Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-01-02 18:17:46 +01:00
Code Issues Projects Releases Wiki Activity

[PM-687] emergency access invite lost during sso (#5199)

Browse Source 
* [PM-687] refactor observable in base accept component

* [PM-687] add emergency access invitation to global state

* [PM-687] save invite to state and check on login

* [PM-687] move emergency access check above queryParams observable
This commit is contained in:
Jake Fink 2023-04-26 08:47:35 -04:00 committed by GitHub
parent f498836cfc
commit dfe69f77f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 98 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
apps/web/src/app/common/base.accept.component.ts
View File

@ -1,6 +1,7 @@
import { Directive, OnInit } from "@angular/core"; import { Directive, OnInit } from "@angular/core";
import { ActivatedRoute, Params, Router } from "@angular/router"; import { ActivatedRoute, Params, Router } from "@angular/router";
import { first } from "rxjs/operators"; import { Subject } from "rxjs";
import { first, switchMap, takeUntil } from "rxjs/operators";
import { I18nService } from "@bitwarden/common/abstractions/i18n.service"; import { I18nService } from "@bitwarden/common/abstractions/i18n.service";
import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service"; import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";
@ -17,6 +18,8 @@ export abstract class BaseAcceptComponent implements OnInit {
protected failedShortMessage = "inviteAcceptFailedShort"; protected failedShortMessage = "inviteAcceptFailedShort";
protected failedMessage = "inviteAcceptFailed"; protected failedMessage = "inviteAcceptFailed";
private destroy$ = new Subject<void>();
constructor( constructor(
protected router: Router, protected router: Router,
protected platformUtilService: PlatformUtilsService, protected platformUtilService: PlatformUtilsService,
@ -29,9 +32,13 @@ export abstract class BaseAcceptComponent implements OnInit {
abstract unauthedHandler(qParams: Params): Promise<void>; abstract unauthedHandler(qParams: Params): Promise<void>;
ngOnInit() { ngOnInit() {
// eslint-disable-next-line rxjs/no-async-subscribe this.route.queryParams
this.route.queryParams.pipe(first()).subscribe(async (qParams) => { .pipe(
let error = this.requiredParameters.some((e) => qParams?.[e] == null || qParams[e] === ""); first(),
switchMap(async (qParams) => {
let error = this.requiredParameters.some(
(e) => qParams?.[e] == null || qParams[e] === ""
);
let errorMessage: string = null; let errorMessage: string = null;
if (!error) { if (!error) {
this.authed = await this.stateService.getIsAuthenticated(); this.authed = await this.stateService.getIsAuthenticated();
@ -59,6 +66,9 @@ export abstract class BaseAcceptComponent implements OnInit {
} }
this.loading = false; this.loading = false;
}); }),
takeUntil(this.destroy$)
)
.subscribe();
} }
} }

4
apps/web/src/auth/accept-emergency.component.ts
View File

@ -36,6 +36,7 @@ export class AcceptEmergencyComponent extends BaseAcceptComponent {
request.token = qParams.token; request.token = qParams.token;
this.actionPromise = this.apiService.postEmergencyAccessAccept(qParams.id, request); this.actionPromise = this.apiService.postEmergencyAccessAccept(qParams.id, request);
await this.actionPromise; await this.actionPromise;
await this.stateService.setEmergencyAccessInvitation(null);
this.platformUtilService.showToast( this.platformUtilService.showToast(
"success", "success",
this.i18nService.t("inviteAccepted"), this.i18nService.t("inviteAccepted"),
@ -51,5 +52,8 @@ export class AcceptEmergencyComponent extends BaseAcceptComponent {
// Fix URL encoding of space issue with Angular // Fix URL encoding of space issue with Angular
this.name = this.name.replace(/\+/g, " "); this.name = this.name.replace(/\+/g, " ");
} }
// save the invitation to state so sso logins can find it later
await this.stateService.setEmergencyAccessInvitation(qParams);
} }
} }

15
apps/web/src/auth/sso.component.ts
View File

@ -61,6 +61,21 @@ export class SsoComponent extends BaseSsoComponent {
async ngOnInit() { async ngOnInit() {
super.ngOnInit(); super.ngOnInit();
// if we have an emergency access invite, redirect to emergency access
const emergencyAccessInvite = await this.stateService.getEmergencyAccessInvitation();
if (emergencyAccessInvite != null) {
this.onSuccessfulLoginNavigate = async () => {
this.router.navigate(["/accept-emergency"], {
queryParams: {
id: emergencyAccessInvite.id,
name: emergencyAccessInvite.name,
email: emergencyAccessInvite.email,
token: emergencyAccessInvite.token,
},
});
};
}
// eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe // eslint-disable-next-line rxjs-angular/prefer-takeuntil, rxjs/no-async-subscribe
this.route.queryParams.pipe(first()).subscribe(async (qParams) => { this.route.queryParams.pipe(first()).subscribe(async (qParams) => {
if (qParams.identifier != null) { if (qParams.identifier != null) {

14
apps/web/src/auth/two-factor.component.ts
View File

@ -87,6 +87,20 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
if (previousUrl) { if (previousUrl) {
this.router.navigateByUrl(previousUrl); this.router.navigateByUrl(previousUrl);
} else { } else {
// if we have an emergency access invite, redirect to emergency access
const emergencyAccessInvite = await this.stateService.getEmergencyAccessInvitation();
if (emergencyAccessInvite != null) {
this.router.navigate(["/accept-emergency"], {
queryParams: {
id: emergencyAccessInvite.id,
name: emergencyAccessInvite.name,
email: emergencyAccessInvite.email,
token: emergencyAccessInvite.token,
},
});
return;
}
this.router.navigate([this.successRoute], { this.router.navigate([this.successRoute], {
queryParams: { queryParams: {
identifier: this.identifier, identifier: this.identifier,

10
libs/angular/src/auth/components/sso.component.ts
View File

@ -186,7 +186,7 @@ export class SsoComponent {
const response = await this.formPromise; const response = await this.formPromise;
if (response.requiresTwoFactor) { if (response.requiresTwoFactor) {
if (this.onSuccessfulLoginTwoFactorNavigate != null) { if (this.onSuccessfulLoginTwoFactorNavigate != null) {
this.onSuccessfulLoginTwoFactorNavigate(); await this.onSuccessfulLoginTwoFactorNavigate();
} else { } else {
this.router.navigate([this.twoFactorRoute], { this.router.navigate([this.twoFactorRoute], {
queryParams: { queryParams: {
@ -197,7 +197,7 @@ export class SsoComponent {
} }
} else if (response.resetMasterPassword) { } else if (response.resetMasterPassword) {
if (this.onSuccessfulLoginChangePasswordNavigate != null) { if (this.onSuccessfulLoginChangePasswordNavigate != null) {
this.onSuccessfulLoginChangePasswordNavigate(); await this.onSuccessfulLoginChangePasswordNavigate();
} else { } else {
this.router.navigate([this.changePasswordRoute], { this.router.navigate([this.changePasswordRoute], {
queryParams: { queryParams: {
@ -207,7 +207,7 @@ export class SsoComponent {
} }
} else if (response.forcePasswordReset !== ForceResetPasswordReason.None) { } else if (response.forcePasswordReset !== ForceResetPasswordReason.None) {
if (this.onSuccessfulLoginForceResetNavigate != null) { if (this.onSuccessfulLoginForceResetNavigate != null) {
this.onSuccessfulLoginForceResetNavigate(); await this.onSuccessfulLoginForceResetNavigate();
} else { } else {
this.router.navigate([this.forcePasswordResetRoute]); this.router.navigate([this.forcePasswordResetRoute]);
} }
@ -215,10 +215,10 @@ export class SsoComponent {
const disableFavicon = await this.stateService.getDisableFavicon(); const disableFavicon = await this.stateService.getDisableFavicon();
await this.stateService.setDisableFavicon(!!disableFavicon); await this.stateService.setDisableFavicon(!!disableFavicon);
if (this.onSuccessfulLogin != null) { if (this.onSuccessfulLogin != null) {
this.onSuccessfulLogin(); await this.onSuccessfulLogin();
} }
if (this.onSuccessfulLoginNavigate != null) { if (this.onSuccessfulLoginNavigate != null) {
this.onSuccessfulLoginNavigate(); await this.onSuccessfulLoginNavigate();
} else { } else {
this.router.navigate([this.successRoute]); this.router.navigate([this.successRoute]);
} }

4
libs/angular/src/auth/components/two-factor.component.ts
View File

@ -204,7 +204,7 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
} }
if (this.onSuccessfulLogin != null) { if (this.onSuccessfulLogin != null) {
this.loginService.clearValues(); this.loginService.clearValues();
this.onSuccessfulLogin(); await this.onSuccessfulLogin();
} }
if (response.resetMasterPassword) { if (response.resetMasterPassword) {
this.successRoute = "set-password"; this.successRoute = "set-password";
@ -214,7 +214,7 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
} }
if (this.onSuccessfulLoginNavigate != null) { if (this.onSuccessfulLoginNavigate != null) {
this.loginService.clearValues(); this.loginService.clearValues();
this.onSuccessfulLoginNavigate(); await this.onSuccessfulLoginNavigate();
} else { } else {
this.loginService.clearValues(); this.loginService.clearValues();
this.router.navigate([this.successRoute], { this.router.navigate([this.successRoute], {

2
libs/common/src/abstractions/state.service.ts
View File

@ -298,6 +298,8 @@ export abstract class StateService<T extends Account = Account> {
setOpenAtLogin: (value: boolean, options?: StorageOptions) => Promise<void>; setOpenAtLogin: (value: boolean, options?: StorageOptions) => Promise<void>;
getOrganizationInvitation: (options?: StorageOptions) => Promise<any>; getOrganizationInvitation: (options?: StorageOptions) => Promise<any>;
setOrganizationInvitation: (value: any, options?: StorageOptions) => Promise<void>; setOrganizationInvitation: (value: any, options?: StorageOptions) => Promise<void>;
getEmergencyAccessInvitation: (options?: StorageOptions) => Promise<any>;
setEmergencyAccessInvitation: (value: any, options?: StorageOptions) => Promise<void>;
/** /**
* @deprecated Do not call this directly, use OrganizationService * @deprecated Do not call this directly, use OrganizationService
*/ */

1
libs/common/src/models/domain/global-state.ts
View File

@ -8,6 +8,7 @@ export class GlobalState {
installedVersion?: string; installedVersion?: string;
locale?: string; locale?: string;
organizationInvitation?: any; organizationInvitation?: any;
emergencyAccessInvitation?: any;
ssoCodeVerifier?: string; ssoCodeVerifier?: string;
ssoOrganizationIdentifier?: string; ssoOrganizationIdentifier?: string;
ssoState?: string; ssoState?: string;

17
libs/common/src/services/state.service.ts
View File

@ -1911,6 +1911,23 @@ export class StateService<
); );
} }
async getEmergencyAccessInvitation(options?: StorageOptions): Promise<any> {
return (
await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
)?.emergencyAccessInvitation;
}
async setEmergencyAccessInvitation(value: any, options?: StorageOptions): Promise<void> {
const globals = await this.getGlobals(
this.reconcileOptions(options, await this.defaultOnDiskOptions())
);
globals.emergencyAccessInvitation = value;
await this.saveGlobals(
globals,
this.reconcileOptions(options, await this.defaultOnDiskOptions())
);
}
/** /**
* @deprecated Do not call this directly, use OrganizationService * @deprecated Do not call this directly, use OrganizationService
*/ */