tests: vault locking (#2394)

2023-08-07 15:27:06 -05:00
parent a9edf671b1
commit 3b531ce8bb
23 changed files with 268 additions and 82 deletions
--- a/packages/services/src/Domain/Item/ItemManagerInterface.ts
+++ b/packages/services/src/Domain/Item/ItemManagerInterface.ts
@@ -10,7 +10,6 @@ import {
  SNTag,
  ItemInterface,
  AnyItemInterface,
-  KeySystemIdentifier,
  ItemCollection,
  SNNote,
  SmartView,
@@ -107,7 +106,6 @@ export interface ItemManagerInterface extends AbstractService {
  findItemsIncludingBlanks<T extends DecryptedItemInterface>(uuids: string[]): (T | undefined)[]

  get trashedItems(): SNNote[]
-  itemsBelongingToKeySystem(systemIdentifier: KeySystemIdentifier): DecryptedItemInterface[]
  hasTagsNeedingFoldersMigration(): boolean
  get invalidNonVaultedItems(): EncryptedItemInterface[]
  isTemplateItem(item: DecryptedItemInterface): boolean
--- a/packages/services/src/Domain/SharedVaults/UseCase/ConvertToSharedVault.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/ConvertToSharedVault.ts
@@ -1,16 +1,16 @@
+import { GetVaultItems } from './../../Vault/UseCase/GetVaultItems'
 import { SharedVaultListingInterface, VaultListingInterface, VaultListingMutator } from '@standardnotes/models'
 import { ClientDisplayableError, isErrorResponse } from '@standardnotes/responses'
 import { SharedVaultServerInterface } from '@standardnotes/api'
-import { ItemManagerInterface } from '../../Item/ItemManagerInterface'
 import { MoveItemsToVault } from '../../Vault/UseCase/MoveItemsToVault'
 import { MutatorClientInterface } from '../../Mutator/MutatorClientInterface'

 export class ConvertToSharedVault {
  constructor(
-    private items: ItemManagerInterface,
    private mutator: MutatorClientInterface,
    private sharedVaultServer: SharedVaultServerInterface,
-    private moveItemsToVault: MoveItemsToVault,
+    private _moveItemsToVault: MoveItemsToVault,
+    private _getVaultItems: GetVaultItems,
  ) {}

  async execute(dto: { vault: VaultListingInterface }): Promise<SharedVaultListingInterface | ClientDisplayableError> {
@@ -35,9 +35,9 @@ export class ConvertToSharedVault {
      },
    )

-    const vaultItems = this.items.itemsBelongingToKeySystem(sharedVaultListing.systemIdentifier)
+    const vaultItems = this._getVaultItems.execute(sharedVaultListing).getValue()

-    await this.moveItemsToVault.execute({ vault: sharedVaultListing, items: vaultItems })
+    await this._moveItemsToVault.execute({ vault: sharedVaultListing, items: vaultItems })

    return sharedVaultListing as SharedVaultListingInterface
  }
--- a/packages/services/src/Domain/SharedVaults/UseCase/CreateSharedVault.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/CreateSharedVault.ts
@@ -1,3 +1,4 @@
+import { GetVaultItems } from './../../Vault/UseCase/GetVaultItems'
 import {
  KeySystemRootKeyStorageMode,
  SharedVaultListingInterface,
@@ -6,18 +7,17 @@ import {
 } from '@standardnotes/models'
 import { ClientDisplayableError, isErrorResponse } from '@standardnotes/responses'
 import { SharedVaultServerInterface } from '@standardnotes/api'
-import { ItemManagerInterface } from '../../Item/ItemManagerInterface'
 import { CreateVault } from '../../Vault/UseCase/CreateVault'
 import { MoveItemsToVault } from '../../Vault/UseCase/MoveItemsToVault'
 import { MutatorClientInterface } from '../../Mutator/MutatorClientInterface'

 export class CreateSharedVault {
  constructor(
-    private items: ItemManagerInterface,
    private mutator: MutatorClientInterface,
    private sharedVaultServer: SharedVaultServerInterface,
-    private createVault: CreateVault,
-    private moveItemsToVault: MoveItemsToVault,
+    private _createVault: CreateVault,
+    private _moveItemsToVault: MoveItemsToVault,
+    private _getVaultItems: GetVaultItems,
  ) {}

  async execute(dto: {
@@ -26,7 +26,7 @@ export class CreateSharedVault {
    userInputtedPassword: string | undefined
    storagePreference: KeySystemRootKeyStorageMode
  }): Promise<SharedVaultListingInterface | ClientDisplayableError> {
-    const privateVault = await this.createVault.execute({
+    const privateVault = await this._createVault.execute({
      vaultName: dto.vaultName,
      vaultDescription: dto.vaultDescription,
      userInputtedPassword: dto.userInputtedPassword,
@@ -50,9 +50,9 @@ export class CreateSharedVault {
      },
    )

-    const vaultItems = this.items.itemsBelongingToKeySystem(sharedVaultListing.systemIdentifier)
+    const vaultItems = this._getVaultItems.execute(sharedVaultListing).getValue()

-    await this.moveItemsToVault.execute({ vault: sharedVaultListing, items: vaultItems })
+    await this._moveItemsToVault.execute({ vault: sharedVaultListing, items: vaultItems })

    return sharedVaultListing as SharedVaultListingInterface
  }
--- a/packages/services/src/Domain/SharedVaults/UseCase/GetOwnedSharedVaults.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/GetOwnedSharedVaults.ts
@@ -13,11 +13,7 @@ export class GetOwnedSharedVaults implements SyncUseCaseInterface<SharedVaultLis
    const sharedVaults = this._getSharedVaults.execute().getValue()

    const ownedVaults = sharedVaults.filter((vault) => {
-      return this._isVaultOwnwer
-        .execute({
-          sharedVault: vault,
-        })
-        .getValue()
+      return this._isVaultOwnwer.execute(vault).getValue()
    })

    return Result.ok(ownedVaults)
--- a/packages/services/src/Domain/SharedVaults/UseCase/SendVaultDataChangedMessage.ts
+++ b/packages/services/src/Domain/SharedVaults/UseCase/SendVaultDataChangedMessage.ts
@@ -28,7 +28,7 @@ export class SendVaultDataChangedMessage implements UseCaseInterface<void> {
  ) {}

  async execute(params: { vault: SharedVaultListingInterface }): Promise<Result<void>> {
-    const isOwner = this._isVaultOwner.execute({ sharedVault: params.vault }).getValue()
+    const isOwner = this._isVaultOwner.execute(params.vault).getValue()
    if (!isOwner) {
      return Result.ok()
    }
--- a/packages/services/src/Domain/Vault/UseCase/DeleteVault.ts
+++ b/packages/services/src/Domain/Vault/UseCase/DeleteVault.ts
@@ -1,14 +1,14 @@
 import { ClientDisplayableError } from '@standardnotes/responses'
-import { ItemManagerInterface } from '../../Item/ItemManagerInterface'
 import { VaultListingInterface } from '@standardnotes/models'
 import { MutatorClientInterface } from '../../Mutator/MutatorClientInterface'
 import { KeySystemKeyManagerInterface } from '../../KeySystem/KeySystemKeyManagerInterface'
+import { GetVaultItems } from './GetVaultItems'

 export class DeleteVault {
  constructor(
-    private items: ItemManagerInterface,
    private mutator: MutatorClientInterface,
    private keys: KeySystemKeyManagerInterface,
+    private _getVaultItems: GetVaultItems,
  ) {}

  async execute(vault: VaultListingInterface): Promise<ClientDisplayableError | void> {
@@ -24,7 +24,7 @@ export class DeleteVault {
    const itemsKeys = this.keys.getKeySystemItemsKeys(vault.systemIdentifier)
    await this.mutator.setItemsToBeDeleted(itemsKeys)

-    const vaultItems = this.items.itemsBelongingToKeySystem(vault.systemIdentifier)
+    const vaultItems = this._getVaultItems.execute(vault).getValue()
    await this.mutator.setItemsToBeDeleted(vaultItems)

    await this.mutator.setItemToBeDeleted(vault)
--- a/packages/services/src/Domain/Vault/UseCase/GetVaultItems.ts
+++ b/packages/services/src/Domain/Vault/UseCase/GetVaultItems.ts
@@ -0,0 +1,11 @@
+import { Result, SyncUseCaseInterface } from '@standardnotes/domain-core'
+import { DecryptedItemInterface, ItemContent, VaultListingInterface } from '@standardnotes/models'
+import { ItemManagerInterface } from '../../Item/ItemManagerInterface'
+
+export class GetVaultItems implements SyncUseCaseInterface<DecryptedItemInterface[]> {
+  constructor(private items: ItemManagerInterface) {}
+
+  execute(vault: VaultListingInterface): Result<DecryptedItemInterface<ItemContent>[]> {
+    return Result.ok(this.items.items.filter((item) => item.key_system_identifier === vault.systemIdentifier))
+  }
+}
--- a/packages/services/src/Domain/Vault/UseCase/RotateVaultKey.ts
+++ b/packages/services/src/Domain/Vault/UseCase/RotateVaultKey.ts
@@ -114,7 +114,7 @@ export class RotateVaultKey implements UseCaseInterface<VaultListingInterface> {
      return Result.ok()
    }

-    const isOwner = this._isVaultOwner.execute({ sharedVault: params.vault }).getValue()
+    const isOwner = this._isVaultOwner.execute(params.vault).getValue()

    if (!isOwner) {
      return Result.ok()
--- a/packages/services/src/Domain/Vault/VaultService.ts
+++ b/packages/services/src/Domain/Vault/VaultService.ts
@@ -1,3 +1,5 @@
+import { ValidateVaultPassword } from './../VaultLock/UseCase/ValidateVaultPassword'
+import { IsVaultOwner } from './../VaultUser/UseCase/IsVaultOwner'
 import { SendVaultDataChangedMessage } from './../SharedVaults/UseCase/SendVaultDataChangedMessage'
 import { isClientDisplayableError } from '@standardnotes/responses'
 import {
@@ -5,6 +7,7 @@ import {
  FileItem,
  KeySystemIdentifier,
  KeySystemRootKeyStorageMode,
+  SharedVaultListingInterface,
  VaultListingInterface,
  VaultListingMutator,
  isNote,
@@ -48,6 +51,8 @@ export class VaultService
    private _deleteVault: DeleteVault,
    private _rotateVaultKey: RotateVaultKey,
    private _sendVaultDataChangeMessage: SendVaultDataChangedMessage,
+    private _isVaultOwner: IsVaultOwner,
+    private _validateVaultPassword: ValidateVaultPassword,
    eventBus: InternalEventBusInterface,
  ) {
    super(eventBus)
@@ -238,8 +243,39 @@ export class VaultService
      throw new Error('Attempting to change vault options on a locked vault')
    }

+    if (!this._isVaultOwner.execute(dto.vault).getValue()) {
+      throw new Error('Third party vault options should be changed via changeThirdPartyVaultStorageOptions')
+    }
+
    const result = await this._changeVaultKeyOptions.execute(dto)

    return result
  }
+
+  async changeThirdPartyVaultStorageOptions(dto: {
+    vault: SharedVaultListingInterface
+    newStorageMode: KeySystemRootKeyStorageMode | undefined
+    vaultPassword: string
+  }): Promise<Result<void>> {
+    if (this.vaultLocks.isVaultLocked(dto.vault)) {
+      throw new Error('Attempting to change vault options on a locked vault')
+    }
+
+    if (this._isVaultOwner.execute(dto.vault).getValue()) {
+      throw new Error('First party vault options should be changed via changeVaultKeyOptions')
+    }
+
+    const validPassword = this._validateVaultPassword.execute(dto.vault, dto.vaultPassword).getValue()
+    if (!validPassword) {
+      return Result.fail('Invalid vault password')
+    }
+
+    const result = await this._changeVaultKeyOptions.execute({
+      vault: dto.vault,
+      newStorageMode: dto.newStorageMode,
+      newPasswordOptions: undefined,
+    })
+
+    return result
+  }
 }
--- a/packages/services/src/Domain/Vault/VaultServiceInterface.ts
+++ b/packages/services/src/Domain/Vault/VaultServiceInterface.ts
@@ -2,6 +2,7 @@ import {
  DecryptedItemInterface,
  KeySystemIdentifier,
  KeySystemRootKeyStorageMode,
+  SharedVaultListingInterface,
  VaultListingInterface,
 } from '@standardnotes/models'
 import { AbstractService } from '../Service/AbstractService'
@@ -36,5 +37,11 @@ export interface VaultServiceInterface
    params: { name: string; description: string },
  ): Promise<VaultListingInterface>
  rotateVaultRootKey(vault: VaultListingInterface, vaultPassword?: string): Promise<void>
+
  changeVaultKeyOptions(dto: ChangeVaultKeyOptionsDTO): Promise<Result<void>>
+  changeThirdPartyVaultStorageOptions(dto: {
+    vault: SharedVaultListingInterface
+    newStorageMode: KeySystemRootKeyStorageMode | undefined
+    vaultPassword: string
+  }): Promise<Result<void>>
 }
--- a/packages/services/src/Domain/VaultLock/UseCase/ValidateVaultPassword.ts
+++ b/packages/services/src/Domain/VaultLock/UseCase/ValidateVaultPassword.ts
@@ -0,0 +1,30 @@
+import { EncryptionProviderInterface } from './../../Encryption/EncryptionProviderInterface'
+import { Result, SyncUseCaseInterface } from '@standardnotes/domain-core'
+import { KeySystemPasswordType, VaultListingInterface } from '@standardnotes/models'
+import { KeySystemKeyManagerInterface } from '../../KeySystem/KeySystemKeyManagerInterface'
+
+export class ValidateVaultPassword implements SyncUseCaseInterface<boolean> {
+  constructor(
+    private encryption: EncryptionProviderInterface,
+    private keys: KeySystemKeyManagerInterface,
+  ) {}
+
+  execute(vault: VaultListingInterface, password: string): Result<boolean> {
+    if (vault.keyPasswordType !== KeySystemPasswordType.UserInputted) {
+      throw new Error('Vault uses randomized password and cannot be validated with password')
+    }
+
+    const rootKey = this.keys.getPrimaryKeySystemRootKey(vault.systemIdentifier)
+
+    if (!rootKey) {
+      return Result.ok(false)
+    }
+
+    const derivedRootKey = this.encryption.deriveUserInputtedKeySystemRootKey({
+      keyParams: vault.rootKeyParams,
+      userInputtedPassword: password,
+    })
+
+    return Result.ok(rootKey.isEqual(derivedRootKey))
+  }
+}
--- a/packages/services/src/Domain/VaultLock/VaultLockService.ts
+++ b/packages/services/src/Domain/VaultLock/VaultLockService.ts
@@ -1,3 +1,5 @@
+import { GetVaultItems } from './../Vault/UseCase/GetVaultItems'
+import { RemoveItemsFromMemory } from './../Storage/UseCase/RemoveItemsFromMemory'
 import { GetVaults } from '../Vault/UseCase/GetVaults'
 import { KeySystemPasswordType, KeySystemRootKeyStorageMode, VaultListingInterface } from '@standardnotes/models'
 import { VaultLockServiceInterface } from './VaultLockServiceInterface'
@@ -22,6 +24,8 @@ export class VaultLockService
    private keys: KeySystemKeyManagerInterface,
    private _getVaults: GetVaults,
    private _decryptErroredPayloads: DecryptErroredPayloads,
+    private _removeItemsFromMemory: RemoveItemsFromMemory,
+    private _getVaultItems: GetVaultItems,
    eventBus: InternalEventBusInterface,
  ) {
    super(eventBus)
@@ -40,6 +44,8 @@ export class VaultLockService
    ;(this.keys as unknown) = undefined
    ;(this._getVaults as unknown) = undefined
    ;(this._decryptErroredPayloads as unknown) = undefined
+    ;(this._removeItemsFromMemory as unknown) = undefined
+    ;(this._getVaultItems as unknown) = undefined

    this.lockMap.clear()
  }
@@ -68,6 +74,9 @@ export class VaultLockService

    await this.keys.wipeVaultKeysFromMemory(vault)

+    const vaultItems = this._getVaultItems.execute(vault).getValue()
+    await this._removeItemsFromMemory.execute(vaultItems)
+
    this.lockMap.set(vault.uuid, true)

    void this.notifyEventSync(VaultLockServiceEvent.VaultLocked, { vault })
--- a/packages/services/src/Domain/VaultUser/UseCase/IsVaultOwner.ts
+++ b/packages/services/src/Domain/VaultUser/UseCase/IsVaultOwner.ts
@@ -1,17 +1,21 @@
 import { UserServiceInterface } from './../../User/UserServiceInterface'
 import { Result, SyncUseCaseInterface } from '@standardnotes/domain-core'
-import { SharedVaultListingInterface } from '@standardnotes/models'
+import { VaultListingInterface } from '@standardnotes/models'

 export class IsVaultOwner implements SyncUseCaseInterface<boolean> {
  constructor(private users: UserServiceInterface) {}

-  execute(dto: { sharedVault: SharedVaultListingInterface }): Result<boolean> {
-    if (!dto.sharedVault.sharing.ownerUserUuid) {
-      throw new Error(`Shared vault ${dto.sharedVault.sharing.sharedVaultUuid} does not have an owner user uuid`)
+  execute(vault: VaultListingInterface): Result<boolean> {
+    if (!vault.sharing) {
+      return Result.ok(true)
+    }
+
+    if (!vault.sharing.ownerUserUuid) {
+      throw new Error(`Shared vault ${vault.sharing.sharedVaultUuid} does not have an owner user uuid`)
    }

    const user = this.users.sureUser

-    return Result.ok(dto.sharedVault.sharing.ownerUserUuid === user.uuid)
+    return Result.ok(vault.sharing.ownerUserUuid === user.uuid)
  }
 }
--- a/packages/services/src/Domain/VaultUser/VaultUserService.ts
+++ b/packages/services/src/Domain/VaultUser/VaultUserService.ts
@@ -52,11 +52,7 @@ export class VaultUserService extends AbstractService<VaultUserServiceEvent> imp
  }

  public isCurrentUserSharedVaultAdmin(sharedVault: SharedVaultListingInterface): boolean {
-    return this._isVaultOwner
-      .execute({
-        sharedVault,
-      })
-      .getValue()
+    return this._isVaultOwner.execute(sharedVault).getValue()
  }

  async removeUserFromSharedVault(sharedVault: SharedVaultListingInterface, userUuid: string): Promise<Result<void>> {
--- a/packages/services/src/Domain/index.ts
+++ b/packages/services/src/Domain/index.ts
@@ -197,6 +197,7 @@ export * from './Vault/UseCase/ChangeVaultStorageMode'
 export * from './Vault/UseCase/CreateVault'
 export * from './Vault/UseCase/DeleteVault'
 export * from './Vault/UseCase/GetVault'
+export * from './Vault/UseCase/GetVaultItems'
 export * from './Vault/UseCase/GetVaults'
 export * from './Vault/UseCase/MoveItemsToVault'
 export * from './Vault/UseCase/RemoveItemFromVault'
@@ -214,6 +215,7 @@ export * from './VaultInvite/UseCase/SendVaultInvite'
 export * from './VaultInvite/VaultInviteService'
 export * from './VaultInvite/VaultInviteServiceEvent'
 export * from './VaultInvite/VaultInviteServiceInterface'
+export * from './VaultLock/UseCase/ValidateVaultPassword'
 export * from './VaultLock/VaultLockService'
 export * from './VaultLock/VaultLockServiceEvent'
 export * from './VaultLock/VaultLockServiceInterface'