1
0
mirror of https://github.com/bitwarden/browser.git synced 2025-01-10 19:38:11 +01:00
The browser extension vault (Chrome, Firefox, Opera, Edge, Safari, & more).
Go to file
Jared Snider 3a0603a837
Auth/PM-2041 - Finish adding FIDO2 Authentication + Decryption to Web Client (#6798)
* PM-2041 - (1) Bring over WebauthnApiService + required models from existing #5493 PR (2) Per discussion with Andreas, remove unnecessary methods from WebauthnApiService

* PM-2041 - Rename responses folder to response to match rest of codebase

* PM-2041 - Recreate  BaseLoginViaWebAuthnComponent and then web implementation of it.

* PM-2041 - Web routing module - add LoginViaWebAuthnComponent and associated route "login-with-passkey"

* PM-2041 - InjectionTokens - add new navigator credentials injection token which provides the CredentialsContainer interface of the Credential Management API and exposes methods to request credentials and notify the user agent when events such as successful sign in or sign out happen

* PM-2041 - Rename WebauthnApiService & abstraction to WebAuthnLoginApiService

* PM-2041 - Rename WebauthnLoginApiService to WebAuthnAdminApiService

* PM-2041 - Bring over first draft of webauthn-login.service + abstraction; register on jslib-services.module.

* PM-2041 - Bring over web & base login component changes to add login with passkey button if feature flag enabled.

* PM-2041 - WebAuthnAdminApi - update list of TODOs based on conversation with Andreas

* PM-2041 - Login.module - cleanup todo after conversation w/ Andreas

* PM-2041 - Move utils out of web and into common auth/utils and renamed to webauthn-utils

* PM-2041 - Update userDecryptionOptions to support new webauthn prf decryption option

* PM-2041 - (1) Recreate webauthn-login service with updated logic (2) Move files from webauthn to webauthn-login (3) Recreate webauthn-login.strategy with updated logic

* PM-2041 - Remove completed TODO

* PM-2041 - Fix login-via-webauthn component imports + fix name (missing n)

* PM-2041 - Missed this change when renaming LoginViaWebAuthComponent to LoginViaWebAuthnComponent

* PM-2041 - Add WebAuthnLoginApiService to jslib-services.module

* PM-2041 - Remove unused param from WebAuthnLoginApiServiceAbstraction as we aren't supporting non-discoverable passkeys for MVP

* PM-2041 - WebAuthnLoginApiService - remove email and target correct endpoint for getCredentialAssertionOptions(...) call

* PM-2041 - WebAuthnLoginStrategy - (1) Remove unused dep (2) Add safeguard checks to setUserKey(...) logic similar to SSO login strategy

* PM-2041 - BaseLoginViaWebAuthnComponent - Rewrite authenticate logic to use new methods on webAuthnLoginService

* PM-2041 - UserDecryptionOptionsResponse - update naming of webAuthn options object to match server response

* PM-2041 - WebAuthnLoginAssertionResponseRequest - (1) clean up TODO (2) Fix response property name to match server

* PM-2041 - WebAuthnTokenRequest - must stringify device response b/c sending as form data

* PM-2041 - AuthService - Add WebAuthnLoginCredentials and WebAuthnLoginStrategy support to auth service

* PM-2041 - WIP tests for WebAuthnLoginService

* PM-2041 - UserDecryptionOptions - Rename WebAuthnPrfOptions to singular WebAuthnPrfOption to match server

* PM-2041 - Add TODO in login comp

* PM-2041 - (1) Update WebAuthnLoginService.assertCredential(...) to add a check to ensure we cannot leak PRF credentials to the BW server by mistake (2) Add credential to view names for clarity (3) Add JS doc style comments to WebAuthnLoginServiceAbstraction

* PM-2041 - Login.component.html - (1) Center passkey login button (2) Use correct user passkey icon

* PM-2041 - Utils + tests - (1) Add new hexStringToArrayBuffer(...) method (2) Add tests for existing fromBufferToHex(...) (3) Add tests for new hexStringToArrayBuffer(...) method

* PM-2041 - Fix broken import

* PM-2041 - WebAuthnLoginResponseRequest - Adjust warning to be correct

* PM-2041 - Webauthn-utils - createSymmetricKeyFromPrf(...) - add return type

* PM-2041 - WebAuthnLoginService spec file - good progress on figuring out how to test passkey assertion process. Tests are passing, but need to add more setup logic around the MockAuthenticatorAssertionResponse in order to be able to confirm the output is correct.

* PM-2041 - Utils + Utils Spec file changes - (1) Add new fromB64ToArrayBuffer(...) method (2) Add tests for existing fromBufferToB64(...) (3) Add tests for new fromB64ToArrayBuffer(...) method (4) Add round trip conversion tests in both directions

* PM-2041 - Utils.spec - update round trip conversion tests between hex string and array buffer.

* PM-2041 - WebAuthnLoginService.spec - assertCredential(...) happy path test passing

* PM-2041 - WebAuthnLoginAssertionResponseRequest - Add interface

* PM-2041 - WebAuthnLoginAssertionResponseRequest data should be UrlB64 strings per discussion w/ Andreas

* PM-2041 - WebAuthnLoginService Spec file - Per feedback, reverse approaches to generating test data (go from array buffer to b64 strings vs the reverse) to avoid using math.random which can introduce test inconsistency

* PM-2041 - Finish testing assertCredential(...)

* PM-2041 - WebAuthnLoginService tests completed - tested logIn method

* PM-2041 - Login html - add "or" between standard email login and passkey login

* PM-2041 - WebAuthnLoginStrategy test start

* PM-2041 - After rebase - BaseLoginViaWebAuthnComponent - Must rename ForceResetPasswordReason to ForceSetPasswordReason + refactor post login routing logic to match other auth owned flows.

* PM-2401 - Desktop - login comp - fix desktop build

* PM-2041 - Browser - login comp - fix build issue

* PM-2401 - WIP on webauthn-login.strategy testing

* PM-2401 - Finish testing webauthn login strategy

* PM-2041 - WebAuthnAdminApiService renamed to WebAuthnLoginAdminApiService

* PM-2041 - Remove unnecessary comment

* PM-2041 - Per PR feedback, remove noMargin and just add mb-3

* PM-2041 - Per PR feedback, remove unused 2FA and remember email logic (2FA isn't supported right now and we aren't using non-discoverable credentials so we aren't using a user entered email)

* PM-2401 - BaseLoginViaWebAuthnComponent - improve error handling to allow users to retry w/ another passkey

* PM-2401 - Per PR feedback, provide translated message to cover all invalid passkey scenarios.

* PM-2401 - WebAuthnLoginService - per PR feedback, remove unnecessary from

* PM-2041 - WebAuthnLoginCredentialAssertionView - per PR feedback, use actual key type

* PM-2401 - Per PR feedback, remove WebAuthnLoginStrategy constructor as it is identical to its super class constructor

* PM-2041 - WebAuthnLoginService tests - use first value from to improve tests

* PM-2401 - Fix WebAuthnLoginService build issue after changing SymmetricCryptoKey to PrfKey

* PM-2041 - WebAuthnLoginServiceAbstraction remove incorrect undefined from getCredentialAssertionOptions() abstraction

* PM-2041 - Refacor WebAuthn login service tests based on PR feedback

* PM-2041 - Per PR feedback, remove NAVIGATOR_CREDENTIALS injection token and just use WINDOW directly for WebAuthnLoginService

* PM-2041 - WebAuthnLoginServiceAbstraction - per PR feedback, improve assertCredential jsdocs with return info

* PM-2041 - Per PR feedback, update WebAuthnLoginStrategy logInTwoFactor(...) to return an exception if attempted to be called.

* PM-2041 - WebAuthnLoginResponseRequest - per PR feedback, replace fromBufferToB64(...) with fromBufferToUrlB64(...)

* PM-2041 - AssertionOptionsResponse - use doc comment per PR feedback

* PM-2041 - Per PR feedback, adjust location of helpers and mocks in WebAuthnLoginStrategy test file

* PM-2041 - Adjust WebAuthnLoginService tests to take the WebAuthnLoginResponseRequest change to use fromBufferToUrlB64(...) into account to get tests to pass again

* PM-2041 - WebAuthnLoginStrategy - adjust test name to match convention per PR feedback

* PM-2041 - More test tweaks - (1) Rename method (2) Support strict

* PM-2041 - Per PR feedback, AssertionOptionsResponse constructor should null check allowCredentials b/c it is optional

* PM-2041 - Per PR Feedback, remove duplicated fromB64ToArrayBuffer(...) from utils and update tests.

* PM-2041 - Per PR feedback, rename WebAuthnTokenRequest to WebAuthnLoginTokenRequest

* PM-2041 - Per discussion with product and Andreas, add 2FA transition handling just in case we add server support in the future.

* feat: stretch PRF key (#6927)

* feat: stretch PRF key

includes necessary utils -> service refactors

* feat: add tests

* [PM-2041] feat: assertion-options `POST` -> `GET`

* [PM-2041] chore: remove unused properties

* [PM-2041] fix: set private key

* [PM-2041] feat: remove all 2FA related fields

* [PM-2041] chore: clean up 2FA comments

* [PM-2041] chore: document `webauthn-login-prf-crypto.service.abstraction.ts`

* [PM-2041] chore: document webauthn login services

---------

Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com>
2023-11-22 13:24:33 -05:00
.codescene disable code duplication check in unit tests (#6773) 2023-11-06 15:48:34 -05:00
.github Remove AST action and replace with NuGet install command (#6942) 2023-11-21 15:21:56 -07:00
.husky Make husky hook executable (#2900) 2022-06-14 07:26:50 +02:00
.storybook [CL-141] Custom storybook theme (#5569) 2023-11-16 08:24:22 -06:00
.vscode [CL-120] add CL i18n entries to desktop and browser (#6073) 2023-08-21 09:01:13 -04:00
apps Auth/PM-2041 - Finish adding FIDO2 Authentication + Decryption to Web Client (#6798) 2023-11-22 13:24:33 -05:00
bitwarden_license [AC-1806] Hide Teams Starter for MSP creating client org (#6835) 2023-11-10 09:31:48 -05:00
libs Auth/PM-2041 - Finish adding FIDO2 Authentication + Decryption to Web Client (#6798) 2023-11-22 13:24:33 -05:00
patches Make Argon2 WebAssembly module unload after use (#5072) 2023-07-03 07:12:42 -05:00
scripts Return error code when any tsc typecheck fails (#5459) 2023-05-16 09:20:40 -05:00
.editorconfig Add support for migrated jslib (#2826) 2022-06-03 18:01:07 +02:00
.eslintignore Return error code when any tsc typecheck fails (#5459) 2023-05-16 09:20:40 -05:00
.eslintrc.json Add State Provider Framework (#6640) 2023-11-09 17:06:42 -05:00
.git-blame-ignore-revs Add support for migrated jslib (#2826) 2022-06-03 18:01:07 +02:00
.gitattributes Apply Prettier (#2238) 2021-12-21 15:43:35 +01:00
.gitignore Noop notifications for dev (#6671) 2023-10-24 15:18:23 +02:00
.nvmrc [PM-358] Bump electron to 24 and node to 18 (#5205) 2023-05-01 11:09:24 +02:00
.prettierignore Auth/ps 2298 reorg auth (#4564) 2023-02-06 15:53:37 -06:00
.prettierrc.json Update CL documentation (#5379) 2023-05-08 14:46:59 +02:00
angular.json [PM-2276] Upgrade Storybook to v7 (#5258) 2023-05-26 15:58:06 +02:00
clients.code-workspace Override eslint config for vscode workspace (#4566) 2023-01-26 14:26:21 +01:00
CONTRIBUTING.md Update README and CONTRIBUTING to point to contributing.bitwarden.com (#2771) 2022-06-13 17:34:07 +10:00
jest.config.js [PM-3587] create @bitwarden/vault lib (#6083) 2023-08-22 10:02:48 -04:00
LICENSE_BITWARDEN.txt Update LICENSE_BITWARDEN.txt (#3505) 2022-09-13 09:04:36 -04:00
LICENSE_GPL.txt Prepare bitwarden_license directory (#2663) 2022-05-09 17:50:15 +02:00
LICENSE.txt Prepare bitwarden_license directory (#2663) 2022-05-09 17:50:15 +02:00
package-lock.json [PM-4229] Autofill Overlay MVP (#6507) 2023-11-20 18:34:04 +00:00
package.json [PM-4893] Pin Autofill Overlay Dependencies (#6930) 2023-11-21 07:49:37 -06:00
README.md Remove migration details from the readme (#4780) 2023-02-16 16:11:38 +01:00
SECURITY.md Revise language on SECURITY.md 2022-03-15 15:39:14 -04:00
tailwind.config.js [PM-3587] create @bitwarden/vault lib (#6083) 2023-08-22 10:02:48 -04:00
tsconfig.eslint.json [PM-4222] Make importer UI reusable (#6504) 2023-10-19 11:17:23 +02:00
tsconfig.json Ps/pm 2910/add browser storage services (#6849) 2023-11-21 16:35:37 -05:00

Bitwarden

Github Workflow browser build on master Github Workflow CLI build on master Github Workflow desktop build on master Github Workflow web build on master gitter chat


Bitwarden Client Applications

This repository houses all Bitwarden client applications except the Mobile application.

Please refer to the Clients section of the Contributing Documentation for build instructions, recommended tooling, code style tips, and lots of other great information to get you started.

We're Hiring!

Interested in contributing in a big way? Consider joining our team! We're hiring for many positions. Please take a look at our Careers page to see what opportunities are currently open as well as what it's like to work at Bitwarden.

Contribute

Code contributions are welcome! Please commit any pull requests against the master branch. Learn more about how to contribute by reading the Contributing Guidelines. Check out the Contributing Documentation for how to get started with your first contribution.

Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the SECURITY.md file.