2020-08-13 20:32:07 +02:00
|
|
|
import { Component } from '@angular/core';
|
2018-06-21 17:47:23 +02:00
|
|
|
|
|
|
|
|
import { ApiService } from 'jslib/abstractions/api.service';
|
2018-11-13 17:06:16 +01:00
|
|
|
import { CipherService } from 'jslib/abstractions/cipher.service';
|
2018-06-21 21:30:17 +02:00
|
|
|
import { CryptoService } from 'jslib/abstractions/crypto.service';
|
2018-11-13 17:06:16 +01:00
|
|
|
import { FolderService } from 'jslib/abstractions/folder.service';
|
2018-06-21 17:47:23 +02:00
|
|
|
import { I18nService } from 'jslib/abstractions/i18n.service';
|
2018-06-21 21:30:17 +02:00
|
|
|
import { MessagingService } from 'jslib/abstractions/messaging.service';
|
2018-11-13 05:00:58 +01:00
|
|
|
import { PasswordGenerationService } from 'jslib/abstractions/passwordGeneration.service';
|
|
|
|
|
import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
|
2020-03-03 17:20:28 +01:00
|
|
|
import { PolicyService } from 'jslib/abstractions/policy.service';
|
2018-11-13 17:06:16 +01:00
|
|
|
import { SyncService } from 'jslib/abstractions/sync.service';
|
2018-06-21 21:30:17 +02:00
|
|
|
import { UserService } from 'jslib/abstractions/user.service';
|
2018-11-13 05:00:58 +01:00
|
|
|
|
2020-08-13 20:32:07 +02:00
|
|
|
import {
|
|
|
|
|
ChangePasswordComponent as BaseChangePasswordComponent,
|
|
|
|
|
} from 'jslib/angular/components/change-password.component';
|
|
|
|
|
|
2020-12-22 16:57:44 +01:00
|
|
|
import { EmergencyAccessStatusType } from 'jslib/enums/emergencyAccessStatusType';
|
|
|
|
|
import { Utils } from 'jslib/misc/utils';
|
|
|
|
|
|
2021-04-21 21:20:20 +02:00
|
|
|
import { EncString } from 'jslib/models/domain/encString';
|
2018-11-13 17:06:16 +01:00
|
|
|
import { SymmetricCryptoKey } from 'jslib/models/domain/symmetricCryptoKey';
|
|
|
|
|
|
|
|
|
|
import { CipherWithIdRequest } from 'jslib/models/request/cipherWithIdRequest';
|
2020-12-22 16:57:44 +01:00
|
|
|
import { EmergencyAccessUpdateRequest } from 'jslib/models/request/emergencyAccessUpdateRequest';
|
2018-11-13 17:06:16 +01:00
|
|
|
import { FolderWithIdRequest } from 'jslib/models/request/folderWithIdRequest';
|
2021-04-08 18:09:06 +02:00
|
|
|
import { OrganizationUserResetPasswordEnrollmentRequest } from 'jslib/models/request/organizationUserResetPasswordEnrollmentRequest';
|
2018-06-21 21:30:17 +02:00
|
|
|
import { PasswordRequest } from 'jslib/models/request/passwordRequest';
|
2018-11-13 17:06:16 +01:00
|
|
|
import { UpdateKeyRequest } from 'jslib/models/request/updateKeyRequest';
|
2018-06-21 17:47:23 +02:00
|
|
|
|
|
|
|
|
@Component({
|
|
|
|
|
selector: 'app-change-password',
|
|
|
|
|
templateUrl: 'change-password.component.html',
|
|
|
|
|
})
|
2020-08-13 20:32:07 +02:00
|
|
|
export class ChangePasswordComponent extends BaseChangePasswordComponent {
|
2018-11-13 17:06:16 +01:00
|
|
|
rotateEncKey = false;
|
2020-08-13 20:32:07 +02:00
|
|
|
currentMasterPassword: string;
|
2018-11-13 05:00:58 +01:00
|
|
|
|
2020-08-21 20:40:48 +02:00
|
|
|
constructor(i18nService: I18nService,
|
2020-08-13 20:32:07 +02:00
|
|
|
cryptoService: CryptoService, messagingService: MessagingService,
|
|
|
|
|
userService: UserService, passwordGenerationService: PasswordGenerationService,
|
2020-08-21 20:40:48 +02:00
|
|
|
platformUtilsService: PlatformUtilsService, policyService: PolicyService,
|
|
|
|
|
private folderService: FolderService, private cipherService: CipherService,
|
2021-04-08 18:09:06 +02:00
|
|
|
private syncService: SyncService, private apiService: ApiService) {
|
2020-08-21 20:40:48 +02:00
|
|
|
super(i18nService, cryptoService, messagingService, userService, passwordGenerationService,
|
|
|
|
|
platformUtilsService, policyService);
|
2018-11-13 05:00:58 +01:00
|
|
|
}
|
2018-11-13 05:26:00 +01:00
|
|
|
|
2018-11-14 21:54:13 +01:00
|
|
|
async rotateEncKeyClicked() {
|
2018-11-13 17:06:16 +01:00
|
|
|
if (this.rotateEncKey) {
|
2018-11-14 21:54:13 +01:00
|
|
|
const ciphers = await this.cipherService.getAllDecrypted();
|
|
|
|
|
let hasOldAttachments = false;
|
|
|
|
|
if (ciphers != null) {
|
|
|
|
|
for (let i = 0; i < ciphers.length; i++) {
|
|
|
|
|
if (ciphers[i].organizationId == null && ciphers[i].hasOldAttachments) {
|
|
|
|
|
hasOldAttachments = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (hasOldAttachments) {
|
|
|
|
|
const learnMore = await this.platformUtilsService.showDialog(
|
|
|
|
|
this.i18nService.t('oldAttachmentsNeedFixDesc'), null,
|
|
|
|
|
this.i18nService.t('learnMore'), this.i18nService.t('close'), 'warning');
|
|
|
|
|
if (learnMore) {
|
2018-11-16 15:17:33 +01:00
|
|
|
this.platformUtilsService.launchUri(
|
2018-11-26 18:25:27 +01:00
|
|
|
'https://help.bitwarden.com/article/attachments/#fixing-old-attachments');
|
2018-11-14 21:54:13 +01:00
|
|
|
}
|
|
|
|
|
this.rotateEncKey = false;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-13 17:06:16 +01:00
|
|
|
const result = await this.platformUtilsService.showDialog(
|
|
|
|
|
this.i18nService.t('updateEncryptionKeyWarning') + ' ' +
|
2020-12-04 15:58:26 +01:00
|
|
|
this.i18nService.t('updateEncryptionKeyExportWarning') + ' ' +
|
2018-11-13 17:06:16 +01:00
|
|
|
this.i18nService.t('rotateEncKeyConfirmation'), this.i18nService.t('rotateEncKeyTitle'),
|
|
|
|
|
this.i18nService.t('yes'), this.i18nService.t('no'), 'warning');
|
|
|
|
|
if (!result) {
|
|
|
|
|
this.rotateEncKey = false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-17 21:04:59 +02:00
|
|
|
async submit() {
|
|
|
|
|
const hasEncKey = await this.cryptoService.hasEncKey();
|
|
|
|
|
if (!hasEncKey) {
|
|
|
|
|
this.platformUtilsService.showToast('error', null, this.i18nService.t('updateKey'));
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
await super.submit();
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-13 20:32:07 +02:00
|
|
|
async setupSubmitActions() {
|
|
|
|
|
if (this.currentMasterPassword == null || this.currentMasterPassword === '') {
|
|
|
|
|
this.platformUtilsService.showToast('error', this.i18nService.t('errorOccurred'),
|
|
|
|
|
this.i18nService.t('masterPassRequired'));
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (this.rotateEncKey) {
|
|
|
|
|
await this.syncService.fullSync(true);
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-17 21:04:59 +02:00
|
|
|
return super.setupSubmitActions();
|
2020-08-13 20:32:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async performSubmitActions(newMasterPasswordHash: string, newKey: SymmetricCryptoKey,
|
2021-04-21 21:20:20 +02:00
|
|
|
newEncKey: [SymmetricCryptoKey, EncString]) {
|
2020-08-13 20:32:07 +02:00
|
|
|
const request = new PasswordRequest();
|
|
|
|
|
request.masterPasswordHash = await this.cryptoService.hashPassword(this.currentMasterPassword, null);
|
|
|
|
|
request.newMasterPasswordHash = newMasterPasswordHash;
|
|
|
|
|
request.key = newEncKey[1].encryptedString;
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
if (this.rotateEncKey) {
|
|
|
|
|
this.formPromise = this.apiService.postPassword(request).then(() => {
|
|
|
|
|
return this.updateKey(newKey, request.newMasterPasswordHash);
|
|
|
|
|
});
|
|
|
|
|
} else {
|
|
|
|
|
this.formPromise = this.apiService.postPassword(request);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
await this.formPromise;
|
|
|
|
|
|
|
|
|
|
this.platformUtilsService.showToast('success', this.i18nService.t('masterPasswordChanged'),
|
|
|
|
|
this.i18nService.t('logBackIn'));
|
|
|
|
|
this.messagingService.send('logout');
|
|
|
|
|
} catch {
|
|
|
|
|
this.platformUtilsService.showToast('error', null, this.i18nService.t('errorOccurred'));
|
2018-11-13 05:26:00 +01:00
|
|
|
}
|
|
|
|
|
}
|
2018-11-13 17:06:16 +01:00
|
|
|
|
2018-11-14 22:22:57 +01:00
|
|
|
private async updateKey(key: SymmetricCryptoKey, masterPasswordHash: string) {
|
2018-11-13 17:06:16 +01:00
|
|
|
const encKey = await this.cryptoService.makeEncKey(key);
|
|
|
|
|
const privateKey = await this.cryptoService.getPrivateKey();
|
2021-04-21 21:20:20 +02:00
|
|
|
let encPrivateKey: EncString = null;
|
2018-11-13 17:06:16 +01:00
|
|
|
if (privateKey != null) {
|
|
|
|
|
encPrivateKey = await this.cryptoService.encrypt(privateKey, encKey[0]);
|
|
|
|
|
}
|
|
|
|
|
const request = new UpdateKeyRequest();
|
|
|
|
|
request.privateKey = encPrivateKey != null ? encPrivateKey.encryptedString : null;
|
|
|
|
|
request.key = encKey[1].encryptedString;
|
|
|
|
|
request.masterPasswordHash = masterPasswordHash;
|
|
|
|
|
|
|
|
|
|
const folders = await this.folderService.getAllDecrypted();
|
|
|
|
|
for (let i = 0; i < folders.length; i++) {
|
|
|
|
|
if (folders[i].id == null) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
const folder = await this.folderService.encrypt(folders[i], encKey[0]);
|
|
|
|
|
request.folders.push(new FolderWithIdRequest(folder));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const ciphers = await this.cipherService.getAllDecrypted();
|
|
|
|
|
for (let i = 0; i < ciphers.length; i++) {
|
|
|
|
|
if (ciphers[i].organizationId != null) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const cipher = await this.cipherService.encrypt(ciphers[i], encKey[0]);
|
|
|
|
|
request.ciphers.push(new CipherWithIdRequest(cipher));
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-14 22:22:57 +01:00
|
|
|
await this.apiService.postAccountKey(request);
|
2020-12-22 16:57:44 +01:00
|
|
|
|
|
|
|
|
await this.updateEmergencyAccesses(encKey[0]);
|
2021-04-08 18:09:06 +02:00
|
|
|
|
|
|
|
|
await this.updateAllResetPasswordKeys(encKey[0]);
|
2020-12-22 16:57:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private async updateEmergencyAccesses(encKey: SymmetricCryptoKey) {
|
|
|
|
|
const emergencyAccess = await this.apiService.getEmergencyAccessTrusted();
|
|
|
|
|
const allowedStatuses = [
|
|
|
|
|
EmergencyAccessStatusType.Confirmed,
|
|
|
|
|
EmergencyAccessStatusType.RecoveryInitiated,
|
|
|
|
|
EmergencyAccessStatusType.RecoveryApproved,
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
const filteredAccesses = emergencyAccess.data.filter(d => allowedStatuses.includes(d.status));
|
|
|
|
|
|
|
|
|
|
for (const details of filteredAccesses) {
|
|
|
|
|
const publicKeyResponse = await this.apiService.getUserPublicKey(details.granteeId);
|
|
|
|
|
const publicKey = Utils.fromB64ToArray(publicKeyResponse.publicKey);
|
|
|
|
|
|
|
|
|
|
const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
|
|
|
|
|
|
|
|
|
|
const updateRequest = new EmergencyAccessUpdateRequest();
|
|
|
|
|
updateRequest.type = details.type;
|
|
|
|
|
updateRequest.waitTimeDays = details.waitTimeDays;
|
|
|
|
|
updateRequest.keyEncrypted = encryptedKey.encryptedString;
|
|
|
|
|
|
|
|
|
|
await this.apiService.putEmergencyAccess(details.id, updateRequest);
|
|
|
|
|
}
|
2018-11-13 17:06:16 +01:00
|
|
|
}
|
2021-04-08 18:09:06 +02:00
|
|
|
|
|
|
|
|
private async updateAllResetPasswordKeys(encKey: SymmetricCryptoKey) {
|
|
|
|
|
const orgs = await this.userService.getAllOrganizations();
|
|
|
|
|
|
|
|
|
|
for (const org of orgs) {
|
|
|
|
|
// If not already enrolled, skip
|
2021-05-25 19:24:09 +02:00
|
|
|
if (!org.resetPasswordEnrolled) {
|
2021-04-08 18:09:06 +02:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2021-06-02 18:35:49 +02:00
|
|
|
// Retrieve public key
|
|
|
|
|
const response = await this.apiService.getOrganizationKeys(org.id);
|
|
|
|
|
const publicKey = Utils.fromB64ToArray(response?.publicKey);
|
|
|
|
|
|
|
|
|
|
// Re-enroll - encrpyt user's encKey.key with organization public key
|
|
|
|
|
const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
|
2021-04-08 18:09:06 +02:00
|
|
|
|
|
|
|
|
// Create/Execute request
|
|
|
|
|
const request = new OrganizationUserResetPasswordEnrollmentRequest();
|
|
|
|
|
request.resetPasswordKey = encryptedKey.encryptedString;
|
|
|
|
|
|
|
|
|
|
await this.apiService.putOrganizationUserResetPasswordEnrollment(org.id, org.userId, request);
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-06-21 17:47:23 +02:00
|
|
|
}
|
