1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-26 12:25:20 +01:00

Remove password hint responses from API (#10523)

* Log reloading behavior

* Remove hints from responses.

changing password implies updating the hint, but no longer displays the old one. This is a security risk for shoulder surfing and breaks the escrow model we have where it is only shared via email when requested.

* Update change password hint label
This commit is contained in:
Matt Gibson 2024-08-23 10:51:42 -07:00 committed by GitHub
parent aa7c9685b6
commit c2829cd71b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 12 additions and 12 deletions

View File

@ -51,6 +51,7 @@ export class WindowMain {
// Perform a hard reload of the render process by crashing it. This is suboptimal but ensures that all memory gets // Perform a hard reload of the render process by crashing it. This is suboptimal but ensures that all memory gets
// cleared, as the process itself will be completely garbage collected. // cleared, as the process itself will be completely garbage collected.
ipcMain.on("reload-process", async () => { ipcMain.on("reload-process", async () => {
this.logService.info("Reloading render process");
// User might have changed theme, ensure the window is updated. // User might have changed theme, ensure the window is updated.
this.win.setBackgroundColor(await this.getBackgroundColor()); this.win.setBackgroundColor(await this.getBackgroundColor());
@ -65,6 +66,7 @@ export class WindowMain {
// FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling. // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
// eslint-disable-next-line @typescript-eslint/no-floating-promises // eslint-disable-next-line @typescript-eslint/no-floating-promises
this.session.clearCache(); this.session.clearCache();
this.logService.info("Render process reloaded");
}); });
return new Promise<void>((resolve, reject) => { return new Promise<void>((resolve, reject) => {

View File

@ -62,10 +62,7 @@ export class ProfileComponent implements OnInit, OnDestroy {
} }
submit = async () => { submit = async () => {
const request = new UpdateProfileRequest( const request = new UpdateProfileRequest(this.formGroup.get("name").value);
this.formGroup.get("name").value,
this.profile.masterPasswordHint,
);
await this.apiService.putProfile(request); await this.apiService.putProfile(request);
this.platformUtilsService.showToast("success", null, this.i18nService.t("accountUpdated")); this.platformUtilsService.showToast("success", null, this.i18nService.t("accountUpdated"));
}; };

View File

@ -111,7 +111,7 @@
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
<label for="masterPasswordHint">{{ "masterPassHintLabel" | i18n }}</label> <label for="masterPasswordHint">{{ "newMasterPassHint" | i18n }}</label>
<input <input
id="masterPasswordHint" id="masterPasswordHint"
class="form-control" class="form-control"

View File

@ -83,7 +83,6 @@ export class ChangePasswordComponent
this.router.navigate(["/settings/security/two-factor"]); this.router.navigate(["/settings/security/two-factor"]);
} }
this.masterPasswordHint = (await this.apiService.getProfile()).masterPasswordHint;
await super.ngOnInit(); await super.ngOnInit();
this.characterMinimumMessage = this.i18nService.t("characterMinimum", this.minimumLength); this.characterMinimumMessage = this.i18nService.t("characterMinimum", this.minimumLength);
@ -138,7 +137,10 @@ export class ChangePasswordComponent
} }
async submit() { async submit() {
if (this.masterPasswordHint != null && this.masterPasswordHint == this.masterPassword) { if (
this.masterPasswordHint != null &&
this.masterPasswordHint.toLowerCase() === this.masterPassword.toLowerCase()
) {
this.platformUtilsService.showToast( this.platformUtilsService.showToast(
"error", "error",
this.i18nService.t("errorOccurred"), this.i18nService.t("errorOccurred"),

View File

@ -905,6 +905,9 @@
"masterPassHint": { "masterPassHint": {
"message": "Master password hint (optional)" "message": "Master password hint (optional)"
}, },
"newMasterPassHint": {
"message": "New master password hint (optional)"
},
"masterPassHintLabel": { "masterPassHintLabel": {
"message": "Master password hint" "message": "Master password hint"
}, },

View File

@ -1,10 +1,8 @@
export class UpdateProfileRequest { export class UpdateProfileRequest {
name: string; name: string;
masterPasswordHint: string;
culture = "en-US"; // deprecated culture = "en-US"; // deprecated
constructor(name: string, masterPasswordHint: string) { constructor(name: string) {
this.name = name; this.name = name;
this.masterPasswordHint = masterPasswordHint ? masterPasswordHint : null;
} }
} }

View File

@ -10,7 +10,6 @@ export class ProfileResponse extends BaseResponse {
name: string; name: string;
email: string; email: string;
emailVerified: boolean; emailVerified: boolean;
masterPasswordHint: string;
premiumPersonally: boolean; premiumPersonally: boolean;
premiumFromOrganization: boolean; premiumFromOrganization: boolean;
culture: string; culture: string;
@ -32,7 +31,6 @@ export class ProfileResponse extends BaseResponse {
this.name = this.getResponseProperty("Name"); this.name = this.getResponseProperty("Name");
this.email = this.getResponseProperty("Email"); this.email = this.getResponseProperty("Email");
this.emailVerified = this.getResponseProperty("EmailVerified"); this.emailVerified = this.getResponseProperty("EmailVerified");
this.masterPasswordHint = this.getResponseProperty("MasterPasswordHint");
this.premiumPersonally = this.getResponseProperty("Premium"); this.premiumPersonally = this.getResponseProperty("Premium");
this.premiumFromOrganization = this.getResponseProperty("PremiumFromOrganization"); this.premiumFromOrganization = this.getResponseProperty("PremiumFromOrganization");
this.culture = this.getResponseProperty("Culture"); this.culture = this.getResponseProperty("Culture");