bitwarden-estensione-browser/apps/web/src/app/reports/weak-passwords-report.compo...

import { Component, OnInit } from "@angular/core";

import { ModalService } from "@bitwarden/angular/services/modal.service";
import { CipherService } from "@bitwarden/common/abstractions/cipher.service";
import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";
import { PasswordGenerationService } from "@bitwarden/common/abstractions/passwordGeneration.service";
import { PasswordRepromptService } from "@bitwarden/common/abstractions/passwordReprompt.service";
import { StateService } from "@bitwarden/common/abstractions/state.service";
import { CipherType } from "@bitwarden/common/enums/cipherType";
import { CipherView } from "@bitwarden/common/models/view/cipherView";

import { CipherReportComponent } from "./cipher-report.component";

@Component({
  selector: "app-weak-passwords-report",
  templateUrl: "weak-passwords-report.component.html",
})
export class WeakPasswordsReportComponent extends CipherReportComponent implements OnInit {
  passwordStrengthMap = new Map<string, [string, string]>();

  private passwordStrengthCache = new Map<string, number>();

  constructor(
    protected cipherService: CipherService,
    protected passwordGenerationService: PasswordGenerationService,
    modalService: ModalService,
    messagingService: MessagingService,
    stateService: StateService,
    passwordRepromptService: PasswordRepromptService
  ) {
    super(modalService, messagingService, true, stateService, passwordRepromptService);
  }

  async ngOnInit() {
    if (await this.checkAccess()) {
      await super.load();
    }
  }

  async setCiphers() {
    const allCiphers = await this.getAllCiphers();
    const weakPasswordCiphers: CipherView[] = [];
    const isUserNameNotEmpty = (c: CipherView): boolean => {
      return c.login.username != null && c.login.username.trim() !== "";
    };
    const getCacheKey = (c: CipherView): string => {
      return c.login.password + "_____" + (isUserNameNotEmpty(c) ? c.login.username : "");
    };

    allCiphers.forEach((c) => {
      if (
        c.type !== CipherType.Login ||
        c.login.password == null ||
        c.login.password === "" ||
        c.isDeleted
      ) {
        return;
      }
      const hasUserName = isUserNameNotEmpty(c);
      const cacheKey = getCacheKey(c);
      if (!this.passwordStrengthCache.has(cacheKey)) {
        let userInput: string[] = [];
        if (hasUserName) {
          const atPosition = c.login.username.indexOf("@");
          if (atPosition > -1) {
            userInput = userInput
              .concat(
                c.login.username
                  .substr(0, atPosition)
                  .trim()
                  .toLowerCase()
                  .split(/[^A-Za-z0-9]/)
              )
              .filter((i) => i.length >= 3);
          } else {
            userInput = c.login.username
              .trim()
              .toLowerCase()
              .split(/[^A-Za-z0-9]/)
              .filter((i) => i.length >= 3);
          }
        }
        const result = this.passwordGenerationService.passwordStrength(
          c.login.password,
          userInput.length > 0 ? userInput : null
        );
        this.passwordStrengthCache.set(cacheKey, result.score);
      }
      const score = this.passwordStrengthCache.get(cacheKey);
      if (score != null && score <= 2) {
        this.passwordStrengthMap.set(c.id, this.scoreKey(score));
        weakPasswordCiphers.push(c);
      }
    });
    weakPasswordCiphers.sort((a, b) => {
      return (
        this.passwordStrengthCache.get(getCacheKey(a)) -
        this.passwordStrengthCache.get(getCacheKey(b))
      );
    });
    this.ciphers = weakPasswordCiphers;
  }

  protected getAllCiphers(): Promise<CipherView[]> {
    return this.cipherService.getAllDecrypted();
  }

  protected canManageCipher(c: CipherView): boolean {
    // this will only ever be false from the org view;
    return true;
  }

  private scoreKey(score: number): [string, string] {
    switch (score) {
      case 4:
        return ["strong", "success"];
      case 3:
        return ["good", "primary"];
      case 2:
        return ["weak", "warning"];
      default:
        return ["veryWeak", "danger"];
    }
  }
}
weak passwords report 2018-12-11 23:49:51 +01:00			`import { Component, OnInit } from "@angular/core";`

Use NPM workspace (#2874) 2022-06-14 17:10:53 +02:00			`import { ModalService } from "@bitwarden/angular/services/modal.service";`
			`import { CipherService } from "@bitwarden/common/abstractions/cipher.service";`
			`import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";`
			`import { PasswordGenerationService } from "@bitwarden/common/abstractions/passwordGeneration.service";`
			`import { PasswordRepromptService } from "@bitwarden/common/abstractions/passwordReprompt.service";`
			`import { StateService } from "@bitwarden/common/abstractions/state.service";`
			`import { CipherType } from "@bitwarden/common/enums/cipherType";`
			`import { CipherView } from "@bitwarden/common/models/view/cipherView";`
weak passwords report 2018-12-11 23:49:51 +01:00
base cipher report component class 2018-12-12 15:11:10 +01:00			`import { CipherReportComponent } from "./cipher-report.component";`
weak passwords report 2018-12-11 23:49:51 +01:00
			`@Component({`
			`selector: "app-weak-passwords-report",`
			`templateUrl: "weak-passwords-report.component.html",`
			`})`
base cipher report component class 2018-12-12 15:11:10 +01:00			`export class WeakPasswordsReportComponent extends CipherReportComponent implements OnInit {`
weak passwords report 2018-12-11 23:49:51 +01:00			`passwordStrengthMap = new Map<string, [string, string]>();`
Sort weak passwords by severity (#446) * Sort weak passwords by weakness * Move static methods into local const 2021-04-06 00:23:48 +02:00
weak passwords report 2018-12-11 23:49:51 +01:00			`private passwordStrengthCache = new Map<string, number>();`

use cache instead of async 2018-12-12 17:22:11 +01:00			`constructor(`
			`protected cipherService: CipherService,`
			`protected passwordGenerationService: PasswordGenerationService,`
[Account Switching] [Refactor] Implement new account centric services (#1220) * [chore] updated services.module to use account services * [refactor] sorted services provided by services.module * [chore] removed references to deleted jslib services * [chore] used activeAccount over storageService for account level storage items * [chore] resolved linter warnings * Refactor activeAccountService to stateService * [bug] Remove uneeded calls to state service on logout This was causing console erros on logout. Clearing of data is handled fully in dedicated services, clearing them in state afterwards is essentially a redundant call. * [bug] Add back null locked callback to VaultTimeoutService * Move call to get showUpdateKey * [bug] Ensure HtmlStorageService does not override StateService options and locations * [bug] Adjust theme logic to pull from the new storage locations * [bug] Correct theme not sticking on refresh * [bug] Add enableFullWidth to the account model * [bug] fix theme option empty when light is selected * [bug] init state on application start * [bug] Reinit state when coming back from a lock * [style] Fix lint complaints * [bug] Clean state on logout * [chore] Resolved merge issues * [bug] Correct default for enableGravitars * Bump angular to 12. * Remove angular.json * Bump rxjs * Fix build errors, remove file-loader with asset/resource * Use contenthash * Bump jslib * Bump ngx-toastr * [chore] resolve issues from merge * [chore] resolve issues from merge * [bug] Add missing bracket * Use newer import syntax * [bug] Correct service orge * [style] Fix lint complaints * [chore] update jslib * [review] Address code review * [review] Address code review * [review] Rename providerService to webProviderService Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com> Co-authored-by: Hinton <oscar@oscarhinton.com> 2021-12-14 17:10:26 +01:00			`modalService: ModalService,`
use cache instead of async 2018-12-12 17:22:11 +01:00			`messagingService: MessagingService,`
[Account Switching] [Refactor] Implement new account centric services (#1220) * [chore] updated services.module to use account services * [refactor] sorted services provided by services.module * [chore] removed references to deleted jslib services * [chore] used activeAccount over storageService for account level storage items * [chore] resolved linter warnings * Refactor activeAccountService to stateService * [bug] Remove uneeded calls to state service on logout This was causing console erros on logout. Clearing of data is handled fully in dedicated services, clearing them in state afterwards is essentially a redundant call. * [bug] Add back null locked callback to VaultTimeoutService * Move call to get showUpdateKey * [bug] Ensure HtmlStorageService does not override StateService options and locations * [bug] Adjust theme logic to pull from the new storage locations * [bug] Correct theme not sticking on refresh * [bug] Add enableFullWidth to the account model * [bug] fix theme option empty when light is selected * [bug] init state on application start * [bug] Reinit state when coming back from a lock * [style] Fix lint complaints * [bug] Clean state on logout * [chore] Resolved merge issues * [bug] Correct default for enableGravitars * Bump angular to 12. * Remove angular.json * Bump rxjs * Fix build errors, remove file-loader with asset/resource * Use contenthash * Bump jslib * Bump ngx-toastr * [chore] resolve issues from merge * [chore] resolve issues from merge * [bug] Add missing bracket * Use newer import syntax * [bug] Correct service orge * [style] Fix lint complaints * [chore] update jslib * [review] Address code review * [review] Address code review * [review] Rename providerService to webProviderService Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com> Co-authored-by: Hinton <oscar@oscarhinton.com> 2021-12-14 17:10:26 +01:00			`stateService: StateService,`
use cache instead of async 2018-12-12 17:22:11 +01:00			`passwordRepromptService: PasswordRepromptService`
Apply Prettier (#1347) 2021-12-17 15:57:11 +01:00			`) {`
use cache instead of async 2018-12-12 17:22:11 +01:00			`super(modalService, messagingService, true, stateService, passwordRepromptService);`
Apply Prettier (#1347) 2021-12-17 15:57:11 +01:00			`}`
use cache instead of async 2018-12-12 17:22:11 +01:00
add more org reports 2018-12-14 20:42:04 +01:00			`async ngOnInit() {`
[Account Switching] [Refactor] Implement new account centric services (#1220) * [chore] updated services.module to use account services * [refactor] sorted services provided by services.module * [chore] removed references to deleted jslib services * [chore] used activeAccount over storageService for account level storage items * [chore] resolved linter warnings * Refactor activeAccountService to stateService * [bug] Remove uneeded calls to state service on logout This was causing console erros on logout. Clearing of data is handled fully in dedicated services, clearing them in state afterwards is essentially a redundant call. * [bug] Add back null locked callback to VaultTimeoutService * Move call to get showUpdateKey * [bug] Ensure HtmlStorageService does not override StateService options and locations * [bug] Adjust theme logic to pull from the new storage locations * [bug] Correct theme not sticking on refresh * [bug] Add enableFullWidth to the account model * [bug] fix theme option empty when light is selected * [bug] init state on application start * [bug] Reinit state when coming back from a lock * [style] Fix lint complaints * [bug] Clean state on logout * [chore] Resolved merge issues * [bug] Correct default for enableGravitars * Bump angular to 12. * Remove angular.json * Bump rxjs * Fix build errors, remove file-loader with asset/resource * Use contenthash * Bump jslib * Bump ngx-toastr * [chore] resolve issues from merge * [chore] resolve issues from merge * [bug] Add missing bracket * Use newer import syntax * [bug] Correct service orge * [style] Fix lint complaints * [chore] update jslib * [review] Address code review * [review] Address code review * [review] Rename providerService to webProviderService Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com> Co-authored-by: Hinton <oscar@oscarhinton.com> 2021-12-14 17:10:26 +01:00			`if (await this.checkAccess()) {`
			`await super.load();`
base cipher report component class 2018-12-12 15:11:10 +01:00			`}`
Apply Prettier (#1347) 2021-12-17 15:57:11 +01:00			`}`
weak passwords report 2018-12-11 23:49:51 +01:00
premium checks on reports 2018-12-12 15:29:51 +01:00			`async setCiphers() {`
exposed passwords report for orgs 2018-12-14 19:56:01 +01:00			`const allCiphers = await this.getAllCiphers();`
			`const weakPasswordCiphers: CipherView[] = [];`
			`const isUserNameNotEmpty = (c: CipherView): boolean => {`
premium checks on reports 2018-12-12 15:29:51 +01:00			`return c.login.username != null && c.login.username.trim() !== "";`
Apply Prettier (#1347) 2021-12-17 15:57:11 +01:00			`};`
premium checks on reports 2018-12-12 15:29:51 +01:00			`const getCacheKey = (c: CipherView): string => {`
			`return c.login.password + "_____" + (isUserNameNotEmpty(c) ? c.login.username : "");`
weak passwords report 2018-12-11 23:49:51 +01:00			`};`

Fix glob processing in npm. Ban single param parens (#818) 2021-02-03 18:41:33 +01:00			`allCiphers.forEach((c) => {`
Exclude deleted items from any/all reports (#700) 2020-11-24 18:36:40 +01:00			`if (`
			`c.type !== CipherType.Login \|\|`
			`c.login.password == null \|\|`
			`c.login.password === "" \|\|`
			`c.isDeleted`
			`) {`
weak passwords report 2018-12-11 23:49:51 +01:00			`return;`
			`}`
Sort weak passwords by severity (#446) * Sort weak passwords by weakness * Move static methods into local const 2021-04-06 00:23:48 +02:00			`const hasUserName = isUserNameNotEmpty(c);`
			`const cacheKey = getCacheKey(c);`
userInputs for strength check based on username 2018-12-13 01:37:27 +01:00			`if (!this.passwordStrengthCache.has(cacheKey)) {`
			`let userInput: string[] = [];`
Sort weak passwords by severity (#446) * Sort weak passwords by weakness * Move static methods into local const 2021-04-06 00:23:48 +02:00			`if (hasUserName) {`
userInputs for strength check based on username 2018-12-13 01:37:27 +01:00			`const atPosition = c.login.username.indexOf("@");`
			`if (atPosition > -1) {`
			`userInput = userInput`
			`.concat(`
			`c.login.username`
			`.substr(0, atPosition)`
			`.trim()`
			`.toLowerCase()`
			`.split(/[^A-Za-z0-9]/)`
Apply Prettier (#1347) 2021-12-17 15:57:11 +01:00			`)`
Fix glob processing in npm. Ban single param parens (#818) 2021-02-03 18:41:33 +01:00			`.filter((i) => i.length >= 3);`
userInputs for strength check based on username 2018-12-13 01:37:27 +01:00			`} else {`
			`userInput = c.login.username`
			`.trim()`
			`.toLowerCase()`
			`.split(/[^A-Za-z0-9]/)`
Fix glob processing in npm. Ban single param parens (#818) 2021-02-03 18:41:33 +01:00			`.filter((i) => i.length >= 3);`
Apply Prettier (#1347) 2021-12-17 15:57:11 +01:00			`}`
userInputs for strength check based on username 2018-12-13 01:37:27 +01:00			`}`
			`const result = this.passwordGenerationService.passwordStrength(`
			`c.login.password,`
			`userInput.length > 0 ? userInput : null`
			`);`
			`this.passwordStrengthCache.set(cacheKey, result.score);`
use cache instead of async 2018-12-12 17:22:11 +01:00			`}`
userInputs for strength check based on username 2018-12-13 01:37:27 +01:00			`const score = this.passwordStrengthCache.get(cacheKey);`
Stop showing score 3 passwords as weak passwords (#445) 2020-01-27 14:30:19 +01:00			`if (score != null && score <= 2) {`
use cache instead of async 2018-12-12 17:22:11 +01:00			`this.passwordStrengthMap.set(c.id, this.scoreKey(score));`
			`weakPasswordCiphers.push(c);`
			`}`
weak passwords report 2018-12-11 23:49:51 +01:00			`});`
Sort weak passwords by severity (#446) * Sort weak passwords by weakness * Move static methods into local const 2021-04-06 00:23:48 +02:00			`weakPasswordCiphers.sort((a, b) => {`
			`return (`
			`this.passwordStrengthCache.get(getCacheKey(a)) -`
			`this.passwordStrengthCache.get(getCacheKey(b))`
			`);`
			`});`
weak passwords report 2018-12-11 23:49:51 +01:00			`this.ciphers = weakPasswordCiphers;`
			`}`

add more org reports 2018-12-14 20:42:04 +01:00			`protected getAllCiphers(): Promise<CipherView[]> {`
			`return this.cipherService.getAllDecrypted();`
			`}`

Implemented Custom role and permissions (#750) * Implemented Custom role and permissions * converted Permissions interface into a class * fixed a merge issue * updated jslib * code review cleanup for Permissions * trailing commas 2021-01-12 21:31:22 +01:00			`protected canManageCipher(c: CipherView): boolean {`
			`// this will only ever be false from the org view;`
			`return true;`
			`}`

weak passwords report 2018-12-11 23:49:51 +01:00			`private scoreKey(score: number): [string, string] {`
			`switch (score) {`
			`case 4:`
			`return ["strong", "success"];`
			`case 3:`
			`return ["good", "primary"];`
			`case 2:`
			`return ["weak", "warning"];`
			`default:`
			`return ["veryWeak", "danger"];`
			`}`
Apply Prettier (#1347) 2021-12-17 15:57:11 +01:00			`}`
weak passwords report 2018-12-11 23:49:51 +01:00			`}`