bitwarden-estensione-browser/bitwarden_license/bit-web/src/app/secrets-manager/secrets/secret.service.ts

import { Injectable } from "@angular/core";
import { Subject } from "rxjs";

import { ApiService } from "@bitwarden/common/abstractions/api.service";
import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
import { EncryptService } from "@bitwarden/common/abstractions/encrypt.service";
import { EncString } from "@bitwarden/common/models/domain/enc-string";
import { SymmetricCryptoKey } from "@bitwarden/common/models/domain/symmetric-crypto-key";

import { SecretListView } from "../models/view/secret-list.view";
import { SecretProjectView } from "../models/view/secret-project.view";
import { SecretView } from "../models/view/secret.view";

import { SecretRequest } from "./requests/secret.request";
import { SecretListItemResponse } from "./responses/secret-list-item.response";
import { SecretProjectResponse } from "./responses/secret-project.response";
import { SecretWithProjectsListResponse } from "./responses/secret-with-projects-list.response";
import { SecretResponse } from "./responses/secret.response";

@Injectable({
  providedIn: "root",
})
export class SecretService {
  protected _secret: Subject<SecretView> = new Subject();

  secret$ = this._secret.asObservable();

  constructor(
    private cryptoService: CryptoService,
    private apiService: ApiService,
    private encryptService: EncryptService
  ) {}

  async getBySecretId(secretId: string): Promise<SecretView> {
    const r = await this.apiService.send("GET", "/secrets/" + secretId, null, true, true);
    const secretResponse = new SecretResponse(r);
    return await this.createSecretView(secretResponse);
  }

  async getSecrets(organizationId: string): Promise<SecretListView[]> {
    const r = await this.apiService.send(
      "GET",
      "/organizations/" + organizationId + "/secrets",
      null,
      true,
      true
    );

    const results = new SecretWithProjectsListResponse(r);
    return await this.createSecretsListView(organizationId, results);
  }

  async getSecretsByProject(organizationId: string, projectId: string): Promise<SecretListView[]> {
    const r = await this.apiService.send(
      "GET",
      "/projects/" + projectId + "/secrets",
      null,
      true,
      true
    );

    const results = new SecretWithProjectsListResponse(r);
    return await this.createSecretsListView(organizationId, results);
  }

  async create(organizationId: string, secretView: SecretView, projectId?: string) {
    const request = await this.getSecretRequest(organizationId, secretView, projectId);
    const r = await this.apiService.send(
      "POST",
      "/organizations/" + organizationId + "/secrets",
      request,
      true,
      true
    );
    this._secret.next(await this.createSecretView(new SecretResponse(r)));
  }

  async update(organizationId: string, secretView: SecretView) {
    const request = await this.getSecretRequest(organizationId, secretView);
    const r = await this.apiService.send("PUT", "/secrets/" + secretView.id, request, true, true);
    this._secret.next(await this.createSecretView(new SecretResponse(r)));
  }

  async delete(secretIds: string[]) {
    const r = await this.apiService.send("POST", "/secrets/delete", secretIds, true, true);

    const responseErrors: string[] = [];
    r.data.forEach((element: { error: string }) => {
      if (element.error) {
        responseErrors.push(element.error);
      }
    });

    // TODO waiting to hear back on how to display multiple errors.
    // for now send as a list of strings to be displayed in toast.
    if (responseErrors?.length >= 1) {
      throw new Error(responseErrors.join(","));
    }

    this._secret.next(null);
  }

  private async getOrganizationKey(organizationId: string): Promise<SymmetricCryptoKey> {
    return await this.cryptoService.getOrgKey(organizationId);
  }

  private async getSecretRequest(
    organizationId: string,
    secretView: SecretView,
    projectId?: string
  ): Promise<SecretRequest> {
    const orgKey = await this.getOrganizationKey(organizationId);
    const request = new SecretRequest();
    const [key, value, note] = await Promise.all([
      this.encryptService.encrypt(secretView.name, orgKey),
      this.encryptService.encrypt(secretView.value, orgKey),
      this.encryptService.encrypt(secretView.note, orgKey),
    ]);
    request.key = key.encryptedString;
    request.value = value.encryptedString;
    request.note = note.encryptedString;
    request.projectId = projectId;
    return request;
  }

  private async createSecretView(secretResponse: SecretResponse): Promise<SecretView> {
    const orgKey = await this.getOrganizationKey(secretResponse.organizationId);

    const secretView = new SecretView();
    secretView.id = secretResponse.id;
    secretView.organizationId = secretResponse.organizationId;
    secretView.creationDate = secretResponse.creationDate;
    secretView.revisionDate = secretResponse.revisionDate;

    const [name, value, note] = await Promise.all([
      this.encryptService.decryptToUtf8(new EncString(secretResponse.name), orgKey),
      this.encryptService.decryptToUtf8(new EncString(secretResponse.value), orgKey),
      this.encryptService.decryptToUtf8(new EncString(secretResponse.note), orgKey),
    ]);
    secretView.name = name;
    secretView.value = value;
    secretView.note = note;

    return secretView;
  }

  private async createSecretsListView(
    organizationId: string,
    secrets: SecretWithProjectsListResponse
  ): Promise<SecretListView[]> {
    const orgKey = await this.getOrganizationKey(organizationId);

    const projectsMappedToSecretsView = this.decryptProjectsMappedToSecrets(
      orgKey,
      secrets.projects
    );

    return await Promise.all(
      secrets.secrets.map(async (s: SecretListItemResponse) => {
        const secretListView = new SecretListView();
        secretListView.id = s.id;
        secretListView.organizationId = s.organizationId;
        secretListView.name = await this.encryptService.decryptToUtf8(
          new EncString(s.name),
          orgKey
        );
        secretListView.creationDate = s.creationDate;
        secretListView.revisionDate = s.revisionDate;
        secretListView.projects = (await projectsMappedToSecretsView).filter((p) =>
          s.projects.includes(p.id)
        );
        return secretListView;
      })
    );
  }

  private async decryptProjectsMappedToSecrets(
    orgKey: SymmetricCryptoKey,
    projects: SecretProjectResponse[]
  ): Promise<SecretProjectView[]> {
    return await Promise.all(
      projects.map(async (s: SecretProjectResponse) => {
        const projectsMappedToSecretView = new SecretProjectView();
        projectsMappedToSecretView.id = s.id;
        projectsMappedToSecretView.name = await this.encryptService.decryptToUtf8(
          new EncString(s.name),
          orgKey
        );
        return projectsMappedToSecretView;
      })
    );
  }
}
SM-310 [] Secrets (#3355) * [SM-63] Secrets List overview (#3239) The purpose of this PR is to create a new component for the Secrets Manager project where all the secrets associated to a specific organization ID can be viewed. * [SM-63] Secrets List overview (#3239) The purpose of this PR is to create a new component for the Secrets Manager project where all the secrets associated to a specific organization ID can be viewed. * [SM-63] Display dates based off Figma (#3358) * Display dates based off Figma * Swapping date to medium format * [SM-185] Use feature flags for secrets (#3409) * Fix SM lint errors (#3526) * Fix SM lint errors * Update bitwarden_license/bit-web/src/app/sm/secrets/secrets.component.ts Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-65] Create/Edit Secrets Dialog (#3376) The purpose of this PR is to add a Create/Edit Secrets dialog component. * [SM-198] Empty Secrets View (#3585) * SM-198 Empty Secrets View * [SM-64] Soft delete secrets (#3549) * Soft delete secrets * SM-95-ProjectList (#3508) * Adding project list and creating a shared module for secrets * updates to style , temporarily using secrets results until API portion is completed * removing non project related options from the list, updting api call to call projects now * Adding view project option from drop down * Changes requested by Thomas * Changes requested by Thomas * suggested fixes * fixes after merge from master * Adding decrypting to project list * Update bitwarden_license/bit-web/src/app/sm/shared/sm-shared.module.ts Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update bitwarden_license/bit-web/src/app/sm/projects/project.service.ts Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Update bitwarden_license/bit-web/src/app/sm/projects/project.service.ts Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * fix to projectRequest so name is type EncString instead of string * lint + prettier fixes * Oscar's suggestions - Removing this. from projectList * updating to use bitIconButton * Updating to use BitIconButton Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Fix double edit secret dialog (#3645) * Fix typescript errors on secrets init (#3649) * Resolve breaking changes * Remove unecessary class * SM-198 Update empty list text. (#3652) * [SM-267] Minor visual fixes (#3673) * SM-96: Add/Edit Project for SM (#3616) * SM-96: Initial add for Add/Edit project * Update secrets.module.ts * Small fixes based on PR comments * SM-96: Small fixes + fix new project creation * Fully fix create / edit project * SM-96: Update toast text * Remove message with exclamation * SM-96: Fix broken build * SM-96: Remove disabled on save buttons for SM dialogs & switch to early exits * SM-96: Run linter * [SM-186] Service Accounts - Overview (#3653) * SM-186 Service Accounts Overview * Remove duplicate titles (#3659) * [SM-187] Create Service Account Dialog (#3710) * SM-187 Create Service Account Dialog * Fix renamed paths * SM Modal Updates (#3776) * Add type=button to cancel button on sm dialogs * Update new secret/project modal titles to match design * Add loading spinner for project and secret edit modals * Add max length to project name * Use Tailwind CSS class instead of custom and remove click handler * Fix spinner * Add buttonType=primary to project dialog save button * Fix loading change for secret dialog and use tw-text-center Co-authored-by: Hinton <hinton@users.noreply.github.com> * [SM-113] Delete Projects Dialog (#3777) * SM-113 Add Delete Projects Dialog * [SM-306] Migrate secrets dialog to async form (#3849) * [SM-310] Prepare secrets manager for merge to master (#3885) * Remove Built In Validator on Project Delete (#3909) Handle all Project Delete validation through custom validator * [SM-312] Mark all inputs as touched when submitting (#3920) * Use new icon for no item (#3917) * Create navigation component (#3881) * [SM-150] Project / Secret mapping (#3912) * wip * removing added file * updates * handling projects and secrets mapping in UI * moving files and fixing errors * Update bitwarden_license/bit-web/src/app/secrets-manager/secrets/secrets-list.component.html Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * Decrypt the name * fixing the secrets-list.component bug * renaming file and view name * lint fixes * removing secret with projects list response, and other misc name changes * Adding back things I shouldnt have deleted * Update bitwarden_license/bit-web/src/app/secrets-manager/secrets/responses/secret-with-projects-list.response.ts Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * updating button (#3779) * [SM-300] Access Tokens (#3955) * [SM-301] fix: associate labels with inputs (#4058) * fix: wrap input in label * fix: update all label in projects and service accounts * [SM-196] Create Access Token Dialog (#4095) * Add create access token dialog * Use ServiceAccountView for access token creation * Set version to readonly for access token * DRY up Expiration Date & bug fix * Break out expiration options component * Move expiration-options to layout; Match FIGMA * Create Generic Key generator * Add getByServiceAccountId * Change to use keyMaterial and not the full key * Use access token id, not service account * Remove generic key generator * Swap to service account name placeholder * Swap ExpirationOptions to a CVA * No longer masking according to FIGMA * Remove schema comment * Code review updates * Update required logic and approach * Move ExpirationOptionsComponent into access Co-authored-by: Hinton <hinton@users.noreply.github.com> * SM-99: Individual Project / Secrets Tab (#4011) Co-authored-by: Hinton <hinton@users.noreply.github.com> * Fixes for the demo (#4159) * [SM-360] Add support for never expiring access tokens (#4150) * Add support for never expiring access tokens * Render performance fixes * Update bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/dialogs/expiration-options.component.ts Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> Co-authored-by: Oscar Hinton <Hinton@users.noreply.github.com> * [SM-360] Fix access token display dialog for never expiring tokens (#4164) * Fix access token display dialog * Add disableClose to access token display dialog * [SM-299] Add license checks (#4078) * [SM-69] feature: create org-switcher, bit-nav-item, bit-nav-group, bit-nav-divider (#4073) * feat: create nav-item, nav-group, org-switcher * add tree variant; add stories; move to component library * render button if no link is present * fix routerLinkActive; add template comments; fix styles * update storybook stories * rename to route * a11y fixes * update stories * simplify tree nesting * rename nav-base component * add divider; finish org-switcher; add overview page skeleton * add nav-divider story * code review * rename components to CL naming scheme * fix iconButton focus color * apply code review changes * fix strict template route param * add ariaLabel input; update org-switcher a11y * add two way binding for nav-group open state; update stories * add toggle control to org-switcher * [SM-310] Disable Secrets Manager in QA (#4199) Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> Co-authored-by: Thomas Avery <tavery@bitwarden.com> Co-authored-by: CarleyDiaz-Bitwarden <103955722+CarleyDiaz-Bitwarden@users.noreply.github.com> Co-authored-by: cd-bitwarden <106776772+cd-bitwarden@users.noreply.github.com> Co-authored-by: Colton Hurst <colton@coltonhurst.com> Co-authored-by: Will Martin <contact@willmartian.com> 2022-12-09 11:21:07 +01:00			`import { Injectable } from "@angular/core";`
			`import { Subject } from "rxjs";`

			`import { ApiService } from "@bitwarden/common/abstractions/api.service";`
			`import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";`
			`import { EncryptService } from "@bitwarden/common/abstractions/encrypt.service";`
			`import { EncString } from "@bitwarden/common/models/domain/enc-string";`
			`import { SymmetricCryptoKey } from "@bitwarden/common/models/domain/symmetric-crypto-key";`

			`import { SecretListView } from "../models/view/secret-list.view";`
			`import { SecretProjectView } from "../models/view/secret-project.view";`
			`import { SecretView } from "../models/view/secret.view";`

			`import { SecretRequest } from "./requests/secret.request";`
			`import { SecretListItemResponse } from "./responses/secret-list-item.response";`
			`import { SecretProjectResponse } from "./responses/secret-project.response";`
			`import { SecretWithProjectsListResponse } from "./responses/secret-with-projects-list.response";`
			`import { SecretResponse } from "./responses/secret.response";`

			`@Injectable({`
			`providedIn: "root",`
			`})`
			`export class SecretService {`
			`protected _secret: Subject<SecretView> = new Subject();`

			`secret$ = this._secret.asObservable();`

			`constructor(`
			`private cryptoService: CryptoService,`
			`private apiService: ApiService,`
			`private encryptService: EncryptService`
			`) {}`

			`async getBySecretId(secretId: string): Promise<SecretView> {`
			`const r = await this.apiService.send("GET", "/secrets/" + secretId, null, true, true);`
			`const secretResponse = new SecretResponse(r);`
			`return await this.createSecretView(secretResponse);`
			`}`

			`async getSecrets(organizationId: string): Promise<SecretListView[]> {`
			`const r = await this.apiService.send(`
			`"GET",`
			`"/organizations/" + organizationId + "/secrets",`
			`null,`
			`true,`
			`true`
			`);`

			`const results = new SecretWithProjectsListResponse(r);`
			`return await this.createSecretsListView(organizationId, results);`
			`}`

			`async getSecretsByProject(organizationId: string, projectId: string): Promise<SecretListView[]> {`
			`const r = await this.apiService.send(`
			`"GET",`
			`"/projects/" + projectId + "/secrets",`
			`null,`
			`true,`
			`true`
			`);`

			`const results = new SecretWithProjectsListResponse(r);`
			`return await this.createSecretsListView(organizationId, results);`
			`}`

			`async create(organizationId: string, secretView: SecretView, projectId?: string) {`
			`const request = await this.getSecretRequest(organizationId, secretView, projectId);`
			`const r = await this.apiService.send(`
			`"POST",`
			`"/organizations/" + organizationId + "/secrets",`
			`request,`
			`true,`
			`true`
			`);`
			`this._secret.next(await this.createSecretView(new SecretResponse(r)));`
			`}`

			`async update(organizationId: string, secretView: SecretView) {`
			`const request = await this.getSecretRequest(organizationId, secretView);`
			`const r = await this.apiService.send("PUT", "/secrets/" + secretView.id, request, true, true);`
			`this._secret.next(await this.createSecretView(new SecretResponse(r)));`
			`}`

			`async delete(secretIds: string[]) {`
			`const r = await this.apiService.send("POST", "/secrets/delete", secretIds, true, true);`

			`const responseErrors: string[] = [];`
			`r.data.forEach((element: { error: string }) => {`
			`if (element.error) {`
			`responseErrors.push(element.error);`
			`}`
			`});`

			`// TODO waiting to hear back on how to display multiple errors.`
			`// for now send as a list of strings to be displayed in toast.`
			`if (responseErrors?.length >= 1) {`
			`throw new Error(responseErrors.join(","));`
			`}`

			`this._secret.next(null);`
			`}`

			`private async getOrganizationKey(organizationId: string): Promise<SymmetricCryptoKey> {`
			`return await this.cryptoService.getOrgKey(organizationId);`
			`}`

			`private async getSecretRequest(`
			`organizationId: string,`
			`secretView: SecretView,`
			`projectId?: string`
			`): Promise<SecretRequest> {`
			`const orgKey = await this.getOrganizationKey(organizationId);`
			`const request = new SecretRequest();`
			`const [key, value, note] = await Promise.all([`
			`this.encryptService.encrypt(secretView.name, orgKey),`
			`this.encryptService.encrypt(secretView.value, orgKey),`
			`this.encryptService.encrypt(secretView.note, orgKey),`
			`]);`
			`request.key = key.encryptedString;`
			`request.value = value.encryptedString;`
			`request.note = note.encryptedString;`
			`request.projectId = projectId;`
			`return request;`
			`}`

			`private async createSecretView(secretResponse: SecretResponse): Promise<SecretView> {`
			`const orgKey = await this.getOrganizationKey(secretResponse.organizationId);`

			`const secretView = new SecretView();`
			`secretView.id = secretResponse.id;`
			`secretView.organizationId = secretResponse.organizationId;`
			`secretView.creationDate = secretResponse.creationDate;`
			`secretView.revisionDate = secretResponse.revisionDate;`

			`const [name, value, note] = await Promise.all([`
			`this.encryptService.decryptToUtf8(new EncString(secretResponse.name), orgKey),`
			`this.encryptService.decryptToUtf8(new EncString(secretResponse.value), orgKey),`
			`this.encryptService.decryptToUtf8(new EncString(secretResponse.note), orgKey),`
			`]);`
			`secretView.name = name;`
			`secretView.value = value;`
			`secretView.note = note;`

			`return secretView;`
			`}`

			`private async createSecretsListView(`
			`organizationId: string,`
			`secrets: SecretWithProjectsListResponse`
			`): Promise<SecretListView[]> {`
			`const orgKey = await this.getOrganizationKey(organizationId);`

			`const projectsMappedToSecretsView = this.decryptProjectsMappedToSecrets(`
			`orgKey,`
			`secrets.projects`
			`);`

			`return await Promise.all(`
			`secrets.secrets.map(async (s: SecretListItemResponse) => {`
			`const secretListView = new SecretListView();`
			`secretListView.id = s.id;`
			`secretListView.organizationId = s.organizationId;`
			`secretListView.name = await this.encryptService.decryptToUtf8(`
			`new EncString(s.name),`
			`orgKey`
			`);`
			`secretListView.creationDate = s.creationDate;`
			`secretListView.revisionDate = s.revisionDate;`
			`secretListView.projects = (await projectsMappedToSecretsView).filter((p) =>`
			`s.projects.includes(p.id)`
			`);`
			`return secretListView;`
			`})`
			`);`
			`}`

			`private async decryptProjectsMappedToSecrets(`
			`orgKey: SymmetricCryptoKey,`
			`projects: SecretProjectResponse[]`
			`): Promise<SecretProjectView[]> {`
			`return await Promise.all(`
			`projects.map(async (s: SecretProjectResponse) => {`
			`const projectsMappedToSecretView = new SecretProjectView();`
			`projectsMappedToSecretView.id = s.id;`
			`projectsMappedToSecretView.name = await this.encryptService.decryptToUtf8(`
			`new EncString(s.name),`
			`orgKey`
			`);`
			`return projectsMappedToSecretView;`
			`})`
			`);`
			`}`
			`}`