diff --git a/src/app/accounts/accountsLoginController.js b/src/app/accounts/accountsLoginController.js index 8f280ede41..d99c2ee6ff 100644 --- a/src/app/accounts/accountsLoginController.js +++ b/src/app/accounts/accountsLoginController.js @@ -2,9 +2,10 @@ angular .module('bit.accounts') .controller('accountsLoginController', function ($scope, $rootScope, $cookies, apiService, cryptoService, authService, - $state, constants, $analytics, $uibModal, $timeout, $window) { + $state, constants, $analytics, $uibModal, $timeout, $window, $filter) { $scope.state = $state; $scope.twoFactorProviderConstants = constants.twoFactorProvider; + $scope.rememberTwoFactor = { checked: false }; var returnState; if (!$state.params.returnState && $state.params.org) { @@ -52,7 +53,7 @@ angular _email = model.email; _masterPassword = model.masterPassword; $scope.twoFactorProviders = twoFactorProviders; - $scope.twoFactorProvider = parseInt(Object.keys(twoFactorProviders)[0]); + $scope.twoFactorProvider = getDefaultProvider(twoFactorProviders); $analytics.eventTrack('Logged In To Two-step'); $state.go('frontend.login.twoFactor', { returnState: returnState }).then(function () { @@ -66,11 +67,27 @@ angular $analytics.eventTrack('Logged In'); loggedInGo(); } + + model.masterPassword = ''; }); }; + function getDefaultProvider(twoFactorProviders) { + var keys = Object.keys(twoFactorProviders); + var providerType = null; + var providerPriority = -1; + for (var i = 0; i < keys.length; i++) { + var provider = $filter('filter')(constants.twoFactorProviderInfo, { type: keys[i], active: true }); + if (provider.length && provider[0].priority > providerPriority) { + providerType = provider[0].type; + } + } + return parseInt(providerType); + } + $scope.twoFactor = function (token) { - $scope.twoFactorPromise = authService.logIn(_email, _masterPassword, token, $scope.twoFactorProvider, true); + $scope.twoFactorPromise = authService.logIn(_email, _masterPassword, token, $scope.twoFactorProvider, + $scope.rememberTwoFactor.checked || false); $scope.twoFactorPromise.then(function () { $analytics.eventTrack('Logged In From Two-step'); @@ -110,7 +127,7 @@ angular if ($scope.twoFactorProvider === constants.twoFactorProvider.duo) { var params = $scope.twoFactorProviders[constants.twoFactorProvider.duo]; - Duo.init({ + $window.Duo.init({ host: params.Host, sig_request: params.Signature, submit_callback: function (theForm) { @@ -122,18 +139,36 @@ angular else if ($scope.twoFactorProvider === constants.twoFactorProvider.u2f) { var params = $scope.twoFactorProviders[constants.twoFactorProvider.u2f]; var challenges = JSON.parse(params.Challenges); - if (challenges.length < 1) { + + initU2f(challenges); + } + } + + function initU2f(challenges) { + if (challenges.length < 1 || $scope.twoFactorProvider !== constants.twoFactorProvider.u2f) { + return; + } + + console.log('listening for u2f key...'); + + $window.u2f.sign(challenges[0].appId, challenges[0].challenge, [{ + version: challenges[0].version, + keyHandle: challenges[0].keyHandle + }], function (data) { + if ($scope.twoFactorProvider !== constants.twoFactorProvider.u2f) { return; } - $window.u2f.sign(challenges[0].appId, challenges[0].challenge, [{ - version: challenges[0].version, - keyHandle: challenges[0].keyHandle - }], function (data) { - console.log('call back data:'); - console.log(data); - $scope.twoFactor(JSON.stringify(data)); - }); - } + if (data.errorCode) { + console.log(data.errorCode); + + if (data.errorCode === 5) { + initU2f(challenges); + } + + return; + } + $scope.twoFactor(JSON.stringify(data)); + }, 5); } }); diff --git a/src/app/accounts/views/accountsLoginTwoFactor.html b/src/app/accounts/views/accountsLoginTwoFactor.html index b5bd7a402a..8d46526ac8 100644 --- a/src/app/accounts/views/accountsLoginTwoFactor.html +++ b/src/app/accounts/views/accountsLoginTwoFactor.html @@ -21,7 +21,11 @@
- Use another method? +
+ +
- Use another method? +
+ +
- + + Logging in... +
@@ -89,25 +105,42 @@
-
+

Errors have occurred

  • {{e}}
-

Press the button on your security key to continue.

+

Insert your Security Key into your computer's USB port. If it has a button, tap it.

+

+ +

- Use another method? +
+ +
- + + Logging in... +
+ +
+ \ No newline at end of file diff --git a/src/app/accounts/views/accountsTwoFactorMethods.html b/src/app/accounts/views/accountsTwoFactorMethods.html index 6d8f64000f..891adb062e 100644 --- a/src/app/accounts/views/accountsTwoFactorMethods.html +++ b/src/app/accounts/views/accountsTwoFactorMethods.html @@ -3,7 +3,7 @@

Two-step Providers

-
+

{{::provider.name}}

diff --git a/src/app/constants.js b/src/app/constants.js index 50762f3889..b9d6a1d3c0 100644 --- a/src/app/constants.js +++ b/src/app/constants.js @@ -21,11 +21,11 @@ angular.module('bit') confirmed: 2 }, twoFactorProvider: { + u2f: 4, + yubikey: 3, + duo: 2, authenticator: 0, email: 1, - duo: 2, - yubikey: 3, - u2f: 4, remember: 5 }, twoFactorProviderInfo: [ @@ -35,36 +35,51 @@ angular.module('bit') description: 'Use an authenticator app (such as Authy or Google Authenticator) to generate time-based ' + 'verification codes.', enabled: false, + active: true, free: true, - image: 'authapp.png' + image: 'authapp.png', + displayOrder: 0, + priority: 3 }, { type: 3, name: 'YubiKey OTP Security Key', description: 'Use a YubiKey to access your account. Works with YubiKey 4, 4 Nano, 4C, and NEO devices.', enabled: false, - image: 'yubico.png' + active: true, + image: 'yubico.png', + displayOrder: 1, + priority: 1 }, { type: 2, name: 'Duo', description: 'Verify with Duo Security using the Duo Mobile app, SMS, phone call, or U2F security key.', enabled: false, - image: 'duo.png' + active: true, + image: 'duo.png', + displayOrder: 2, + priority: 2 }, { type: 4, name: 'FIDO U2F Security Key', description: 'Use any FIDO U2F enabled security key to access your account.', enabled: false, - image: 'fido.png' + active: true, + image: 'fido.png', + displayOrder: 3, + priority: 0 }, { type: 1, name: 'Email', description: 'Verification codes will be emailed to you.', enabled: false, - image: 'gmail.png' + active: true, + image: 'gmail.png', + displayOrder: 4, + priority: 4 } ], plans: { diff --git a/src/app/settings/settingsSessionsController.js b/src/app/settings/settingsSessionsController.js index d0d3920d34..2db544b214 100644 --- a/src/app/settings/settingsSessionsController.js +++ b/src/app/settings/settingsSessionsController.js @@ -2,21 +2,25 @@ .module('bit.settings') .controller('settingsSessionsController', function ($scope, $state, apiService, $uibModalInstance, cryptoService, - authService, toastr, $analytics) { + authService, tokenService, toastr, $analytics) { $analytics.eventTrack('settingsSessionsController', { category: 'Modal' }); $scope.submit = function (model) { var request = { masterPasswordHash: cryptoService.hashPassword(model.masterPassword) }; - $scope.submitPromise = apiService.accounts.putSecurityStamp(request, function () { - $uibModalInstance.dismiss('cancel'); - authService.logOut(); - $analytics.eventTrack('Deauthorized Sessions'); - $state.go('frontend.login.info').then(function () { - toastr.success('Please log back in.', 'All Sessions Deauthorized'); + $scope.submitPromise = + authService.getUserProfile().then(function (profile) { + apiService.accounts.putSecurityStamp(request, function () { + $uibModalInstance.dismiss('cancel'); + authService.logOut(); + tokenService.clearTwoFactorToken(profile.email); + $analytics.eventTrack('Deauthorized Sessions'); + $state.go('frontend.login.info').then(function () { + toastr.success('Please log back in.', 'All Sessions Deauthorized'); + }); + }).$promise; }); - }).$promise; }; $scope.close = function () { diff --git a/src/app/settings/views/settingsSessions.html b/src/app/settings/views/settingsSessions.html index 0ba175f687..a647fb4626 100644 --- a/src/app/settings/views/settingsSessions.html +++ b/src/app/settings/views/settingsSessions.html @@ -6,10 +6,14 @@

Concerned your account is logged in on another device?

Proceed below to deauthorize all computers or devices that you have previously used.

-

This security step is recommended if you previously used a public PC or accidentally saved your password on a device that isn't yours.

+

+ This security step is recommended if you previously used a public PC or accidentally saved your password + on a device that isn't yours. This step will also clear all previously remembered two-step login sessions. +

Warning

- Proceeding will log you out of your current session as well, requiring you to log back in. + Proceeding will also log you out of your current session, requiring you to log back in. You will also be prompted + for two-step login again, if enabled.

Errors have occurred

diff --git a/src/app/settings/views/settingsTwoStep.html b/src/app/settings/views/settingsTwoStep.html index 6f3bcacc8e..78318063ed 100644 --- a/src/app/settings/views/settingsTwoStep.html +++ b/src/app/settings/views/settingsTwoStep.html @@ -18,7 +18,7 @@
- + diff --git a/src/images/two-factor/u2fkey.jpg b/src/images/two-factor/u2fkey.jpg new file mode 100644 index 0000000000..8013df0e56 Binary files /dev/null and b/src/images/two-factor/u2fkey.jpg differ diff --git a/src/images/two-factor/yubikey.jpg b/src/images/two-factor/yubikey.jpg new file mode 100644 index 0000000000..9ddf755dec Binary files /dev/null and b/src/images/two-factor/yubikey.jpg differ
{{::provider.name}}