Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PM-16227] Move import to sdk and enable it in browser/web #12479

Open
wants to merge 17 commits into
base: main
Choose a base branch
from

Conversation

quexten
Copy link
Contributor

@quexten quexten commented Dec 19, 2024

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-16227

📔 Objective

Makes use of the sdk in order to handle import on desktop web and browser. Drops importer code from desktop_native since it's not needed there anymore.

📸 Screenshots

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

Copy link
Contributor

github-actions bot commented Dec 19, 2024

Logo
Checkmarx One – Scan Summary & Details05f0063e-7d19-4254-881a-d8d24fe45583

Great job, no security vulnerabilities found in this Pull Request

Copy link

codecov bot commented Dec 19, 2024

Codecov Report

Attention: Patch coverage is 13.18681% with 79 lines in your changes missing coverage. Please review.

Project coverage is 33.73%. Comparing base (196c1e1) to head (e25d940).

✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
...angular/src/vault/components/add-edit.component.ts 0.00% 35 Missing ⚠️
...ponents/sshkey-section/sshkey-section.component.ts 16.21% 27 Missing and 4 partials ⚠️
libs/common/src/models/export/ssh-key.export.ts 0.00% 5 Missing ⚠️
...vault/popup/components/vault/add-edit.component.ts 0.00% 3 Missing ⚠️
.../desktop/src/vault/app/vault/add-edit.component.ts 0.00% 2 Missing ⚠️
...access/view/emergency-add-edit-cipher.component.ts 66.66% 0 Missing and 1 partial ⚠️
...c/app/vault/individual-vault/add-edit.component.ts 66.66% 0 Missing and 1 partial ⚠️
.../web/src/app/vault/org-vault/add-edit.component.ts 66.66% 0 Missing and 1 partial ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main   #12479      +/-   ##
==========================================
- Coverage   33.74%   33.73%   -0.01%     
==========================================
  Files        2918     2918              
  Lines       90994    91047      +53     
  Branches    17200    17215      +15     
==========================================
+ Hits        30703    30712       +9     
- Misses      57891    57924      +33     
- Partials     2400     2411      +11     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@quexten quexten changed the title Move import to sdk and enable it in browser/web [PM-16227] Move import to sdk and enable it in browser/web Dec 23, 2024
@quexten quexten marked this pull request as ready for review December 24, 2024 14:24
@quexten quexten requested review from a team as code owners December 24, 2024 14:24
Copy link
Member

@audreyality audreyality left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Requested changes marked with ⚠️.
Review-blocking concerns that may not require changes marked with 🤔.
Everything else is commentary.

domain.privateKey = req.privateKey != null ? new EncString(req.privateKey) : null;
domain.publicKey = req.publicKey != null ? new EncString(req.publicKey) : null;
domain.keyFingerprint = req.keyFingerprint != null ? new EncString(req.keyFingerprint) : null;
const parsedKey = import_ssh_key(req.privateKey);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤔 Seems like there should be a null check here. You have one when importing from the clipboard, in case import_ssh_key returns null.

Copy link
Contributor Author

@quexten quexten Jan 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, so thinking this through, this should only occur when a user hand-modified the export to be broken (or a bug caused the export to be in a broken state), since SSH keys do not have an arbitrary format.

Since we only ever want consistent, and correct keys in the vault, the intended behavior would be to skip the entire cipher. Currently, just from the code, this seems like it would throw and thus throw the entire import.

What is tools recommendation on this?

I see several ways to filter out these broken ciphers in the import later on (i.e in f.e paresDecrypted as a "post-processing" step on the result), but I don't know whether that's what tools intends?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@djsmith85 - I think this is a place where we'll need your importer expertise.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current behaviour is that, if any error on any item occurs, the whole import is aborted. We might want to change that in the future, if we can provide a detailed import report, but for now it just aborts, to not cause partial imports without a notice to the user.

@quexten Please ensure during dev/testing that an invalid ssh key will throw and show which import-item is causing the issue. If you are also able to provide a detailed/informative error messages, users will appreciate it.

libs/angular/src/vault/components/add-edit.component.ts Outdated Show resolved Hide resolved
Comment on lines 846 to 849
} else {
password = await this.getSshKeyPassword();
await this.importSshKeyFromClipboard(password);
}
Copy link
Member

@audreyality audreyality Dec 27, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ It's generally bad form to use try/catch for control flow. Consider signalling the expected case of a missing or incorrect password using the return code instead of an exception.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wish there was a better way to represent results in ts/js, but the way this is done in the PR is the default way to hand over results from rust(wasm) to js/ts: https://rustwasm.github.io/docs/wasm-bindgen/reference/types/result.html

Copy link
Member

@audreyality audreyality Jan 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't need to be solved now--♻️ identifies tech debt. If you're interested in it, though, you might consider embedding an enum in the Ok block of the result.

enum SshImport {
  Imported(value),
  MissingPassword, // expected failure case
  InvalidPassword, // expected failure case
}

fn method(...) : Result<SshImport, Exception> {
  // ...
}

There may be better ways to handle this; the main idea is that you have "process failures" (which relate to things like validation) and "runtime failures" (which relate to circumstances outside of the user's control).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wasm-bindgen does not support enums with values at the moment (otherwise Result would also be trivial to represent), but only C-style enums: rustwasm/wasm-bindgen#2407. So for passing to typescript, this would need to be converted to some struct, similar to what was done in the desktop-only implementation.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or you could use Tsify-next, which is already included as a dependency.

libs/angular/src/vault/components/add-edit.component.ts Outdated Show resolved Hide resolved
libs/angular/src/vault/components/add-edit.component.ts Outdated Show resolved Hide resolved
@@ -79,4 +90,71 @@ export class SshKeySectionComponent implements OnInit {
keyFingerprint,
});
}

async importSshKeyFromClipboard(password: string = "") {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ This function is replicated with minor alterations across several components. Consider extracting the decision making into one or more shared functions.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be honest, after rewriting it, it is so much shorter that moving this out to a service, just for the two consumers, seems like it would lead to less clarity of the code.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be honest, after rewriting it, it is so much shorter that moving this out to a service, just for the two consumers, seems like it would lead to less clarity of the code.

It can just be a plain old function. There's no need to embed it in a service.

That said, this is also an optional thing.

Comment on lines +829 to +833
return;
}
continue;
}
break;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⛏️ Mixing 3 different control flow keywords here leads me to believe there's a better way to state this.

Comment on lines 846 to 849
} else {
password = await this.getSshKeyPassword();
await this.importSshKeyFromClipboard(password);
}
Copy link
Member

@audreyality audreyality Jan 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't need to be solved now--♻️ identifies tech debt. If you're interested in it, though, you might consider embedding an enum in the Ok block of the result.

enum SshImport {
  Imported(value),
  MissingPassword, // expected failure case
  InvalidPassword, // expected failure case
}

fn method(...) : Result<SshImport, Exception> {
  // ...
}

There may be better ways to handle this; the main idea is that you have "process failures" (which relate to things like validation) and "runtime failures" (which relate to circumstances outside of the user's control).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants