Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-06 09:20:43 +01:00
Code Issues Projects Releases Wiki Activity

Vault Timeout Policy (#474)

Browse Source
This commit is contained in:
Oscar Hinton 2021-09-08 22:02:19 +02:00 committed by GitHub
parent 5784a6d4fc
commit bba2812fdd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 167 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
angular/src/components/settings/vault-timeout-input.component.ts Normal file
View File

@ -0,0 +1,138 @@
import {
Directive,
Input,
OnInit,
} from '@angular/core';
import {
AbstractControl,
ControlValueAccessor,
FormBuilder,
ValidationErrors,
Validator
} from '@angular/forms';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { PolicyService } from 'jslib-common/abstractions/policy.service';
import { PolicyType } from 'jslib-common/enums/policyType';
import { Policy } from 'jslib-common/models/domain/policy';
@Directive()
export class VaultTimeoutInputComponent implements ControlValueAccessor, Validator, OnInit {
get showCustom() {
return this.form.get('vaultTimeout').value === VaultTimeoutInputComponent.CUSTOM_VALUE;
}
static CUSTOM_VALUE = -100;
form = this.fb.group({
vaultTimeout: [null],
custom: this.fb.group({
hours: [null],
minutes: [null],
}),
});
@Input() vaultTimeouts: { name: string; value: number; }[];
vaultTimeoutPolicy: Policy;
vaultTimeoutPolicyHours: number;
vaultTimeoutPolicyMinutes: number;
private onChange: (vaultTimeout: number) => void;
private validatorChange: () => void;
constructor(private fb: FormBuilder, private policyService: PolicyService, private i18nService: I18nService) {
}
async ngOnInit() {
if (await this.policyService.policyAppliesToUser(PolicyType.MaximumVaultTimeout)) {
const vaultTimeoutPolicy = await this.policyService.getAll(PolicyType.MaximumVaultTimeout);
this.vaultTimeoutPolicy = vaultTimeoutPolicy[0];
this.vaultTimeoutPolicyHours = Math.floor(this.vaultTimeoutPolicy.data.minutes / 60);
this.vaultTimeoutPolicyMinutes = this.vaultTimeoutPolicy.data.minutes % 60;
this.vaultTimeouts = this.vaultTimeouts.filter(t =>
t.value <= this.vaultTimeoutPolicy.data.minutes &&
(t.value > 0 || t.value === VaultTimeoutInputComponent.CUSTOM_VALUE) &&
t.value != null
);
this.validatorChange();
}
this.form.valueChanges.subscribe(async value => {
this.onChange(this.getVaultTimeout(value));
});
// Assign the previous value to the custom fields
this.form.get('vaultTimeout').valueChanges.subscribe(value => {
if (value !== VaultTimeoutInputComponent.CUSTOM_VALUE) {
return;
}
const current = Math.max(this.form.value.vaultTimeout, 0);
this.form.patchValue({
custom: {
hours: Math.floor(current / 60),
minutes: current % 60,
},
});
});
}
ngOnChanges() {
this.vaultTimeouts.push({ name: this.i18nService.t('custom'), value: VaultTimeoutInputComponent.CUSTOM_VALUE });
}
getVaultTimeout(value: any) {
if (value.vaultTimeout !== VaultTimeoutInputComponent.CUSTOM_VALUE) {
return value.vaultTimeout;
}
return value.custom.hours * 60 + value.custom.minutes;
}
writeValue(value: number): void {
if (value == null) {
return;
}
if (this.vaultTimeouts.every(p => p.value !== value)) {
this.form.setValue({
vaultTimeout: VaultTimeoutInputComponent.CUSTOM_VALUE,
custom: {
hours: Math.floor(value / 60),
minutes: value % 60,
},
});
return;
}
this.form.patchValue({
vaultTimeout: value,
});
}
registerOnChange(onChange: any): void {
this.onChange = onChange;
}
// tslint:disable-next-line
registerOnTouched(onTouched: any): void {}
// tslint:disable-next-line
setDisabledState?(isDisabled: boolean): void { }
validate(control: AbstractControl): ValidationErrors {
if (this.vaultTimeoutPolicy && this.vaultTimeoutPolicy?.data?.minutes < control.value) {
return { policyError: true };
}
return null;
}
registerOnValidatorChange(fn: () => void): void {
this.validatorChange = fn;
}
}

4
common/src/abstractions/platformUtils.service.ts
View File

@ -13,10 +13,6 @@ export abstract class PlatformUtilsService {
isIE: () => boolean;
isMacAppStore: () => boolean;
isViewOpen: () => Promise<boolean>;
/**
* @deprecated This only ever returns null. Pull from your platform's storage using ConstantsService.vaultTimeoutKey
*/
lockTimeout: () => number;
launchUri: (uri: string, options?: any) => void;
saveFile: (win: Window, blobData: any, blobOptions: any, fileName: string) => void;
getApplicationVersion: () => Promise<string>;

1
common/src/abstractions/vaultTimeout.service.ts
View File

@ -9,6 +9,7 @@ export abstract class VaultTimeoutService {
lock: (allowSoftLock?: boolean) => Promise<void>;
logOut: () => Promise<void>;
setVaultTimeoutOptions: (vaultTimeout: number, vaultTimeoutAction: string) => Promise<void>;
getVaultTimeout: () => Promise<number>;
isPinLockSet: () => Promise<[boolean, boolean]>;
isBiometricLockSet: () => Promise<boolean>;
clear: () => Promise<any>;

1
common/src/enums/policyType.ts
View File

@ -8,4 +8,5 @@ export enum PolicyType {
DisableSend = 6, // Disables the ability to create and edit Bitwarden Sends
SendOptions = 7, // Sets restrictions or defaults for Bitwarden Sends
ResetPassword = 8, // Allows orgs to use reset password : also can enable auto-enrollment during invite flow
MaximumVaultTimeout = 9, // Sets the maximum allowed vault timeout
}

34
common/src/services/vaultTimeout.service.ts
View File

@ -6,12 +6,14 @@ import { CryptoService } from '../abstractions/crypto.service';
import { FolderService } from '../abstractions/folder.service';
import { MessagingService } from '../abstractions/messaging.service';
import { PlatformUtilsService } from '../abstractions/platformUtils.service';
import { PolicyService } from '../abstractions/policy.service';
import { SearchService } from '../abstractions/search.service';
import { StorageService } from '../abstractions/storage.service';
import { TokenService } from '../abstractions/token.service';
import { UserService } from '../abstractions/user.service';
import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from '../abstractions/vaultTimeout.service';
import { PolicyType } from '../enums/policyType';
import { EncString } from '../models/domain/encString';
export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
@ -25,7 +27,7 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
private collectionService: CollectionService, private cryptoService: CryptoService,
protected platformUtilsService: PlatformUtilsService, private storageService: StorageService,
private messagingService: MessagingService, private searchService: SearchService,
private userService: UserService, private tokenService: TokenService,
private userService: UserService, private tokenService: TokenService, private policyService: PolicyService,
private lockedCallback: () => Promise<void> = null, private loggedOutCallback: () => Promise<void> = null) {
}
@ -71,12 +73,7 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
return;
}
// This has the potential to be removed. Evaluate after all platforms complete with auto-logout
let vaultTimeout = this.platformUtilsService.lockTimeout();
if (vaultTimeout == null) {
vaultTimeout = await this.storageService.get<number>(ConstantsService.vaultTimeoutKey);
}
const vaultTimeout = await this.getVaultTimeout();
if (vaultTimeout == null || vaultTimeout < 0) {
return;
}
@ -141,6 +138,29 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
return await this.storageService.get<boolean>(ConstantsService.biometricUnlockKey);
}
async getVaultTimeout(): Promise<number> {
const vaultTimeout = await this.storageService.get<number>(ConstantsService.vaultTimeoutKey);
if (await this.policyService.policyAppliesToUser(PolicyType.MaximumVaultTimeout)) {
const policy = await this.policyService.getAll(PolicyType.MaximumVaultTimeout);
// Remove negative values, and ensure it's smaller than maximum allowed value according to policy
let timeout = Math.min(vaultTimeout, policy[0].data.minutes);
if (vaultTimeout == null || timeout < 0) {
timeout = policy[0].data.minutes;
}
// We really shouldn't need to set the value here, but multiple services relies on this value being correct.
if (vaultTimeout !== timeout) {
await this.storageService.save(ConstantsService.vaultTimeoutKey, timeout);
}
return timeout;
}
return vaultTimeout;
}
clear(): Promise<any> {
this.everBeenUnlocked = false;
this.pinProtectedKey = null;

4
electron/src/services/electronPlatformUtils.service.ts
View File

@ -88,10 +88,6 @@ export class ElectronPlatformUtilsService implements PlatformUtilsService {
return Promise.resolve(false);
}
lockTimeout(): number {
return null;
}
launchUri(uri: string, options?: any): void {
shell.openExternal(uri);
}

4
node/src/cli/services/cliPlatformUtils.service.ts
View File

@ -76,10 +76,6 @@ export class CliPlatformUtilsService implements PlatformUtilsService {
return Promise.resolve(false);
}
lockTimeout(): number {
return null;
}
launchUri(uri: string, options?: any): void {
if (process.platform === 'linux') {
child_process.spawnSync('xdg-open', [uri]);