GitHub-Bitwarden
/
clients
mirror of https://github.com/bitwarden/clients.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

[SG-458] Master Password security checks (browser) (#4502) 

* work: add base logic for password lookup

* work: added browser support for hibp

* work: SG-558 combine weak + leak warning

* fix: language stuff

* fix: form values are neater tho :(

* fix: no cast
pull/4554/head
Brandon Maharaj 3 years ago committed by GitHub
parent
ae3edcc34d
commit
497b08df44
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 101 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 30
      apps/browser/src/_locales/en/messages.json
  2. 14
      apps/browser/src/popup/accounts/register.component.html
  3. 7
      apps/browser/src/popup/accounts/register.component.ts
  4. 4
      apps/browser/src/popup/scss/box.scss
  5. 7
      apps/desktop/src/app/accounts/register.component.ts
  6. 7
      apps/web/src/app/accounts/register-form/register-form.component.ts
  7. 43
      libs/angular/src/components/register.component.ts

30
apps/browser/src/_locales/en/messages.json
Unescape View File

@ -2046,5 +2046,35 @@ @@ -2046,5 +2046,35 @@
},
"rememberEmail": {
"message": "Remember email"
},
"exposedMasterPassword": {
"message": "Exposed Master Password"
},
"exposedMasterPasswordDesc": {
"message": "Password found in a data breach. Use a unique password to protect your account. Are you sure you want to use an exposed password?"
},
"weakAndExposedMasterPassword": {
"message": "Weak and Exposed Master Password"
},
"weakAndBreachedMasterPasswordDesc": {
"message": "Weak password identified and found in a data breach. Use a strong and unique password to protect your account. Are you sure you want to use this password?"
},
"checkForBreaches": {
"message": "Check known data breaches for this password"
},
"important": {
"message": "Important:"
},
"masterPasswordHint": {
"message": "Your master password cannot be recovered if you forget it!"
},
"characterMinimum": {
"message": "$LENGTH$ character minimum",
"placeholders": {
"length": {
"content": "$1",
"example": "14"
}
}
}
}

14
apps/browser/src/popup/accounts/register.component.html
Unescape View File

@ -66,7 +66,8 @@ @@ -66,7 +66,8 @@
</div>
</div>
<div id="masterPasswordHelp" class="box-footer">
{{ "masterPassDesc" | i18n }}
<b>{{ "important" | i18n }}</b> {{ "masterPasswordHint" | i18n }}
{{ characterMinimumMessage }}
</div>
</div>
<div class="box">
@ -107,6 +108,17 @@ @@ -107,6 +108,17 @@
<div id="hintHelp" class="box-footer">
{{ "masterPassHintDesc" | i18n }}
</div>
<div class="box-content row-top-padding">
<div
class="box-content-row box-content-row-checkbox box-content-row-checkbox-left box-content-row-word-break"
appBoxRow
>
<input type="checkbox" id="checkForBreaches" formControlName="checkForBreaches" />
<label for="checkForBreaches">
{{ "checkForBreaches" | i18n }}
</label>
</div>
</div>
</div>
<div [hidden]="!showCaptcha()"><iframe id="hcaptcha_iframe" height="80"></iframe></div>
<div class="box last" *ngIf="showTerms">

7
apps/browser/src/popup/accounts/register.component.ts
Unescape View File

@ -4,6 +4,7 @@ import { Router } from "@angular/router"; @@ -4,6 +4,7 @@ import { Router } from "@angular/router";
import { RegisterComponent as BaseRegisterComponent } from "@bitwarden/angular/components/register.component";
import { ApiService } from "@bitwarden/common/abstractions/api.service";
import { AuditService } from "@bitwarden/common/abstractions/audit.service";
import { AuthService } from "@bitwarden/common/abstractions/auth.service";
import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
import { EnvironmentService } from "@bitwarden/common/abstractions/environment.service";
@ -34,7 +35,8 @@ export class RegisterComponent extends BaseRegisterComponent { @@ -34,7 +35,8 @@ export class RegisterComponent extends BaseRegisterComponent {
platformUtilsService: PlatformUtilsService,
passwordGenerationService: PasswordGenerationService,
environmentService: EnvironmentService,
logService: LogService
logService: LogService,
auditService: AuditService
) {
super(
formValidationErrorService,
@ -48,7 +50,8 @@ export class RegisterComponent extends BaseRegisterComponent { @@ -48,7 +50,8 @@ export class RegisterComponent extends BaseRegisterComponent {
platformUtilsService,
passwordGenerationService,
environmentService,
logService
logService,
auditService
);
}
}

4
apps/browser/src/popup/scss/box.scss
Unescape View File

@ -83,6 +83,10 @@ @@ -83,6 +83,10 @@
padding-bottom: 10px;
margin: 5px;
}
&.row-top-padding {
padding-top: 10px;
}
}
.box-footer {

7
apps/desktop/src/app/accounts/register.component.ts
Unescape View File

@ -4,6 +4,7 @@ import { Router } from "@angular/router"; @@ -4,6 +4,7 @@ import { Router } from "@angular/router";
import { RegisterComponent as BaseRegisterComponent } from "@bitwarden/angular/components/register.component";
import { ApiService } from "@bitwarden/common/abstractions/api.service";
import { AuditService } from "@bitwarden/common/abstractions/audit.service";
import { AuthService } from "@bitwarden/common/abstractions/auth.service";
import { BroadcasterService } from "@bitwarden/common/abstractions/broadcaster.service";
import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
@ -36,7 +37,8 @@ export class RegisterComponent extends BaseRegisterComponent implements OnInit, @@ -36,7 +37,8 @@ export class RegisterComponent extends BaseRegisterComponent implements OnInit,
environmentService: EnvironmentService,
private broadcasterService: BroadcasterService,
private ngZone: NgZone,
logService: LogService
logService: LogService,
auditService: AuditService
) {
super(
formValidationErrorService,
@ -50,7 +52,8 @@ export class RegisterComponent extends BaseRegisterComponent implements OnInit, @@ -50,7 +52,8 @@ export class RegisterComponent extends BaseRegisterComponent implements OnInit,
platformUtilsService,
passwordGenerationService,
environmentService,
logService
logService,
auditService
);
}

7
apps/web/src/app/accounts/register-form/register-form.component.ts
Unescape View File

@ -4,6 +4,7 @@ import { Router } from "@angular/router"; @@ -4,6 +4,7 @@ import { Router } from "@angular/router";
import { RegisterComponent as BaseRegisterComponent } from "@bitwarden/angular/components/register.component";
import { ApiService } from "@bitwarden/common/abstractions/api.service";
import { AuditService } from "@bitwarden/common/abstractions/audit.service";
import { AuthService } from "@bitwarden/common/abstractions/auth.service";
import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
import { EnvironmentService } from "@bitwarden/common/abstractions/environment.service";
@ -41,7 +42,8 @@ export class RegisterFormComponent extends BaseRegisterComponent { @@ -41,7 +42,8 @@ export class RegisterFormComponent extends BaseRegisterComponent {
passwordGenerationService: PasswordGenerationService,
private policyService: PolicyService,
environmentService: EnvironmentService,
logService: LogService
logService: LogService,
auditService: AuditService
) {
super(
formValidationErrorService,
@ -55,7 +57,8 @@ export class RegisterFormComponent extends BaseRegisterComponent { @@ -55,7 +57,8 @@ export class RegisterFormComponent extends BaseRegisterComponent {
platformUtilsService,
passwordGenerationService,
environmentService,
logService
logService,
auditService
);
}

43
libs/angular/src/components/register.component.ts
Unescape View File

@ -3,6 +3,7 @@ import { AbstractControl, UntypedFormBuilder, ValidatorFn, Validators } from "@a @@ -3,6 +3,7 @@ import { AbstractControl, UntypedFormBuilder, ValidatorFn, Validators } from "@a
import { Router } from "@angular/router";
import { ApiService } from "@bitwarden/common/abstractions/api.service";
import { AuditService } from "@bitwarden/common/abstractions/audit.service";
import { AuthService } from "@bitwarden/common/abstractions/auth.service";
import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
import { EnvironmentService } from "@bitwarden/common/abstractions/environment.service";
@ -38,6 +39,8 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn @@ -38,6 +39,8 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn
showTerms = true;
showErrorSummary = false;
passwordStrengthResult: any;
characterMinimumMessage: string;
minimumLength = 8;
color: string;
text: string;
@ -45,8 +48,8 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn @@ -45,8 +48,8 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn
{
email: ["", [Validators.required, Validators.email]],
name: [""],
masterPassword: ["", [Validators.required, Validators.minLength(8)]],
confirmMasterPassword: ["", [Validators.required, Validators.minLength(8)]],
masterPassword: ["", [Validators.required, Validators.minLength(this.minimumLength)]],
confirmMasterPassword: ["", [Validators.required, Validators.minLength(this.minimumLength)]],
hint: [
null,
[
@ -56,6 +59,7 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn @@ -56,6 +59,7 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn
),
],
],
checkForBreaches: [false],
acceptPolicies: [false, [this.acceptPoliciesValidation()]],
},
{
@ -85,10 +89,12 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn @@ -85,10 +89,12 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn
platformUtilsService: PlatformUtilsService,
protected passwordGenerationService: PasswordGenerationService,
environmentService: EnvironmentService,
protected logService: LogService
protected logService: LogService,
protected auditService: AuditService
) {
super(environmentService, i18nService, platformUtilsService);
this.showTerms = !platformUtilsService.isSelfHost();
this.characterMinimumMessage = this.i18nService.t("characterMinimum", this.minimumLength);
}
async ngOnInit() {
@ -212,7 +218,24 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn @@ -212,7 +218,24 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn
return { isValid: false };
}
if (this.passwordStrengthResult != null && this.passwordStrengthResult.score < 3) {
const passwordWeak =
this.passwordStrengthResult != null && this.passwordStrengthResult.score < 3;
const passwordLeak =
this.formGroup.controls.checkForBreaches.value &&
(await this.auditService.passwordLeaked(this.formGroup.controls.masterPassword.value)) > 0;
if (passwordWeak && passwordLeak) {
const result = await this.platformUtilsService.showDialog(
this.i18nService.t("weakAndBreachedMasterPasswordDesc"),
this.i18nService.t("weakAndExposedMasterPassword"),
this.i18nService.t("yes"),
this.i18nService.t("no"),
"warning"
);
if (!result) {
return { isValid: false };
}
} else if (passwordWeak) {
const result = await this.platformUtilsService.showDialog(
this.i18nService.t("weakMasterPasswordDesc"),
this.i18nService.t("weakMasterPassword"),
@ -223,7 +246,19 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn @@ -223,7 +246,19 @@ export class RegisterComponent extends CaptchaProtectedComponent implements OnIn
if (!result) {
return { isValid: false };
}
} else if (passwordLeak) {
const result = await this.platformUtilsService.showDialog(
this.i18nService.t("exposedMasterPasswordDesc"),
this.i18nService.t("exposedMasterPassword"),
this.i18nService.t("yes"),
this.i18nService.t("no"),
"warning"
);
if (!result) {
return { isValid: false };
}
}
return { isValid: true };
}

Write Preview
Loading…
Cancel
Save