mirror of
https://github.com/bitwarden/browser.git
synced 2024-11-27 12:36:14 +01:00
support for unlocking with PIN code
This commit is contained in:
parent
647b254a71
commit
7a1e7b5474
@ -26,11 +26,13 @@ export abstract class CryptoService {
|
||||
clearEncKey: (memoryOnly?: boolean) => Promise<any>;
|
||||
clearKeyPair: (memoryOnly?: boolean) => Promise<any>;
|
||||
clearOrgKeys: (memoryOnly?: boolean) => Promise<any>;
|
||||
clearPinProtectedKey: () => Promise<any>;
|
||||
clearKeys: () => Promise<any>;
|
||||
toggleKey: () => Promise<any>;
|
||||
makeKey: (password: string, salt: string, kdf: KdfType, kdfIterations: number) => Promise<SymmetricCryptoKey>;
|
||||
makeShareKey: () => Promise<[CipherString, SymmetricCryptoKey]>;
|
||||
makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, CipherString]>;
|
||||
makePinKey: (pin: string, salt: string) => Promise<SymmetricCryptoKey>;
|
||||
hashPassword: (password: string, key: SymmetricCryptoKey) => Promise<string>;
|
||||
makeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, CipherString]>;
|
||||
remakeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, CipherString]>;
|
||||
|
@ -2,4 +2,5 @@ export abstract class LockService {
|
||||
checkLock: () => Promise<void>;
|
||||
lock: () => Promise<void>;
|
||||
setLockOption: (lockOption: number) => Promise<void>;
|
||||
isPinLockSet: () => Promise<boolean>;
|
||||
}
|
||||
|
@ -3,27 +3,67 @@ import { Router } from '@angular/router';
|
||||
|
||||
import { CryptoService } from '../../abstractions/crypto.service';
|
||||
import { I18nService } from '../../abstractions/i18n.service';
|
||||
import { LockService } from '../../abstractions/lock.service';
|
||||
import { MessagingService } from '../../abstractions/messaging.service';
|
||||
import { PlatformUtilsService } from '../../abstractions/platformUtils.service';
|
||||
import { StorageService } from '../../abstractions/storage.service';
|
||||
import { UserService } from '../../abstractions/user.service';
|
||||
|
||||
import { ConstantsService } from '../../services/constants.service';
|
||||
|
||||
import { CipherString } from '../../models/domain/cipherString';
|
||||
import { SymmetricCryptoKey } from '../../models/domain/symmetricCryptoKey';
|
||||
|
||||
export class LockComponent implements OnInit {
|
||||
masterPassword: string = '';
|
||||
pin: string = '';
|
||||
showPassword: boolean = false;
|
||||
email: string;
|
||||
pinLock: boolean = false;
|
||||
|
||||
protected successRoute: string = 'vault';
|
||||
protected onSuccessfulSubmit: () => void;
|
||||
|
||||
private invalidPinAttempts = 0;
|
||||
|
||||
constructor(protected router: Router, protected i18nService: I18nService,
|
||||
protected platformUtilsService: PlatformUtilsService, protected messagingService: MessagingService,
|
||||
protected userService: UserService, protected cryptoService: CryptoService) { }
|
||||
protected userService: UserService, protected cryptoService: CryptoService,
|
||||
protected storageService: StorageService, protected lockService: LockService) { }
|
||||
|
||||
async ngOnInit() {
|
||||
this.pinLock = await this.lockService.isPinLockSet();
|
||||
this.email = await this.userService.getEmail();
|
||||
}
|
||||
|
||||
async submit() {
|
||||
// PIN
|
||||
if (this.pinLock) {
|
||||
if (this.pin == null || this.pin === '') {
|
||||
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
|
||||
this.i18nService.t('pinRequired'));
|
||||
return;
|
||||
}
|
||||
|
||||
const pinProtectedKey = await this.storageService.get<string>(ConstantsService.pinProtectedKey);
|
||||
try {
|
||||
const protectedKeyCs = new CipherString(pinProtectedKey);
|
||||
const pinKey = await this.cryptoService.makePinKey(this.pin, this.email);
|
||||
const decKey = await this.cryptoService.decryptToBytes(protectedKeyCs, pinKey);
|
||||
await this.setKeyAndContinue(new SymmetricCryptoKey(decKey));
|
||||
} catch {
|
||||
this.invalidPinAttempts++;
|
||||
if (this.invalidPinAttempts >= 5) {
|
||||
this.messagingService.send('logout');
|
||||
return;
|
||||
}
|
||||
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
|
||||
this.i18nService.t('invalidPin'));
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
// Master Password
|
||||
if (this.masterPassword == null || this.masterPassword === '') {
|
||||
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
|
||||
this.i18nService.t('masterPassRequired'));
|
||||
@ -37,13 +77,7 @@ export class LockComponent implements OnInit {
|
||||
const storedKeyHash = await this.cryptoService.getKeyHash();
|
||||
|
||||
if (storedKeyHash != null && keyHash != null && storedKeyHash === keyHash) {
|
||||
await this.cryptoService.setKey(key);
|
||||
this.messagingService.send('unlocked');
|
||||
if (this.onSuccessfulSubmit != null) {
|
||||
this.onSuccessfulSubmit();
|
||||
} else if (this.router != null) {
|
||||
this.router.navigate([this.successRoute]);
|
||||
}
|
||||
this.setKeyAndContinue(key);
|
||||
} else {
|
||||
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
|
||||
this.i18nService.t('invalidMasterPassword'));
|
||||
@ -63,4 +97,14 @@ export class LockComponent implements OnInit {
|
||||
this.showPassword = !this.showPassword;
|
||||
document.getElementById('masterPassword').focus();
|
||||
}
|
||||
|
||||
private async setKeyAndContinue(key: SymmetricCryptoKey) {
|
||||
await this.cryptoService.setKey(key);
|
||||
this.messagingService.send('unlocked');
|
||||
if (this.onSuccessfulSubmit != null) {
|
||||
this.onSuccessfulSubmit();
|
||||
} else if (this.router != null) {
|
||||
this.router.navigate([this.successRoute]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -18,6 +18,7 @@ export class ConstantsService {
|
||||
static readonly dontShowCardsCurrentTab: string = 'dontShowCardsCurrentTab';
|
||||
static readonly dontShowIdentitiesCurrentTab: string = 'dontShowIdentitiesCurrentTab';
|
||||
static readonly defaultUriMatch: string = 'defaultUriMatch';
|
||||
static readonly pinProtectedKey: string = 'pinProtectedKey';
|
||||
|
||||
readonly environmentUrlsKey: string = ConstantsService.environmentUrlsKey;
|
||||
readonly disableGaKey: string = ConstantsService.disableGaKey;
|
||||
@ -37,4 +38,5 @@ export class ConstantsService {
|
||||
readonly dontShowCardsCurrentTab: string = ConstantsService.dontShowCardsCurrentTab;
|
||||
readonly dontShowIdentitiesCurrentTab: string = ConstantsService.dontShowIdentitiesCurrentTab;
|
||||
readonly defaultUriMatch: string = ConstantsService.defaultUriMatch;
|
||||
readonly pinProtectedKey: string = ConstantsService.pinProtectedKey;
|
||||
}
|
||||
|
@ -266,6 +266,10 @@ export class CryptoService implements CryptoServiceAbstraction {
|
||||
return this.storageService.remove(Keys.encOrgKeys);
|
||||
}
|
||||
|
||||
clearPinProtectedKey(): Promise<any> {
|
||||
return this.storageService.remove(ConstantsService.pinProtectedKey);
|
||||
}
|
||||
|
||||
clearKeys(): Promise<any> {
|
||||
return Promise.all([
|
||||
this.clearKey(),
|
||||
@ -273,6 +277,7 @@ export class CryptoService implements CryptoServiceAbstraction {
|
||||
this.clearOrgKeys(),
|
||||
this.clearEncKey(),
|
||||
this.clearKeyPair(),
|
||||
this.clearPinProtectedKey(),
|
||||
]);
|
||||
}
|
||||
|
||||
@ -319,6 +324,11 @@ export class CryptoService implements CryptoServiceAbstraction {
|
||||
return [publicB64, privateEnc];
|
||||
}
|
||||
|
||||
async makePinKey(pin: string, salt: string): Promise<SymmetricCryptoKey> {
|
||||
const pinKey = await this.makeKey(pin, salt, KdfType.PBKDF2_SHA256, 100000);
|
||||
return await this.stretchKey(pinKey);
|
||||
}
|
||||
|
||||
async hashPassword(password: string, key: SymmetricCryptoKey): Promise<string> {
|
||||
if (key == null) {
|
||||
key = await this.getKey();
|
||||
|
@ -87,4 +87,9 @@ export class LockService implements LockServiceAbstraction {
|
||||
await this.storageService.save(ConstantsService.lockOptionKey, lockOption);
|
||||
await this.cryptoService.toggleKey();
|
||||
}
|
||||
|
||||
async isPinLockSet(): Promise<boolean> {
|
||||
const pinProtectedKey = await this.storageService.get<string>(ConstantsService.pinProtectedKey);
|
||||
return pinProtectedKey != null;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user