|
import { CipherId, UserId } from "../../types/guid";
|
||||||
import { CipherKey, OrgKey } from "../../types/key";
|
import { CipherKey, OrgKey, UserKey } from "../../types/key";
|
||||||
import { CipherFileUploadService } from "../abstractions/file-upload/cipher-file-upload.service";
|
import { CipherFileUploadService } from "../abstractions/file-upload/cipher-file-upload.service";
|
||||||
import { FieldType } from "../enums";
|
import { FieldType } from "../enums";
|
||||||
import { CipherRepromptType } from "../enums/cipher-reprompt-type";
|
import { CipherRepromptType } from "../enums/cipher-reprompt-type";
|
||||||
@ -331,6 +331,64 @@ describe("Cipher Service", () => {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
describe("getRotatedData", () => {
|
||||||
|
const originalUserKey = new SymmetricCryptoKey(new Uint8Array(32)) as UserKey;
|
||||||
|
const newUserKey = new SymmetricCryptoKey(new Uint8Array(32)) as UserKey;
|
||||||
|
let decryptedCiphers: BehaviorSubject<Record<CipherId, CipherView>>;
|
||||||
|
let encryptedKey: EncString;
|
||||||
|
|
||||||
|
beforeEach(() => {
|
||||||
|
setEncryptionKeyFlag(true);
|
||||||
|
configService.checkServerMeetsVersionRequirement$.mockReturnValue(of(true));
|
||||||
|
|
||||||
|
searchService.indexedEntityId$ = of(null);
|
||||||
|
stateService.getUserId.mockResolvedValue(mockUserId);
|
||||||
|
|
||||||
|
const keys = {
|
||||||
|
userKey: originalUserKey,
|
||||||
|
} as CipherDecryptionKeys;
|
||||||
|
cryptoService.cipherDecryptionKeys$.mockReturnValue(of(keys));
|
||||||
|
|
||||||
|
const cipher1 = new CipherView(cipherObj);
|
||||||
|
cipher1.id = "Cipher 1";
|
||||||
|
const cipher2 = new CipherView(cipherObj);
|
||||||
|
cipher2.id = "Cipher 2";
|
||||||
|
|
||||||
|
decryptedCiphers = new BehaviorSubject({
|
||||||
|
Cipher1: cipher1,
|
||||||
|
Cipher2: cipher2,
|
||||||
|
});
|
||||||
|
cipherService.cipherViews$ = decryptedCiphers;
|
||||||
|
|
||||||
|
encryptService.decryptToBytes.mockResolvedValue(new Uint8Array(32));
|
||||||
|
encryptedKey = new EncString("Re-encrypted Cipher Key");
|
||||||
|
encryptService.encrypt.mockResolvedValue(encryptedKey);
|
||||||
|
|
||||||
|
cryptoService.makeCipherKey.mockResolvedValue(
|
||||||
|
new SymmetricCryptoKey(new Uint8Array(32)) as CipherKey,
|
||||||
|
);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("returns re-encrypted user ciphers", async () => {
|
||||||
|
const result = await cipherService.getRotatedData(originalUserKey, newUserKey, mockUserId);
|
||||||
|
|
||||||
|
expect(result[0]).toMatchObject({ id: "Cipher 1", key: "Re-encrypted Cipher Key" });
|
||||||
|
expect(result[1]).toMatchObject({ id: "Cipher 2", key: "Re-encrypted Cipher Key" });
|
||||||
|
});
|
||||||
|
|
||||||
|
it("throws if the original user key is null", async () => {
|
||||||
|
await expect(cipherService.getRotatedData(null, newUserKey, mockUserId)).rejects.toThrow(
|
||||||
|
"Original user key is required to rotate ciphers",
|
||||||
|
);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("throws if the new user key is null", async () => {
|
||||||
|
await expect(cipherService.getRotatedData(originalUserKey, null, mockUserId)).rejects.toThrow(
|
||||||
|
"New user key is required to rotate ciphers",
|
||||||
|
);
|
||||||
|
});
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
function setEncryptionKeyFlag(value: boolean) {
|
function setEncryptionKeyFlag(value: boolean) {
|
||||||
|
@ -56,6 +56,7 @@ import { CipherCollectionsRequest } from "../models/request/cipher-collections.r
|
|||||||
import { CipherCreateRequest } from "../models/request/cipher-create.request";
|
import { CipherCreateRequest } from "../models/request/cipher-create.request";
|
||||||
import { CipherPartialRequest } from "../models/request/cipher-partial.request";
|
import { CipherPartialRequest } from "../models/request/cipher-partial.request";
|
||||||
import { CipherShareRequest } from "../models/request/cipher-share.request";
|
import { CipherShareRequest } from "../models/request/cipher-share.request";
|
||||||
|
import { CipherWithIdRequest } from "../models/request/cipher-with-id.request";
|
||||||
import { CipherRequest } from "../models/request/cipher.request";
|
import { CipherRequest } from "../models/request/cipher.request";
|
||||||
import { CipherResponse } from "../models/response/cipher.response";
|
import { CipherResponse } from "../models/response/cipher.response";
|
||||||
import { AttachmentView } from "../models/view/attachment.view";
|
import { AttachmentView } from "../models/view/attachment.view";
|
||||||
@ -1168,6 +1169,34 @@ export class CipherService implements CipherServiceAbstraction {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async getRotatedData(
|
||||||
|
originalUserKey: UserKey,
|
||||||
|
newUserKey: UserKey,
|
||||||
|
userId: UserId,
|
||||||
|
): Promise<CipherWithIdRequest[]> {
|
||||||
|
if (originalUserKey == null) {
|
||||||
|
throw new Error("Original user key is required to rotate ciphers");
|
||||||
|
}
|
||||||
|
if (newUserKey == null) {
|
||||||
|
throw new Error("New user key is required to rotate ciphers");
|
||||||
|
}
|
||||||
|
|
||||||
|
let encryptedCiphers: CipherWithIdRequest[] = [];
|
||||||
|
|
||||||
|
const ciphers = await this.getAllDecrypted();
|
||||||
|
if (!ciphers || ciphers.length === 0) {
|
||||||
|
return encryptedCiphers;
|
||||||
|
}
|
||||||
|
encryptedCiphers = await Promise.all(
|
||||||
|
ciphers.map(async (cipher) => {
|
||||||
|
const encryptedCipher = await this.encrypt(cipher, newUserKey, originalUserKey);
|
||||||
|
return new CipherWithIdRequest(encryptedCipher);
|
||||||
|
}),
|
||||||
|
);
|
||||||
|
|
||||||
|
return encryptedCiphers;
|
||||||
|
}
|
||||||
|
|
||||||
// Helpers
|
// Helpers
|
||||||
|
|
||||||
// In the case of a cipher that is being shared with an organization, we want to decrypt the
|
// In the case of a cipher that is being shared with an organization, we want to decrypt the
|
||||||
|
@ -178,6 +178,29 @@ describe("Folder Service", () => {
|
|||||||
// });
|
// });
|
||||||
});
|
});
|
||||||
|
|
||||||
|
describe("getRotatedData", () => {
|
||||||
|
const originalUserKey = new SymmetricCryptoKey(new Uint8Array(32)) as UserKey;
|
||||||
|
const newUserKey = new SymmetricCryptoKey(new Uint8Array(32)) as UserKey;
|
||||||
|
let encryptedKey: EncString;
|
||||||
|
|
||||||
|
beforeEach(() => {
|
||||||
|
encryptedKey = new EncString("Re-encrypted Folder");
|
||||||
|
cryptoService.encrypt.mockResolvedValue(encryptedKey);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("returns re-encrypted user folders", async () => {
|
||||||
|
const result = await folderService.getRotatedData(originalUserKey, newUserKey, mockUserId);
|
||||||
|
|
||||||
|
expect(result[0]).toMatchObject({ id: "1", name: "Re-encrypted Folder" });
|
||||||
|
});
|
||||||
|
|
||||||
|
it("throws if the new user key is null", async () => {
|
||||||
|
await expect(folderService.getRotatedData(originalUserKey, null, mockUserId)).rejects.toThrow(
|
||||||
|
"New user key is required for rotation.",
|
||||||
|
);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
function folderData(id: string, name: string) {
|
function folderData(id: string, name: string) {
|
||||||
const data = new FolderData({} as any);
|
const data = new FolderData({} as any);
|
||||||
data.id = id;
|
data.id = id;
|
||||||
|
@ -6,12 +6,14 @@ import { Utils } from "../../../platform/misc/utils";
|
|||||||
import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
|
import { SymmetricCryptoKey } from "../../../platform/models/domain/symmetric-crypto-key";
|
||||||
import { ActiveUserState, DerivedState, StateProvider } from "../../../platform/state";
|
import { ActiveUserState, DerivedState, StateProvider } from "../../../platform/state";
|
||||||
import { UserId } from "../../../types/guid";
|
import { UserId } from "../../../types/guid";
|
||||||
|
import { UserKey } from "../../../types/key";
|
||||||
import { CipherService } from "../../../vault/abstractions/cipher.service";
|
import { CipherService } from "../../../vault/abstractions/cipher.service";
|
||||||
import { InternalFolderService as InternalFolderServiceAbstraction } from "../../../vault/abstractions/folder/folder.service.abstraction";
|
import { InternalFolderService as InternalFolderServiceAbstraction } from "../../../vault/abstractions/folder/folder.service.abstraction";
|
||||||
import { FolderData } from "../../../vault/models/data/folder.data";
|
import { FolderData } from "../../../vault/models/data/folder.data";
|
||||||
import { Folder } from "../../../vault/models/domain/folder";
|
import { Folder } from "../../../vault/models/domain/folder";
|
||||||
import { FolderView } from "../../../vault/models/view/folder.view";
|
import { FolderView } from "../../../vault/models/view/folder.view";
|
||||||
import { Cipher } from "../../models/domain/cipher";
|
import { Cipher } from "../../models/domain/cipher";
|
||||||
|
import { FolderWithIdRequest } from "../../models/request/folder-with-id.request";
|
||||||
import { FOLDER_DECRYPTED_FOLDERS, FOLDER_ENCRYPTED_FOLDERS } from "../key-state/folder.state";
|
import { FOLDER_DECRYPTED_FOLDERS, FOLDER_ENCRYPTED_FOLDERS } from "../key-state/folder.state";
|
||||||
|
|
||||||
export class FolderService implements InternalFolderServiceAbstraction {
|
export class FolderService implements InternalFolderServiceAbstraction {
|
||||||
@ -170,4 +172,27 @@ export class FolderService implements InternalFolderServiceAbstraction {
|
|||||||
decryptedFolders.push(noneFolder);
|
decryptedFolders.push(noneFolder);
|
||||||
return decryptedFolders;
|
return decryptedFolders;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async getRotatedData(
|
||||||
|
originalUserKey: UserKey,
|
||||||
|
newUserKey: UserKey,
|
||||||
|
userId: UserId,
|
||||||
|
): Promise<FolderWithIdRequest[]> {
|
||||||
|
if (newUserKey == null) {
|
||||||
|
throw new Error("New user key is required for rotation.");
|
||||||
|
}
|
||||||
|
|
||||||
|
let encryptedFolders: FolderWithIdRequest[] = [];
|
||||||
|
const folders = await firstValueFrom(this.folderViews$);
|
||||||
|
if (!folders) {
|
||||||
|
return encryptedFolders;
|
||||||
|
}
|
||||||
|
encryptedFolders = await Promise.all(
|
||||||
|
folders.map(async (folder) => {
|
||||||
|
const encryptedFolder = await this.encrypt(folder, newUserKey);
|
||||||
|
return new FolderWithIdRequest(encryptedFolder);
|
||||||
|
}),
|
||||||
|
);
|
||||||
|
return encryptedFolders;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -10,12 +10,14 @@ export type Sort = {
|
|||||||
fn?: SortFn;
|
fn?: SortFn;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
export type FilterFn<T> = (data: T) => boolean;
|
||||||
|
|
||||||
// Loosely based on CDK TableDataSource
|
// Loosely based on CDK TableDataSource
|
||||||
// https://github.com/angular/components/blob/main/src/material/table/table-data-source.ts
|
// https://github.com/angular/components/blob/main/src/material/table/table-data-source.ts
|
||||||
export class TableDataSource<T> extends DataSource<T> {
|
export class TableDataSource<T> extends DataSource<T> {
|
||||||
private readonly _data: BehaviorSubject<T[]>;
|
private readonly _data: BehaviorSubject<T[]>;
|
||||||
private readonly _sort: BehaviorSubject<Sort>;
|
private readonly _sort: BehaviorSubject<Sort>;
|
||||||
private readonly _filter = new BehaviorSubject<string>("");
|
private readonly _filter = new BehaviorSubject<string | FilterFn<T>>(null);
|
||||||
private readonly _renderData = new BehaviorSubject<T[]>([]);
|
private readonly _renderData = new BehaviorSubject<T[]>([]);
|
||||||
private _renderChangesSubscription: Subscription | null = null;
|
private _renderChangesSubscription: Subscription | null = null;
|
||||||
|
|
||||||
@ -55,11 +57,15 @@ export class TableDataSource<T> extends DataSource<T> {
|
|||||||
return this._sort.value;
|
return this._sort.value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Filter to apply to the `data`.
|
||||||
|
*
|
||||||
|
* If a string is provided, it will be converted to a filter using {@link simpleStringFilter}
|
||||||
|
**/
|
||||||
get filter() {
|
get filter() {
|
||||||
return this._filter.value;
|
return this._filter.value;
|
||||||
}
|
}
|
||||||
|
set filter(filter: string | FilterFn<T>) {
|
||||||
set filter(filter: string) {
|
|
||||||
this._filter.next(filter);
|
this._filter.next(filter);
|
||||||
// Normally the `filteredData` is updated by the re-render
|
// Normally the `filteredData` is updated by the re-render
|
||||||
// subscription, but that won't happen if it's inactive.
|
// subscription, but that won't happen if it's inactive.
|
||||||
@ -95,10 +101,11 @@ export class TableDataSource<T> extends DataSource<T> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private filterData(data: T[]): T[] {
|
private filterData(data: T[]): T[] {
|
||||||
this.filteredData =
|
const filter =
|
||||||
this.filter == null || this.filter === ""
|
typeof this.filter === "string"
|
||||||
? data
|
? TableDataSource.simpleStringFilter(this.filter)
|
||||||
: data.filter((obj) => this.filterPredicate(obj, this.filter));
|
: this.filter;
|
||||||
|
this.filteredData = this.filter == null ? data : data.filter((obj) => filter(obj));
|
||||||
|
|
||||||
return this.filteredData;
|
return this.filteredData;
|
||||||
}
|
}
|
||||||
@ -207,20 +214,22 @@ export class TableDataSource<T> extends DataSource<T> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Copied from https://github.com/angular/components/blob/main/src/material/table/table-data-source.ts
|
* Modified from https://github.com/angular/components/blob/main/src/material/table/table-data-source.ts
|
||||||
* License: MIT
|
* License: MIT
|
||||||
* Copyright (c) 2022 Google LLC.
|
* Copyright (c) 2022 Google LLC.
|
||||||
*
|
*
|
||||||
* Checks if a data object matches the data source's filter string. By default, each data object
|
* @param filter the string to search for
|
||||||
|
* @returns a function that checks if a data object matches the provided `filter` string. Each data object
|
||||||
* is converted to a string of its properties and returns true if the filter has
|
* is converted to a string of its properties and returns true if the filter has
|
||||||
* at least one occurrence in that string. By default, the filter string has its whitespace
|
* at least one occurrence in that string. The filter string has its whitespace
|
||||||
* trimmed and the match is case-insensitive. May be overridden for a custom implementation of
|
* trimmed and the match is case-insensitive.
|
||||||
* filter matching.
|
|
||||||
* @param data Data object used to check against the filter.
|
|
||||||
* @param filter Filter string that has been set on the data source.
|
|
||||||
* @returns Whether the filter matches against the data
|
|
||||||
*/
|
*/
|
||||||
protected filterPredicate(data: T, filter: string): boolean {
|
static readonly simpleStringFilter = <T>(filter: string): FilterFn<T> => {
|
||||||
|
return (data: T): boolean => {
|
||||||
|
if (!filter) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
// Transform the data into a lowercase string of all property values.
|
// Transform the data into a lowercase string of all property values.
|
||||||
const dataStr = Object.keys(data as unknown as Record<string, any>)
|
const dataStr = Object.keys(data as unknown as Record<string, any>)
|
||||||
.reduce((currentTerm: string, key: string) => {
|
.reduce((currentTerm: string, key: string) => {
|
||||||
@ -238,5 +247,6 @@ export class TableDataSource<T> extends DataSource<T> {
|
|||||||
const transformedFilter = filter.trim().toLowerCase();
|
const transformedFilter = filter.trim().toLowerCase();
|
||||||
|
|
||||||
return dataStr.indexOf(transformedFilter) != -1;
|
return dataStr.indexOf(transformedFilter) != -1;
|
||||||
}
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
@ -121,11 +121,20 @@ const sortFn = (a: T, b: T) => (a.id > b.id ? 1 : -1);
|
|||||||
|
|
||||||
### Filtering
|
### Filtering
|
||||||
|
|
||||||
The `TableDataSource` supports a rudimentary filtering capability most commonly used to implement a
|
Filtering is supported by passing a filter predicate to `filter`.
|
||||||
search function. It works by converting each entry into a string of it's properties. The string is
|
|
||||||
then compared against the filter value using a simple `indexOf`check.
|
|
||||||
|
|
||||||
```ts
|
```ts
|
||||||
|
dataSource.filter = (data) => data.orgType === "family";
|
||||||
|
```
|
||||||
|
|
||||||
|
Rudimentary string filtering is supported out of the box with `TableDataSource.simpleStringFilter`.
|
||||||
|
It works by converting each entry into a string of it's properties. The provided string is then
|
||||||
|
compared against the filter value using a simple `indexOf` check. For convienence, you can also just
|
||||||
|
pass a string directly.
|
||||||
|
|
||||||
|
```ts
|
||||||
|
dataSource.filter = TableDataSource.simpleStringFilter("search value");
|
||||||
|
// or
|
||||||
dataSource.filter = "search value";
|
dataSource.filter = "search value";
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -12,7 +12,9 @@
|
|||||||
"@bitwarden/components": ["../components/src"],
|
"@bitwarden/components": ["../components/src"],
|
||||||
"@bitwarden/generator-components": ["../tools/generator/components/src"],
|
"@bitwarden/generator-components": ["../tools/generator/components/src"],
|
||||||
"@bitwarden/generator-core": ["../tools/generator/core/src"],
|
"@bitwarden/generator-core": ["../tools/generator/core/src"],
|
||||||
"@bitwarden/generator-extensions": ["../tools/generator/extensions/src"],
|
"@bitwarden/generator-history": ["../tools/generator/extensions/history/src"],
|
||||||
|
"@bitwarden/generator-legacy": ["../tools/generator/extensions/legacy/src"],
|
||||||
|
"@bitwarden/generator-navigation": ["../tools/generator/extensions/navigation/src"],
|
||||||
"@bitwarden/vault-export-core": ["../tools/export/vault-export/vault-export-core/src"],
|
"@bitwarden/vault-export-core": ["../tools/export/vault-export/vault-export-core/src"],
|
||||||
"@bitwarden/vault-export-ui": ["../tools/export/vault-export/vault-export-ui/src"],
|
"@bitwarden/vault-export-ui": ["../tools/export/vault-export/vault-export-ui/src"],
|
||||||
"@bitwarden/importer/core": ["../importer/src"],
|
"@bitwarden/importer/core": ["../importer/src"],
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
{
|
{
|
||||||
"name": "@bitwarden/generator-components",
|
"name": "@bitwarden/generator-components",
|
||||||
"version": "0.0.0",
|
"version": "0.0.0",
|
||||||
"description": "Angular components for the Bitwarden generators",
|
"description": "Angular components for the Bitwarden credential generators",
|
||||||
"keywords": [
|
"keywords": [
|
||||||
"bitwarden"
|
"bitwarden"
|
||||||
],
|
],
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
{
|
{
|
||||||
"name": "@bitwarden/generator-core",
|
"name": "@bitwarden/generator-core",
|
||||||
"version": "0.0.0",
|
"version": "0.0.0",
|
||||||
"description": "TODO",
|
"description": "Common Bitwarden credential generation logic",
|
||||||
"keywords": [
|
"keywords": [
|
||||||
"bitwarden"
|
"bitwarden"
|
||||||
],
|
],
|
||||||
|
@ -1,5 +1,3 @@
|
|||||||
export { GeneratorHistoryService } from "../../../extensions/src/history/generator-history.abstraction";
|
|
||||||
export { GeneratorNavigationService } from "../../../extensions/src/navigation/generator-navigation.service.abstraction";
|
|
||||||
export { GeneratorService } from "./generator.service.abstraction";
|
export { GeneratorService } from "./generator.service.abstraction";
|
||||||
export { GeneratorStrategy } from "./generator-strategy.abstraction";
|
export { GeneratorStrategy } from "./generator-strategy.abstraction";
|
||||||
export { PolicyEvaluator } from "./policy-evaluator.abstraction";
|
export { PolicyEvaluator } from "./policy-evaluator.abstraction";
|
||||||
|
@ -1,13 +1,13 @@
|
|||||||
const { pathsToModuleNameMapper } = require("ts-jest");
|
const { pathsToModuleNameMapper } = require("ts-jest");
|
||||||
|
|
||||||
const { compilerOptions } = require("../../../shared/tsconfig.libs");
|
const { compilerOptions } = require("../../../../shared/tsconfig.libs");
|
||||||
|
|
||||||
/** @type {import('jest').Config} */
|
/** @type {import('jest').Config} */
|
||||||
module.exports = {
|
module.exports = {
|
||||||
testMatch: ["**/+(*.)+(spec).+(ts)"],
|
testMatch: ["**/+(*.)+(spec).+(ts)"],
|
||||||
preset: "ts-jest",
|
preset: "ts-jest",
|
||||||
testEnvironment: "../../../shared/test.environment.ts",
|
testEnvironment: "../../../../shared/test.environment.ts",
|
||||||
moduleNameMapper: pathsToModuleNameMapper(compilerOptions?.paths || {}, {
|
moduleNameMapper: pathsToModuleNameMapper(compilerOptions?.paths || {}, {
|
||||||
prefix: "<rootDir>/../../",
|
prefix: "<rootDir>/../../../",
|
||||||
}),
|
}),
|
||||||
};
|
};
|
@ -1,7 +1,7 @@
|
|||||||
{
|
{
|
||||||
"name": "@bitwarden/generator-extensions",
|
"name": "@bitwarden/generator-history",
|
||||||
"version": "0.0.0",
|
"version": "0.0.0",
|
||||||
"description": "TODO",
|
"description": "Bitwarden credential generator history service",
|
||||||
"keywords": [
|
"keywords": [
|
||||||
"bitwarden"
|
"bitwarden"
|
||||||
],
|
],
|
@ -1,4 +1,4 @@
|
|||||||
import { GeneratorCategory, GeneratedCredential } from "./";
|
import { GeneratorCategory, GeneratedCredential } from ".";
|
||||||
|
|
||||||
describe("GeneratedCredential", () => {
|
describe("GeneratedCredential", () => {
|
||||||
describe("constructor", () => {
|
describe("constructor", () => {
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user