Integration with Have I been pwned (#526)

* Initial PoC of integration with haveibeenpwned.

* Extract code to AuditService.

* Add check password to addCipher.
This commit is contained in:
Oscar Hinton 2018-02-28 17:38:23 +01:00 committed by Kyle Spearrin
parent a33c54769c
commit e12ecb0c14
6 changed files with 47 additions and 2 deletions

View File

@ -980,5 +980,14 @@
},
"twoStepNewWindowMessage": {
"message": "Complete your two-step login request using the new tab."
},
"checkPassword": {
"message": "Check if the password have been previously exposed."
},
"passwordExposed": {
"message": "This password have been previously exposed in data breaches!"
},
"passwordSafe": {
"message": "This password was not found in a current data breach! It should be safe to use."
}
}

View File

@ -4,6 +4,7 @@ import { PopupUtilsService } from './popupUtils.service';
import { StateService } from './state.service';
import { ValidationService } from './validation.service';
import { AuditService } from 'jslib/services/audit.service';
import { AuthService } from 'jslib/services/auth.service';
import BrowserMessagingService from '../../../services/browserMessaging.service';
@ -43,5 +44,6 @@ export default angular
.factory('totpService', backgroundServices.totpService)
.factory('environmentService', backgroundServices.environmentService)
.factory('collectionService', backgroundServices.collectionService)
.factory('auditService', AuditService)
.name;

View File

@ -2,7 +2,7 @@ angular
.module('bit.vault')
.controller('vaultAddCipherController', function ($scope, $state, $stateParams, cipherService, folderService,
cryptoService, toastr, popupUtilsService, $analytics, i18nService, constantsService, $timeout) {
cryptoService, toastr, popupUtilsService, $analytics, i18nService, constantsService, $timeout, auditService) {
$scope.i18n = i18nService;
$scope.constants = constantsService;
$scope.addFieldType = constantsService.fieldType.text.toString();
@ -94,6 +94,20 @@ angular
$scope.showPassword = !$scope.showPassword;
};
$scope.checkPassword = () => {
$analytics.eventTrack('Check Password');
auditService
.passwordLeaked($scope.cipher.login.password)
.then((matches) => {
if (matches != 0) {
toastr.error(i18nService.passwordExposed, i18nService.errorsOccurred);
} else {
toastr.success(i18nService.passwordSafe)
}
})
};
$scope.addField = function (type) {
if (!$scope.cipher.fields) {
$scope.cipher.fields = [];

View File

@ -3,7 +3,7 @@ angular
.controller('vaultEditCipherController', function ($scope, $state, $stateParams, cipherService, folderService,
cryptoService, toastr, SweetAlert, platformUtilsService, $analytics, i18nService, constantsService, $timeout,
popupUtilsService) {
popupUtilsService, auditService) {
$timeout(function () {
popupUtilsService.initListSectionItemListeners(document, angular);
document.getElementById('name').focus();
@ -112,6 +112,20 @@ angular
$scope.showPassword = !$scope.showPassword;
};
$scope.checkPassword = () => {
$analytics.eventTrack('Check Password');
auditService
.passwordLeaked($scope.cipher.login.password)
.then((matches) => {
if (matches != 0) {
toastr.error(i18nService.passwordExposed, i18nService.errorsOccurred);
} else {
toastr.success(i18nService.passwordSafe)
}
})
};
$scope.addField = function (type) {
if (!$scope.cipher.fields) {
$scope.cipher.fields = [];

View File

@ -44,6 +44,9 @@
<input id="loginPassword" type="{{showPassword ? 'text' : 'password'}}" name="Login.Password" ng-model="cipher.login.password">
</div>
<div class="action-buttons">
<a class="btn-list" href="" title="{{i18n.checkPassword}}" ng-click="checkPassword()">
<i class="fa fa-lg fa-check-circle"></i>
</a>
<a class="btn-list" href="" title="{{i18n.togglePassword}}" ng-click="togglePassword()">
<i class="fa fa-lg" ng-class="[{'fa-eye': !showPassword}, {'fa-eye-slash': showPassword}]"></i>
</a>

View File

@ -37,6 +37,9 @@
<input id="loginPassword" type="{{showPassword ? 'text' : 'password'}}" name="Login.Password" ng-model="cipher.login.password">
</div>
<div class="action-buttons">
<a class="btn-list" href="" title="{{i18n.checkPassword}}" ng-click="checkPassword()">
<i class="fa fa-lg fa-check-circle"></i>
</a>
<a class="btn-list" href="" title="{{i18n.togglePassword}}" ng-click="togglePassword()">
<i class="fa fa-lg" ng-class="[{'fa-eye': !showPassword}, {'fa-eye-slash': showPassword}]"></i>
</a>