sso support (#127)
* support for sso * created master password boolean * resetMasterPassword flows * throw on bad ctor for token request
This commit is contained in:
parent
f820cb9186
commit
fefef546f0
|
@ -141,6 +141,7 @@ export abstract class ApiService {
|
||||||
postAccountKeys: (request: KeysRequest) => Promise<any>;
|
postAccountKeys: (request: KeysRequest) => Promise<any>;
|
||||||
postAccountVerifyEmail: () => Promise<any>;
|
postAccountVerifyEmail: () => Promise<any>;
|
||||||
postAccountVerifyEmailToken: (request: VerifyEmailRequest) => Promise<any>;
|
postAccountVerifyEmailToken: (request: VerifyEmailRequest) => Promise<any>;
|
||||||
|
postAccountVerifyPassword: (request: PasswordVerificationRequest) => Promise<any>;
|
||||||
postAccountRecoverDelete: (request: DeleteRecoverRequest) => Promise<any>;
|
postAccountRecoverDelete: (request: DeleteRecoverRequest) => Promise<any>;
|
||||||
postAccountRecoverDeleteToken: (request: VerifyDeleteRecoverRequest) => Promise<any>;
|
postAccountRecoverDeleteToken: (request: VerifyDeleteRecoverRequest) => Promise<any>;
|
||||||
postAccountKdf: (request: KdfRequest) => Promise<any>;
|
postAccountKdf: (request: KdfRequest) => Promise<any>;
|
||||||
|
|
|
@ -6,10 +6,14 @@ import { SymmetricCryptoKey } from '../models/domain/symmetricCryptoKey';
|
||||||
export abstract class AuthService {
|
export abstract class AuthService {
|
||||||
email: string;
|
email: string;
|
||||||
masterPasswordHash: string;
|
masterPasswordHash: string;
|
||||||
|
code: string;
|
||||||
|
codeVerifier: string;
|
||||||
|
ssoRedirectUrl: string;
|
||||||
twoFactorProvidersData: Map<TwoFactorProviderType, { [key: string]: string; }>;
|
twoFactorProvidersData: Map<TwoFactorProviderType, { [key: string]: string; }>;
|
||||||
selectedTwoFactorProviderType: TwoFactorProviderType;
|
selectedTwoFactorProviderType: TwoFactorProviderType;
|
||||||
|
|
||||||
logIn: (email: string, masterPassword: string) => Promise<AuthResult>;
|
logIn: (email: string, masterPassword: string) => Promise<AuthResult>;
|
||||||
|
logInSso: (code: string, codeVerifier: string, redirectUrl: string) => Promise<AuthResult>;
|
||||||
logInTwoFactor: (twoFactorProvider: TwoFactorProviderType, twoFactorToken: string,
|
logInTwoFactor: (twoFactorProvider: TwoFactorProviderType, twoFactorToken: string,
|
||||||
remember?: boolean) => Promise<AuthResult>;
|
remember?: boolean) => Promise<AuthResult>;
|
||||||
logInComplete: (email: string, masterPassword: string, twoFactorProvider: TwoFactorProviderType,
|
logInComplete: (email: string, masterPassword: string, twoFactorProvider: TwoFactorProviderType,
|
||||||
|
@ -18,4 +22,6 @@ export abstract class AuthService {
|
||||||
getSupportedTwoFactorProviders: (win: Window) => any[];
|
getSupportedTwoFactorProviders: (win: Window) => any[];
|
||||||
getDefaultTwoFactorProvider: (u2fSupported: boolean) => TwoFactorProviderType;
|
getDefaultTwoFactorProvider: (u2fSupported: boolean) => TwoFactorProviderType;
|
||||||
makePreloginKey: (masterPassword: string, email: string) => Promise<SymmetricCryptoKey>;
|
makePreloginKey: (masterPassword: string, email: string) => Promise<SymmetricCryptoKey>;
|
||||||
|
authingWithSso: () => boolean;
|
||||||
|
authingWithPassword: () => boolean;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
import { OnInit } from '@angular/core';
|
import { OnInit } from '@angular/core';
|
||||||
import { Router } from '@angular/router';
|
import { Router } from '@angular/router';
|
||||||
|
|
||||||
|
import { ApiService } from '../../abstractions/api.service';
|
||||||
import { CryptoService } from '../../abstractions/crypto.service';
|
import { CryptoService } from '../../abstractions/crypto.service';
|
||||||
import { EnvironmentService } from '../../abstractions/environment.service';
|
import { EnvironmentService } from '../../abstractions/environment.service';
|
||||||
import { I18nService } from '../../abstractions/i18n.service';
|
import { I18nService } from '../../abstractions/i18n.service';
|
||||||
|
@ -16,6 +17,8 @@ import { ConstantsService } from '../../services/constants.service';
|
||||||
import { CipherString } from '../../models/domain/cipherString';
|
import { CipherString } from '../../models/domain/cipherString';
|
||||||
import { SymmetricCryptoKey } from '../../models/domain/symmetricCryptoKey';
|
import { SymmetricCryptoKey } from '../../models/domain/symmetricCryptoKey';
|
||||||
|
|
||||||
|
import { PasswordVerificationRequest } from '../../models/request/passwordVerificationRequest';
|
||||||
|
|
||||||
import { Utils } from '../../misc/utils';
|
import { Utils } from '../../misc/utils';
|
||||||
|
|
||||||
export class LockComponent implements OnInit {
|
export class LockComponent implements OnInit {
|
||||||
|
@ -25,6 +28,7 @@ export class LockComponent implements OnInit {
|
||||||
email: string;
|
email: string;
|
||||||
pinLock: boolean = false;
|
pinLock: boolean = false;
|
||||||
webVaultHostname: string = '';
|
webVaultHostname: string = '';
|
||||||
|
formPromise: Promise<any>;
|
||||||
|
|
||||||
protected successRoute: string = 'vault';
|
protected successRoute: string = 'vault';
|
||||||
protected onSuccessfulSubmit: () => void;
|
protected onSuccessfulSubmit: () => void;
|
||||||
|
@ -36,7 +40,8 @@ export class LockComponent implements OnInit {
|
||||||
protected platformUtilsService: PlatformUtilsService, protected messagingService: MessagingService,
|
protected platformUtilsService: PlatformUtilsService, protected messagingService: MessagingService,
|
||||||
protected userService: UserService, protected cryptoService: CryptoService,
|
protected userService: UserService, protected cryptoService: CryptoService,
|
||||||
protected storageService: StorageService, protected vaultTimeoutService: VaultTimeoutService,
|
protected storageService: StorageService, protected vaultTimeoutService: VaultTimeoutService,
|
||||||
protected environmentService: EnvironmentService, protected stateService: StateService) { }
|
protected environmentService: EnvironmentService, protected stateService: StateService,
|
||||||
|
protected apiService: ApiService) { }
|
||||||
|
|
||||||
async ngOnInit() {
|
async ngOnInit() {
|
||||||
this.pinSet = await this.vaultTimeoutService.isPinLockSet();
|
this.pinSet = await this.vaultTimeoutService.isPinLockSet();
|
||||||
|
@ -98,9 +103,26 @@ export class LockComponent implements OnInit {
|
||||||
} else {
|
} else {
|
||||||
const key = await this.cryptoService.makeKey(this.masterPassword, this.email, kdf, kdfIterations);
|
const key = await this.cryptoService.makeKey(this.masterPassword, this.email, kdf, kdfIterations);
|
||||||
const keyHash = await this.cryptoService.hashPassword(this.masterPassword, key);
|
const keyHash = await this.cryptoService.hashPassword(this.masterPassword, key);
|
||||||
const storedKeyHash = await this.cryptoService.getKeyHash();
|
|
||||||
|
|
||||||
if (storedKeyHash != null && keyHash != null && storedKeyHash === keyHash) {
|
let passwordValid = false;
|
||||||
|
|
||||||
|
if (keyHash != null) {
|
||||||
|
const storedKeyHash = await this.cryptoService.getKeyHash();
|
||||||
|
if (storedKeyHash != null) {
|
||||||
|
passwordValid = storedKeyHash === keyHash;
|
||||||
|
} else {
|
||||||
|
const request = new PasswordVerificationRequest();
|
||||||
|
request.masterPasswordHash = keyHash;
|
||||||
|
try {
|
||||||
|
this.formPromise = this.apiService.postAccountVerifyPassword(request);
|
||||||
|
await this.formPromise;
|
||||||
|
passwordValid = true;
|
||||||
|
await this.cryptoService.setKeyHash(keyHash);
|
||||||
|
} catch { }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (passwordValid) {
|
||||||
if (this.pinSet[0]) {
|
if (this.pinSet[0]) {
|
||||||
const protectedPin = await this.storageService.get<string>(ConstantsService.protectedPin);
|
const protectedPin = await this.storageService.get<string>(ConstantsService.protectedPin);
|
||||||
const encKey = await this.cryptoService.getEncKey(key);
|
const encKey = await this.cryptoService.getEncKey(key);
|
||||||
|
|
|
@ -52,12 +52,16 @@ export class TwoFactorComponent implements OnInit, OnDestroy {
|
||||||
}
|
}
|
||||||
|
|
||||||
async ngOnInit() {
|
async ngOnInit() {
|
||||||
if (this.authService.email == null || this.authService.masterPasswordHash == null ||
|
if ((!this.authService.authingWithSso() && !this.authService.authingWithPassword()) ||
|
||||||
this.authService.twoFactorProvidersData == null) {
|
this.authService.twoFactorProvidersData == null) {
|
||||||
this.router.navigate([this.loginRoute]);
|
this.router.navigate([this.loginRoute]);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (this.authService.authingWithSso()) {
|
||||||
|
this.successRoute = 'lock';
|
||||||
|
}
|
||||||
|
|
||||||
if (this.initU2f && this.win != null && this.u2fSupported) {
|
if (this.initU2f && this.win != null && this.u2fSupported) {
|
||||||
let customWebVaultUrl: string = null;
|
let customWebVaultUrl: string = null;
|
||||||
if (this.environmentService.baseUrl != null) {
|
if (this.environmentService.baseUrl != null) {
|
||||||
|
|
|
@ -89,6 +89,14 @@ export class Utils {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static fromBufferToUrlB64(buffer: ArrayBuffer): string {
|
||||||
|
const output = this.fromBufferToB64(buffer)
|
||||||
|
.replace(/\+/g, '-')
|
||||||
|
.replace(/\//g, '_')
|
||||||
|
.replace(/=/g, '');
|
||||||
|
return output;
|
||||||
|
}
|
||||||
|
|
||||||
static fromBufferToUtf8(buffer: ArrayBuffer): string {
|
static fromBufferToUtf8(buffer: ArrayBuffer): string {
|
||||||
if (Utils.isNode || Utils.isNativeScript) {
|
if (Utils.isNode || Utils.isNativeScript) {
|
||||||
return Buffer.from(buffer).toString('utf8');
|
return Buffer.from(buffer).toString('utf8');
|
||||||
|
|
|
@ -2,5 +2,6 @@ import { TwoFactorProviderType } from '../../enums/twoFactorProviderType';
|
||||||
|
|
||||||
export class AuthResult {
|
export class AuthResult {
|
||||||
twoFactor: boolean = false;
|
twoFactor: boolean = false;
|
||||||
|
resetMasterPassword: boolean = false;
|
||||||
twoFactorProviders: Map<TwoFactorProviderType, { [key: string]: string; }> = null;
|
twoFactorProviders: Map<TwoFactorProviderType, { [key: string]: string; }> = null;
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,15 +5,24 @@ import { DeviceRequest } from './deviceRequest';
|
||||||
export class TokenRequest {
|
export class TokenRequest {
|
||||||
email: string;
|
email: string;
|
||||||
masterPasswordHash: string;
|
masterPasswordHash: string;
|
||||||
|
code: string;
|
||||||
|
codeVerifier: string;
|
||||||
|
redirectUri: string;
|
||||||
token: string;
|
token: string;
|
||||||
provider: TwoFactorProviderType;
|
provider: TwoFactorProviderType;
|
||||||
remember: boolean;
|
remember: boolean;
|
||||||
device?: DeviceRequest;
|
device?: DeviceRequest;
|
||||||
|
|
||||||
constructor(email: string, masterPasswordHash: string, provider: TwoFactorProviderType,
|
constructor(credentials: string[], codes: string[], provider: TwoFactorProviderType,
|
||||||
token: string, remember: boolean, device?: DeviceRequest) {
|
token: string, remember: boolean, device?: DeviceRequest) {
|
||||||
this.email = email;
|
if (credentials != null && credentials.length > 1) {
|
||||||
this.masterPasswordHash = masterPasswordHash;
|
this.email = credentials[0];
|
||||||
|
this.masterPasswordHash = credentials[1];
|
||||||
|
} else if (codes != null && codes.length > 2) {
|
||||||
|
this.code = codes[0];
|
||||||
|
this.codeVerifier = codes[1];
|
||||||
|
this.redirectUri = codes[2];
|
||||||
|
}
|
||||||
this.token = token;
|
this.token = token;
|
||||||
this.provider = provider;
|
this.provider = provider;
|
||||||
this.remember = remember;
|
this.remember = remember;
|
||||||
|
@ -22,13 +31,23 @@ export class TokenRequest {
|
||||||
|
|
||||||
toIdentityToken(clientId: string) {
|
toIdentityToken(clientId: string) {
|
||||||
const obj: any = {
|
const obj: any = {
|
||||||
grant_type: 'password',
|
|
||||||
username: this.email,
|
|
||||||
password: this.masterPasswordHash,
|
|
||||||
scope: 'api offline_access',
|
scope: 'api offline_access',
|
||||||
client_id: clientId,
|
client_id: clientId,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
if (this.masterPasswordHash != null && this.email != null) {
|
||||||
|
obj.grant_type = 'password';
|
||||||
|
obj.username = this.email;
|
||||||
|
obj.password = this.masterPasswordHash;
|
||||||
|
} else if (this.code != null && this.codeVerifier != null && this.redirectUri != null) {
|
||||||
|
obj.grant_type = 'authorization_code';
|
||||||
|
obj.code = this.code;
|
||||||
|
obj.code_verifier = this.codeVerifier;
|
||||||
|
obj.redirect_uri = this.redirectUri;
|
||||||
|
} else {
|
||||||
|
throw new Error('must provide credentials or codes');
|
||||||
|
}
|
||||||
|
|
||||||
if (this.device) {
|
if (this.device) {
|
||||||
obj.deviceType = this.device.type;
|
obj.deviceType = this.device.type;
|
||||||
obj.deviceIdentifier = this.device.identifier;
|
obj.deviceIdentifier = this.device.identifier;
|
||||||
|
|
|
@ -1,14 +1,19 @@
|
||||||
import { BaseResponse } from './baseResponse';
|
import { BaseResponse } from './baseResponse';
|
||||||
|
|
||||||
|
import { KdfType } from '../../enums/kdfType';
|
||||||
|
|
||||||
export class IdentityTokenResponse extends BaseResponse {
|
export class IdentityTokenResponse extends BaseResponse {
|
||||||
accessToken: string;
|
accessToken: string;
|
||||||
expiresIn: number;
|
expiresIn: number;
|
||||||
refreshToken: string;
|
refreshToken: string;
|
||||||
tokenType: string;
|
tokenType: string;
|
||||||
|
|
||||||
|
resetMasterPassword: boolean;
|
||||||
privateKey: string;
|
privateKey: string;
|
||||||
key: string;
|
key: string;
|
||||||
twoFactorToken: string;
|
twoFactorToken: string;
|
||||||
|
kdf: KdfType;
|
||||||
|
kdfIterations: number;
|
||||||
|
|
||||||
constructor(response: any) {
|
constructor(response: any) {
|
||||||
super(response);
|
super(response);
|
||||||
|
@ -17,8 +22,11 @@ export class IdentityTokenResponse extends BaseResponse {
|
||||||
this.refreshToken = response.refresh_token;
|
this.refreshToken = response.refresh_token;
|
||||||
this.tokenType = response.token_type;
|
this.tokenType = response.token_type;
|
||||||
|
|
||||||
|
this.resetMasterPassword = this.getResponseProperty('ResetMasterPassword');
|
||||||
this.privateKey = this.getResponseProperty('PrivateKey');
|
this.privateKey = this.getResponseProperty('PrivateKey');
|
||||||
this.key = this.getResponseProperty('Key');
|
this.key = this.getResponseProperty('Key');
|
||||||
this.twoFactorToken = this.getResponseProperty('TwoFactorToken');
|
this.twoFactorToken = this.getResponseProperty('TwoFactorToken');
|
||||||
|
this.kdf = this.getResponseProperty('Kdf');
|
||||||
|
this.kdfIterations = this.getResponseProperty('KdfIterations');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -321,6 +321,10 @@ export class ApiService implements ApiServiceAbstraction {
|
||||||
return this.send('POST', '/accounts/verify-email-token', request, false, false);
|
return this.send('POST', '/accounts/verify-email-token', request, false, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
postAccountVerifyPassword(request: PasswordVerificationRequest): Promise<any> {
|
||||||
|
return this.send('POST', '/accounts/verify-password', request, true, false);
|
||||||
|
}
|
||||||
|
|
||||||
postAccountRecoverDelete(request: DeleteRecoverRequest): Promise<any> {
|
postAccountRecoverDelete(request: DeleteRecoverRequest): Promise<any> {
|
||||||
return this.send('POST', '/accounts/delete-recover', request, false, false);
|
return this.send('POST', '/accounts/delete-recover', request, false, false);
|
||||||
}
|
}
|
||||||
|
|
|
@ -77,12 +77,13 @@ export const TwoFactorProviders = {
|
||||||
export class AuthService implements AuthServiceAbstraction {
|
export class AuthService implements AuthServiceAbstraction {
|
||||||
email: string;
|
email: string;
|
||||||
masterPasswordHash: string;
|
masterPasswordHash: string;
|
||||||
|
code: string;
|
||||||
|
codeVerifier: string;
|
||||||
|
ssoRedirectUrl: string;
|
||||||
twoFactorProvidersData: Map<TwoFactorProviderType, { [key: string]: string; }>;
|
twoFactorProvidersData: Map<TwoFactorProviderType, { [key: string]: string; }>;
|
||||||
selectedTwoFactorProviderType: TwoFactorProviderType = null;
|
selectedTwoFactorProviderType: TwoFactorProviderType = null;
|
||||||
|
|
||||||
private key: SymmetricCryptoKey;
|
private key: SymmetricCryptoKey;
|
||||||
private kdf: KdfType;
|
|
||||||
private kdfIterations: number;
|
|
||||||
|
|
||||||
constructor(private cryptoService: CryptoService, private apiService: ApiService,
|
constructor(private cryptoService: CryptoService, private apiService: ApiService,
|
||||||
private userService: UserService, private tokenService: TokenService,
|
private userService: UserService, private tokenService: TokenService,
|
||||||
|
@ -116,13 +117,19 @@ export class AuthService implements AuthServiceAbstraction {
|
||||||
this.selectedTwoFactorProviderType = null;
|
this.selectedTwoFactorProviderType = null;
|
||||||
const key = await this.makePreloginKey(masterPassword, email);
|
const key = await this.makePreloginKey(masterPassword, email);
|
||||||
const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key);
|
const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key);
|
||||||
return await this.logInHelper(email, hashedPassword, key);
|
return await this.logInHelper(email, hashedPassword, null, null, null, key,
|
||||||
|
null, null, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
async logInSso(code: string, codeVerifier: string, redirectUrl: string): Promise<AuthResult> {
|
||||||
|
this.selectedTwoFactorProviderType = null;
|
||||||
|
return await this.logInHelper(null, null, code, codeVerifier, redirectUrl, null, null, null, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
async logInTwoFactor(twoFactorProvider: TwoFactorProviderType, twoFactorToken: string,
|
async logInTwoFactor(twoFactorProvider: TwoFactorProviderType, twoFactorToken: string,
|
||||||
remember?: boolean): Promise<AuthResult> {
|
remember?: boolean): Promise<AuthResult> {
|
||||||
return await this.logInHelper(this.email, this.masterPasswordHash, this.key, twoFactorProvider,
|
return await this.logInHelper(this.email, this.masterPasswordHash, this.code, this.codeVerifier,
|
||||||
twoFactorToken, remember);
|
this.ssoRedirectUrl, this.key, twoFactorProvider, twoFactorToken, remember);
|
||||||
}
|
}
|
||||||
|
|
||||||
async logInComplete(email: string, masterPassword: string, twoFactorProvider: TwoFactorProviderType,
|
async logInComplete(email: string, masterPassword: string, twoFactorProvider: TwoFactorProviderType,
|
||||||
|
@ -130,7 +137,8 @@ export class AuthService implements AuthServiceAbstraction {
|
||||||
this.selectedTwoFactorProviderType = null;
|
this.selectedTwoFactorProviderType = null;
|
||||||
const key = await this.makePreloginKey(masterPassword, email);
|
const key = await this.makePreloginKey(masterPassword, email);
|
||||||
const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key);
|
const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key);
|
||||||
return await this.logInHelper(email, hashedPassword, key, twoFactorProvider, twoFactorToken, remember);
|
return await this.logInHelper(email, hashedPassword, null, null, null, key, twoFactorProvider, twoFactorToken,
|
||||||
|
remember);
|
||||||
}
|
}
|
||||||
|
|
||||||
logOut(callback: Function) {
|
logOut(callback: Function) {
|
||||||
|
@ -201,37 +209,59 @@ export class AuthService implements AuthServiceAbstraction {
|
||||||
|
|
||||||
async makePreloginKey(masterPassword: string, email: string): Promise<SymmetricCryptoKey> {
|
async makePreloginKey(masterPassword: string, email: string): Promise<SymmetricCryptoKey> {
|
||||||
email = email.trim().toLowerCase();
|
email = email.trim().toLowerCase();
|
||||||
this.kdf = null;
|
let kdf: KdfType = null;
|
||||||
this.kdfIterations = null;
|
let kdfIterations: number = null;
|
||||||
try {
|
try {
|
||||||
const preloginResponse = await this.apiService.postPrelogin(new PreloginRequest(email));
|
const preloginResponse = await this.apiService.postPrelogin(new PreloginRequest(email));
|
||||||
if (preloginResponse != null) {
|
if (preloginResponse != null) {
|
||||||
this.kdf = preloginResponse.kdf;
|
kdf = preloginResponse.kdf;
|
||||||
this.kdfIterations = preloginResponse.kdfIterations;
|
kdfIterations = preloginResponse.kdfIterations;
|
||||||
}
|
}
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
if (e == null || e.statusCode !== 404) {
|
if (e == null || e.statusCode !== 404) {
|
||||||
throw e;
|
throw e;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return this.cryptoService.makeKey(masterPassword, email, this.kdf, this.kdfIterations);
|
return this.cryptoService.makeKey(masterPassword, email, kdf, kdfIterations);
|
||||||
}
|
}
|
||||||
|
|
||||||
private async logInHelper(email: string, hashedPassword: string, key: SymmetricCryptoKey,
|
authingWithSso(): boolean {
|
||||||
twoFactorProvider?: TwoFactorProviderType, twoFactorToken?: string, remember?: boolean): Promise<AuthResult> {
|
return this.code != null && this.codeVerifier != null && this.ssoRedirectUrl != null;
|
||||||
|
}
|
||||||
|
|
||||||
|
authingWithPassword(): boolean {
|
||||||
|
return this.email != null && this.masterPasswordHash != null;
|
||||||
|
}
|
||||||
|
|
||||||
|
private async logInHelper(email: string, hashedPassword: string, code: string, codeVerifier: string,
|
||||||
|
redirectUrl: string, key: SymmetricCryptoKey, twoFactorProvider?: TwoFactorProviderType,
|
||||||
|
twoFactorToken?: string, remember?: boolean): Promise<AuthResult> {
|
||||||
const storedTwoFactorToken = await this.tokenService.getTwoFactorToken(email);
|
const storedTwoFactorToken = await this.tokenService.getTwoFactorToken(email);
|
||||||
const appId = await this.appIdService.getAppId();
|
const appId = await this.appIdService.getAppId();
|
||||||
const deviceRequest = new DeviceRequest(appId, this.platformUtilsService);
|
const deviceRequest = new DeviceRequest(appId, this.platformUtilsService);
|
||||||
|
|
||||||
|
let emailPassword: string[] = [];
|
||||||
|
let codeCodeVerifier: string[] = [];
|
||||||
|
if (email != null && hashedPassword != null) {
|
||||||
|
emailPassword = [email, hashedPassword];
|
||||||
|
} else {
|
||||||
|
emailPassword = null;
|
||||||
|
}
|
||||||
|
if (code != null && codeVerifier != null && redirectUrl != null) {
|
||||||
|
codeCodeVerifier = [code, codeVerifier, redirectUrl];
|
||||||
|
} else {
|
||||||
|
codeCodeVerifier = null;
|
||||||
|
}
|
||||||
|
|
||||||
let request: TokenRequest;
|
let request: TokenRequest;
|
||||||
if (twoFactorToken != null && twoFactorProvider != null) {
|
if (twoFactorToken != null && twoFactorProvider != null) {
|
||||||
request = new TokenRequest(email, hashedPassword, twoFactorProvider, twoFactorToken, remember,
|
request = new TokenRequest(emailPassword, codeCodeVerifier, twoFactorProvider, twoFactorToken, remember,
|
||||||
deviceRequest);
|
deviceRequest);
|
||||||
} else if (storedTwoFactorToken != null) {
|
} else if (storedTwoFactorToken != null) {
|
||||||
request = new TokenRequest(email, hashedPassword, TwoFactorProviderType.Remember,
|
request = new TokenRequest(emailPassword, codeCodeVerifier, TwoFactorProviderType.Remember,
|
||||||
storedTwoFactorToken, false, deviceRequest);
|
storedTwoFactorToken, false, deviceRequest);
|
||||||
} else {
|
} else {
|
||||||
request = new TokenRequest(email, hashedPassword, null, null, false, deviceRequest);
|
request = new TokenRequest(emailPassword, codeCodeVerifier, null, null, false, deviceRequest);
|
||||||
}
|
}
|
||||||
|
|
||||||
const response = await this.apiService.postIdentityToken(request);
|
const response = await this.apiService.postIdentityToken(request);
|
||||||
|
@ -245,6 +275,9 @@ export class AuthService implements AuthServiceAbstraction {
|
||||||
const twoFactorResponse = response as IdentityTwoFactorResponse;
|
const twoFactorResponse = response as IdentityTwoFactorResponse;
|
||||||
this.email = email;
|
this.email = email;
|
||||||
this.masterPasswordHash = hashedPassword;
|
this.masterPasswordHash = hashedPassword;
|
||||||
|
this.code = code;
|
||||||
|
this.codeVerifier = codeVerifier;
|
||||||
|
this.ssoRedirectUrl = redirectUrl;
|
||||||
this.key = this.setCryptoKeys ? key : null;
|
this.key = this.setCryptoKeys ? key : null;
|
||||||
this.twoFactorProvidersData = twoFactorResponse.twoFactorProviders2;
|
this.twoFactorProvidersData = twoFactorResponse.twoFactorProviders2;
|
||||||
result.twoFactorProviders = twoFactorResponse.twoFactorProviders2;
|
result.twoFactorProviders = twoFactorResponse.twoFactorProviders2;
|
||||||
|
@ -252,16 +285,21 @@ export class AuthService implements AuthServiceAbstraction {
|
||||||
}
|
}
|
||||||
|
|
||||||
const tokenResponse = response as IdentityTokenResponse;
|
const tokenResponse = response as IdentityTokenResponse;
|
||||||
|
result.resetMasterPassword = tokenResponse.resetMasterPassword;
|
||||||
if (tokenResponse.twoFactorToken != null) {
|
if (tokenResponse.twoFactorToken != null) {
|
||||||
await this.tokenService.setTwoFactorToken(tokenResponse.twoFactorToken, email);
|
await this.tokenService.setTwoFactorToken(tokenResponse.twoFactorToken, email);
|
||||||
}
|
}
|
||||||
|
|
||||||
await this.tokenService.setTokens(tokenResponse.accessToken, tokenResponse.refreshToken);
|
await this.tokenService.setTokens(tokenResponse.accessToken, tokenResponse.refreshToken);
|
||||||
await this.userService.setInformation(this.tokenService.getUserId(), this.tokenService.getEmail(),
|
await this.userService.setInformation(this.tokenService.getUserId(), this.tokenService.getEmail(),
|
||||||
this.kdf, this.kdfIterations);
|
tokenResponse.kdf, tokenResponse.kdfIterations);
|
||||||
if (this.setCryptoKeys) {
|
if (this.setCryptoKeys) {
|
||||||
await this.cryptoService.setKey(key);
|
if (key != null) {
|
||||||
await this.cryptoService.setKeyHash(hashedPassword);
|
await this.cryptoService.setKey(key);
|
||||||
|
}
|
||||||
|
if (hashedPassword != null) {
|
||||||
|
await this.cryptoService.setKeyHash(hashedPassword);
|
||||||
|
}
|
||||||
await this.cryptoService.setEncKey(tokenResponse.key);
|
await this.cryptoService.setEncKey(tokenResponse.key);
|
||||||
|
|
||||||
// User doesn't have a key pair yet (old account), let's generate one for them
|
// User doesn't have a key pair yet (old account), let's generate one for them
|
||||||
|
@ -284,8 +322,12 @@ export class AuthService implements AuthServiceAbstraction {
|
||||||
}
|
}
|
||||||
|
|
||||||
private clearState(): void {
|
private clearState(): void {
|
||||||
|
this.key = null;
|
||||||
this.email = null;
|
this.email = null;
|
||||||
this.masterPasswordHash = null;
|
this.masterPasswordHash = null;
|
||||||
|
this.code = null;
|
||||||
|
this.codeVerifier = null;
|
||||||
|
this.ssoRedirectUrl = null;
|
||||||
this.twoFactorProvidersData = null;
|
this.twoFactorProvidersData = null;
|
||||||
this.selectedTwoFactorProviderType = null;
|
this.selectedTwoFactorProviderType = null;
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,8 @@ export class ConstantsService {
|
||||||
static readonly protectedPin: string = 'protectedPin';
|
static readonly protectedPin: string = 'protectedPin';
|
||||||
static readonly clearClipboardKey: string = 'clearClipboardKey';
|
static readonly clearClipboardKey: string = 'clearClipboardKey';
|
||||||
static readonly eventCollectionKey: string = 'eventCollection';
|
static readonly eventCollectionKey: string = 'eventCollection';
|
||||||
|
static readonly ssoCodeVerifierKey: string = 'ssoCodeVerifier';
|
||||||
|
static readonly ssoStateKey: string = 'ssoState';
|
||||||
|
|
||||||
readonly environmentUrlsKey: string = ConstantsService.environmentUrlsKey;
|
readonly environmentUrlsKey: string = ConstantsService.environmentUrlsKey;
|
||||||
readonly disableGaKey: string = ConstantsService.disableGaKey;
|
readonly disableGaKey: string = ConstantsService.disableGaKey;
|
||||||
|
@ -47,4 +49,6 @@ export class ConstantsService {
|
||||||
readonly protectedPin: string = ConstantsService.protectedPin;
|
readonly protectedPin: string = ConstantsService.protectedPin;
|
||||||
readonly clearClipboardKey: string = ConstantsService.clearClipboardKey;
|
readonly clearClipboardKey: string = ConstantsService.clearClipboardKey;
|
||||||
readonly eventCollectionKey: string = ConstantsService.eventCollectionKey;
|
readonly eventCollectionKey: string = ConstantsService.eventCollectionKey;
|
||||||
|
readonly ssoCodeVerifierKey: string = ConstantsService.ssoCodeVerifierKey;
|
||||||
|
readonly ssoStateKey: string = ConstantsService.ssoStateKey;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue