Merge branch 'feature/PB-23279_As-a-user-completing-a-setup-I-should-…

…not-have-access-to-the-background-page-decryption-secret-capabilities' into 'release' PB-23279:As a user completing a setup I should not have access to the... See merge request passbolt/passbolt-browser-extension!471
passbolt · Feb 28, 2023 · 65e32f0 · 65e32f0
2 parents b1535b1 + 539235d
commit 65e32f0
Show file tree

Hide file tree

Showing 14 changed files with 65 additions and 20 deletions.
diff --git a/src/all/background_page/app.js b/src/all/background_page/app.js
@@ -72,6 +72,7 @@ import InFormMenu from "./pagemod/informMenuPagemod";
 import PublicWebsiteSignIn from "./pagemod/publicWebsiteSignInPagemod";
 import Recover from "./pagemod/recoverPagemod";
 import {MfaEvents} from './event/mfaEvents';
+import {PownedPasswordEvents} from './event/pownedPasswordEvents';
 
 const events = {};
 events.app = AppEvents;
@@ -111,6 +112,7 @@ events.webIntegration = WebIntegrationEvents;
 events.publicWebsiteSignIn = PublicWebsiteSignInEvents;
 events.mfaPolicy = MfaEvents;
 events.clipboard = ClipboardEvents;
+events.pownedPassword = PownedPasswordEvents;
 
 /*
  * ==================================================================================

diff --git a/src/all/background_page/event/pownedPasswordEvents.js b/src/all/background_page/event/pownedPasswordEvents.js
@@ -0,0 +1,30 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         3.11.0
+ */
+import PownedPasswordController from '../controller/secret/pownedPasswordController';
+
+const listen = function(worker) {
+  /*
+   * Check if password is powned
+   *
+   * @listens passbolt.secrets.powned-password
+   * @param requestId {uuid} The request identifier
+   * @param password {string} the password to check
+   */
+  worker.port.on('passbolt.secrets.powned-password', async(requestId, password) => {
+    const controller = new PownedPasswordController(worker, requestId);
+    await controller._exec(password);
+  });
+};
+
+export const PownedPasswordEvents = {listen};
diff --git a/src/all/background_page/pagemod/appPagemod.js b/src/all/background_page/pagemod/appPagemod.js
@@ -73,6 +73,7 @@ App.init = function() {
       app.events.role.listen(worker);
       app.events.keyring.listen(worker);
       app.events.secret.listen(worker);
+      app.events.pownedPassword.listen(worker);
       app.events.organizationSettings.listen(worker);
       app.events.share.listen(worker);
       app.events.subscription.listen(worker);

diff --git a/src/all/background_page/pagemod/quickAccessPagemod.js b/src/all/background_page/pagemod/quickAccessPagemod.js
@@ -59,6 +59,7 @@ class QuickAccess {
       app.events.tag.listen(this._worker);
       app.events.resource.listen(this._worker);
       app.events.secret.listen(this._worker);
+      app.events.pownedPassword.listen(this._worker);
       app.events.organizationSettings.listen(this._worker);
       app.events.tab.listen(this._worker);
       app.events.locale.listen(this._worker);

diff --git a/src/all/background_page/pagemod/recoverPagemod.js b/src/all/background_page/pagemod/recoverPagemod.js
@@ -53,7 +53,7 @@ Recover.init = function() {
       // @todo account-recovery-refactoring check to remove all the listener, they expose confidential services.
       app.events.config.listen(worker);
       app.events.recover.listen(worker, apiClientOptions, account);
-      app.events.secret.listen(worker);
+      app.events.pownedPassword.listen(worker);
     }
   });
 };

diff --git a/src/all/background_page/pagemod/setupPagemod.js b/src/all/background_page/pagemod/setupPagemod.js
@@ -53,7 +53,7 @@ Setup.init = function() {
       // @todo account-recovery-refactoring check to remove all the listener, they expose confidential services.
       app.events.config.listen(worker);
       app.events.setup.listen(worker, apiClientOptions, account);
-      app.events.secret.listen(worker);
+      app.events.pownedPassword.listen(worker);
     }
   });
 };

diff --git a/src/chrome-mv3/pagemod/appPagemod.js b/src/chrome-mv3/pagemod/appPagemod.js
@@ -39,6 +39,7 @@ import {ThemeEvents} from "../../all/background_page/event/themeEvents";
 import {LocaleEvents} from "../../all/background_page/event/localeEvents";
 import {PasswordGeneratorEvents} from "../../all/background_page/event/passwordGeneratorEvents";
 import {MobileEvents} from "../../all/background_page/event/mobileEvents";
+import {PownedPasswordEvents} from '../../all/background_page/event/pownedPasswordEvents';
 
 class App extends Pagemod {
   /**
@@ -70,7 +71,8 @@ class App extends Pagemod {
       ThemeEvents,
       LocaleEvents,
       PasswordGeneratorEvents,
-      MobileEvents
+      MobileEvents,
+      PownedPasswordEvents
     ];
   }
 

diff --git a/src/chrome-mv3/pagemod/appPagemod.test.js b/src/chrome-mv3/pagemod/appPagemod.test.js
@@ -39,6 +39,7 @@ import {ThemeEvents} from "../../all/background_page/event/themeEvents";
 import {PasswordGeneratorEvents} from "../../all/background_page/event/passwordGeneratorEvents";
 import {MobileEvents} from "../../all/background_page/event/mobileEvents";
 import GpgAuth from "../../all/background_page/model/gpgauth";
+import {PownedPasswordEvents} from '../../all/background_page/event/pownedPasswordEvents';
 
 jest.spyOn(GetLegacyAccountService, "get").mockImplementation(jest.fn());
 jest.spyOn(ConfigEvents, "listen").mockImplementation(jest.fn());
@@ -66,6 +67,7 @@ jest.spyOn(ThemeEvents, "listen").mockImplementation(jest.fn());
 jest.spyOn(LocaleEvents, "listen").mockImplementation(jest.fn());
 jest.spyOn(PasswordGeneratorEvents, "listen").mockImplementation(jest.fn());
 jest.spyOn(MobileEvents, "listen").mockImplementation(jest.fn());
+jest.spyOn(PownedPasswordEvents, "listen").mockImplementation(jest.fn());
 
 
 describe("Auth", () => {
@@ -76,7 +78,7 @@ describe("Auth", () => {
 
   describe("Auth::attachEvents", () => {
     it("Should attach events", async() => {
-      expect.assertions(28);
+      expect.assertions(29);
       // data mocked
       const port = {
         _port: {
@@ -119,6 +121,7 @@ describe("Auth", () => {
       expect(LocaleEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined);
       expect(PasswordGeneratorEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined);
       expect(MobileEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined);
+      expect(PownedPasswordEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined);
       expect(App.events).toStrictEqual([
         ConfigEvents,
         AppEvents,
@@ -144,7 +147,8 @@ describe("Auth", () => {
         ThemeEvents,
         LocaleEvents,
         PasswordGeneratorEvents,
-        MobileEvents
+        MobileEvents,
+        PownedPasswordEvents
       ]);
       expect(App.appName).toBe('App');
     });

diff --git a/src/chrome-mv3/pagemod/quickAccessPagemod.js b/src/chrome-mv3/pagemod/quickAccessPagemod.js
@@ -24,6 +24,7 @@ import {OrganizationSettingsEvents} from "../../all/background_page/event/organi
 import {TabEvents} from "../../all/background_page/event/tabEvents";
 import {LocaleEvents} from "../../all/background_page/event/localeEvents";
 import {PasswordGeneratorEvents} from "../../all/background_page/event/passwordGeneratorEvents";
+import {PownedPasswordEvents} from '../../all/background_page/event/pownedPasswordEvents';
 
 class QuickAccess extends Pagemod {
   /**
@@ -42,7 +43,8 @@ class QuickAccess extends Pagemod {
       OrganizationSettingsEvents,
       TabEvents,
       LocaleEvents,
-      PasswordGeneratorEvents
+      PasswordGeneratorEvents,
+      PownedPasswordEvents
     ];
   }
 }

diff --git a/src/chrome-mv3/pagemod/quickAccessPagemod.test.js b/src/chrome-mv3/pagemod/quickAccessPagemod.test.js
@@ -24,6 +24,7 @@ import {OrganizationSettingsEvents} from "../../all/background_page/event/organi
 import {TabEvents} from "../../all/background_page/event/tabEvents";
 import {LocaleEvents} from "../../all/background_page/event/localeEvents";
 import {PasswordGeneratorEvents} from "../../all/background_page/event/passwordGeneratorEvents";
+import {PownedPasswordEvents} from '../../all/background_page/event/pownedPasswordEvents';
 
 jest.spyOn(AuthEvents, "listen").mockImplementation(jest.fn());
 jest.spyOn(ConfigEvents, "listen").mockImplementation(jest.fn());
@@ -37,6 +38,7 @@ jest.spyOn(OrganizationSettingsEvents, "listen").mockImplementation(jest.fn());
 jest.spyOn(TabEvents, "listen").mockImplementation(jest.fn());
 jest.spyOn(LocaleEvents, "listen").mockImplementation(jest.fn());
 jest.spyOn(PasswordGeneratorEvents, "listen").mockImplementation(jest.fn());
+jest.spyOn(PownedPasswordEvents, "listen").mockImplementation(jest.fn());
 
 describe("QuickAccess", () => {
   beforeEach(async() => {
@@ -46,7 +48,7 @@ describe("QuickAccess", () => {
 
   describe("QuickAccess::attachEvents", () => {
     it("Should attach events", async() => {
-      expect.assertions(14);
+      expect.assertions(15);
       // data mocked
       const port = {
         _port: {
@@ -68,7 +70,8 @@ describe("QuickAccess", () => {
       expect(TabEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab, name: QuickAccess.appName});
       expect(LocaleEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab, name: QuickAccess.appName});
       expect(PasswordGeneratorEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab, name: QuickAccess.appName});
-      expect(QuickAccess.events).toStrictEqual([AuthEvents, ConfigEvents, KeyringEvents, QuickAccessEvents, GroupEvents, TagEvents, ResourceEvents, SecretEvents, OrganizationSettingsEvents, TabEvents, LocaleEvents, PasswordGeneratorEvents]);
+      expect(PownedPasswordEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab, name: QuickAccess.appName});
+      expect(QuickAccess.events).toStrictEqual([AuthEvents, ConfigEvents, KeyringEvents, QuickAccessEvents, GroupEvents, TagEvents, ResourceEvents, SecretEvents, OrganizationSettingsEvents, TabEvents, LocaleEvents, PasswordGeneratorEvents, PownedPasswordEvents]);
       expect(QuickAccess.appName).toBe('QuickAccess');
     });
   });

diff --git a/src/chrome-mv3/pagemod/recoverPagemod.js b/src/chrome-mv3/pagemod/recoverPagemod.js
@@ -17,15 +17,15 @@ import {RecoverEvents} from "../../all/background_page/event/recoverEvents";
 import BuildAccountRecoverService from "../../all/background_page/service/recover/buildAccountRecoverService";
 import BuildAccountApiClientOptionsService
   from "../../all/background_page/service/account/buildApiClientOptionsService";
-import {SecretEvents} from "../../all/background_page/event/secretEvents";
+import {PownedPasswordEvents} from "../../all/background_page/event/pownedPasswordEvents";
 
 class Recover extends Pagemod {
   /**
    * Get events
    * @returns {[]}
    */
   get events() {
-    return [ConfigEvents, RecoverEvents, SecretEvents];
+    return [ConfigEvents, RecoverEvents, PownedPasswordEvents];
   }
 
   /**

diff --git a/src/chrome-mv3/pagemod/recoverPagemod.test.js b/src/chrome-mv3/pagemod/recoverPagemod.test.js
@@ -17,13 +17,13 @@ import BuildAccountRecoverService from "../../all/background_page/service/recove
 import {ConfigEvents} from "../../all/background_page/event/configEvents";
 import BuildAccountApiClientOptionsService
   from "../../all/background_page/service/account/buildApiClientOptionsService";
-import {SecretEvents} from "../../all/background_page/event/secretEvents";
+import {PownedPasswordEvents} from '../../all/background_page/event/pownedPasswordEvents';
 
 jest.spyOn(BuildAccountRecoverService, "buildFromRecoverUrl").mockImplementation(jest.fn());
 jest.spyOn(BuildAccountApiClientOptionsService, "build").mockImplementation(jest.fn());
 jest.spyOn(ConfigEvents, "listen").mockImplementation(jest.fn());
 jest.spyOn(RecoverEvents, "listen").mockImplementation(jest.fn());
-jest.spyOn(SecretEvents, "listen").mockImplementation(jest.fn());
+jest.spyOn(PownedPasswordEvents, "listen").mockImplementation(jest.fn());
 
 describe("Recover", () => {
   beforeEach(async() => {
@@ -51,8 +51,8 @@ describe("Recover", () => {
       expect(BuildAccountApiClientOptionsService.build).toHaveBeenCalled();
       expect(ConfigEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined);
       expect(RecoverEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined);
-      expect(SecretEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined);
-      expect(Recover.events).toStrictEqual([ConfigEvents, RecoverEvents, SecretEvents]);
+      expect(PownedPasswordEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined);
+      expect(Recover.events).toStrictEqual([ConfigEvents, RecoverEvents, PownedPasswordEvents]);
       expect(Recover.appName).toBe('Recover');
     });
   });

diff --git a/src/chrome-mv3/pagemod/setupPagemod.js b/src/chrome-mv3/pagemod/setupPagemod.js
@@ -17,14 +17,14 @@ import BuildAccountApiClientOptionsService
   from "../../all/background_page/service/account/buildApiClientOptionsService";
 import {SetupEvents} from "../../all/background_page/event/setupEvents";
 import BuildAccountSetupService from "../../all/background_page/service/setup/buildAccountSetupService";
-import {SecretEvents} from "../../all/background_page/event/secretEvents";
+import {PownedPasswordEvents} from "../../all/background_page/event/pownedPasswordEvents";
 
 class Setup extends Pagemod {
   /**
    * @inheritDoc
    */
   get events() {
-    return [ConfigEvents, SetupEvents, SecretEvents];
+    return [ConfigEvents, SetupEvents, PownedPasswordEvents];
   }
 
   /**

diff --git a/src/chrome-mv3/pagemod/setupPagemod.test.js b/src/chrome-mv3/pagemod/setupPagemod.test.js
@@ -17,13 +17,13 @@ import {SetupEvents} from "../../all/background_page/event/setupEvents";
 import BuildAccountApiClientOptionsService
   from "../../all/background_page/service/account/buildApiClientOptionsService";
 import BuildAccountSetupService from "../../all/background_page/service/setup/buildAccountSetupService";
-import {SecretEvents} from "../../all/background_page/event/secretEvents";
+import {PownedPasswordEvents} from '../../all/background_page/event/pownedPasswordEvents';
 
 jest.spyOn(BuildAccountSetupService, "buildFromSetupUrl").mockImplementation(jest.fn());
 jest.spyOn(BuildAccountApiClientOptionsService, "build").mockImplementation(jest.fn());
 jest.spyOn(ConfigEvents, "listen").mockImplementation(jest.fn());
 jest.spyOn(SetupEvents, "listen").mockImplementation(jest.fn());
-jest.spyOn(SecretEvents, "listen").mockImplementation(jest.fn());
+jest.spyOn(PownedPasswordEvents, "listen").mockImplementation(jest.fn());
 
 describe("Setup", () => {
   beforeEach(async() => {
@@ -51,8 +51,8 @@ describe("Setup", () => {
       expect(BuildAccountApiClientOptionsService.build).toHaveBeenCalled();
       expect(ConfigEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined);
       expect(SetupEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined);
-      expect(SecretEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined);
-      expect(Setup.events).toStrictEqual([ConfigEvents, SetupEvents, SecretEvents]);
+      expect(PownedPasswordEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined);
+      expect(Setup.events).toStrictEqual([ConfigEvents, SetupEvents, PownedPasswordEvents]);
       expect(Setup.appName).toBe('Setup');
     });
   });