Return correct master password hash from login strategies (#8518)

2024-11-21 11:35:34 +01:00 · 2024-03-27 17:17:17 -04:00 · 2024-03-27 17:17:17 -04:00 · aaa745ec36
commit aaa745ec36
parent 5de2177175
2 changed files with 16 additions and 12 deletions
--- a/libs/auth/src/common/login-strategies/password-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/password-login.strategy.ts
@ -63,14 +63,12 @@ export class PasswordLoginStrategyData implements LoginStrategyData {
 }

 export class PasswordLoginStrategy extends LoginStrategy {
-  /**
-   * The email address of the user attempting to log in.
-   */
+  /** The email address of the user attempting to log in. */
  email$: Observable<string>;
-  /**
-   * The master key hash of the user attempting to log in.
-   */
-  masterKeyHash$: Observable<string | null>;
+  /** The master key hash used for authentication */
+  serverMasterKeyHash$: Observable<string>;
+  /** The local master key hash we store client side */
+  localMasterKeyHash$: Observable<string | null>;

  protected cache: BehaviorSubject<PasswordLoginStrategyData>;

@ -107,7 +105,10 @@ export class PasswordLoginStrategy extends LoginStrategy {

    this.cache = new BehaviorSubject(data);
    this.email$ = this.cache.pipe(map((state) => state.tokenRequest.email));
-    this.masterKeyHash$ = this.cache.pipe(map((state) => state.localMasterKeyHash));
+    this.serverMasterKeyHash$ = this.cache.pipe(
+      map((state) => state.tokenRequest.masterPasswordHash),
+    );
+    this.localMasterKeyHash$ = this.cache.pipe(map((state) => state.localMasterKeyHash));
  }

  override async logIn(credentials: PasswordLoginCredentials) {
@ -123,11 +124,14 @@ export class PasswordLoginStrategy extends LoginStrategy {
      data.masterKey,
      HashPurpose.LocalAuthorization,
    );
-    const masterKeyHash = await this.cryptoService.hashMasterKey(masterPassword, data.masterKey);
+    const serverMasterKeyHash = await this.cryptoService.hashMasterKey(
+      masterPassword,
+      data.masterKey,
+    );

    data.tokenRequest = new PasswordTokenRequest(
      email,
-      masterKeyHash,
+      serverMasterKeyHash,
      captchaToken,
      await this.buildTwoFactor(twoFactor, email),
      await this.buildDeviceRequest(),
--- a/libs/auth/src/common/services/login-strategies/login-strategy.service.ts
+++ b/libs/auth/src/common/services/login-strategies/login-strategy.service.ts
@ -137,8 +137,8 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
  async getMasterPasswordHash(): Promise<string | null> {
    const strategy = await firstValueFrom(this.loginStrategy$);

-    if ("masterKeyHash$" in strategy) {
-      return await firstValueFrom(strategy.masterKeyHash$);
+    if ("serverMasterKeyHash$" in strategy) {
+      return await firstValueFrom(strategy.serverMasterKeyHash$);
    }
    return null;
  }