tests: vaults-2 (#2368)
This commit is contained in:
Mo
@@ -1,6 +1,6 @@
|
||||
import { MutatorClientInterface, SyncServiceInterface } from '@standardnotes/services'
|
||||
import {
|
||||
KeySystemRootKeyPasswordType,
|
||||
KeySystemPasswordType,
|
||||
KeySystemRootKeyStorageMode,
|
||||
VaultListingInterface,
|
||||
VaultListingMutator,
|
||||
@@ -9,8 +9,9 @@ import { ChangeVaultKeyOptionsDTO } from './ChangeVaultKeyOptionsDTO'
|
||||
import { GetVault } from './GetVault'
|
||||
import { EncryptionProviderInterface } from '../../Encryption/EncryptionProviderInterface'
|
||||
import { KeySystemKeyManagerInterface } from '../../KeySystem/KeySystemKeyManagerInterface'
|
||||
import { Result, UseCaseInterface } from '@standardnotes/domain-core'
|
||||
|
||||
export class ChangeVaultKeyOptions {
|
||||
export class ChangeVaultKeyOptions implements UseCaseInterface<void> {
|
||||
constructor(
|
||||
private mutator: MutatorClientInterface,
|
||||
private sync: SyncServiceInterface,
|
||||
@@ -19,59 +20,101 @@ export class ChangeVaultKeyOptions {
|
||||
private getVault: GetVault,
|
||||
) {}
|
||||
|
||||
async execute(dto: ChangeVaultKeyOptionsDTO): Promise<void> {
|
||||
const useStorageMode = dto.newKeyStorageMode ?? dto.vault.keyStorageMode
|
||||
|
||||
async execute(dto: ChangeVaultKeyOptionsDTO): Promise<Result<void>> {
|
||||
if (dto.newPasswordType) {
|
||||
if (dto.vault.keyPasswordType === dto.newPasswordType.passwordType) {
|
||||
throw new Error('Vault password type is already set to this type')
|
||||
}
|
||||
|
||||
if (dto.newPasswordType.passwordType === KeySystemRootKeyPasswordType.UserInputted) {
|
||||
if (!dto.newPasswordType.userInputtedPassword) {
|
||||
throw new Error('User inputted password is required')
|
||||
}
|
||||
await this.changePasswordTypeToUserInputted(dto.vault, dto.newPasswordType.userInputtedPassword, useStorageMode)
|
||||
} else if (dto.newPasswordType.passwordType === KeySystemRootKeyPasswordType.Randomized) {
|
||||
await this.changePasswordTypeToRandomized(dto.vault, useStorageMode)
|
||||
const result = await this.handleNewPasswordType(dto)
|
||||
if (result.isFailed()) {
|
||||
return result
|
||||
}
|
||||
}
|
||||
|
||||
if (dto.newKeyStorageMode) {
|
||||
const result = this.getVault.execute({ keySystemIdentifier: dto.vault.systemIdentifier })
|
||||
|
||||
if (dto.newStorageMode) {
|
||||
const result = await this.handleNewStorageMode(dto)
|
||||
if (result.isFailed()) {
|
||||
throw new Error('Vault not found')
|
||||
}
|
||||
|
||||
const latestVault = result.getValue()
|
||||
|
||||
if (latestVault.rootKeyParams.passwordType !== KeySystemRootKeyPasswordType.UserInputted) {
|
||||
throw new Error('Vault uses randomized password and cannot change its storage preference')
|
||||
}
|
||||
|
||||
if (dto.newKeyStorageMode === latestVault.keyStorageMode) {
|
||||
throw new Error('Vault already uses this storage preference')
|
||||
}
|
||||
|
||||
if (
|
||||
dto.newKeyStorageMode === KeySystemRootKeyStorageMode.Local ||
|
||||
dto.newKeyStorageMode === KeySystemRootKeyStorageMode.Ephemeral
|
||||
) {
|
||||
await this.changeStorageModeToLocalOrEphemeral(latestVault, dto.newKeyStorageMode)
|
||||
} else if (dto.newKeyStorageMode === KeySystemRootKeyStorageMode.Synced) {
|
||||
await this.changeStorageModeToSynced(latestVault)
|
||||
return result
|
||||
}
|
||||
}
|
||||
|
||||
await this.sync.sync()
|
||||
|
||||
return Result.ok()
|
||||
}
|
||||
|
||||
private async handleNewPasswordType(dto: ChangeVaultKeyOptionsDTO): Promise<Result<void>> {
|
||||
if (!dto.newPasswordType) {
|
||||
return Result.ok()
|
||||
}
|
||||
|
||||
if (dto.vault.keyPasswordType === dto.newPasswordType.passwordType) {
|
||||
return Result.fail('Vault password type is already set to this type')
|
||||
}
|
||||
|
||||
if (dto.newPasswordType.passwordType === KeySystemPasswordType.UserInputted) {
|
||||
if (!dto.newPasswordType.userInputtedPassword) {
|
||||
return Result.fail('User inputted password is required')
|
||||
}
|
||||
const useStorageMode = dto.newStorageMode ?? dto.vault.keyStorageMode
|
||||
const result = await this.changePasswordTypeToUserInputted(
|
||||
dto.vault,
|
||||
dto.newPasswordType.userInputtedPassword,
|
||||
useStorageMode,
|
||||
)
|
||||
if (result.isFailed()) {
|
||||
return result
|
||||
}
|
||||
} else if (dto.newPasswordType.passwordType === KeySystemPasswordType.Randomized) {
|
||||
const result = await this.changePasswordTypeToRandomized(dto.vault)
|
||||
if (result.isFailed()) {
|
||||
return result
|
||||
}
|
||||
}
|
||||
|
||||
return Result.ok()
|
||||
}
|
||||
|
||||
private async handleNewStorageMode(dto: ChangeVaultKeyOptionsDTO): Promise<Result<void>> {
|
||||
if (!dto.newStorageMode) {
|
||||
return Result.ok()
|
||||
}
|
||||
|
||||
const result = this.getVault.execute({ keySystemIdentifier: dto.vault.systemIdentifier })
|
||||
if (result.isFailed()) {
|
||||
return Result.fail('Vault not found')
|
||||
}
|
||||
|
||||
const latestVault = result.getValue()
|
||||
|
||||
if (latestVault.rootKeyParams.passwordType !== KeySystemPasswordType.UserInputted) {
|
||||
return Result.fail('Vault uses randomized password and cannot change its storage preference')
|
||||
}
|
||||
|
||||
if (dto.newStorageMode === latestVault.keyStorageMode) {
|
||||
return Result.fail('Vault already uses this storage preference')
|
||||
}
|
||||
|
||||
if (
|
||||
dto.newStorageMode === KeySystemRootKeyStorageMode.Local ||
|
||||
dto.newStorageMode === KeySystemRootKeyStorageMode.Ephemeral
|
||||
) {
|
||||
const result = await this.changeStorageModeToLocalOrEphemeral(latestVault, dto.newStorageMode)
|
||||
if (result.isFailed()) {
|
||||
return result
|
||||
}
|
||||
} else if (dto.newStorageMode === KeySystemRootKeyStorageMode.Synced) {
|
||||
const result = await this.changeStorageModeToSynced(latestVault)
|
||||
if (result.isFailed()) {
|
||||
return result
|
||||
}
|
||||
}
|
||||
|
||||
return Result.ok()
|
||||
}
|
||||
|
||||
private async changePasswordTypeToUserInputted(
|
||||
vault: VaultListingInterface,
|
||||
userInputtedPassword: string,
|
||||
storageMode: KeySystemRootKeyStorageMode,
|
||||
): Promise<void> {
|
||||
): Promise<Result<void>> {
|
||||
const newRootKey = this.encryption.createUserInputtedKeySystemRootKey({
|
||||
systemIdentifier: vault.systemIdentifier,
|
||||
userInputtedPassword: userInputtedPassword,
|
||||
@@ -80,60 +123,73 @@ export class ChangeVaultKeyOptions {
|
||||
if (storageMode === KeySystemRootKeyStorageMode.Synced) {
|
||||
await this.mutator.insertItem(newRootKey, true)
|
||||
} else {
|
||||
this.keys.intakeNonPersistentKeySystemRootKey(newRootKey, storageMode)
|
||||
this.keys.cacheKey(newRootKey, storageMode)
|
||||
}
|
||||
|
||||
await this.mutator.changeItem<VaultListingMutator>(vault, (mutator) => {
|
||||
mutator.rootKeyParams = newRootKey.keyParams
|
||||
})
|
||||
|
||||
await this.keys.reencryptKeySystemItemsKeysForVault(vault.systemIdentifier)
|
||||
await this.keys.queueVaultItemsKeysForReencryption(vault.systemIdentifier)
|
||||
|
||||
return Result.ok()
|
||||
}
|
||||
|
||||
private async changePasswordTypeToRandomized(
|
||||
vault: VaultListingInterface,
|
||||
storageMode: KeySystemRootKeyStorageMode,
|
||||
): Promise<void> {
|
||||
private async changePasswordTypeToRandomized(vault: VaultListingInterface): Promise<Result<void>> {
|
||||
if (vault.keyStorageMode !== KeySystemRootKeyStorageMode.Synced) {
|
||||
this.keys.removeKeyFromCache(vault.systemIdentifier)
|
||||
|
||||
await this.mutator.changeItem<VaultListingMutator>(vault, (mutator) => {
|
||||
mutator.keyStorageMode = KeySystemRootKeyStorageMode.Synced
|
||||
})
|
||||
}
|
||||
|
||||
const newRootKey = this.encryption.createRandomizedKeySystemRootKey({
|
||||
systemIdentifier: vault.systemIdentifier,
|
||||
})
|
||||
|
||||
if (storageMode !== KeySystemRootKeyStorageMode.Synced) {
|
||||
throw new Error('Cannot change to randomized password if root key storage is not synced')
|
||||
}
|
||||
|
||||
await this.mutator.changeItem<VaultListingMutator>(vault, (mutator) => {
|
||||
mutator.rootKeyParams = newRootKey.keyParams
|
||||
})
|
||||
|
||||
await this.mutator.insertItem(newRootKey, true)
|
||||
|
||||
await this.keys.reencryptKeySystemItemsKeysForVault(vault.systemIdentifier)
|
||||
await this.keys.queueVaultItemsKeysForReencryption(vault.systemIdentifier)
|
||||
|
||||
return Result.ok()
|
||||
}
|
||||
|
||||
private async changeStorageModeToLocalOrEphemeral(
|
||||
vault: VaultListingInterface,
|
||||
newKeyStorageMode: KeySystemRootKeyStorageMode,
|
||||
): Promise<void> {
|
||||
newStorageMode: KeySystemRootKeyStorageMode,
|
||||
): Promise<Result<void>> {
|
||||
const primaryKey = this.keys.getPrimaryKeySystemRootKey(vault.systemIdentifier)
|
||||
if (!primaryKey) {
|
||||
throw new Error('No primary key found')
|
||||
return Result.fail('No primary key found')
|
||||
}
|
||||
|
||||
this.keys.intakeNonPersistentKeySystemRootKey(primaryKey, newKeyStorageMode)
|
||||
if (newStorageMode === KeySystemRootKeyStorageMode.Ephemeral) {
|
||||
this.keys.removeKeyFromCache(vault.systemIdentifier)
|
||||
}
|
||||
|
||||
this.keys.cacheKey(primaryKey, newStorageMode)
|
||||
await this.keys.deleteAllSyncedKeySystemRootKeys(vault.systemIdentifier)
|
||||
|
||||
await this.mutator.changeItem<VaultListingMutator>(vault, (mutator) => {
|
||||
mutator.keyStorageMode = newKeyStorageMode
|
||||
mutator.keyStorageMode = newStorageMode
|
||||
})
|
||||
|
||||
await this.sync.sync()
|
||||
|
||||
return Result.ok()
|
||||
}
|
||||
|
||||
private async changeStorageModeToSynced(vault: VaultListingInterface): Promise<void> {
|
||||
private async changeStorageModeToSynced(vault: VaultListingInterface): Promise<Result<void>> {
|
||||
const allRootKeys = this.keys.getAllKeySystemRootKeysForVault(vault.systemIdentifier)
|
||||
const syncedRootKeys = this.keys.getSyncedKeySystemRootKeysForVault(vault.systemIdentifier)
|
||||
|
||||
this.keys.removeKeyFromCache(vault.systemIdentifier)
|
||||
|
||||
for (const key of allRootKeys) {
|
||||
const existingSyncedKey = syncedRootKeys.find((syncedKey) => syncedKey.token === key.token)
|
||||
if (existingSyncedKey) {
|
||||
@@ -146,5 +202,7 @@ export class ChangeVaultKeyOptions {
|
||||
await this.mutator.changeItem<VaultListingMutator>(vault, (mutator) => {
|
||||
mutator.keyStorageMode = KeySystemRootKeyStorageMode.Synced
|
||||
})
|
||||
|
||||
return Result.ok()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
import { KeySystemRootKeyPasswordType, KeySystemRootKeyStorageMode, VaultListingInterface } from '@standardnotes/models'
|
||||
import { KeySystemPasswordType, KeySystemRootKeyStorageMode, VaultListingInterface } from '@standardnotes/models'
|
||||
|
||||
export type ChangeVaultKeyOptionsDTO = {
|
||||
vault: VaultListingInterface
|
||||
newPasswordType:
|
||||
| { passwordType: KeySystemRootKeyPasswordType.Randomized }
|
||||
| { passwordType: KeySystemRootKeyPasswordType.UserInputted; userInputtedPassword: string }
|
||||
| { passwordType: KeySystemPasswordType.Randomized }
|
||||
| { passwordType: KeySystemPasswordType.UserInputted; userInputtedPassword: string }
|
||||
| undefined
|
||||
newKeyStorageMode: KeySystemRootKeyStorageMode | undefined
|
||||
newStorageMode: KeySystemRootKeyStorageMode | undefined
|
||||
}
|
||||
|
||||
@@ -2,7 +2,7 @@ import { SyncServiceInterface } from '../../Sync/SyncServiceInterface'
|
||||
import { UuidGenerator } from '@standardnotes/utils'
|
||||
import {
|
||||
KeySystemRootKeyParamsInterface,
|
||||
KeySystemRootKeyPasswordType,
|
||||
KeySystemPasswordType,
|
||||
VaultListingContentSpecialized,
|
||||
VaultListingInterface,
|
||||
KeySystemRootKeyStorageMode,
|
||||
@@ -44,9 +44,7 @@ export class CreateVault {
|
||||
keySystemIdentifier,
|
||||
vaultName: dto.vaultName,
|
||||
vaultDescription: dto.vaultDescription,
|
||||
passwordType: dto.userInputtedPassword
|
||||
? KeySystemRootKeyPasswordType.UserInputted
|
||||
: KeySystemRootKeyPasswordType.Randomized,
|
||||
passwordType: dto.userInputtedPassword ? KeySystemPasswordType.UserInputted : KeySystemPasswordType.Randomized,
|
||||
rootKeyParams: rootKey.keyParams,
|
||||
storage: dto.storagePreference,
|
||||
})
|
||||
@@ -60,7 +58,7 @@ export class CreateVault {
|
||||
keySystemIdentifier: string
|
||||
vaultName: string
|
||||
vaultDescription?: string
|
||||
passwordType: KeySystemRootKeyPasswordType
|
||||
passwordType: KeySystemPasswordType
|
||||
rootKeyParams: KeySystemRootKeyParamsInterface
|
||||
storage: KeySystemRootKeyStorageMode
|
||||
}): Promise<VaultListingInterface> {
|
||||
@@ -109,7 +107,7 @@ export class CreateVault {
|
||||
if (dto.storagePreference === KeySystemRootKeyStorageMode.Synced) {
|
||||
await this.mutator.insertItem(newRootKey, true)
|
||||
} else {
|
||||
this.keys.intakeNonPersistentKeySystemRootKey(newRootKey, dto.storagePreference)
|
||||
this.keys.cacheKey(newRootKey, dto.storagePreference)
|
||||
}
|
||||
|
||||
return newRootKey
|
||||
|
||||
@@ -3,7 +3,7 @@ import { ClientDisplayableError, isClientDisplayableError } from '@standardnotes
|
||||
import {
|
||||
KeySystemIdentifier,
|
||||
KeySystemRootKeyInterface,
|
||||
KeySystemRootKeyPasswordType,
|
||||
KeySystemPasswordType,
|
||||
KeySystemRootKeyStorageMode,
|
||||
VaultListingInterface,
|
||||
VaultListingMutator,
|
||||
@@ -31,7 +31,7 @@ export class RotateVaultKey {
|
||||
|
||||
let newRootKey: KeySystemRootKeyInterface | undefined
|
||||
|
||||
if (currentRootKey.keyParams.passwordType === KeySystemRootKeyPasswordType.UserInputted) {
|
||||
if (currentRootKey.keyParams.passwordType === KeySystemPasswordType.UserInputted) {
|
||||
if (!params.userInputtedPassword) {
|
||||
throw new Error('Cannot rotate key system root key; user inputted password required')
|
||||
}
|
||||
@@ -40,7 +40,7 @@ export class RotateVaultKey {
|
||||
systemIdentifier: params.vault.systemIdentifier,
|
||||
userInputtedPassword: params.userInputtedPassword,
|
||||
})
|
||||
} else if (currentRootKey.keyParams.passwordType === KeySystemRootKeyPasswordType.Randomized) {
|
||||
} else if (currentRootKey.keyParams.passwordType === KeySystemPasswordType.Randomized) {
|
||||
newRootKey = this.encryption.createRandomizedKeySystemRootKey({
|
||||
systemIdentifier: params.vault.systemIdentifier,
|
||||
})
|
||||
@@ -53,7 +53,7 @@ export class RotateVaultKey {
|
||||
if (params.vault.keyStorageMode === KeySystemRootKeyStorageMode.Synced) {
|
||||
await this.mutator.insertItem(newRootKey, true)
|
||||
} else {
|
||||
this.keys.intakeNonPersistentKeySystemRootKey(newRootKey, params.vault.keyStorageMode)
|
||||
this.keys.cacheKey(newRootKey, params.vault.keyStorageMode)
|
||||
}
|
||||
|
||||
await this.mutator.changeItem<VaultListingMutator>(params.vault, (mutator) => {
|
||||
@@ -73,7 +73,7 @@ export class RotateVaultKey {
|
||||
errors.push(updateKeySystemItemsKeyResult)
|
||||
}
|
||||
|
||||
await this.keys.reencryptKeySystemItemsKeysForVault(params.vault.systemIdentifier)
|
||||
await this.keys.queueVaultItemsKeysForReencryption(params.vault.systemIdentifier)
|
||||
|
||||
return errors
|
||||
}
|
||||
|
||||
@@ -26,6 +26,7 @@ import { MutatorClientInterface } from '../Mutator/MutatorClientInterface'
|
||||
import { AlertService } from '../Alert/AlertService'
|
||||
import { GetVaults } from './UseCase/GetVaults'
|
||||
import { VaultLockServiceInterface } from '../VaultLock/VaultLockServiceInterface'
|
||||
import { Result } from '@standardnotes/domain-core'
|
||||
|
||||
export class VaultService
|
||||
extends AbstractService<VaultServiceEvent, VaultServiceEventPayload[VaultServiceEvent]>
|
||||
@@ -194,7 +195,7 @@ export class VaultService
|
||||
return updatedVault
|
||||
}
|
||||
|
||||
async rotateVaultRootKey(vault: VaultListingInterface): Promise<void> {
|
||||
async rotateVaultRootKey(vault: VaultListingInterface, vaultPassword?: string): Promise<void> {
|
||||
if (this.vaultLocks.isVaultLocked(vault)) {
|
||||
throw new Error('Cannot rotate root key of locked vault')
|
||||
}
|
||||
@@ -202,7 +203,7 @@ export class VaultService
|
||||
await this._rotateVaultKey.execute({
|
||||
vault,
|
||||
sharedVaultUuid: vault.isSharedVaultListing() ? vault.sharing.sharedVaultUuid : undefined,
|
||||
userInputtedPassword: undefined,
|
||||
userInputtedPassword: vaultPassword,
|
||||
})
|
||||
|
||||
await this.notifyEventSync(VaultServiceEvent.VaultRootKeyRotated, { vault })
|
||||
@@ -227,15 +228,17 @@ export class VaultService
|
||||
return this.getVault({ keySystemIdentifier: latestItem.key_system_identifier })
|
||||
}
|
||||
|
||||
async changeVaultOptions(dto: ChangeVaultKeyOptionsDTO): Promise<void> {
|
||||
async changeVaultOptions(dto: ChangeVaultKeyOptionsDTO): Promise<Result<void>> {
|
||||
if (this.vaultLocks.isVaultLocked(dto.vault)) {
|
||||
throw new Error('Attempting to change vault options on a locked vault')
|
||||
}
|
||||
|
||||
await this._changeVaultKeyOptions.execute(dto)
|
||||
const result = await this._changeVaultKeyOptions.execute(dto)
|
||||
|
||||
if (dto.newPasswordType) {
|
||||
await this.notifyEventSync(VaultServiceEvent.VaultRootKeyRotated, { vault: dto.vault })
|
||||
}
|
||||
|
||||
return result
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,6 +7,7 @@ import {
|
||||
import { AbstractService } from '../Service/AbstractService'
|
||||
import { VaultServiceEvent, VaultServiceEventPayload } from './VaultServiceEvent'
|
||||
import { ChangeVaultKeyOptionsDTO } from './UseCase/ChangeVaultKeyOptionsDTO'
|
||||
import { Result } from '@standardnotes/domain-core'
|
||||
|
||||
export interface VaultServiceInterface
|
||||
extends AbstractService<VaultServiceEvent, VaultServiceEventPayload[VaultServiceEvent]> {
|
||||
@@ -34,6 +35,6 @@ export interface VaultServiceInterface
|
||||
vault: VaultListingInterface,
|
||||
params: { name: string; description: string },
|
||||
): Promise<VaultListingInterface>
|
||||
rotateVaultRootKey(vault: VaultListingInterface): Promise<void>
|
||||
changeVaultOptions(dto: ChangeVaultKeyOptionsDTO): Promise<void>
|
||||
rotateVaultRootKey(vault: VaultListingInterface, vaultPassword?: string): Promise<void>
|
||||
changeVaultOptions(dto: ChangeVaultKeyOptionsDTO): Promise<Result<void>>
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user