libs/angular/src/auth/components/update-password.component.ts

import { Directive } from "@angular/core";
import { Router } from "@angular/router";

import { ApiService } from "@bitwarden/common/abstractions/api.service";
import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
import { I18nService } from "@bitwarden/common/abstractions/i18n.service";
import { LogService } from "@bitwarden/common/abstractions/log.service";
import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";
import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";
import { PolicyService } from "@bitwarden/common/abstractions/policy/policy.service.abstraction";
import { StateService } from "@bitwarden/common/abstractions/state.service";
import { UserVerificationService } from "@bitwarden/common/abstractions/userVerification/userVerification.service.abstraction";
import { VerificationType } from "@bitwarden/common/auth/enums/verification-type";
import { PasswordRequest } from "@bitwarden/common/auth/models/request/password.request";
import { EncString } from "@bitwarden/common/models/domain/enc-string";
import { MasterPasswordPolicyOptions } from "@bitwarden/common/models/domain/master-password-policy-options";
import { SymmetricCryptoKey } from "@bitwarden/common/models/domain/symmetric-crypto-key";
import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
import { Verification } from "@bitwarden/common/types/verification";

import { ChangePasswordComponent as BaseChangePasswordComponent } from "./change-password.component";

@Directive()
export class UpdatePasswordComponent extends BaseChangePasswordComponent {
  hint: string;
  key: string;
  enforcedPolicyOptions: MasterPasswordPolicyOptions;
  showPassword = false;
  currentMasterPassword: string;

  onSuccessfulChangePassword: () => Promise<void>;

  constructor(
    protected router: Router,
    i18nService: I18nService,
    platformUtilsService: PlatformUtilsService,
    passwordGenerationService: PasswordGenerationServiceAbstraction,
    policyService: PolicyService,
    cryptoService: CryptoService,
    messagingService: MessagingService,
    private apiService: ApiService,
    stateService: StateService,
    private userVerificationService: UserVerificationService,
    private logService: LogService
  ) {
    super(
      i18nService,
      cryptoService,
      messagingService,
      passwordGenerationService,
      platformUtilsService,
      policyService,
      stateService
    );
  }

  togglePassword(confirmField: boolean) {
    this.showPassword = !this.showPassword;
    document.getElementById(confirmField ? "masterPasswordRetype" : "masterPassword").focus();
  }

  async cancel() {
    await this.stateService.setOrganizationInvitation(null);
    this.router.navigate(["/vault"]);
  }

  async setupSubmitActions(): Promise<boolean> {
    if (this.currentMasterPassword == null || this.currentMasterPassword === "") {
      this.platformUtilsService.showToast(
        "error",
        this.i18nService.t("errorOccurred"),
        this.i18nService.t("masterPasswordRequired")
      );
      return false;
    }

    const secret: Verification = {
      type: VerificationType.MasterPassword,
      secret: this.currentMasterPassword,
    };
    try {
      await this.userVerificationService.verifyUser(secret);
    } catch (e) {
      this.platformUtilsService.showToast("error", this.i18nService.t("errorOccurred"), e.message);
      return false;
    }

    this.kdf = await this.stateService.getKdfType();
    this.kdfConfig = await this.stateService.getKdfConfig();
    return true;
  }

  async performSubmitActions(
    masterPasswordHash: string,
    key: SymmetricCryptoKey,
    encKey: [SymmetricCryptoKey, EncString]
  ) {
    try {
      // Create Request
      const request = new PasswordRequest();
      request.masterPasswordHash = await this.cryptoService.hashPassword(
        this.currentMasterPassword,
        null
      );
      request.newMasterPasswordHash = masterPasswordHash;
      request.key = encKey[1].encryptedString;

      // Update user's password
      this.apiService.postPassword(request);

      this.platformUtilsService.showToast(
        "success",
        this.i18nService.t("masterPasswordChanged"),
        this.i18nService.t("logBackIn")
      );

      if (this.onSuccessfulChangePassword != null) {
        this.onSuccessfulChangePassword();
      } else {
        this.messagingService.send("logout");
      }
    } catch (e) {
      this.logService.error(e);
    }
  }
}
Master password policy is not checked when accepting invite from an existing account (#597) * create update-password component * linting and prettier 2022-02-02 23:31:37 -05:00			`import { Directive } from "@angular/core";`
			`import { Router } from "@angular/router";`

Use NPM workspace (#2874) 2022-06-14 17:10:53 +02:00			`import { ApiService } from "@bitwarden/common/abstractions/api.service";`
			`import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";`
			`import { I18nService } from "@bitwarden/common/abstractions/i18n.service";`
			`import { LogService } from "@bitwarden/common/abstractions/log.service";`
			`import { MessagingService } from "@bitwarden/common/abstractions/messaging.service";`
			`import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUtils.service";`
[EC-376] Extract API logic from PolicyService to PolicyApiService (#3203) * Added abstractions for PolicyApiService and PolicyService * Added implementations for PolicyApiService and PolicyService * Updated all references to new PolicyApiService and PolicyService * Deleted old PolicyService abstraction and implementation * Fixed CLI import path for policy.service * Fixed main.background.ts policyApiService dependency for policyService * Updated policy-api.service with the correct imports * [EC-376] Sorted methods order in PolicyApiService * [EC-376] Removed unused clearCache method from PolicyService * [EC-376] Added upsert method to PolicyService * [EC-376] PolicyApiService putPolicy method now upserts data to PolicyService 2022-08-08 10:04:36 +01:00			`import { PolicyService } from "@bitwarden/common/abstractions/policy/policy.service.abstraction";`
Use NPM workspace (#2874) 2022-06-14 17:10:53 +02:00			`import { StateService } from "@bitwarden/common/abstractions/state.service";`
[PS-1107] User Verification Service Refactor (#3219) * UserVerificationService refactor * Remove temp change * move import order * Address PR feedback 2022-08-09 21:31:02 -04:00			`import { UserVerificationService } from "@bitwarden/common/abstractions/userVerification/userVerification.service.abstraction";`
Auth/ps 2298 reorg auth (#4564) * Move auth service factories to Auth team * Move authentication componenets to Auth team * Move auth guard services to Auth team * Move Duo content script to Auth team * Move auth CLI commands to Auth team * Move Desktop Account components to Auth Team * Move Desktop guards to Auth team * Move two-factor provider images to Auth team * Move web Accounts components to Auth Team * Move web settings components to Auth Team * Move web two factor images to Auth Team * Fix missed import changes for Auth Team * Fix Linting errors * Fix missed CLI imports * Fix missed Desktop imports * Revert images move * Fix missed imports in Web * Move angular lib components to Auth Team * Move angular auth guards to Auth team * Move strategy specs to Auth team * Update .eslintignore for new paths * Move lib common abstractions to Auth team * Move services to Auth team * Move common lib enums to Auth team * Move webauthn iframe to Auth team * Move lib common domain models to Auth team * Move common lib requests to Auth team * Move response models to Auth team * Clean up whitelist * Move bit web components to Auth team * Move SSO and SCIM files to Auth team * Revert move SCIM to Auth team SCIM belongs to Admin Console team * Move captcha to Auth team * Move key connector to Auth team * Move emergency access to auth team * Delete extra file * linter fixes * Move kdf config to auth team * Fix whitelist * Fix duo autoformat * Complete two factor provider request move * Fix whitelist names * Fix login capitalization * Revert hint dependency reordering * Revert hint dependency reordering * Revert hint component This components is being picked up as a move between clients * Move web hint component to Auth team * Move new files to auth team * Fix desktop build * Fix browser build 2023-02-06 16:53:37 -05:00			`import { VerificationType } from "@bitwarden/common/auth/enums/verification-type";`
			`import { PasswordRequest } from "@bitwarden/common/auth/models/request/password.request";`
[SM-288] Rename models to follow naming convention (#3795) 2022-10-14 18:25:50 +02:00			`import { EncString } from "@bitwarden/common/models/domain/enc-string";`
			`import { MasterPasswordPolicyOptions } from "@bitwarden/common/models/domain/master-password-policy-options";`
			`import { SymmetricCryptoKey } from "@bitwarden/common/models/domain/symmetric-crypto-key";`
[PM-328] Move generator to tools (#4980) * Move generator to tools libs/angular: - Move generator.component to tools libs/common: - Move password generation to tools - Move username generation including email-forwarders to tools apps/* - create tools-subfolder and move files regarding generator functionality - Update all the imports .github/: - Cleaned up whitelist-capital-letters.txt - Added team-tools-dev folders to CODEOWNERS * Remove unused barrel file 2023-03-10 21:39:46 +01:00			`import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";`
Use NPM workspace (#2874) 2022-06-14 17:10:53 +02:00			`import { Verification } from "@bitwarden/common/types/verification";`
Master password policy is not checked when accepting invite from an existing account (#597) * create update-password component * linting and prettier 2022-02-02 23:31:37 -05:00
Add eslint (#610) 2022-02-22 15:39:11 +01:00			`import { ChangePasswordComponent as BaseChangePasswordComponent } from "./change-password.component";`
Master password policy is not checked when accepting invite from an existing account (#597) * create update-password component * linting and prettier 2022-02-02 23:31:37 -05:00
			`@Directive()`
			`export class UpdatePasswordComponent extends BaseChangePasswordComponent {`
			`hint: string;`
			`key: string;`
			`enforcedPolicyOptions: MasterPasswordPolicyOptions;`
Add eslint (#610) 2022-02-22 15:39:11 +01:00			`showPassword = false;`
Master password policy is not checked when accepting invite from an existing account (#597) * create update-password component * linting and prettier 2022-02-02 23:31:37 -05:00			`currentMasterPassword: string;`

[PS-1107] User Verification Service Refactor (#3219) * UserVerificationService refactor * Remove temp change * move import order * Address PR feedback 2022-08-09 21:31:02 -04:00			`onSuccessfulChangePassword: () => Promise<void>;`
Master password policy is not checked when accepting invite from an existing account (#597) * create update-password component * linting and prettier 2022-02-02 23:31:37 -05:00
			`constructor(`
			`protected router: Router,`
			`i18nService: I18nService,`
			`platformUtilsService: PlatformUtilsService,`
[PM-328] Move generator to tools (#4980) * Move generator to tools libs/angular: - Move generator.component to tools libs/common: - Move password generation to tools - Move username generation including email-forwarders to tools apps/* - create tools-subfolder and move files regarding generator functionality - Update all the imports .github/: - Cleaned up whitelist-capital-letters.txt - Added team-tools-dev folders to CODEOWNERS * Remove unused barrel file 2023-03-10 21:39:46 +01:00			`passwordGenerationService: PasswordGenerationServiceAbstraction,`
Master password policy is not checked when accepting invite from an existing account (#597) * create update-password component * linting and prettier 2022-02-02 23:31:37 -05:00			`policyService: PolicyService,`
			`cryptoService: CryptoService,`
			`messagingService: MessagingService,`
			`private apiService: ApiService,`
			`stateService: StateService,`
			`private userVerificationService: UserVerificationService,`
			`private logService: LogService`
			`) {`
			`super(`
			`i18nService,`
			`cryptoService,`
			`messagingService,`
			`passwordGenerationService,`
			`platformUtilsService,`
			`policyService,`
			`stateService`
			`);`
			`}`

			`togglePassword(confirmField: boolean) {`
			`this.showPassword = !this.showPassword;`
			`document.getElementById(confirmField ? "masterPasswordRetype" : "masterPassword").focus();`
			`}`

			`async cancel() {`
			`await this.stateService.setOrganizationInvitation(null);`
			`this.router.navigate(["/vault"]);`
			`}`

			`async setupSubmitActions(): Promise<boolean> {`
			`if (this.currentMasterPassword == null \|\| this.currentMasterPassword === "") {`
			`this.platformUtilsService.showToast(`
			`"error",`
			`this.i18nService.t("errorOccurred"),`
[SG-590] Missing error messages (#3514) * added removed locale keys on clients * resolved comments 2022-09-15 18:02:01 +01:00			`this.i18nService.t("masterPasswordRequired")`
Master password policy is not checked when accepting invite from an existing account (#597) * create update-password component * linting and prettier 2022-02-02 23:31:37 -05:00			`);`
			`return false;`
			`}`

			`const secret: Verification = {`
			`type: VerificationType.MasterPassword,`
			`secret: this.currentMasterPassword,`
			`};`
			`try {`
			`await this.userVerificationService.verifyUser(secret);`
			`} catch (e) {`
			`this.platformUtilsService.showToast("error", this.i18nService.t("errorOccurred"), e.message);`
			`return false;`
			`}`

			`this.kdf = await this.stateService.getKdfType();`
[PS-2365] Kdf Configuration Options for Argon2 (#4578) * Implement argon2 config * Remove argon2 webassembly warning * Replace magic numbers by enum * Implement kdf configuration * Update UI according to design feedback * Further updates to follow design feedback * Add oxford comma in argon2 description * Fix typos in argon2 descriptions * move key creation into promise with API call * change casing on PBKDF2 * general improvements * kdf config on set pin component * SHA-256 hash argon2 salt * Change argon2 defaults * Change argon2 salt hash to cryptoFunctionService * Fix isLowKdfIteration check --------- Co-authored-by: Kyle Spearrin <kyle.spearrin@gmail.com> Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com> 2023-01-30 15:07:51 +01:00			`this.kdfConfig = await this.stateService.getKdfConfig();`
Master password policy is not checked when accepting invite from an existing account (#597) * create update-password component * linting and prettier 2022-02-02 23:31:37 -05:00			`return true;`
			`}`

			`async performSubmitActions(`
			`masterPasswordHash: string,`
			`key: SymmetricCryptoKey,`
			`encKey: [SymmetricCryptoKey, EncString]`
			`) {`
			`try {`
			`// Create Request`
			`const request = new PasswordRequest();`
			`request.masterPasswordHash = await this.cryptoService.hashPassword(`
			`this.currentMasterPassword,`
			`null`
			`);`
			`request.newMasterPasswordHash = masterPasswordHash;`
			`request.key = encKey[1].encryptedString;`

			`// Update user's password`
			`this.apiService.postPassword(request);`

			`this.platformUtilsService.showToast(`
			`"success",`
			`this.i18nService.t("masterPasswordChanged"),`
			`this.i18nService.t("logBackIn")`
			`);`

			`if (this.onSuccessfulChangePassword != null) {`
			`this.onSuccessfulChangePassword();`
			`} else {`
			`this.messagingService.send("logout");`
			`}`
			`} catch (e) {`
			`this.logService.error(e);`
			`}`
			`}`
			`}`