1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-12-11 14:48:46 +01:00
Commit Graph

422 Commits

Author SHA1 Message Date
Jared Snider
213b8f7ad0
Merge remote-tracking branch 'origin/master' into feature/trusted-device-encryption 2023-07-12 14:59:08 -04:00
Jared Snider
2a5a30844d
Auth/[PM-1260] - Existing User - Login with Trusted Device (Flow 2) (#5775)
* PM-1378 - Refactor - StateSvc.getDeviceKey() must actually convert JSON obj into instance of SymmetricCryptoKey

* TODO: BaseLoginDecryptionOptionsComponent - verify new user check doesn't improperly pick up key connector users

* PM-1260 - Add new encrypted keys to TrustedDeviceUserDecryptionOptionResponse

* PM-1260 - DeviceTrustCryptoSvc - decryptUserKeyWithDeviceKey: (1) update method to optionally accept deviceKey (2) Return null user key when no device key exists (3) decryption of user key now works in the happy path

* PM-1260 - LoginStrategy - SaveAcctInfo - Must persist device key on new account entity created from IdTokenResponse for TDE to work

* PM-1260 - SSO Login Strategy - setUserKey refactor - (1) Refactor existing logic into trySetUserKeyForKeyConnector + setUserKeyMasterKey call and (2) new trySetUserKeyWithDeviceKey method for TDE

* PM-1260 - Refactor DeviceTrustCryptoService.decryptUserKeyWithDeviceKey(...) - Add try catch around decryption attempts which removes device key (and trust) on decryption failure + warn.

* PM-1260 - Account - Add deviceKey to fromJSON

* TODO: add device key tests to account keys

* TODO: figure out state service issues with getDeviceKey or if they are an issue w/ the account deserialization as a whole

* PM-1260 - Add test suite for decryptUserKeyWithDeviceKey

* PM-1260 - Add interfaces for server responses for UserDecryptionOptions to make testing easier without having to use the dreaded any type.

* PM-1260 - SSOLoginStrategy - SetUserKey - Add check looking for key connector url on user decryption options + comment about future deprecation of tokenResponse.keyConnectorUrl

* PM-1260 - SSO Login Strategy Spec file - Add test suite for TDE set user key logic

* PM-1260 - BaseLoginStrategy - add test to verify device key persists on login

* PM-1260 - StateService - verified that settings persist properly post SSO and it's just device keys we must manually instantiate into SymmetricCryptoKeys

* PM-1260 - Remove comment about being unable to feature flag auth service / login strategy code due to circ deps as we don't need to worry about it b/c of the way we've written the new logic to be additive.

* PM-1260 - DevicesApiServiceImplementation - Update constructor to properly use abstraction for API service

* PM-1260 - Browser - AuthService - (1) Add new, required service factories for auth svc and (2) Update auth svc creation in main.background with new deps

* PM-1260 - CLI - Update AuthSvc deps

* PM-1260 - Address PR feedback to add clarity / match conventions

* PM-1260 - Resolving more minor PR feedback

* PM-1260 - DeviceTrustCryptoService - remove debug warn

* PM-1378 - DeviceTrustCryptoSvc - TrustDevice - Fix bug where we only partially encrypted the user key with the device public key b/c I incorrectly passed userKey.encKey (32 bytes) instead of userKey.key (64 bytes) to the rsaEncrypt function which lead to an encryption type mismatch when decrypting the user's private key with the 32 byte decrypted user key obtained after TDE login.  (Updated happy path test to prevent this from happening again)

* PM-1260 - AccountKeys tests - add tests for deviceKey persistence and deserialization

* PM-1260 - DeviceTrustCryptoSvc Test - tweak verbiage per feedback

* PM-1260 - DeviceTrustCryptoSvc - Test verbiage tweak part 2

* Update apps/browser/src/background/service-factories/devices-api-service.factory.ts

per PR feedback

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

---------

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2023-07-12 12:14:24 -04:00
github-actions[bot]
a1f6d19ab7
Bumped all version to 2023.7.0 (#5792)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
Co-authored-by: Vince Grassia <593223+vgrassia@users.noreply.github.com>
2023-07-11 13:45:17 -04:00
Jacob Fink
e789d6ec70
Merge branch 'tde-key-model-migration' into feature/trusted-device-encryption 2023-07-07 10:28:56 -04:00
Jacob Fink
60708831fe
Merge branch 'master' into feature/trusted-device-encryption 2023-07-07 10:24:11 -04:00
github-actions[bot]
cf7b3efe66
Autosync the updated translations (#5758)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-07-07 05:10:23 +00:00
Jacob Fink
160ca2cd3b
Merge branch 'master' into tde-key-model-migration 2023-07-06 12:41:41 -04:00
Robyn MacCallum
b737c70712
[PM-2067] Update Folder Add-Edit modal to use the Component Library (#5648)
* Add formGroup to base FolderAddEditComponent

* [web] use DialogService to open the modal

* [web] migrate FolderAddEditComponent use component library

* [desktop] use the formGroup in the template

* [browser] use the formGroup in the template

* [browser & desktop] remove disable on form invalid

* [web] Migrate to async actions

* [web] Strengthen typing for FolderAddEdit dialog

* Show form error instead of error toast

* Move browser folder add edit component to vault

* Remove extra template variables

* Remove inner form

* Remove inner form

* Update apps/web/src/app/vault/individual-vault/folder-add-edit.component.html

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>

---------

Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com>
2023-07-06 09:58:12 -04:00
Andreas Coroiu
887b2ec78e
[PM-1033] Org invite user creation flow 1 (#5611)
* [PM-1033] feat: basic redirection to login initiated

* [PM-1033] feat: add ui for TDE enrollment

* [PM-1033] feat: implement auto-enroll

* [PM-1033] chore: add todo

* [PM-1033] feat: add support in browser

* [PM-1033] feat: add support for desktop

* [PM-1033] feat: improve key check hack to allow regular accounts

* [PM-1033] feat: init asymmetric account keys

* [PM-1033] chore: temporary fix bug from merge

* [PM-1033] feat: properly check if user can go ahead an auto-enroll

* [PM-1033] feat: simplify approval required

* [PM-1033] feat: rewrite using discrete states

* [PM-1033] fix: clean-up and fix merge artifacts

* [PM-1033] chore: clean up empty ng-container

* [PM-1033] fix: new user identification logic

* [PM-1033] feat: optimize data fetching

* [PM-1033] feat: split user creating and reset enrollment

* [PM-1033] fix: add missing loading false statement

* [PM-1033] fix: navigation logic in sso component

* [PM-1033] fix: add missing query param

* [PM-1033] chore: rename to `ExistingUserUntrustedDevice`

* PM-1033 - fix component templates to reference `ExistingUserUntrustedDevice` so clients can build

---------

Co-authored-by: Jared Snider <jsnider@bitwarden.com>
2023-07-06 09:16:16 +02:00
Jacob Fink
32867e9207
update comment about state service 2023-07-05 16:45:39 -04:00
sdimarzo
b0d7a71b38
fixed translation bugs inside the "Options" page (#5698)
Co-authored-by: Jason Ng <jng@bitwarden.com>
2023-07-03 12:21:38 -04:00
Andreas Coroiu
87468a2aa6
[PM-1203] Replace MP confirmation with verification code (#5656)
* [PM-1203] feat: ask for OTP if user does not have MP

* [PM-1203] feat: add backwards compatibility for accounts/servers without decryption options

* [PM-1203] feat: move hasMasterPassword to user-verification.service

* [PM-1203] fix: remove duplicate implementation from crypto service

* [PM-1203] fix: cli build
2023-07-03 10:10:48 +02:00
Jared Snider
24d3f5bbe5
Feature/PM-1212 - TDE - Approve with master password flow (#5706)
* PM-1212 - StateSvc - Add getUserDeviceTrustChoice && setUserDeviceTrustChoice to persist user's choice in local storage in case of refresh on login approval screens (ex: lock)

* PM-1212 - DeviceCryptoSvc - Add getUserDeviceTrustChoice && setUserDeviceTrustChoice as state service is lower level service for caching

* PM-1212 - LoginDecryptionOptionsComp - Save result of rememberEmail checkbox into local storage via deviceCryptoService.setUserDeviceTrustChoice

* PM-1212 - Lock component - after user key is set, check if user chose to establish trust, and if they did, then establish trust and reset choice.

* PM-1212 - Update naming of methods per discussion with Jake + add comment explaining intended single use retrieval and need for resetting the value.

* DeviceCryptoService - Refactor - decryptUserKey --> decryptUserKeyWithDeviceKey to match crypto service refactor naming convention

* PM-1212 - Refactor State Service per PR feedback to store trustDeviceChoiceForDecryption on Account.settings b/c the temp setting is scoped to a user.

* PM-2759 - SSO & 2FA Navigation to TDE Comp - Needs more work - Found scenarios on web with 2FA in which the expected navigation doesn't work. Adding TODO to assist in fixing

* (1) Add Trust to DeviceCryptoService name
(2) Move DeviceTrustCryptoService under auth folder

* PM-1212 - Add tests for new getUserTrustDeviceChoiceForDecryption and setUserTrustDeviceChoiceForDecryption methods + TODOs for future tests.

* PM-1212- Renaming / moving DeviceTrustCryptoService broke all the things - fixed all the client builds.

* PM-1212- Copy doc comment to abstraction per PR feedback

* PM-1212 - BaseLoginDecryptionOptions comp - remove unncessary cast to form control as apparently reactive forms now properly derives types.
2023-06-30 14:18:08 -04:00
Jacob Fink
86423d8e22
Merge branch 'master' into tde-key-model-migration 2023-06-30 11:46:37 -04:00
Jacob Fink
6068421df7
fix browser state service tests 2023-06-30 11:20:13 -04:00
Jacob Fink
e66ae53bf9
prevent duplicate cache deletes in browser 2023-06-30 11:11:11 -04:00
github-actions[bot]
71d6c84526
Autosync the updated translations (#5713)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-06-30 00:10:28 +00:00
Jacob Fink
301028f8db
add hack to get around duplicate instances of disk cache on browser 2023-06-29 16:50:16 -04:00
Jason Ng
3abb1c9a3b
[PM-269] remove no-hover from login items in browser tab (#5696) 2023-06-29 12:44:36 -04:00
Andreas Coroiu
657373dbdc
Merge branch 'master' into feature/PM-1049-TDE-flow-3-login-decryption-options 2023-06-28 16:29:52 +02:00
Jacob Fink
97a2d5b962
revert sharing disk cache between contexts 2023-06-28 10:21:31 -04:00
ike-kottlowski
a1c4460068
[PM-270] fixed case in EN locale for browser (#5670) 2023-06-28 07:11:48 -07:00
Andreas Coroiu
a73525a80c
[PM-2135] [BEEEP] Refactor and refresh web user verification components (#5377)
* [PM-2135] feat: create new user-verification module

* [PM-2136] feat: add ability to remove form field bottom margin

(cherry picked from commit 05925ff77ed47f3865c2aecade8271390d9e2fa6)

* [PM-2135] feat: refactor user-verification component

* [PM-2135] feat: refactor user-verification-prompt

* [PM-2135] feat: use form validation in prompt

* [PM-2135] feat: change autofocus target

* [PM-2135] chore: clean up old code

* [PM-2135] feat: allow user verification to show invalid password error

* [PM-2135] feat: hack mark as touched to get error to display

* [PM-2135] chore: move to auth

* [PM-2135] fix: hardcoded dialog buttons

* [PM-2135] feat: add onDestroy handler

* [PM-2135] fix: remove unecessary directive input

* [PM-2135] feat: add password toggle

* [PM-2135] chore: add hack comment

* [PM-2135] chore: move services to auth folder and rename

* [PM-2135] fix: show correct error messages

* [PM-2135] fix: re-add non-existant files to whitelist

I honestly don't know why the linter is complaining about this

* Fix capital letters whitelist

* [PM-2135] chore: remove rows that were mistakenly added during merge from master

* [PM-2135] chore: remove rows that were mistakenly added during merge from master

* [PM-2135] feat: disable built-in browser validations

* Revert "[PM-2135] feat: disable built-in browser validations"

This reverts commit 969f75822a.

---------

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2023-06-28 09:02:22 -04:00
Jared Snider
fa11b60c5b
Feature/PM-1049 - TDEFflow 3 login decryption options - PR feedback changes (#5642)
* PM-1049 - PR Feedback change - Browser - replace incorrect use of routerlink with manual attribute styling to keep anchor styling + tab focus while not having a router action race condition for the log out action to complete.

* PM-1049 - PR Feedback - State Service changes - rename get/setAcctDecryptionOptions to  get/setAccountDecryptionOptions

* PM-1049 - PR Feedback changes - LoginDecryptionOptionsComp - Remove unncessary appA11yTitle directives as title / aria text would be identical to the displayed inner button text.

* DeviceType - Create sets of device types which other components can reference to avoid having to manually define groups of device types.

* PM-1049 - PR Feedback Changes - Update base-login-decryption-options component to leverage async piped observables per best practices. Updated all client templates to leverage new data streams.

* PM-1049 - BaseLoginDecryptionOptionsComp - Add validation service for generic error handling

* PM-1049 - DeviceResponse mistakenly had name as a number instead of a string

* PM-1049 - First draft of creating observable based data store service for Devices so that the base login comp can leverage it instead of calling the devices API service directly (as it will be moved into the SDK in the future).

* PM-1049 - Register new DevicesService on jslib-services module for use in components.

* PM-1049 - Add new hasDevicesOfTypes call to devices data store svc + devices API service.

* PM-1049 - BaseLoginDecryptionOptionsComp - wire up call to devicesService.hasDevicesOfTypes to replace getDevices() to avoid bringing down all trusted device information unnecessarily.

* PM-1049 - LoginDecryptionOptionsComp - Web HTML - clean up loading state so it displays spinner centered properly.

* PM-1049 - LoginDecryptionOptionsComp - Desktop HTML - Don't show login initiated title while page is loading to match other clients behavior.

* PM-1049 - Devices Services - Update naming of hasDevicesOfTypes to match new name on back end + route change to getDevicesExistenseByTypes

* PM-1049 - Device Response & View models - remove keys which are going to be deprecated on the base model

* PM-1049 - DevicesService - devicesBSubject --> devicesSubject rename per PR feedback

* PM-1049 - Devices Services - correct spelling of existence (*facepalm*)

* PM-1049 - Update comment for clarity per PR feedback

* PM-1049 - DevicesSvc - UserSymKey --> UserKey rename

* PM-1049 - BaseLoginDecryptionOptions - replace user email source - get from stateService vs tokenService.

* PM-1049 - BaseLoginDecryptionOptions - Remove uncessary check for userEmail as we will always have it here otherwise everything in the app is broken.

* PM-1049 - BaseLoginDecryptionOptions - Finish cleaning up removal of user email from showReqAdminApprovalBtn$ stream

* PM-1049 - LoginDecryptionOptionsComp - HTML revisions in web & browser to better space out buttons using tailwind or top margin to avoid need for multiple async pipes and shareReplay.

* PM-1049 - DevicesService - of course all observables should have $ suffix. Facepalm.

* PM-1049 - BaseLoginDecryptionOptionsComp - Update verbiage and style of destroy observable used for hooking into ngOnDestroy lifecycle to clean up all observables

* PM-1049 - BaseLoginDecryptionOptions - PR feedback changes - refactor user email to have an underlying bSubject stream to ensure subscription/promise execution separately from the template async pipe subscribing to the stream.

* PM-1049 - DevicesApiService - getDevicesExistenceByTypes - PR feedback - explicitly convert result to boolean instead of casting.

* PM-1049 - BaseLoginDecryptionOptionsComp - Add ShareReplay for getAccountDecryptionOptions + context per PR feedback

* PM-1049 - LoginDecryptionOptionsComp - Completely back away from template async pipe reactive approach as it caused massively increased complexity for little gain. Instead, just focus on reactively pulling asynchronously retrieved data and setting page loading state simply. This just works and is so much less overhead. + Add comments re flows of the component to be done later

* PM-1049- Revert DevicesService implementation from smart data store cache service giant mess into simple, clean data passthrough service to avoid complexity and keep moving forward. YAGNI

Co-authored-by: Andreas Coroiu <andreas@andreascoroiu.com>

* PM-1049 -  DeviceCryptoService - Add decryptUserKey method (WIP)

* PM-1049 - AccountDecryptionOptions - add get helpers for checking for trusted device / key connector decryption option existence.

* PM-1049 - SSO Login Strategy - added comments in setUserKey method for where we will probably be consuming device keys and determining if the device is trusted or not (i.e., if we can get a decrypted user sym key in memory)

* PM-1049 - DeviceCryptoSvc.decryptUserKey - Update method to properly use state service device key retrieval + add TODO to figure out what to do if user has previously had a device key and has cleared their local cache (which will result in the device being untrusted now)

* PM-1049 - SSO Login Strategy - add comment re future passkey login strategy support

* PM-2759 - SSO & 2FA components updated with v0 of navigation logic to send users to LoginDecryptionOptions

* PM-1049 - Account > AccountDecryptionOptions - can't create getter helper methods for determining if user has decryption options b/c of issues w/ account deserialization. Moving past b/c I can just easily check if the given options are not undefined.

* PM-2759 - Add TODOs for deprecation of id token response resetMasterPassword logic and replacement with use of accountDecryptionOptions

---------

Co-authored-by: Andreas Coroiu <andreas@andreascoroiu.com>
2023-06-27 19:58:59 -04:00
Jacob Fink
0debdc5514
more crypto service refactors
- check for auto key when getting user key
- consolidate getUserKeyFromMemory and FromStorage methods
- move bio key references out of base crypto service
- update either pin key when setting user key instead of lock component
- group deprecated methods
- rename key legacy method
2023-06-27 18:53:40 -04:00
Jacob Fink
0bbba9c6f7
rename retrieveUserKeyFromStorage 2023-06-27 09:16:16 -04:00
Jacob Fink
31a1491c81
rename pinLock to pinEnabled 2023-06-26 22:10:29 -04:00
Jacob Fink
07ed368c24
add secondary fallback name for bio key for safari 2023-06-26 15:47:43 -04:00
Jacob Fink
71ebb17a56
change isPinLockSet to union type 2023-06-26 13:41:37 -04:00
Jacob Fink
c942bc08ca
Merge branch 'tde-key-model-migration' into feature/PM-1049-TDE-flow-3-login-decryption-options 2023-06-23 13:54:15 -04:00
Jacob Fink
a4b329b413
Merge branch 'master' into tde-key-model-migration 2023-06-23 13:05:13 -04:00
Jacob Fink
07c24e1393
remove userId from browser crypto service 2023-06-23 11:07:49 -04:00
Jacob Fink
6349410ec2
rename 'user symmetric key' with 'user key' 2023-06-23 10:59:54 -04:00
Andreas Coroiu
44bfca0da1
Merge branch 'master' into feature/PM-1049-TDE-flow-3-login-decryption-options 2023-06-22 08:24:35 +02:00
github-actions[bot]
19d2b2594c
Bumped browser version to 2023.5.1 (#5647)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-06-21 13:39:08 -04:00
Andrew Dassonville
4dc34fc7a8
[PM-2609] Allow auto-filling TOTP codes (#2142)
* Begin implementing TOTP autofill

* Add support for Cloudflare

* Fix linting errors

* Add GitHub support

* Automatically check for autocomplete="one-time-code"

* Fix TOTP-filling for Steam

* Make auto-fill on page load work for TOTP

* [PM-2609] Introduce logic to handle skipping autofill of TOTP on page load

* [PM-2609] Ensuring other forms of user initiated autofill can autofill the TOTP value for a vault item

---------

Co-authored-by: Daniel James Smith <djsmith@web.de>
Co-authored-by: Cesar Gonzalez <cgonzalez@bitwarden.com>
Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>
2023-06-21 10:18:46 -05:00
Jacob Fink
a1e61feec3
Revert "share disk cache between contexts on browser"
This reverts commit 56a590c491.
2023-06-21 10:39:26 -04:00
Jacob Fink
56a590c491
share disk cache between contexts on browser 2023-06-21 09:31:04 -04:00
Jared Snider
d7e29a0d22
Merge remote-tracking branch 'origin/master' into feature/PM-1049-TDE-flow-3-login-decryption-options 2023-06-20 15:25:44 -04:00
Jacob Fink
7f0749ca5c
share disk cache to fix syncing issues between contexts 2023-06-19 09:49:26 -04:00
Jacob Fink
6b9a7ab1e6
disable disk cache for browser due to bg script/popup race conditions 2023-06-19 09:49:25 -04:00
Jacob Fink
2dbe03ba11
add early exit to native messaging flow for errors 2023-06-19 09:49:25 -04:00
Jacob Fink
61ba9692bc
migrate native messaging for biometrics to use new key model
- support backwards compatibility
- update safari web extension to send user key
- add error handling
2023-06-19 09:49:24 -04:00
Jacob Fink
7110e3cda6
fix EncString serialization issues & various fixes
Co-authored-by: Matt Gibson <MGibson1@users.noreply.github.com>
2023-06-19 09:49:24 -04:00
github-actions[bot]
df2c6e283f
Autosync the updated translations (#5625)
Co-authored-by: bitwarden-devops-bot <106330231+bitwarden-devops-bot@users.noreply.github.com>
2023-06-19 09:05:40 +00:00
Robyn MacCallum
2b65b3f0f7
[AC-1383] Move collections to Vault (#5424)
* Move CollectionDialog to Vault

* Fix CollectionDialogModule imports

* Move CollectionAdminService and View to Vault

* Move CollectionService to Vault

* Split GroupService into internal and public facing classes

* Move collection models to vault

* lint spacing fix

* Move collection spec file

* Fix spec import

* Update apps/web/src/app/core/core.module.ts

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>

* Remove CoreOrganizationModule from CollectionDialogModule

---------

Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2023-06-14 08:38:24 -04:00
Daniel James Smith
72a5ba455c
[PM-2367] [BEEEP]: Extract password strength from password-generation-service (#5502)
* Extract passwordStrength from passwordGenerationService

Extract passwordStrength from password-generation.service.ts
Create new password-strength.service.ts
Create new password-strength.service.abstraction.ts
Register new password-strength service
Fix usages in libs

* Fix usage in web

* Fix usage in desktop

* Fix usage in CLI

* Fix usage in browser

Move password-generation-factory to tools

* Fix tests

* Change dependency in jslib-services.module
2023-06-13 23:22:25 +02:00
Jared Snider
b6c2c83936
Merge branch 'master' into feature/PM-1049-TDE-flow-3-login-decryption-options 2023-06-13 16:13:53 -04:00
Thomas Rittson
22caae116c
Restrict angular imports (#5597)
* Refactor restricted imports eslint rule, add angular deps

* Move FormValidationErrorsService into libs/angular

* Remove angular decorators from configService

* Remove angular decorator from anonymousHubService
2023-06-13 10:03:32 +10:00
Jared Snider
3768903b35
PM-1049 - Web/Browser/Desktop LoginDecryptionOptions - (1) Wire up approval buttons (2) Add conditional margins (3) Loading spinner added (4) Display userEmail + "not you" logout link 2023-06-10 20:19:21 -04:00