1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-12-01 13:13:36 +01:00
Commit Graph

73 Commits

Author SHA1 Message Date
Bernd Schoolmann
b2966b158a
[PM-11461] Fix jit proivisioning for snap desktop (#10794)
* Fix snap jit privisioning

* Fix server keeping connection open on favicon request
2024-09-05 18:15:09 -04:00
Bernd Schoolmann
3c9b3ea2cc
[PM-6296] Fix biometrics error prompt when biometrics are temporarily unavailable in browser extension (v2) (#10374)
* Create unavailable message for biometrics when in clamshell mode

* Move browser biometrics

* Inject nativemessagingbackground instead of using constructor

* Fix linting

* Fix build on browser
2024-08-27 06:25:20 +00:00
Bernd Schoolmann
86f3a679ae
[PM-4530] Fix sso in snap desktop (#10548)
* Add localhost callback service for sso

* Fix redirect behaviour

* Update apps/desktop/src/app/app.component.ts

Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>

* Fix incorrect http response for sso callback

* Add sso error

* Update error message

---------

Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
2024-08-26 15:13:45 +02:00
Todd Martin
7b508b1ad7
[PM-8933] Require userId on setUserKey (#9675)
* Updated all sets of user key to pass in userId

* Added userId on auth request login.

* Fixed tests.

* Fixed tests to pass in UserId

* Added parameter to tests.

* Addressed PR feedback.

* Merged main
2024-08-13 08:07:36 -04:00
Bernd Schoolmann
2ce8500391
[PM-990] Unix biometrics unlock via Polkit (#4586)
* Update unix biometrics for desktop biometrics rework

* Implement polkit policy setup

* Enable browser integration on Linux

* Remove polkit policy file

* Undo change to messages.json

* Fix biometrics setup, implement missing functions

* Implement osSupportsBiometrics

* Fix polkit settings message

* Remove unwraps in biometrics unix rust module

* Force password reprompt on start on linux with biometrics

* Merge branch 'main' into feature/unix-biometrics

* Allow browser extension to be unlocked on Linux via Polkit

* Implement availability check

* Cleanup

* Add auto-setup, manual setup, setup detection and change localized prompts

* Implement missing methods

* Add i18n to polkit message

* Implement missing method

* Small cleanup

* Update polkit consent message

* Fix unlock and print errors on failed biometrics

* Add dependencies to core crate

* Fix reference and update polkit policy

* Remove async-trait

* Add tsdoc

* Add comment about auto setup

* Delete unused init

* Update help link

* Remove additional settings for polkit

* Add availability-check to passwords implementation on linux

* Add availability test

* Add availability check to libsecret

* Expose availability check in napi crate

* Update d.ts

* Update osSupportsBiometric check to detect libsecret presence

* Improve secret service detection

* Add client half to Linux biometrics

* Fix windows build

* Remove unencrypted key handling for biometric key

* Move rng to rust, align linux bio implementation with windows

* Consolidate elevated commands into one

* Disable snap support in linux biometrics

---------

Co-authored-by: DigitallyRefined <129616584+DigitallyRefined@users.noreply.github.com>
2024-08-06 11:04:17 -04:00
Bernd Schoolmann
cc45655b86
Revert "[PM-6296] Fix biometrics error prompt when biometrics are temporarily…" (#10373)
This reverts commit 1184c504d1.
2024-08-02 07:46:54 -04:00
Bernd Schoolmann
1184c504d1
[PM-6296] Fix biometrics error prompt when biometrics are temporarily unavailable in browser extension (#9851)
* Add availability check to biometrics

* Move isbiometricunlockavailable logic to parent component

* Fix availability detection on desktop

* FIx response parsing on browser

* Suppress pending biometric message while checking for availability

* Refactor biometrics functions out of platformutilsservice

* Remove unused constructor

* Remove unused abstract function definitions

* Rename abstract services

* Add documentation

* Rename service abstraction, add comments

* Add comments

* Refactor browser biometrics into background/foreground and remove callbacks

* Remove unused logs

* Remove unused logs
2024-08-02 12:31:11 +02:00
Bernd Schoolmann
537fa67b09
[PM-9465] Move shared ipc keys to main process (#9944)
* Remove old biometrics masterkey logic

* Move shared ipc keys to main process

* Update apps/desktop/src/platform/services/ephemeral-value-storage.main.service.ts

Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>

* Extract ephemeral store functions to it's own object

---------

Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
2024-07-31 10:03:13 -04:00
Bernd Schoolmann
5cf29a655b
[PM-9149] Enable "Timeout on System Lock" on Linux Desktop (#9645)
* Enable system lock detection on linux

* Fix order of vault timeout options

* Port to new plit core / napi desktop native crates

* Make unimplemented implementation panic for on_lock

* Remove unecessary String::from

* Update cargo lock

* Extract generation of vault timeout options
2024-07-25 17:09:03 +02:00
Bernd Schoolmann
457c0795be
Remove old biometrics masterkey logic (#9943) 2024-07-22 13:40:19 +00:00
Justin Baur
053e255a68
Delete Unused Bits of StateService (#9858)
* Delete Unused Bits of StateService

* Fix Tests
2024-07-08 20:38:10 -04:00
Andreas Coroiu
9d060be48c
[PM-9442] Add tests for undefined state values and proper emulation of ElectronStorageService in tests (#9910)
* fix: handle undefined value in migration 66

* fix: the if-statement was typo

* feat: duplicate error behavior in fake storage service

* feat: fix all migrations that were setting undefined values

* feat: add test for disabled fingrint in migration 66

* fix: default single user state saving undefined value to state

* revert: awaiting floating promise

gonna fix this in a separate PR

* Revert "feat: fix all migrations that were setting undefined values"

This reverts commit 034713256c.

* feat: automatically convert save to remove

* Revert "fix: default single user state saving undefined value to state"

This reverts commit 6c36da6ba5.
2024-07-03 16:06:55 +02:00
Daniel García
33c985e00b
[PM-8789] Move desktop_native into subcrate (#9682)
* Move desktop_native into subcrate

* Add publish = false to crates
2024-07-01 15:19:29 +02:00
Justin Baur
ba3d21094e
[PM-7541] Move Last Desktop Settings (#9310)
* Clone Initial Data In `runMigrator`

- When using test cases, mutating the input data causes problems.

* Migrate `minimizeOnCopy` & `browserIntegrationEnabled`

* Update From Main

* Move Fingerprint Setting

- No Migration Yet

* Add Fingerprint to Migrations

* Convert Messaging to `async`

* Switch to calling `Boolean` for Map Function

* Catch Errors

* Remove LogService
2024-06-06 14:26:17 -04:00
Justin Baur
a6df923416
[PM-8292] Fixup ForegroundSyncService (#9292)
* Change `object` to `Record<string, unknown>`

* Change `object` to `Record<string, unknown>` Pt. 2

* Update ForegroundSyncService

- Manage finish message in the listener to more gaurantee a message back
- Make the timeout much longer
- Allow it to throw if the background sync service threw

---------

Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>
2024-05-29 12:12:58 -04:00
Matt Gibson
426bacfd67
Ps/pm-8003/handle-dekstop-invalidated-message-encryption (#9181)
* Do not initialize symmetric crypto keys with null

* Require new message on invalid native message encryption

Handling of this error is to require the user to retry, so the promise needs to resolve.
2024-05-15 10:45:40 -04:00
rr-bw
a42de41587
[PM-5363] PinService State Providers (#8244)
* move pinKeyEncryptedUserKey

* move pinKeyEncryptedUserKeyEphemeral

* remove comments, move docs

* cleanup

* use UserKeyDefinition

* refactor methods

* add migration

* fix browser dependency

* add tests for migration

* rename to pinService

* move state to PinService

* add PinService dep to CryptoService

* move protectedPin to state provider

* update service deps

* renaming

* move decryptUserKeyWithPin to pinService

* update service injection

* move more methods our of crypto service

* remove CryptoService dep from PinService and update service injection

* remove cryptoService reference

* add method to FakeMasterPasswordService

* fix circular dependency

* fix desktop service injection

* update browser dependencies

* add protectedPin to migrations

* move storePinKey to pinService

* update and clarify documentation

* more jsdoc updates

* update import paths

* refactor isPinLockSet method

* update state definitions

* initialize service before injecting into other services

* initialize service before injecting into other services (bw.ts)

* update clearOn and do additional cleanup

* clarify docs and naming

* assign abstract & private methods, add clarity to decryptAndMigrateOldPinKeyEncryptedMasterKey() method

* derived state (attempt)

* fix typos

* use accountService to get active user email

* use constant userId

* add derived state

* add get and clear for oldPinKeyEncryptedMasterKey

* require userId

* move pinProtected

* add clear methods

* remove pinProtected from account.ts and replace methods

* add methods to create and store pinKeyEncryptedUserKey

* add pinProtected/oldPinKeyEncrypterMasterKey to migration

* update migration tests

* update migration rollback tests

* update to systemService and decryptAndMigrate... method

* remove old test

* increase length of state definition name to meet test requirements

* rename 'TRANSIENT' to 'EPHEMERAL' for consistency

* fix tests for login strategies, vault-export, and fake MP service

* more updates to login-strategy tests

* write new tests for core pinKeyEncrypterUserKey methods and isPinSet

* write new tests for pinProtected and oldPinKeyEncryptedMasterKey methods

* minor test reformatting

* update test for decryptUserKeyWithPin()

* fix bug with oldPinKeyEncryptedMasterKey

* fix tests for vault-timeout-settings.service

* fix bitwarden-password-protected-importer test

* fix login strategy tests and auth-request.service test

* update pinService tests

* fix crypto service tests

* add jsdoc

* fix test file import

* update jsdocs for decryptAndMigrateOldPinKeyEncryptedMasterKey()

* update error messages and jsdocs

* add null checks, move userId retrievals

* update migration tests

* update stateService calls to require userId

* update test for decryptUserKeyWithPin()

* update oldPinKeyEncryptedMasterKey migration tests

* more test updates

* fix factory import

* update tests for isPinSet() and createProtectedPin()

* add test for makePinKey()

* add test for createPinKeyEncryptedUserKey()

* add tests for getPinLockType()

* consolidate userId verification tests

* add tests for storePinKeyEncryptedUserKey()

* fix service dep

* get email based on userId

* use MasterPasswordService instead of internal

* rename protectedPin to userKeyEncryptedPin

* rename to pinKeyEncryptedUserKeyPersistent

* update method params

* fix CryptoService tests

* jsdoc update

* use EncString for userKeyEncryptedPin

* remove comment

* use cryptoFunctionService.compareFast()

* update tests

* cleanup, remove comments

* resolve merge conflict

* fix DI of MasterPasswordService

* more DI fixes
2024-05-08 11:34:47 -07:00
Matt Gibson
b4631b0dd1
Ps/improve-log-service (#8989)
* Match console method signatures in logService abstraction

* Add a few usages of improved signature

* Remove reality check test

* Improve electron logging
2024-04-30 12:58:16 -04:00
findseat
72f411b6e3
Signed-off-by: findseat <penglili@outlook.com> (#8636)
Signed-off-by: findseat <penglili@outlook.com>
2024-04-27 15:15:27 +00:00
Ike
1e4158fd87
[PM-5735] Create kdf Service (#8715)
* key connector migration initial

* migrator complete

* fix dependencies

* finalized tests

* fix deps and sync main

* clean up definition file

* fixing tests

* fixed tests

* fixing CLI, Browser, Desktop builds

* fixed factory options

* reverting exports

* implemented UserKeyDefinition clearOn

* Initial Kdf Service Changes

* rename and account setting kdfconfig

* fixing tests and renaming migration

* fixed DI ordering for browser

* rename and fix DI

* Clean up Migrations

* fixing migrations

* begin data structure changes for kdf config

* Make KDF more type safe; co-author: jlf0dev

* fixing tests

* Fixed CLI login and comments

* set now accepts userId and test updates

---------

Co-authored-by: Jake Fink <jfink@bitwarden.com>
2024-04-25 11:26:01 -07:00
Justin Baur
395ed3f5d4
[PM-7489] Introduce MessageSender & MessageListener (#8709)
* Introduce MessageSender

* Update `messageSenderFactory`

* Remove Comment

* Use BrowserApi

* Update Comment

* Rename to CommandDefinition

* Add More Documentation to MessageSender

* Add `EMPTY` helpers and remove NoopMessageSender

* Calm Down Logging

* Limit Logging On Known Errors

* Use `messageStream` Parameter

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>

* Add eslint rules

* Update Error Handling

Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>

* Delete Lazy Classes In Favor of Observable Factories

* Remove Fido Messages

---------

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
Co-authored-by: Cesar Gonzalez <cesar.a.gonzalezcs@gmail.com>
2024-04-19 15:02:40 -04:00
Daniel García
912b7c136e
[PM-5796] Improve desktop biometric browser integration error handling (#7727)
* Re-register native messaging host integrations on startup

* Check for errors when generating the manifests

* Add log to component

* Switch to Promise.all

* Add injectable service
2024-04-18 17:40:39 +02:00
Jake Fink
9d10825dbd
[PM-5362] Add MP Service (attempt #2) (#8619)
* create mp and kdf service

* update mp service interface to not rely on active user

* rename observable methods

* update crypto service with new MP service

* add master password service to login strategies
- make fake service for easier testing
- fix crypto service tests

* update auth service and finish strategies

* auth request refactors

* more service refactors and constructor updates

* setMasterKey refactors

* remove master key methods from crypto service

* remove master key and hash from state service

* missed fixes

* create migrations and fix references

* fix master key imports

* default force set password reason to none

* add password reset reason observable factory to service

* remove kdf changes and migrate only disk data

* update migration number

* fix sync service deps

* use disk for force set password state

* fix desktop migration

* fix sso test

* fix tests

* fix more tests

* fix even more tests

* fix even more tests

* fix cli

* remove kdf service abstraction

* add missing deps for browser

* fix merge conflicts

* clear reset password reason on lock or logout

* fix tests

* fix other tests

* add jsdocs to abstraction

* use state provider in crypto service

* inverse master password service factory

* add clearOn to master password service

* add parameter validation to master password service

* add component level userId

* add missed userId

* migrate key hash

* fix login strategy service

* delete crypto master key from account

* migrate master key encrypted user key

* rename key hash to master key hash

* use mp service for getMasterKeyEncryptedUserKey

* fix tests

* fix user key decryption logic

* add clear methods to mp service

* fix circular dep and encryption issue

* fix test

* remove extra account service call

* use EncString in state provider

* fix tests

* return to using encrypted string for serialization
2024-04-09 20:50:20 -04:00
Oscar Hinton
7064b595da
[SM-1031] Remove SecretsManager & showDDG compile flags (#8610)
Remove old compile flags which should no longer be required, and may even cause issues. secretsManager: false hides the app switcher which is now used for more than just secrets manager.
2024-04-08 17:46:24 +02:00
Jake Fink
775c8a1bbe
Revert "[PM-5362]Create MP Service for state provider migration (#7623)" (#8617)
This reverts commit b1abfb0a5c.
2024-04-04 16:17:09 +00:00
Jake Fink
b1abfb0a5c
[PM-5362]Create MP Service for state provider migration (#7623)
* create mp and kdf service

* update mp service interface to not rely on active user

* rename observable methods

* update crypto service with new MP service

* add master password service to login strategies
- make fake service for easier testing
- fix crypto service tests

* update auth service and finish strategies

* auth request refactors

* more service refactors and constructor updates

* setMasterKey refactors

* remove master key methods from crypto service

* remove master key and hash from state service

* missed fixes

* create migrations and fix references

* fix master key imports

* default force set password reason to none

* add password reset reason observable factory to service

* remove kdf changes and migrate only disk data

* update migration number

* fix sync service deps

* use disk for force set password state

* fix desktop migration

* fix sso test

* fix tests

* fix more tests

* fix even more tests

* fix even more tests

* fix cli

* remove kdf service abstraction

* add missing deps for browser

* fix merge conflicts

* clear reset password reason on lock or logout

* fix tests

* fix other tests

* add jsdocs to abstraction

* use state provider in crypto service

* inverse master password service factory

* add clearOn to master password service

* add parameter validation to master password service

* add component level userId

* add missed userId

* migrate key hash

* fix login strategy service

* delete crypto master key from account

* migrate master key encrypted user key

* rename key hash to master key hash

* use mp service for getMasterKeyEncryptedUserKey

* fix tests
2024-04-04 14:22:41 +00:00
Jared Snider
c202c93378
Auth/PM-5268 - DeviceTrustCryptoService state provider migration (#7882)
* PM-5268 - Add DEVICE_TRUST_DISK to state definitions

* PM-5268 - DeviceTrustCryptoService - Get most of state provider refactor done - WIP - commented out stuff for now.

* PM-5268 - DeviceTrustCryptoServiceStateProviderMigrator - WIP - got first draft of migrator in place and working on tests. Rollback tests are failing for some reason TBD.

* PM-5268 - more WIP on device trust crypto service migrator tests

* PM-5268 - DeviceTrustCryptoServiceStateProviderMigrator - Refactor based on call with platform

* PM-5268 - DeviceTrustCryptoServiceStateProviderMigrator - tests passing

* PM-5268 - Update DeviceTrustCryptoService to convert over to state providers + update all service instantiations / dependencies to ensure state provider is passed in or injected.

* PM-5268 - Register new migration

* PM-5268 - Temporarily remove device trust crypto service from migrator to ease merge conflicts as there are 6 more migrators before I can apply mine in main.

* PM-5268 - Update migration numbers of DeviceTrustCryptoServiceStateProviderMigrator based on latest migrations from main.

* PM-5268 - (1) Export new KeyDefinitions from DeviceTrustCryptoService for use in test suite (2) Update DeviceTrustCryptoService test file to use state provider.

* PM-5268 - Fix DeviceTrustCryptoServiceStateProviderMigrator tests to use proper versions

* PM-5268 - Actually fix all instances of DeviceTrustCryptoServiceStateProviderMigrator test failures

* PM-5268 - Clean up state service, account, and login strategy of all migrated references

* PM-5268 - Account - finish cleaning up device key

* PM-5268 - StateService - clean up last reference to device key

* PM-5268 - Remove even more device key refs. *facepalm*

* PM-5268 - Finish resolving merge conflicts by incrementing migration version from 22 to 23

* PM-5268 - bump migration versions

* PM-5268 - DeviceTrustCryptoService - Implement secure storage functionality for getDeviceKey and setDeviceKey (to achieve feature parity with the ElectronStateService implementation prior to the state provider migration). Tests to follow shortly.

* PM-5268 - DeviceTrustCryptoService tests - getDeviceKey now tested with all new secure storage scenarios. SetDeviceKey tests to follow.

* PM-5268 - DeviceTrustCryptoService tests - test all setDeviceKey scenarios with state provider & secure storage

* PM-5268 - Update DeviceTrustCryptoService deps to actually use secure storage svc on platforms that support it.

* PM-5268 - Bump migration version due to merge conflicts.

* PM-5268 - Bump migration version

* PM-5268 - tweak jsdocs to be single line per PR feedback

* PM-5268 - DeviceTrustCryptoSvc - improve debuggability.

* PM-5268 - Remove state service as a dependency on the device trust crypto service (woo!)

* PM-5268 - Update migration test json to correctly reflect reality.

* PM-5268 - DeviceTrustCryptoSvc - getDeviceKey - add throw error for active user id missing.

* PM-5268 - Fix tests

* PM-5268 - WIP start on adding user id to every method on device trust crypto service.

* PM-5268 - Update lock comp dependencies across clients

* PM-5268 - Update login via auth request deps across clients to add acct service.

* PM-5268 - UserKeyRotationSvc - add acct service to get active acct id for call to rotateDevicesTrust and then update tests.

* PM-5268 - WIP on trying to fix device trust crypto svc tests.

* PM-5268 - More WIP device trust crypto svc tests passing

* PM-5268 - Device Trust crypto service - get all tests passing

* PM-5268 - DeviceTrustCryptoService.getDeviceKey - fix secure storage b64 to symmetric crypto key conversion

* PM-5268 - Add more tests and update test names

* PM-5268 - rename state to indicate it was disk local

* PM-5268 - DeviceTrustCryptoService - save symmetric key in JSON format

* PM-5268 - Fix lock comp tests by adding acct service dep

* PM-5268 - Update set device key tests to pass

* PM-5268 - Bump migration versions again

* PM-5268 - Fix user key rotation svc tests

* PM-5268 - Update web jest config to allow use of common spec in user-key-rotation-svc tests

* PM-5268 - Bump migration version

* PM-5268 - Per PR feedback, save off user id

* PM-5268 - bump migration version

* PM-5268 - Per PR feedback, remove unnecessary await.

* PM-5268 - Bump migration verson
2024-04-01 16:02:58 -04:00
Oscar Hinton
2edc156dd6
[STRICT TS] Migrate platform abstract services functions (#8527)
We currently use a callback syntax for abstract services. This syntax isn't completely strict compliant and will fail the strictPropertyInitialization check. We also currently don't get any compile time errors if we forget to implement a function.

To that end this PR updates all platform owned services to use the appropriate abstract keyword for non implemented functions. I also updated the fields to be actual functions and not properties.
2024-03-28 12:01:09 +01:00
Jared Snider
a66e224d32
Auth/PM-7072 - Token Service - Access Token Secure Storage Refactor (#8412)
* PM-5263 - TokenSvc - WIP on access token secure storage refactor

* PM-5263 - Add key generation svc to token svc.

* PM-5263 - TokenSvc - more progress on encrypt access token work.

* PM-5263 - TokenSvc TODO cleanup

* PM-5263 - TokenSvc - rename

* PM-5263 - TokenSvc - decryptAccess token must return null as that is a valid case.

* PM-5263 - Add EncryptSvc dep to TokenSvc

* PM-5263 - Add secure storage to token service

* PM-5263 - TokenSvc - (1) Finish implementing accessTokenKey stored in secure storage + encrypted access token stored on disk  (2) Remove no longer necessary migration flag as the presence of the accessTokenKey now serves the same purpose.

Co-authored-by: Jake Fink <jfink@bitwarden.com>

* PM-5263 - TokenSvc - (1) Tweak return structure of decryptAccessToken to be more debuggable (2) Add TODO to add more error handling.

* PM-5263 - TODO: update tests

* PM-5263 - add temp logs

* PM-5263 - TokenSvc - remove logs now that I don't need them.

* fix tests for access token

* PM-5263 - TokenSvc test cleanup - small tweaks / cleanup

* PM-5263 - TokenService - per PR feedback from Justin - add error message to error message if possible.

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

---------

Co-authored-by: Jake Fink <jfink@bitwarden.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
2024-03-26 18:41:14 -04:00
Daniel James Smith
eea4d5407d
Add the missing languages to the translation.service (#8459)
This enables it being shown as anm option with the language selector on the individual clients

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2024-03-25 11:12:32 +01:00
Justin Baur
b450b31ec4
[PM-5540] DesktopSettingsService (#8369)
* WIP: First Try at making DesktopSettingsService

Does not work, migrations are ran in renderer but the values are read in main.

* Update window$ retrieval

* Fix DesktopSettings

* Rename Migration

* Add Migration to Builder

* Cleanup

* Update Comments

* Update `migrate.ts`

* Catch Unawaited Promises

* Remove Comments

* Update Tests

* Rename Migration

* Add `alwaysOnTop`

* Make `init` async

* Fix Desktop Build
2024-03-21 13:53:12 -04:00
Prithvi Reddy
cd5dc09d25
[PM-3316] Feature addition - Toggle Hardware Acceleration [Desktop] (#5968)
Added a toggle for disabling/enabling hardware acceleration on Desktop client.

Resolves #2615

---------

Co-authored-by: Hinton <hinton@users.noreply.github.com>
2024-03-21 14:43:29 +01:00
Daniel James Smith
123bee868c
Update locales used on browser, desktop and web (#8371)
Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2024-03-18 12:14:10 -04:00
Jared Snider
8fa1ef54bc
Revert "PM-5263 - TokenService needs to actually use secure storage (#8356)" (#8370)
This reverts commit ca8628880b.
2024-03-18 12:06:43 -04:00
Jared Snider
ca8628880b
PM-5263 - TokenService needs to actually use secure storage (#8356) 2024-03-15 21:05:23 +00:00
Jared Snider
161fb1da5d
Auth/PM-5263 - TokenService State Provider Migration (#7975)
* PM-5263 - Token Service state migration - (1) Got key and state definitions setup (2) Ported over core state service getTimeoutBasedStorageOptions method logic into local determineStorageLocation method (3) Updated majority of methods to use state provider state

* PM-5263 - StateSvc - add TODO to remove timeoutBasedStorageOptions + other state methods after migration code complete.

* PM-5263 - TokenSvc - ClearToken method - (1) Update signature to remove user id as it wasn't used and it simplifies the new state provider implementation (2) Convert away from state svc to state provider state.

* PM-5263 - TokenService - update deps - WIP on circular dep issues.

* PM-5263 -  To resolve circular dep issues between VaultTimeoutSettingsSvc and TokenService: (1) For writes, require callers to pass in vault timeout data (2) For reads, we can just check both locations. This approach has 1 less state call than the previous implementation and is safe as long as the clear logic properly works and is executed anytime a user changes their vault timeout action (lock or log out) & vault timeout (numeric value)

* PM-5263 - VaultTimeoutSettingsSvc - Set token calls now updated to include vault timeout info.

* PM-5263 - Update API Service - add state service and look up vault timeout details and pass to token service when setting token info.

* PM-5263 - TokenService - update service dependencies.

* PM-5263 - TokenService - Add new getAccessTokenByUserId method for state service use case.

* PM-5263 - StateSvc - remove migrated methods and try to replace all usages of getAccessToken. WIP

* PM-5263 - TokenSvc Migration - start on migrator

* PM-5263 - (1) TokenSvc - Build new clearAccessTokenByUserId which is required by state service (2) TokenSvc - Update getToken to take an optional userId to handle another state service case (3) Add some documentation to TokenSvc abstraction.

* PM-5263 - StateService - finish updating all calls within the state service which accessed token service state directly with calls to the new token service methods instead.

* PM-5263 - TokenSvc Abstraction - Add more docs

* PM-5263 - TokenSvc abstraction - more doc tweaks

* PM-5263 - Web state service - add new token service dependency.

* PM-5263  - User API Key Login Strategy - Update to pull vault timeout action and vault timeout from state service in order to pass to new token service endpoints for setting API key client id and secret.

* PM-5263  - (1) Remove TokenSvc owned state from account (2) StateSvc - remove account scaffold logic for clearing removed account data. The same functionality will exist in the state provider framework via lifecycle hooks cleaning up this data and users getting initialized with null data by default.

* PM-5263 - Add token service dependency to state service (WIP - desktop deps not working)

* PM-5263 - Update services module on desktop and browser to add token svc dependency

* PM-5263 - API service factory - add state service factory dependency that I missed initially to get browser building.

* PM-5263 - TokenSvc - getToken/setToken/decodeToken --> getAccessToken/setAccessToken/decodeAccessToken

* PM-5263 - TokenSvc State Provider Migrator - WIP - update expected acct type to match actual account

* PM-5263 - TokenService - clearToken renamed to clearTokens

* PM-5263 - CLI - NodeApiService - add state service dep to get CLI building.

* PM-5263 - StateDefinitions - use unique state definition names

* PM-5263 - StateSvc - remove getTimeoutBasedStorageOptions as no longer used.

* PM-5263 - TokenSvc - Add TODO for figuring out how to store tokens in secure storage.

* PM-5263 - StateSvc - remove get/set 2FA token - references migrated later.

* PM-5263 - TODO: figure out if using same key definition names is an issue

* PM-5263 - TokenServiceStateProviderMigrator written

* PM-5263 - TokenServiceStateProviderMigrator - (1) Don't update legacy account if we only added a new state in state provider for 2FA token (2) Use for loop for easier debugging

* PM-5263 - TokenServiceStateProviderMigrator test - WIP - migration testing mostly complete and passing. Rollback logic TODO.

* PM-5263 - TokenServiceStateProviderMigrator - Add rollback logic to restore 2FA token from users to global.

* PM-5263 - TokenServiceStateProviderMigrator - Refactor rollback to only set account once as not necessary to set it every time.

* PM-5263 - TokenServiceStateProviderMigrator tests - test all rollback scenarios

* PM-5263 - Remove TODO as don't need unique key def names as long as state def keys are unique.

* PM-5263 - TokenSvc - update clearAccessTokenByUserId to use proper state provider helper method to set state.

* PM-5263 - Revert accidentally committing settings.json changes.

* PM-5263 - TokenSvc - update all 2FA token methods to require email so we can user specifically scope 2FA tokens while still storing them in global storage.

* PM-5263 - Update all token service 2FA set / get / clear methods to pass in email.

* PM-5263  - JslibServices module - add missed login service to login strategy svc deps.

* PM-5263 - VaultTimeoutSettingsService - setVaultTimeoutOptions - rename token to accesToken for clarity.

* PM-5263 - (1) TokenSvc - remove getAccessTokenByUserId and force consumers to use getAccessToken w/ optional user id to keep interface small (2) TokenSvc - attempt to implement secure storage on platforms that support it for access & refresh token storage (3) StateSvc - replace usage of getAccessTokenByUserId with getAccessToken

* PM-5263 - TokenSvc - add platform utils and secure storage svc deps

* PM-5263 - TODO: figure out what to do with broken migration

* PM-5263 - TODO: update tests in light of latest 2FA token changes.

* PM-5263 - TokenSvc - clean up TODO

* PM-5263 - We should have tests for the token service.

* PM-5263 - TokenSvc - setAccessToken - If platform supports secure storage and we are saving an access token, remove the access token from memory and disk to fully migrate to secure storage.

* PM-5263 - TokenSvc - getAccessToken - Update logic to look at memory and disk first always and secure storage last to support the secure storage migration

* PM-5263 - TokenSvc - setAccesToken - if user id null on a secure storage supporting platform, throw error.

* PM-5263 - TokenService - (1) Refresh token now stored in secure storage (2) Refresh token set now private as we require a user id to store it in secure storage and we can use the setTokens method to enforce always setting the access token and refresh token together in order to extract a user id from the refresh token. (3) setTokens clientIdClientSecret param now optional

* PM-5263 - TokenServiceStateProviderMigrator - update migration to take global but user scoped 2FA token storage changes into account.

* PM-5263 - Remove old migration as it references state we are removing. Bump min version.

Co-authored-by: Matt Gibson <git@mgibson.dev>

* PM-5263 - TokenService - 2FA token methods now backed by global state record which maps email to individual tokens.

* PM-5263 - WIP on Token Svc migrator and test updates based on new 2FA token storage changes.

* PM-5263 - TokenSvc - (1) Add jira tickets to clean up state migration (2) Add state to track secure storage migration to improve # of reads to get data

* PM-5263 - StateDef - consolidate name of token domain state defs per feedback from Justin + update migration tests

* PM-5263 - TokenSvc - fix error message and add TODO

* PM-5263 - Update token service migration + tests to pass after all 2FA token changes.

* PM-5263 - Fix all login strategy tests which were failing due to token state provider changes + the addition of the loginService as a dependency in the base login strategy.

* PM-5263 - Register TokenService state provider migration with migrator

* PM-5263 - TokenSvc state migration - set tokens after initializing account

* PM-5263 - TokenService changes - WIP - convert from ActiveUserStateProvider to just SingleUserStateProvider to avoid future circ dependency issues.

Co-authored-by: Jake Fink <jlf0dev@users.noreply.github.com>

* PM-5263 - TokenSvc - create getSecureStorageOptions for centralizing all logic for getting data out of SecureStorage.

* PM-5263 - TokenSvc - (1) Refactor determineStorageLocation to also determine secure storage - created a TokenStorageLocation string enum to remove magic strings (2) Refactor setAccessToken to use switch (3) Refactor clearAccessTokenByUserId to clear all locations and not early return on secure storage b/c we only use secure storage if disk is the location but I don't want to require vault timeout data for this method.

* PM-5263 - TokenSvc - getDataFromSecureStorage - Refactor to be more generic for easier re-use

* PM-5263 - TokenSvc - Convert refresh token methods to use single user state and require user ids

* PM-5263 - VaultTimeoutSettingsSvc - get user id and pass to access and refresh token methods.

* PM-5263 - TokenSvc - refactor save secure storage logic into private helper.

* PM-5263 - Base Login Strategy - per discussion with Justin, move save of tokens to before account initialization as we can always derive the user id from the access token. This will ensure that the account is initialized with the proper authN status.

* PM-5263 - TokenSvc - latest refactor - update all methods to accept optional userId now as we can read active user id from global state provider without using activeUserStateProvider (thus, avoiding a circular dep and having to have every method accept in a mandatory user id).

* PM-5263 - VaultTimeoutSettingsService - remove user id from token calls

* PM-5263 - TokenSvc - update all places we instantiate token service to properly pass in new deps.

* PM-5263 - TokenSvc migration is now 27th instead of 23rd.

* PM-5263  - Browser - MainContextMenuHandler - Update service options to include PlatformUtilsServiceInitOptions as the TokenService requires that and the TokenService is now injected on the StateService

* PM-5263 - TokenSvc migration test - update rollback tests to start with correct current version

* PM-5263 - Create token service test file - WIP

* PM-5263 - TokenSvc - tests WIP - instantiates working.

* PM-5263 - TokenSvc - set2FAToken - use null coalesce to ensure record is instantiated for new users before setting data on it.

* PM-5263 - TokenService tests - WIP - 2FA token tests.

* PM-5263 - Worked with Justin to resolve desktop circular dependency issue by adding SUPPORTS_SECURE_STORAGE injection token instead of injecting PlatformUtilsService directly into TokenService.

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

* PM-5263 - TokenSvc tests - WIP - (1) Update TokenSvc instantiation to use new supportsSecureStorage (2) Test TwoFactorToken methods

* PM-5263 - Fix SUPPORTS_SECURE_STORAGE injection token to properly call supportsSecureStorage message

* PM-5263 - Token state testing

* PM-5263 - TokenState fix name of describe

* PM-5263 - TokenService - export TokenStorageLocation for use in tests.

* PM-5263 - TokenSvc Tests WIP

* PM-5263 - TokenSvc tests - access token logic mostly completed.

* PM-5263 - TokenSvc Tests - more WIP - finish testing access token methods.

* PM-5263 - TokenSvc WIP - another clear access token test.

* PM-5263 - TokenSvc tests - WIP - SetTokens tested.

* PM-5263 - Tweak test name

* PM-5263 - TokenSvc tests - remove unnecessary describe around 2FA token methods.

* PM-5263 - TokenSvc.clearAccessTokenByUserId renamed to just clearAccessToken

* PM-5263 - TokenSvc - refactor clearTokens logic and implement individual clear logic which doesn't require vault timeout setting information.

* PM-5263 - TokenSvc - Replace all places we have vaultTimeout: number with vaultTimeout: number | null to be accurate.

* PM-5263 - TokenSvc.clearTokens - add check for user id; throw if not found

* PM-5263 - TokenService - test clearTokens

* PM-5263 - TokenSvc Tests - setRefreshToken tested

* PM-5263 - TokenSvc tests - getRefreshToken tested + added a new getAccessToken test

* PM-5263 - TokenSvc - ClearRefreshToken scenarios tested.

* PM-5263 - TokenSvc.clearRefreshToken tests - fix copy pasta

* PM-5263 - TokenSvc tests - (1) Fix mistakes in refresh token testing (2) Test setClientId for all scenarios

* PM-5263 - TokenSvc tests - (1) Add some getClientId tests (2) clarify lack of awaits

* PM-5263 - TokenSvc Tests - WIP - getClientId && clearClientId

* PM-5263 - TokenService - getClientSecret - fix error message

* PM-5263 - TokenService tests - test all client secret methods

* PM-5263 - Update TokenSvc migration to 30th migration

* PM-5263 - TokenService - update all tests to initialize data to undefined now that fake state provider supports faking data based on specific key definitions.

* PM-5263 - (1) TokenSvc.decodeAccessToken - update static method's error handling (2) TokenSvc tests - test all decodeAccessToken scenarios

* PM-5263 - TokenSvc - (1) Add DecodedAccessToken type (2) Refactor getTokenExpirationDate logic to use new type and make proper type checks for numbers for exp claim values.

* PM-5263 - TokenSvc tests - test getTokenExpirationDate method.

* PM-5263 - TokenSvc - (1) Update DecodedAccessToken docs (2) Tweak naming in tokenSecondsRemaining

* PM-5263 - TokenSvc abstraction - add jsdoc for tokenSecondsRemaining

* PM-5263 - TokenSvc tests - test tokenSecondsRemaining

* PM-5263 - TokenSvc - DecodedAccessToken type - update sstamp info

* PM-5263 - TokenService - fix flaky tokenSecondsRemaining tests by locking time

* PM-5263 - TokenSvc Tests - Test tokenNeedsRefresh

* PM-5263 - (1) TokenSvc - Refactor getUserId to add extra safety (2) TokenSvc tests - test getUserId

* PM-5263  - (1) TokenSvc - refactor getUserIdFromAccessToken to handle decoding errors (2) TokenSvc tests - test getUserIdFromAccessToken

* PM-5263 - (1) TokenSvc - Refactor getEmail to handle decoding errors + check for specific, expected type (2) TokenSvc tests - test getEmail

* PM-5263 - TokenSvc tests - clean up comment

* PM-5263 - (1) TokenSvc - getEmailVerified - refactor (2) TokenSvc tests - add getEmailVerified tests

* PM-5263  - (1) TokenSvc - refactor getName (2) TokenSvc tests - test getName

* PM-5263 - (1) TokenSvc - refactor getIssuer (2) TokenSvc tests - test getIssuer

* PM-5263 - TokenSvc - remove unnecessary "as type" statements now that we have a decoded access token type

* PM-5263  - (1) TokenSvc - refactor getIsExternal (2) TokenSvc Tests - test getIsExternal

* PM-5263  - TokenSvc abstraction - tune up rest of docs.

* PM-5263 - TokenSvc - clean up promise<any> and replace with promise<void>

* PM-5263 - TokenSvc abstraction - more docs.

* PM-5263  - Clean up TODO as I've tested every method in token svc.

* PM-5263 - (1) Extract JWT decode logic into auth owned utility function out of the token service (2) Update TokenService decode logic to use new utility function (3) Update LastPassDirectImportService + vault.ts to use new utility function and remove token service dependency.  (4) Update tests + migrate tests to new utility test file.

* PM-5263 - Rename decodeJwtTokenToJson to decode-jwt-token-to-json to meet lint rules excluding capitals

* PM-5263 - TokenSvc + tests - fix all get methods to return undefined like they did before instead of throwing an error if a user id isn't provided.

* PM-5263 - Services.module - add missing token service dep

* PM-5263 - Update token svc migrations to be 32nd migration

* PM-5263 - Popup - Services.module - Remove token service as it no longer requires a background service due to the migration to state provider. The service definition in jslib-services module is enough.

* PM-5263 - BaseLoginStrategy - Extract email out of getTwoFactorToken method call for easier debugging.

* PM-5263 - Login Comp - Set email into memory on login service so that base login strategy can access user email for looking up 2FA token stored in global state.

* PM-5263 - (1) LoginComp - remove loginSvc.setEmail call as no longer necessary + introduced issues w/ popup and background in browser extension (2) AuthReq & Password login strategies now just pass in email to buildTwoFactor method.

* PM-5263 - SsoLoginSvc + abstraction - Add key definition and get/set methods for saving user email in session storage so it persists across the SSO redirect.

* PM-5263 - Base Login Strategy - BuildTwoFactor - only try to get 2FA token if we have an email to look up their token

* PM-5263 - Remove LoginService dependency from LoginStrategyService

* PM-5263 - (1) Save off user email when they click enterprise SSO on all clients in login comp (2) Retrieve it and pass it into login strategy in SSO comp

* PM-5263 - (1) TokenSvc - update 2FA token methods to be more safe in case user removes record from local storage (2) Add test cases + missing clearTwoFactorToken tests

* PM-5263 - Browser SSO login - save user email for browser SSO process

* PM-5263 - Finish removing login service from login strategy tests.

* PM-5263 - More removals of the login service from the login strategy tests.

* PM-5263 - Main.ts - platformUtilsSvc no longer used in TokenSvc so remove it from desktop main.ts

* PM-5263 - Fix failing login strategy service tests

* PM-5263 - Bump token svc migration values to migration 35 after merging in main

* PM-5263 - Bump token svc migration version

* PM-5263 - TokenService.clearTwoFactorToken - use delete instead of setting values to null per discussion with Justin

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

* PM-5263 - TokenSvc + decode JWT token tests - anonymize my information

Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>

* PM-5263 - TokenSvc tests - update clear token tests based on actual deletion

* PM-5263 - Add docs per PR feedback

* PM-5263 - (1) Move ownership of clearing two factor token on rejection from server to base login strategy (2) Each login strategy that supports remember 2FA logic now persists user entered email in its data (3) Base login strategy processTwoFactorResponse now clears 2FA token (4) Updated base login strategy tests to affirm the clearing of the 2FA token

* Update libs/auth/src/common/login-strategies/login.strategy.ts

Co-authored-by: Jake Fink <jfink@bitwarden.com>

* Update libs/auth/src/common/login-strategies/password-login.strategy.ts

Co-authored-by: Jake Fink <jfink@bitwarden.com>

* PM-5263 - Login Strategy - per PR feedback, add jsdoc comments to each method I've touched for this PR.

* PM-5263 - (1) TokenSvc - adjust setTokens, setAccessToken, setRefreshToken, and clearRefreshToken based on PR feedback to remove optional user ids where possible and improve public interface (2) TokenSvc Abstraction - update docs and abstractions based on removed user ids and changed logic (3) TokenSvc tests - update tests to add new test cases, remove no longer relevant ones, and update test names.

* PM-5263 - Bump migrations again

---------

Co-authored-by: Matt Gibson <git@mgibson.dev>
Co-authored-by: Jake Fink <jlf0dev@users.noreply.github.com>
Co-authored-by: Justin Baur <19896123+justindbaur@users.noreply.github.com>
Co-authored-by: Jake Fink <jfink@bitwarden.com>
2024-03-15 11:50:04 -04:00
Justin Baur
e6fe0d1d13
[PM-5539] Migrate ThemingService (#8219)
* Update ThemingService

* Finish ThemingService

* Lint

* More Tests & Docs

* Refactor to ThemeStateService

* Rename File

* Fix Import

* Remove `type` added to imports

* Update InitServices

* Fix Test

* Remove Unreferenced Code

* Remove Unneeded Null Check

* Add Ticket Link

* Add Back THEMING_DISK

* Fix Desktop

* Create SYSTEM_THEME_OBSERVABLE

* Fix Browser Injection

* Update Desktop Manual Access

* Fix Default Theme

* Update Test
2024-03-13 15:25:39 +00:00
Matt Gibson
f4150ffda6
[PM-6511] New i18n for angular (#8122)
* Use state provider to store preferred language

* migrate preferred language

* Use new i18n provider to get LOCAL_ID

* Fix preloaded english i18n

This is a mock service that forces english translations, it doesn't need the i18n interface that allows changing of locales.

* PR improvements

* Fixup merge
2024-03-11 13:59:19 -04:00
Matt Gibson
5677d6265e
Ps/pm 5537/move biometric unlock to state providers (#8099)
* Establish biometric unlock enabled in state providers

* Use biometric state service for biometric state values

* Migrate biometricUnlock

* Fixup Dependencies

* linter and import fixes

* Fix injection

* Fix merge

* Use boolean constructor as mapper

* Conform to documented test naming conventions

* Commit documentation suggestion

Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>

* Fix merge commit

* Fix test names

---------

Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
2024-03-01 10:17:06 -05:00
Daniel García
29a26266e5
Remove extra parameters in biometrics constructors (#8140) 2024-02-28 18:13:48 +01:00
Daniel García
996823169a
[PM-6419] Change desktop argon implementation for Node (#8048)
* Fix desktop argon2

* Don't remove wasm loading in renderer

* Fix electron-builder not including dependency
2024-02-26 17:31:09 -05:00
Matt Gibson
9775e77079
[PM-5537] Migrate Biometric Prompts (#7771)
* Fix nextMock arguments

* Add state for biometric prompts

* Use biometric state for prompts

* Migrate biometric prompt data

* wire up biometric state to logouts

* Add migrator to migrate list

* Remove usages of prompt automatically

Explicitly list non-nulled state as intentional

* `npm run prettier` 🤖

* Fix web lock component
2024-02-23 09:21:18 -05:00
Jake Fink
19a373d87e
[PM-6211] Create key generation service (#7939)
* create key generation service

* replace old key generation service and add references

* use key generation service in key connector service

* use key generation service in send service

* user key generation service in access service

* use key generation service in device trust service

* fix tests

* fix browser

* add createKeyFromMaterial and tests

* create ephemeral key

* fix tests

* rename method and add returns docs

* ignore material in destructure

* modify test

* specify material as key material

* pull out magic strings to properties

* make salt optional and generate if not provided

* fix test

* fix parameters

* update docs to include link to HKDF rfc
2024-02-23 08:48:15 -05:00
Matt Gibson
c8c1ed42ba
[PM-5537] Remove Unecessary Biometric State (#7762)
* Create state for biometric client key halves

* Move enc string util to central utils

* Provide biometric state through service

* Use biometric state to track client key half

* Create migration for client key half

* Ensure client key half is removed on logout

* Remove account data for client key half

* Remove unnecessary key definition likes

* Remove moved state from account

* Fix null-conditional operator failure

* Simplify migration

* Remove lame test

* Fix test type

* Add migrator

* Remove state that is never read.

* Remove unnecessary biometric state

We don't need to determine platform in desktop background, it can be done in the UI at any time.

* Fix merge

* Use platform utils to identify OS desktop type
2024-02-15 15:29:29 -05:00
Daniel García
4be25e3df3
[PM-3756] Disable node integration and enable context isolation in desktop (#6975)
* Disable node integration and enable context isolation

* Review comments

* Log in renderer through IPC

* Missed imports

* Mock electron API

* resourcesPath is undefined in the preload, but process.windowsStore works correctly

* Replace fromBufferToUtf8 conditional implementation for the `buffer` package

The current non-node implementation is different than the node implementation,
as the non-node would break when the contents can't be parsed as a URI component.
Replacing the impl by the `buffer` package makes the result match in both environments.

* Fix lint

* Add some more tests

* Remove buffer from devDependencies
2024-02-08 18:00:19 +01:00
Matt Gibson
2ca34b46db
[PM-5537] Persist require password on startup through logout (#7825)
* Persist require password on startup through logout

* Test new methods
2024-02-07 10:39:54 -05:00
Matt Gibson
414ee2563f
[PM-5537] Biometric State Service (#7761)
* Create state for biometric client key halves

* Move enc string util to central utils

* Provide biometric state through service

* Use biometric state to track client key half

* Create migration for client key half

* Ensure client key half is removed on logout

* Remove account data for client key half

* Remove unnecessary key definition likes

* Remove moved state from account

* Fix null-conditional operator failure

* Simplify migration

* Remove lame test

* Fix test type

* Add migrator

* Prefer userKey when legacy not needed

* Fix tests
2024-02-05 13:02:28 -05:00
Will Martin
cb8849c355
Add eslint rule no-floating-promises (#7789)
* add eslint rule no-floating-promises

* add eslint-disable comment to offending lines
2024-02-02 15:13:37 -05:00
Daniel James Smith
53be4946de
[PM-5717] Fix calling methods on undefined in biometrics service (#7559)
* Fix calling init() on undefined in biometrics.service.ts

* Add guard on osSupportsBiometric

* Create NoopBiometricsService instead of method guards

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
2024-01-26 16:15:28 +00:00
Matt Gibson
160a636fa0
Move key types to central location (#7531) 2024-01-17 07:27:44 -05:00