Updated decryptUserKeyWithMasterKey to requireUserId
This commit is contained in:
parent
15e5a6d747
commit
37772ddd1c
|
@ -194,7 +194,7 @@ export class ChangePasswordComponent
|
||||||
HashPurpose.LocalAuthorization,
|
HashPurpose.LocalAuthorization,
|
||||||
);
|
);
|
||||||
|
|
||||||
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey);
|
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey, userId);
|
||||||
if (userKey == null) {
|
if (userKey == null) {
|
||||||
this.toastService.showToast({
|
this.toastService.showToast({
|
||||||
variant: "error",
|
variant: "error",
|
||||||
|
|
|
@ -268,6 +268,7 @@ export class LockComponent implements OnInit, OnDestroy {
|
||||||
|
|
||||||
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(
|
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(
|
||||||
response.masterKey,
|
response.masterKey,
|
||||||
|
userId,
|
||||||
);
|
);
|
||||||
await this.setUserKeyAndContinue(userKey, userId, true);
|
await this.setUserKeyAndContinue(userKey, userId, true);
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,6 +28,7 @@ export const authGuard: CanActivateFn = async (
|
||||||
const masterPasswordService = inject(MasterPasswordServiceAbstraction);
|
const masterPasswordService = inject(MasterPasswordServiceAbstraction);
|
||||||
|
|
||||||
const authStatus = await authService.getAuthStatus();
|
const authStatus = await authService.getAuthStatus();
|
||||||
|
x;
|
||||||
|
|
||||||
if (authStatus === AuthenticationStatus.LoggedOut) {
|
if (authStatus === AuthenticationStatus.LoggedOut) {
|
||||||
messagingService.send("authBlocked", { url: routerState.url });
|
messagingService.send("authBlocked", { url: routerState.url });
|
||||||
|
|
|
@ -481,6 +481,7 @@ export class LockV2Component implements OnInit, OnDestroy {
|
||||||
|
|
||||||
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(
|
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(
|
||||||
masterPasswordVerificationResponse.masterKey,
|
masterPasswordVerificationResponse.masterKey,
|
||||||
|
this.activeAccount.id,
|
||||||
);
|
);
|
||||||
await this.setUserKeyAndContinue(userKey, true);
|
await this.setUserKeyAndContinue(userKey, true);
|
||||||
}
|
}
|
||||||
|
|
|
@ -114,7 +114,10 @@ export class AuthRequestLoginStrategy extends LoginStrategy {
|
||||||
private async trySetUserKeyWithMasterKey(userId: UserId): Promise<void> {
|
private async trySetUserKeyWithMasterKey(userId: UserId): Promise<void> {
|
||||||
const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId));
|
const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId));
|
||||||
if (masterKey) {
|
if (masterKey) {
|
||||||
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey);
|
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(
|
||||||
|
masterKey,
|
||||||
|
userId,
|
||||||
|
);
|
||||||
await this.cryptoService.setUserKey(userKey, userId);
|
await this.cryptoService.setUserKey(userKey, userId);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -186,7 +186,10 @@ export class PasswordLoginStrategy extends LoginStrategy {
|
||||||
|
|
||||||
const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId));
|
const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId));
|
||||||
if (masterKey) {
|
if (masterKey) {
|
||||||
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey);
|
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(
|
||||||
|
masterKey,
|
||||||
|
userId,
|
||||||
|
);
|
||||||
await this.cryptoService.setUserKey(userKey, userId);
|
await this.cryptoService.setUserKey(userKey, userId);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -499,7 +499,7 @@ describe("SsoLoginStrategy", () => {
|
||||||
|
|
||||||
expect(masterPasswordService.mock.decryptUserKeyWithMasterKey).toHaveBeenCalledWith(
|
expect(masterPasswordService.mock.decryptUserKeyWithMasterKey).toHaveBeenCalledWith(
|
||||||
masterKey,
|
masterKey,
|
||||||
undefined,
|
userId,
|
||||||
undefined,
|
undefined,
|
||||||
);
|
);
|
||||||
expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey, userId);
|
expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey, userId);
|
||||||
|
@ -555,7 +555,7 @@ describe("SsoLoginStrategy", () => {
|
||||||
|
|
||||||
expect(masterPasswordService.mock.decryptUserKeyWithMasterKey).toHaveBeenCalledWith(
|
expect(masterPasswordService.mock.decryptUserKeyWithMasterKey).toHaveBeenCalledWith(
|
||||||
masterKey,
|
masterKey,
|
||||||
undefined,
|
userId,
|
||||||
undefined,
|
undefined,
|
||||||
);
|
);
|
||||||
expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey, userId);
|
expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey, userId);
|
||||||
|
|
|
@ -338,7 +338,7 @@ export class SsoLoginStrategy extends LoginStrategy {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey);
|
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey, userId);
|
||||||
await this.cryptoService.setUserKey(userKey, userId);
|
await this.cryptoService.setUserKey(userKey, userId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -216,7 +216,7 @@ describe("UserApiLoginStrategy", () => {
|
||||||
|
|
||||||
expect(masterPasswordService.mock.decryptUserKeyWithMasterKey).toHaveBeenCalledWith(
|
expect(masterPasswordService.mock.decryptUserKeyWithMasterKey).toHaveBeenCalledWith(
|
||||||
masterKey,
|
masterKey,
|
||||||
undefined,
|
userId,
|
||||||
undefined,
|
undefined,
|
||||||
);
|
);
|
||||||
expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey, userId);
|
expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey, userId);
|
||||||
|
|
|
@ -69,7 +69,10 @@ export class UserApiLoginStrategy extends LoginStrategy {
|
||||||
if (response.apiUseKeyConnector) {
|
if (response.apiUseKeyConnector) {
|
||||||
const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId));
|
const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId));
|
||||||
if (masterKey) {
|
if (masterKey) {
|
||||||
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey);
|
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(
|
||||||
|
masterKey,
|
||||||
|
userId,
|
||||||
|
);
|
||||||
await this.cryptoService.setUserKey(userKey, userId);
|
await this.cryptoService.setUserKey(userKey, userId);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -200,7 +200,7 @@ describe("AuthRequestService", () => {
|
||||||
);
|
);
|
||||||
expect(masterPasswordService.mock.decryptUserKeyWithMasterKey).toHaveBeenCalledWith(
|
expect(masterPasswordService.mock.decryptUserKeyWithMasterKey).toHaveBeenCalledWith(
|
||||||
mockDecryptedMasterKey,
|
mockDecryptedMasterKey,
|
||||||
undefined,
|
mockUserId,
|
||||||
undefined,
|
undefined,
|
||||||
);
|
);
|
||||||
expect(cryptoService.setUserKey).toHaveBeenCalledWith(mockDecryptedUserKey, mockUserId);
|
expect(cryptoService.setUserKey).toHaveBeenCalledWith(mockDecryptedUserKey, mockUserId);
|
||||||
|
|
|
@ -150,7 +150,7 @@ export class AuthRequestService implements AuthRequestServiceAbstraction {
|
||||||
);
|
);
|
||||||
|
|
||||||
// Decrypt and set user key in state
|
// Decrypt and set user key in state
|
||||||
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey);
|
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey, userId);
|
||||||
|
|
||||||
// Set masterKey + masterKeyHash in state after decryption (in case decryption fails)
|
// Set masterKey + masterKeyHash in state after decryption (in case decryption fails)
|
||||||
await this.masterPasswordService.setMasterKey(masterKey, userId);
|
await this.masterPasswordService.setMasterKey(masterKey, userId);
|
||||||
|
|
|
@ -418,6 +418,7 @@ export class PinService implements PinServiceAbstraction {
|
||||||
|
|
||||||
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(
|
const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(
|
||||||
masterKey,
|
masterKey,
|
||||||
|
userId,
|
||||||
encUserKey ? new EncString(encUserKey) : undefined,
|
encUserKey ? new EncString(encUserKey) : undefined,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
@ -33,16 +33,16 @@ export abstract class MasterPasswordServiceAbstraction {
|
||||||
/**
|
/**
|
||||||
* Decrypts the user key with the provided master key
|
* Decrypts the user key with the provided master key
|
||||||
* @param masterKey The user's master key
|
* @param masterKey The user's master key
|
||||||
|
* * @param userId The desired user
|
||||||
* @param userKey The user's encrypted symmetric key
|
* @param userKey The user's encrypted symmetric key
|
||||||
* @param userId The desired user
|
|
||||||
* @throws If either the MasterKey or UserKey are not resolved, or if the UserKey encryption type
|
* @throws If either the MasterKey or UserKey are not resolved, or if the UserKey encryption type
|
||||||
* is neither AesCbc256_B64 nor AesCbc256_HmacSha256_B64
|
* is neither AesCbc256_B64 nor AesCbc256_HmacSha256_B64
|
||||||
* @returns The user key
|
* @returns The user key
|
||||||
*/
|
*/
|
||||||
abstract decryptUserKeyWithMasterKey: (
|
abstract decryptUserKeyWithMasterKey: (
|
||||||
masterKey: MasterKey,
|
masterKey: MasterKey,
|
||||||
|
userId: string,
|
||||||
userKey?: EncString,
|
userKey?: EncString,
|
||||||
userId?: string,
|
|
||||||
) => Promise<UserKey>;
|
) => Promise<UserKey>;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -64,9 +64,9 @@ export class FakeMasterPasswordService implements InternalMasterPasswordServiceA
|
||||||
|
|
||||||
decryptUserKeyWithMasterKey(
|
decryptUserKeyWithMasterKey(
|
||||||
masterKey: MasterKey,
|
masterKey: MasterKey,
|
||||||
|
userId: string,
|
||||||
userKey?: EncString,
|
userKey?: EncString,
|
||||||
userId?: string,
|
|
||||||
): Promise<UserKey> {
|
): Promise<UserKey> {
|
||||||
return this.mock.decryptUserKeyWithMasterKey(masterKey, userKey, userId);
|
return this.mock.decryptUserKeyWithMasterKey(masterKey, userId, userKey);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
import { firstValueFrom, map, Observable } from "rxjs";
|
import { firstValueFrom, map, Observable } from "rxjs";
|
||||||
|
|
||||||
|
import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
|
||||||
|
|
||||||
import { EncryptService } from "../../../platform/abstractions/encrypt.service";
|
import { EncryptService } from "../../../platform/abstractions/encrypt.service";
|
||||||
import { KeyGenerationService } from "../../../platform/abstractions/key-generation.service";
|
import { KeyGenerationService } from "../../../platform/abstractions/key-generation.service";
|
||||||
import { StateService } from "../../../platform/abstractions/state.service";
|
import { StateService } from "../../../platform/abstractions/state.service";
|
||||||
|
@ -55,6 +57,7 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr
|
||||||
private stateService: StateService,
|
private stateService: StateService,
|
||||||
private keyGenerationService: KeyGenerationService,
|
private keyGenerationService: KeyGenerationService,
|
||||||
private encryptService: EncryptService,
|
private encryptService: EncryptService,
|
||||||
|
private logService: LogService,
|
||||||
) {}
|
) {}
|
||||||
|
|
||||||
masterKey$(userId: UserId): Observable<MasterKey> {
|
masterKey$(userId: UserId): Observable<MasterKey> {
|
||||||
|
@ -149,10 +152,9 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr
|
||||||
|
|
||||||
async decryptUserKeyWithMasterKey(
|
async decryptUserKeyWithMasterKey(
|
||||||
masterKey: MasterKey,
|
masterKey: MasterKey,
|
||||||
|
userId: UserId,
|
||||||
userKey?: EncString,
|
userKey?: EncString,
|
||||||
userId?: UserId,
|
|
||||||
): Promise<UserKey> {
|
): Promise<UserKey> {
|
||||||
userId ??= await firstValueFrom(this.stateProvider.activeUserId$);
|
|
||||||
userKey ??= await this.getMasterKeyEncryptedUserKey(userId);
|
userKey ??= await this.getMasterKeyEncryptedUserKey(userId);
|
||||||
masterKey ??= await firstValueFrom(this.masterKey$(userId));
|
masterKey ??= await firstValueFrom(this.masterKey$(userId));
|
||||||
|
|
||||||
|
@ -185,6 +187,7 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr
|
||||||
}
|
}
|
||||||
|
|
||||||
if (decUserKey == null) {
|
if (decUserKey == null) {
|
||||||
|
this.logService.warning("Failed to decrypt user key with master key.");
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue