Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PM-12700] Add private key regeneration process #11829

Open
wants to merge 42 commits into
base: main
Choose a base branch
from

Conversation

Thomas-Avery
Copy link
Contributor

@Thomas-Avery Thomas-Avery commented Nov 1, 2024

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-12700

📔 Objective

Requires server work in bitwarden/server#4929

The purpose of this PR is to add the private key regeneration process on UI refreshed login and lock components.
Old components are out of scope for this feature.

This feature is behind a feature flag.

Target flows are:

  • Login
  • Lock
  • Log in with device
  • Passkey Login (this currently is web client only and requires the passkey to be “used for encryption”)

Out of scope are the login flows:

  • SSO Login
  • 2FA Login

Private key regeneration will be added to these once the UI refresh rewrite for them is merged into main in follow-up PRs.

The LoginSuccessHandlerService was the requested approach for the auth team and why it was created under their ownership.

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@Thomas-Avery Thomas-Avery self-assigned this Nov 1, 2024
Copy link
Contributor

github-actions bot commented Dec 9, 2024

Logo
Checkmarx One – Scan Summary & Detailse2895a60-b927-44cb-a30f-385f5da56f9d

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM Client_Privacy_Violation /apps/browser/src/vault/popup/components/vault/add-edit.component.ts: 70 Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /libs/key-management/src/user-asymmetric-key-regeneration/services/default-user-asymmetric-key-regeneration.service.ts: 111 Attack Vector
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /libs/key-management/src/user-asymmetric-key-regeneration/services/default-user-asymmetric-key-regeneration.service.ts: 66 Attack Vector

Fixed Issues

Severity Issue Source File / Package
MEDIUM Client_Privacy_Violation /bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts: 169
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/login-via-auth-request-v1.component.ts: 53
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/login/login-via-auth-request-v1.component.ts: 63
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/login/login-via-auth-request-v1.component.ts: 63
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/login-via-auth-request-v1.component.ts: 53
LOW Client_JQuery_Deprecated_Symbols /apps/cli/src/service-container/service-container.ts: 878

@Thomas-Avery
Copy link
Contributor Author

Looks like those tests are failing on main and aren't related to this PR.

Copy link

codecov bot commented Dec 12, 2024

Codecov Report

Attention: Patch coverage is 56.00000% with 44 lines in your changes missing coverage. Please review.

Project coverage is 33.48%. Comparing base (6cea328) to head (d775217).
Report is 4 commits behind head on main.

✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
...th/components/base-login-via-webauthn.component.ts 0.00% 12 Missing ⚠️
...efault-user-asymmetric-key-regeneration.service.ts 91.07% 4 Missing and 1 partial ⚠️
...a-auth-request/login-via-auth-request.component.ts 0.00% 4 Missing ⚠️
...s-handler/default-login-success-handler.service.ts 20.00% 4 Missing ⚠️
...ment/src/user-asymmetric-key-regeneration/index.ts 0.00% 4 Missing ⚠️
...lt-user-asymmetric-key-regeneration-api.service.ts 0.00% 4 Missing ⚠️
libs/auth/src/angular/lock/lock.component.ts 0.00% 3 Missing ⚠️
...ration/models/requests/key-regeneration.request.ts 0.00% 3 Missing ⚠️
libs/auth/src/angular/login/login.component.ts 0.00% 2 Missing ⚠️
libs/key-management/src/index.ts 0.00% 1 Missing ⚠️
... and 2 more
Additional details and impacted files
@@            Coverage Diff             @@
##             main   #11829      +/-   ##
==========================================
+ Coverage   33.45%   33.48%   +0.02%     
==========================================
  Files        2908     2916       +8     
  Lines       91057    91146      +89     
  Branches    17336    17349      +13     
==========================================
+ Hits        30467    30523      +56     
- Misses      58184    58216      +32     
- Partials     2406     2407       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Thomas-Avery Thomas-Avery marked this pull request as ready for review December 12, 2024 01:02
@Thomas-Avery Thomas-Avery requested review from a team as code owners December 12, 2024 01:02
mzieniukbw
mzieniukbw previously approved these changes Dec 12, 2024
Copy link
Contributor

@mzieniukbw mzieniukbw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I have added few optional changes.

* Service calls that should be included in this method are only those required to be awaited after successful login.
* @param userId The user id.
*/
abstract run: (userId: UserId) => Promise<void>;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 function instead of property ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is what you're asking for ? 5466be0

It looks like KM follows a standard, so I swapped to that. In the rest of the code base, they're both used.

Not sure what the difference is?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Methods declared as arrow functions in an abstract class are treated as properties in TypeScript, not as traditional methods. Generally, we would want actual functions to be treated as functions. It makes things like testing easier as well.

package.json Outdated Show resolved Hide resolved
Copy link
Contributor

@JaredSnider-Bitwarden JaredSnider-Bitwarden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auth files look great! Tyvm for implementing the new service we discussed!

@ike-kottlowski ike-kottlowski removed their request for review December 13, 2024 04:05
Copy link
Contributor

@mzieniukbw mzieniukbw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants