From 539235dfd7aaa85ad5ee44aba09338e4d12259d7 Mon Sep 17 00:00:00 2001 From: Pierre Colart Date: Tue, 28 Feb 2023 13:33:34 +0000 Subject: [PATCH] PB-23279:As a user completing a setup I should not have access to the... --- src/all/background_page/app.js | 2 ++ .../event/pownedPasswordEvents.js | 30 +++++++++++++++++++ src/all/background_page/pagemod/appPagemod.js | 1 + .../pagemod/quickAccessPagemod.js | 1 + .../background_page/pagemod/recoverPagemod.js | 2 +- .../background_page/pagemod/setupPagemod.js | 2 +- src/chrome-mv3/pagemod/appPagemod.js | 4 ++- src/chrome-mv3/pagemod/appPagemod.test.js | 8 +++-- src/chrome-mv3/pagemod/quickAccessPagemod.js | 4 ++- .../pagemod/quickAccessPagemod.test.js | 7 +++-- src/chrome-mv3/pagemod/recoverPagemod.js | 4 +-- src/chrome-mv3/pagemod/recoverPagemod.test.js | 8 ++--- src/chrome-mv3/pagemod/setupPagemod.js | 4 +-- src/chrome-mv3/pagemod/setupPagemod.test.js | 8 ++--- 14 files changed, 65 insertions(+), 20 deletions(-) create mode 100644 src/all/background_page/event/pownedPasswordEvents.js diff --git a/src/all/background_page/app.js b/src/all/background_page/app.js index 1201de1e..e2e0f6b1 100644 --- a/src/all/background_page/app.js +++ b/src/all/background_page/app.js @@ -72,6 +72,7 @@ import InFormMenu from "./pagemod/informMenuPagemod"; import PublicWebsiteSignIn from "./pagemod/publicWebsiteSignInPagemod"; import Recover from "./pagemod/recoverPagemod"; import {MfaEvents} from './event/mfaEvents'; +import {PownedPasswordEvents} from './event/pownedPasswordEvents'; const events = {}; events.app = AppEvents; @@ -111,6 +112,7 @@ events.webIntegration = WebIntegrationEvents; events.publicWebsiteSignIn = PublicWebsiteSignInEvents; events.mfaPolicy = MfaEvents; events.clipboard = ClipboardEvents; +events.pownedPassword = PownedPasswordEvents; /* * ================================================================================== diff --git a/src/all/background_page/event/pownedPasswordEvents.js b/src/all/background_page/event/pownedPasswordEvents.js new file mode 100644 index 00000000..327f2b7e --- /dev/null +++ b/src/all/background_page/event/pownedPasswordEvents.js @@ -0,0 +1,30 @@ +/** + * Passbolt ~ Open source password manager for teams + * Copyright (c) Passbolt SA (https://www.passbolt.com) + * + * Licensed under GNU Affero General Public License version 3 of the or any later version. + * For full copyright and license information, please see the LICENSE.txt + * Redistributions of files must retain the above copyright notice. + * + * @copyright Copyright (c) Passbolt SA (https://www.passbolt.com) + * @license https://opensource.org/licenses/AGPL-3.0 AGPL License + * @link https://www.passbolt.com Passbolt(tm) + * @since 3.11.0 + */ +import PownedPasswordController from '../controller/secret/pownedPasswordController'; + +const listen = function(worker) { + /* + * Check if password is powned + * + * @listens passbolt.secrets.powned-password + * @param requestId {uuid} The request identifier + * @param password {string} the password to check + */ + worker.port.on('passbolt.secrets.powned-password', async(requestId, password) => { + const controller = new PownedPasswordController(worker, requestId); + await controller._exec(password); + }); +}; + +export const PownedPasswordEvents = {listen}; diff --git a/src/all/background_page/pagemod/appPagemod.js b/src/all/background_page/pagemod/appPagemod.js index 7abf3637..a8fd3af2 100644 --- a/src/all/background_page/pagemod/appPagemod.js +++ b/src/all/background_page/pagemod/appPagemod.js @@ -73,6 +73,7 @@ App.init = function() { app.events.role.listen(worker); app.events.keyring.listen(worker); app.events.secret.listen(worker); + app.events.pownedPassword.listen(worker); app.events.organizationSettings.listen(worker); app.events.share.listen(worker); app.events.subscription.listen(worker); diff --git a/src/all/background_page/pagemod/quickAccessPagemod.js b/src/all/background_page/pagemod/quickAccessPagemod.js index 2c995a1b..0e4e488d 100644 --- a/src/all/background_page/pagemod/quickAccessPagemod.js +++ b/src/all/background_page/pagemod/quickAccessPagemod.js @@ -59,6 +59,7 @@ class QuickAccess { app.events.tag.listen(this._worker); app.events.resource.listen(this._worker); app.events.secret.listen(this._worker); + app.events.pownedPassword.listen(this._worker); app.events.organizationSettings.listen(this._worker); app.events.tab.listen(this._worker); app.events.locale.listen(this._worker); diff --git a/src/all/background_page/pagemod/recoverPagemod.js b/src/all/background_page/pagemod/recoverPagemod.js index 7e934355..e664cc1a 100644 --- a/src/all/background_page/pagemod/recoverPagemod.js +++ b/src/all/background_page/pagemod/recoverPagemod.js @@ -53,7 +53,7 @@ Recover.init = function() { // @todo account-recovery-refactoring check to remove all the listener, they expose confidential services. app.events.config.listen(worker); app.events.recover.listen(worker, apiClientOptions, account); - app.events.secret.listen(worker); + app.events.pownedPassword.listen(worker); } }); }; diff --git a/src/all/background_page/pagemod/setupPagemod.js b/src/all/background_page/pagemod/setupPagemod.js index ed899fd6..8263f828 100644 --- a/src/all/background_page/pagemod/setupPagemod.js +++ b/src/all/background_page/pagemod/setupPagemod.js @@ -53,7 +53,7 @@ Setup.init = function() { // @todo account-recovery-refactoring check to remove all the listener, they expose confidential services. app.events.config.listen(worker); app.events.setup.listen(worker, apiClientOptions, account); - app.events.secret.listen(worker); + app.events.pownedPassword.listen(worker); } }); }; diff --git a/src/chrome-mv3/pagemod/appPagemod.js b/src/chrome-mv3/pagemod/appPagemod.js index be1fad54..716d9540 100644 --- a/src/chrome-mv3/pagemod/appPagemod.js +++ b/src/chrome-mv3/pagemod/appPagemod.js @@ -39,6 +39,7 @@ import {ThemeEvents} from "../../all/background_page/event/themeEvents"; import {LocaleEvents} from "../../all/background_page/event/localeEvents"; import {PasswordGeneratorEvents} from "../../all/background_page/event/passwordGeneratorEvents"; import {MobileEvents} from "../../all/background_page/event/mobileEvents"; +import {PownedPasswordEvents} from '../../all/background_page/event/pownedPasswordEvents'; class App extends Pagemod { /** @@ -70,7 +71,8 @@ class App extends Pagemod { ThemeEvents, LocaleEvents, PasswordGeneratorEvents, - MobileEvents + MobileEvents, + PownedPasswordEvents ]; } diff --git a/src/chrome-mv3/pagemod/appPagemod.test.js b/src/chrome-mv3/pagemod/appPagemod.test.js index 085ea966..64ad8213 100644 --- a/src/chrome-mv3/pagemod/appPagemod.test.js +++ b/src/chrome-mv3/pagemod/appPagemod.test.js @@ -39,6 +39,7 @@ import {ThemeEvents} from "../../all/background_page/event/themeEvents"; import {PasswordGeneratorEvents} from "../../all/background_page/event/passwordGeneratorEvents"; import {MobileEvents} from "../../all/background_page/event/mobileEvents"; import GpgAuth from "../../all/background_page/model/gpgauth"; +import {PownedPasswordEvents} from '../../all/background_page/event/pownedPasswordEvents'; jest.spyOn(GetLegacyAccountService, "get").mockImplementation(jest.fn()); jest.spyOn(ConfigEvents, "listen").mockImplementation(jest.fn()); @@ -66,6 +67,7 @@ jest.spyOn(ThemeEvents, "listen").mockImplementation(jest.fn()); jest.spyOn(LocaleEvents, "listen").mockImplementation(jest.fn()); jest.spyOn(PasswordGeneratorEvents, "listen").mockImplementation(jest.fn()); jest.spyOn(MobileEvents, "listen").mockImplementation(jest.fn()); +jest.spyOn(PownedPasswordEvents, "listen").mockImplementation(jest.fn()); describe("Auth", () => { @@ -76,7 +78,7 @@ describe("Auth", () => { describe("Auth::attachEvents", () => { it("Should attach events", async() => { - expect.assertions(28); + expect.assertions(29); // data mocked const port = { _port: { @@ -119,6 +121,7 @@ describe("Auth", () => { expect(LocaleEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined); expect(PasswordGeneratorEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined); expect(MobileEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined); + expect(PownedPasswordEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined); expect(App.events).toStrictEqual([ ConfigEvents, AppEvents, @@ -144,7 +147,8 @@ describe("Auth", () => { ThemeEvents, LocaleEvents, PasswordGeneratorEvents, - MobileEvents + MobileEvents, + PownedPasswordEvents ]); expect(App.appName).toBe('App'); }); diff --git a/src/chrome-mv3/pagemod/quickAccessPagemod.js b/src/chrome-mv3/pagemod/quickAccessPagemod.js index 739ea8b9..59e94292 100644 --- a/src/chrome-mv3/pagemod/quickAccessPagemod.js +++ b/src/chrome-mv3/pagemod/quickAccessPagemod.js @@ -24,6 +24,7 @@ import {OrganizationSettingsEvents} from "../../all/background_page/event/organi import {TabEvents} from "../../all/background_page/event/tabEvents"; import {LocaleEvents} from "../../all/background_page/event/localeEvents"; import {PasswordGeneratorEvents} from "../../all/background_page/event/passwordGeneratorEvents"; +import {PownedPasswordEvents} from '../../all/background_page/event/pownedPasswordEvents'; class QuickAccess extends Pagemod { /** @@ -42,7 +43,8 @@ class QuickAccess extends Pagemod { OrganizationSettingsEvents, TabEvents, LocaleEvents, - PasswordGeneratorEvents + PasswordGeneratorEvents, + PownedPasswordEvents ]; } } diff --git a/src/chrome-mv3/pagemod/quickAccessPagemod.test.js b/src/chrome-mv3/pagemod/quickAccessPagemod.test.js index d21e5440..fff6cba1 100644 --- a/src/chrome-mv3/pagemod/quickAccessPagemod.test.js +++ b/src/chrome-mv3/pagemod/quickAccessPagemod.test.js @@ -24,6 +24,7 @@ import {OrganizationSettingsEvents} from "../../all/background_page/event/organi import {TabEvents} from "../../all/background_page/event/tabEvents"; import {LocaleEvents} from "../../all/background_page/event/localeEvents"; import {PasswordGeneratorEvents} from "../../all/background_page/event/passwordGeneratorEvents"; +import {PownedPasswordEvents} from '../../all/background_page/event/pownedPasswordEvents'; jest.spyOn(AuthEvents, "listen").mockImplementation(jest.fn()); jest.spyOn(ConfigEvents, "listen").mockImplementation(jest.fn()); @@ -37,6 +38,7 @@ jest.spyOn(OrganizationSettingsEvents, "listen").mockImplementation(jest.fn()); jest.spyOn(TabEvents, "listen").mockImplementation(jest.fn()); jest.spyOn(LocaleEvents, "listen").mockImplementation(jest.fn()); jest.spyOn(PasswordGeneratorEvents, "listen").mockImplementation(jest.fn()); +jest.spyOn(PownedPasswordEvents, "listen").mockImplementation(jest.fn()); describe("QuickAccess", () => { beforeEach(async() => { @@ -46,7 +48,7 @@ describe("QuickAccess", () => { describe("QuickAccess::attachEvents", () => { it("Should attach events", async() => { - expect.assertions(14); + expect.assertions(15); // data mocked const port = { _port: { @@ -68,7 +70,8 @@ describe("QuickAccess", () => { expect(TabEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab, name: QuickAccess.appName}); expect(LocaleEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab, name: QuickAccess.appName}); expect(PasswordGeneratorEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab, name: QuickAccess.appName}); - expect(QuickAccess.events).toStrictEqual([AuthEvents, ConfigEvents, KeyringEvents, QuickAccessEvents, GroupEvents, TagEvents, ResourceEvents, SecretEvents, OrganizationSettingsEvents, TabEvents, LocaleEvents, PasswordGeneratorEvents]); + expect(PownedPasswordEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab, name: QuickAccess.appName}); + expect(QuickAccess.events).toStrictEqual([AuthEvents, ConfigEvents, KeyringEvents, QuickAccessEvents, GroupEvents, TagEvents, ResourceEvents, SecretEvents, OrganizationSettingsEvents, TabEvents, LocaleEvents, PasswordGeneratorEvents, PownedPasswordEvents]); expect(QuickAccess.appName).toBe('QuickAccess'); }); }); diff --git a/src/chrome-mv3/pagemod/recoverPagemod.js b/src/chrome-mv3/pagemod/recoverPagemod.js index c3c49b8a..75ebab44 100644 --- a/src/chrome-mv3/pagemod/recoverPagemod.js +++ b/src/chrome-mv3/pagemod/recoverPagemod.js @@ -17,7 +17,7 @@ import {RecoverEvents} from "../../all/background_page/event/recoverEvents"; import BuildAccountRecoverService from "../../all/background_page/service/recover/buildAccountRecoverService"; import BuildAccountApiClientOptionsService from "../../all/background_page/service/account/buildApiClientOptionsService"; -import {SecretEvents} from "../../all/background_page/event/secretEvents"; +import {PownedPasswordEvents} from "../../all/background_page/event/pownedPasswordEvents"; class Recover extends Pagemod { /** @@ -25,7 +25,7 @@ class Recover extends Pagemod { * @returns {[]} */ get events() { - return [ConfigEvents, RecoverEvents, SecretEvents]; + return [ConfigEvents, RecoverEvents, PownedPasswordEvents]; } /** diff --git a/src/chrome-mv3/pagemod/recoverPagemod.test.js b/src/chrome-mv3/pagemod/recoverPagemod.test.js index c84a7e58..b3f02935 100644 --- a/src/chrome-mv3/pagemod/recoverPagemod.test.js +++ b/src/chrome-mv3/pagemod/recoverPagemod.test.js @@ -17,13 +17,13 @@ import BuildAccountRecoverService from "../../all/background_page/service/recove import {ConfigEvents} from "../../all/background_page/event/configEvents"; import BuildAccountApiClientOptionsService from "../../all/background_page/service/account/buildApiClientOptionsService"; -import {SecretEvents} from "../../all/background_page/event/secretEvents"; +import {PownedPasswordEvents} from '../../all/background_page/event/pownedPasswordEvents'; jest.spyOn(BuildAccountRecoverService, "buildFromRecoverUrl").mockImplementation(jest.fn()); jest.spyOn(BuildAccountApiClientOptionsService, "build").mockImplementation(jest.fn()); jest.spyOn(ConfigEvents, "listen").mockImplementation(jest.fn()); jest.spyOn(RecoverEvents, "listen").mockImplementation(jest.fn()); -jest.spyOn(SecretEvents, "listen").mockImplementation(jest.fn()); +jest.spyOn(PownedPasswordEvents, "listen").mockImplementation(jest.fn()); describe("Recover", () => { beforeEach(async() => { @@ -51,8 +51,8 @@ describe("Recover", () => { expect(BuildAccountApiClientOptionsService.build).toHaveBeenCalled(); expect(ConfigEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined); expect(RecoverEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined); - expect(SecretEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined); - expect(Recover.events).toStrictEqual([ConfigEvents, RecoverEvents, SecretEvents]); + expect(PownedPasswordEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined); + expect(Recover.events).toStrictEqual([ConfigEvents, RecoverEvents, PownedPasswordEvents]); expect(Recover.appName).toBe('Recover'); }); }); diff --git a/src/chrome-mv3/pagemod/setupPagemod.js b/src/chrome-mv3/pagemod/setupPagemod.js index ac4931d9..5bddcccc 100644 --- a/src/chrome-mv3/pagemod/setupPagemod.js +++ b/src/chrome-mv3/pagemod/setupPagemod.js @@ -17,14 +17,14 @@ import BuildAccountApiClientOptionsService from "../../all/background_page/service/account/buildApiClientOptionsService"; import {SetupEvents} from "../../all/background_page/event/setupEvents"; import BuildAccountSetupService from "../../all/background_page/service/setup/buildAccountSetupService"; -import {SecretEvents} from "../../all/background_page/event/secretEvents"; +import {PownedPasswordEvents} from "../../all/background_page/event/pownedPasswordEvents"; class Setup extends Pagemod { /** * @inheritDoc */ get events() { - return [ConfigEvents, SetupEvents, SecretEvents]; + return [ConfigEvents, SetupEvents, PownedPasswordEvents]; } /** diff --git a/src/chrome-mv3/pagemod/setupPagemod.test.js b/src/chrome-mv3/pagemod/setupPagemod.test.js index 3e6c1963..53b22345 100644 --- a/src/chrome-mv3/pagemod/setupPagemod.test.js +++ b/src/chrome-mv3/pagemod/setupPagemod.test.js @@ -17,13 +17,13 @@ import {SetupEvents} from "../../all/background_page/event/setupEvents"; import BuildAccountApiClientOptionsService from "../../all/background_page/service/account/buildApiClientOptionsService"; import BuildAccountSetupService from "../../all/background_page/service/setup/buildAccountSetupService"; -import {SecretEvents} from "../../all/background_page/event/secretEvents"; +import {PownedPasswordEvents} from '../../all/background_page/event/pownedPasswordEvents'; jest.spyOn(BuildAccountSetupService, "buildFromSetupUrl").mockImplementation(jest.fn()); jest.spyOn(BuildAccountApiClientOptionsService, "build").mockImplementation(jest.fn()); jest.spyOn(ConfigEvents, "listen").mockImplementation(jest.fn()); jest.spyOn(SetupEvents, "listen").mockImplementation(jest.fn()); -jest.spyOn(SecretEvents, "listen").mockImplementation(jest.fn()); +jest.spyOn(PownedPasswordEvents, "listen").mockImplementation(jest.fn()); describe("Setup", () => { beforeEach(async() => { @@ -51,8 +51,8 @@ describe("Setup", () => { expect(BuildAccountApiClientOptionsService.build).toHaveBeenCalled(); expect(ConfigEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined); expect(SetupEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined); - expect(SecretEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined); - expect(Setup.events).toStrictEqual([ConfigEvents, SetupEvents, SecretEvents]); + expect(PownedPasswordEvents.listen).toHaveBeenCalledWith({port: port, tab: port._port.sender.tab}, undefined, undefined); + expect(Setup.events).toStrictEqual([ConfigEvents, SetupEvents, PownedPasswordEvents]); expect(Setup.appName).toBe('Setup'); }); });