Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PM-4954 Migrate SSO Component #9126

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

PM-4954 Migrate SSO Component #9126

wants to merge 5 commits into from

Conversation

KiruthigaManivannan
Copy link
Collaborator

Type of change

- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [x] Other

Objective

Migrate the SSO component to use the component library.

Code changes

  • sso.component.html: Added form group and bit form fields
  • sso.component.ts: Added new form group , converted submit to arrow function
  • oss-routing.module.ts: Added Routing for Anon layout wrapper component.

Screenshots

SSO.Login.-.Google.Chrome.2024-05-10.19-09-12.mp4

@KiruthigaManivannan KiruthigaManivannan requested a review from a team as a code owner May 10, 2024 13:40
@github-actions github-actions bot added the needs-qa Marks a PR as requiring QA approval label May 10, 2024
@KiruthigaManivannan
Copy link
Collaborator Author

@trmartin4 Does this SSO component changes looks good ? Please advise

@codecov Codecov
Copy link

codecov bot commented May 10, 2024
edited

Codecov Report

Attention: Patch coverage is 10.00000% with 9 lines in your changes are missing coverage. Please review.

Project coverage is 28.15%. Comparing base (74bc24b) to head (8e82c68).

Files Patch % Lines
apps/web/src/app/auth/sso.component.ts 11.11% 8 Missing ⚠️
apps/web/src/app/oss-routing.module.ts 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #9126   +/-   ##
=======================================
  Coverage   28.14%   28.15%           
=======================================
  Files        2375     2375           
  Lines       70219    70224    +5     
  Branches    13173    13173           
=======================================
+ Hits        19766    19774    +8     
+ Misses      48888    48885    -3     
  Partials     1565     1565

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 10, 2024
edited

Logo
Checkmarx One – Scan Summary & Details6ff60a61-d964-475c-abfc-c63c1b445f05

New Issues

Severity Issue Source File / Package Checkmarx Insight
LOW Unprotected_Cookie /apps/web/src/app/auth/sso.component.ts: 143 Attack Vector

Fixed Issues

Severity Issue Source File / Package
HIGH Client_DOM_Code_Injection /apps/web/src/connectors/common.ts: 2
HIGH Client_DOM_Code_Injection /apps/browser/src/autofill/services/collect-autofill-content.service.ts: 1071
HIGH Client_DOM_Stored_XSS /apps/web/src/connectors/sso.ts: 33
HIGH Client_DOM_XSS /apps/browser/src/auth/scripts/duo.js: 285
HIGH Client_DOM_XSS /apps/browser/src/auth/scripts/duo.js: 285
HIGH Client_DOM_XSS /apps/desktop/src/auth/scripts/duo.js: 285
HIGH Client_DOM_XSS /apps/desktop/src/auth/scripts/duo.js: 285
HIGH Client_DOM_XSS /apps/web/src/connectors/common.ts: 2
HIGH Client_DOM_XSS /apps/web/src/connectors/common.ts: 2
HIGH Client_DOM_XSS /apps/web/src/connectors/common.ts: 2
HIGH Client_DOM_XSS /apps/web/src/connectors/common.ts: 2
HIGH Client_DOM_XSS /apps/web/src/connectors/sso.ts: 21
HIGH Client_DOM_XSS /apps/web/src/connectors/sso.ts: 19
HIGH Client_DOM_XSS /apps/web/src/connectors/sso.ts: 15
MEDIUM Absolute_Path_Traversal /apps/cli/src/commands/serve.command.ts: 347
MEDIUM Absolute_Path_Traversal /apps/cli/src/commands/serve.command.ts: 315
MEDIUM Absolute_Path_Traversal /apps/cli/src/commands/serve.command.ts: 347
MEDIUM Absolute_Path_Traversal /apps/cli/src/commands/serve.command.ts: 315
MEDIUM Angular_Improper_Type_Pipe_Usage /apps/browser/src/vault/popup/components/fido2/fido2-use-browser-link.component.html: 1
MEDIUM Client_Privacy_Violation /apps/browser/src/background/runtime.background.ts: 323
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.html: 14
MEDIUM Client_Privacy_Violation /apps/browser/src/auth/popup/account-switching/account.component.ts: 12
MEDIUM Client_Privacy_Violation /apps/browser/src/auth/popup/account-switching/account.component.ts: 12
MEDIUM Client_Privacy_Violation /apps/browser/src/auth/popup/account-switching/account.component.ts: 12
MEDIUM Client_Privacy_Violation /libs/components/src/color-password/color-password.component.ts: 25
MEDIUM Client_Privacy_Violation /libs/components/src/color-password/color-password.component.ts: 26
MEDIUM Client_Privacy_Violation /apps/desktop/src/auth/lock.component.html: 32
MEDIUM Client_Privacy_Violation /apps/web/src/app/auth/lock.component.html: 18
MEDIUM Client_Privacy_Violation /apps/web/src/app/auth/lock.component.html: 18
MEDIUM Client_Privacy_Violation /apps/desktop/src/auth/lock.component.html: 32
MEDIUM Client_Privacy_Violation /apps/web/src/app/auth/recover-two-factor.component.html: 37
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/view.component.html: 534
MEDIUM Client_Privacy_Violation /apps/web/src/connectors/webauthn-fallback.ts: 116
MEDIUM Client_Privacy_Violation /bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts: 161
MEDIUM Client_Privacy_Violation /bitwarden_license/bit-web/src/app/auth/sso/sso.component.ts: 161
MEDIUM Client_Privacy_Violation /libs/components/src/color-password/color-password.component.ts: 14
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/view.component.html: 60
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/view.component.html: 56
MEDIUM Client_Privacy_Violation /apps/browser/src/tools/popup/generator/password-generator-history.component.html: 26
MEDIUM Client_Privacy_Violation /apps/browser/src/vault/popup/components/vault/password-history.component.html: 18
MEDIUM Client_Privacy_Violation /apps/desktop/src/app/tools/password-generator-history.component.html: 15
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/password-history.component.html: 12
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/view.component.html: 50
MEDIUM Client_Privacy_Violation /libs/components/src/color-password/color-password.component.ts: 14
MEDIUM Client_Privacy_Violation /apps/browser/src/tools/popup/generator/password-generator-history.component.html: 26
MEDIUM Client_Privacy_Violation /apps/browser/src/vault/popup/components/vault/password-history.component.html: 18
MEDIUM Client_Privacy_Violation /apps/desktop/src/app/tools/password-generator-history.component.html: 15
MEDIUM Client_Privacy_Violation /apps/desktop/src/vault/app/vault/password-history.component.html: 12
MEDIUM Missing_HSTS_Header /apps/cli/src/auth/commands/login.command.ts: 707
MEDIUM SSRF /libs/importer/src/importers/lastpass/access/services/rest-client.ts: 69
MEDIUM SSRF /libs/importer/src/importers/lastpass/access/services/rest-client.ts: 69
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /libs/components/src/avatar/avatar.component.ts: 80
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /apps/desktop/src/app/components/avatar.component.ts: 75
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /libs/components/src/icon/icon.component.ts: 18
LOW Angular_Usage_of_Unsafe_DOM_Sanitizer /libs/components/src/icon/icon.component.ts: 18
LOW Client_DOM_Open_Redirect /apps/browser/src/platform/popup/layout/popup-header.component.ts: 29
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/accessibility-cookie.component.html: 18
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/common.ts: 2
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/common.ts: 2
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/common.ts: 2
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/sso.ts: 21
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/common.ts: 2
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/sso.ts: 19
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/common.ts: 2
LOW Client_DOM_Open_Redirect /apps/web/src/connectors/sso.ts: 15
LOW Client_DOM_Open_Redirect /apps/browser/src/tools/popup/generator/password-generator-history.component.ts: 18
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/account-switching/current-account.component.ts: 35
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/login/login-via-auth-request.component.ts: 60
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/login/login-via-auth-request.component.ts: 60
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/account-switching/account.component.ts: 24
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/login/login-via-auth-request.component.ts: 60
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/login/login-via-auth-request.component.ts: 60
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/login-via-auth-request.component.ts: 52
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/login-via-auth-request.component.ts: 52
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/login-via-auth-request.component.ts: 52
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/popup/login-via-auth-request.component.ts: 52
LOW Client_DOM_Open_Redirect /apps/browser/src/vault/popup/components/vault/password-history.component.ts: 21
LOW Client_DOM_Open_Redirect /apps/browser/src/vault/popup/components/vault/attachments.component.ts: 32
LOW Client_DOM_Open_Redirect /apps/browser/src/billing/popup/settings/premium.component.ts: 27
LOW Client_DOM_Open_Redirect /libs/common/src/auth/iframe-component.ts: 49
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /libs/common/src/auth/webauthn-iframe.ts: 25
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /libs/common/src/auth/webauthn-iframe.ts: 25
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/desktop/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_DOM_Open_Redirect /apps/browser/src/auth/scripts/duo.js: 277
LOW Client_Hardcoded_Domain /apps/web/src/app/billing/shared/payment.component.ts: 56
LOW Client_Hardcoded_Domain /apps/web/src/app/billing/shared/payment.component.ts: 56
LOW Client_Hardcoded_Domain /apps/web/src/connectors/captcha.ts: 57
LOW Client_JQuery_Deprecated_Symbols /apps/cli/src/auth/commands/login.command.ts: 575
LOW Client_JQuery_Deprecated_Symbols /libs/angular/src/auth/components/update-temp-password.component.ts: 132
LOW Client_JQuery_Deprecated_Symbols /libs/angular/src/auth/components/change-password.component.ts: 91
LOW Client_JQuery_Deprecated_Symbols /apps/cli/src/program.ts: 615
LOW Client_Use_Of_Iframe_Without_Sandbox /apps/browser/src/autofill/content/notification-bar.ts: 868
LOW Client_Use_Of_Iframe_Without_Sandbox /apps/browser/src/autofill/overlay/iframe-content/autofill-overlay-iframe.service.ts: 90
LOW Client_Use_Of_Iframe_Without_Sandbox /apps/web/src/connectors/duo.ts: 8
LOW Client_Use_Of_Iframe_Without_Sandbox /apps/web/src/connectors/duo.ts: 8
LOW Client_Weak_Cryptographic_Hash /libs/common/src/platform/services/web-crypto-function.service.ts: 142
LOW Client_Weak_Cryptographic_Hash /apps/desktop/src/proxy/ipc.ts: 24
LOW Missing_CSP_Header /apps/cli/src/auth/commands/login.command.ts: 707
LOW Unprotected_Cookie /apps/web/src/app/auth/two-factor.component.ts: 143
LOW Unprotected_Cookie /apps/web/src/connectors/duo-redirect.ts: 57
LOW Unprotected_Cookie /apps/web/src/connectors/duo-redirect.ts: 112
LOW Unprotected_Cookie /apps/web/src/connectors/sso.ts: 33
LOW Unprotected_Cookie /apps/web/src/app/auth/sso.component.ts: 137
LOW Unsafe_Use_Of_Target_blank /apps/web/src/app/auth/settings/two-factor-recovery.component.ts: 32
LOW Use_of_Broken_or_Risky_Cryptographic_Algorithm /apps/cli/src/vault/create.command.ts: 68

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JaredSnider-Bitwarden JaredSnider-Bitwarden Awaiting requested review from JaredSnider-Bitwarden JaredSnider-Bitwarden is a code owner automatically assigned from bitwarden/team-auth-dev

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
needs-qa Marks a PR as requiring QA approval
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@KiruthigaManivannan