Upstream
/
bitwarden-browser
mirror of https://github.com/bitwarden/browser.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use account service for account enumeration. (#9023)

This commit is contained in:
Matt Gibson 2024-05-03 14:24:30 -04:00 committed by GitHub
parent 0b02d2ee1c
commit a4d5717283
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 33 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/browser/src/platform/services/default-browser-state.service.ts
View File

@ -1,5 +1,3 @@
import { BehaviorSubject } from "rxjs";
import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
import { TokenService } from "@bitwarden/common/auth/abstractions/token.service";
import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
@ -15,21 +13,13 @@ import { MigrationRunner } from "@bitwarden/common/platform/services/migration-r
import { StateService as BaseStateService } from "@bitwarden/common/platform/services/state.service";
import { Account } from "../../models/account";
import { browserSession, sessionSync } from "../decorators/session-sync-observable";
import { BrowserStateService } from "./abstractions/browser-state.service";
@browserSession
export class DefaultBrowserStateService
extends BaseStateService<GlobalState, Account>
implements BrowserStateService
{
@sessionSync({
initializer: Account.fromJSON as any, // TODO: Remove this any when all any types are removed from Account
initializeAs: "record",
})
protected accountsSubject: BehaviorSubject<{ [userId: string]: Account }>;
protected accountDeserializer = Account.fromJSON;
constructor(

8
apps/desktop/src/app/app.component.ts
View File

@ -218,8 +218,10 @@ export class AppComponent implements OnInit, OnDestroy {
await this.vaultTimeoutService.lock(message.userId);
break;
case "lockAllVaults": {
const currentUser = await this.stateService.getUserId();
const accounts = await firstValueFrom(this.stateService.accounts$);
const currentUser = await firstValueFrom(
this.accountService.activeAccount$.pipe(map((a) => a.id)),
);
const accounts = await firstValueFrom(this.accountService.accounts$);
await this.vaultTimeoutService.lock(currentUser);
for (const account of Object.keys(accounts)) {
if (account === currentUser) {
@ -690,7 +692,7 @@ export class AppComponent implements OnInit, OnDestroy {
}
private async checkForSystemTimeout(timeout: number): Promise<void> {
const accounts = await firstValueFrom(this.stateService.accounts$);
const accounts = await firstValueFrom(this.accountService.accounts$);
for (const userId in accounts) {
if (userId == null) {
continue;

2
apps/desktop/src/app/services/services.module.ts
View File

@ -221,7 +221,7 @@ const safeProviders: SafeProvider[] = [
safeProvider({
provide: EncryptedMessageHandlerService,
deps: [
StateServiceAbstraction,
AccountServiceAbstraction,
AuthServiceAbstraction,
CipherServiceAbstraction,
PolicyServiceAbstraction,

25
apps/desktop/src/services/encrypted-message-handler.service.ts
View File

@ -1,12 +1,13 @@
import { firstValueFrom } from "rxjs";
import { firstValueFrom, map } from "rxjs";
import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
import { PolicyType } from "@bitwarden/common/admin-console/enums";
import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
import { UserId } from "@bitwarden/common/types/guid";
import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
import { CipherType } from "@bitwarden/common/vault/enums";
import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
@ -28,7 +29,7 @@ import { UserStatusErrorResponse } from "../models/native-messaging/encrypted-me
export class EncryptedMessageHandlerService {
constructor(
private stateService: StateService,
private accountService: AccountService,
private authService: AuthService,
private cipherService: CipherService,
private policyService: PolicyService,
@ -62,7 +63,9 @@ export class EncryptedMessageHandlerService {
}
private async checkUserStatus(userId: string): Promise<string> {
const activeUserId = await this.stateService.getUserId();
const activeUserId = await firstValueFrom(
this.accountService.activeAccount$.pipe(map((a) => a?.id)),
);
if (userId !== activeUserId) {
return "not-active-user";
@ -77,17 +80,19 @@ export class EncryptedMessageHandlerService {
}
private async statusCommandHandler(): Promise<AccountStatusResponse[]> {
const accounts = await firstValueFrom(this.stateService.accounts$);
const activeUserId = await this.stateService.getUserId();
const accounts = await firstValueFrom(this.accountService.accounts$);
const activeUserId = await firstValueFrom(
this.accountService.activeAccount$.pipe(map((a) => a?.id)),
);
if (!accounts || !Object.keys(accounts)) {
return [];
}
return Promise.all(
Object.keys(accounts).map(async (userId) => {
Object.keys(accounts).map(async (userId: UserId) => {
const authStatus = await this.authService.getAuthStatus(userId);
const email = await this.stateService.getEmail({ userId });
const email = accounts[userId].email;
return {
id: userId,
@ -107,7 +112,9 @@ export class EncryptedMessageHandlerService {
}
const ciphersResponse: CipherResponse[] = [];
const activeUserId = await this.stateService.getUserId();
const activeUserId = await firstValueFrom(
this.accountService.activeAccount$.pipe(map((a) => a?.id)),
);
const authStatus = await this.authService.getAuthStatus(activeUserId);
if (authStatus !== AuthenticationStatus.Unlocked) {

30
apps/desktop/src/services/native-messaging.service.ts
View File

@ -1,6 +1,7 @@
import { Injectable, NgZone } from "@angular/core";
import { firstValueFrom } from "rxjs";
import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
import { MasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@ -41,6 +42,7 @@ export class NativeMessagingService {
private biometricStateService: BiometricStateService,
private nativeMessageHandler: NativeMessageHandlerService,
private dialogService: DialogService,
private accountService: AccountService,
private ngZone: NgZone,
) {}
@ -51,9 +53,7 @@ export class NativeMessagingService {
private async messageHandler(msg: LegacyMessageWrapper | Message) {
const outerMessage = msg as Message;
if (outerMessage.version) {
// FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
// eslint-disable-next-line @typescript-eslint/no-floating-promises
this.nativeMessageHandler.handleMessage(outerMessage);
await this.nativeMessageHandler.handleMessage(outerMessage);
return;
}
@ -64,7 +64,7 @@ export class NativeMessagingService {
const remotePublicKey = Utils.fromB64ToArray(rawMessage.publicKey);
// Validate the UserId to ensure we are logged into the same account.
const accounts = await firstValueFrom(this.stateService.accounts$);
const accounts = await firstValueFrom(this.accountService.accounts$);
const userIds = Object.keys(accounts);
if (!userIds.includes(rawMessage.userId)) {
ipc.platform.nativeMessaging.sendMessage({
@ -81,7 +81,7 @@ export class NativeMessagingService {
});
const fingerprint = await this.cryptoService.getFingerprint(
await this.stateService.getUserId(),
rawMessage.userId,
remotePublicKey,
);
@ -98,9 +98,7 @@ export class NativeMessagingService {
}
}
// FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
// eslint-disable-next-line @typescript-eslint/no-floating-promises
this.secureCommunication(remotePublicKey, appId);
await this.secureCommunication(remotePublicKey, appId);
return;
}
@ -144,9 +142,7 @@ export class NativeMessagingService {
? firstValueFrom(this.biometricStateService.biometricUnlockEnabled$)
: this.biometricStateService.getBiometricUnlockEnabled(message.userId as UserId);
if (!(await biometricUnlockPromise)) {
// FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
// eslint-disable-next-line @typescript-eslint/no-floating-promises
this.send({ command: "biometricUnlock", response: "not enabled" }, appId);
await this.send({ command: "biometricUnlock", response: "not enabled" }, appId);
return this.ngZone.run(() =>
this.dialogService.openSimpleDialog({
@ -172,9 +168,7 @@ export class NativeMessagingService {
// we send the master key still for backwards compatibility
// with older browser extensions
// TODO: Remove after 2023.10 release (https://bitwarden.atlassian.net/browse/PM-3472)
// FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
// eslint-disable-next-line @typescript-eslint/no-floating-promises
this.send(
await this.send(
{
command: "biometricUnlock",
response: "unlocked",
@ -184,14 +178,10 @@ export class NativeMessagingService {
appId,
);
} else {
// FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
// eslint-disable-next-line @typescript-eslint/no-floating-promises
this.send({ command: "biometricUnlock", response: "canceled" }, appId);
await this.send({ command: "biometricUnlock", response: "canceled" }, appId);
}
} catch (e) {
// FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
// eslint-disable-next-line @typescript-eslint/no-floating-promises
this.send({ command: "biometricUnlock", response: "canceled" }, appId);
await this.send({ command: "biometricUnlock", response: "canceled" }, appId);
}
break;

4
libs/common/src/platform/abstractions/state.service.ts
View File

@ -1,5 +1,3 @@
import { Observable } from "rxjs";
import { BiometricKey } from "../../auth/types/biometric-key";
import { GeneratorOptions } from "../../tools/generator/generator-options";
import { GeneratedPasswordHistory, PasswordGeneratorOptions } from "../../tools/generator/password";
@ -24,8 +22,6 @@ export type InitOptions = {
};
export abstract class StateService<T extends Account = Account> {
accounts$: Observable<{ [userId: string]: T }>;
addAccount: (account: T) => Promise<void>;
clearDecryptedData: (userId: UserId) => Promise<void>;
clean: (options?: StorageOptions) => Promise<void>;

22
libs/common/src/platform/services/state.service.ts
View File

@ -1,4 +1,4 @@
import { BehaviorSubject, firstValueFrom, map } from "rxjs";
import { firstValueFrom, map } from "rxjs";
import { Jsonify, JsonValue } from "type-fest";
import { AccountService } from "../../auth/abstractions/account.service";
@ -52,9 +52,6 @@ export class StateService<
TAccount extends Account = Account,
> implements StateServiceAbstraction<TAccount>
{
protected accountsSubject = new BehaviorSubject<{ [userId: string]: TAccount }>({});
accounts$ = this.accountsSubject.asObservable();
private hasBeenInited = false;
protected isRecoveredSession = false;
@ -115,8 +112,6 @@ export class StateService<
state = await this.syncAccountFromDisk(authenticatedAccounts[i]);
}
await this.pushAccounts();
return state;
});
}
@ -153,7 +148,6 @@ export class StateService<
await this.removeAccountFromDisk(options?.userId);
await this.removeAccountFromMemory(options?.userId);
await this.pushAccounts();
}
/**
@ -856,7 +850,6 @@ export class StateService<
});
});
}
await this.pushAccounts();
}
protected async scaffoldNewAccountStorage(account: TAccount): Promise<void> {
@ -934,17 +927,6 @@ export class StateService<
);
}
protected async pushAccounts(): Promise<void> {
await this.state().then((state) => {
if (state.accounts == null || Object.keys(state.accounts).length < 1) {
this.accountsSubject.next({});
return;
}
this.accountsSubject.next(state.accounts);
});
}
protected reconcileOptions(
requestedOptions: StorageOptions,
defaultOptions: StorageOptions,
@ -1096,8 +1078,6 @@ export class StateService<
return state;
});
await this.pushAccounts();
}
protected createAccount(init: Partial<TAccount> = null): TAccount {