Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-28 12:45:45 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #1426 from Hinton/feature/desktop-bridge

Browse Source 
Browser <-> desktop communication
This commit is contained in:
Chad Scharf 2020-12-04 12:21:23 -05:00 committed by GitHub
commit 6760cec1ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 369 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
package-lock.json generated
View File

@ -777,6 +777,12 @@
"integrity": "sha1-wFTor02d11205jq8dviFFocU1LM=",
"dev": true
},
"@types/firefox-webext-browser": {
"version": "78.0.1",
"resolved": "https://registry.npmjs.org/@types/firefox-webext-browser/-/firefox-webext-browser-78.0.1.tgz",
"integrity": "sha512-0d7oiI9K6Y4efP4Crl3JB88zYl7vaRdLtumqz8v6axMF8RCnK0NaGUjL4DnyQ7GLPo98b+s0BSRalaxAXgvPAQ==",
"dev": true
},
"@types/jasmine": {
"version": "3.3.12",
"resolved": "https://registry.npmjs.org/@types/jasmine/-/jasmine-3.3.12.tgz",

3
package.json
View File

@ -30,6 +30,7 @@
"@angular/compiler-cli": "^9.1.12",
"@ngtools/webpack": "^9.1.12",
"@types/chrome": "^0.0.73",
"@types/firefox-webext-browser": "^78.0.1",
"@types/jasmine": "^3.3.12",
"@types/lunr": "^2.3.3",
"@types/mousetrap": "^1.6.0",
@ -48,7 +49,6 @@
"cross-env": "^5.2.0",
"css-loader": "^1.0.0",
"del": "^3.0.0",
"mini-css-extract-plugin": "^0.9.0",
"file-loader": "^2.0.0",
"gulp": "^4.0.0",
"gulp-filter": "^5.1.0",
@ -68,6 +68,7 @@
"karma-jasmine": "^2.0.1",
"karma-jasmine-html-reporter": "^1.4.0",
"karma-typescript": "^4.0.0",
"mini-css-extract-plugin": "^0.9.0",
"node-sass": "^4.13.1",
"sass-loader": "^7.1.0",
"style-loader": "^0.23.0",

42
src/_locales/en/messages.json
View File

@ -1250,6 +1250,15 @@
"yourVaultIsLockedPinCode": {
"message": "Your vault is locked. Verify your PIN code to continue."
},
"unlockWithBiometrics": {
"message": "Unlock with biometrics"
},
"awaitDesktop": {
"message": "Awaiting confirmation from desktop"
},
"awaitDesktopDesc": {
"message": "Please confirm using biometrics in the Bitwarden Desktop application to enable biometrics for browser."
},
"lockWithMasterPassOnRestart": {
"message": "Lock with master password on browser restart"
},
@ -1368,5 +1377,38 @@
},
"privacyPolicy": {
"message": "Privacy Policy"
},
"ok": {
"message": "Ok"
},
"desktopSyncVerificationTitle": {
"message": "Desktop sync verification"
},
"desktopIntegrationVerificationText": {
"message": "Please verify that the desktop application shows this fingerprint: "
},
"desktopIntegrationDisabledTitle": {
"message": "Browser integration is not enabled"
},
"desktopIntegrationDisabledDesc": {
"message": "Browser integration is not enabled in the Bitwarden Desktop application. Please enable it in the settings within the desktop application."
},
"startDesktopTitle": {
"message": "Start the Bitwarden Desktop application"
},
"startDesktopDesc": {
"message": "The Bitwarden Desktop application needs to be started before this function can be used."
},
"errorEnableBiometricTitle": {
"message": "Unable to enable biometrics"
},
"errorEnableBiometricDesc": {
"message": "Action was canceled by the desktop application"
},
"nativeMessagingInvalidEncryptionDesc": {
"message": "Desktop application invalidated the secure communication channel. Please retry this operation"
},
"nativeMessagingInvalidEncryptionTitle": {
"message": "Desktop communication interupted"
}
}

4
src/background/contextMenus.background.ts
View File

@ -55,8 +55,8 @@ export default class ContextMenusBackground {
private async cipherAction(info: any) {
const id = info.menuItemId.split('_')[1];
if (id === 'noop') {
if (chrome.browserAction && chrome.browserAction.openPopup) {
chrome.browserAction.openPopup();
if (chrome.browserAction && (chrome.browserAction as any).openPopup) {
(chrome.browserAction as any).openPopup();
}
return;
}

17
src/background/main.background.ts
View File

@ -71,6 +71,7 @@ import { SafariApp } from '../browser/safariApp';
import CommandsBackground from './commands.background';
import ContextMenusBackground from './contextMenus.background';
import IdleBackground from './idle.background';
import { NativeMessagingBackground } from './nativeMessaging.background';
import RuntimeBackground from './runtime.background';
import TabsBackground from './tabs.background';
import WebRequestBackground from './webRequest.background';
@ -140,6 +141,7 @@ export default class MainBackground {
private menuOptionsLoaded: any[] = [];
private syncTimeout: any;
private isSafari: boolean;
private nativeMessagingBackground: NativeMessagingBackground;
constructor() {
// Services
@ -149,6 +151,19 @@ export default class MainBackground {
if (this.systemService != null) {
this.systemService.clearClipboard(clipboardValue, clearMs);
}
},
async () => {
if (this.nativeMessagingBackground != null) {
const promise = this.nativeMessagingBackground.getResponse();
try {
await this.nativeMessagingBackground.send({command: 'biometricUnlock'});
} catch (e) {
return Promise.reject(e);
}
return promise.then((result) => result.response === 'unlocked');
}
});
this.storageService = new BrowserStorageService(this.platformUtilsService);
this.secureStorageService = new BrowserStorageService(this.platformUtilsService);
@ -229,6 +244,8 @@ export default class MainBackground {
this.platformUtilsService as BrowserPlatformUtilsService, this.storageService, this.i18nService,
this.analytics, this.notificationsService, this.systemService, this.vaultTimeoutService,
this.environmentService);
this.nativeMessagingBackground = new NativeMessagingBackground(this.storageService, this.cryptoService, this.cryptoFunctionService,
this.vaultTimeoutService, this.runtimeBackground, this.i18nService, this.userService, this.messagingService);
this.commandsBackground = new CommandsBackground(this, this.passwordGenerationService,
this.platformUtilsService, this.analytics, this.vaultTimeoutService);

198
src/background/nativeMessaging.background.ts Normal file
View File

@ -0,0 +1,198 @@
import { ConstantsService } from 'jslib/services/constants.service';
import { CryptoFunctionService } from 'jslib/abstractions/cryptoFunction.service';
import { CryptoService } from 'jslib/abstractions/crypto.service';
import { I18nService } from 'jslib/abstractions/i18n.service';
import { MessagingService } from 'jslib/abstractions/messaging.service';
import { StorageService } from 'jslib/abstractions/storage.service';
import { UserService } from 'jslib/abstractions/user.service';
import { VaultTimeoutService } from 'jslib/abstractions/vaultTimeout.service';
import { Utils } from 'jslib/misc/utils';
import { SymmetricCryptoKey } from 'jslib/models/domain';
import { BrowserApi } from '../browser/browserApi';
import RuntimeBackground from './runtime.background';
const MessageValidTimeout = 10 * 1000;
const EncryptionAlgorithm = 'sha1';
export class NativeMessagingBackground {
private connected = false;
private connecting: boolean;
private port: browser.runtime.Port | chrome.runtime.Port;
private resolver: any = null;
private privateKey: ArrayBuffer = null;
private secureSetupResolve: any = null;
private sharedSecret: SymmetricCryptoKey;
constructor(private storageService: StorageService, private cryptoService: CryptoService,
private cryptoFunctionService: CryptoFunctionService, private vaultTimeoutService: VaultTimeoutService,
private runtimeBackground: RuntimeBackground, private i18nService: I18nService, private userService: UserService,
private messagingService: MessagingService) {}
async connect() {
return new Promise((resolve, reject) => {
this.port = BrowserApi.connectNative('com.8bit.bitwarden');
this.connecting = true;
this.port.onMessage.addListener(async (message: any) => {
switch (message.command) {
case 'connected':
this.connected = true;
this.connecting = false;
resolve();
break;
case 'disconnected':
if (this.connecting) {
this.messagingService.send('showDialog', {
text: this.i18nService.t('startDesktopDesc'),
title: this.i18nService.t('startDesktopTitle'),
confirmText: this.i18nService.t('ok'),
type: 'error',
});
reject();
}
this.connected = false;
this.port.disconnect();
break;
case 'setupEncryption':
const encrypted = Utils.fromB64ToArray(message.sharedSecret);
const decrypted = await this.cryptoFunctionService.rsaDecrypt(encrypted.buffer, this.privateKey, EncryptionAlgorithm);
this.sharedSecret = new SymmetricCryptoKey(decrypted);
this.secureSetupResolve();
break;
case 'invalidateEncryption':
this.sharedSecret = null;
this.privateKey = null;
this.connected = false;
this.messagingService.send('showDialog', {
text: this.i18nService.t('nativeMessagingInvalidEncryptionDesc'),
title: this.i18nService.t('nativeMessagingInvalidEncryptionTitle'),
confirmText: this.i18nService.t('ok'),
type: 'error',
});
default:
this.onMessage(message);
}
});
this.port.onDisconnect.addListener((p: any) => {
let error;
if (BrowserApi.isWebExtensionsApi) {
error = p.error.message;
} else {
error = chrome.runtime.lastError.message;
}
if (error === 'Specified native messaging host not found.' ||
error === 'Access to the specified native messaging host is forbidden.' ||
error === 'An unexpected error occurred') {
this.messagingService.send('showDialog', {
text: this.i18nService.t('desktopIntegrationDisabledDesc'),
title: this.i18nService.t('desktopIntegrationDisabledTitle'),
confirmText: this.i18nService.t('ok'),
type: 'error',
});
}
this.sharedSecret = null;
this.privateKey = null;
this.connected = false;
reject();
});
});
}
async send(message: any) {
if (!this.connected) {
await this.connect();
}
if (this.sharedSecret == null) {
await this.secureCommunication();
}
message.timestamp = Date.now();
const encrypted = await this.cryptoService.encrypt(JSON.stringify(message), this.sharedSecret);
this.port.postMessage(encrypted);
}
getResponse(): Promise<any> {
return new Promise((resolve, reject) => {
this.resolver = resolve;
});
}
private async onMessage(rawMessage: any) {
const message = JSON.parse(await this.cryptoService.decryptToUtf8(rawMessage, this.sharedSecret));
if (Math.abs(message.timestamp - Date.now()) > MessageValidTimeout) {
// tslint:disable-next-line
console.error('NativeMessage is to old, ignoring.');
return;
}
switch (message.command) {
case 'biometricUnlock':
await this.storageService.remove(ConstantsService.biometricAwaitingAcceptance);
const enabled = await this.storageService.get(ConstantsService.biometricUnlockKey);
if (enabled === null || enabled === false) {
if (message.response === 'unlocked') {
await this.storageService.save(ConstantsService.biometricUnlockKey, true);
}
break;
}
// Ignore unlock if already unlockeded
if (!this.vaultTimeoutService.biometricLocked) {
break;
}
if (message.response === 'unlocked') {
this.cryptoService.setKey(new SymmetricCryptoKey(Utils.fromB64ToArray(message.keyB64).buffer));
this.vaultTimeoutService.biometricLocked = false;
this.runtimeBackground.processMessage({command: 'unlocked'}, null, null);
}
break;
default:
// tslint:disable-next-line
console.error('NativeMessage, got unknown command: ', message.command);
}
if (this.resolver) {
this.resolver(message);
}
}
private async secureCommunication() {
const [publicKey, privateKey] = await this.cryptoFunctionService.rsaGenerateKeyPair(2048);
this.privateKey = privateKey;
this.sendUnencrypted({command: 'setupEncryption', publicKey: Utils.fromBufferToB64(publicKey)});
const fingerprint = (await this.cryptoService.getFingerprint(await this.userService.getUserId(), publicKey)).join(' ');
this.messagingService.send('showDialog', {
html: `${this.i18nService.t('desktopIntegrationVerificationText')}<br><br><strong>${fingerprint}</strong>`,
title: this.i18nService.t('desktopSyncVerificationTitle'),
confirmText: this.i18nService.t('ok'),
type: 'warning',
});
return new Promise((resolve, reject) => this.secureSetupResolve = resolve);
}
private async sendUnencrypted(message: any) {
if (!this.connected) {
await this.connect();
}
message.timestamp = Date.now();
this.port.postMessage(message);
}
}

1
src/background/runtime.background.ts
View File

@ -22,6 +22,7 @@ import { VaultTimeoutService } from 'jslib/abstractions/vaultTimeout.service';
import { BrowserApi } from '../browser/browserApi';
import MainBackground from './main.background';
import { NativeMessagingBackground } from './nativeMessaging.background';
import { Analytics } from 'jslib/misc';
import { Utils } from 'jslib/misc/utils';

8
src/browser/browserApi.ts
View File

@ -221,4 +221,12 @@ export class BrowserApi {
});
}
}
static connectNative(application: string): browser.runtime.Port | chrome.runtime.Port {
if (BrowserApi.isWebExtensionsApi) {
return browser.runtime.connectNative(application);
} else if (BrowserApi.isChromeApi) {
return chrome.runtime.connectNative(application);
}
}
}

2
src/globals.d.ts vendored
View File

@ -1,6 +1,4 @@
declare function escape(s: string): string;
declare function unescape(s: string): string;
declare var opr: any;
declare var chrome: any;
declare var browser: any;
declare var safari: any;

3
src/manifest.json
View File

@ -89,7 +89,8 @@
"http://*/*",
"https://*/*",
"webRequest",
"webRequestBlocking"
"webRequestBlocking",
"nativeMessaging"
],
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
"commands": {

5
src/popup/accounts/lock.component.html
View File

@ -36,6 +36,11 @@
{{'loggedInAsOn' | i18n : email : webVaultHostname}}
</div>
</div>
<div class="box" *ngIf="biometricLock">
<div class="box-footer">
<a class="btn primary block" (click)="unlockBiometric()">{{'unlockWithBiometrics' | i18n}}</a>
</div>
</div>
<p class="text-center">
<a href="#" appStopClick (click)="logOut()">{{'logOut' | i18n}}</a>
</p>

23
src/popup/accounts/lock.component.ts
View File

@ -13,6 +13,7 @@ import { UserService } from 'jslib/abstractions/user.service';
import { VaultTimeoutService } from 'jslib/abstractions/vaultTimeout.service';
import { LockComponent as BaseLockComponent } from 'jslib/angular/components/lock.component';
import Swal from 'sweetalert2';
@Component({
selector: 'app-lock',
@ -36,4 +37,26 @@ export class LockComponent extends BaseLockComponent {
document.getElementById(this.pinLock ? 'pin' : 'masterPassword').focus();
}, 100);
}
async unlockBiometric() {
if (!this.biometricLock) {
return;
}
const div = document.createElement('div');
div.innerHTML = `<div class="swal2-text">${this.i18nService.t('awaitDesktop')}</div>`;
Swal.fire({
heightAuto: false,
buttonsStyling: false,
html: div,
showCancelButton: true,
cancelButtonText: this.i18nService.t('cancel'),
showConfirmButton: false,
});
await super.unlockBiometric();
Swal.close();
}
}

1
src/popup/app.component.ts
View File

@ -241,6 +241,7 @@ export class AppComponent implements OnInit {
icon: type as SweetAlertIcon, // required to be any of the SweetAlertIcons to output the iconHtml.
iconHtml: iconClasses != null ? `<i class="swal-custom-icon fa ${iconClasses}"></i>` : undefined,
text: msg.text,
html: msg.html,
title: msg.title,
showCancelButton: (cancelText != null),
cancelButtonText: cancelText,

4
src/popup/settings/settings.component.html
View File

@ -42,6 +42,10 @@
<label for="pin">{{'unlockWithPin' | i18n}}</label>
<input id="pin" type="checkbox" (change)="updatePin()" [(ngModel)]="pin">
</div>
<div class="box-content-row box-content-row-checkbox" appBoxRow>
<label for="biometric">{{'unlockWithBiometrics' | i18n}}</label>
<input id="biometric" type="checkbox" (change)="updateBiometric()" [(ngModel)]="biometric">
</div>
<a class="box-content-row box-content-row-flex text-default" href="#" appStopClick appBlurClick
(click)="lock()">
<div class="row-main">{{'lockNow' | i18n}}</div>

45
src/popup/settings/settings.component.ts
View File

@ -51,6 +51,7 @@ export class SettingsComponent implements OnInit {
vaultTimeoutActions: any[];
vaultTimeoutAction: string;
pin: boolean = null;
biometric: boolean = false;
previousVaultTimeout: number = null;
constructor(private platformUtilsService: PlatformUtilsService, private i18nService: I18nService,
@ -100,6 +101,7 @@ export class SettingsComponent implements OnInit {
const pinSet = await this.vaultTimeoutService.isPinLockSet();
this.pin = pinSet[0] || pinSet[1];
this.biometric = await this.vaultTimeoutService.isBiometricLockSet();
}
async saveVaultTimeout(newValue: number) {
@ -204,6 +206,49 @@ export class SettingsComponent implements OnInit {
}
}
async updateBiometric() {
if (this.biometric) {
const submitted = Swal.fire({
heightAuto: false,
buttonsStyling: false,
title: this.i18nService.t('awaitDesktop'),
text: this.i18nService.t('awaitDesktopDesc'),
icon: 'info',
iconHtml: '<i class="swal-custom-icon fa fa-info-circle text-info"></i>',
showCancelButton: true,
cancelButtonText: this.i18nService.t('cancel'),
showConfirmButton: false,
allowOutsideClick: false,
});
await this.storageService.save(ConstantsService.biometricAwaitingAcceptance, true);
await this.cryptoService.toggleKey();
await Promise.race([
submitted.then((result) => {
if (result.dismiss === Swal.DismissReason.cancel) {
this.biometric = false;
this.storageService.remove(ConstantsService.biometricAwaitingAcceptance);
}
}),
this.platformUtilsService.authenticateBiometric().then((result) => {
this.biometric = result;
Swal.close();
if (this.biometric === false) {
this.platformUtilsService.showToast('error', this.i18nService.t('errorEnableBiometricTitle'), this.i18nService.t('errorEnableBiometricDesc'));
}
}).catch((e) => {
// Handle connection errors
this.biometric = false;
})
]);
} else {
await this.storageService.remove(ConstantsService.biometricUnlockKey);
this.vaultTimeoutService.biometricLocked = false;
}
}
async lock() {
this.analytics.eventTrack.next({ action: 'Lock Now' });
await this.vaultTimeoutService.lock(true);

12
src/services/browserPlatformUtils.service.spec.ts
View File

@ -27,7 +27,7 @@ describe('Browser Utils Service', () => {
value: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36',
});
const browserPlatformUtilsService = new BrowserPlatformUtilsService(null, null);
const browserPlatformUtilsService = new BrowserPlatformUtilsService(null, null, null);
expect(browserPlatformUtilsService.getDevice()).toBe(DeviceType.ChromeExtension);
});
@ -37,7 +37,7 @@ describe('Browser Utils Service', () => {
value: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0',
});
const browserPlatformUtilsService = new BrowserPlatformUtilsService(null, null);
const browserPlatformUtilsService = new BrowserPlatformUtilsService(null, null, null);
expect(browserPlatformUtilsService.getDevice()).toBe(DeviceType.FirefoxExtension);
});
@ -52,7 +52,7 @@ describe('Browser Utils Service', () => {
value: {},
});
const browserPlatformUtilsService = new BrowserPlatformUtilsService(null, null);
const browserPlatformUtilsService = new BrowserPlatformUtilsService(null, null, null);
expect(browserPlatformUtilsService.getDevice()).toBe(DeviceType.OperaExtension);
});
@ -62,7 +62,7 @@ describe('Browser Utils Service', () => {
value: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43',
});
const browserPlatformUtilsService = new BrowserPlatformUtilsService(null, null);
const browserPlatformUtilsService = new BrowserPlatformUtilsService(null, null, null);
expect(browserPlatformUtilsService.getDevice()).toBe(DeviceType.EdgeExtension);
});
@ -77,7 +77,7 @@ describe('Browser Utils Service', () => {
value: true,
});
const browserPlatformUtilsService = new BrowserPlatformUtilsService(null, null);
const browserPlatformUtilsService = new BrowserPlatformUtilsService(null, null, null);
expect(browserPlatformUtilsService.getDevice()).toBe(DeviceType.SafariExtension);
Object.defineProperty(window, 'safariAppExtension', {
@ -92,7 +92,7 @@ describe('Browser Utils Service', () => {
value: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.97 Safari/537.36 Vivaldi/1.94.1008.40',
});
const browserPlatformUtilsService = new BrowserPlatformUtilsService(null, null);
const browserPlatformUtilsService = new BrowserPlatformUtilsService(null, null, null);
expect(browserPlatformUtilsService.getDevice()).toBe(DeviceType.VivaldiExtension);
});
});

7
src/services/browserPlatformUtils.service.ts
View File

@ -18,7 +18,8 @@ export default class BrowserPlatformUtilsService implements PlatformUtilsService
private analyticsIdCache: string = null;
constructor(private messagingService: MessagingService,
private clipboardWriteCallback: (clipboardValue: string, clearMs: number) => void) { }
private clipboardWriteCallback: (clipboardValue: string, clearMs: number) => void,
private biometricCallback: () => Promise<boolean>) { }
getDevice(): DeviceType {
if (this.deviceCache) {
@ -288,11 +289,11 @@ export default class BrowserPlatformUtilsService implements PlatformUtilsService
}
supportsBiometric() {
return Promise.resolve(false);
return Promise.resolve(true);
}
authenticateBiometric() {
return Promise.resolve(false);
return this.biometricCallback();
}
sidebarViewName(): string {

4
tsconfig.json
View File

@ -10,7 +10,9 @@
"sourceMap": true,
"types": [
"jasmine",
"sweetalert2"
"sweetalert2",
"@types/chrome",
"@types/firefox-webext-browser"
],
"baseUrl": ".",
"paths": {