1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-12-25 16:59:17 +01:00

[KeyConnector] Add support for key connector OTP (#1256)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
This commit is contained in:
Oscar Hinton 2021-11-09 19:24:26 +01:00 committed by GitHub
parent e5eb5d61fe
commit db5a8df64e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
46 changed files with 473 additions and 250 deletions

View File

@ -7,14 +7,50 @@
<span class="sr-only">{{'loading' | i18n}}</span>
</ng-container>
<form #form (ngSubmit)="submit()" [formGroup]="data" [appApiAction]="formPromise" *ngIf="!loading">
<form #form (ngSubmit)="submit()" [formGroup]="data" [appApiAction]="formPromise" *ngIf="!loading" ngNativeValidate>
<p>
{{'ssoPolicyHelpStart' | i18n}}
<a routerLink="../policies">{{'ssoPolicyHelpLink' | i18n}}</a>
{{'ssoPolicyHelpEnd' | i18n}}
</p>
<div class="form-group">
<div class="form-check">
<input class="form-check-input" type="checkbox" id="enabled" [formControl]="enabled" name="Enabled">
<label class="form-check-label" for="enabled">{{'enabled' | i18n}}</label>
<label class="form-check-label" for="enabled">{{'allowSso' | i18n}}</label>
</div>
<small class="form-text text-muted">{{'allowSsoDesc' | i18n}}</small>
</div>
<div class="form-group">
<label>{{'memberDecryptionOption' | i18n}}</label>
<div class="form-check form-check-block">
<input class="form-check-input" type="radio" id="memberDecryptionPass" [value]="false" formControlName="useKeyConnector">
<label class="form-check-label" for="memberDecryptionPass">
{{'masterPass' | i18n}}
<small>{{'memberDecryptionPassDesc' | i18n}}</small>
</label>
</div>
<div class="form-check mt-2 form-check-block">
<input class="form-check-input" type="radio" id="memberDecryptionKey" [value]="true" formControlName="useKeyConnector">
<label class="form-check-label" for="memberDecryptionKey">
{{'keyConnector' | i18n}}
<small>{{'memberDecryptionKeyConnectorDesc' | i18n}}</small>
</label>
</div>
</div>
<ng-container *ngIf="data.value.useKeyConnector">
<app-callout type="warning" [useAlertRole]="true">
{{'keyConnectorWarning' | i18n}}
</app-callout>
<div class="form-group">
<label for="keyConnectorUrl">{{'keyConnectorUrl' | i18n}}</label>
<input class="form-control" formControlName="keyConnectorUrl" id="keyConnectorUrl" required>
</div>
</ng-container>
<div class="form-group">
<label for="type">{{'type' | i18n}}</label>
<select class="form-control" id="type" formControlName="configType">
@ -24,18 +60,6 @@
</select>
</div>
<div class="form-group">
<div class="form-check">
<input class="form-check-input" type="checkbox" id="useCryptoAgent" formControlName="useCryptoAgent">
<label class="form-check-label" for="useCryptoAgent">{{'enabled' | i18n}}</label>
</div>
</div>
<div class="form-group">
<label>{{'cryptoAgentUrl' | i18n}}</label>
<input class="form-control" formControlName="cryptoAgentUrl">
</div>
<!-- OIDC -->
<div *ngIf="data.value.configType == 1">
<div class="config-section">
@ -67,24 +91,24 @@
</div>
</div>
<div class="form-group">
<label>{{'authority' | i18n}}</label>
<input class="form-control" formControlName="authority">
<label for="authority">{{'authority' | i18n}}</label>
<input class="form-control" formControlName="authority" id="authority">
</div>
<div class="form-group">
<label>{{'clientId' | i18n}}</label>
<input class="form-control" formControlName="clientId">
<label for="clientId">{{'clientId' | i18n}}</label>
<input class="form-control" formControlName="clientId" id="clientId">
</div>
<div class="form-group">
<label>{{'clientSecret' | i18n}}</label>
<input class="form-control" formControlName="clientSecret">
<label for="clientSecret">{{'clientSecret' | i18n}}</label>
<input class="form-control" formControlName="clientSecret" id="clientSecret">
</div>
<div class="form-group">
<label>{{'metadataAddress' | i18n}}</label>
<input class="form-control" formControlName="metadataAddress">
<label for="metadataAddress">{{'metadataAddress' | i18n}}</label>
<input class="form-control" formControlName="metadataAddress" id="metadataAddress">
</div>
<div class="form-group">
<label>{{'oidcRedirectBehavior' | i18n}}</label>
<select class="form-control" formControlName="redirectBehavior">
<label for="redirectBehavior">{{'oidcRedirectBehavior' | i18n}}</label>
<select class="form-control" formControlName="redirectBehavior" id="redirectBehavior">
<option value="0">Redirect GET</option>
<option value="1">Form POST</option>
</select>
@ -99,28 +123,31 @@
</div>
</div>
<div class="form-group">
<label>{{'additionalScopes' | i18n}}</label>
<input class="form-control" formControlName="additionalScopes">
<label for="additionalScopes">{{'additionalScopes' | i18n}}</label>
<input class="form-control" formControlName="additionalScopes" id="additionalScopes">
</div>
<div class="form-group">
<label>{{'additionalUserIdClaimTypes' | i18n}}</label>
<input class="form-control" formControlName="additionalUserIdClaimTypes">
<label for="additionalUserIdClaimTypes">{{'additionalUserIdClaimTypes' | i18n}}</label>
<input class="form-control" formControlName="additionalUserIdClaimTypes"
id="additionalUserIdClaimTypes">
</div>
<div class="form-group">
<label>{{'additionalEmailClaimTypes' | i18n}}</label>
<input class="form-control" formControlName="additionalEmailClaimTypes">
<label for="additionalEmailClaimTypes">{{'additionalEmailClaimTypes' | i18n}}</label>
<input class="form-control" formControlName="additionalEmailClaimTypes"
id="additionalEmailClaimTypes">
</div>
<div class="form-group">
<label>{{'additionalNameClaimTypes' | i18n}}</label>
<input class="form-control" formControlName="additionalNameClaimTypes">
<label for="additionalNameClaimTypes">{{'additionalNameClaimTypes' | i18n}}</label>
<input class="form-control" formControlName="additionalNameClaimTypes"
id="additionalNameClaimTypes">
</div>
<div class="form-group">
<label>{{'acrValues' | i18n}}</label>
<input class="form-control" formControlName="acrValues">
<label for="acrValues">{{'acrValues' | i18n}}</label>
<input class="form-control" formControlName="acrValues" id="acrValues">
</div>
<div class="form-group">
<label>{{'expectedReturnAcrValue' | i18n}}</label>
<input class="form-control" formControlName="expectedReturnAcrValue">
<label for="expectedReturnAcrValue">{{'expectedReturnAcrValue' | i18n}}</label>
<input class="form-control" formControlName="expectedReturnAcrValue" id="expectedReturnAcrValue">
</div>
</div>
</div>
@ -174,8 +201,8 @@
</div>
</div>
<div class="form-group">
<label>{{'spNameIdFormat' | i18n}}</label>
<select class="form-control" formControlName="spNameIdFormat">
<label for="spNameIdFormat">{{'spNameIdFormat' | i18n}}</label>
<select class="form-control" formControlName="spNameIdFormat" id="spNameIdFormat">
<option value="0">Not Configured</option>
<option value="1">Unspecified</option>
<option value="2">Email Address</option>
@ -188,35 +215,43 @@
</select>
</div>
<div class="form-group">
<label>{{'spOutboundSigningAlgorithm' | i18n}}</label>
<select class="form-control" formControlName="spOutboundSigningAlgorithm">
<label for="spOutboundSigningAlgorithm">{{'spOutboundSigningAlgorithm' | i18n}}</label>
<select class="form-control" formControlName="spOutboundSigningAlgorithm"
id="spOutboundSigningAlgorithm">
<option *ngFor="let o of samlSigningAlgorithms" [ngValue]="o">{{o}}</option>
</select>
</div>
<div class="form-group">
<label>{{'spSigningBehavior' | i18n}}</label>
<select class="form-control" formControlName="spSigningBehavior">
<label for="spSigningBehavior">{{'spSigningBehavior' | i18n}}</label>
<select class="form-control" formControlName="spSigningBehavior" id="spSigningBehavior">
<option value="0">If IdP Wants Authn Requests Signed</option>
<option value="1">Always</option>
<option value="3">Never</option>
</select>
</div>
<div class="form-group">
<label>{{'spMinIncomingSigningAlgorithm' | i18n}}</label>
<select class="form-control" formControlName="spMinIncomingSigningAlgorithm">
<label for="spMinIncomingSigningAlgorithm">{{'spMinIncomingSigningAlgorithm' | i18n}}</label>
<select class="form-control" formControlName="spMinIncomingSigningAlgorithm"
id="spMinIncomingSigningAlgorithm">
<option *ngFor="let o of samlSigningAlgorithms" [ngValue]="o">{{o}}</option>
</select>
</div>
<div class="form-group">
<div class="form-check">
<input class="form-check-input" type="checkbox" id="spWantAssertionsSigned" formControlName="spWantAssertionsSigned">
<label class="form-check-label" for="spWantAssertionsSigned">{{'spWantAssertionsSigned' | i18n}}</label>
<input class="form-check-input" type="checkbox" id="spWantAssertionsSigned"
formControlName="spWantAssertionsSigned">
<label class="form-check-label" for="spWantAssertionsSigned">
{{'spWantAssertionsSigned' | i18n}}
</label>
</div>
</div>
<div class="form-group">
<div class="form-check">
<input class="form-check-input" type="checkbox" id="spValidateCertificates" formControlName="spValidateCertificates">
<label class="form-check-label" for="spValidateCertificates">{{'spValidateCertificates' | i18n}}</label>
<input class="form-check-input" type="checkbox" id="spValidateCertificates"
formControlName="spValidateCertificates">
<label class="form-check-label" for="spValidateCertificates">
{{'spValidateCertificates' | i18n}}
</label>
</div>
</div>
</div>
@ -226,36 +261,39 @@
<h2>{{'samlIdpConfig' | i18n}}</h2>
<div class="form-group">
<label>{{'idpEntityId' | i18n}}</label>
<input class="form-control" formControlName="idpEntityId">
<label for="idpEntityId">{{'idpEntityId' | i18n}}</label>
<input class="form-control" formControlName="idpEntityId" id="idpEntityId">
</div>
<div class="form-group">
<label>{{'idpBindingType' | i18n}}</label>
<select class="form-control" formControlName="idpBindingType">
<label for="idpBindingType">{{'idpBindingType' | i18n}}</label>
<select class="form-control" formControlName="idpBindingType" id="idpBindingType">
<option value="1">Redirect</option>
<option value="2">HTTP POST</option>
<option value="4">Artifact</option>
</select>
</div>
<div class="form-group">
<label>{{'idpSingleSignOnServiceUrl' | i18n}}</label>
<input class="form-control" formControlName="idpSingleSignOnServiceUrl">
<label for="idpSingleSignOnServiceUrl">{{'idpSingleSignOnServiceUrl' | i18n}}</label>
<input class="form-control" formControlName="idpSingleSignOnServiceUrl" id="idpSingleSignOnServiceUrl">
</div>
<div class="form-group">
<label>{{'idpSingleLogoutServiceUrl' | i18n}}</label>
<input class="form-control" formControlName="idpSingleLogoutServiceUrl">
<label for="idpSingleLogoutServiceUrl">{{'idpSingleLogoutServiceUrl' | i18n}}</label>
<input class="form-control" formControlName="idpSingleLogoutServiceUrl" id="idpSingleLogoutServiceUrl">
</div>
<div class="form-group">
<label>{{'idpArtifactResolutionServiceUrl' | i18n}}</label>
<input class="form-control" formControlName="idpArtifactResolutionServiceUrl">
<label for="idpArtifactResolutionServiceUrl">{{'idpArtifactResolutionServiceUrl' | i18n}}</label>
<input class="form-control" formControlName="idpArtifactResolutionServiceUrl"
id="idpArtifactResolutionServiceUrl">
</div>
<div class="form-group">
<label>{{'idpX509PublicCert' | i18n}}</label>
<textarea formControlName="idpX509PublicCert" class="form-control form-control-sm text-monospace" rows="6"></textarea>
<label for="idpX509PublicCert">{{'idpX509PublicCert' | i18n}}</label>
<textarea formControlName="idpX509PublicCert" class="form-control form-control-sm text-monospace"
rows="6" id="idpX509PublicCert"></textarea>
</div>
<div class="form-group">
<label>{{'idpOutboundSigningAlgorithm' | i18n}}</label>
<select class="form-control" formControlName="idpOutboundSigningAlgorithm">
<label for="idpOutboundSigningAlgorithm">{{'idpOutboundSigningAlgorithm' | i18n}}</label>
<select class="form-control" formControlName="idpOutboundSigningAlgorithm"
id="idpOutboundSigningAlgorithm">
<option *ngFor="let o of samlSigningAlgorithms" [ngValue]="o">{{o}}</option>
</select>
</div>

View File

@ -37,8 +37,8 @@ export class SsoComponent implements OnInit {
data = this.fb.group({
configType: [],
useCryptoAgent: [],
cryptoAgentUrl: [],
useKeyConnector: [],
keyConnectorUrl: [],
// OpenId
authority: [],

2
jslib

@ -1 +1 @@
Subproject commit 2db9e1ce0d7a702f07f20ecb916dd8191ff617e1
Subproject commit 8f177e2d3a879b854db5c6e6d7d386b24d637a66

View File

@ -5,6 +5,7 @@ import { ApiService } from 'jslib-common/abstractions/api.service';
import { CryptoService } from 'jslib-common/abstractions/crypto.service';
import { EnvironmentService } from 'jslib-common/abstractions/environment.service';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { KeyConnectorService } from 'jslib-common/abstractions/keyConnector.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { MessagingService } from 'jslib-common/abstractions/messaging.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
@ -27,9 +28,11 @@ export class LockComponent extends BaseLockComponent {
userService: UserService, cryptoService: CryptoService,
storageService: StorageService, vaultTimeoutService: VaultTimeoutService,
environmentService: EnvironmentService, private routerService: RouterService,
stateService: StateService, apiService: ApiService, logService: LogService) {
stateService: StateService, apiService: ApiService, logService: LogService,
keyConnectorService: KeyConnectorService) {
super(router, i18nService, platformUtilsService, messagingService, userService, cryptoService,
storageService, vaultTimeoutService, environmentService, stateService, apiService, logService);
storageService, vaultTimeoutService, environmentService, stateService, apiService, logService,
keyConnectorService);
}
async ngOnInit() {

View File

@ -0,0 +1,31 @@
<div class="mt-5 d-flex justify-content-center" *ngIf="loading">
<div>
<img class="mb-4 logo logo-themed" alt="Bitwarden">
<p class="text-center">
<i class="fa fa-spinner fa-spin fa-2x text-muted" title="{{'loading' | i18n}}" aria-hidden="true"></i>
<span class="sr-only">{{'loading' | i18n}}</span>
</p>
</div>
</div>
<div class="container" *ngIf="!loading">
<div class="row justify-content-md-center mt-5">
<div class="col-5">
<p class="lead text-center mb-4">{{'removeMasterPassword' | i18n}}</p>
<hr>
<div class="card d-block">
<div class="card-body">
<p>{{'convertOrganizationEncryptionDesc' | i18n : organization.name}}</p>
<button type="button" class="btn btn-primary btn-block" (click)="convert()" [disabled]="actionPromise">
<i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true" *ngIf="continuing"></i>
{{'removeMasterPassword' | i18n}}
</button>
<button type="button" class="btn btn-outline-secondary btn-block" (click)="leave()" [disabled]="actionPromise">
<i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true" *ngIf="leaving"></i>
{{'leaveOrganization' | i18n}}
</button>
</div>
</div>
</div>
</div>
</div>

View File

@ -0,0 +1,10 @@
import { Component } from '@angular/core';
import { RemovePasswordComponent as BaseRemovePasswordComponent } from 'jslib-angular/components/remove-password.component';
@Component({
selector: 'app-remove-password',
templateUrl: 'remove-password.component.html',
})
export class RemovePasswordComponent extends BaseRemovePasswordComponent {
}

View File

@ -32,6 +32,7 @@ import { CryptoService } from 'jslib-common/abstractions/crypto.service';
import { EventService } from 'jslib-common/abstractions/event.service';
import { FolderService } from 'jslib-common/abstractions/folder.service';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { KeyConnectorService } from 'jslib-common/abstractions/keyConnector.service';
import { NotificationsService } from 'jslib-common/abstractions/notifications.service';
import { PasswordGenerationService } from 'jslib-common/abstractions/passwordGeneration.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
@ -92,7 +93,8 @@ export class AppComponent implements OnDestroy, OnInit {
private sanitizer: DomSanitizer, private searchService: SearchService,
private notificationsService: NotificationsService, private routerService: RouterService,
private stateService: StateService, private eventService: EventService,
private policyService: PolicyService, protected policyListService: PolicyListService) { }
private policyService: PolicyService, protected policyListService: PolicyListService,
private keyConnectorService: KeyConnectorService) { }
ngOnInit() {
this.ngZone.runOutsideAngular(() => {
@ -163,6 +165,10 @@ export class AppComponent implements OnDestroy, OnInit {
case 'setFullWidth':
this.setFullWidth();
break;
case 'convertAccountToKeyConnector':
this.keyConnectorService.setConvertAccountRequired(true);
this.router.navigate(['/remove-password']);
break;
default:
break;
}
@ -218,6 +224,7 @@ export class AppComponent implements OnDestroy, OnInit {
this.policyService.clear(userId),
this.passwordGenerationService.clear(),
this.stateService.purge(),
this.keyConnectorService.clear(),
]);
this.searchService.clearIndex();

View File

@ -1,3 +1,7 @@
<app-callout type="info" *ngIf="showKeyConnectorInfo">
{{'keyConnectorPolicyRestriction' | i18n}}
</app-callout>
<div [formGroup]="data">
<div class="form-group">
<div class="form-check">

View File

@ -2,6 +2,7 @@ import { Component } from '@angular/core';
import { FormBuilder } from '@angular/forms';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { UserService } from 'jslib-common/abstractions/user.service';
import { PolicyType } from 'jslib-common/enums/policyType';
@ -30,8 +31,9 @@ export class MasterPasswordPolicyComponent extends BasePolicyComponent {
});
passwordScores: { name: string; value: number; }[];
showKeyConnectorInfo: boolean = false;
constructor(private fb: FormBuilder, i18nService: I18nService) {
constructor(private fb: FormBuilder, i18nService: I18nService, private userService: UserService) {
super();
this.passwordScores = [
@ -43,4 +45,10 @@ export class MasterPasswordPolicyComponent extends BasePolicyComponent {
{ name: i18nService.t('strong') + ' (4)', value: 4 },
];
}
async ngOnInit() {
super.ngOnInit();
const organization = await this.userService.getOrganization(this.policyResponse.organizationId);
this.showKeyConnectorInfo = organization.usesKeyConnector;
}
}

View File

@ -1,3 +1,7 @@
<app-callout type="info" *ngIf="showKeyConnectorInfo">
{{'keyConnectorPolicyRestriction' | i18n}}
</app-callout>
<app-callout type="warning">
{{'resetPasswordPolicyWarning' | i18n}}
</app-callout>

View File

@ -1,5 +1,6 @@
import { Component } from '@angular/core';
import { FormBuilder } from '@angular/forms';
import { UserService } from 'jslib-common/abstractions/user.service';
import { PolicyType } from 'jslib-common/enums/policyType';
@ -29,8 +30,15 @@ export class ResetPasswordPolicyComponent extends BasePolicyComponent {
});
defaultTypes: { name: string; value: string; }[];
showKeyConnectorInfo: boolean = false;
constructor(private fb: FormBuilder) {
constructor(private fb: FormBuilder, private userService: UserService) {
super();
}
async ngOnInit() {
super.ngOnInit();
const organization = await this.userService.getOrganization(this.policyResponse.organizationId);
this.showKeyConnectorInfo = organization.usesKeyConnector;
}
}

View File

@ -10,9 +10,8 @@
<div class="modal-body">
<p>{{'deleteOrganizationDesc' | i18n}}</p>
<app-callout type="warning">{{'deleteOrganizationWarning' | i18n}}</app-callout>
<label for="masterPassword">{{'masterPass' | i18n}}</label>
<input id="masterPassword" type="password" name="MasterPasswordHash" class="form-control"
[(ngModel)]="masterPassword" required appAutofocus appInputVerbatim>
<app-verify-master-password [(ngModel)]="masterPassword" ngDefaultControl name="secret">
</app-verify-master-password>
</div>
<div class="modal-footer">
<button type="submit" class="btn btn-danger btn-submit" [disabled]="form.loading">

View File

@ -3,12 +3,12 @@ import { Router } from '@angular/router';
import { ToasterService } from 'angular2-toaster';
import { Verification } from 'jslib-common/types/verification';
import { ApiService } from 'jslib-common/abstractions/api.service';
import { CryptoService } from 'jslib-common/abstractions/crypto.service';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { PasswordVerificationRequest } from 'jslib-common/models/request/passwordVerificationRequest';
import { UserVerificationService } from 'jslib-common/abstractions/userVerification.service';
@Component({
selector: 'app-delete-organization',
@ -17,22 +17,16 @@ import { PasswordVerificationRequest } from 'jslib-common/models/request/passwor
export class DeleteOrganizationComponent {
organizationId: string;
masterPassword: string;
masterPassword: Verification;
formPromise: Promise<any>;
constructor(private apiService: ApiService, private i18nService: I18nService,
private toasterService: ToasterService, private cryptoService: CryptoService,
private toasterService: ToasterService, private userVerificationService: UserVerificationService,
private router: Router, private logService: LogService) { }
async submit() {
if (this.masterPassword == null || this.masterPassword === '') {
this.toasterService.popAsync('error', this.i18nService.t('errorOccurred'),
this.i18nService.t('masterPassRequired'));
return;
}
const request = await this.userVerificationService.buildRequest(this.masterPassword);
const request = new PasswordVerificationRequest();
request.masterPasswordHash = await this.cryptoService.hashPassword(this.masterPassword, null);
try {
this.formPromise = this.apiService.deleteOrganization(this.organizationId, request);
await this.formPromise;

View File

@ -1,4 +1,5 @@
import { Component } from '@angular/core';
import { FormBuilder } from '@angular/forms';
import { ActivatedRoute } from '@angular/router';
import { CryptoService } from 'jslib-common/abstractions/crypto.service';
@ -8,6 +9,7 @@ import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
import { PolicyService } from 'jslib-common/abstractions/policy.service';
import { UserVerificationService } from 'jslib-common/abstractions/userVerification.service';
import { ExportComponent as BaseExportComponent } from '../../tools/export.component';
@ -19,9 +21,9 @@ export class ExportComponent extends BaseExportComponent {
constructor(cryptoService: CryptoService, i18nService: I18nService,
platformUtilsService: PlatformUtilsService, exportService: ExportService,
eventService: EventService, private route: ActivatedRoute, policyService: PolicyService,
logService: LogService) {
logService: LogService, userVerificationService: UserVerificationService, fb: FormBuilder) {
super(cryptoService, i18nService, platformUtilsService, exportService, eventService, policyService,
logService);
logService, userVerificationService, fb);
}
async ngOnInit() {

View File

@ -10,6 +10,7 @@ import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { MessagingService } from 'jslib-common/abstractions/messaging.service';
import { PasswordGenerationService } from 'jslib-common/abstractions/passwordGeneration.service';
import { PasswordRepromptService } from 'jslib-common/abstractions/passwordReprompt.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
import { PolicyService } from 'jslib-common/abstractions/policy.service';
import { StateService } from 'jslib-common/abstractions/state.service';
@ -38,10 +39,11 @@ export class AddEditComponent extends BaseAddEditComponent {
userService: UserService, collectionService: CollectionService,
totpService: TotpService, passwordGenerationService: PasswordGenerationService,
private apiService: ApiService, messagingService: MessagingService,
eventService: EventService, policyService: PolicyService, logService: LogService) {
eventService: EventService, policyService: PolicyService, logService: LogService,
passwordRepromptService: PasswordRepromptService) {
super(cipherService, folderService, i18nService, platformUtilsService, auditService, stateService,
userService, collectionService, totpService, passwordGenerationService, messagingService,
eventService, policyService, logService);
eventService, policyService, passwordRepromptService, logService);
}
protected allowOwnershipAssignment() {

View File

@ -16,6 +16,7 @@ import { LoginComponent } from './accounts/login.component';
import { RecoverDeleteComponent } from './accounts/recover-delete.component';
import { RecoverTwoFactorComponent } from './accounts/recover-two-factor.component';
import { RegisterComponent } from './accounts/register.component';
import { RemovePasswordComponent } from './accounts/remove-password.component';
import { SetPasswordComponent } from './accounts/set-password.component';
import { SsoComponent } from './accounts/sso.component';
import { TwoFactorComponent } from './accounts/two-factor.component';
@ -170,6 +171,12 @@ const routes: Routes = [
canActivate: [AuthGuardService],
data: { titleId: 'updateTempPassword' },
},
{
path: 'remove-password',
component: RemovePasswordComponent,
canActivate: [AuthGuardService],
data: { titleId: 'removeMasterPassword' },
},
],
},
{

View File

@ -29,6 +29,7 @@ import { LoginComponent } from './accounts/login.component';
import { RecoverDeleteComponent } from './accounts/recover-delete.component';
import { RecoverTwoFactorComponent } from './accounts/recover-two-factor.component';
import { RegisterComponent } from './accounts/register.component';
import { RemovePasswordComponent } from './accounts/remove-password.component';
import { SetPasswordComponent } from './accounts/set-password.component';
import { SsoComponent } from './accounts/sso.component';
import { TwoFactorOptionsComponent } from './accounts/two-factor-options.component';
@ -177,6 +178,7 @@ import { ProvidersComponent } from './providers/providers.component';
import { AvatarComponent } from 'jslib-angular/components/avatar.component';
import { CalloutComponent } from 'jslib-angular/components/callout.component';
import { IconComponent } from 'jslib-angular/components/icon.component';
import { VerifyMasterPasswordComponent } from 'jslib-angular/components/verify-master-password.component';
import { A11yTitleDirective } from 'jslib-angular/directives/a11y-title.directive';
import { ApiActionDirective } from 'jslib-angular/directives/api-action.directive';
@ -460,6 +462,8 @@ registerLocaleData(localeZhTw, 'zh-TW');
ResetPasswordPolicyComponent,
VaultTimeoutInputComponent,
AddEditCustomFieldsComponent,
VerifyMasterPasswordComponent,
RemovePasswordComponent,
],
exports: [
A11yTitleDirective,

View File

@ -74,6 +74,9 @@ export class EventService {
case EventType.User_UpdatedTempPassword:
msg = humanReadableMsg = this.i18nService.t('updatedMasterPassword');
break;
case EventType.User_MigratedKeyToKeyConnector:
msg = humanReadableMsg = this.i18nService.t('migratedKeyConnector');
break;
// Cipher
case EventType.Cipher_Created:
msg = this.i18nService.t('createdItemId', this.formatCipherId(ev, options));
@ -225,6 +228,18 @@ export class EventService {
case EventType.Organization_VaultAccessed:
msg = humanReadableMsg = this.i18nService.t('vaultAccessedByProvider');
break;
case EventType.Organization_EnabledSso:
msg = humanReadableMsg = this.i18nService.t('enabledSso');
break;
case EventType.Organization_DisabledSso:
msg = humanReadableMsg = this.i18nService.t('disabledSso');
break;
case EventType.Organization_EnabledKeyConnector:
msg = humanReadableMsg = this.i18nService.t('enabledKeyConnector');
break;
case EventType.Organization_DisabledKeyConnector:
msg = humanReadableMsg = this.i18nService.t('disabledKeyConnector');
break;
// Policies
case EventType.Policy_Updated:
msg = this.i18nService.t('modifiedPolicyId', this.formatPolicyId(ev));

View File

@ -42,6 +42,7 @@ import { ExportService } from 'jslib-common/services/export.service';
import { FileUploadService } from 'jslib-common/services/fileUpload.service';
import { FolderService } from 'jslib-common/services/folder.service';
import { ImportService } from 'jslib-common/services/import.service';
import { KeyConnectorService } from 'jslib-common/services/keyConnector.service';
import { NotificationsService } from 'jslib-common/services/notifications.service';
import { PasswordGenerationService } from 'jslib-common/services/passwordGeneration.service';
import { PolicyService } from 'jslib-common/services/policy.service';
@ -53,6 +54,7 @@ import { SyncService } from 'jslib-common/services/sync.service';
import { TokenService } from 'jslib-common/services/token.service';
import { TotpService } from 'jslib-common/services/totp.service';
import { UserService } from 'jslib-common/services/user.service';
import { UserVerificationService } from 'jslib-common/services/userVerification.service';
import { VaultTimeoutService } from 'jslib-common/services/vaultTimeout.service';
import { WebCryptoFunctionService } from 'jslib-common/services/webCryptoFunction.service';
@ -70,6 +72,7 @@ import { FileUploadService as FileUploadServiceAbstraction } from 'jslib-common
import { FolderService as FolderServiceAbstraction } from 'jslib-common/abstractions/folder.service';
import { I18nService as I18nServiceAbstraction } from 'jslib-common/abstractions/i18n.service';
import { ImportService as ImportServiceAbstraction } from 'jslib-common/abstractions/import.service';
import { KeyConnectorService as KeyConnectorServiceAbstraction } from 'jslib-common/abstractions/keyConnector.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { MessagingService as MessagingServiceAbstraction } from 'jslib-common/abstractions/messaging.service';
import { NotificationsService as NotificationsServiceAbstraction } from 'jslib-common/abstractions/notifications.service';
@ -88,6 +91,7 @@ import { SyncService as SyncServiceAbstraction } from 'jslib-common/abstractions
import { TokenService as TokenServiceAbstraction } from 'jslib-common/abstractions/token.service';
import { TotpService as TotpServiceAbstraction } from 'jslib-common/abstractions/totp.service';
import { UserService as UserServiceAbstraction } from 'jslib-common/abstractions/user.service';
import { UserVerificationService as UserVerificationServiceAbstraction } from 'jslib-common/abstractions/userVerification.service';
import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from 'jslib-common/abstractions/vaultTimeout.service';
import { ModalService } from './modal.service';
@ -127,15 +131,18 @@ const sendService = new SendService(cryptoService, userService, apiService, file
const vaultTimeoutService = new VaultTimeoutService(cipherService, folderService, collectionService,
cryptoService, platformUtilsService, storageService, messagingService, searchService, userService, tokenService,
policyService, null, async () => messagingService.send('logout', { expired: false }));
const keyConnectorService = new KeyConnectorService(storageService, userService, cryptoService, apiService,
environmentService, tokenService, consoleLogService);
const syncService = new SyncService(userService, apiService, settingsService,
folderService, cipherService, cryptoService, collectionService, storageService, messagingService, policyService,
sendService, consoleLogService, async (expired: boolean) => messagingService.send('logout', { expired: expired }));
sendService, consoleLogService, tokenService, keyConnectorService,
async (expired: boolean) => messagingService.send('logout', { expired: expired }));
const passwordGenerationService = new PasswordGenerationService(cryptoService, storageService, policyService);
const totpService = new TotpService(storageService, cryptoFunctionService, consoleLogService);
const containerService = new ContainerService(cryptoService);
const authService = new AuthService(cryptoService, apiService,
userService, tokenService, appIdService, i18nService, platformUtilsService, messagingService, vaultTimeoutService,
consoleLogService, cryptoFunctionService);
consoleLogService, cryptoFunctionService, environmentService, keyConnectorService);
const exportService = new ExportService(folderService, cipherService, apiService, cryptoService);
const importService = new ImportService(cipherService, folderService, apiService, i18nService, collectionService,
platformUtilsService, cryptoService);
@ -226,7 +233,9 @@ export function initFactory(): Function {
{ provide: EventLoggingServiceAbstraction, useValue: eventLoggingService },
{ provide: PolicyServiceAbstraction, useValue: policyService },
{ provide: SendServiceAbstraction, useValue: sendService },
{ provide: KeyConnectorServiceAbstraction, useValue: keyConnectorService },
{ provide: PasswordRepromptServiceAbstraction, useClass: PasswordRepromptService },
{ provide: UserVerificationServiceAbstraction, useClass: UserVerificationService },
{ provide: LogService, useValue: consoleLogService },
{
provide: APP_INITIALIZER,

View File

@ -2,18 +2,24 @@
<h1>{{'myAccount' | i18n}}</h1>
</div>
<app-profile></app-profile>
<div class="secondary-header">
<h1>{{'changeEmail' | i18n}}</h1>
</div>
<app-change-email></app-change-email>
<div class="secondary-header">
<h1>{{'changeMasterPassword' | i18n}}</h1>
</div>
<app-change-password></app-change-password>
<div class="secondary-header">
<h1>{{'encKeySettings' | i18n}}</h1>
</div>
<app-change-kdf></app-change-kdf>
<ng-container *ngIf="showChangeEmail">
<div class="secondary-header">
<h1>{{'changeEmail' | i18n}}</h1>
</div>
<app-change-email></app-change-email>
</ng-container>
<ng-container *ngIf="showChangePassword">
<div class="secondary-header">
<h1>{{'changeMasterPassword' | i18n}}</h1>
</div>
<app-change-password></app-change-password>
</ng-container>
<ng-container *ngIf="showChangeKdf">
<div class="secondary-header">
<h1>{{'encKeySettings' | i18n}}</h1>
</div>
<app-change-kdf></app-change-kdf>
</ng-container>
<div class="secondary-header border-0 mb-0">
<h1>{{'apiKey' | i18n}}</h1>
</div>

View File

@ -10,6 +10,7 @@ import { DeleteAccountComponent } from './delete-account.component';
import { PurgeVaultComponent } from './purge-vault.component';
import { ApiService } from 'jslib-common/abstractions/api.service';
import { KeyConnectorService } from 'jslib-common/abstractions/keyConnector.service';
import { UserService } from 'jslib-common/abstractions/user.service';
import { ModalService } from 'jslib-angular/services/modal.service';
@ -25,8 +26,17 @@ export class AccountComponent {
@ViewChild('viewUserApiKeyTemplate', { read: ViewContainerRef, static: true }) viewUserApiKeyModalRef: ViewContainerRef;
@ViewChild('rotateUserApiKeyTemplate', { read: ViewContainerRef, static: true }) rotateUserApiKeyModalRef: ViewContainerRef;
showChangePassword = true;
showChangeKdf = true;
showChangeEmail = true;
constructor(private modalService: ModalService, private apiService: ApiService,
private userService: UserService) { }
private userService: UserService, private keyConnectorService: KeyConnectorService) { }
async ngOnInit() {
this.showChangeEmail = this.showChangeKdf = this.showChangePassword =
!await this.keyConnectorService.getUsesKeyConnector();
}
async deauthorizeSessions() {
await this.modalService.openViewRef(DeauthorizeSessionsComponent, this.deauthModalRef);

View File

@ -9,11 +9,9 @@
</div>
<div class="modal-body">
<p>{{apiKeyDescription | i18n}}</p>
<ng-container *ngIf="!clientSecret">
<label for="masterPassword">{{'masterPass' | i18n}}</label>
<input id="masterPassword" type="password" name="MasterPasswordHash" class="form-control"
[(ngModel)]="masterPassword" required appAutofocus appInputVerbatim>
</ng-container>
<app-verify-master-password [(ngModel)]="masterPassword" ngDefaultControl name="secret" *ngIf="!clientSecret">
</app-verify-master-password>
<app-callout type="warning" *ngIf="clientSecret">{{apiKeyWarning | i18n}}</app-callout>
<app-callout type="info" title="{{'oauth2ClientCredentials' | i18n}}" icon="fa-key"
*ngIf="clientSecret">

View File

@ -1,15 +1,14 @@
import { Component } from '@angular/core';
import { ToasterService } from 'angular2-toaster';
import { CryptoService } from 'jslib-common/abstractions/crypto.service';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { UserVerificationService } from 'jslib-common/abstractions/userVerification.service';
import { PasswordVerificationRequest } from 'jslib-common/models/request/passwordVerificationRequest';
import { SecretVerificationRequest } from 'jslib-common/models/request/secretVerificationRequest';
import { ApiKeyResponse } from 'jslib-common/models/response/apiKeyResponse';
import { Verification } from 'jslib-common/types/verification';
@Component({
selector: 'app-api-key',
templateUrl: 'api-key.component.html',
@ -17,7 +16,7 @@ import { ApiKeyResponse } from 'jslib-common/models/response/apiKeyResponse';
export class ApiKeyComponent {
keyType: string;
isRotation: boolean;
postKey: (entityId: string, request: PasswordVerificationRequest) => Promise<ApiKeyResponse>;
postKey: (entityId: string, request: SecretVerificationRequest) => Promise<ApiKeyResponse>;
entityId: string;
scope: string;
grantType: string;
@ -25,23 +24,16 @@ export class ApiKeyComponent {
apiKeyWarning: string;
apiKeyDescription: string;
masterPassword: string;
masterPassword: Verification;
formPromise: Promise<ApiKeyResponse>;
clientId: string;
clientSecret: string;
constructor(private i18nService: I18nService, private toasterService: ToasterService,
private cryptoService: CryptoService, private logService: LogService) { }
constructor(private userVerificationService: UserVerificationService, private logService: LogService) { }
async submit() {
if (this.masterPassword == null || this.masterPassword === '') {
this.toasterService.popAsync('error', this.i18nService.t('errorOccurred'),
this.i18nService.t('masterPassRequired'));
return;
}
const request = await this.userVerificationService.buildRequest(this.masterPassword);
const request = new PasswordVerificationRequest();
request.masterPasswordHash = await this.cryptoService.hashPassword(this.masterPassword, null);
try {
this.formPromise = this.postKey(this.entityId, request);
const response = await this.formPromise;

View File

@ -10,9 +10,8 @@
<div class="modal-body">
<p>{{'deauthorizeSessionsDesc' | i18n}}</p>
<app-callout type="warning">{{'deauthorizeSessionsWarning' | i18n}}</app-callout>
<label for="masterPassword">{{'masterPass' | i18n}}</label>
<input id="masterPassword" type="password" name="MasterPasswordHash" class="form-control"
[(ngModel)]="masterPassword" required appAutoFocus appInputVerbatim>
<app-verify-master-password [(ngModel)]="masterPassword" ngDefaultControl name="secret">
</app-verify-master-password>
</div>
<div class="modal-footer">
<button type="submit" class="btn btn-danger btn-submit" [disabled]="form.loading">

View File

@ -3,34 +3,28 @@ import { Component } from '@angular/core';
import { ToasterService } from 'angular2-toaster';
import { ApiService } from 'jslib-common/abstractions/api.service';
import { CryptoService } from 'jslib-common/abstractions/crypto.service';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { MessagingService } from 'jslib-common/abstractions/messaging.service';
import { UserVerificationService } from 'jslib-common/abstractions/userVerification.service';
import { PasswordVerificationRequest } from 'jslib-common/models/request/passwordVerificationRequest';
import { Verification } from 'jslib-common/types/verification';
@Component({
selector: 'app-deauthorize-sessions',
templateUrl: 'deauthorize-sessions.component.html',
})
export class DeauthorizeSessionsComponent {
masterPassword: string;
masterPassword: Verification;
formPromise: Promise<any>;
constructor(private apiService: ApiService, private i18nService: I18nService,
private toasterService: ToasterService, private cryptoService: CryptoService,
private toasterService: ToasterService, private userVerificationService: UserVerificationService,
private messagingService: MessagingService, private logService: LogService) { }
async submit() {
if (this.masterPassword == null || this.masterPassword === '') {
this.toasterService.popAsync('error', this.i18nService.t('errorOccurred'),
this.i18nService.t('masterPassRequired'));
return;
}
const request = await this.userVerificationService.buildRequest(this.masterPassword);
const request = new PasswordVerificationRequest();
request.masterPasswordHash = await this.cryptoService.hashPassword(this.masterPassword, null);
try {
this.formPromise = this.apiService.postSecurityStamp(request);
await this.formPromise;

View File

@ -10,9 +10,8 @@
<div class="modal-body">
<p>{{'deleteAccountDesc' | i18n}}</p>
<app-callout type="warning">{{'deleteAccountWarning' | i18n}}</app-callout>
<label for="masterPassword">{{'masterPass' | i18n}}</label>
<input id="masterPassword" type="password" name="MasterPasswordHash" class="form-control"
[(ngModel)]="masterPassword" required appAutofocus appInputVerbatim>
<app-verify-master-password [(ngModel)]="masterPassword" ngDefaultControl name="secret">
</app-verify-master-password>
</div>
<div class="modal-footer">
<button type="submit" class="btn btn-danger btn-submit" [disabled]="form.loading">

View File

@ -3,34 +3,28 @@ import { Component } from '@angular/core';
import { ToasterService } from 'angular2-toaster';
import { ApiService } from 'jslib-common/abstractions/api.service';
import { CryptoService } from 'jslib-common/abstractions/crypto.service';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { MessagingService } from 'jslib-common/abstractions/messaging.service';
import { UserVerificationService } from 'jslib-common/abstractions/userVerification.service';
import { PasswordVerificationRequest } from 'jslib-common/models/request/passwordVerificationRequest';
import { Verification } from 'jslib-common/types/verification';
@Component({
selector: 'app-delete-account',
templateUrl: 'delete-account.component.html',
})
export class DeleteAccountComponent {
masterPassword: string;
masterPassword: Verification;
formPromise: Promise<any>;
constructor(private apiService: ApiService, private i18nService: I18nService,
private toasterService: ToasterService, private cryptoService: CryptoService,
private toasterService: ToasterService, private userVerificationService: UserVerificationService,
private messagingService: MessagingService, private logService: LogService) { }
async submit() {
if (this.masterPassword == null || this.masterPassword === '') {
this.toasterService.popAsync('error', this.i18nService.t('errorOccurred'),
this.i18nService.t('masterPassRequired'));
return;
}
const request = await this.userVerificationService.buildRequest(this.masterPassword);
const request = new PasswordVerificationRequest();
request.masterPasswordHash = await this.cryptoService.hashPassword(this.masterPassword, null);
try {
this.formPromise = this.apiService.deleteAccount(request);
await this.formPromise;

View File

@ -9,6 +9,7 @@ import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { MessagingService } from 'jslib-common/abstractions/messaging.service';
import { PasswordGenerationService } from 'jslib-common/abstractions/passwordGeneration.service';
import { PasswordRepromptService } from 'jslib-common/abstractions/passwordReprompt.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
import { PolicyService } from 'jslib-common/abstractions/policy.service';
import { StateService } from 'jslib-common/abstractions/state.service';
@ -33,10 +34,10 @@ export class EmergencyAddEditComponent extends BaseAddEditComponent {
userService: UserService, collectionService: CollectionService,
totpService: TotpService, passwordGenerationService: PasswordGenerationService,
messagingService: MessagingService, eventService: EventService, policyService: PolicyService,
logService: LogService) {
logService: LogService, passwordRepromptService: PasswordRepromptService) {
super(cipherService, folderService, i18nService, platformUtilsService, auditService, stateService,
userService, collectionService, totpService, passwordGenerationService, messagingService,
eventService, policyService, logService);
eventService, policyService, passwordRepromptService, logService);
}
async load() {

View File

@ -13,7 +13,7 @@
<label for="email">{{'email' | i18n}}</label>
<input id="email" class="form-control" type="text" name="Email" [(ngModel)]="profile.email" readonly>
</div>
<div class="form-group">
<div class="form-group" *ngIf="!hidePasswordHint">
<label for="masterPasswordHint">{{'masterPassHintLabel' | i18n}}</label>
<input id="masterPasswordHint" class="form-control" type="text" name="MasterPasswordHint"
[(ngModel)]="profile.masterPasswordHint">

View File

@ -8,6 +8,7 @@ import { ToasterService } from 'angular2-toaster';
import { ApiService } from 'jslib-common/abstractions/api.service';
import { CryptoService } from 'jslib-common/abstractions/crypto.service';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { KeyConnectorService } from 'jslib-common/abstractions/keyConnector.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { UserService } from 'jslib-common/abstractions/user.service';
@ -23,12 +24,14 @@ export class ProfileComponent implements OnInit {
loading = true;
profile: ProfileResponse;
fingerprint: string;
hidePasswordHint = false;
formPromise: Promise<any>;
constructor(private apiService: ApiService, private i18nService: I18nService,
private toasterService: ToasterService, private userService: UserService,
private cryptoService: CryptoService, private logService: LogService) { }
private cryptoService: CryptoService, private logService: LogService,
private keyConnectorService: KeyConnectorService) { }
async ngOnInit() {
this.profile = await this.apiService.getProfile();
@ -37,6 +40,7 @@ export class ProfileComponent implements OnInit {
if (fingerprint != null) {
this.fingerprint = fingerprint.join('-');
}
this.hidePasswordHint = await this.keyConnectorService.getUsesKeyConnector();
}
async submit() {

View File

@ -10,9 +10,8 @@
<div class="modal-body">
<p>{{(organizationId ? 'purgeOrgVaultDesc' : 'purgeVaultDesc') | i18n}}</p>
<app-callout type="warning">{{'purgeVaultWarning' | i18n}}</app-callout>
<label for="masterPassword">{{'masterPass' | i18n}}</label>
<input id="masterPassword" type="password" name="MasterPasswordHash" class="form-control"
[(ngModel)]="masterPassword" required appAutofocus appInputVerbatim>
<app-verify-master-password [(ngModel)]="masterPassword" ngDefaultControl name="secret">
</app-verify-master-password>
</div>
<div class="modal-footer">
<button type="submit" class="btn btn-danger btn-submit" [disabled]="form.loading">

View File

@ -7,11 +7,11 @@ import { Router } from '@angular/router';
import { ToasterService } from 'angular2-toaster';
import { ApiService } from 'jslib-common/abstractions/api.service';
import { CryptoService } from 'jslib-common/abstractions/crypto.service';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { UserVerificationService } from 'jslib-common/abstractions/userVerification.service';
import { PasswordVerificationRequest } from 'jslib-common/models/request/passwordVerificationRequest';
import { Verification } from 'jslib-common/types/verification';
@Component({
selector: 'app-purge-vault',
@ -20,22 +20,16 @@ import { PasswordVerificationRequest } from 'jslib-common/models/request/passwor
export class PurgeVaultComponent {
@Input() organizationId?: string = null;
masterPassword: string;
masterPassword: Verification;
formPromise: Promise<any>;
constructor(private apiService: ApiService, private i18nService: I18nService,
private toasterService: ToasterService, private cryptoService: CryptoService,
private toasterService: ToasterService, private userVerificationService: UserVerificationService,
private router: Router, private logService: LogService) { }
async submit() {
if (this.masterPassword == null || this.masterPassword === '') {
this.toasterService.popAsync('error', this.i18nService.t('errorOccurred'),
this.i18nService.t('masterPassRequired'));
return;
}
const request = await this.userVerificationService.buildRequest(this.masterPassword);
const request = new PasswordVerificationRequest();
request.masterPasswordHash = await this.cryptoService.hashPassword(this.masterPassword, null);
try {
this.formPromise = this.apiService.postPurgeCiphers(request, this.organizationId);
await this.formPromise;

View File

@ -11,6 +11,7 @@ import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
import { UserService } from 'jslib-common/abstractions/user.service';
import { UserVerificationService } from 'jslib-common/abstractions/userVerification.service';
import { UpdateTwoFactorAuthenticatorRequest } from 'jslib-common/models/request/updateTwoFactorAuthenticatorRequest';
import { TwoFactorAuthenticatorResponse } from 'jslib-common/models/response/twoFactorAuthenticatorResponse';
@ -32,9 +33,10 @@ export class TwoFactorAuthenticatorComponent extends TwoFactorBaseComponent impl
private qrScript: HTMLScriptElement;
constructor(apiService: ApiService, i18nService: I18nService,
toasterService: ToasterService, private userService: UserService,
platformUtilsService: PlatformUtilsService, logService: LogService) {
super(apiService, i18nService, toasterService, platformUtilsService, logService);
toasterService: ToasterService, userVerificationService: UserVerificationService,
platformUtilsService: PlatformUtilsService, logService: LogService,
private userService: UserService) {
super(apiService, i18nService, toasterService, platformUtilsService, logService, userVerificationService);
this.qrScript = window.document.createElement('script');
this.qrScript.src = 'scripts/qrious.min.js';
this.qrScript.async = true;
@ -61,9 +63,8 @@ export class TwoFactorAuthenticatorComponent extends TwoFactorBaseComponent impl
}
}
protected enable() {
const request = new UpdateTwoFactorAuthenticatorRequest();
request.masterPasswordHash = this.masterPasswordHash;
protected async enable() {
const request = await this.buildRequestModel(UpdateTwoFactorAuthenticatorRequest);
request.token = this.token;
request.key = this.key;

View File

@ -10,8 +10,12 @@ import { ApiService } from 'jslib-common/abstractions/api.service';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
import { UserVerificationService } from 'jslib-common/abstractions/userVerification.service';
import { TwoFactorProviderType } from 'jslib-common/enums/twoFactorProviderType';
import { VerificationType } from 'jslib-common/enums/verificationType';
import { SecretVerificationRequest } from 'jslib-common/models/request/secretVerificationRequest';
import { TwoFactorProviderRequest } from 'jslib-common/models/request/twoFactorProviderRequest';
@Directive()
@ -24,14 +28,16 @@ export abstract class TwoFactorBaseComponent {
enabled = false;
authed = false;
protected masterPasswordHash: string;
protected hashedSecret: string;
protected verificationType: VerificationType;
constructor(protected apiService: ApiService, protected i18nService: I18nService,
protected toasterService: ToasterService, protected platformUtilsService: PlatformUtilsService,
protected logService: LogService) { }
protected logService: LogService, protected userVerificationService: UserVerificationService) { }
protected auth(authResponse: any) {
this.masterPasswordHash = authResponse.masterPasswordHash;
this.hashedSecret = authResponse.secret;
this.verificationType = authResponse.verificationType;
this.authed = true;
}
@ -52,8 +58,7 @@ export abstract class TwoFactorBaseComponent {
}
try {
const request = new TwoFactorProviderRequest();
request.masterPasswordHash = this.masterPasswordHash;
const request = await this.buildRequestModel(TwoFactorProviderRequest);
request.type = this.type;
if (this.organizationId != null) {
promise = this.apiService.putTwoFactorOrganizationDisable(this.organizationId, request);
@ -68,4 +73,11 @@ export abstract class TwoFactorBaseComponent {
this.logService.error(e);
}
}
protected async buildRequestModel<T extends SecretVerificationRequest>(requestClass: new() => T) {
return this.userVerificationService.buildRequest({
secret: this.hashedSecret,
type: this.verificationType,
}, requestClass, true);
}
}

View File

@ -6,6 +6,7 @@ import { ApiService } from 'jslib-common/abstractions/api.service';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
import { UserVerificationService } from 'jslib-common/abstractions/userVerification.service';
import { TwoFactorProviderType } from 'jslib-common/enums/twoFactorProviderType';
import { UpdateTwoFactorDuoRequest } from 'jslib-common/models/request/updateTwoFactorDuoRequest';
@ -26,8 +27,8 @@ export class TwoFactorDuoComponent extends TwoFactorBaseComponent {
constructor(apiService: ApiService, i18nService: I18nService,
toasterService: ToasterService, platformUtilsService: PlatformUtilsService,
logService: LogService) {
super(apiService, i18nService, toasterService, platformUtilsService, logService);
logService: LogService, userVerificationService: UserVerificationService) {
super(apiService, i18nService, toasterService, platformUtilsService, logService, userVerificationService);
}
auth(authResponse: any) {
@ -43,9 +44,8 @@ export class TwoFactorDuoComponent extends TwoFactorBaseComponent {
}
}
protected enable() {
const request = new UpdateTwoFactorDuoRequest();
request.masterPasswordHash = this.masterPasswordHash;
protected async enable() {
const request = await this.buildRequestModel(UpdateTwoFactorDuoRequest);
request.integrationKey = this.ikey;
request.secretKey = this.skey;
request.host = this.host;

View File

@ -7,6 +7,7 @@ import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
import { UserService } from 'jslib-common/abstractions/user.service';
import { UserVerificationService } from 'jslib-common/abstractions/userVerification.service';
import { TwoFactorEmailRequest } from 'jslib-common/models/request/twoFactorEmailRequest';
@ -30,8 +31,9 @@ export class TwoFactorEmailComponent extends TwoFactorBaseComponent {
constructor(apiService: ApiService, i18nService: I18nService,
toasterService: ToasterService, platformUtilsService: PlatformUtilsService,
private userService: UserService, logService: LogService) {
super(apiService, i18nService, toasterService, platformUtilsService, logService);
logService: LogService, userVerificationService: UserVerificationService,
private userService: UserService) {
super(apiService, i18nService, toasterService, platformUtilsService, logService, userVerificationService);
}
auth(authResponse: any) {
@ -49,7 +51,8 @@ export class TwoFactorEmailComponent extends TwoFactorBaseComponent {
async sendEmail() {
try {
const request = new TwoFactorEmailRequest(this.email, this.masterPasswordHash);
const request = await this.buildRequestModel(TwoFactorEmailRequest);
request.email = this.email;
this.emailPromise = this.apiService.postTwoFactorEmailSetup(request);
await this.emailPromise;
this.sentEmail = this.email;
@ -58,9 +61,8 @@ export class TwoFactorEmailComponent extends TwoFactorBaseComponent {
}
}
protected enable() {
const request = new UpdateTwoFactorEmailRequest();
request.masterPasswordHash = this.masterPasswordHash;
protected async enable() {
const request = await this.buildRequestModel(UpdateTwoFactorEmailRequest);
request.email = this.email;
request.token = this.token;

View File

@ -1,9 +1,8 @@
<form #form (ngSubmit)="submit()" [appApiAction]="formPromise" ngNativeValidate>
<div class="modal-body">
<p>{{'twoStepLoginAuthDesc' | i18n}}</p>
<label for="masterPassword">{{'masterPass' | i18n}}</label>
<input id="masterPassword" type="password" name="MasterPasswordHash" class="form-control"
[(ngModel)]="masterPassword" required appAutoFocus appInputVerbatim>
<app-verify-master-password [(ngModel)]="secret" ngDefaultControl name="secret">
</app-verify-master-password>
</div>
<div class="modal-footer">
<button type="submit" class="btn btn-primary btn-submit" [disabled]="form.loading">

View File

@ -5,16 +5,14 @@ import {
Output,
} from '@angular/core';
import { ToasterService } from 'angular2-toaster';
import { TwoFactorProviderType } from 'jslib-common/enums/twoFactorProviderType';
import { VerificationType } from 'jslib-common/enums/verificationType';
import { ApiService } from 'jslib-common/abstractions/api.service';
import { CryptoService } from 'jslib-common/abstractions/crypto.service';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { UserVerificationService } from 'jslib-common/abstractions/userVerification.service';
import { PasswordVerificationRequest } from 'jslib-common/models/request/passwordVerificationRequest';
import { Verification } from 'jslib-common/types/verification';
@Component({
selector: 'app-two-factor-verify',
@ -25,25 +23,14 @@ export class TwoFactorVerifyComponent {
@Input() organizationId: string;
@Output() onAuthed = new EventEmitter<any>();
masterPassword: string;
secret: Verification;
formPromise: Promise<any>;
private masterPasswordHash: string;
constructor(private apiService: ApiService, private i18nService: I18nService,
private toasterService: ToasterService, private cryptoService: CryptoService,
private logService: LogService) { }
constructor(private apiService: ApiService, private logService: LogService,
private userVerificationService: UserVerificationService) { }
async submit() {
if (this.masterPassword == null || this.masterPassword === '') {
this.toasterService.popAsync('error', this.i18nService.t('errorOccurred'),
this.i18nService.t('masterPassRequired'));
return;
}
const request = new PasswordVerificationRequest();
request.masterPasswordHash = this.masterPasswordHash =
await this.cryptoService.hashPassword(this.masterPassword, null);
const request = await this.userVerificationService.buildRequest(this.secret);
try {
switch (this.type) {
@ -75,7 +62,10 @@ export class TwoFactorVerifyComponent {
const response = await this.formPromise;
this.onAuthed.emit({
response: response,
masterPasswordHash: this.masterPasswordHash,
secret: this.secret.type === VerificationType.MasterPassword
? request.masterPasswordHash
: request.otp,
verificationType: this.secret.type,
});
} catch (e) {
this.logService.error(e);

View File

@ -9,10 +9,11 @@ import { ApiService } from 'jslib-common/abstractions/api.service';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
import { UserVerificationService } from 'jslib-common/abstractions/userVerification.service';
import { TwoFactorProviderType } from 'jslib-common/enums/twoFactorProviderType';
import { PasswordVerificationRequest } from 'jslib-common/models/request/passwordVerificationRequest';
import { SecretVerificationRequest } from 'jslib-common/models/request/secretVerificationRequest';
import { UpdateTwoFactorWebAuthnDeleteRequest } from 'jslib-common/models/request/updateTwoFactorWebAuthnDeleteRequest';
import { UpdateTwoFactorWebAuthnRequest } from 'jslib-common/models/request/updateTwoFactorWebAuthnRequest';
import {
@ -40,8 +41,8 @@ export class TwoFactorWebAuthnComponent extends TwoFactorBaseComponent {
constructor(apiService: ApiService, i18nService: I18nService,
toasterService: ToasterService, platformUtilsService: PlatformUtilsService,
private ngZone: NgZone, logService: LogService) {
super(apiService, i18nService, toasterService, platformUtilsService, logService);
private ngZone: NgZone, logService: LogService, userVerificationService: UserVerificationService) {
super(apiService, i18nService, toasterService, platformUtilsService, logService, userVerificationService);
}
auth(authResponse: any) {
@ -49,13 +50,12 @@ export class TwoFactorWebAuthnComponent extends TwoFactorBaseComponent {
this.processResponse(authResponse.response);
}
submit() {
async submit() {
if (this.webAuthnResponse == null || this.keyIdAvailable == null) {
// Should never happen.
return Promise.reject();
}
const request = new UpdateTwoFactorWebAuthnRequest();
request.masterPasswordHash = this.masterPasswordHash;
const request = await this.buildRequestModel(UpdateTwoFactorWebAuthnRequest);
request.deviceResponse = this.webAuthnResponse;
request.id = this.keyIdAvailable;
request.name = this.name;
@ -82,9 +82,8 @@ export class TwoFactorWebAuthnComponent extends TwoFactorBaseComponent {
if (!confirmed) {
return;
}
const request = new UpdateTwoFactorWebAuthnDeleteRequest();
const request = await this.buildRequestModel(UpdateTwoFactorWebAuthnDeleteRequest);
request.id = key.id;
request.masterPasswordHash = this.masterPasswordHash;
try {
key.removePromise = this.apiService.deleteTwoFactorWebAuthn(request);
const response = await key.removePromise;
@ -99,8 +98,7 @@ export class TwoFactorWebAuthnComponent extends TwoFactorBaseComponent {
if (this.keyIdAvailable == null) {
return;
}
const request = new PasswordVerificationRequest();
request.masterPasswordHash = this.masterPasswordHash;
const request = await this.buildRequestModel(SecretVerificationRequest);
try {
this.challengePromise = this.apiService.getTwoFactorWebAuthnChallenge(request);
const challenge = await this.challengePromise;

View File

@ -6,6 +6,7 @@ import { ApiService } from 'jslib-common/abstractions/api.service';
import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
import { UserVerificationService } from 'jslib-common/abstractions/userVerification.service';
import { UpdateTwoFactorYubioOtpRequest } from 'jslib-common/models/request/updateTwoFactorYubioOtpRequest';
import { TwoFactorYubiKeyResponse } from 'jslib-common/models/response/twoFactorYubiKeyResponse';
@ -28,8 +29,8 @@ export class TwoFactorYubiKeyComponent extends TwoFactorBaseComponent {
constructor(apiService: ApiService, i18nService: I18nService,
toasterService: ToasterService, platformUtilsService: PlatformUtilsService,
logService: LogService) {
super(apiService, i18nService, toasterService, platformUtilsService, logService);
logService: LogService, userVerificationService: UserVerificationService) {
super(apiService, i18nService, toasterService, platformUtilsService, logService, userVerificationService);
}
auth(authResponse: any) {
@ -37,9 +38,8 @@ export class TwoFactorYubiKeyComponent extends TwoFactorBaseComponent {
this.processResponse(authResponse.response);
}
submit() {
const request = new UpdateTwoFactorYubioOtpRequest();
request.masterPasswordHash = this.masterPasswordHash;
async submit() {
const request = await this.buildRequestModel(UpdateTwoFactorYubioOtpRequest);
request.key1 = this.keys != null && this.keys.length > 0 ? this.keys[0].key : null;
request.key2 = this.keys != null && this.keys.length > 1 ? this.keys[1].key : null;
request.key3 = this.keys != null && this.keys.length > 2 ? this.keys[2].key : null;

View File

@ -1,4 +1,4 @@
<form #form (ngSubmit)="submit()" ngNativeValidate [appApiAction]="formPromise">
<form #form (ngSubmit)="submit()" ngNativeValidate [appApiAction]="formPromise" [formGroup]="exportForm">
<div class="page-header">
<h1>{{'exportVault' | i18n}}</h1>
</div>
@ -11,21 +11,18 @@
<div class="row">
<div class="form-group col-6">
<label for="format">{{'fileFormat' | i18n}}</label>
<select class="form-control" id="format" name="Format" [(ngModel)]="format" [disabled]="disabledByPolicy">
<option value="json">.json</option>
<option value="csv">.csv</option>
<option value="encrypted_json">.json (Encrypted)</option>
<select class="form-control" id="format" name="Format" formControlName="format">
<option *ngFor="let f of formatOptions" [value]="f.value">{{f.name}}</option>
</select>
</div>
</div>
<div class="row">
<div class="form-group col-6">
<label for="masterPassword">{{'masterPass' | i18n}}</label>
<input id="masterPassword" type="password" name="MasterPassword" class="form-control"
[(ngModel)]="masterPassword" required appInputVerbatim [disabled]="disabledByPolicy">
<app-verify-master-password ngDefaultControl formControlName="secret" name="secret">
</app-verify-master-password>
</div>
</div>
<button type="submit" class="btn btn-primary" [disabled]="form.loading || disabledByPolicy">
<button type="submit" class="btn btn-primary" [disabled]="form.loading || exportForm.disabled">
<i class="fa fa-spinner fa-spin" title="{{'loading' | i18n}}" aria-hidden="true" *ngIf="form.loading"></i>
<span *ngIf="!form.loading">{{'exportVault' | i18n}}</span>
</button>

View File

@ -1,4 +1,5 @@
import { Component } from '@angular/core';
import { FormBuilder } from '@angular/forms';
import { CryptoService } from 'jslib-common/abstractions/crypto.service';
import { EventService } from 'jslib-common/abstractions/event.service';
@ -7,6 +8,7 @@ import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
import { PolicyService } from 'jslib-common/abstractions/policy.service';
import { UserVerificationService } from 'jslib-common/abstractions/userVerification.service';
import { ExportComponent as BaseExportComponent } from 'jslib-angular/components/export.component';
@ -19,14 +21,14 @@ export class ExportComponent extends BaseExportComponent {
constructor(cryptoService: CryptoService, i18nService: I18nService,
platformUtilsService: PlatformUtilsService, exportService: ExportService,
eventService: EventService, policyService: PolicyService, logService: LogService) {
eventService: EventService, policyService: PolicyService, logService: LogService,
userVerificationService: UserVerificationService, fb: FormBuilder) {
super(cryptoService, i18nService, platformUtilsService, exportService, eventService,
policyService, window, logService);
policyService, window, logService, userVerificationService, fb);
}
protected saved() {
super.saved();
this.masterPassword = null;
this.platformUtilsService.showToast('success', null, this.i18nService.t('exportSuccess'));
}
}

View File

@ -441,7 +441,7 @@
</div>
</div>
</ng-container>
<ng-container>
<ng-container *ngIf="canUseReprompt">
<h3 class="mt-4">{{'options' | i18n}}</h3>
<div class="form-check">
<input class="form-check-input" type="checkbox" [ngModel]="reprompt" (change)="repromptChanged()"

View File

@ -12,6 +12,7 @@ import { I18nService } from 'jslib-common/abstractions/i18n.service';
import { LogService } from 'jslib-common/abstractions/log.service';
import { MessagingService } from 'jslib-common/abstractions/messaging.service';
import { PasswordGenerationService } from 'jslib-common/abstractions/passwordGeneration.service';
import { PasswordRepromptService } from 'jslib-common/abstractions/passwordReprompt.service';
import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
import { PolicyService } from 'jslib-common/abstractions/policy.service';
import { StateService } from 'jslib-common/abstractions/state.service';
@ -45,9 +46,11 @@ export class AddEditComponent extends BaseAddEditComponent {
userService: UserService, collectionService: CollectionService,
protected totpService: TotpService, protected passwordGenerationService: PasswordGenerationService,
protected messagingService: MessagingService, eventService: EventService,
protected policyService: PolicyService, logService: LogService) {
protected policyService: PolicyService, passwordRepromptService: PasswordRepromptService,
logService: LogService) {
super(cipherService, folderService, i18nService, platformUtilsService, auditService, stateService,
userService, collectionService, messagingService, eventService, policyService, logService);
userService, collectionService, messagingService, eventService, policyService, passwordRepromptService,
logService);
}
async ngOnInit() {

View File

@ -1,5 +1,5 @@
<!DOCTYPE html>
<html>
<html class="theme_light">
<head>
<meta charset="utf-8">

View File

@ -4467,7 +4467,91 @@
"ssoSettingsSaved": {
"message": "Single Sign-On configuration was saved."
},
"ssoCryptoAgentUnavailable": {
"message": "Unable to reach the crypto agent, try again later."
"ssoKeyConnectorUnavailable": {
"message": "Unable to reach the Key Connector, try again later."
},
"keyConnectorUrl": {
"message": "Key Connector URL"
},
"requestVerificationCode": {
"message": "Request one-time password"
},
"verificationCode": {
"message": "Verification Code"
},
"verificationCodeRequired": {
"message": "Verification code is required."
},
"invalidVerificationCode": {
"message": "Invalid verification code"
},
"convertOrganizationEncryptionDesc": {
"message": "$ORGANIZATION$ is using SSO with a self-hosted key server. A master password is no longer required to log in for members of this organization.",
"placeholders": {
"organization": {
"content": "$1",
"example": "My Org Name"
}
}
},
"leaveOrganization": {
"message": "Leave Organization"
},
"removeMasterPassword": {
"message": "Remove Master Password"
},
"removedMasterPassword": {
"message": "Master password removed."
},
"allowSso": {
"message": "Allow SSO authentication"
},
"allowSsoDesc": {
"message": "Once set up, your configuration will be saved and members will be able to authenticate using their Identity Provider credentials."
},
"ssoPolicyHelpStart": {
"message": "Enable the",
"description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Enable the SSO Policy to require all members to log in with SSO.'"
},
"ssoPolicyHelpLink": {
"message": "SSO Policy",
"description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Enable the SSO Policy to require all members to log in with SSO.'"
},
"ssoPolicyHelpEnd": {
"message": "to require all members to log in with SSO.",
"description": "This will be used as part of a larger sentence, broken up to include links. The full sentence will read 'Enable the SSO Policy to require all members to log in with SSO.'"
},
"memberDecryptionOption": {
"message": "Member Decryption Options"
},
"memberDecryptionPassDesc": {
"message": "Once authenticated, members will decrypt vault data using their Master Passwords."
},
"keyConnector": {
"message": "Key Connector"
},
"memberDecryptionKeyConnectorDesc": {
"message": "Connect Login with SSO to your self-hosted decryption key server. Using this option, members wont need to use their Master Passwords to decrypt vault data."
},
"keyConnectorPolicyRestriction": {
"message": "\"Login with SSO and Key Connector Decryption\" is enabled. This policy will only apply to Owners and Admins."
},
"enabledSso": {
"message": "Enabled SSO"
},
"disabledSso": {
"message": "Disabled SSO"
},
"enabledKeyConnector": {
"message": "Enabled Key Connector"
},
"disabledKeyConnector": {
"message": "Disabled Key Connector"
},
"keyConnectorWarning": {
"message": "Once Key Connector is set up, Member Decryption Options cannot be changed."
},
"migratedKeyConnector": {
"message": "Migrated to Key Connector"
}
}