Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package com.x8bit.bitwarden.data.auth.repository

import com.bitwarden.core.AuthRequestMethod
import com.bitwarden.core.InitUserCryptoMethod
import com.bitwarden.core.MasterPasswordUnlockData
import com.bitwarden.core.RegisterTdeKeyResponse
import com.bitwarden.core.WrappedAccountCryptographicState
import com.bitwarden.core.data.manager.dispatcher.DispatcherManager
Expand Down Expand Up @@ -1145,10 +1146,10 @@ class AuthRepositoryImpl(
organizationIdentifier: String,
password: String,
passwordHint: String?,
): SetPasswordResult {
): SetPasswordResult = userStateManager.userStateTransaction {
val profile = authDiskSource.userState?.activeAccount?.profile
?: return SetPasswordResult.Error(error = NoActiveUserException())
return when (profile.forcePasswordResetReason) {
?: return@userStateTransaction SetPasswordResult.Error(error = NoActiveUserException())
return@userStateTransaction when (profile.forcePasswordResetReason) {
ForcePasswordResetReason.TDE_USER_WITHOUT_PASSWORD_HAS_PASSWORD_RESET_PERMISSION -> {
setUpdatedPassword(
profile = profile,
Expand Down Expand Up @@ -1196,30 +1197,25 @@ class AuthRepositoryImpl(
keys = null,
),
)
.map { response.passwordHash }
.map { response }
}
.flatMap { masterPasswordHash ->
when (val result = vaultRepository.unlockVaultWithMasterPassword(password)) {
is VaultUnlockResult.Success -> {
enrollUserInPasswordReset(
userId = userId,
organizationIdentifier = organizationIdentifier,
passwordHash = masterPasswordHash,
)
}

is VaultUnlockError -> {
(result.error ?: IllegalStateException("Failed to unlock vault"))
.asFailure()
}
}
}
.onSuccess {
.onSuccess { response ->
authDiskSource.userState = authDiskSource.userState?.toUserStateJsonWithPassword(
masterPasswordUnlock = null,
masterPasswordUnlock = MasterPasswordUnlockData(
kdf = profile.toSdkParams(),
masterKeyWrappedUserKey = response.newKey,
salt = profile.email,
),
)
this.organizationIdentifier = null
}
.flatMap { response ->
enrollUserInPasswordReset(
userId = userId,
organizationIdentifier = organizationIdentifier,
passwordHash = response.passwordHash,
)
}
.fold(
onFailure = { SetPasswordResult.Error(error = it) },
onSuccess = { SetPasswordResult.Success },
Expand Down Expand Up @@ -1326,16 +1322,26 @@ class AuthRepositoryImpl(
privateKey = response.keys.private,
),
)
authDiskSource.userState = authDiskSource
.userState
?.toUserStateJsonWithPassword(
masterPasswordUnlock = MasterPasswordUnlockData(
kdf = profile.toSdkParams(),
masterKeyWrappedUserKey = response.encryptedUserKey,
salt = profile.email,
),
)
this.organizationIdentifier = null
}
.map { response.masterPasswordHash }
.map { response }
}
.flatMap { masterPasswordHash ->
.flatMap { response ->
when (val result = vaultRepository.unlockVaultWithMasterPassword(password)) {
is VaultUnlockResult.Success -> {
enrollUserInPasswordReset(
userId = userId,
organizationIdentifier = organizationIdentifier,
passwordHash = masterPasswordHash,
passwordHash = response.masterPasswordHash,
)
}

Expand All @@ -1345,12 +1351,6 @@ class AuthRepositoryImpl(
}
}
}
.onSuccess {
authDiskSource.userState = authDiskSource.userState?.toUserStateJsonWithPassword(
masterPasswordUnlock = null,
)
this.organizationIdentifier = null
}
.fold(
onFailure = { SetPasswordResult.Error(error = it) },
onSuccess = { SetPasswordResult.Success },
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import com.bitwarden.network.model.UserDecryptionOptionsJson
import com.bitwarden.policies.PolicyType
import com.bitwarden.policies.PolicyView
import com.bitwarden.ui.platform.base.util.toHexColorRepresentation
import com.x8bit.bitwarden.data.auth.datasource.disk.model.ForcePasswordResetReason
import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
import com.x8bit.bitwarden.data.auth.datasource.sdk.util.toKdfRequestModel
Expand Down Expand Up @@ -84,56 +85,69 @@ fun UserStateJson.toUpdatedUserStateJson(
}
?: profile
.userDecryptionOptions
?.copy(masterPasswordUnlock = null)

val updatedProfile = profile
.copy(
avatarColorHex = syncProfile.avatarColor,
stamp = syncProfile.securityStamp,
hasPremiumPersonally = syncProfile.isPremium,
hasPremiumFromOrganization = syncProfile.isPremiumFromOrganization,
isTwoFactorEnabled = syncProfile.isTwoFactorEnabled,
creationDate = syncProfile.creationDate,
userDecryptionOptions = userDecryptionOptions,
kdfType = masterPasswordUnlockKdf?.kdfType
?: profile.kdfType,
kdfIterations = masterPasswordUnlockKdf?.iterations
?: profile.kdfIterations,
kdfMemory = masterPasswordUnlockKdf?.memory
?: profile.kdfMemory,
kdfParallelism = masterPasswordUnlockKdf?.parallelism
?: profile.kdfParallelism,
)
?.copy(
hasMasterPassword = false,
masterPasswordUnlock = null,
)
val forcePasswordResetReason = syncProfile.getForcePasswordResetReason(
userDecryptionOptions = userDecryptionOptions,
previousForcePasswordResetReason = profile.forcePasswordResetReason,
)
val updatedProfile = profile.copy(
forcePasswordResetReason = forcePasswordResetReason,
avatarColorHex = syncProfile.avatarColor,
stamp = syncProfile.securityStamp,
hasPremiumPersonally = syncProfile.isPremium,
hasPremiumFromOrganization = syncProfile.isPremiumFromOrganization,
isTwoFactorEnabled = syncProfile.isTwoFactorEnabled,
creationDate = syncProfile.creationDate,
userDecryptionOptions = userDecryptionOptions,
kdfType = masterPasswordUnlockKdf?.kdfType ?: profile.kdfType,
kdfIterations = masterPasswordUnlockKdf?.iterations ?: profile.kdfIterations,
kdfMemory = masterPasswordUnlockKdf?.memory ?: profile.kdfMemory,
kdfParallelism = masterPasswordUnlockKdf?.parallelism ?: profile.kdfParallelism,
)
val updatedAccount = account.copy(profile = updatedProfile)
return this
.copy(
accounts = accounts
.toMutableMap()
.apply {
replace(userId, updatedAccount)
},
)
return this.copy(
accounts = accounts
.toMutableMap()
.apply { replace(userId, updatedAccount) },
)
}

private fun SyncResponseJson.Profile.getForcePasswordResetReason(
userDecryptionOptions: UserDecryptionOptionsJson?,
previousForcePasswordResetReason: ForcePasswordResetReason?,
): ForcePasswordResetReason? {
val hasManageResetPasswordPermission = this.organizations.orEmpty().any {
it.type == OrganizationType.OWNER ||
it.type == OrganizationType.ADMIN ||
it.permissions.shouldManageResetPassword
}
return ForcePasswordResetReason
.TDE_USER_WITHOUT_PASSWORD_HAS_PASSWORD_RESET_PERMISSION
.takeIf {
userDecryptionOptions?.hasMasterPassword == false &&
hasManageResetPasswordPermission
}
?: previousForcePasswordResetReason
}

/**
* Updates the [UserStateJson] to set the `hasMasterPassword` value to `true` after a user sets
* their password.
*/
fun UserStateJson.toUserStateJsonWithPassword(
masterPasswordUnlock: MasterPasswordUnlockData?,
masterPasswordUnlock: MasterPasswordUnlockData,
): UserStateJson {
val account = this.activeAccount
val profile = account.profile
val userDecryptionOptions = profile.userDecryptionOptions
val masterPasswordUnlockJson = masterPasswordUnlock
?.let {
MasterPasswordUnlockDataJson(
salt = it.salt,
kdf = it.kdf.toKdfRequestModel(),
masterKeyWrappedUserKey = it.masterKeyWrappedUserKey,
)
}
?: userDecryptionOptions?.masterPasswordUnlock
val masterPasswordUnlockJson = MasterPasswordUnlockDataJson(
salt = masterPasswordUnlock.salt,
kdf = masterPasswordUnlock.kdf.toKdfRequestModel(),
masterKeyWrappedUserKey = masterPasswordUnlock.masterKeyWrappedUserKey,
)
val updatedProfile = profile
.copy(
forcePasswordResetReason = null,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5795,9 +5795,6 @@ class AuthRepositoryTest {
userId = profile.userId,
)
} returns resetPasswordKey.asSuccess()
coEvery {
vaultRepository.unlockVaultWithMasterPassword(password)
} returns VaultUnlockResult.Success

val result = repository.setPassword(
organizationIdentifier = organizationIdentifier,
Expand All @@ -5822,7 +5819,6 @@ class AuthRepositoryTest {
passwordHash = passwordHash,
resetPasswordKey = resetPasswordKey,
)
vaultRepository.unlockVaultWithMasterPassword(password)
vaultSdkSource.getResetPasswordKey(
orgPublicKey = publicOrgKey,
userId = profile.userId,
Expand Down Expand Up @@ -7481,7 +7477,7 @@ class AuthRepositoryTest {
masterPasswordUnlock = MasterPasswordUnlockDataJson(
kdf = BASE_PROFILE_1.toSdkParams().toKdfRequestModel(),
masterKeyWrappedUserKey = ENCRYPTED_USER_KEY,
salt = "mockSalt",
salt = EMAIL,
),
),
)
Expand Down Expand Up @@ -7533,7 +7529,7 @@ class AuthRepositoryTest {
masterPasswordUnlock = MasterPasswordUnlockDataJson(
kdf = BASE_PROFILE_1.toSdkParams().toKdfRequestModel(),
masterKeyWrappedUserKey = ENCRYPTED_USER_KEY,
salt = "mockSalt",
salt = EMAIL,
),
),
),
Expand Down
Loading
Loading