Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-12-21 16:18:28 +01:00
Code Issues Projects Releases Wiki Activity

[PM-687] emergency access invite lost during sso (#5199)

Browse Source 
* [PM-687] refactor observable in base accept component

* [PM-687] add emergency access invitation to global state

* [PM-687] save invite to state and check on login

* [PM-687] move emergency access check above queryParams observable
This commit is contained in:
Jake Fink 2023-04-26 08:47:35 -04:00 committed by GitHub
parent f498836cfc
commit dfe69f77f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 98 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
apps/web/src/app/common/base.accept.component.ts
View File

@ -1,6 +1,7 @@
import { Directive, OnInit } from "@angular/core";
import { ActivatedRoute, Params, Router } from "@angular/router";
import { first } from "rxjs/operators";
import { Subject } from "rxjs";
import { first, switchMap, takeUntil } from "rxjs/operators";
import { I18nService } from "@bitwarden/common/abstractions/i18n.service";
import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";
@ -17,6 +18,8 @@ export abstract class BaseAcceptComponent implements OnInit {
protected failedShortMessage = "inviteAcceptFailedShort";
protected failedMessage = "inviteAcceptFailed";
private destroy$ = new Subject<void>();
constructor(
protected router: Router,
protected platformUtilService: PlatformUtilsService,
@ -29,36 +32,43 @@ export abstract class BaseAcceptComponent implements OnInit {
abstract unauthedHandler(qParams: Params): Promise<void>;
ngOnInit() {
// eslint-disable-next-line rxjs/no-async-subscribe
this.route.queryParams.pipe(first()).subscribe(async (qParams) => {
let error = this.requiredParameters.some((e) => qParams?.[e] == null || qParams[e] === "");
let errorMessage: string = null;
if (!error) {
this.authed = await this.stateService.getIsAuthenticated();
this.email = qParams.email;
this.route.queryParams
.pipe(
first(),
switchMap(async (qParams) => {
let error = this.requiredParameters.some(
(e) => qParams?.[e] == null || qParams[e] === ""
);
let errorMessage: string = null;
if (!error) {
this.authed = await this.stateService.getIsAuthenticated();
this.email = qParams.email;
if (this.authed) {
try {
await this.authedHandler(qParams);
} catch (e) {
error = true;
errorMessage = e.message;
if (this.authed) {
try {
await this.authedHandler(qParams);
} catch (e) {
error = true;
errorMessage = e.message;
}
} else {
await this.unauthedHandler(qParams);
}
}
} else {
await this.unauthedHandler(qParams);
}
}
if (error) {
const message =
errorMessage != null
? this.i18nService.t(this.failedShortMessage, errorMessage)
: this.i18nService.t(this.failedMessage);
this.platformUtilService.showToast("error", null, message, { timeout: 10000 });
this.router.navigate(["/"]);
}
if (error) {
const message =
errorMessage != null
? this.i18nService.t(this.failedShortMessage, errorMessage)
: this.i18nService.t(this.failedMessage);
this.platformUtilService.showToast("error", null, message, { timeout: 10000 });
this.router.navigate(["/"]);
}
this.loading = false;
});
this.loading = false;
}),
takeUntil(this.destroy$)
)
.subscribe();
}
}

4
apps/web/src/auth/accept-emergency.component.ts
View File

@ -36,6 +36,7 @@ export class AcceptEmergencyComponent extends BaseAcceptComponent {
request.token = qParams.token;
this.actionPromise = this.apiService.postEmergencyAccessAccept(qParams.id, request);
await this.actionPromise;
await this.stateService.setEmergencyAccessInvitation(null);
this.platformUtilService.showToast(
"success",
this.i18nService.t("inviteAccepted"),
@ -51,5 +52,8 @@ export class AcceptEmergencyComponent extends BaseAcceptComponent {
// Fix URL encoding of space issue with Angular
this.name = this.name.replace(/\+/g, " ");
}
// save the invitation to state so sso logins can find it later
await this.stateService.setEmergencyAccessInvitation(qParams);
}
}

15
apps/web/src/auth/sso.component.ts
View File

@ -61,6 +61,21 @@ export class SsoComponent extends BaseSsoComponent {
async ngOnInit() {
super.ngOnInit();
// if we have an emergency access invite, redirect to emergency access
const emergencyAccessInvite = await this.stateService.getEmergencyAccessInvitation();
if (emergencyAccessInvite != null) {
this.onSuccessfulLoginNavigate = async () => {
this.router.navigate(["/accept-emergency"], {
queryParams: {
id: emergencyAccessInvite.id,
name: emergencyAccessInvite.name,
email: emergencyAccessInvite.email,
token: emergencyAccessInvite.token,
},
});
};
}
// eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
this.route.queryParams.pipe(first()).subscribe(async (qParams) => {
if (qParams.identifier != null) {

14
apps/web/src/auth/two-factor.component.ts
View File

@ -87,6 +87,20 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
if (previousUrl) {
this.router.navigateByUrl(previousUrl);
} else {
// if we have an emergency access invite, redirect to emergency access
const emergencyAccessInvite = await this.stateService.getEmergencyAccessInvitation();
if (emergencyAccessInvite != null) {
this.router.navigate(["/accept-emergency"], {
queryParams: {
id: emergencyAccessInvite.id,
name: emergencyAccessInvite.name,
email: emergencyAccessInvite.email,
token: emergencyAccessInvite.token,
},
});
return;
}
this.router.navigate([this.successRoute], {
queryParams: {
identifier: this.identifier,

10
libs/angular/src/auth/components/sso.component.ts
View File

@ -186,7 +186,7 @@ export class SsoComponent {
const response = await this.formPromise;
if (response.requiresTwoFactor) {
if (this.onSuccessfulLoginTwoFactorNavigate != null) {
this.onSuccessfulLoginTwoFactorNavigate();
await this.onSuccessfulLoginTwoFactorNavigate();
} else {
this.router.navigate([this.twoFactorRoute], {
queryParams: {
@ -197,7 +197,7 @@ export class SsoComponent {
}
} else if (response.resetMasterPassword) {
if (this.onSuccessfulLoginChangePasswordNavigate != null) {
this.onSuccessfulLoginChangePasswordNavigate();
await this.onSuccessfulLoginChangePasswordNavigate();
} else {
this.router.navigate([this.changePasswordRoute], {
queryParams: {
@ -207,7 +207,7 @@ export class SsoComponent {
}
} else if (response.forcePasswordReset !== ForceResetPasswordReason.None) {
if (this.onSuccessfulLoginForceResetNavigate != null) {
this.onSuccessfulLoginForceResetNavigate();
await this.onSuccessfulLoginForceResetNavigate();
} else {
this.router.navigate([this.forcePasswordResetRoute]);
}
@ -215,10 +215,10 @@ export class SsoComponent {
const disableFavicon = await this.stateService.getDisableFavicon();
await this.stateService.setDisableFavicon(!!disableFavicon);
if (this.onSuccessfulLogin != null) {
this.onSuccessfulLogin();
await this.onSuccessfulLogin();
}
if (this.onSuccessfulLoginNavigate != null) {
this.onSuccessfulLoginNavigate();
await this.onSuccessfulLoginNavigate();
} else {
this.router.navigate([this.successRoute]);
}

4
libs/angular/src/auth/components/two-factor.component.ts
View File

@ -204,7 +204,7 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
}
if (this.onSuccessfulLogin != null) {
this.loginService.clearValues();
this.onSuccessfulLogin();
await this.onSuccessfulLogin();
}
if (response.resetMasterPassword) {
this.successRoute = "set-password";
@ -214,7 +214,7 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
}
if (this.onSuccessfulLoginNavigate != null) {
this.loginService.clearValues();
this.onSuccessfulLoginNavigate();
await this.onSuccessfulLoginNavigate();
} else {
this.loginService.clearValues();
this.router.navigate([this.successRoute], {

2
libs/common/src/abstractions/state.service.ts
View File

@ -298,6 +298,8 @@ export abstract class StateService<T extends Account = Account> {
setOpenAtLogin: (value: boolean, options?: StorageOptions) => Promise<void>;
getOrganizationInvitation: (options?: StorageOptions) => Promise<any>;
setOrganizationInvitation: (value: any, options?: StorageOptions) => Promise<void>;
getEmergencyAccessInvitation: (options?: StorageOptions) => Promise<any>;
setEmergencyAccessInvitation: (value: any, options?: StorageOptions) => Promise<void>;
/**
* @deprecated Do not call this directly, use OrganizationService
*/

1
libs/common/src/models/domain/global-state.ts
View File

@ -8,6 +8,7 @@ export class GlobalState {
installedVersion?: string;
locale?: string;
organizationInvitation?: any;
emergencyAccessInvitation?: any;
ssoCodeVerifier?: string;
ssoOrganizationIdentifier?: string;
ssoState?: string;

17
libs/common/src/services/state.service.ts
View File

@ -1911,6 +1911,23 @@ export class StateService<
);
}
async getEmergencyAccessInvitation(options?: StorageOptions): Promise<any> {
return (
await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
)?.emergencyAccessInvitation;
}
async setEmergencyAccessInvitation(value: any, options?: StorageOptions): Promise<void> {
const globals = await this.getGlobals(
this.reconcileOptions(options, await this.defaultOnDiskOptions())
);
globals.emergencyAccessInvitation = value;
await this.saveGlobals(
globals,
this.reconcileOptions(options, await this.defaultOnDiskOptions())
);
}
/**
* @deprecated Do not call this directly, use OrganizationService
*/