npm - passbolt-browser-extension - Versions diffs - 5.3.2 → 5.4.1 - Mend

passbolt-browser-extension 5.3.2 → 5.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (173) hide show

package/src/all/background_page/service/api/metadata/metadataSetupSettingsApiService.js ADDED Viewed

@@ -0,0 +1,40 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.4.0
+ */
+import AbstractService from "../abstract/abstractService";
+import PassboltResponseEntity from "passbolt-styleguide/src/shared/models/entity/apiService/PassboltResponseEntity";
+const METADATA_SETUP_RESOURCE_NAME = "metadata/setup/";
+export default class MetadataSetupSettingsApiService extends AbstractService  {
+  /**
+   * @constructor
+   * @param {ApiClientOptions} apiClientOptions
+   * @public
+   */
+  constructor(apiClientOptions) {
+    super(apiClientOptions, METADATA_SETUP_RESOURCE_NAME);
+  }
+  /**
+   * Find the metadata setup settings on the Passbolt API
+   *
+   * @returns {Promise<PassboltResponseEntity>} the api response
+   * @public
+   */
+  async find() {
+    const response = await this.apiClient.get("settings");
+    return new PassboltResponseEntity(response);
+  }
+}

package/src/all/background_page/service/api/metadata/metadataSetupSettingsApiService.test.js ADDED Viewed

@@ -0,0 +1,54 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.4.0
+ */
+import {enableFetchMocks} from "jest-fetch-mock";
+import {mockApiResponse} from '../../../../../../test/mocks/mockApiResponse';
+import MetadataSetupSettingsApiService from "./metadataSetupSettingsApiService";
+import {defaultApiClientOptions} from "passbolt-styleguide/src/shared/lib/apiClient/apiClientOptions.test.data";
+import {enableMetadataSetupSettingsDto} from "passbolt-styleguide/src/shared/models/entity/metadata/metadataSetupSettingsEntity.test.data";
+import PassboltResponseEntity from "passbolt-styleguide/src/shared/models/entity/apiService/PassboltResponseEntity";
+beforeEach(() => {
+  jest.resetAllMocks();
+  enableFetchMocks();
+});
+describe("metadataSetupSettingsApiService", () => {
+  describe('::find', () => {
+    it("Should return a PassboltResponseEntity if everything goes well.", async() => {
+      expect.assertions(2);
+      const apiClientOptions = defaultApiClientOptions();
+      const service = new MetadataSetupSettingsApiService(apiClientOptions);
+      const expectedBodyResponse = enableMetadataSetupSettingsDto();
+      fetch.doMockOnceIf(/\/metadata\/setup\/settings\.json/, () => mockApiResponse(expectedBodyResponse));
+      const apiResult = await service.find();
+      expect(apiResult).toBeInstanceOf(PassboltResponseEntity);
+      expect(apiResult.body).toStrictEqual(expectedBodyResponse);
+    });
+    it("should throw an error if something goes wrong during the fetch", async() => {
+      expect.assertions(1);
+      const apiClientOptions = defaultApiClientOptions();
+      const service = new MetadataSetupSettingsApiService(apiClientOptions);
+      fetch.doMockOnceIf(/\/metadata\/setup\/settings\.json/, () => { throw new Error("Something went wrong"); });
+      await expect(() => service.find()).rejects.toThrowError();
+    });
+  });
+});

package/src/all/background_page/service/api/setup/setupService.js CHANGED Viewed

@@ -44,7 +44,7 @@ class SetupService extends AbstractService {
    */
   async complete(userId, completeDto) {
     this.assertValidId(userId);
-    const url = new URL(`${this.apiClient.baseUrl}/complete/${userId}`);
+    const url = this.apiClient.buildUrl(`${this.apiClient.baseUrl}/complete/${userId}`, {});
     const bodyString = this.apiClient.buildBody(completeDto);
     return this.apiClient.fetchAndHandleResponse('POST', url, bodyString);
   }
@@ -58,7 +58,7 @@ class SetupService extends AbstractService {
    */
   async completeRecover(userId, completeDto) {
     this.assertValidId(userId);
-    const url = new URL(`${this.apiClient.baseUrl}/recover/complete/${userId}`);
+    const url = this.apiClient.buildUrl(`${this.apiClient.baseUrl}/recover/complete/${userId}`, {});
     const bodyString = this.apiClient.buildBody(completeDto);
     return this.apiClient.fetchAndHandleResponse('POST', url, bodyString);
   }

package/src/all/background_page/service/api/setup/setupService.test.js ADDED Viewed

@@ -0,0 +1,132 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.4.0
+ */
+import {v4 as uuidv4} from "uuid";
+import {enableFetchMocks} from "jest-fetch-mock";
+import {mockApiResponse, mockApiResponseError} from "passbolt-styleguide/test/mocks/mockApiResponse";
+import PassboltApiFetchError from "passbolt-styleguide/src/shared/lib/Error/PassboltApiFetchError";
+import PassboltServiceUnavailableError from "passbolt-styleguide/src/shared/lib/Error/PassboltServiceUnavailableError";
+import SetupService from "./setupService";
+import BuildApiClientOptionsService from "../../account/buildApiClientOptionsService";
+import AccountEntity from "../../../model/entity/account/accountEntity";
+import {defaultAccountDto} from "../../../model/entity/account/accountEntity.test.data";
+import {initialAccountAccountRecoveryDto} from "../../../model/entity/account/accountAccountRecoveryEntity.test.data";
+import {startAccountSetupDto} from "../../../model/entity/account/accountSetupEntity.test.data";
+describe("SetupService", () => {
+  let service, apiClientOptions, userId,
+    accountRecoveryDto, setupCompleteDto;
+  beforeEach(() => {
+    enableFetchMocks();
+    fetch.resetMocks();
+    const account = new AccountEntity(defaultAccountDto());
+    apiClientOptions = BuildApiClientOptionsService.buildFromAccount(account);
+    service = new SetupService(apiClientOptions);
+    userId = uuidv4();
+  });
+  describe("::complete", () => {
+    beforeEach(() => {
+      setupCompleteDto = startAccountSetupDto();
+    });
+    it("calls the complete API with correct URL", async() => {
+      expect.assertions(2);
+      fetch.doMockOnceIf(new RegExp(`/complete/${userId}`), () => mockApiResponse({success: true}));
+      await service.complete(userId, setupCompleteDto);
+      const lastCall = fetch.mock.calls[0];
+      const [url, options] = lastCall;
+      expect(url).toMatch(`/complete/${userId}.json`);
+      expect(options.method).toBe("POST");
+    });
+    it("throws API error if API returns an error", async() => {
+      expect.assertions(1);
+      fetch.mockResponseOnce(async() => {
+        const mockResponse = await mockApiResponseError(400, "Invalid request", {});
+        return {
+          status: mockResponse.status,
+          body: mockResponse.body,
+          headers: {"Content-Type": "application/json"}
+        };
+      });
+      await expect(service.complete(userId, setupCompleteDto)).rejects.toThrow(PassboltApiFetchError);
+    });
+    it("throws service unavailable error on unexpected failure", async() => {
+      expect.assertions(1);
+      fetch.mockImplementationOnce(() => { throw new Error("Service Down"); });
+      await expect(() => service.complete(userId, setupCompleteDto)).rejects.toThrow(PassboltServiceUnavailableError);
+    });
+    it("throws an error if userId is invalid", async() => {
+      expect.assertions(1);
+      await expect(() => service.complete("invalid-id", setupCompleteDto)).rejects.toThrow(Error);
+    });
+  });
+  describe("::completeRecover", () => {
+    beforeEach(() => {
+      accountRecoveryDto = initialAccountAccountRecoveryDto();
+    });
+    it("calls the completeRecover API with correct URL", async() => {
+      expect.assertions(2);
+      fetch.doMockOnceIf(new RegExp(`/recover/complete/${userId}`), () => mockApiResponse({success: true}));
+      await service.completeRecover(userId, accountRecoveryDto);
+      const lastCall = fetch.mock.calls[0];
+      const [url, options] = lastCall;
+      expect(url).toMatch(`/recover/complete/${userId}.json`);
+      expect(options.method).toBe("POST");
+    });
+    it("throws API error if API returns an error", async() => {
+      expect.assertions(1);
+      fetch.mockResponseOnce(async() => {
+        const mockResponse = await mockApiResponseError(400, "Invalid request", {});
+        return {
+          status: mockResponse.status,
+          body: mockResponse.body,
+          headers: {"Content-Type": "application/json"}
+        };
+      });
+      await expect(() => service.completeRecover(userId, accountRecoveryDto)).rejects.toThrow(PassboltApiFetchError);
+    });
+    it("throws service unavailable error on unexpected failure", async() => {
+      expect.assertions(1);
+      fetch.mockImplementationOnce(() => { throw new Error("Service unavailable"); });
+      await expect(() => service.completeRecover(userId, accountRecoveryDto)).rejects.toThrow(PassboltServiceUnavailableError);
+    });
+    it("throws an error if userId is invalid", async() => {
+      expect.assertions(1);
+      await expect(() => service.completeRecover("invalid-id", accountRecoveryDto)).rejects.toThrow(Error);
+    });
+  });
+});

package/src/all/background_page/service/local_storage/resourceLocalStorage.js CHANGED Viewed

@@ -15,7 +15,7 @@ import Log from "../../model/log";
 import ResourcesCollection from "../../model/entity/resource/resourcesCollection";
 import ResourceEntity from "../../model/entity/resource/resourceEntity";
 import Lock from "../../utils/lock";
-import {assertType, assertUuid} from "../../utils/assertions";
+import {assertArrayUUID, assertType, assertUuid} from "../../utils/assertions";
 import PasswordExpiryResourceEntity from "../../model/entity/passwordExpiry/passwordExpiryResourceEntity";
 const lock = new Lock();
@@ -273,6 +273,30 @@ class ResourceLocalStorage {
     }
   }
+  /**
+   * Delete multiple resources in local storage by Id
+   * @param {Array<string>} resourceIds
+   */
+  static async deleteResources(resourceIds) {
+    assertArrayUUID(resourceIds);
+    await lock.acquire();
+    try {
+      const resources = await ResourceLocalStorage.get() || [];
+      if (resources.length > 0 && resourceIds.length > 0) {
+        const setOfResourceIds = new Set(resourceIds);
+        const filteredResources = resources.filter(resource => !setOfResourceIds.has(resource.id));
+        await browser.storage.local.set({resources: filteredResources});
+        ResourceLocalStorage._cachedData = filteredResources;
+      }
+    } finally {
+      lock.release();
+    }
+  }
   /*
    * =================================================
    * Static methods

package/src/all/background_page/service/local_storage/resourceLocalStorage.test.js CHANGED Viewed

@@ -600,4 +600,58 @@ describe("ResourceLocalStorage", () => {
       expect(ResourceLocalStorage._cachedData).toBeNull();
     });
   });
+  describe("::deleteResources", () => {
+    it("Should throw if no data passed as parameter", async() => {
+      expect.assertions(1);
+      const promise = ResourceLocalStorage.deleteResources();
+      await expect(promise).rejects.toThrow("The given parameter is not a valid array of uuid");
+    });
+    it("Should throw if the resourceIds parameter is not a valid entry", async() => {
+      expect.assertions(1);
+      const promise = ResourceLocalStorage.deleteResources(42);
+      await expect(promise).rejects.toThrow("he given parameter is not a valid array of uuid");
+    });
+    it("Should do nothing if the resource is not found in the local storage", async() => {
+      expect.assertions(2);
+      const resourceDto = defaultResourceDto();
+      const resourcesDtos = [resourceDto];
+      await browser.storage.local.set({[RESOURCES_LOCAL_STORAGE_KEY]: resourcesDtos});
+      await ResourceLocalStorage.deleteResources([uuidv4()]);
+      const localStorageData = await browser.storage.local.get([RESOURCES_LOCAL_STORAGE_KEY]);
+      expect(localStorageData[RESOURCES_LOCAL_STORAGE_KEY]).toEqual(expect.any(Array));
+      expect(localStorageData[RESOURCES_LOCAL_STORAGE_KEY]).toHaveLength(1);
+    });
+    it("Should update the resources", async() => {
+      expect.assertions(3);
+      const resourceDto1 = defaultResourceDto();
+      const resourceDto2 = defaultResourceDto();
+      const resourceDto3 = defaultResourceDto();
+      const resourcesDtos = [resourceDto1, resourceDto2, resourceDto3];
+      await browser.storage.local.set({[RESOURCES_LOCAL_STORAGE_KEY]: resourcesDtos});
+      await ResourceLocalStorage.deleteResources([resourceDto1.id, resourceDto2.id]);
+      const localStorageData = await browser.storage.local.get([RESOURCES_LOCAL_STORAGE_KEY]);
+      expect(localStorageData[RESOURCES_LOCAL_STORAGE_KEY]).toEqual(expect.any(Array));
+      expect(localStorageData[RESOURCES_LOCAL_STORAGE_KEY]).toHaveLength(1);
+      expect(localStorageData[RESOURCES_LOCAL_STORAGE_KEY][0]).toEqual(resourceDto3);
+    });
+    it("Should update cache after deleting the resources", async() => {
+      expect.assertions(5);
+      const resourceDto1 = defaultResourceDto();
+      const resourceDto2 = defaultResourceDto();
+      const resourceDto3 = defaultResourceDto();
+      const resourcesDtos = [resourceDto1, resourceDto2, resourceDto3];
+      await browser.storage.local.set({[RESOURCES_LOCAL_STORAGE_KEY]: resourcesDtos});
+      expect(ResourceLocalStorage.hasCachedData()).toBeFalsy();
+      await ResourceLocalStorage.deleteResources([resourceDto1.id, resourceDto2.id]);
+      expect(ResourceLocalStorage.hasCachedData()).toBeTruthy();
+      expect(ResourceLocalStorage._cachedData).toEqual(expect.any(Array));
+      expect(ResourceLocalStorage._cachedData).toHaveLength(1);
+      expect(ResourceLocalStorage._cachedData[0]).toEqual(resourceDto3);
+    });
+  });
 });

package/src/all/background_page/service/metadata/configureMetadataSettingsService.js ADDED Viewed

@@ -0,0 +1,100 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.4.0
+ */
+import MetadataTypesSettingsEntity from "passbolt-styleguide/src/shared/models/entity/metadata/metadataTypesSettingsEntity";
+import MetadataKeysSettingsEntity from "passbolt-styleguide/src/shared/models/entity/metadata/metadataKeysSettingsEntity";
+import GenerateMetadataKeyService from "./generateMetadataKeyService";
+import CreateMetadataKeyService from "./createMetadataKeyService";
+import SaveMetadataSettingsService from "./saveMetadataSettingsService";
+import {assertString} from "../../utils/assertions";
+import FindMetadataGettingStartedSettingsService from "passbolt-styleguide/src/shared/services/metadata/findMetadataGettingStartedSettingsService";
+/**
+ * The service aims to orchestrate the enablement of the metadata encryption.
+ */
+export default class ConfigureMetadataSettingsService {
+  /**
+   * @constructor
+   * @param {AccountEntity} account The user account
+   * @param {ApiClientOptions} apiClientOptions The api client options
+   */
+  constructor(account, apiClientOptions) {
+    this.generateMetadataKeyService = new GenerateMetadataKeyService(account);
+    this.createMetadataKeyService = new CreateMetadataKeyService(account, apiClientOptions);
+    this.saveMetadaSettingsService = new SaveMetadataSettingsService(account, apiClientOptions);
+    this.findMetadataGettingStartedSettingsService = new FindMetadataGettingStartedSettingsService(apiClientOptions);
+  }
+  /**
+   * Enables metadata encryption with confuguration that matches a new instance.
+   * @param {string} passphrase
+   * @return {Promise<void>}
+   * @throws {TypeError} if the `passphrase` is not a valid string
+   */
+  async enableEncryptedMetadataForNewInstance(passphrase) {
+    assertString(passphrase);
+    const gpgKeyPairEntity = await this.generateMetadataKeyService.generateKey(passphrase);
+    await this.createMetadataKeyService.create(gpgKeyPairEntity, passphrase);
+    const metadataKeySettings = MetadataKeysSettingsEntity.createFromDefault();
+    await this.saveMetadaSettingsService.saveKeysSettings(metadataKeySettings);
+    const metadataTypeSettings = MetadataTypesSettingsEntity.createFromV5Default();
+    await this.saveMetadaSettingsService.saveTypesSettings(metadataTypeSettings);
+  }
+  /**
+   * Enables metadata encryption with confuguration that matches an existing instance.
+   * @param {string} passphrase
+   * @return {Promise<void>}
+   * @throws {TypeError} if the `passphrase` is not a valid string
+   */
+  async enableEncryptedMetadataForExistingInstance(passphrase) {
+    await this.assertProcessIsEnabled();
+    assertString(passphrase);
+    const gpgKeyPairEntity = await this.generateMetadataKeyService.generateKey(passphrase);
+    await this.createMetadataKeyService.create(gpgKeyPairEntity, passphrase);
+    const metadataKeySettings = MetadataKeysSettingsEntity.createFromDefault();
+    await this.saveMetadaSettingsService.saveKeysSettings(metadataKeySettings);
+    const metadataTypeSettings = MetadataTypesSettingsEntity.createFromV5Default({
+      allow_v4_v5_upgrade: true,
+    });
+    await this.saveMetadaSettingsService.saveTypesSettings(metadataTypeSettings);
+  }
+  /**
+   * Configure metadata settings to keep legacy metadata in cleartext.
+   * @return {Promise<void>}
+   */
+  async keepCleartextMetadataForExistingInstance() {
+    await this.assertProcessIsEnabled();
+    const metadataTypeSettings = MetadataTypesSettingsEntity.createFromV4Default();
+    await this.saveMetadaSettingsService.saveTypesSettings(metadataTypeSettings);
+  }
+  /**
+   * Asserts that the process can be run before proceeding.
+   * @returns {Promise<void>}
+   * @throws {Error}
+   */
+  async assertProcessIsEnabled() {
+    const gettingStartedEntity = await this.findMetadataGettingStartedSettingsService.findGettingStartedSettings();
+    if (!gettingStartedEntity.enabled) {
+      throw new Error("The metadata encryption strategy has been already chosen.");
+    }
+  }
+}