bitwarden-estensione-browser/src/angular/components/two-factor.component.ts

import {
    OnDestroy,
    OnInit,
} from '@angular/core';

import {
    ActivatedRoute,
    Router,
} from '@angular/router';

import { DeviceType } from '../../enums/deviceType';
import { TwoFactorProviderType } from '../../enums/twoFactorProviderType';

import { TwoFactorEmailRequest } from '../../models/request/twoFactorEmailRequest';

import { AuthResult } from '../../models/domain';

import { ApiService } from '../../abstractions/api.service';
import { AuthService } from '../../abstractions/auth.service';
import { EnvironmentService } from '../../abstractions/environment.service';
import { I18nService } from '../../abstractions/i18n.service';
import { PlatformUtilsService } from '../../abstractions/platformUtils.service';
import { StateService } from '../../abstractions/state.service';
import { StorageService } from '../../abstractions/storage.service';

import { TwoFactorProviders } from '../../services/auth.service';
import { ConstantsService } from '../../services/constants.service';

import * as DuoWebSDK from 'duo_web_sdk';
import { U2f } from '../../misc/u2f';

export class TwoFactorComponent implements OnInit, OnDestroy {
    token: string = '';
    remember: boolean = false;
    u2fReady: boolean = false;
    initU2f: boolean = true;
    providers = TwoFactorProviders;
    providerType = TwoFactorProviderType;
    selectedProviderType: TwoFactorProviderType = TwoFactorProviderType.Authenticator;
    u2fSupported: boolean = false;
    u2f: U2f = null;
    title: string = '';
    twoFactorEmail: string = null;
    formPromise: Promise<any>;
    emailPromise: Promise<any>;
    identifier: string = null;
    onSuccessfulLogin: () => Promise<any>;
    onSuccessfulLoginNavigate: () => Promise<any>;

    protected loginRoute = 'login';
    protected successRoute = 'vault';

    constructor(protected authService: AuthService, protected router: Router,
        protected i18nService: I18nService, protected apiService: ApiService,
        protected platformUtilsService: PlatformUtilsService, protected win: Window,
        protected environmentService: EnvironmentService, protected stateService: StateService,
        protected storageService: StorageService, protected route: ActivatedRoute) {
        this.u2fSupported = this.platformUtilsService.supportsU2f(win);
    }

    async ngOnInit() {
        if ((!this.authService.authingWithSso() && !this.authService.authingWithPassword()) ||
            this.authService.twoFactorProvidersData == null) {
            this.router.navigate([this.loginRoute]);
            return;
        }

        const queryParamsSub = this.route.queryParams.subscribe(async (qParams) => {
            if (qParams.identifier != null) {
                this.identifier = qParams.identifier;
            }

            if (queryParamsSub != null) {
                queryParamsSub.unsubscribe();
            }
        });

        if (this.authService.authingWithSso()) {
            this.successRoute = 'lock';
        }

        if (this.initU2f && this.win != null && this.u2fSupported) {
            let customWebVaultUrl: string = null;
            if (this.environmentService.baseUrl != null) {
                customWebVaultUrl = this.environmentService.baseUrl;
            } else if (this.environmentService.webVaultUrl != null) {
                customWebVaultUrl = this.environmentService.webVaultUrl;
            }

            this.u2f = new U2f(this.win, customWebVaultUrl, (token: string) => {
                this.token = token;
                this.submit();
            }, (error: string) => {
                this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'), error);
            }, (info: string) => {
                if (info === 'ready') {
                    this.u2fReady = true;
                }
            });
        }

        this.selectedProviderType = this.authService.getDefaultTwoFactorProvider(this.u2fSupported);
        await this.init();
    }

    ngOnDestroy(): void {
        this.cleanupU2f();
        this.u2f = null;
    }

    async init() {
        if (this.selectedProviderType == null) {
            this.title = this.i18nService.t('loginUnavailable');
            return;
        }

        this.cleanupU2f();
        this.title = (TwoFactorProviders as any)[this.selectedProviderType].name;
        const providerData = this.authService.twoFactorProvidersData.get(this.selectedProviderType);
        switch (this.selectedProviderType) {
            case TwoFactorProviderType.U2f:
                if (!this.u2fSupported || this.u2f == null) {
                    break;
                }

                if (providerData.Challenge != null) {
                    setTimeout(() => {
                        this.u2f.init(JSON.parse(providerData.Challenge));
                    }, 500);
                } else {
                    // TODO: Deprecated. Remove in future version.
                    const challenges = JSON.parse(providerData.Challenges);
                    if (challenges != null && challenges.length > 0) {
                        this.u2f.init({
                            appId: challenges[0].appId,
                            challenge: challenges[0].challenge,
                            keys: challenges.map((c: any) => {
                                return {
                                    version: c.version,
                                    keyHandle: c.keyHandle,
                                };
                            }),
                        });
                    }
                }
                break;
            case TwoFactorProviderType.Duo:
            case TwoFactorProviderType.OrganizationDuo:
                setTimeout(() => {
                    DuoWebSDK.init({
                        iframe: undefined,
                        host: providerData.Host,
                        sig_request: providerData.Signature,
                        submit_callback: async (f: HTMLFormElement) => {
                            const sig = f.querySelector('input[name="sig_response"]') as HTMLInputElement;
                            if (sig != null) {
                                this.token = sig.value;
                                await this.submit();
                            }
                        },
                    });
                }, 0);
                break;
            case TwoFactorProviderType.Email:
                this.twoFactorEmail = providerData.Email;
                if (this.authService.twoFactorProvidersData.size > 1) {
                    await this.sendEmail(false);
                }
                break;
            default:
                break;
        }
    }

    async submit() {
        if (this.token == null || this.token === '') {
            this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
                this.i18nService.t('verificationCodeRequired'));
            return;
        }

        if (this.selectedProviderType === TwoFactorProviderType.U2f) {
            if (this.u2f != null) {
                this.u2f.stop();
            } else {
                return;
            }
        } else if (this.selectedProviderType === TwoFactorProviderType.Email ||
            this.selectedProviderType === TwoFactorProviderType.Authenticator) {
            this.token = this.token.replace(' ', '').trim();
        }

        try {
            this.formPromise = this.authService.logInTwoFactor(this.selectedProviderType, this.token, this.remember);
            const response: AuthResult = await this.formPromise;
            const disableFavicon = await this.storageService.get<boolean>(ConstantsService.disableFaviconKey);
            await this.stateService.save(ConstantsService.disableFaviconKey, !!disableFavicon);
            if (this.onSuccessfulLogin != null) {
                this.onSuccessfulLogin();
            }
            this.platformUtilsService.eventTrack('Logged In From Two-step');
            if (this.onSuccessfulLoginNavigate != null) {
                this.onSuccessfulLoginNavigate();
            } else {
                if (response.resetMasterPassword) {
                    this.successRoute = 'set-password';
                }
                this.router.navigate([this.successRoute], {
                    queryParams: {
                        identifier: this.identifier,
                    },
                });
            }
        } catch {
            if (this.selectedProviderType === TwoFactorProviderType.U2f && this.u2f != null) {
                this.u2f.start();
            }
        }
    }

    async sendEmail(doToast: boolean) {
        if (this.selectedProviderType !== TwoFactorProviderType.Email) {
            return;
        }

        if (this.emailPromise != null) {
            return;
        }

        try {
            const request = new TwoFactorEmailRequest(this.authService.email, this.authService.masterPasswordHash);
            this.emailPromise = this.apiService.postTwoFactorEmail(request);
            await this.emailPromise;
            if (doToast) {
                this.platformUtilsService.showToast('success', null,
                    this.i18nService.t('verificationCodeEmailSent', this.twoFactorEmail));
            }
        } catch { }

        this.emailPromise = null;
    }

    private cleanupU2f() {
        if (this.u2f != null) {
            this.u2f.stop();
            this.u2f.cleanup();
        }
    }
}
add u2f support to two factor component 2018-04-04 22:27:30 +02:00			`import {`
			`OnDestroy,`
			`OnInit,`
			`} from '@angular/core';`
[SSO] Bug - Fixed set password route (#156) * Fixed 2fa + set password bug// moved query params parsing in shared lib * Removed unnecessary params parse // added auth result conditional for success route 2020-08-26 17:54:16 +02:00
[SSO] New user provision flow (#173) * Initial commit of new user sso flow * Adjusted stateSplit conditional per review 2020-10-13 22:21:03 +02:00			`import {`
			`ActivatedRoute,`
			`Router,`
			`} from '@angular/router';`
share components with jslib 2018-04-04 15:47:43 +02:00
check SafariExtension instead of safari 2018-07-21 21:35:17 +02:00			`import { DeviceType } from '../../enums/deviceType';`
share components with jslib 2018-04-04 15:47:43 +02:00			`import { TwoFactorProviderType } from '../../enums/twoFactorProviderType';`

			`import { TwoFactorEmailRequest } from '../../models/request/twoFactorEmailRequest';`

[SSO] Bug - Fixed set password route (#156) * Fixed 2fa + set password bug// moved query params parsing in shared lib * Removed unnecessary params parse // added auth result conditional for success route 2020-08-26 17:54:16 +02:00			`import { AuthResult } from '../../models/domain';`

share components with jslib 2018-04-04 15:47:43 +02:00			`import { ApiService } from '../../abstractions/api.service';`
			`import { AuthService } from '../../abstractions/auth.service';`
add u2f support to two factor component 2018-04-04 22:27:30 +02:00			`import { EnvironmentService } from '../../abstractions/environment.service';`
share components with jslib 2018-04-04 15:47:43 +02:00			`import { I18nService } from '../../abstractions/i18n.service';`
			`import { PlatformUtilsService } from '../../abstractions/platformUtils.service';`
re-set favicon state after unlock/login 2019-07-02 14:13:33 +02:00			`import { StateService } from '../../abstractions/state.service';`
			`import { StorageService } from '../../abstractions/storage.service';`
share components with jslib 2018-04-04 15:47:43 +02:00
			`import { TwoFactorProviders } from '../../services/auth.service';`
re-set favicon state after unlock/login 2019-07-02 14:13:33 +02:00			`import { ConstantsService } from '../../services/constants.service';`
share components with jslib 2018-04-04 15:47:43 +02:00
install and use duo_web_sdk w/ npm 2018-12-18 23:00:07 +01:00			`import * as DuoWebSDK from 'duo_web_sdk';`
add u2f support to two factor component 2018-04-04 22:27:30 +02:00			`import { U2f } from '../../misc/u2f';`

			`export class TwoFactorComponent implements OnInit, OnDestroy {`
share components with jslib 2018-04-04 15:47:43 +02:00			`token: string = '';`
			`remember: boolean = false;`
			`u2fReady: boolean = false;`
init u2f param 2019-07-03 16:37:26 +02:00			`initU2f: boolean = true;`
share components with jslib 2018-04-04 15:47:43 +02:00			`providers = TwoFactorProviders;`
			`providerType = TwoFactorProviderType;`
			`selectedProviderType: TwoFactorProviderType = TwoFactorProviderType.Authenticator;`
			`u2fSupported: boolean = false;`
add u2f support to two factor component 2018-04-04 22:27:30 +02:00			`u2f: U2f = null;`
share components with jslib 2018-04-04 15:47:43 +02:00			`title: string = '';`
			`twoFactorEmail: string = null;`
			`formPromise: Promise<any>;`
			`emailPromise: Promise<any>;`
[SSO] New user provision flow (#173) * Initial commit of new user sso flow * Adjusted stateSplit conditional per review 2020-10-13 22:21:03 +02:00			`identifier: string = null;`
onSuccessfulLoginNavigate for 2fa page 2018-07-13 16:49:37 +02:00			`onSuccessfulLogin: () => Promise<any>;`
			`onSuccessfulLoginNavigate: () => Promise<any>;`
share components with jslib 2018-04-04 15:47:43 +02:00
lock component to jslib 2018-04-05 04:59:14 +02:00			`protected loginRoute = 'login';`
share components with jslib 2018-04-04 15:47:43 +02:00			`protected successRoute = 'vault';`

			`constructor(protected authService: AuthService, protected router: Router,`
			`protected i18nService: I18nService, protected apiService: ApiService,`
move sync to post login action 2018-04-25 18:08:18 +02:00			`protected platformUtilsService: PlatformUtilsService, protected win: Window,`
re-set favicon state after unlock/login 2019-07-02 14:13:33 +02:00			`protected environmentService: EnvironmentService, protected stateService: StateService,`
[SSO] New user provision flow (#173) * Initial commit of new user sso flow * Adjusted stateSplit conditional per review 2020-10-13 22:21:03 +02:00			`protected storageService: StorageService, protected route: ActivatedRoute) {`
use win variables 2018-04-07 06:18:31 +02:00			`this.u2fSupported = this.platformUtilsService.supportsU2f(win);`
share components with jslib 2018-04-04 15:47:43 +02:00			`}`

			`async ngOnInit() {`
sso support (#127) * support for sso * created master password boolean * resetMasterPassword flows * throw on bad ctor for token request 2020-07-16 14:59:29 +02:00			`if ((!this.authService.authingWithSso() && !this.authService.authingWithPassword()) \|\|`
implement AuthServiceAbstraction 2019-05-27 16:29:09 +02:00			`this.authService.twoFactorProvidersData == null) {`
lock component to jslib 2018-04-05 04:59:14 +02:00			`this.router.navigate([this.loginRoute]);`
share components with jslib 2018-04-04 15:47:43 +02:00			`return;`
			`}`

[SSO] New user provision flow (#173) * Initial commit of new user sso flow * Adjusted stateSplit conditional per review 2020-10-13 22:21:03 +02:00			`const queryParamsSub = this.route.queryParams.subscribe(async (qParams) => {`
			`if (qParams.identifier != null) {`
			`this.identifier = qParams.identifier;`
			`}`

			`if (queryParamsSub != null) {`
			`queryParamsSub.unsubscribe();`
			`}`
			`});`

sso support (#127) * support for sso * created master password boolean * resetMasterPassword flows * throw on bad ctor for token request 2020-07-16 14:59:29 +02:00			`if (this.authService.authingWithSso()) {`
[SSO] Bug - Fixed set password route (#156) * Fixed 2fa + set password bug// moved query params parsing in shared lib * Removed unnecessary params parse // added auth result conditional for success route 2020-08-26 17:54:16 +02:00			`this.successRoute = 'lock';`
sso support (#127) * support for sso * created master password boolean * resetMasterPassword flows * throw on bad ctor for token request 2020-07-16 14:59:29 +02:00			`}`

init u2f param 2019-07-03 16:37:26 +02:00			`if (this.initU2f && this.win != null && this.u2fSupported) {`
add u2f support to two factor component 2018-04-04 22:27:30 +02:00			`let customWebVaultUrl: string = null;`
null checks 2018-07-23 23:15:23 +02:00			`if (this.environmentService.baseUrl != null) {`
add u2f support to two factor component 2018-04-04 22:27:30 +02:00			`customWebVaultUrl = this.environmentService.baseUrl;`
null checks 2018-07-23 23:15:23 +02:00			`} else if (this.environmentService.webVaultUrl != null) {`
add u2f support to two factor component 2018-04-04 22:27:30 +02:00			`customWebVaultUrl = this.environmentService.webVaultUrl;`
			`}`

			`this.u2f = new U2f(this.win, customWebVaultUrl, (token: string) => {`
			`this.token = token;`
			`this.submit();`
			`}, (error: string) => {`
refactor toaster to platform showToast 2018-10-03 05:09:19 +02:00			`this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'), error);`
add u2f support to two factor component 2018-04-04 22:27:30 +02:00			`}, (info: string) => {`
			`if (info === 'ready') {`
			`this.u2fReady = true;`
			`}`
			`});`
			`}`

share components with jslib 2018-04-04 15:47:43 +02:00			`this.selectedProviderType = this.authService.getDefaultTwoFactorProvider(this.u2fSupported);`
			`await this.init();`
			`}`

add u2f support to two factor component 2018-04-04 22:27:30 +02:00			`ngOnDestroy(): void {`
			`this.cleanupU2f();`
			`this.u2f = null;`
			`}`

share components with jslib 2018-04-04 15:47:43 +02:00			`async init() {`
			`if (this.selectedProviderType == null) {`
			`this.title = this.i18nService.t('loginUnavailable');`
			`return;`
			`}`

add u2f support to two factor component 2018-04-04 22:27:30 +02:00			`this.cleanupU2f();`
share components with jslib 2018-04-04 15:47:43 +02:00			`this.title = (TwoFactorProviders as any)[this.selectedProviderType].name;`
implement AuthServiceAbstraction 2019-05-27 16:29:09 +02:00			`const providerData = this.authService.twoFactorProvidersData.get(this.selectedProviderType);`
share components with jslib 2018-04-04 15:47:43 +02:00			`switch (this.selectedProviderType) {`
			`case TwoFactorProviderType.U2f:`
add u2f support to two factor component 2018-04-04 22:27:30 +02:00			`if (!this.u2fSupported \|\| this.u2f == null) {`
share components with jslib 2018-04-04 15:47:43 +02:00			`break;`
			`}`

implement AuthServiceAbstraction 2019-05-27 16:29:09 +02:00			`if (providerData.Challenge != null) {`
init u2f param 2019-07-03 16:37:26 +02:00			`setTimeout(() => {`
			`this.u2f.init(JSON.parse(providerData.Challenge));`
			`}, 500);`
support for new Challenge token for U2F 2018-10-10 23:52:08 +02:00			`} else {`
			`// TODO: Deprecated. Remove in future version.`
implement AuthServiceAbstraction 2019-05-27 16:29:09 +02:00			`const challenges = JSON.parse(providerData.Challenges);`
support for new Challenge token for U2F 2018-10-10 23:52:08 +02:00			`if (challenges != null && challenges.length > 0) {`
			`this.u2f.init({`
			`appId: challenges[0].appId,`
			`challenge: challenges[0].challenge,`
			`keys: challenges.map((c: any) => {`
			`return {`
			`version: c.version,`
			`keyHandle: c.keyHandle,`
			`};`
			`}),`
			`});`
			`}`
add u2f support to two factor component 2018-04-04 22:27:30 +02:00			`}`
share components with jslib 2018-04-04 15:47:43 +02:00			`break;`
			`case TwoFactorProviderType.Duo:`
			`case TwoFactorProviderType.OrganizationDuo:`
			`setTimeout(() => {`
load DuoWebSDK as a module 2018-06-11 19:32:53 +02:00			`DuoWebSDK.init({`
			`iframe: undefined,`
implement AuthServiceAbstraction 2019-05-27 16:29:09 +02:00			`host: providerData.Host,`
			`sig_request: providerData.Signature,`
share components with jslib 2018-04-04 15:47:43 +02:00			`submit_callback: async (f: HTMLFormElement) => {`
			`const sig = f.querySelector('input[name="sig_response"]') as HTMLInputElement;`
			`if (sig != null) {`
			`this.token = sig.value;`
			`await this.submit();`
			`}`
			`},`
			`});`
load DuoWebSDK as a module 2018-06-11 19:32:53 +02:00			`}, 0);`
share components with jslib 2018-04-04 15:47:43 +02:00			`break;`
			`case TwoFactorProviderType.Email:`
implement AuthServiceAbstraction 2019-05-27 16:29:09 +02:00			`this.twoFactorEmail = providerData.Email;`
			`if (this.authService.twoFactorProvidersData.size > 1) {`
share components with jslib 2018-04-04 15:47:43 +02:00			`await this.sendEmail(false);`
			`}`
			`break;`
			`default:`
			`break;`
			`}`
			`}`

			`async submit() {`
			`if (this.token == null \|\| this.token === '') {`
refactor toaster to platform showToast 2018-10-03 05:09:19 +02:00			`this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),`
share components with jslib 2018-04-04 15:47:43 +02:00			`this.i18nService.t('verificationCodeRequired'));`
			`return;`
			`}`

			`if (this.selectedProviderType === TwoFactorProviderType.U2f) {`
add u2f support to two factor component 2018-04-04 22:27:30 +02:00			`if (this.u2f != null) {`
			`this.u2f.stop();`
			`} else {`
			`return;`
			`}`
share components with jslib 2018-04-04 15:47:43 +02:00			`} else if (this.selectedProviderType === TwoFactorProviderType.Email \|\|`
			`this.selectedProviderType === TwoFactorProviderType.Authenticator) {`
			`this.token = this.token.replace(' ', '').trim();`
			`}`

			`try {`
			`this.formPromise = this.authService.logInTwoFactor(this.selectedProviderType, this.token, this.remember);`
[SSO] Bug - Fixed set password route (#156) * Fixed 2fa + set password bug// moved query params parsing in shared lib * Removed unnecessary params parse // added auth result conditional for success route 2020-08-26 17:54:16 +02:00			`const response: AuthResult = await this.formPromise;`
re-set favicon state after unlock/login 2019-07-02 14:13:33 +02:00			`const disableFavicon = await this.storageService.get<boolean>(ConstantsService.disableFaviconKey);`
			`await this.stateService.save(ConstantsService.disableFaviconKey, !!disableFavicon);`
onSuccessfulLoginNavigate for 2fa page 2018-07-13 16:49:37 +02:00			`if (this.onSuccessfulLogin != null) {`
			`this.onSuccessfulLogin();`
move sync to post login action 2018-04-25 18:08:18 +02:00			`}`
move eventTrack analytics to platform utils 2018-10-03 06:03:49 +02:00			`this.platformUtilsService.eventTrack('Logged In From Two-step');`
onSuccessfulLoginNavigate for 2fa page 2018-07-13 16:49:37 +02:00			`if (this.onSuccessfulLoginNavigate != null) {`
			`this.onSuccessfulLoginNavigate();`
			`} else {`
[SSO] Bug - Fixed set password route (#156) * Fixed 2fa + set password bug// moved query params parsing in shared lib * Removed unnecessary params parse // added auth result conditional for success route 2020-08-26 17:54:16 +02:00			`if (response.resetMasterPassword) {`
			`this.successRoute = 'set-password';`
			`}`
[SSO] New user provision flow (#173) * Initial commit of new user sso flow * Adjusted stateSplit conditional per review 2020-10-13 22:21:03 +02:00			`this.router.navigate([this.successRoute], {`
			`queryParams: {`
			`identifier: this.identifier,`
			`},`
			`});`
onSuccessfulLoginNavigate for 2fa page 2018-07-13 16:49:37 +02:00			`}`
don't re-throw exception on 2fa failure 2018-08-25 14:47:38 +02:00			`} catch {`
add u2f support to two factor component 2018-04-04 22:27:30 +02:00			`if (this.selectedProviderType === TwoFactorProviderType.U2f && this.u2f != null) {`
			`this.u2f.start();`
share components with jslib 2018-04-04 15:47:43 +02:00			`}`
			`}`
			`}`

			`async sendEmail(doToast: boolean) {`
			`if (this.selectedProviderType !== TwoFactorProviderType.Email) {`
			`return;`
			`}`

			`if (this.emailPromise != null) {`
			`return;`
			`}`

			`try {`
			`const request = new TwoFactorEmailRequest(this.authService.email, this.authService.masterPasswordHash);`
			`this.emailPromise = this.apiService.postTwoFactorEmail(request);`
			`await this.emailPromise;`
			`if (doToast) {`
refactor toaster to platform showToast 2018-10-03 05:09:19 +02:00			`this.platformUtilsService.showToast('success', null,`
share components with jslib 2018-04-04 15:47:43 +02:00			`this.i18nService.t('verificationCodeEmailSent', this.twoFactorEmail));`
			`}`
			`} catch { }`

			`this.emailPromise = null;`
			`}`
add u2f support to two factor component 2018-04-04 22:27:30 +02:00
			`private cleanupU2f() {`
			`if (this.u2f != null) {`
			`this.u2f.stop();`
			`this.u2f.cleanup();`
			`}`
			`}`
share components with jslib 2018-04-04 15:47:43 +02:00			`}`