Vault Timeout Policy (#474)
This commit is contained in:
parent
5784a6d4fc
commit
bba2812fdd
|
@ -0,0 +1,138 @@
|
||||||
|
import {
|
||||||
|
Directive,
|
||||||
|
Input,
|
||||||
|
OnInit,
|
||||||
|
} from '@angular/core';
|
||||||
|
import {
|
||||||
|
AbstractControl,
|
||||||
|
ControlValueAccessor,
|
||||||
|
FormBuilder,
|
||||||
|
ValidationErrors,
|
||||||
|
Validator
|
||||||
|
} from '@angular/forms';
|
||||||
|
|
||||||
|
import { I18nService } from 'jslib-common/abstractions/i18n.service';
|
||||||
|
import { PolicyService } from 'jslib-common/abstractions/policy.service';
|
||||||
|
|
||||||
|
import { PolicyType } from 'jslib-common/enums/policyType';
|
||||||
|
import { Policy } from 'jslib-common/models/domain/policy';
|
||||||
|
|
||||||
|
@Directive()
|
||||||
|
export class VaultTimeoutInputComponent implements ControlValueAccessor, Validator, OnInit {
|
||||||
|
|
||||||
|
get showCustom() {
|
||||||
|
return this.form.get('vaultTimeout').value === VaultTimeoutInputComponent.CUSTOM_VALUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
static CUSTOM_VALUE = -100;
|
||||||
|
|
||||||
|
form = this.fb.group({
|
||||||
|
vaultTimeout: [null],
|
||||||
|
custom: this.fb.group({
|
||||||
|
hours: [null],
|
||||||
|
minutes: [null],
|
||||||
|
}),
|
||||||
|
});
|
||||||
|
|
||||||
|
@Input() vaultTimeouts: { name: string; value: number; }[];
|
||||||
|
vaultTimeoutPolicy: Policy;
|
||||||
|
vaultTimeoutPolicyHours: number;
|
||||||
|
vaultTimeoutPolicyMinutes: number;
|
||||||
|
|
||||||
|
private onChange: (vaultTimeout: number) => void;
|
||||||
|
private validatorChange: () => void;
|
||||||
|
|
||||||
|
constructor(private fb: FormBuilder, private policyService: PolicyService, private i18nService: I18nService) {
|
||||||
|
}
|
||||||
|
|
||||||
|
async ngOnInit() {
|
||||||
|
if (await this.policyService.policyAppliesToUser(PolicyType.MaximumVaultTimeout)) {
|
||||||
|
const vaultTimeoutPolicy = await this.policyService.getAll(PolicyType.MaximumVaultTimeout);
|
||||||
|
|
||||||
|
this.vaultTimeoutPolicy = vaultTimeoutPolicy[0];
|
||||||
|
this.vaultTimeoutPolicyHours = Math.floor(this.vaultTimeoutPolicy.data.minutes / 60);
|
||||||
|
this.vaultTimeoutPolicyMinutes = this.vaultTimeoutPolicy.data.minutes % 60;
|
||||||
|
|
||||||
|
this.vaultTimeouts = this.vaultTimeouts.filter(t =>
|
||||||
|
t.value <= this.vaultTimeoutPolicy.data.minutes &&
|
||||||
|
(t.value > 0 || t.value === VaultTimeoutInputComponent.CUSTOM_VALUE) &&
|
||||||
|
t.value != null
|
||||||
|
);
|
||||||
|
this.validatorChange();
|
||||||
|
}
|
||||||
|
|
||||||
|
this.form.valueChanges.subscribe(async value => {
|
||||||
|
this.onChange(this.getVaultTimeout(value));
|
||||||
|
});
|
||||||
|
|
||||||
|
// Assign the previous value to the custom fields
|
||||||
|
this.form.get('vaultTimeout').valueChanges.subscribe(value => {
|
||||||
|
if (value !== VaultTimeoutInputComponent.CUSTOM_VALUE) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
const current = Math.max(this.form.value.vaultTimeout, 0);
|
||||||
|
this.form.patchValue({
|
||||||
|
custom: {
|
||||||
|
hours: Math.floor(current / 60),
|
||||||
|
minutes: current % 60,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
ngOnChanges() {
|
||||||
|
this.vaultTimeouts.push({ name: this.i18nService.t('custom'), value: VaultTimeoutInputComponent.CUSTOM_VALUE });
|
||||||
|
}
|
||||||
|
|
||||||
|
getVaultTimeout(value: any) {
|
||||||
|
if (value.vaultTimeout !== VaultTimeoutInputComponent.CUSTOM_VALUE) {
|
||||||
|
return value.vaultTimeout;
|
||||||
|
}
|
||||||
|
|
||||||
|
return value.custom.hours * 60 + value.custom.minutes;
|
||||||
|
}
|
||||||
|
|
||||||
|
writeValue(value: number): void {
|
||||||
|
if (value == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (this.vaultTimeouts.every(p => p.value !== value)) {
|
||||||
|
this.form.setValue({
|
||||||
|
vaultTimeout: VaultTimeoutInputComponent.CUSTOM_VALUE,
|
||||||
|
custom: {
|
||||||
|
hours: Math.floor(value / 60),
|
||||||
|
minutes: value % 60,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.form.patchValue({
|
||||||
|
vaultTimeout: value,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
registerOnChange(onChange: any): void {
|
||||||
|
this.onChange = onChange;
|
||||||
|
}
|
||||||
|
|
||||||
|
// tslint:disable-next-line
|
||||||
|
registerOnTouched(onTouched: any): void {}
|
||||||
|
|
||||||
|
// tslint:disable-next-line
|
||||||
|
setDisabledState?(isDisabled: boolean): void { }
|
||||||
|
|
||||||
|
validate(control: AbstractControl): ValidationErrors {
|
||||||
|
if (this.vaultTimeoutPolicy && this.vaultTimeoutPolicy?.data?.minutes < control.value) {
|
||||||
|
return { policyError: true };
|
||||||
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
registerOnValidatorChange(fn: () => void): void {
|
||||||
|
this.validatorChange = fn;
|
||||||
|
}
|
||||||
|
}
|
|
@ -13,10 +13,6 @@ export abstract class PlatformUtilsService {
|
||||||
isIE: () => boolean;
|
isIE: () => boolean;
|
||||||
isMacAppStore: () => boolean;
|
isMacAppStore: () => boolean;
|
||||||
isViewOpen: () => Promise<boolean>;
|
isViewOpen: () => Promise<boolean>;
|
||||||
/**
|
|
||||||
* @deprecated This only ever returns null. Pull from your platform's storage using ConstantsService.vaultTimeoutKey
|
|
||||||
*/
|
|
||||||
lockTimeout: () => number;
|
|
||||||
launchUri: (uri: string, options?: any) => void;
|
launchUri: (uri: string, options?: any) => void;
|
||||||
saveFile: (win: Window, blobData: any, blobOptions: any, fileName: string) => void;
|
saveFile: (win: Window, blobData: any, blobOptions: any, fileName: string) => void;
|
||||||
getApplicationVersion: () => Promise<string>;
|
getApplicationVersion: () => Promise<string>;
|
||||||
|
|
|
@ -9,6 +9,7 @@ export abstract class VaultTimeoutService {
|
||||||
lock: (allowSoftLock?: boolean) => Promise<void>;
|
lock: (allowSoftLock?: boolean) => Promise<void>;
|
||||||
logOut: () => Promise<void>;
|
logOut: () => Promise<void>;
|
||||||
setVaultTimeoutOptions: (vaultTimeout: number, vaultTimeoutAction: string) => Promise<void>;
|
setVaultTimeoutOptions: (vaultTimeout: number, vaultTimeoutAction: string) => Promise<void>;
|
||||||
|
getVaultTimeout: () => Promise<number>;
|
||||||
isPinLockSet: () => Promise<[boolean, boolean]>;
|
isPinLockSet: () => Promise<[boolean, boolean]>;
|
||||||
isBiometricLockSet: () => Promise<boolean>;
|
isBiometricLockSet: () => Promise<boolean>;
|
||||||
clear: () => Promise<any>;
|
clear: () => Promise<any>;
|
||||||
|
|
|
@ -8,4 +8,5 @@ export enum PolicyType {
|
||||||
DisableSend = 6, // Disables the ability to create and edit Bitwarden Sends
|
DisableSend = 6, // Disables the ability to create and edit Bitwarden Sends
|
||||||
SendOptions = 7, // Sets restrictions or defaults for Bitwarden Sends
|
SendOptions = 7, // Sets restrictions or defaults for Bitwarden Sends
|
||||||
ResetPassword = 8, // Allows orgs to use reset password : also can enable auto-enrollment during invite flow
|
ResetPassword = 8, // Allows orgs to use reset password : also can enable auto-enrollment during invite flow
|
||||||
|
MaximumVaultTimeout = 9, // Sets the maximum allowed vault timeout
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,12 +6,14 @@ import { CryptoService } from '../abstractions/crypto.service';
|
||||||
import { FolderService } from '../abstractions/folder.service';
|
import { FolderService } from '../abstractions/folder.service';
|
||||||
import { MessagingService } from '../abstractions/messaging.service';
|
import { MessagingService } from '../abstractions/messaging.service';
|
||||||
import { PlatformUtilsService } from '../abstractions/platformUtils.service';
|
import { PlatformUtilsService } from '../abstractions/platformUtils.service';
|
||||||
|
import { PolicyService } from '../abstractions/policy.service';
|
||||||
import { SearchService } from '../abstractions/search.service';
|
import { SearchService } from '../abstractions/search.service';
|
||||||
import { StorageService } from '../abstractions/storage.service';
|
import { StorageService } from '../abstractions/storage.service';
|
||||||
import { TokenService } from '../abstractions/token.service';
|
import { TokenService } from '../abstractions/token.service';
|
||||||
import { UserService } from '../abstractions/user.service';
|
import { UserService } from '../abstractions/user.service';
|
||||||
import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from '../abstractions/vaultTimeout.service';
|
import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from '../abstractions/vaultTimeout.service';
|
||||||
|
|
||||||
|
import { PolicyType } from '../enums/policyType';
|
||||||
import { EncString } from '../models/domain/encString';
|
import { EncString } from '../models/domain/encString';
|
||||||
|
|
||||||
export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
|
export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
|
||||||
|
@ -25,7 +27,7 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
|
||||||
private collectionService: CollectionService, private cryptoService: CryptoService,
|
private collectionService: CollectionService, private cryptoService: CryptoService,
|
||||||
protected platformUtilsService: PlatformUtilsService, private storageService: StorageService,
|
protected platformUtilsService: PlatformUtilsService, private storageService: StorageService,
|
||||||
private messagingService: MessagingService, private searchService: SearchService,
|
private messagingService: MessagingService, private searchService: SearchService,
|
||||||
private userService: UserService, private tokenService: TokenService,
|
private userService: UserService, private tokenService: TokenService, private policyService: PolicyService,
|
||||||
private lockedCallback: () => Promise<void> = null, private loggedOutCallback: () => Promise<void> = null) {
|
private lockedCallback: () => Promise<void> = null, private loggedOutCallback: () => Promise<void> = null) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -71,12 +73,7 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// This has the potential to be removed. Evaluate after all platforms complete with auto-logout
|
const vaultTimeout = await this.getVaultTimeout();
|
||||||
let vaultTimeout = this.platformUtilsService.lockTimeout();
|
|
||||||
if (vaultTimeout == null) {
|
|
||||||
vaultTimeout = await this.storageService.get<number>(ConstantsService.vaultTimeoutKey);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (vaultTimeout == null || vaultTimeout < 0) {
|
if (vaultTimeout == null || vaultTimeout < 0) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -141,6 +138,29 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
|
||||||
return await this.storageService.get<boolean>(ConstantsService.biometricUnlockKey);
|
return await this.storageService.get<boolean>(ConstantsService.biometricUnlockKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async getVaultTimeout(): Promise<number> {
|
||||||
|
const vaultTimeout = await this.storageService.get<number>(ConstantsService.vaultTimeoutKey);
|
||||||
|
|
||||||
|
if (await this.policyService.policyAppliesToUser(PolicyType.MaximumVaultTimeout)) {
|
||||||
|
const policy = await this.policyService.getAll(PolicyType.MaximumVaultTimeout);
|
||||||
|
// Remove negative values, and ensure it's smaller than maximum allowed value according to policy
|
||||||
|
let timeout = Math.min(vaultTimeout, policy[0].data.minutes);
|
||||||
|
|
||||||
|
if (vaultTimeout == null || timeout < 0) {
|
||||||
|
timeout = policy[0].data.minutes;
|
||||||
|
}
|
||||||
|
|
||||||
|
// We really shouldn't need to set the value here, but multiple services relies on this value being correct.
|
||||||
|
if (vaultTimeout !== timeout) {
|
||||||
|
await this.storageService.save(ConstantsService.vaultTimeoutKey, timeout);
|
||||||
|
}
|
||||||
|
|
||||||
|
return timeout;
|
||||||
|
}
|
||||||
|
|
||||||
|
return vaultTimeout;
|
||||||
|
}
|
||||||
|
|
||||||
clear(): Promise<any> {
|
clear(): Promise<any> {
|
||||||
this.everBeenUnlocked = false;
|
this.everBeenUnlocked = false;
|
||||||
this.pinProtectedKey = null;
|
this.pinProtectedKey = null;
|
||||||
|
|
|
@ -88,10 +88,6 @@ export class ElectronPlatformUtilsService implements PlatformUtilsService {
|
||||||
return Promise.resolve(false);
|
return Promise.resolve(false);
|
||||||
}
|
}
|
||||||
|
|
||||||
lockTimeout(): number {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
launchUri(uri: string, options?: any): void {
|
launchUri(uri: string, options?: any): void {
|
||||||
shell.openExternal(uri);
|
shell.openExternal(uri);
|
||||||
}
|
}
|
||||||
|
|
|
@ -76,10 +76,6 @@ export class CliPlatformUtilsService implements PlatformUtilsService {
|
||||||
return Promise.resolve(false);
|
return Promise.resolve(false);
|
||||||
}
|
}
|
||||||
|
|
||||||
lockTimeout(): number {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
launchUri(uri: string, options?: any): void {
|
launchUri(uri: string, options?: any): void {
|
||||||
if (process.platform === 'linux') {
|
if (process.platform === 'linux') {
|
||||||
child_process.spawnSync('xdg-open', [uri]);
|
child_process.spawnSync('xdg-open', [uri]);
|
||||||
|
|
Loading…
Reference in New Issue