Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-22 11:45:59 +01:00
Code Issues Projects Releases Wiki Activity

Auth/PM-8111 - LoginComponent Refactor Bug - Fix Extension SSO (#11699)

Browse Source 
* PM-8111 - LoginComponent Refactor - I broke the browser SSO flow - fixing it as clientId doesn't persist unless it is in state qParam.

* PM-8111 - Fix DefaultLoginComponentService tests
This commit is contained in:
Jared Snider 2024-10-24 19:02:10 -04:00 committed by GitHub
parent 1fb1be56b3
commit 877d379f86
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/web/src/connectors/sso.ts
View File

@ -6,11 +6,10 @@ window.addEventListener("load", () => {
const code = getQsParam("code"); const code = getQsParam("code");
const state = getQsParam("state"); const state = getQsParam("state");
const lastpass = getQsParam("lp"); const lastpass = getQsParam("lp");
const clientId = getQsParam("clientId");
if (lastpass === "1") { if (lastpass === "1") {
initiateBrowserSso(code, state, true); initiateBrowserSso(code, state, true);
} else if (state != null && clientId == "browser") { } else if (state != null && state.includes(":clientId=browser")) {
initiateBrowserSso(code, state, false); initiateBrowserSso(code, state, false);
} else { } else {
window.location.href = window.location.origin + "/#/sso?code=" + code + "&state=" + state; window.location.href = window.location.origin + "/#/sso?code=" + code + "&state=" + state;

8
libs/auth/src/angular/login/default-login-component.service.spec.ts
View File

@ -83,12 +83,14 @@ describe("DefaultLoginComponentService", () => {
describe("launchSsoBrowserWindow", () => { describe("launchSsoBrowserWindow", () => {
const email = "test@bitwarden.com"; const email = "test@bitwarden.com";
const state = "testState"; let state = "testState";
const codeVerifier = "testCodeVerifier"; const codeVerifier = "testCodeVerifier";
const codeChallenge = "testCodeChallenge"; const codeChallenge = "testCodeChallenge";
const baseUrl = "https://webvault.bitwarden.com/#/sso"; const baseUrl = "https://webvault.bitwarden.com/#/sso";
beforeEach(() => { beforeEach(() => {
state = "testState";
passwordGenerationService.generatePassword.mockResolvedValueOnce(state); passwordGenerationService.generatePassword.mockResolvedValueOnce(state);
passwordGenerationService.generatePassword.mockResolvedValueOnce(codeVerifier); passwordGenerationService.generatePassword.mockResolvedValueOnce(codeVerifier);
jest.spyOn(Utils, "fromBufferToUrlB64").mockReturnValue(codeChallenge); jest.spyOn(Utils, "fromBufferToUrlB64").mockReturnValue(codeChallenge);
@ -112,6 +114,10 @@ describe("DefaultLoginComponentService", () => {
await service.launchSsoBrowserWindow(email, clientId as "browser" | "desktop"); await service.launchSsoBrowserWindow(email, clientId as "browser" | "desktop");
if (clientType === ClientType.Browser) {
state += ":clientId=browser";
}
const expectedUrl = `${baseUrl}?clientId=${clientId}&redirectUri=${encodeURIComponent(expectedRedirectUri)}&state=${state}&codeChallenge=${codeChallenge}&email=${encodeURIComponent(email)}`; const expectedUrl = `${baseUrl}?clientId=${clientId}&redirectUri=${encodeURIComponent(expectedRedirectUri)}&state=${state}&codeChallenge=${codeChallenge}&email=${encodeURIComponent(email)}`;
expect(ssoLoginService.setSsoEmail).toHaveBeenCalledWith(email); expect(ssoLoginService.setSsoEmail).toHaveBeenCalledWith(email);

7
libs/auth/src/angular/login/default-login-component.service.ts
View File

@ -50,7 +50,12 @@ export class DefaultLoginComponentService implements LoginComponentService {
special: false, special: false,
}; };
const state = await this.passwordGenerationService.generatePassword(passwordOptions); let state = await this.passwordGenerationService.generatePassword(passwordOptions);
if (clientId === "browser") {
// Need to persist the clientId in the state for the extension
state += ":clientId=browser";
}
const codeVerifier = await this.passwordGenerationService.generatePassword(passwordOptions); const codeVerifier = await this.passwordGenerationService.generatePassword(passwordOptions);
const codeVerifierHash = await this.cryptoFunctionService.hash(codeVerifier, "sha256"); const codeVerifierHash = await this.cryptoFunctionService.hash(codeVerifier, "sha256");