Commit Graph

51 Commits

Author SHA1 Message Date
Thomas Rittson 609baece05
Clear stale everBeenUnlocked value from onDisk storage (#682)
* Add StateVersion.Four to remove old everBeenUnlocked key

* Save new state properly

* Add unit tests

* Fix linting
2022-02-14 08:16:07 -05:00
Matt Gibson 7afb748791
Feature/password protected export (#612)
* Add password protected export

* Run prettier

* Test password protected export service

* Create type for known import type strings

* Test import service changes

* Test bitwarden password importer

* Run prettier

* Remove unnecessary class properties

* Run prettier

* Tslint fixes

* Add KdfType to password protected export

* Linter fixes

* run prettier
2022-02-07 09:33:10 -06:00
Thomas Rittson aa2bdd00be
[Tech debt] Refactor authService and remove LogInHelper (#588)
* Use different strategy classes for different types of login
* General refactor and cleanup of auth logic
* Create subclasses for different types of login credentials
* Create subclasses for different types of tokenRequests
* Create TwoFactorService, move code out of authService
* refactor base CLI commands to use new interface
2022-02-01 09:51:32 +10:00
Daniel James Smith 5353cf03b5
BEEEP: Add importer for Keeper in json format (#608)
* Add testdata, create types for keeperjson import

* Create keeperjson importer and tests

* Register, Create instance of keeperjson importer

* Move keeperCsvImporter to keeperImporters folder

* Fixed import of BaseImporter

* Removed unnecessary check for key

* Move instantiation of importer into beforeEach

* Fixed the second import with a wrong path

* Adjust types based on new test export

* Add test case for empty notes and custom fields

* Implement logic for failed test case

* Removed test expectation
2022-01-26 23:04:55 +01:00
Linus Aarnio a8168d6ee7
Fix for issue #1287 in bitwarden/web (#569)
* Format the fieldvalue as a LocaleDateString instead of epoch when importing a date from 1P

This would be better solved by storing it as a date FieldType instead of Text. But since it is unclear when new field types are added, this solution serves as a fix for now and also guides the solution when new fieldtype exists.

* Remove trailing whitespace

* Add tests for custom fields of 1pif imported identity

* Change representation of 1pif imported dates to UTC string

* Changes after running prettier

Co-authored-by: Daniel James Smith <djsmith@web.de>
2021-12-16 18:46:33 +01:00
Oscar Hinton 193434461d
Apply Prettier (#581) 2021-12-16 13:36:21 +01:00
Daniel James Smith 8644d84e68
FSescure-Importer: Add support for style = global (#578)
* Fescure-Importer: Add support for style = global

* Fix linting
2021-12-14 10:22:09 +01:00
Addison Beck f90b3456d5
[Account Switching] [Feature] Allow clients to store data for more than one user (#491)
* [refactor] Extract, rename, and expand StorageServiceOptions

* Pulled StorageServiceOptions into its own file
* Renamed StorageServiceOptions to StorageOptions
* Pulled KeySuffixOpptions into its own file
* Converted KeySuffixOptions into an enum from a union type

* [refactor] Expand StateService into a full coverage storage proxy

* Expand StateService to allow it to manage all data points of the application state regardless of memory.
* Expand StateService to allow for storing and managing multiple accounts

* [refactor] Create helper services for managing organization and provider state data

* [refactor] Implement StateService across service layer

* Remove service level variables used for in memory data storage and replaced with calls to StateService
* Remove direct calls to StorageService in favor of using StateService as a proxy

* [feature] Implement account switching capable services across components and processes

* Replace calls to StorageService and deprecated services with calls to a StateService

* [chore] Remove unused services

Several services are no longer in use because of the expanded state service. These have simply been removed.

* [bug] Add loginRedirect to the account model

* [bug] Add awaits to newly async calls in TokenService

* [bug] Add several missing awaits

* [bug] Add state service handlers for AutoConfirmFingerprint

* [bug] Move TwoFactorToken to global state

* Update unauth-guard.service.ts

Add back return true

* [refactor] Slim down the boilerplate needed to manage options on StateService calls

* [bug] Allow the lock message handler to manipulate a specific acount

* [bug] Add missing await to auth guard

* [bug] Adjust state scope of several biometric data points

* [bug] Ensure vault locking logic can operate over non-active accounts

* [style] Fix lint complaints

* [bug] Move disableFavicon to global state

* [refactor] Remove an unecassary parameter from a StorageOptions instance

* [bug] Ensure HtmlStorageService paths are accounted for in StateService

* [feature] Add a server url helper to the account model for the account switcher

* [refactor] Remove some unused getters from the account model

* [bug] Ensure locking and logging out can function over any user

* Fix account getting set to null in getAccountFromDisk

* [bug] Ensure lock component is always working with the latest active account in state

* [chore] Update recent KeyConnector changes to use stateService

* [style] Fix lint complaints

* [chore] Resolve TokenService merge issues from KeyConnector

* [bug] Add missing service arguement

* [bug] Correct several default storage option types

* [bug] Check for the right key in hasEncKey

* [bug] Add enableFullWidth to the account model

* [style] Fix lint complaints

* [review] Revist remember email

* [refactor] Remove RememberEmail from state

* setDisableFavicon to correct storage location

* [bug] Convert vault lock loop returns into continues to not skip secondary accounts

* [review] Sorted state service methods

* [bug] Correct neverDomains type on the account model

* [review] Rename stateService.purge to stateService.clean

* [review] [refactor] Extract lock refresh logic to a load function

* [review] [refactor] Extract some timeout logic to dedicated functions

* [review] [refactor] Move AuthenticationStatus to a dedicated file

* [review] [refactor] Rename Globals to GlobalState

* [style] Fix lint complaints

* [review] Remove unused global state property for decodedToken

* [review] [bug] Adjust state scope for OrganizationInvitation

* [review] [bug] Put back the homepage variable in lock guard

* [review] Un-try-catch the window creation function

* Revert "[review] [bug] Adjust state scope for OrganizationInvitation"

This reverts commit caa4574a65d9d0c3573a7529ed2221764fd55497.

* [bug] Change || to && in recent vault timeout refactor

* [bug] Keep up with entire state in storage instead of just accounts and globals

Not having access to the last active user was creating issues across clients when restarting the process.
For example: when refreshing the page on web we no longer maintain an understanding of who is logged in.

To resolve this I converted all storage save operations to get and save an entire state object, instead of specifying accounts and globals.
This allows for more flexible saving, like saving activeUserId as a top level storage item.

* [style] Fix lint complaints

* Revert "[bug] Keep up with entire state in storage instead of just accounts and globals"

This reverts commit e8970725be472386358c1e2f06f53663c4979e0e.

* [bug] Initialize GlobalState by default

* [bug] Only get key hash from storage

* [bug] Remove settings storage location overrides

* [bug] Only save accessToken to storage

* [refactor] Remove unecassary argements from electron crypto state calls

* [bug] Ensure keys and tokens load and save to the right locations for web

* [style] Fix lint complaints

* [bug] Remove keySuffix storage option and split uses into unique methods

The keySuffix options don't work with saving serialized json as a storage object - use cases simply overwrite each other in state.
This commit breaks Auto and Biometric keys into distinct storage items and adjusts logic accordingly.

* [bug] Add default vault timeouts to new accounts

* [bug] Save appId as a top level storage item

* [bug] Add missing await to timeout logic

* [bug] Adjust state scope for everBeenUnlocked

* [bug] Clear access tokens when loading account state from disk

* [bug] Adjust theme to be a global state item

* [bug] Adjust null checking for window in state

* [bug] Correct getGlobals not pulling from the stored state item

* [bug] Null check in memory account before claiming it has a userId

* [bug] Scaffold secure storage service when building storage objects on init

* [bug] Adjusted state scope of event collection

* [bug] Adjusted state scope of vault timeout and action

* [bug] Grab account from normal storage if secure storage is requested but does not exist

* [bug] Create a State if one is requested from memory before it exists

* [bug] Ensure all storage locations are cleared on state clean

* [style] Fix lint complaints

* [bug] Remove uneeded clearing of access token

* [bug] Reset tokens when toggling

* [refactor] Split up the Account model

Until this point the account model has been very flat, holding many kinds of data.

In order to be able to prune data at appropriate times, for example clearing keys at logout without clearing QoL settings like locale,
the Account model has been divided into logical chunks.

* [bug] Correct the serverUrl helpers return

* Fix sends always coming back as empty in browser

* Get settings properly (I think)

* [bug] Fix lint error

* [bug] Add missing await to identity token refresh

This was causing weird behavior in web that was creating a lot of 429s

* [bug] Scaffold memory storage for web

Not properly creating storage objects on signin was creating weird behavior when logging out, locking, and logging back in.
Namely, encrypted data that was recently synced had nowhere to save to and was lost.

* [bug] Implement better null handling in a few places for retrieving state

* [bug] Update correct storage locations on account removal

* [bug] Added missing awaits to lock component

* [bug] Reload lock component on account switching vs. account update

* [bug] Store master keys correctly

* [bug] Move some biometrics storage items to global state

* [feature] Add platform helper isMac()

* [refactor] Comment emphasis and call order refresh

* [refactor] Remove unecassary using

* [bug] Relocate authenticationStatus check logic to component

* [bug] Stop not clearing everything on state clean

* [style] Fix lint complaints

* [bug] Correct mismatched uses of encrypted and decrypted pin states

* Add browser specific state classes and methods

* lint fixes

* [bug] Migrate existing persistant data to new schema

* [style] Fix lint complaints

* [bug] Dont clear settings on state clean

* [bug] Maintain the right storage items on logout

* [chore] resolve issues from merge

* [bug] Resolve settings clearing on lock

* [chore] Added a comment

* [review] fromatting for code review

* Revert browser state items

Co-authored-by: Robyn MacCallum <nickersthecat@gmail.com>
Co-authored-by: Robyn MacCallum <robyntmaccallum@gmail.com>
2021-12-13 11:15:16 -05:00
Oscar Hinton f09fb69882
Remove empty catch blocks, and update tslint rule (#513) 2021-10-19 10:32:14 +02:00
Oscar Hinton 83548a6753
Remove deprecated index.ts (#490)
* Remove deprecated index.ts

* Update tests
2021-09-17 14:57:31 +02:00
Thomas Rittson 9ee31ad2fb
Improve URL parsing (#411)
* Check hostname is valid in getDomain

* fix linting

* Update noop implementation

* Fix tests

* Fix tests
2021-06-23 06:00:14 +10:00
Matt Gibson ea90aea013
Use encrypted filename filename in Cipher attachment upload blob name (#403)
* Use EncString type to enforce encryption on filename in Cipher attachment upload

* Fix Cipher attachment test
2021-06-08 14:02:08 -05:00
Oscar Hinton 1016bbfb9e
Split jslib into multiple modules (#363)
* Split jslib into multiple modules
2021-06-03 18:58:57 +02:00
Thomas Rittson 306aef73d4
Increase error checking on imported Login items (#369)
* Increase error checking on imported Login items

* Check encKey when importing encrypted JSON

* Fix style, use GUID as random string for test

* Revert "Increase error checking on imported Login items"

This reverts commit 17294527863cc53b84ed218f94ffbc21f4e96260.

* fix linting

* Fix tests
2021-05-13 10:58:59 +10:00
Daniel James Smith 1eb40a4891
Add support to import from Nordpass(.csv) (#360)
* Add support for parsing .csv files from Nordpass

* Remove whitespace before extracting CardExpiration

* Add curlybraces to one-liner if's as requested

* NordPassImporter: Process more complex names
2021-04-29 06:51:35 -04:00
Daniel James Smith e298ecfee3
Add import of totp from Lastpass (#361)
* Add import of totp from Lastpass

* Fixed import as request during review
2021-04-28 16:50:37 -04:00
Oscar Hinton aca098645a
Bump dependencies (#350)
* Bump dependencies
2021-04-22 21:17:14 +02:00
Matt Gibson 3a1087456f
Rename CipherString and CipherArrayBuffer to Enc (#352) 2021-04-20 19:16:19 -05:00
Matt Gibson 0a0cdaa7fd
Fix cipher upload (#346)
* Upload correct data array

* Require BufferArray Encryption for upload to server

The CipherArrayBuffer tiny type is only created by CryptoService
and required by all upload methods

* Add test for attachment upload encryption
2021-04-14 10:47:10 -05:00
Tomasz Zdybał 827674847f
Skip FirefoxAccounts during Firefox CSV Import (#323)
* Skip FirefoxAccounts during Firefox CSV Import

Firefox exports 'chrome://FirefoxAccounts' if Firefox Accouts are used
in browser. It's quite hacky - password field in CSV is actually a JSON
encoded data, not a password.
Because it's not a useful record, it should be skipped during import.

* Fix indentation

* Move test Firefox test data to files, fix linter errors
2021-04-12 12:08:56 -05:00
Daniel James Smith c7ac645eb7
Fixes linting error introduced with PR #307 (#309) 2021-03-17 17:14:10 -04:00
Paul Sieben a36f1c25d8
Enhance SafeInCloud import (#307)
* don't import deleted cards

* keep favourite status while importing from saveInCloud

* import all passwords from saveInCloud

* add test data
2021-03-16 15:06:12 -05:00
Matt Gibson 2730e04a05
Match tslint rules (#264) 2021-02-08 14:11:44 -06:00
Matt Gibson 58f40b0085
Fix glob processing in npm. Ban single param parens (#257) 2021-02-04 09:49:23 -06:00
Matt Gibson 1420082348
Do not export trashed items (#241)
* Do not export trashed items

* Test Item exporting

Does not test organization export. Export's use of apiService is not
very testable. We will either need a testApiService or to refactor
apiService to make mocking easier.

* Linter fixes
2020-12-30 15:08:02 -06:00
Matt Gibson 2c414ce27a
Use log service for console messages (#221)
* Use logService for console messages

* Implement a base ConsoleLog service

Use this class as a default for other services that would like to output
to console. This service is overriden in CLI and Desktop to use CLI's
consoleLogService and electronLogService, respectively.

* Use browser-process-hrtime for timing

* test LogService implementations

* Ignore default import of hrtime

* Clean up imports. Require ConsoleLog injection

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
2020-12-11 10:44:57 -06:00
Matt Gibson 72bf18f369
Fix 1password importer (#222)
* Change cipher type based on csv type header

* Test identity and credit card import

* Do not use node 'fs' module

Karma is being used for automated tests so node modules are not available

* WIP: mac and windows 1password importer split

Need to improve windows field identification to limit secret data
exposure and improve user experience

* Hide fields with likely secret values

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
2020-12-08 11:29:57 -06:00
Kyle Spearrin dcbd09e736
encrypted import for bitwarden json (#220) 2020-12-04 21:05:11 -05:00
Matt Gibson 6fb0646481
Fix 1password importer (#217)
* Fix import of 1password csv

* 1password is using '\' as a quote escape character.

* 1password's csv headers are sometimes capitalized. We want to identify
them case insensitively

* Change cipher type based on csv type header

* Translate 1password data to correct fields

* Test identity and credit card import

* linter fixes

* Do not use node 'fs' module

Karma is being used for automated tests so node modules are not available

Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan>
2020-12-04 12:29:31 -06:00
Chad Scharf 5e0a2d1d99
remove old Edge browser hacks (#168)
* remove old Edge browser hacks

* Remove final edge hacks

* Update constructor parameters

* Update search-ciphers.pipe.ts

Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
2020-09-15 10:23:21 -04:00
mtgto d6c9acdf6f
Add noImplicitAny to tsc compiler options (#86) 2020-03-11 09:00:14 -04:00
Kyle Spearrin 76f60dd99e fix lastpass importer tests 2020-02-06 15:28:17 -05:00
Reese eecd774b13
fix lastpass import credit card expiration (#65)
* Fix import of expiration date from LastPass

Signed-off-by: Felipe Santos <felipecassiors@gmail.com>

* handle empty cc exp from lastpass, add test

* check for month/year null/whitespace

* check for empty expiration from lp import

Co-authored-by: Felipe Santos <felipecassiors@gmail.com>
2020-02-06 11:24:18 -05:00
jgfaust c91ab626c2 The domain of data URLs should be null. (#59) 2020-01-25 07:52:51 -05:00
Kyle Spearrin a0a1142f1f Revert "dont sequentialize in throttle spec"
This reverts commit 8edc99dfd1.
2019-04-19 19:46:48 -04:00
Kyle Spearrin 8edc99dfd1 dont sequentialize in throttle spec 2019-04-19 17:41:33 -04:00
Kyle Spearrin f39bdc4269 fix lint issues 2019-03-27 14:46:34 -04:00
Kyle Spearrin 58c34b896c sort and limit password history parsing 2019-03-25 09:10:33 -04:00
Robert Wachs 8ed27eeeec 1password 1pif: import password history (#33)
* 1password 1pif import password history

* 1password 1pif importer: process windows password history

* linter fix
2019-03-24 10:50:49 -04:00
Kyle Spearrin df429fe178 country is now upper 2019-03-23 22:49:22 -04:00
Robert Wachs 2bd47a19df 1password 1pif importer: create identity records (#34)
* 1password 1pif importer: create identity records

* importer: do not store empty strings

replace them with null instead
2019-03-23 22:21:43 -04:00
Kyle Spearrin c17e8b458c use single quote 2019-03-23 12:31:52 -04:00
Robert Wachs f874ec253d 1password 1pif importer: create hidden fields (#32)
* allow base importer to receive custom field type

* 1password importer uses hidden field type

for custom fields marked as 'concealed'

* 1password 1pif importer specs

* remove 'focus' from specs

* change field type logic into simple one liner
2019-03-23 12:27:50 -04:00
Kyle Spearrin 93244b5c90 use jsdom for DOMParser 2019-02-07 16:55:49 -05:00
Fred Cox db37a831e4 Throttle calls to HIBP api (#25)
Randomly failing to check by passwords, I'm pretty sure its because ~2000 connections are made at the same time.
2019-02-02 10:17:44 -05:00
Fred Cox e7f4dccfc3 Clear sequentialize cache when empty to remove chance of memory leaks (#26) 2019-02-02 09:23:16 -05:00
Kyle Spearrin ad97afc590 move getDomain to jslib Utils 2018-10-13 22:21:54 -04:00
Kyle Spearrin d07ee4c01b fix sequentialize tests 2018-07-23 15:32:22 -04:00
Fred Cox 04014a8e78 Add sequentialize to prevent parralel loading of cipher keys (#7)
* Add sequentialize to prevent parralel loading of cipher keys

Massively improves start up performance of extensions

* Add tests for sequentialize

* Fix sequentialize as it was caching calls for all instances together

* Add sequentialize to the functions that have internal caches

* Adding sequentialize to getOrgKeys makes big performance difference

* Update cipher.service.ts

* Update collection.service.ts

* Update folder.service.ts
2018-07-23 14:23:30 -04:00
Kyle Spearrin 87ac298af9 web crypto testing. more test browsers 2018-05-07 11:43:14 -04:00