clients icon indicating copy to clipboard operation
clients copied to clipboard

Published 20 hours ago verified publisher icon bitwarden

Auth/PM-5268 - DeviceTrustCryptoService state provider migration

Open JaredSnider-Bitwarden opened this issue 1 year ago • 2 comments
trafficstars

Type of change

- [ ] Bug fix
- [X] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Resolve PM-5268 and migrate all owned state in the DeviceTrustCryptoService to the new State Provider framework.

Code changes

DeviceTrustCryptoService changes

  • libs/common/src/platform/state/state-definitions.ts: Add new DEVICE_TRUST_DISK to state definitions for disk & local web storage.
  • libs/common/src/auth/services/device-trust-crypto.service.implementation.ts: Update DeviceTrustCryptoService to state provider framework.
  • apps/cli/src/bw.ts: Add stateProvider dependency
  • apps/browser/src/background/main.background.ts: Add stateProvider dependency
  • libs/angular/src/services/jslib-services.module.ts: Add stateProvider dependency
  • apps/browser/src/auth/background/service-factories/device-trust-crypto-service.factory.ts: Add stateProvider dependency
  • libs/common/src/auth/services/device-trust-crypto.service.spec.ts: Update tests

Data migration

  • libs/common/src/state-migrations/migrations/22-migrate-device-trust-crypto-svc-to-state-providers.ts: Add data migration for DeviceTrustCryptoService.deviceKey and DeviceTrustCryptoService.shouldTrustDevice
  • libs/common/src/state-migrations/migrations/22-migrate-device-trust-crypto-svc-to-state-providers.spec.ts: Test migration
  • libs/common/src/state-migrations/migrate.ts: Register DeviceTrustCryptoServiceStateProviderMigrator as latest migration

State Cleanup

  • libs/auth/src/common/login-strategies/login.strategy.ts: We no longer need to manually persist the device key on login as the state provider framework does this for us.
  • libs/auth/src/common/login-strategies/login.strategy.spec.ts: - Remove no longer necessary test.
  • libs/common/src/platform/abstractions/state.service.ts: Remove getDeviceKey, setDeviceKey, getShouldTrustDevice, and setShouldTrustDevicemethods
  • libs/common/src/platform/services/state.service.ts: Remove getDeviceKey, setDeviceKey, getShouldTrustDevice, and setShouldTrustDevicemethods
  • libs/common/src/platform/models/domain/account.ts: Remove trustDeviceChoiceForDecryption and deviceKey props from account
  • libs/common/src/platform/models/domain/account-keys.spec.ts: Remove now unnecessary tests
  • apps/desktop/src/platform/services/electron-state.service.ts: Remove device key logic

Screenshots

Data migration working

https://github.com/bitwarden/clients/assets/116684653/00f7640f-1733-4959-a805-807ecf2f96c4

Post migration, device trust is maintained

https://github.com/bitwarden/clients/assets/116684653/0c1b2547-187c-408f-8dfb-471e86aabb94

Post migration, establishing trust on a new device works

https://github.com/bitwarden/clients/assets/116684653/b08b45f3-05fd-4c95-be7c-594c5b6a4333

Before you submit

  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team
  • Ensure that all UI additions follow WCAG AA requirements

JaredSnider-Bitwarden avatar Feb 08 '24 22:02 JaredSnider-Bitwarden

Logo Checkmarx One – Scan Summary & Detailsb9877c67-f902-4361-881a-0e93afe4cd19

No New Or Fixed Issues Found

bitwarden-bot avatar Feb 09 '24 00:02 bitwarden-bot

Codecov Report

Attention: Patch coverage is 73.27586% with 31 lines in your changes are missing coverage. Please review.

Project coverage is 26.90%. Comparing base (94843bd) to head (8a39b4d).

Files Patch % Lines
...ices/device-trust-crypto.service.implementation.ts 83.33% 8 Missing :warning:
...ponents/base-login-decryption-options.component.ts 0.00% 7 Missing :warning:
...uth/components/login-via-auth-request.component.ts 0.00% 5 Missing :warning:
libs/angular/src/auth/components/lock.component.ts 0.00% 4 Missing :warning:
...src/auth/popup/login-via-auth-request.component.ts 0.00% 2 Missing :warning:
...src/auth/login/login-via-auth-request.component.ts 0.00% 2 Missing :warning:
...e-factories/device-trust-crypto-service.factory.ts 0.00% 1 Missing :warning:
apps/browser/src/auth/popup/lock.component.ts 0.00% 1 Missing :warning:
...app/auth/key-rotation/user-key-rotation.service.ts 75.00% 0 Missing and 1 partial :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7882      +/-   ##
==========================================
+ Coverage   26.83%   26.90%   +0.06%     
==========================================
  Files        2310     2311       +1     
  Lines       67392    67442      +50     
  Branches    12627    12641      +14     
==========================================
+ Hits        18082    18142      +60     
+ Misses      47920    47907      -13     
- Partials     1390     1393       +3

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Feb 15 '24 19:02 codecov[bot]

Notes for reviewers: Per a discussion between Auth and Platform regarding service design, I refactored all of DeviceTrustCryptoService to accept user id as a required parameter for all methods.

JaredSnider-Bitwarden avatar Mar 27 '24 05:03 JaredSnider-Bitwarden