vaultwarden
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

[Reset Password] Rotate encryption key (#916) 

* [Reset Password] Rotate encryption key

* Added logic for updating reset password key only if necessary

* Updated user's resetPasswordKey for each confirmed organization on key rotation
This commit is contained in:
Vincent Salucci 2021-04-08 11:09:06 -05:00 committed by GitHub
parent 09fba343fc
commit 133d30ba97
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/app/settings/change-password.component.ts
View File

@ -25,6 +25,7 @@ import { SymmetricCryptoKey } from 'jslib/models/domain/symmetricCryptoKey';
import { CipherWithIdRequest } from 'jslib/models/request/cipherWithIdRequest';
import { EmergencyAccessUpdateRequest } from 'jslib/models/request/emergencyAccessUpdateRequest';
import { FolderWithIdRequest } from 'jslib/models/request/folderWithIdRequest';
import { OrganizationUserResetPasswordEnrollmentRequest } from 'jslib/models/request/organizationUserResetPasswordEnrollmentRequest';
import { PasswordRequest } from 'jslib/models/request/passwordRequest';
import { UpdateKeyRequest } from 'jslib/models/request/updateKeyRequest';
@ -166,6 +167,8 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
await this.apiService.postAccountKey(request);
await this.updateEmergencyAccesses(encKey[0]);
await this.updateAllResetPasswordKeys(encKey[0]);
}
private async updateEmergencyAccesses(encKey: SymmetricCryptoKey) {
@ -192,4 +195,25 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
await this.apiService.putEmergencyAccess(details.id, updateRequest);
}
}
private async updateAllResetPasswordKeys(encKey: SymmetricCryptoKey) {
const orgs = await this.userService.getAllOrganizations();
for (const org of orgs) {
// If not already enrolled, skip
if (!org.isResetPasswordEnrolled) {
continue;
}
// Re-enroll - encrpyt user's encKey.key with organization key
const orgSymKey = await this.cryptoService.getOrgKey(org.id);
const encryptedKey = await this.cryptoService.encrypt(encKey.key, orgSymKey);
// Create/Execute request
const request = new OrganizationUserResetPasswordEnrollmentRequest();
request.resetPasswordKey = encryptedKey.encryptedString;
await this.apiService.putOrganizationUserResetPasswordEnrollment(org.id, org.userId, request);
}
}
}