passbolt-browser-extension 4.6.2 → 4.7.0-alpha.1

package/.gitlab-ci/jobs/build.yml

@@ -1,6 +1,6 @@
 build:
   stage: build
-  image: node:18
+  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:18
   extends: .rules
   artifacts:
     when: always
@@ -22,7 +22,7 @@ build:
 
 build_mv3:
   stage: build
-  image: node:18
+  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:18
   extends: .rules
   artifacts:
     when: always
@@ -39,4 +39,4 @@ build_mv3:
         echo "Sending slack build notification"
         echo "================================"
         bash ./.gitlab-ci/scripts/bin/slack-status-messages.sh ":jigsaw: A new wild MV3 browser extension appeared! $CI_COMMIT_TAG" "$CI_PROJECT_URL/-/jobs/$CI_JOB_ID/artifacts/browse/dist/"
-      fi
+      fi

package/.gitlab-ci/jobs/publish.yml

@@ -36,3 +36,13 @@ publish-edge:
       echo "Sending slack build notification"
       echo "================================"
       bash ./.gitlab-ci/scripts/bin/slack-status-messages.sh ":rocket: passbolt-edge-extension $CI_COMMIT_TAG has been published!" "$CI_PROJECT_URL/-/jobs/$CI_JOB_ID"
+
+publish-to-npmjs:
+  stage: publish
+  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:18
+  rules:
+    - if: "$CI_COMMIT_TAG"
+  script:
+    - |
+      bash .gitlab-ci/scripts/bin/publish_npm.sh
+      bash ./.gitlab-ci/scripts/bin/slack-status-messages.sh ":rocket: passbolt-browser-extension $CI_COMMIT_TAG has been published in https://www.npmjs.com/package/passbolt-browser-extension" "$CI_PROJECT_URL/-/jobs/$CI_JOB_ID"

package/.gitlab-ci/jobs/test.yml

@@ -1,11 +1,11 @@
 tester:
   stage: test
-  image: node:18
+  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:18
   coverage: /Lines\s* [:] ([\d\.]+)%/
   extends: .rules
   script:
     - npm ci
-    - npm run test:coverage
+    - npm run test:ci:coverage
   artifacts:
     when: always
     reports:
@@ -17,7 +17,7 @@ tester:
 
 linter:
   stage: test
-  image: node:18
+  image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/node:18
   extends: .rules
   script:
     - npm ci
@@ -29,4 +29,4 @@ audit:
   image: node:18
   extends: .rules
   script:
-    - npm audit
+    - npm audit

package/.gitlab-ci/scripts/bin/publish_npm.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+
+# shellcheck disable=SC1091
+
+set -eu
+
+CI_SCRIPTS_DIR=$(dirname "$0")/..
+
+# shellcheck source=.gitlab-ci/scripts/lib/version-check.sh
+source "$CI_SCRIPTS_DIR"/lib/version-check.sh
+
+echo //registry.npmjs.org/:_authToken="$NPM_PUBLISH_TOKEN" > .npmrc
+echo email="$NPM_PUBLISH_EMAIL" >> .npmrc
+echo always-auth=true >> .npmrc
+
+if is_release_candidate "$CI_COMMIT_TAG"; then
+  npm publish --tag next
+elif is_release_alpha "$CI_COMMIT_TAG"; then
+  npm publish --tag alpha
+elif is_release_beta "$CI_COMMIT_TAG"; then
+  npm publish --tag beta
+else
+  npm publish
+fi

package/.gitlab-ci/scripts/lib/version-check.sh

@@ -13,6 +13,22 @@ function is_release_candidate () {
   return 0
 }
 
+function is_release_alpha () {
+  local version=$1
+  if [[ ! $version =~ [0-9]+\.[0-9]+\.[0-9]+-alpha\.[0-9]+ ]];then
+    return 1
+  fi
+  return 0
+}
+
+function is_release_beta () {
+  local version=$1
+  if [[ ! $version =~ [0-9]+\.[0-9]+\.[0-9]+-beta\.[0-9]+ ]];then
+    return 1
+  fi
+  return 0
+}
+
 function validate_config_version_and_api_tag () {
   local version_file="$1"
   local version

package/.gitlab-ci.yml

@@ -1,4 +1,4 @@
-image: debian:stable-slim
+image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/debian:stable-slim
 
 stages:
   - test
@@ -18,4 +18,4 @@ include:
   - local: "/.gitlab-ci/jobs/test.yml"
   - local: "/.gitlab-ci/jobs/review.yml"
   - local: "/.gitlab-ci/jobs/publish.yml"
-  - local: ".gitlab-ci/jobs/release.yml"
+  - local: ".gitlab-ci/jobs/release.yml"

package/doc/worker-port-lfecycle.md

@@ -0,0 +1,19 @@
+```mermaid
+stateDiagram
+    classDef badBadEvent fill:#f00,color:white,font-weight:bold,stroke-width:2px,stroke:yellow
+
+    [*] --> awaiting_connection: SW navigation url matching
+
+    awaiting_connection --> connected: CC opening port
+    connected --> disconnected: SW stopped
+    disconnected --> reconnecting: SW navigation url same origin
+    disconnected --> connected: CC reopening port
+    reconnecting --> connected: SW requesting CC port opening ||\nCC reopening port (following a user interaction)
+
+    awaiting_connection --> [*]: SW tab removed || \n SW navigation url diff origin
+    connected --> [*]: SW tab removed || \n SW navigation url diff origin
+    disconnected --> [*]: SW tab removed || \n SW navigation url diff origin
+    reconnecting --> [*]: SW tab removed || \n Cannot reconnect port || \n SW navigation url diff origin
+
+    class reconnecting badBadEvent
+```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "passbolt-browser-extension",
-  "version": "4.6.2",
+  "version": "4.7.0-alpha.1",
   "license": "AGPL-3.0",
   "copyright": "Copyright 2022 Passbolt SA",
   "description": "Passbolt web extension for the open source password manager for teams",
@@ -21,7 +21,7 @@
     "locutus": "~2.0.9",
     "openpgp": "^5.11.1",
     "papaparse": "^5.2.0",
-    "passbolt-styleguide": "^4.6.3",
+    "passbolt-styleguide": "^4.7.0-alpha-4",
     "react": "17.0.2",
     "react-dom": "17.0.2",
     "secrets-passbolt": "github:passbolt/secrets.js#v2.0.1",
@@ -109,7 +109,8 @@
     "lint:eslint-fix": "eslint -c .eslintrc.json --ext js --ext jsx --fix src",
     "i18n:externalize": "i18next -c ./i18next-parser.config.js",
     "test": "npm run test:unit",
-    "test:unit": "jest --no-cache ./src/all/ ./src/chrome-mv3/ --maxWorkers=4",
-    "test:coverage": "jest --no-cache ./src/all/ ./src/chrome-mv3/ --maxWorkers=4 --coverage"
+    "test:unit": "jest --no-cache ./src/all/ ./src/chrome-mv3/",
+    "test:coverage": "jest --no-cache ./src/all/ ./src/chrome-mv3/ --coverage",
+    "test:ci:coverage": "npm run test:coverage -- --runInBand"
   }
 }

package/src/all/background_page/controller/account/updatePrivateKeyController.js

@@ -19,6 +19,7 @@ import SsoDataStorage from "../../service/indexedDB_storage/ssoDataStorage";
 import SsoKitServerPartModel from "../../model/sso/ssoKitServerPartModel";
 import PassboltApiFetchError from "passbolt-styleguide/src/shared/lib/Error/PassboltApiFetchError";
 import GenerateSsoKitService from "../../service/sso/generateSsoKitService";
+import KeepSessionAliveService from "../../service/session_storage/keepSessionAliveService";
 
 const RECOVERY_KIT_FILENAME = "passbolt-recovery-kit.asc";
 
@@ -72,7 +73,7 @@ class UpdatePrivateKeyController {
     }
     await this.accountModel.updatePrivateKey(userPrivateArmoredKey);
     await PassphraseStorageService.flushPassphrase();
-    if (PassphraseStorageService.isSessionKeptUntilLogOut()) {
+    if (KeepSessionAliveService.isStarted()) {
       await PassphraseStorageService.set(newPassphrase);
     }
     await FileService.saveFile(RECOVERY_KIT_FILENAME, userPrivateArmoredKey, "text/plain", this.worker.tab.id);

package/src/all/background_page/controller/accountRecovery/accountRecoveryValidatePublicKeyController.js

@@ -12,14 +12,15 @@
  * @since         3.6.0
  */
 
-import AccountRecoveryOrganizationPolicyService from "../../service/api/accountRecovery/accountRecoveryOrganizationPolicyService";
 import AccountRecoveryModel from "../../model/accountRecovery/accountRecoveryModel";
+import ValidateOrganizationPublicKeyService from "../../service/accountRecovery/validateOrganizationPublicKeyService";
 
 class AccountRecoveryValidatePublicKeyController {
   constructor(worker, requestId, apiClientOptions) {
     this.worker = worker;
     this.requestId = requestId;
     this.accountRecoveryModel = new AccountRecoveryModel(apiClientOptions);
+    this.validateOrganizationPublicKeyService = new ValidateOrganizationPublicKeyService(apiClientOptions);
   }
 
   /**
@@ -46,7 +47,7 @@ class AccountRecoveryValidatePublicKeyController {
    */
   async exec(publicKeyToValidate) {
     const organizationPolicy = await this.accountRecoveryModel.findOrganizationPolicy();
-    await AccountRecoveryOrganizationPolicyService.validatePublicKey(publicKeyToValidate, organizationPolicy.armoredKey);
+    await this.validateOrganizationPublicKeyService.validatePublicKey(publicKeyToValidate, organizationPolicy.armoredKey);
   }
 }
 

package/src/all/background_page/controller/accountRecovery/accountRecoveryValidatePublicKeyController.test.js

@@ -63,7 +63,7 @@ describe("AccountRecoveryValidatePublicKeyController", () => {
       {key: pgpKeys.account_recovery_organization_alternative.public, expectedError: new Error("The key is already being used, the organization recovery key must be a new one.")},
       {key: pgpKeys.betty.public, expectedError: new Error("The key is the current organization recovery key, you must provide a new one.")},
     ]).describe("Should throw an error when the key cannot be validated", scenario => {
-      it(`Should throw an error whith the scenario: ${scenario.expectedError.message}`, async() => {
+      it(`Should throw an error with the scenario: ${scenario.expectedError.message}`, async() => {
         expect.assertions(1);
         mockFetch();
 

package/src/all/background_page/controller/accountRecovery/recoverAccountController.js

@@ -147,6 +147,7 @@ class RecoverAccountController {
     OpenpgpAssertion.assertPrivateKey(recoveredPrivateKey);
     this.account.userPrivateArmoredKey = recoveredPrivateKey.armor();
     this.account.userPublicArmoredKey = recoveredPrivateKey.toPublic().armor();
+    this.account.userKeyFingerprint = recoveredPrivateKey.getFingerprint().toUpperCase();
     await this.setupModel.completeRecover(this.account);
   }
 
@@ -178,6 +179,7 @@ class RecoverAccountController {
   _updateWorkerAccount(account) {
     this.account.userPublicArmoredKey = account.userPublicArmoredKey;
     this.account.userPrivateArmoredKey = account.userPrivateArmoredKey;
+    this.account.userKeyFingerprint = account.userKeyFingerprint;
   }
 
   /**

package/src/all/background_page/controller/accountRecovery/reviewRequestController.test.js

@@ -243,7 +243,7 @@ describe("ReviewRequestController", () => {
 
     it("Should assert the public key of the user making the account recovery is found.", async() => {
       expect.assertions(1);
-      await MockExtension.withConfiguredAccount();
+      await MockExtension.withConfiguredAccount(pgpKeys.betty);
       // Mock API fetch account recovery organization policy response.
       fetch.doMockOnce(() => mockApiResponse(enabledAccountRecoveryOrganizationPolicyDto()));
       // Mock API get account recovery request.

package/src/all/background_page/controller/auth/authCheckStatus.test.data.js

@@ -0,0 +1,28 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         4.7.0
+ */
+
+export const userLoggedOutAuthStatus = () => ({
+  isAuthenticated: false,
+  isMfaRequired: false,
+});
+
+export const userLoggedInAuthStatus = () => ({
+  isAuthenticated: true,
+  isMfaRequired: false,
+});
+
+export const userRequireMfaAuthStatus = () => ({
+  isAuthenticated: true,
+  isMfaRequired: true,
+});

package/src/all/background_page/controller/auth/authCheckStatusController.js

@@ -11,24 +11,38 @@
  * @link          https://www.passbolt.com Passbolt(tm)
  * @since         2.11.0
  */
-import GpgAuth from "../../model/gpgauth";
+import CheckAuthStatusService from "../../service/auth/checkAuthStatusService";
 
 class AuthCheckStatusController {
   constructor(worker, requestId) {
     this.worker = worker;
     this.requestId = requestId;
-    this.auth = new GpgAuth();
+    this.checkAuthStatusService = new CheckAuthStatusService();
   }
 
-  async main() {
+  /**
+   * Controller executor.
+   * @param {boolean} [flushCache = true] should the cache be flushed before
+   * @returns {Promise<void>}
+   */
+  async _exec(flushCache = true) {
     try {
-      const status = await this.auth.checkAuthStatus();
-      this.worker.port.emit(this.requestId, 'SUCCESS', status);
+      const authStatus = await this.exec(flushCache);
+      this.worker.port.emit(this.requestId, 'SUCCESS', authStatus);
     } catch (error) {
       console.error(error);
       this.worker.port.emit(this.requestId, 'ERROR', error);
     }
   }
+
+  /**
+   * Controller executor.
+   * @param {boolean} flushCache should the cache be flushed before
+   * @returns {Promise<{isAuthenticated: {bool}, isMfaRequired: {bool}}>}
+   */
+  async exec(flushCache) {
+    return await this.checkAuthStatusService.checkAuthStatus(flushCache);
+  }
 }
 
 export default AuthCheckStatusController;

package/src/all/background_page/controller/auth/authCheckStatusController.test.js

@@ -0,0 +1,94 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         4.7.0
+ */
+
+import MfaAuthenticationRequiredError from "../../error/mfaAuthenticationRequiredError";
+import AuthenticationStatusService from "../../service/authenticationStatusService";
+import AuthStatusLocalStorage from "../../service/local_storage/authStatusLocalStorage";
+import AuthCheckStatusController from "./authCheckStatusController";
+
+beforeEach(() => {
+  jest.clearAllMocks();
+});
+
+describe("AuthCheckStatusController", () => {
+  it("should return the auth status matching the unauthanticated state", async() => {
+    expect.assertions(3);
+    jest.spyOn(AuthStatusLocalStorage, "get").mockImplementation(() => undefined);
+    jest.spyOn(AuthStatusLocalStorage, "flush");
+    jest.spyOn(AuthenticationStatusService, "isAuthenticated").mockImplementation(() => false);
+
+    const controller = new AuthCheckStatusController();
+    const authStatus = await controller.exec(true);
+
+    expect(AuthStatusLocalStorage.get).not.toHaveBeenCalled();
+    expect(AuthStatusLocalStorage.flush).not.toHaveBeenCalled();
+    expect(authStatus).toStrictEqual({
+      isAuthenticated: false,
+      isMfaRequired: false,
+    });
+  });
+
+  it("expects the user to be fully authenticated", async() => {
+    expect.assertions(3);
+    jest.spyOn(AuthStatusLocalStorage, "get").mockImplementation(() => undefined);
+    jest.spyOn(AuthStatusLocalStorage, "flush");
+    jest.spyOn(AuthenticationStatusService, "isAuthenticated").mockImplementation(() => true);
+
+    const controller = new AuthCheckStatusController();
+    const authStatus = await controller.exec(true);
+
+    expect(AuthStatusLocalStorage.get).not.toHaveBeenCalled();
+    expect(AuthStatusLocalStorage.flush).not.toHaveBeenCalled();
+    expect(authStatus).toStrictEqual({
+      isAuthenticated: true,
+      isMfaRequired: false,
+    });
+  });
+
+  it("expects the user to require MFA authentication", async() => {
+    expect.assertions(3);
+    jest.spyOn(AuthStatusLocalStorage, "get").mockImplementation(() => undefined);
+    jest.spyOn(AuthStatusLocalStorage, "flush");
+    jest.spyOn(AuthenticationStatusService, "isAuthenticated").mockImplementation(() => { throw new MfaAuthenticationRequiredError(); });
+
+    const controller = new AuthCheckStatusController();
+    const authStatus = await controller.exec(true);
+
+    expect(AuthStatusLocalStorage.get).not.toHaveBeenCalled();
+    expect(AuthStatusLocalStorage.flush).not.toHaveBeenCalled();
+    expect(authStatus).toStrictEqual({
+      isAuthenticated: true,
+      isMfaRequired: true,
+    });
+  });
+
+  it("should return the auth status from the local storage", async() => {
+    expect.assertions(4);
+    const expectedAuthStatus = {
+      isAuthenticated: false,
+      isMfaRequired: false,
+    };
+    jest.spyOn(AuthStatusLocalStorage, "get").mockImplementation(() => expectedAuthStatus);
+    jest.spyOn(AuthStatusLocalStorage, "flush");
+    jest.spyOn(AuthenticationStatusService, "isAuthenticated");
+
+    const controller = new AuthCheckStatusController();
+    const authStatus = await controller.exec(false);
+
+    expect(AuthStatusLocalStorage.get).toHaveBeenCalledTimes(1);
+    expect(AuthStatusLocalStorage.flush).not.toHaveBeenCalled();
+    expect(AuthenticationStatusService.isAuthenticated).not.toHaveBeenCalled();
+    expect(authStatus).toStrictEqual(expectedAuthStatus);
+  });
+});

package/src/all/background_page/controller/auth/authIsMfaRequiredController.js

@@ -11,27 +11,35 @@
  * @link          https://www.passbolt.com Passbolt(tm)
  * @since         2.11.0
  */
-import GpgAuth from "../../model/gpgauth";
+import CheckAuthStatusService from "../../service/auth/checkAuthStatusService";
 
 class AuthIsMfaRequiredController {
   constructor(worker, requestId) {
     this.worker = worker;
     this.requestId = requestId;
-    this.auth = new GpgAuth();
+    this.checkAuthStatusService = new CheckAuthStatusService();
   }
 
-  async main() {
+  /**
+   * Execute the controller.
+   */
+  async _exec() {
     try {
-      const isMfaRequired = await this.auth.isMfaRequired();
-      if (isMfaRequired) {
-        this.worker.port.emit(this.requestId, 'SUCCESS', true);
-      } else {
-        this.worker.port.emit(this.requestId, 'SUCCESS', false);
-      }
+      const isMfaRequired = await this.exec();
+      this.worker.port.emit(this.requestId, 'SUCCESS', isMfaRequired);
     } catch (error) {
       this.worker.port.emit(this.requestId, 'ERROR', error);
     }
   }
+
+  /**
+   * Returns true if the current user needs to answer the MFA challenge to finish sign in
+   * @returns {Promise<boolean>}
+   */
+  async exec() {
+    const authStatus = await this.checkAuthStatusService.checkAuthStatus(true);
+    return authStatus.isMfaRequired;
+  }
 }
 
 export default AuthIsMfaRequiredController;

package/src/all/background_page/controller/auth/authIsMfaRequiredController.test.js

@@ -0,0 +1,54 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         4.7.0
+ */
+
+import {userLoggedInAuthStatus, userLoggedOutAuthStatus, userRequireMfaAuthStatus} from "./authCheckStatus.test.data";
+import AuthIsMfaRequiredController from "./authIsMfaRequiredController";
+
+beforeEach(() => {
+  jest.clearAllMocks();
+});
+
+describe("AuthIsMfaRequiredController", () => {
+  it("should return true if the user needs to authenticate with MFA", async() => {
+    expect.assertions(1);
+
+    const controller = new AuthIsMfaRequiredController();
+    jest.spyOn(controller.checkAuthStatusService, "checkAuthStatus").mockImplementation(async() => userRequireMfaAuthStatus());
+
+    const isMfaRequired = await controller.exec();
+    expect(isMfaRequired).toStrictEqual(true);
+  });
+
+  it("should return false if the user does not need to authenticate with MFA", async() => {
+    expect.assertions(1);
+
+    const controller = new AuthIsMfaRequiredController();
+    jest.spyOn(controller.checkAuthStatusService, "checkAuthStatus").mockImplementation(async() => userLoggedInAuthStatus());
+
+    const isMfaRequired = await controller.exec();
+    expect(isMfaRequired).toStrictEqual(false);
+  });
+
+  it("should return the MFA status part of the authentication status", async() => {
+    expect.assertions(1);
+
+    const controller = new AuthIsMfaRequiredController();
+
+    const authStatus = userLoggedOutAuthStatus();
+    jest.spyOn(controller.checkAuthStatusService, "checkAuthStatus").mockImplementation(async() => authStatus);
+
+    const isMfaRequired = await controller.exec();
+    expect(isMfaRequired).toStrictEqual(authStatus.isMfaRequired);
+  });
+});

package/src/all/background_page/controller/auth/authLoginController.js

@@ -11,13 +11,16 @@
  * @link          https://www.passbolt.com Passbolt(tm)
  * @since         3.9.0
  */
-import AuthModel from "../../model/auth/authModel";
 import UserAlreadyLoggedInError from "../../error/userAlreadyLoggedInError";
 import Keyring from "../../model/keyring";
 import CheckPassphraseService from "../../service/crypto/checkPassphraseService";
 import UpdateSsoCredentialsService from "../../service/account/updateSsoCredentialsService";
 import UserRememberMeLatestChoiceLocalStorage from "../../service/local_storage/userRememberMeLatestChoiceLocalStorage";
 import UserRememberMeLatestChoiceEntity from "../../model/entity/rememberMe/userRememberMeLatestChoiceEntity";
+import PassphraseStorageService from "../../service/session_storage/passphraseStorageService";
+import PostLoginService from "../../service/auth/postLoginService";
+import AuthVerifyLoginChallengeService from "../../service/auth/authVerifyLoginChallengeService";
+import KeepSessionAliveService from "../../service/session_storage/keepSessionAliveService";
 
 class AuthLoginController {
   /**
@@ -31,7 +34,7 @@ class AuthLoginController {
     this.worker = worker;
     this.requestId = requestId;
     this.account = account;
-    this.authModel = new AuthModel(apiClientOptions);
+    this.authVerifyLoginChallengeService = new AuthVerifyLoginChallengeService(apiClientOptions);
     this.updateSsoCredentialsService = new UpdateSsoCredentialsService(apiClientOptions);
     this.checkPassphraseService = new CheckPassphraseService(new Keyring());
     this.userRememberMeLatestChoiceLocalStorage = new UserRememberMeLatestChoiceLocalStorage(account);
@@ -40,9 +43,9 @@ class AuthLoginController {
   /**
    * Wrapper of exec function to run it with worker.
    *
-   * @param {uuid} requestId The request identifier
    * @param {string} passphrase The passphrase to decryt the private key
-   * @param {boolean} rememberMe whether to remember the passphrase or not
+   * @param {boolean} remember whether to remember the passphrase or not
+   * @param {boolean} shouldRefreshCurrentTab should refresh the current tab
    * @return {Promise<void>}
    */
   async _exec(passphrase, remember, shouldRefreshCurrentTab = false) {
@@ -59,11 +62,9 @@ class AuthLoginController {
    * Attemps to sign in the current user.
    *
    * @param {string} passphrase The passphrase to decryt the private key
-   * @param {string} rememberMe whether to remember the passphrase
+   * @param {boolean} rememberMe whether to remember the passphrase
    * @param {boolean} shouldRefreshCurrentTab Should the controller calls for a refresh of the current running tab, default false
    *   (bool) false|undefined if should not remember
-   *   (integer) -1 if should remember for the session
-   *   (integer) duration in seconds to specify a specific duration
    * @return {Promise<void>}
    */
   async exec(passphrase, rememberMe, shouldRefreshCurrentTab) {
@@ -93,7 +94,18 @@ class AuthLoginController {
     }
 
     try {
-      await this.authModel.login(passphrase, rememberMe);
+      await this.authVerifyLoginChallengeService.verifyAndValidateLoginChallenge(this.account.userKeyFingerprint, this.account.userPrivateArmoredKey, passphrase);
+      /*
+       * Post login operations
+       * MFA may not be complete yet, so no need to preload things here
+       */
+      if (rememberMe) {
+        await Promise.all([
+          PassphraseStorageService.set(passphrase, -1),
+          KeepSessionAliveService.start(),
+        ]);
+      }
+      await PostLoginService.exec();
       await this.registerRememberMeOption(rememberMe);
     } catch (error) {
       if (!(error instanceof UserAlreadyLoggedInError)) {