bitwarden-estensione-browser/apps/desktop/src/auth/login/login-approval.component.ts

import { Component, OnInit, OnDestroy } from "@angular/core";
import { ipcRenderer } from "electron";
import { Subject } from "rxjs";

import { ModalRef } from "@bitwarden/angular/components/modal/modal.ref";
import { ModalConfig } from "@bitwarden/angular/services/modal.service";
import { ApiService } from "@bitwarden/common/abstractions/api.service";
import { AppIdService } from "@bitwarden/common/abstractions/appId.service";
import { I18nService } from "@bitwarden/common/abstractions/i18n.service";
import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";
import { StateService } from "@bitwarden/common/abstractions/state.service";
import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
import { AuthRequestResponse } from "@bitwarden/common/auth/models/response/auth-request.response";

const RequestTimeOut = 60000 * 15; //15 Minutes
const RequestTimeUpdate = 60000 * 5; //5 Minutes

@Component({
  selector: "login-approval",
  templateUrl: "login-approval.component.html",
})
export class LoginApprovalComponent implements OnInit, OnDestroy {
  notificationId: string;

  private destroy$ = new Subject<void>();

  email: string;
  authRequestResponse: AuthRequestResponse;
  interval: NodeJS.Timer;
  requestTimeText: string;
  dismissModal: boolean;

  constructor(
    protected stateService: StateService,
    protected platformUtilsService: PlatformUtilsService,
    protected i18nService: I18nService,
    protected apiService: ApiService,
    protected authService: AuthService,
    protected appIdService: AppIdService,
    private modalRef: ModalRef,
    config: ModalConfig
  ) {
    this.notificationId = config.data.notificationId;

    this.dismissModal = true;
    this.modalRef.onClosed
      // eslint-disable-next-line rxjs-angular/prefer-takeuntil
      .subscribe(() => {
        if (this.dismissModal) {
          this.approveLogin(false, false);
        }
      });
  }

  ngOnDestroy(): void {
    clearInterval(this.interval);
    this.destroy$.next();
    this.destroy$.complete();
  }

  async ngOnInit() {
    if (this.notificationId != null) {
      this.authRequestResponse = await this.apiService.getAuthRequest(this.notificationId);

      this.email = await this.stateService.getEmail();
      this.updateTimeText();

      this.interval = setInterval(() => {
        this.updateTimeText();
      }, RequestTimeUpdate);

      const isVisible = await ipcRenderer.invoke("windowVisible");
      if (!isVisible) {
        await ipcRenderer.invoke("loginRequest", {
          alertTitle: this.i18nService.t("logInRequested"),
          alertBody: this.i18nService.t("confirmLoginAtemptForMail", this.email),
          buttonText: this.i18nService.t("close"),
        });
      }
    }
  }

  async approveLogin(approveLogin: boolean, approveDenyButtonClicked: boolean) {
    clearInterval(this.interval);

    this.dismissModal = !approveDenyButtonClicked;
    if (approveDenyButtonClicked) {
      this.modalRef.close();
    }

    this.authRequestResponse = await this.apiService.getAuthRequest(this.notificationId);
    if (this.authRequestResponse.requestApproved || this.authRequestResponse.responseDate != null) {
      this.platformUtilsService.showToast(
        "info",
        null,
        this.i18nService.t("thisRequestIsNoLongerValid")
      );
    } else {
      const loginResponse = await this.authService.passwordlessLogin(
        this.authRequestResponse.id,
        this.authRequestResponse.publicKey,
        approveLogin
      );
      this.showResultToast(loginResponse);
    }
  }

  showResultToast(loginResponse: AuthRequestResponse) {
    if (loginResponse.requestApproved) {
      this.platformUtilsService.showToast(
        "success",
        null,
        this.i18nService.t(
          "logInConfirmedForEmailOnDevice",
          this.email,
          loginResponse.requestDeviceType
        )
      );
    } else {
      this.platformUtilsService.showToast(
        "info",
        null,
        this.i18nService.t("youDeniedALogInAttemptFromAnotherDevice")
      );
    }
  }

  updateTimeText() {
    const requestDate = new Date(this.authRequestResponse.creationDate);
    const requestDateUTC = Date.UTC(
      requestDate.getUTCFullYear(),
      requestDate.getUTCMonth(),
      requestDate.getDate(),
      requestDate.getUTCHours(),
      requestDate.getUTCMinutes(),
      requestDate.getUTCSeconds(),
      requestDate.getUTCMilliseconds()
    );

    const dateNow = new Date(Date.now());
    const dateNowUTC = Date.UTC(
      dateNow.getUTCFullYear(),
      dateNow.getUTCMonth(),
      dateNow.getDate(),
      dateNow.getUTCHours(),
      dateNow.getUTCMinutes(),
      dateNow.getUTCSeconds(),
      dateNow.getUTCMilliseconds()
    );

    const diffInMinutes = dateNowUTC - requestDateUTC;

    if (diffInMinutes <= RequestTimeUpdate) {
      this.requestTimeText = this.i18nService.t("justNow");
    } else if (diffInMinutes < RequestTimeOut) {
      this.requestTimeText = this.i18nService.t(
        "requestedXMinutesAgo",
        (diffInMinutes / 60000).toFixed()
      );
    } else {
      clearInterval(this.interval);
      this.modalRef.close();
      this.platformUtilsService.showToast(
        "info",
        null,
        this.i18nService.t("loginRequestHasAlreadyExpired")
      );
    }
  }
}
Login Flows (#4411) * [SG-171] Login with a device request: Desktop (#3999) * Move LoginWithDeviceComponent to libs * Create login module * Remove login component from previous location * Move startPasswordlessLogin method to base class * Register route for login with device component * Add new localizations * Add Login with Device page styles * Add desktop login with device component * Spacing fix * Add content box around page * Update wording of helper text * Make resend timeout a class variable * SG-173 - Login device approval desktop (#4232) * SG-173 Implemented UI and login for login approval request * SG-173 - Show login approval after login * SG-173 Fetch login requests if the setting is true * SG-173 Add subheading to new setting * SG-173 Handle modal dismiss denying login request * SG-173 Fix pr comments * SG-173 Implemented desktop alerts * SG-173 Replicated behaviour of openViewRef * SG-173 Fixed previous commit * SG-173 PR fix * SG-173 Fix PR comment * SG-173 Added missing service injection * SG-173 Added logo to notifications * SG-173 Fix PR comments * [SG-910] Override self hosted check for desktop (#4405) * Override base component self hosted check * Add selfhost check to environment service * [SG-170] Login with Device Request - Browser (#4198) * work: ui stuff * fix: use parent * fix: words * [SG-987] [SG-988] [SG-989] Fix passwordless login request (#4573) * SG-987 Fix notification text and button options * SG-988 Fix approval and decline confirmation toasts * SG-989 Fix methods called * SG-988 Undo previous commit * [SG-1034] [Defect] - Vault is empty upon login confirmation (#4646) * fix: sync after login * undo: whoops --------- Co-authored-by: Carlos Gonçalves <cgoncalves@bitwarden.com> Co-authored-by: Brandon Maharaj <bmaharaj@bitwarden.com> Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com> 2023-02-05 16:57:21 +01:00			`import { Component, OnInit, OnDestroy } from "@angular/core";`
			`import { ipcRenderer } from "electron";`
			`import { Subject } from "rxjs";`

			`import { ModalRef } from "@bitwarden/angular/components/modal/modal.ref";`
			`import { ModalConfig } from "@bitwarden/angular/services/modal.service";`
			`import { ApiService } from "@bitwarden/common/abstractions/api.service";`
			`import { AppIdService } from "@bitwarden/common/abstractions/appId.service";`
			`import { I18nService } from "@bitwarden/common/abstractions/i18n.service";`
			`import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";`
			`import { StateService } from "@bitwarden/common/abstractions/state.service";`
Auth/ps 2298 reorg auth (#4564) * Move auth service factories to Auth team * Move authentication componenets to Auth team * Move auth guard services to Auth team * Move Duo content script to Auth team * Move auth CLI commands to Auth team * Move Desktop Account components to Auth Team * Move Desktop guards to Auth team * Move two-factor provider images to Auth team * Move web Accounts components to Auth Team * Move web settings components to Auth Team * Move web two factor images to Auth Team * Fix missed import changes for Auth Team * Fix Linting errors * Fix missed CLI imports * Fix missed Desktop imports * Revert images move * Fix missed imports in Web * Move angular lib components to Auth Team * Move angular auth guards to Auth team * Move strategy specs to Auth team * Update .eslintignore for new paths * Move lib common abstractions to Auth team * Move services to Auth team * Move common lib enums to Auth team * Move webauthn iframe to Auth team * Move lib common domain models to Auth team * Move common lib requests to Auth team * Move response models to Auth team * Clean up whitelist * Move bit web components to Auth team * Move SSO and SCIM files to Auth team * Revert move SCIM to Auth team SCIM belongs to Admin Console team * Move captcha to Auth team * Move key connector to Auth team * Move emergency access to auth team * Delete extra file * linter fixes * Move kdf config to auth team * Fix whitelist * Fix duo autoformat * Complete two factor provider request move * Fix whitelist names * Fix login capitalization * Revert hint dependency reordering * Revert hint dependency reordering * Revert hint component This components is being picked up as a move between clients * Move web hint component to Auth team * Move new files to auth team * Fix desktop build * Fix browser build 2023-02-06 22:53:37 +01:00			`import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";`
			`import { AuthRequestResponse } from "@bitwarden/common/auth/models/response/auth-request.response";`
Login Flows (#4411) * [SG-171] Login with a device request: Desktop (#3999) * Move LoginWithDeviceComponent to libs * Create login module * Remove login component from previous location * Move startPasswordlessLogin method to base class * Register route for login with device component * Add new localizations * Add Login with Device page styles * Add desktop login with device component * Spacing fix * Add content box around page * Update wording of helper text * Make resend timeout a class variable * SG-173 - Login device approval desktop (#4232) * SG-173 Implemented UI and login for login approval request * SG-173 - Show login approval after login * SG-173 Fetch login requests if the setting is true * SG-173 Add subheading to new setting * SG-173 Handle modal dismiss denying login request * SG-173 Fix pr comments * SG-173 Implemented desktop alerts * SG-173 Replicated behaviour of openViewRef * SG-173 Fixed previous commit * SG-173 PR fix * SG-173 Fix PR comment * SG-173 Added missing service injection * SG-173 Added logo to notifications * SG-173 Fix PR comments * [SG-910] Override self hosted check for desktop (#4405) * Override base component self hosted check * Add selfhost check to environment service * [SG-170] Login with Device Request - Browser (#4198) * work: ui stuff * fix: use parent * fix: words * [SG-987] [SG-988] [SG-989] Fix passwordless login request (#4573) * SG-987 Fix notification text and button options * SG-988 Fix approval and decline confirmation toasts * SG-989 Fix methods called * SG-988 Undo previous commit * [SG-1034] [Defect] - Vault is empty upon login confirmation (#4646) * fix: sync after login * undo: whoops --------- Co-authored-by: Carlos Gonçalves <cgoncalves@bitwarden.com> Co-authored-by: Brandon Maharaj <bmaharaj@bitwarden.com> Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com> 2023-02-05 16:57:21 +01:00
			`const RequestTimeOut = 60000 * 15; //15 Minutes`
			`const RequestTimeUpdate = 60000 * 5; //5 Minutes`

			`@Component({`
			`selector: "login-approval",`
			`templateUrl: "login-approval.component.html",`
			`})`
			`export class LoginApprovalComponent implements OnInit, OnDestroy {`
			`notificationId: string;`

			`private destroy$ = new Subject<void>();`

			`email: string;`
			`authRequestResponse: AuthRequestResponse;`
			`interval: NodeJS.Timer;`
			`requestTimeText: string;`
			`dismissModal: boolean;`

			`constructor(`
			`protected stateService: StateService,`
			`protected platformUtilsService: PlatformUtilsService,`
			`protected i18nService: I18nService,`
			`protected apiService: ApiService,`
			`protected authService: AuthService,`
			`protected appIdService: AppIdService,`
			`private modalRef: ModalRef,`
			`config: ModalConfig`
			`) {`
			`this.notificationId = config.data.notificationId;`

			`this.dismissModal = true;`
			`this.modalRef.onClosed`
			`// eslint-disable-next-line rxjs-angular/prefer-takeuntil`
			`.subscribe(() => {`
			`if (this.dismissModal) {`
			`this.approveLogin(false, false);`
			`}`
			`});`
			`}`

			`ngOnDestroy(): void {`
			`clearInterval(this.interval);`
			`this.destroy$.next();`
			`this.destroy$.complete();`
			`}`

			`async ngOnInit() {`
			`if (this.notificationId != null) {`
			`this.authRequestResponse = await this.apiService.getAuthRequest(this.notificationId);`

			`this.email = await this.stateService.getEmail();`
			`this.updateTimeText();`

			`this.interval = setInterval(() => {`
			`this.updateTimeText();`
			`}, RequestTimeUpdate);`

			`const isVisible = await ipcRenderer.invoke("windowVisible");`
			`if (!isVisible) {`
			`await ipcRenderer.invoke("loginRequest", {`
			`alertTitle: this.i18nService.t("logInRequested"),`
			`alertBody: this.i18nService.t("confirmLoginAtemptForMail", this.email),`
			`buttonText: this.i18nService.t("close"),`
			`});`
			`}`
			`}`
			`}`

			`async approveLogin(approveLogin: boolean, approveDenyButtonClicked: boolean) {`
			`clearInterval(this.interval);`

			`this.dismissModal = !approveDenyButtonClicked;`
			`if (approveDenyButtonClicked) {`
			`this.modalRef.close();`
			`}`

			`this.authRequestResponse = await this.apiService.getAuthRequest(this.notificationId);`
			`if (this.authRequestResponse.requestApproved \|\| this.authRequestResponse.responseDate != null) {`
			`this.platformUtilsService.showToast(`
			`"info",`
			`null,`
			`this.i18nService.t("thisRequestIsNoLongerValid")`
			`);`
			`} else {`
			`const loginResponse = await this.authService.passwordlessLogin(`
			`this.authRequestResponse.id,`
			`this.authRequestResponse.publicKey,`
			`approveLogin`
			`);`
			`this.showResultToast(loginResponse);`
			`}`
			`}`

			`showResultToast(loginResponse: AuthRequestResponse) {`
			`if (loginResponse.requestApproved) {`
			`this.platformUtilsService.showToast(`
			`"success",`
			`null,`
			`this.i18nService.t(`
			`"logInConfirmedForEmailOnDevice",`
			`this.email,`
			`loginResponse.requestDeviceType`
			`)`
			`);`
			`} else {`
			`this.platformUtilsService.showToast(`
			`"info",`
			`null,`
			`this.i18nService.t("youDeniedALogInAttemptFromAnotherDevice")`
			`);`
			`}`
			`}`

			`updateTimeText() {`
			`const requestDate = new Date(this.authRequestResponse.creationDate);`
			`const requestDateUTC = Date.UTC(`
			`requestDate.getUTCFullYear(),`
			`requestDate.getUTCMonth(),`
			`requestDate.getDate(),`
			`requestDate.getUTCHours(),`
			`requestDate.getUTCMinutes(),`
			`requestDate.getUTCSeconds(),`
			`requestDate.getUTCMilliseconds()`
			`);`

			`const dateNow = new Date(Date.now());`
			`const dateNowUTC = Date.UTC(`
			`dateNow.getUTCFullYear(),`
			`dateNow.getUTCMonth(),`
			`dateNow.getDate(),`
			`dateNow.getUTCHours(),`
			`dateNow.getUTCMinutes(),`
			`dateNow.getUTCSeconds(),`
			`dateNow.getUTCMilliseconds()`
			`);`

			`const diffInMinutes = dateNowUTC - requestDateUTC;`

			`if (diffInMinutes <= RequestTimeUpdate) {`
			`this.requestTimeText = this.i18nService.t("justNow");`
			`} else if (diffInMinutes < RequestTimeOut) {`
			`this.requestTimeText = this.i18nService.t(`
			`"requestedXMinutesAgo",`
			`(diffInMinutes / 60000).toFixed()`
			`);`
			`} else {`
			`clearInterval(this.interval);`
			`this.modalRef.close();`
			`this.platformUtilsService.showToast(`
			`"info",`
			`null,`
			`this.i18nService.t("loginRequestHasAlreadyExpired")`
			`);`
			`}`
			`}`
			`}`