[PM-5362] Add MP Service (attempt #2) (#8619)

* create mp and kdf service

* update mp service interface to not rely on active user

* rename observable methods

* update crypto service with new MP service

* add master password service to login strategies
- make fake service for easier testing
- fix crypto service tests

* update auth service and finish strategies

* auth request refactors

* more service refactors and constructor updates

* setMasterKey refactors

* remove master key methods from crypto service

* remove master key and hash from state service

* missed fixes

* create migrations and fix references

* fix master key imports

* default force set password reason to none

* add password reset reason observable factory to service

* remove kdf changes and migrate only disk data

* update migration number

* fix sync service deps

* use disk for force set password state

* fix desktop migration

* fix sso test

* fix tests

* fix more tests

* fix even more tests

* fix even more tests

* fix cli

* remove kdf service abstraction

* add missing deps for browser

* fix merge conflicts

* clear reset password reason on lock or logout

* fix tests

* fix other tests

* add jsdocs to abstraction

* use state provider in crypto service

* inverse master password service factory

* add clearOn to master password service

* add parameter validation to master password service

* add component level userId

* add missed userId

* migrate key hash

* fix login strategy service

* delete crypto master key from account

* migrate master key encrypted user key

* rename key hash to master key hash

* use mp service for getMasterKeyEncryptedUserKey

* fix tests

* fix user key decryption logic

* add clear methods to mp service

* fix circular dep and encryption issue

* fix test

* remove extra account service call

* use EncString in state provider

* fix tests

* return to using encrypted string for serialization

apps/browser/src/auth/background/service-factories/auth-request-service.factory.ts

@@ -17,18 +17,21 @@ import {
   FactoryOptions,
   factory,
 } from "../../../platform/background/service-factories/factory-options";
+
+import { accountServiceFactory, AccountServiceInitOptions } from "./account-service.factory";
 import {
-  stateServiceFactory,
-  StateServiceInitOptions,
-} from "../../../platform/background/service-factories/state-service.factory";
+  internalMasterPasswordServiceFactory,
+  MasterPasswordServiceInitOptions,
+} from "./master-password-service.factory";
 
 type AuthRequestServiceFactoryOptions = FactoryOptions;
 
 export type AuthRequestServiceInitOptions = AuthRequestServiceFactoryOptions &
   AppIdServiceInitOptions &
+  AccountServiceInitOptions &
+  MasterPasswordServiceInitOptions &
   CryptoServiceInitOptions &
-  ApiServiceInitOptions &
-  StateServiceInitOptions;
+  ApiServiceInitOptions;
 
 export function authRequestServiceFactory(
   cache: { authRequestService?: AuthRequestServiceAbstraction } & CachedServices,
@@ -41,9 +44,10 @@ export function authRequestServiceFactory(
     async () =>
       new AuthRequestService(
         await appIdServiceFactory(cache, opts),
+        await accountServiceFactory(cache, opts),
+        await internalMasterPasswordServiceFactory(cache, opts),
         await cryptoServiceFactory(cache, opts),
         await apiServiceFactory(cache, opts),
-        await stateServiceFactory(cache, opts),
       ),
   );
 }

apps/browser/src/auth/background/service-factories/key-connector-service.factory.ts

@@ -31,6 +31,11 @@ import {
   StateProviderInitOptions,
 } from "../../../platform/background/service-factories/state-provider.factory";
 
+import { accountServiceFactory, AccountServiceInitOptions } from "./account-service.factory";
+import {
+  internalMasterPasswordServiceFactory,
+  MasterPasswordServiceInitOptions,
+} from "./master-password-service.factory";
 import { TokenServiceInitOptions, tokenServiceFactory } from "./token-service.factory";
 
 type KeyConnectorServiceFactoryOptions = FactoryOptions & {
@@ -40,6 +45,8 @@ type KeyConnectorServiceFactoryOptions = FactoryOptions & {
 };
 
 export type KeyConnectorServiceInitOptions = KeyConnectorServiceFactoryOptions &
+  AccountServiceInitOptions &
+  MasterPasswordServiceInitOptions &
   CryptoServiceInitOptions &
   ApiServiceInitOptions &
   TokenServiceInitOptions &
@@ -58,6 +65,8 @@ export function keyConnectorServiceFactory(
     opts,
     async () =>
       new KeyConnectorService(
+        await accountServiceFactory(cache, opts),
+        await internalMasterPasswordServiceFactory(cache, opts),
         await cryptoServiceFactory(cache, opts),
         await apiServiceFactory(cache, opts),
         await tokenServiceFactory(cache, opts),

apps/browser/src/auth/background/service-factories/login-strategy-service.factory.ts

@@ -59,6 +59,7 @@ import {
   PasswordStrengthServiceInitOptions,
 } from "../../../tools/background/service_factories/password-strength-service.factory";
 
+import { accountServiceFactory, AccountServiceInitOptions } from "./account-service.factory";
 import {
   authRequestServiceFactory,
   AuthRequestServiceInitOptions,
@@ -71,6 +72,10 @@ import {
   keyConnectorServiceFactory,
   KeyConnectorServiceInitOptions,
 } from "./key-connector-service.factory";
+import {
+  internalMasterPasswordServiceFactory,
+  MasterPasswordServiceInitOptions,
+} from "./master-password-service.factory";
 import { tokenServiceFactory, TokenServiceInitOptions } from "./token-service.factory";
 import { twoFactorServiceFactory, TwoFactorServiceInitOptions } from "./two-factor-service.factory";
 import {
@@ -81,6 +86,8 @@ import {
 type LoginStrategyServiceFactoryOptions = FactoryOptions;
 
 export type LoginStrategyServiceInitOptions = LoginStrategyServiceFactoryOptions &
+  AccountServiceInitOptions &
+  MasterPasswordServiceInitOptions &
   CryptoServiceInitOptions &
   ApiServiceInitOptions &
   TokenServiceInitOptions &
@@ -111,6 +118,8 @@ export function loginStrategyServiceFactory(
     opts,
     async () =>
       new LoginStrategyService(
+        await accountServiceFactory(cache, opts),
+        await internalMasterPasswordServiceFactory(cache, opts),
         await cryptoServiceFactory(cache, opts),
         await apiServiceFactory(cache, opts),
         await tokenServiceFactory(cache, opts),

apps/browser/src/auth/background/service-factories/master-password-service.factory.ts

@@ -0,0 +1,42 @@
+import {
+  InternalMasterPasswordServiceAbstraction,
+  MasterPasswordServiceAbstraction,
+} from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
+import { MasterPasswordService } from "@bitwarden/common/auth/services/master-password/master-password.service";
+
+import {
+  CachedServices,
+  factory,
+  FactoryOptions,
+} from "../../../platform/background/service-factories/factory-options";
+import {
+  stateProviderFactory,
+  StateProviderInitOptions,
+} from "../../../platform/background/service-factories/state-provider.factory";
+
+type MasterPasswordServiceFactoryOptions = FactoryOptions;
+
+export type MasterPasswordServiceInitOptions = MasterPasswordServiceFactoryOptions &
+  StateProviderInitOptions;
+
+export function internalMasterPasswordServiceFactory(
+  cache: { masterPasswordService?: InternalMasterPasswordServiceAbstraction } & CachedServices,
+  opts: MasterPasswordServiceInitOptions,
+): Promise<InternalMasterPasswordServiceAbstraction> {
+  return factory(
+    cache,
+    "masterPasswordService",
+    opts,
+    async () => new MasterPasswordService(await stateProviderFactory(cache, opts)),
+  );
+}
+
+export async function masterPasswordServiceFactory(
+  cache: { masterPasswordService?: InternalMasterPasswordServiceAbstraction } & CachedServices,
+  opts: MasterPasswordServiceInitOptions,
+): Promise<MasterPasswordServiceAbstraction> {
+  return (await internalMasterPasswordServiceFactory(
+    cache,
+    opts,
+  )) as MasterPasswordServiceAbstraction;
+}

apps/browser/src/auth/background/service-factories/user-verification-service.factory.ts

@@ -31,6 +31,11 @@ import {
   stateServiceFactory,
 } from "../../../platform/background/service-factories/state-service.factory";
 
+import { accountServiceFactory, AccountServiceInitOptions } from "./account-service.factory";
+import {
+  internalMasterPasswordServiceFactory,
+  MasterPasswordServiceInitOptions,
+} from "./master-password-service.factory";
 import { PinCryptoServiceInitOptions, pinCryptoServiceFactory } from "./pin-crypto-service.factory";
 import {
   userDecryptionOptionsServiceFactory,
@@ -46,6 +51,8 @@ type UserVerificationServiceFactoryOptions = FactoryOptions;
 export type UserVerificationServiceInitOptions = UserVerificationServiceFactoryOptions &
   StateServiceInitOptions &
   CryptoServiceInitOptions &
+  AccountServiceInitOptions &
+  MasterPasswordServiceInitOptions &
   I18nServiceInitOptions &
   UserVerificationApiServiceInitOptions &
   UserDecryptionOptionsServiceInitOptions &
@@ -66,6 +73,8 @@ export function userVerificationServiceFactory(
       new UserVerificationService(
         await stateServiceFactory(cache, opts),
         await cryptoServiceFactory(cache, opts),
+        await accountServiceFactory(cache, opts),
+        await internalMasterPasswordServiceFactory(cache, opts),
         await i18nServiceFactory(cache, opts),
         await userVerificationApiServiceFactory(cache, opts),
         await userDecryptionOptionsServiceFactory(cache, opts),

apps/browser/src/auth/popup/lock.component.ts

@@ -12,6 +12,7 @@ import { InternalPolicyService } from "@bitwarden/common/admin-console/abstracti
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { UserVerificationService } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -41,6 +42,7 @@ export class LockComponent extends BaseLockComponent {
   fido2PopoutSessionData$ = fido2PopoutSessionData$();
 
   constructor(
+    masterPasswordService: InternalMasterPasswordServiceAbstraction,
     router: Router,
     i18nService: I18nService,
     platformUtilsService: PlatformUtilsService,
@@ -66,6 +68,7 @@ export class LockComponent extends BaseLockComponent {
     accountService: AccountService,
   ) {
     super(
+      masterPasswordService,
       router,
       i18nService,
       platformUtilsService,

apps/browser/src/auth/popup/set-password.component.ts

@@ -1,65 +1,9 @@
 import { Component } from "@angular/core";
-import { ActivatedRoute, Router } from "@angular/router";
 
 import { SetPasswordComponent as BaseSetPasswordComponent } from "@bitwarden/angular/auth/components/set-password.component";
-import { InternalUserDecryptionOptionsServiceAbstraction } from "@bitwarden/auth/common";
-import { ApiService } from "@bitwarden/common/abstractions/api.service";
-import { OrganizationApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/organization/organization-api.service.abstraction";
-import { OrganizationUserService } from "@bitwarden/common/admin-console/abstractions/organization-user/organization-user.service";
-import { PolicyApiServiceAbstraction } from "@bitwarden/common/admin-console/abstractions/policy/policy-api.service.abstraction";
-import { PolicyService } from "@bitwarden/common/admin-console/abstractions/policy/policy.service.abstraction";
-import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
-import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
-import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
-import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
-import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
-import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
-import { PasswordGenerationServiceAbstraction } from "@bitwarden/common/tools/generator/password";
-import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
-import { DialogService } from "@bitwarden/components";
 
 @Component({
   selector: "app-set-password",
   templateUrl: "set-password.component.html",
 })
-export class SetPasswordComponent extends BaseSetPasswordComponent {
-  constructor(
-    apiService: ApiService,
-    i18nService: I18nService,
-    cryptoService: CryptoService,
-    messagingService: MessagingService,
-    stateService: StateService,
-    passwordGenerationService: PasswordGenerationServiceAbstraction,
-    platformUtilsService: PlatformUtilsService,
-    policyApiService: PolicyApiServiceAbstraction,
-    policyService: PolicyService,
-    router: Router,
-    syncService: SyncService,
-    route: ActivatedRoute,
-    organizationApiService: OrganizationApiServiceAbstraction,
-    organizationUserService: OrganizationUserService,
-    userDecryptionOptionsService: InternalUserDecryptionOptionsServiceAbstraction,
-    ssoLoginService: SsoLoginServiceAbstraction,
-    dialogService: DialogService,
-  ) {
-    super(
-      i18nService,
-      cryptoService,
-      messagingService,
-      passwordGenerationService,
-      platformUtilsService,
-      policyApiService,
-      policyService,
-      router,
-      apiService,
-      syncService,
-      route,
-      stateService,
-      organizationApiService,
-      organizationUserService,
-      userDecryptionOptionsService,
-      ssoLoginService,
-      dialogService,
-    );
-  }
-}
+export class SetPasswordComponent extends BaseSetPasswordComponent {}

apps/browser/src/auth/popup/sso.component.ts

@@ -9,7 +9,9 @@ import {
   UserDecryptionOptionsServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
@@ -45,7 +47,9 @@ export class SsoComponent extends BaseSsoComponent {
     logService: LogService,
     userDecryptionOptionsService: UserDecryptionOptionsServiceAbstraction,
     configService: ConfigService,
-    protected authService: AuthService,
+    masterPasswordService: InternalMasterPasswordServiceAbstraction,
+    accountService: AccountService,
+    private authService: AuthService,
     @Inject(WINDOW) private win: Window,
   ) {
     super(
@@ -63,6 +67,8 @@ export class SsoComponent extends BaseSsoComponent {
       logService,
       userDecryptionOptionsService,
       configService,
+      masterPasswordService,
+      accountService,
     );
 
     environmentService.environment$.pipe(takeUntilDestroyed()).subscribe((env) => {

apps/browser/src/auth/popup/two-factor.component.ts

@@ -11,6 +11,8 @@ import {
   UserDecryptionOptionsServiceAbstraction,
 } from "@bitwarden/auth/common";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { InternalMasterPasswordServiceAbstraction } from "@bitwarden/common/auth/abstractions/master-password.service.abstraction";
 import { SsoLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/sso-login.service.abstraction";
 import { TwoFactorService } from "@bitwarden/common/auth/abstractions/two-factor.service";
 import { TwoFactorProviderType } from "@bitwarden/common/auth/enums/two-factor-provider-type";
@@ -58,6 +60,8 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
     configService: ConfigService,
     ssoLoginService: SsoLoginServiceAbstraction,
     private dialogService: DialogService,
+    masterPasswordService: InternalMasterPasswordServiceAbstraction,
+    accountService: AccountService,
     @Inject(WINDOW) protected win: Window,
     private browserMessagingApi: ZonedMessageListenerService,
   ) {
@@ -78,6 +82,8 @@ export class TwoFactorComponent extends BaseTwoFactorComponent {
       userDecryptionOptionsService,
       ssoLoginService,
       configService,
+      masterPasswordService,
+      accountService,
     );
     super.onSuccessfulLogin = async () => {
       // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.