devol
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

[PM-4141] Bugfix - Non-Premium accounts can autofill TOTP codes with the autofill keyboard shortcut (#6496) 

* null totp seed from retrieved login cipher for autofill if the account does not have access to premium features

* update tests
This commit is contained in:
Jonathan Prusik 2023-10-18 12:40:50 -04:00 committed by GitHub
parent c145763ded
commit d3cb273256
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
apps/browser/src/autofill/services/autofill.service.spec.ts
View File

@ -519,8 +519,9 @@ describe("AutofillService", () => {
it("returns a TOTP value", async () => {
const totpCode = "123456";
autofillOptions.cipher.login.totp = "totp";
jest.spyOn(stateService, "getDisableAutoTotpCopy").mockResolvedValueOnce(false);
jest.spyOn(totpService, "getCode").mockReturnValueOnce(Promise.resolve(totpCode));
jest.spyOn(stateService, "getCanAccessPremium").mockResolvedValue(true);
jest.spyOn(stateService, "getDisableAutoTotpCopy").mockResolvedValue(false);
jest.spyOn(totpService, "getCode").mockResolvedValue(totpCode);
const autofillResult = await autofillService.doAutoFill(autofillOptions);
@ -529,6 +530,18 @@ describe("AutofillService", () => {
expect(autofillResult).toBe(totpCode);
});
it("does not return a TOTP value if the user does not have premium features", async () => {
autofillOptions.cipher.login.totp = "totp";
jest.spyOn(stateService, "getCanAccessPremium").mockResolvedValue(false);
jest.spyOn(stateService, "getDisableAutoTotpCopy").mockResolvedValue(false);
const autofillResult = await autofillService.doAutoFill(autofillOptions);
expect(stateService.getDisableAutoTotpCopy).not.toHaveBeenCalled();
expect(totpService.getCode).not.toHaveBeenCalled();
expect(autofillResult).toBeNull();
});
it("returns a null value if the cipher type is not for a Login", async () => {
autofillOptions.cipher.type = CipherType.Identity;
autofillOptions.cipher.identity = mock<IdentityView>();
@ -563,11 +576,15 @@ describe("AutofillService", () => {
it("returns a null value if the user has disabled `auto TOTP copy`", async () => {
autofillOptions.cipher.login.totp = "totp";
autofillOptions.cipher.organizationUseTotp = true;
jest.spyOn(stateService, "getCanAccessPremium").mockResolvedValueOnce(true);
jest.spyOn(stateService, "getDisableAutoTotpCopy").mockResolvedValueOnce(true);
jest.spyOn(stateService, "getCanAccessPremium").mockResolvedValue(true);
jest.spyOn(stateService, "getDisableAutoTotpCopy").mockResolvedValue(true);
jest.spyOn(totpService, "getCode");
const autofillResult = await autofillService.doAutoFill(autofillOptions);
expect(stateService.getCanAccessPremium).toHaveBeenCalled();
expect(stateService.getDisableAutoTotpCopy).toHaveBeenCalled();
expect(totpService.getCode).not.toHaveBeenCalled();
expect(autofillResult).toBeNull();
});
});

5
apps/browser/src/autofill/services/autofill.service.ts
View File

@ -153,6 +153,10 @@ export default class AutofillService implements AutofillServiceInterface {
const canAccessPremium = await this.stateService.getCanAccessPremium();
const defaultUriMatch = (await this.stateService.getDefaultUriMatch()) ?? UriMatchType.Domain;
if (!canAccessPremium) {
options.cipher.login.totp = null;
}
let didAutofill = false;
await Promise.all(
options.pageDetails.map(async (pd) => {
@ -203,6 +207,7 @@ export default class AutofillService implements AutofillServiceInterface {
{ frameId: pd.frameId }
);
// Skip getting the TOTP code for clipboard in these cases
if (
options.cipher.type !== CipherType.Login ||
totp !== null ||