2022-11-01 11:25:46 +01:00
|
|
|
import { firstValueFrom } from "rxjs";
|
|
|
|
|
2022-09-23 21:47:17 +02:00
|
|
|
import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";
|
[AC-1011] Admin Console / Billing code ownership (#4973)
* refactor: move SCIM component to admin-console, refs EC-1011
* refactor: move scimProviderType to admin-console, refs EC-1011
* refactor: move scim-config.api to admin-console, refs EC-1011
* refactor: create models folder and nest existing api contents, refs EC-1011
* refactor: move scim-config to admin-console models, refs EC-1011
* refactor: move billing.component to billing, refs EC-1011
* refactor: remove nested app folder from new billing structure, refs EC-1011
* refactor: move organizations/billing to billing, refs EC-1011
* refactor: move add-credit and adjust-payment to billing/settings, refs EC-1011
* refactor: billing history/sync to billing, refs EC-1011
* refactor: move org plans, payment/method to billing/settings, refs EC-1011
* fix: update legacy file paths for payment-method and tax-info, refs EC-1011
* fix: update imports for scim component, refs EC-1011
* refactor: move subscription and tax-info into billing, refs EC-1011
* refactor: move user-subscription to billing, refs EC-1011
* refactor: move images/cards to billing and update base path, refs EC-1011
* refactor: move payment-method, plan subscription, and plan to billing, refs EC-1011
* refactor: move transaction-type to billing, refs EC-1011
* refactor: move billing-sync-config to billing, refs EC-1011
* refactor: move billing-sync and bit-pay-invoice request to billing, refs EC-1011
* refactor: move org subscription and tax info update requests to billing, refs EC-1011
* fix: broken paths to billing, refs EC-1011
* refactor: move payment request to billing, refs EC-1011
* fix: update remaining imports for payment-request, refs EC-1011
* refactor: move tax-info-update to billing, refs EC-1011
* refactor: move billing-payment, billing-history, and billing responses to billing, refs EC-1011
* refactor: move organization-subscription-responset to billing, refs EC-1011
* refactor: move payment and plan responses to billing, refs EC-1011
* refactor: move subscription response to billing ,refs EC-1011
* refactor: move tax info and rate responses to billing, refs EC-1011
* fix: update remaining path to base response for tax-rate response, refs EC-1011
* refactor: (browser) move organization-service to admin-console, refs EC-1011
* refactor: (browser) move organizaiton-service to admin-console, refs EC-1011
* refactor: (cli) move share command to admin-console, refs EC-1011
* refactor: move organization-collect request model to admin-console, refs EC-1011
* refactor: (web) move organization, collection/user responses to admin-console, refs EC-1011
* refactor: (cli) move selection-read-only to admin-console, refs EC-1011
* refactor: (desktop) move organization-filter to admin-console, refs EC-1011
* refactor: (web) move organization-switcher to admin-console, refs EC-1011
* refactor: (web) move access-selector to admin-console, refs EC-1011
* refactor: (web) move create folder to admin-console, refs EC-1011
* refactor: (web) move org guards folder to admin-console, refs EC-1011
* refactor: (web) move org layout to admin-console, refs EC-1011
* refactor: move manage collections to admin console, refs EC-1011
* refactor: (web) move collection-dialog to admin-console, refs EC-1011
* refactor: (web) move entity users/events and events component to admin-console, refs EC-1011
* refactor: (web) move groups/group-add-edit to admin-console, refs EC-1011
* refactor: (web) move manage, org-manage module, and user-confirm to admin-console, refs EC-1011
* refactor: (web) move people to admin-console, refs EC-1011
* refactor: (web) move reset-password to admin-console, refs EC-1011
* refactor: (web) move organization-routing and module to admin-console, refs EC-1011
* refactor: move admin-console and billing within app scope, refs EC-1011
* fix: update leftover merge conflicts, refs EC-1011
* refactor: (web) member-dialog to admin-console, refs EC-1011
* refactor: (web) move policies to admin-console, refs EC-1011
* refactor: (web) move reporting to admin-console, refs EC-1011
* refactor: (web) move settings to admin-console, refs EC-1011
* refactor: (web) move sponsorships to admin-console, refs EC-1011
* refactor: (web) move tools to admin-console, refs EC-1011
* refactor: (web) move users to admin-console, refs EC-1011
* refactor: (web) move collections to admin-console, refs EC-1011
* refactor: (web) move create-organization to admin-console, refs EC-1011
* refactor: (web) move licensed components to admin-console, refs EC-1011
* refactor: (web) move bit organization modules to admin-console, refs EC-1011
* fix: update leftover import statements for organizations.module, refs EC-1011
* refactor: (web) move personal vault and max timeout to admin-console, refs EC-1011
* refactor: (web) move providers to admin-console, refs EC-1011
* refactor: (libs) move organization service to admin-console, refs EC-1011
* refactor: (libs) move profile org/provider responses and other misc org responses to admin-console, refs EC-1011
* refactor: (libs) move provider request and selectionion-read-only request to admin-console, refs EC-1011
* fix: update missed import path for provider-user-update request, refs EC-1011
* refactor: (libs) move abstractions to admin-console, refs EC-1011
* refactor: (libs) move org/provider enums to admin-console, refs EC-1011
* fix: update downstream import statements from libs changes, refs EC-1011
* refactor: (libs) move data files to admin-console, refs EC-1011
* refactor: (libs) move domain to admin-console, refs EC-1011
* refactor: (libs) move request objects to admin-console, refs EC-1011
* fix: update downstream import changes from libs, refs EC-1011
* refactor: move leftover provider files to admin-console, refs EC-1011
* refactor: (browser) move group policy environment to admin-console, refs EC-1011
* fix: (browser) update downstream import statements, refs EC-1011
* fix: (desktop) update downstream libs moves, refs EC-1011
* fix: (cli) update downstream import changes from libs, refs EC-1011
* refactor: move org-auth related files to admin-console, refs EC-1011
* refactor: (libs) move request objects to admin-console, refs EC-1011
* refactor: move persmissions to admin-console, refs EC-1011
* refactor: move sponsored families to admin-console and fix libs changes, refs EC-1011
* refactor: move collections to admin-console, refs EC-1011
* refactor: move spec file back to spec scope, refs EC-1011
* fix: update downstream imports due to libs changes, refs EC-1011
* fix: udpate downstream import changes due to libs, refs EC-1011
* fix: update downstream imports due to libs changes, refs EC-1011
* fix: update downstream imports from libs changes, refs EC-1011
* fix: update path malformation in jslib-services.module, refs EC-1011
* fix: lint errors from improper casing, refs AC-1011
* fix: update downstream filename changes, refs AC-1011
* fix: (cli) update downstream filename changes, refs AC-1011
* fix: (desktop) update downstream filename changes, refs AC-1011
* fix: (browser) update downstream filename changes, refs AC-1011
* fix: lint errors, refs AC-1011
* fix: prettier, refs AC-1011
* fix: lint fixes for import order, refs AC-1011
* fix: update import path for provider user type, refs AC-1011
* fix: update new codes import paths for admin console structure, refs AC-1011
* fix: lint/prettier, refs AC-1011
* fix: update layout stories path, refs AC-1011
* fix: update comoponents card icons base variable in styles, refs AC-1011
* fix: update provider service path in permissions guard spec, refs AC-1011
* fix: update provider permission guard path, refs AC-1011
* fix: remove unecessary TODO for shared index export statement, refs AC-1011
* refactor: move browser-organization service and cli organization-user response out of admin-console, refs AC-1011
* refactor: move web/browser/desktop collections component to vault domain, refs AC-1011
* refactor: move organization.module out of admin-console scope, refs AC-1011
* fix: prettier, refs AC-1011
* refactor: move organizations-api-key.request out of admin-console scope, refs AC-1011
2023-03-22 16:03:50 +01:00
|
|
|
import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
|
2023-04-06 03:34:23 +02:00
|
|
|
import { PolicyType } from "@bitwarden/common/admin-console/enums";
|
2023-02-06 22:53:37 +01:00
|
|
|
import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
|
|
|
|
import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
|
2023-03-10 21:39:46 +01:00
|
|
|
import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
|
2023-01-31 22:08:37 +01:00
|
|
|
import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
|
|
|
|
import { CipherType } from "@bitwarden/common/vault/enums/cipher-type";
|
|
|
|
import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
|
|
|
|
import { LoginUriView } from "@bitwarden/common/vault/models/view/login-uri.view";
|
|
|
|
import { LoginView } from "@bitwarden/common/vault/models/view/login.view";
|
2022-09-23 21:47:17 +02:00
|
|
|
|
2022-11-24 15:05:45 +01:00
|
|
|
import { DecryptedCommandData } from "../models/native-messaging/decrypted-command-data";
|
|
|
|
import { CredentialCreatePayload } from "../models/native-messaging/encrypted-message-payloads/credential-create-payload";
|
|
|
|
import { CredentialRetrievePayload } from "../models/native-messaging/encrypted-message-payloads/credential-retrieve-payload";
|
|
|
|
import { CredentialUpdatePayload } from "../models/native-messaging/encrypted-message-payloads/credential-update-payload";
|
|
|
|
import { PasswordGeneratePayload } from "../models/native-messaging/encrypted-message-payloads/password-generate-payload";
|
|
|
|
import { AccountStatusResponse } from "../models/native-messaging/encrypted-message-responses/account-status-response";
|
|
|
|
import { CipherResponse } from "../models/native-messaging/encrypted-message-responses/cipher-response";
|
|
|
|
import { EncyptedMessageResponse } from "../models/native-messaging/encrypted-message-responses/encrypted-message-response";
|
|
|
|
import { FailureStatusResponse } from "../models/native-messaging/encrypted-message-responses/failure-status-response";
|
|
|
|
import { GenerateResponse } from "../models/native-messaging/encrypted-message-responses/generate-response";
|
|
|
|
import { SuccessStatusResponse } from "../models/native-messaging/encrypted-message-responses/success-status-response";
|
|
|
|
import { UserStatusErrorResponse } from "../models/native-messaging/encrypted-message-responses/user-status-error-response";
|
2022-09-23 21:47:17 +02:00
|
|
|
|
2023-04-18 15:09:47 +02:00
|
|
|
import { ElectronStateService } from "./electron-state.service";
|
2022-09-23 21:47:17 +02:00
|
|
|
|
|
|
|
export class EncryptedMessageHandlerService {
|
|
|
|
constructor(
|
2023-04-18 15:09:47 +02:00
|
|
|
private stateService: ElectronStateService,
|
2022-09-23 21:47:17 +02:00
|
|
|
private authService: AuthService,
|
|
|
|
private cipherService: CipherService,
|
|
|
|
private policyService: PolicyService,
|
|
|
|
private messagingService: MessagingService,
|
2023-03-10 21:39:46 +01:00
|
|
|
private passwordGenerationService: PasswordGenerationServiceAbstraction
|
2022-09-23 21:47:17 +02:00
|
|
|
) {}
|
|
|
|
|
|
|
|
async responseDataForCommand(
|
|
|
|
commandData: DecryptedCommandData
|
|
|
|
): Promise<EncyptedMessageResponse> {
|
|
|
|
const { command, payload } = commandData;
|
|
|
|
switch (command) {
|
|
|
|
case "bw-status": {
|
|
|
|
return await this.statusCommandHandler();
|
|
|
|
}
|
|
|
|
case "bw-credential-retrieval": {
|
|
|
|
return await this.credentialretreivalCommandHandler(payload as CredentialRetrievePayload);
|
|
|
|
}
|
|
|
|
case "bw-credential-create": {
|
|
|
|
return await this.credentialCreateCommandHandler(payload as CredentialCreatePayload);
|
|
|
|
}
|
|
|
|
case "bw-credential-update": {
|
|
|
|
return await this.credentialUpdateCommandHandler(payload as CredentialUpdatePayload);
|
|
|
|
}
|
|
|
|
case "bw-generate-password": {
|
|
|
|
return await this.generateCommandHandler(payload as PasswordGeneratePayload);
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
return {
|
|
|
|
error: "cannot-decrypt",
|
|
|
|
};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
private async checkUserStatus(userId: string): Promise<string> {
|
|
|
|
const activeUserId = await this.stateService.getUserId();
|
|
|
|
|
|
|
|
if (userId !== activeUserId) {
|
|
|
|
return "not-active-user";
|
|
|
|
}
|
|
|
|
|
|
|
|
const authStatus = await this.authService.getAuthStatus(activeUserId);
|
|
|
|
if (authStatus !== AuthenticationStatus.Unlocked) {
|
|
|
|
return "locked";
|
|
|
|
}
|
|
|
|
|
|
|
|
return "valid";
|
|
|
|
}
|
|
|
|
|
|
|
|
private async statusCommandHandler(): Promise<AccountStatusResponse[]> {
|
2022-11-01 11:25:46 +01:00
|
|
|
const accounts = await firstValueFrom(this.stateService.accounts$);
|
2022-09-23 21:47:17 +02:00
|
|
|
const activeUserId = await this.stateService.getUserId();
|
|
|
|
|
|
|
|
if (!accounts || !Object.keys(accounts)) {
|
|
|
|
return [];
|
|
|
|
}
|
|
|
|
|
|
|
|
return Promise.all(
|
|
|
|
Object.keys(accounts).map(async (userId) => {
|
|
|
|
const authStatus = await this.authService.getAuthStatus(userId);
|
|
|
|
const email = await this.stateService.getEmail({ userId });
|
|
|
|
|
|
|
|
return {
|
|
|
|
id: userId,
|
|
|
|
email,
|
|
|
|
status: authStatus === AuthenticationStatus.Unlocked ? "unlocked" : "locked",
|
|
|
|
active: userId === activeUserId,
|
|
|
|
};
|
|
|
|
})
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
private async credentialretreivalCommandHandler(
|
|
|
|
payload: CredentialRetrievePayload
|
|
|
|
): Promise<CipherResponse[] | UserStatusErrorResponse> {
|
|
|
|
if (payload.uri == null) {
|
|
|
|
return [];
|
|
|
|
}
|
|
|
|
|
|
|
|
const ciphersResponse: CipherResponse[] = [];
|
|
|
|
const activeUserId = await this.stateService.getUserId();
|
|
|
|
const authStatus = await this.authService.getAuthStatus(activeUserId);
|
|
|
|
|
|
|
|
if (authStatus !== AuthenticationStatus.Unlocked) {
|
|
|
|
return { error: "locked" };
|
|
|
|
}
|
|
|
|
|
|
|
|
const ciphers = await this.cipherService.getAllDecryptedForUrl(payload.uri);
|
|
|
|
ciphers.sort((a, b) => this.cipherService.sortCiphersByLastUsedThenName(a, b));
|
|
|
|
|
|
|
|
ciphers.forEach((c) => {
|
|
|
|
ciphersResponse.push({
|
|
|
|
userId: activeUserId,
|
|
|
|
credentialId: c.id,
|
|
|
|
userName: c.login.username,
|
|
|
|
password: c.login.password,
|
|
|
|
name: c.name,
|
|
|
|
} as CipherResponse);
|
|
|
|
});
|
|
|
|
|
|
|
|
return ciphersResponse;
|
|
|
|
}
|
|
|
|
|
|
|
|
private async credentialCreateCommandHandler(
|
|
|
|
payload: CredentialCreatePayload
|
|
|
|
): Promise<SuccessStatusResponse | FailureStatusResponse | UserStatusErrorResponse> {
|
|
|
|
const userStatus = await this.checkUserStatus(payload.userId);
|
|
|
|
if (userStatus !== "valid") {
|
|
|
|
return { error: userStatus } as UserStatusErrorResponse;
|
|
|
|
}
|
|
|
|
|
|
|
|
const credentialCreatePayload = payload as CredentialCreatePayload;
|
|
|
|
|
|
|
|
if (
|
|
|
|
credentialCreatePayload.name == null ||
|
|
|
|
(await this.policyService.policyAppliesToUser(PolicyType.PersonalOwnership))
|
|
|
|
) {
|
|
|
|
return { status: "failure" };
|
|
|
|
}
|
|
|
|
|
|
|
|
const cipherView = new CipherView();
|
|
|
|
cipherView.type = CipherType.Login;
|
|
|
|
cipherView.name = payload.name;
|
|
|
|
cipherView.login = new LoginView();
|
|
|
|
cipherView.login.password = credentialCreatePayload.password;
|
|
|
|
cipherView.login.username = credentialCreatePayload.userName;
|
|
|
|
cipherView.login.uris = [new LoginUriView()];
|
|
|
|
cipherView.login.uris[0].uri = credentialCreatePayload.uri;
|
|
|
|
|
|
|
|
try {
|
|
|
|
const encrypted = await this.cipherService.encrypt(cipherView);
|
2022-10-25 21:24:21 +02:00
|
|
|
await this.cipherService.createWithServer(encrypted);
|
2022-09-23 21:47:17 +02:00
|
|
|
|
|
|
|
// Notify other clients of new login
|
|
|
|
await this.messagingService.send("addedCipher");
|
|
|
|
// Refresh Desktop ciphers list
|
|
|
|
await this.messagingService.send("refreshCiphers");
|
|
|
|
|
|
|
|
return { status: "success" };
|
|
|
|
} catch (error) {
|
|
|
|
return { status: "failure" };
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
private async credentialUpdateCommandHandler(
|
|
|
|
payload: CredentialUpdatePayload
|
|
|
|
): Promise<SuccessStatusResponse | FailureStatusResponse | UserStatusErrorResponse> {
|
|
|
|
const userStatus = await this.checkUserStatus(payload.userId);
|
|
|
|
if (userStatus !== "valid") {
|
|
|
|
return { error: userStatus } as UserStatusErrorResponse;
|
|
|
|
}
|
|
|
|
|
|
|
|
const credentialUpdatePayload = payload as CredentialUpdatePayload;
|
|
|
|
|
|
|
|
if (credentialUpdatePayload.name == null) {
|
|
|
|
return { status: "failure" };
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
|
|
|
const cipher = await this.cipherService.get(credentialUpdatePayload.credentialId);
|
|
|
|
if (cipher === null) {
|
|
|
|
return { status: "failure" };
|
|
|
|
}
|
|
|
|
const cipherView = await cipher.decrypt();
|
|
|
|
cipherView.name = credentialUpdatePayload.name;
|
|
|
|
cipherView.login.password = credentialUpdatePayload.password;
|
|
|
|
cipherView.login.username = credentialUpdatePayload.userName;
|
|
|
|
cipherView.login.uris[0].uri = credentialUpdatePayload.uri;
|
|
|
|
const encrypted = await this.cipherService.encrypt(cipherView);
|
|
|
|
|
2022-10-25 21:24:21 +02:00
|
|
|
await this.cipherService.updateWithServer(encrypted);
|
2022-09-23 21:47:17 +02:00
|
|
|
|
|
|
|
// Notify other clients of update
|
|
|
|
await this.messagingService.send("editedCipher");
|
|
|
|
// Refresh Desktop ciphers list
|
|
|
|
await this.messagingService.send("refreshCiphers");
|
|
|
|
|
|
|
|
return { status: "success" };
|
|
|
|
} catch (error) {
|
|
|
|
return { status: "failure" };
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
private async generateCommandHandler(
|
|
|
|
payload: PasswordGeneratePayload
|
|
|
|
): Promise<GenerateResponse | UserStatusErrorResponse> {
|
|
|
|
const userStatus = await this.checkUserStatus(payload.userId);
|
|
|
|
if (userStatus !== "valid") {
|
|
|
|
return { error: userStatus } as UserStatusErrorResponse;
|
|
|
|
}
|
|
|
|
|
|
|
|
const options = (await this.passwordGenerationService.getOptions())[0];
|
|
|
|
const generatedValue = await this.passwordGenerationService.generatePassword(options);
|
|
|
|
await this.passwordGenerationService.addHistory(generatedValue);
|
|
|
|
|
|
|
|
return { password: generatedValue };
|
|
|
|
}
|
|
|
|
}
|