tests: vault locking (#2394)
This commit is contained in:
Mo
@@ -131,6 +131,8 @@ import {
|
||||
GetHost,
|
||||
SetHost,
|
||||
GenerateUuid,
|
||||
GetVaultItems,
|
||||
ValidateVaultPassword,
|
||||
} from '@standardnotes/services'
|
||||
import { ItemManager } from '../../Services/Items/ItemManager'
|
||||
import { PayloadManager } from '../../Services/Payloads/PayloadManager'
|
||||
@@ -215,10 +217,21 @@ export class Dependencies {
|
||||
}
|
||||
|
||||
private registerUseCaseMakers() {
|
||||
this.factory.set(TYPES.ValidateVaultPassword, () => {
|
||||
return new ValidateVaultPassword(
|
||||
this.get<EncryptionService>(TYPES.EncryptionService),
|
||||
this.get<KeySystemKeyManager>(TYPES.KeySystemKeyManager),
|
||||
)
|
||||
})
|
||||
|
||||
this.factory.set(TYPES.GenerateUuid, () => {
|
||||
return new GenerateUuid(this.get<PureCryptoInterface>(TYPES.Crypto))
|
||||
})
|
||||
|
||||
this.factory.set(TYPES.GetVaultItems, () => {
|
||||
return new GetVaultItems(this.get<ItemManager>(TYPES.ItemManager))
|
||||
})
|
||||
|
||||
this.factory.set(TYPES.DecryptErroredPayloads, () => {
|
||||
return new DecryptErroredPayloads(
|
||||
this.get<ItemsEncryptionService>(TYPES.ItemsEncryptionService),
|
||||
@@ -389,9 +402,9 @@ export class Dependencies {
|
||||
|
||||
this.factory.set(TYPES.DeleteVault, () => {
|
||||
return new DeleteVault(
|
||||
this.get<ItemManager>(TYPES.ItemManager),
|
||||
this.get<MutatorService>(TYPES.MutatorService),
|
||||
this.get<KeySystemKeyManager>(TYPES.KeySystemKeyManager),
|
||||
this.get<GetVaultItems>(TYPES.GetVaultItems),
|
||||
)
|
||||
})
|
||||
|
||||
@@ -432,11 +445,11 @@ export class Dependencies {
|
||||
|
||||
this.factory.set(TYPES.CreateSharedVault, () => {
|
||||
return new CreateSharedVault(
|
||||
this.get<ItemManager>(TYPES.ItemManager),
|
||||
this.get<MutatorService>(TYPES.MutatorService),
|
||||
this.get<SharedVaultServer>(TYPES.SharedVaultServer),
|
||||
this.get<CreateVault>(TYPES.CreateVault),
|
||||
this.get<MoveItemsToVault>(TYPES.MoveItemsToVault),
|
||||
this.get<GetVaultItems>(TYPES.GetVaultItems),
|
||||
)
|
||||
})
|
||||
|
||||
@@ -566,10 +579,10 @@ export class Dependencies {
|
||||
|
||||
this.factory.set(TYPES.ConvertToSharedVault, () => {
|
||||
return new ConvertToSharedVault(
|
||||
this.get<ItemManager>(TYPES.ItemManager),
|
||||
this.get<MutatorService>(TYPES.MutatorService),
|
||||
this.get<SharedVaultServer>(TYPES.SharedVaultServer),
|
||||
this.get<MoveItemsToVault>(TYPES.MoveItemsToVault),
|
||||
this.get<GetVaultItems>(TYPES.GetVaultItems),
|
||||
)
|
||||
})
|
||||
|
||||
@@ -837,6 +850,8 @@ export class Dependencies {
|
||||
this.get<KeySystemKeyManager>(TYPES.KeySystemKeyManager),
|
||||
this.get<GetVaults>(TYPES.GetVaults),
|
||||
this.get<DecryptErroredPayloads>(TYPES.DecryptErroredPayloads),
|
||||
this.get<RemoveItemsFromMemory>(TYPES.RemoveItemsFromMemory),
|
||||
this.get<GetVaultItems>(TYPES.GetVaultItems),
|
||||
this.get<InternalEventBus>(TYPES.InternalEventBus),
|
||||
)
|
||||
})
|
||||
@@ -857,6 +872,8 @@ export class Dependencies {
|
||||
this.get<DeleteVault>(TYPES.DeleteVault),
|
||||
this.get<RotateVaultKey>(TYPES.RotateVaultKey),
|
||||
this.get<SendVaultDataChangedMessage>(TYPES.SendVaultDataChangedMessage),
|
||||
this.get<IsVaultOwner>(TYPES.IsVaultOwner),
|
||||
this.get<ValidateVaultPassword>(TYPES.ValidateVaultPassword),
|
||||
this.get<InternalEventBus>(TYPES.InternalEventBus),
|
||||
)
|
||||
})
|
||||
|
||||
@@ -160,6 +160,8 @@ export const TYPES = {
|
||||
GetHost: Symbol.for('GetHost'),
|
||||
SetHost: Symbol.for('SetHost'),
|
||||
GenerateUuid: Symbol.for('GenerateUuid'),
|
||||
GetVaultItems: Symbol.for('GetVaultItems'),
|
||||
ValidateVaultPassword: Symbol.for('ValidateVaultPassword'),
|
||||
|
||||
// Mappers
|
||||
SessionStorageMapper: Symbol.for('SessionStorageMapper'),
|
||||
|
||||
@@ -852,10 +852,6 @@ export class ItemManager extends Services.AbstractService implements Services.It
|
||||
: ItemRelationshipDirection.NoRelationship
|
||||
}
|
||||
|
||||
itemsBelongingToKeySystem(systemIdentifier: Models.KeySystemIdentifier): Models.DecryptedItemInterface[] {
|
||||
return this.items.filter((item) => item.key_system_identifier === systemIdentifier)
|
||||
}
|
||||
|
||||
public conflictsOf(uuid: string) {
|
||||
return this.collection.conflictsOf(uuid)
|
||||
}
|
||||
|
||||
@@ -85,7 +85,6 @@ export class VaultsContext extends AppContext {
|
||||
await this.vaults.moveItemToVault(privateVault, note)
|
||||
|
||||
const sharedVault = await this.sharedVaults.convertVaultToSharedVault(privateVault)
|
||||
console.log('createSharedPasswordVault > sharedVault:', sharedVault)
|
||||
|
||||
const { thirdPartyContext, deinitThirdPartyContext } = await Collaboration.inviteNewPartyToSharedVault(
|
||||
this,
|
||||
@@ -94,6 +93,8 @@ export class VaultsContext extends AppContext {
|
||||
|
||||
await Collaboration.acceptAllInvites(thirdPartyContext)
|
||||
|
||||
return { sharedVault, thirdPartyContext, deinitThirdPartyContext }
|
||||
const contactVault = thirdPartyContext.vaults.getVault({ keySystemIdentifier: sharedVault.systemIdentifier })
|
||||
|
||||
return { contactVault, sharedVault, thirdPartyContext, deinitThirdPartyContext }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -225,6 +225,18 @@ describe('shared vault invites', function () {
|
||||
})
|
||||
|
||||
it.skip('should fail to invite user if already member of shared vault', async () => {
|
||||
console.error('Implement')
|
||||
const { sharedVault, contact, deinitContactContext } = await Collaboration.createSharedVaultWithAcceptedInvite(
|
||||
context,
|
||||
)
|
||||
|
||||
const result = await context.vaultInvites.inviteContactToSharedVault(
|
||||
sharedVault,
|
||||
contact,
|
||||
SharedVaultUserPermission.PERMISSIONS.Write,
|
||||
)
|
||||
|
||||
expect(result.isFailed()).to.be.true
|
||||
|
||||
await deinitContactContext()
|
||||
})
|
||||
})
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
import * as Factory from '../lib/factory.js'
|
||||
import * as Collaboration from '../lib/Collaboration.js'
|
||||
|
||||
chai.use(chaiAsPromised)
|
||||
const expect = chai.expect
|
||||
@@ -57,7 +58,7 @@ describe('vault key management', function () {
|
||||
|
||||
await Factory.expectThrowsAsync(
|
||||
() => context.vaults.removeItemFromVault(item),
|
||||
'Attempting to remove item from locked vault',
|
||||
'Cannot find latest version of item to get vault for',
|
||||
)
|
||||
})
|
||||
|
||||
@@ -117,6 +118,64 @@ describe('vault key management', function () {
|
||||
})
|
||||
})
|
||||
|
||||
describe('locking memory management', () => {
|
||||
it('locking a vault should clear decrypted items keys from memory', async () => {
|
||||
const vault = await context.vaults.createUserInputtedPasswordVault({
|
||||
name: 'test vault',
|
||||
description: 'test vault description',
|
||||
userInputtedPassword: 'test password',
|
||||
storagePreference: KeySystemRootKeyStorageMode.Ephemeral,
|
||||
})
|
||||
|
||||
const itemsKeys = context.keys.getKeySystemItemsKeys(vault.systemIdentifier)
|
||||
expect(itemsKeys.length).to.equal(1)
|
||||
|
||||
await context.vaultLocks.lockNonPersistentVault(vault)
|
||||
|
||||
const itemsKeysAfterLock = context.keys.getKeySystemItemsKeys(vault.systemIdentifier)
|
||||
expect(itemsKeysAfterLock.length).to.equal(0)
|
||||
})
|
||||
|
||||
it('locking then unlocking a vault should bring items keys back into memory', async () => {
|
||||
const vault = await context.vaults.createUserInputtedPasswordVault({
|
||||
name: 'test vault',
|
||||
description: 'test vault description',
|
||||
userInputtedPassword: 'test password',
|
||||
storagePreference: KeySystemRootKeyStorageMode.Ephemeral,
|
||||
})
|
||||
|
||||
await context.vaultLocks.lockNonPersistentVault(vault)
|
||||
await context.vaultLocks.unlockNonPersistentVault(vault, 'test password')
|
||||
|
||||
const itemsKeys = context.keys.getKeySystemItemsKeys(vault.systemIdentifier)
|
||||
expect(itemsKeys.length).to.equal(1)
|
||||
|
||||
const rootKeys = context.keys.getAllKeySystemRootKeysForVault(vault.systemIdentifier)
|
||||
expect(rootKeys.length).to.equal(1)
|
||||
})
|
||||
|
||||
it('locking should clear vault items from memory', async () => {
|
||||
const vault = await context.vaults.createUserInputtedPasswordVault({
|
||||
name: 'test vault',
|
||||
description: 'test vault description',
|
||||
userInputtedPassword: 'test password',
|
||||
storagePreference: KeySystemRootKeyStorageMode.Ephemeral,
|
||||
})
|
||||
|
||||
const note = await context.createSyncedNote()
|
||||
await Collaboration.moveItemToVault(context, vault, note)
|
||||
|
||||
await context.vaultLocks.lockNonPersistentVault(vault)
|
||||
|
||||
const decryptedNote = context.items.findItem(note.uuid)
|
||||
expect(decryptedNote).to.be.undefined
|
||||
|
||||
const encryptedNote = context.items.findAnyItem(note.uuid)
|
||||
expect(encryptedNote).to.not.be.undefined
|
||||
expect(isEncryptedItem(encryptedNote)).to.be.true
|
||||
})
|
||||
})
|
||||
|
||||
describe('key rotation and persistence', () => {
|
||||
it('rotating ephemeral vault should not persist keys', async () => {
|
||||
const vault = await context.vaults.createUserInputtedPasswordVault({
|
||||
@@ -170,43 +229,6 @@ describe('vault key management', function () {
|
||||
})
|
||||
})
|
||||
|
||||
describe('memory management', () => {
|
||||
it('locking a vault should clear decrypted items keys from memory', async () => {
|
||||
const vault = await context.vaults.createUserInputtedPasswordVault({
|
||||
name: 'test vault',
|
||||
description: 'test vault description',
|
||||
userInputtedPassword: 'test password',
|
||||
storagePreference: KeySystemRootKeyStorageMode.Ephemeral,
|
||||
})
|
||||
|
||||
const itemsKeys = context.keys.getKeySystemItemsKeys(vault.systemIdentifier)
|
||||
expect(itemsKeys.length).to.equal(1)
|
||||
|
||||
await context.vaultLocks.lockNonPersistentVault(vault)
|
||||
|
||||
const itemsKeysAfterLock = context.keys.getKeySystemItemsKeys(vault.systemIdentifier)
|
||||
expect(itemsKeysAfterLock.length).to.equal(0)
|
||||
})
|
||||
|
||||
it('locking then unlocking a vault should bring items keys back into memory', async () => {
|
||||
const vault = await context.vaults.createUserInputtedPasswordVault({
|
||||
name: 'test vault',
|
||||
description: 'test vault description',
|
||||
userInputtedPassword: 'test password',
|
||||
storagePreference: KeySystemRootKeyStorageMode.Ephemeral,
|
||||
})
|
||||
|
||||
await context.vaultLocks.lockNonPersistentVault(vault)
|
||||
await context.vaultLocks.unlockNonPersistentVault(vault, 'test password')
|
||||
|
||||
const itemsKeys = context.keys.getKeySystemItemsKeys(vault.systemIdentifier)
|
||||
expect(itemsKeys.length).to.equal(1)
|
||||
|
||||
const rootKeys = context.keys.getAllKeySystemRootKeysForVault(vault.systemIdentifier)
|
||||
expect(rootKeys.length).to.equal(1)
|
||||
})
|
||||
})
|
||||
|
||||
describe('changeVaultKeyOptions', () => {
|
||||
describe('change storage type', () => {
|
||||
it('should not be able to change randomized vault from synced to local', async () => {
|
||||
@@ -343,6 +365,47 @@ describe('vault key management', function () {
|
||||
const memKeys = context.keys.getAllKeySystemRootKeysForVault(vault.systemIdentifier)
|
||||
expect(memKeys.length).to.equal(1)
|
||||
})
|
||||
|
||||
it('should throw if attempting to change key options of third party vault', async () => {
|
||||
await context.register()
|
||||
|
||||
const { contactVault, contactContext, deinitContactContext } =
|
||||
await Collaboration.createSharedVaultWithAcceptedInvite(context)
|
||||
|
||||
await Factory.expectThrowsAsync(
|
||||
() => contactContext.vaults.changeVaultKeyOptions({ vault: contactVault }),
|
||||
'Third party vault options should be changed via changeThirdPartyVaultStorageOptions',
|
||||
)
|
||||
|
||||
await deinitContactContext()
|
||||
})
|
||||
|
||||
it('changing storage options for third party vault should validate password', async () => {
|
||||
await context.register()
|
||||
|
||||
const { contactVault, thirdPartyContext, deinitThirdPartyContext } = await context.createSharedPasswordVault(
|
||||
'test password',
|
||||
)
|
||||
|
||||
const invalidResult = await thirdPartyContext.vaults.changeThirdPartyVaultStorageOptions({
|
||||
vault: contactVault,
|
||||
vaultPassword: 'wrong password',
|
||||
newStorageMode: KeySystemRootKeyStorageMode.Synced,
|
||||
})
|
||||
|
||||
expect(invalidResult.isFailed()).to.be.true
|
||||
expect(invalidResult.getError()).to.equal('Invalid vault password')
|
||||
|
||||
const validResult = await thirdPartyContext.vaults.changeThirdPartyVaultStorageOptions({
|
||||
vault: contactVault,
|
||||
vaultPassword: 'test password',
|
||||
newStorageMode: KeySystemRootKeyStorageMode.Local,
|
||||
})
|
||||
|
||||
expect(validResult.isFailed()).to.be.false
|
||||
|
||||
await deinitThirdPartyContext()
|
||||
})
|
||||
})
|
||||
|
||||
describe('change password type', () => {
|
||||
|
||||
Reference in New Issue
Block a user