1
0
mirror of https://github.com/bitwarden/browser synced 2025-01-24 18:25:06 +01:00

Return correct master password hash from login strategies (#8518)

This commit is contained in:
Jake Fink 2024-03-27 17:17:17 -04:00 committed by GitHub
parent 5de2177175
commit aaa745ec36
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 16 additions and 12 deletions

View File

@ -63,14 +63,12 @@ export class PasswordLoginStrategyData implements LoginStrategyData {
}
export class PasswordLoginStrategy extends LoginStrategy {
/**
* The email address of the user attempting to log in.
*/
/** The email address of the user attempting to log in. */
email$: Observable<string>;
/**
* The master key hash of the user attempting to log in.
*/
masterKeyHash$: Observable<string | null>;
/** The master key hash used for authentication */
serverMasterKeyHash$: Observable<string>;
/** The local master key hash we store client side */
localMasterKeyHash$: Observable<string | null>;
protected cache: BehaviorSubject<PasswordLoginStrategyData>;
@ -107,7 +105,10 @@ export class PasswordLoginStrategy extends LoginStrategy {
this.cache = new BehaviorSubject(data);
this.email$ = this.cache.pipe(map((state) => state.tokenRequest.email));
this.masterKeyHash$ = this.cache.pipe(map((state) => state.localMasterKeyHash));
this.serverMasterKeyHash$ = this.cache.pipe(
map((state) => state.tokenRequest.masterPasswordHash),
);
this.localMasterKeyHash$ = this.cache.pipe(map((state) => state.localMasterKeyHash));
}
override async logIn(credentials: PasswordLoginCredentials) {
@ -123,11 +124,14 @@ export class PasswordLoginStrategy extends LoginStrategy {
data.masterKey,
HashPurpose.LocalAuthorization,
);
const masterKeyHash = await this.cryptoService.hashMasterKey(masterPassword, data.masterKey);
const serverMasterKeyHash = await this.cryptoService.hashMasterKey(
masterPassword,
data.masterKey,
);
data.tokenRequest = new PasswordTokenRequest(
email,
masterKeyHash,
serverMasterKeyHash,
captchaToken,
await this.buildTwoFactor(twoFactor, email),
await this.buildDeviceRequest(),

View File

@ -137,8 +137,8 @@ export class LoginStrategyService implements LoginStrategyServiceAbstraction {
async getMasterPasswordHash(): Promise<string | null> {
const strategy = await firstValueFrom(this.loginStrategy$);
if ("masterKeyHash$" in strategy) {
return await firstValueFrom(strategy.masterKeyHash$);
if ("serverMasterKeyHash$" in strategy) {
return await firstValueFrom(strategy.serverMasterKeyHash$);
}
return null;
}