Change password (#320)

backend/models/UserMutation.spec.ts

@@ -65,4 +65,12 @@ describe('UserMutation', () => {
       // expect(sentEmails.length).toBe(1) // TODO figure out why this is not working
     })
   })
+
+  describe('changeMasterPassword', () => {
+    it.todo(
+      'should change master password and increment token version to force user to relog on all other devices'
+    )
+
+    it.todo('should throw error when user is not ona master device')
+  })
 })

backend/models/UserMutation.ts

@@ -32,6 +32,7 @@ import { SecretUsageEventGQLScalars } from './generated/SecretUsageEventGQL'
 import { MasterDeviceChangeGQL } from './generated/MasterDeviceChangeGQL'
 import { GraphqlError } from '../api/GraphqlError'
 import debug from 'debug'
+import { setNewRefreshToken } from '../userAuth'
 const log = debug('au:userMutation')
 
 @ObjectType()
@@ -301,33 +302,43 @@ export class UserMutation extends UserBase {
     input: ChangeMasterPasswordInput,
     @Ctx() ctx: IContextAuthenticated
   ) {
+    if (ctx.device.id !== this.masterDeviceId) {
+      throw new Error('You can only change password on a master device')
+    }
+
     const secretsUpdates = input.secrets.map(({ id, ...patch }) => {
       return ctx.prisma.encryptedSecret.update({
         where: { id: id },
         data: patch
       })
     })
 
-    await ctx.prisma.$transaction([
-      ...secretsUpdates,
+    const [user] = await ctx.prisma.$transaction([
       ctx.prisma.user.update({
         data: {
           addDeviceSecret: input.addDeviceSecret,
-          addDeviceSecretEncrypted: input.addDeviceSecretEncrypted
+          addDeviceSecretEncrypted: input.addDeviceSecretEncrypted,
+          tokenVersion: {
+            increment: 1
+          }
         },
         where: {
           id: this.id
         }
       }),
-      ctx.prisma.decryptionChallenge.updateMany({
+      ctx.prisma.decryptionChallenge.update({
+        // need to update the challenge to let user log in
         where: {
           id: input.decryptionChallengeId,
           deviceId: ctx.jwtPayload.deviceId,
           userId: this.id
         },
         data: { masterPasswordVerifiedAt: new Date() }
-      })
+      }),
+      ...secretsUpdates
     ])
+
+    setNewRefreshToken(user, ctx.device.id, ctx) // set new refresh token to force all other devices to re-login
     return secretsUpdates.length
   }
 

mobile-app/src/screens/PasswordVault/AddPassword.tsx

@@ -15,12 +15,13 @@ import Ionicons from 'react-native-vector-icons/Ionicons'
 
 import { useNavigation } from '@react-navigation/native'
 import { DeviceContext } from '../../providers/DeviceProvider'
+import { loginCredentialsSchema } from '../../../../shared/loginCredentialsSchema'
 import { InputHeader } from './EditPassword'
 import { EncryptedSecretType } from '@shared/generated/graphqlBaseTypes'
 import { PasswordStackScreenProps } from '../../navigation/types'
 import { ToastAlert } from '../../components/ToastAlert'
 import { ToastType } from '../../ToastTypes'
-import { loginCredentialsSchema } from '@src/utils/loginCredentialsSchema'
+
 import { PasswordSchema, credentialValues } from '@shared/formikSharedTypes'
 
 const InputField = ({

mobile-app/src/screens/PasswordVault/EditPassword.tsx

@@ -30,13 +30,6 @@ import { PasswordStackScreenProps } from '@navigation/types'
 import { credentialValues, PasswordSchema } from '@shared/formikSharedTypes'
 import { Loading } from '@src/components/Loading'
 
-interface LoginParsedValues {
-  url: string
-  label: string
-  username: string
-  password: string
-}
-
 export const InputHeader = ({ children }) => {
   return (
     <FormControl.Label

mobile-app/src/screens/PasswordVault/PasswordVault.tsx

@@ -60,10 +60,7 @@ export const PasswordVault = ({
       {hasNoSecrets ? ( // TODO login form illustration
         <Box p={4}>
           <Text>
-            <Trans>
-              Start by adding a secret by logging onto any website or by adding
-              a TOTP code
-            </Trans>
+            <Trans>Start by adding a login secret or a TOTP code</Trans>
           </Text>
         </Box>
       ) : (

mobile-app/src/utils/Device.ts

@@ -6,7 +6,11 @@ import {
   SettingsInput
 } from '@shared/generated/graphqlBaseTypes'
 import { z, ZodError } from 'zod'
-import { loginCredentialsSchema, totpSchema } from './loginCredentialsSchema'
+
+import {
+  loginCredentialsSchema,
+  totpSchema
+} from '../../../shared/loginCredentialsSchema'
 
 import messaging from '@react-native-firebase/messaging'
 import {

mobile-app/src/utils/DeviceState.ts

@@ -10,7 +10,8 @@ import {
   generateEncryptionKey
 } from '@utils/generateEncryptionKey'
 import { EncryptedSecretType } from '@shared/generated/graphqlBaseTypes'
-import { loginCredentialsSchema } from './loginCredentialsSchema'
+import { loginCredentialsSchema } from '../../../shared/loginCredentialsSchema'
+
 import {
   AddEncryptedSecretsDocument,
   AddEncryptedSecretsMutation,

package.json

@@ -16,7 +16,7 @@
   },
   "devDependencies": {
     "@apollo/client": "^3.7.9",
-    "@chakra-ui/react": "^2.4.1",
+    "@chakra-ui/react": "^2.5.1",
     "@emotion/react": "^11.10.5",
     "@emotion/styled": "^11.10.5",
     "@graphql-codegen/cli": "^2.14.1",