Merge branch 'release' into 'master'

Merge branch 'release' into 'master'

See merge request passbolt/passbolt-browser-extension!900

CHANGELOG.md

@@ -3,8 +3,16 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
+## [4.8.2] - 2024-06-13
+### Improved
+- PB-33686 As a user I should be signed out after browser update
+
+### Fixed
+- PB-33727 Fix session extension, service worker awaken and user instance storage not set
+- PB-33801 Remove active account cache in memory
+
 ## [4.8.1] - 2024-05-18
-### Fix
+### Fixed
 - PB-33595 As a user running an instance serving an invalid certificate I should be able to sync the gpgkeyring
 
 ## [4.8.0] - 2024-05-16
@@ -1623,8 +1631,9 @@ self registration settings option in the left-side bar
 - AP: User with plugin installed
 - LU: Logged in user
 
-[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.8.1...HEAD
-[4.8.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.8.0...4.8.1
+[Unreleased]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.8.2...HEAD
+[4.8.2]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.8.1...4.8.2
+[4.8.1]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.8.0...4.8.1
 [4.8.0]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.7.8...4.8.0
 [4.7.8]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.7.7...v4.7.8
 [4.7.7]: https://github.com/passbolt/passbolt_browser_extension/compare/v4.7.6...v4.7.7

RELEASE_NOTES.md

@@ -1,11 +1,13 @@
-Song: https://www.youtube.com/watch?v=hbe3CQamF8k
+Song: https://www.youtube.com/watch?v=OypXGyN6OZw
 
-Passbolt v4.8.1 is a maintenance update that addresses issues related to servers serving invalid SSL certificates, which affected the accessibility of the API with certain user journeys.
+Passbolt v4.8.2 is a maintenance update that addresses issues related to MV3.
 
 We hope these updates enhance your experience with Passbolt. Your feedback is always valuable to us.
 
-## [4.8.1] - 2024-05-18
-### Fix
-- PB-33595 As a user running an instance serving an invalid certificate I should be able to sync the gpgkeyring
-- PB-33596 As a user running an instance serving an invalid certificate I cannot sync my account settings
-- PB-33597 As a user running an instance serving an invalid certificate I cannot install passbolt extension using an API < v3
+## [4.8.2] - 2024-06-13
+### Improved
+- PB-33686 As a user I should be signed out after browser update
+
+### Fixed
+- PB-33727 Fix session extension, service worker awaken and user instance storage not set
+- PB-33801 Remove active account cache in memory

package.json

@@ -1,6 +1,6 @@
 {
   "name": "passbolt-browser-extension",
-  "version": "4.8.1",
+  "version": "4.8.2",
   "license": "AGPL-3.0",
   "copyright": "Copyright 2022 Passbolt SA",
   "description": "Passbolt web extension for the open source password manager for teams",

src/all/background_page/controller/extension/onExtensionInstalledController.js

@@ -23,6 +23,8 @@ import Log from "../../model/log";
 import {BrowserExtensionIconService} from "../../service/ui/browserExtensionIcon.service";
 import storage from "../../sdk/storage";
 import {Config} from "../../model/config";
+import AuthModel from "../../model/auth/authModel";
+import AppBootstrapPagemod from "../../pagemod/appBootstrapPagemod";
 
 class OnExtensionInstalledController {
   /**
@@ -45,6 +47,11 @@ class OnExtensionInstalledController {
       case browser.runtime.OnInstalledReason.UPDATE:
         await OnExtensionInstalledController.onUpdate();
         break;
+      case browser.runtime.OnInstalledReason.CHROME_UPDATE:
+      case browser.runtime.OnInstalledReason.BROWSER_UPDATE:
+        // Force logout for users to not ask passphrase after a browser update which clear the session storage
+        await OnExtensionInstalledController.onBrowserUpdate();
+        break;
       default:
         console.debug(`The install reason ${details.reason} is not supported`);
         break;
@@ -67,6 +74,45 @@ class OnExtensionInstalledController {
     await OnExtensionInstalledController.updateToolbarIcon();
   }
 
+  /**
+   * On update of the browser, logout the user. It helps mitigate issue where users update their browser, are still
+   * signed-in but session memory used to store user passphrase or other information is flushed. These behavior
+   * deteriorates the user experience, therefore it has been decided to sign the user out.
+   */
+  static async onBrowserUpdate() {
+    const user = User.getInstance();
+    // Check if user is valid
+    if (!user.isValid()) {
+      return;
+    }
+    let authStatus;
+    try {
+      const checkAuthStatusService = new CheckAuthStatusService();
+      // use the cached data as the worker could wake up every 30 secondes.
+      authStatus = await checkAuthStatusService.checkAuthStatus(false);
+    } catch (error) {
+      // Service is unavailable, do nothing...
+      Log.write({level: 'debug', message: 'Could not check if the user is authenticated, the service is unavailable.'});
+      return;
+    }
+    // Do nothing if user is not authenticated
+    if (!authStatus.isAuthenticated) {
+      return;
+    }
+    // Logout authenticated user to prevent to ask passphrase for SSO users
+    const apiClientOptions = await user.getApiClientOptions();
+    const authModel = new AuthModel(apiClientOptions);
+    await authModel.logout();
+    /*
+     * Reload only tabs that match passbolt app url. Reload is necessary as the application loaded in the tab
+     * could be unresponsive due to the forced triggered sign-out.
+     * - When the tab is started the API didn't redirect the user as the user is still signed-in.
+     * - This script sign-out the user
+     * - The pagemod of the app starts and throw an error as the user has been signed-out
+     */
+    await browser.tabs.query({}).then(reloadTabsMatchPassboltAppUrl);
+  }
+
   /**
    * Updates the Passbolt icon in the toolbar according to the sign-in status of the current user.
    * @returns {Promise<void>}
@@ -81,11 +127,11 @@ class OnExtensionInstalledController {
     let authStatus;
     try {
       const checkAuthStatusService = new CheckAuthStatusService();
-      // user the cached data as the worker could wake up every 30 secondes.
+      // use the cached data as the worker could wake up every 30 secondes.
       authStatus = await checkAuthStatusService.checkAuthStatus(false);
     } catch (error) {
       // Service is unavailable, do nothing...
-      Log.write({level: 'debug', message: 'The Service is unavailable to check if the user is authenticated'});
+      Log.write({level: 'debug', message: 'Could not check if the user is authenticated, the service is unavailable.'});
       return;
     }
 
@@ -127,13 +173,25 @@ const closeTabWebStore = tabs => {
 };
 
 
+/**
+ * Reload the tabs that match passsbolt app url
+ * @param tabs
+ */
+const reloadTabsMatchPassboltAppUrl = async tabs => {
+  for (const tab of tabs) {
+    if (await AppBootstrapPagemod.assertUrlAttachConstraint(tab)) {
+      browser.tabs.reload(tab.id);
+    }
+  }
+};
+
 /**
  * Reload the tabs that match pagemod url
  * @param tabs
  */
-const reloadTabsMatchPagemodUrl = tabs => {
-  tabs.map(tab => {
-    if (PagemodManager.hasPagemodMatchUrlToReload(tab.url)) {
+const reloadTabsMatchPagemodUrl = async tabs => {
+  for (const tab of tabs) {
+    if (await PagemodManager.hasPagemodMatchUrlToReload(tab.url)) {
       browser.tabs.reload(tab.id);
     } else {
       // For other tabs detect and inject the new content script
@@ -144,7 +202,7 @@ const reloadTabsMatchPagemodUrl = tabs => {
       };
       WebNavigationService.exec(frameDetails);
     }
-  });
+  }
 };
 
 export default OnExtensionInstalledController;

src/all/background_page/controller/extension/onExtensionInstalledController.test.js

@@ -13,9 +13,12 @@
  */
 
 import OnExtensionInstalledController from "./onExtensionInstalledController";
-import User from "../../model/user";
 import UserSettings from "../../model/userSettings/userSettings";
 import WebNavigationService from "../../service/webNavigation/webNavigationService";
+import AuthModel from "../../model/auth/authModel";
+import CheckAuthStatusService from "../../service/auth/checkAuthStatusService";
+import GetActiveAccountService from "../../service/account/getActiveAccountService";
+import User from "../../model/user";
 
 // Reset the modules before each test.
 beforeEach(() => {
@@ -73,7 +76,7 @@ describe("OnExtensionInstalledController", () => {
       jest.spyOn(OnExtensionInstalledController, "onUpdate");
       jest.spyOn(WebNavigationService, "exec");
       jest.spyOn(browser.tabs, "query").mockImplementationOnce(() => Promise.resolve(tabs));
-      jest.spyOn(User.getInstance(), "isValid").mockImplementation(() => true);
+      jest.spyOn(GetActiveAccountService, "get").mockImplementation(() => {});
       jest.spyOn(UserSettings.prototype, "getDomain").mockImplementation(() => "https://passbolt.dev");
       // process
       await OnExtensionInstalledController.exec(details);
@@ -89,21 +92,72 @@ describe("OnExtensionInstalledController", () => {
       expect(WebNavigationService.exec).toHaveBeenCalledTimes(2);
     });
 
+    it("Should exec browser update if the reason is chrome update", async() => {
+      expect.assertions(3);
+      // data mocked
+      const details = {
+        reason: browser.runtime.OnInstalledReason.CHROME_UPDATE
+      };
+      // mock function
+      jest.spyOn(OnExtensionInstalledController, "onBrowserUpdate");
+      jest.spyOn(User.getInstance(), "isValid").mockImplementation(() => false);
+      jest.spyOn(AuthModel.prototype, "logout");
+      // process
+      await OnExtensionInstalledController.exec(details);
+      // expectation
+      expect(OnExtensionInstalledController.onBrowserUpdate).toHaveBeenCalled();
+      expect(User.getInstance().isValid).toHaveBeenCalledTimes(1);
+      expect(AuthModel.prototype.logout).toHaveBeenCalledTimes(0);
+    });
+
+    it("Should exec browser update if the reason is browser update", async() => {
+      expect.assertions(4);
+      // data mocked
+      const details = {
+        reason: browser.runtime.OnInstalledReason.BROWSER_UPDATE
+      };
+      const tabs = [
+        {id: 1, url: "https://passbolt.dev/app/passwords"},
+        {id: 2, url: "https://passbolt.dev/setup/recover/start/571bec7e-6cce-451d-b53a-f8c93e147228/5ea0fc9c-b180-4873-8e00-9457862e43e0"},
+        {id: 3, url: "https://passbolt.dev/auth/login"},
+        {id: 4, url: "https://passbolt.dev"},
+        {id: 5, url: "https://passbolt.com"},
+        {id: 6, url: "https://localhost"}
+      ];
+      // mock function
+      jest.spyOn(OnExtensionInstalledController, "onBrowserUpdate");
+      jest.spyOn(User.getInstance(), "isValid").mockImplementation(() => true);
+      jest.spyOn(UserSettings.prototype, "getDomain").mockImplementation(() => "https://passbolt.dev");
+      jest.spyOn(AuthModel.prototype, "logout").mockImplementation(() => {});
+      jest.spyOn(browser.tabs, "query").mockImplementation(() => Promise.resolve(tabs));
+      jest.spyOn(browser.tabs, "reload");
+      jest.spyOn(CheckAuthStatusService.prototype, "checkAuthStatus").mockImplementation(() => ({isAuthenticated: true}));
+      // process
+      await OnExtensionInstalledController.exec(details);
+      // expectation
+      expect(OnExtensionInstalledController.onBrowserUpdate).toHaveBeenCalled();
+      expect(AuthModel.prototype.logout).toHaveBeenCalledTimes(1);
+      expect(browser.tabs.query).toHaveBeenCalledTimes(1);
+      expect(browser.tabs.reload).toHaveBeenCalledWith(tabs[0].id);
+    });
+
     it("Should not exec update neither install if the reason is unknown", async() => {
-      expect.assertions(2);
+      expect.assertions(3);
       // data mocked
       const details = {
         reason: "unknown"
       };
       // mock function
       jest.spyOn(OnExtensionInstalledController, "onUpdate");
       jest.spyOn(OnExtensionInstalledController, "onInstall");
+      jest.spyOn(OnExtensionInstalledController, "onBrowserUpdate");
 
       // process
       await OnExtensionInstalledController.exec(details);
       // expectation
       expect(OnExtensionInstalledController.onUpdate).not.toHaveBeenCalled();
       expect(OnExtensionInstalledController.onInstall).not.toHaveBeenCalled();
+      expect(OnExtensionInstalledController.onBrowserUpdate).not.toHaveBeenCalled();
     });
   });
 });

src/all/background_page/controller/passwordExpiry/deletePasswordExpirySettingsController.test.js

@@ -29,7 +29,7 @@ describe("DeletePasswordExpirySettingsController", () => {
     jest.spyOn(browser.cookies, "get").mockImplementationOnce(() => ({value: "csrf-token"}));
 
     account = new AccountEntity(defaultAccountDto());
-    apiClientOptions = await BuildApiClientOptionsService.buildFromAccount(account);
+    apiClientOptions = BuildApiClientOptionsService.buildFromAccount(account);
   });
 
   it("Should delete the entity from the API given an ID", () => {

src/all/background_page/controller/passwordExpiry/getOrFindPasswordExpirySettingsController.test.js

@@ -39,7 +39,7 @@ describe("GetOrFindPasswordExpirySettingsController", () => {
     jest.spyOn(browser.cookies, "get").mockImplementationOnce(() => ({value: "csrf-token"}));
 
     account = new AccountEntity(defaultAccountDto());
-    apiClientOptions = await BuildApiClientOptionsService.buildFromAccount(account);
+    apiClientOptions = BuildApiClientOptionsService.buildFromAccount(account);
   });
 
   it("Should return the value from the API", async() => {

src/all/background_page/controller/passwordExpiry/savePasswordExpirySettingsController.test.js

@@ -42,7 +42,7 @@ describe("SavePasswordExpirySettingsController", () => {
     fetch.resetMocks();
     jest.spyOn(browser.cookies, "get").mockImplementationOnce(() => ({value: "csrf-token"}));
     account = new AccountEntity(defaultAccountDto());
-    apiClientOptions = await BuildApiClientOptionsService.buildFromAccount(account);
+    apiClientOptions = BuildApiClientOptionsService.buildFromAccount(account);
   });
 
   it("Should save the given dto on the API using PasswordExpirySettingsEntity", async() => {

src/all/background_page/controller/passwordPolicies/findPasswordPoliciesController.test.js

@@ -30,7 +30,7 @@ describe("FindPasswordPoliciesController::exec", () => {
     jest.spyOn(browser.cookies, "get").mockImplementationOnce(() => ({value: "csrf-token"}));
 
     account = new AccountEntity(defaultAccountDto());
-    apiClientOptions = await BuildApiClientOptionsService.buildFromAccount(account);
+    apiClientOptions = BuildApiClientOptionsService.buildFromAccount(account);
   });
 
   it("Should return the registered password policies", async() => {

src/all/background_page/controller/passwordPolicies/savePasswordPoliciesController.test.js

@@ -32,7 +32,7 @@ describe("SavePasswordPoliciesController::exec", () => {
     jest.spyOn(browser.cookies, "get").mockImplementationOnce(() => ({value: "csrf-token"}));
 
     account = new AccountEntity(defaultAccountDto());
-    apiClientOptions = await BuildApiClientOptionsService.buildFromAccount(account);
+    apiClientOptions = BuildApiClientOptionsService.buildFromAccount(account);
   });
 
   it("Should save the given data", async() => {

src/all/background_page/controller/userPassphrasePolicies/findUserPassphrasePoliciesController.test.js

@@ -29,7 +29,7 @@ describe("FindUserPassphrasePoliciesController", () => {
     jest.spyOn(browser.cookies, "get").mockImplementationOnce(() => ({value: "csrf-token"}));
 
     const account = new AccountEntity(defaultAccountDto());
-    apiClientOptions = await BuildApiClientOptionsService.buildFromAccount(account);
+    apiClientOptions = BuildApiClientOptionsService.buildFromAccount(account);
   });
 
   it("Should return the value from the API", async() => {

src/all/background_page/controller/userPassphrasePolicies/saveUserPassphrasePoliciesController.test.js

@@ -31,7 +31,7 @@ describe("SaveUserPassphrasePoliciesController", () => {
     jest.spyOn(browser.cookies, "get").mockImplementationOnce(() => ({value: "csrf-token"}));
 
     const account = new AccountEntity(defaultAccountDto());
-    apiClientOptions = await BuildApiClientOptionsService.buildFromAccount(account);
+    apiClientOptions = BuildApiClientOptionsService.buildFromAccount(account);
   });
 
   it("Should save the given dto on the API", async() => {

src/all/background_page/model/passwordExpiry/passwordExpirySettingsModel.test.js

@@ -35,7 +35,7 @@ describe("PasswordExpiry model", () => {
     jest.spyOn(browser.cookies, "get").mockImplementationOnce(() => ({value: "csrf-token"}));
 
     const account = new AccountEntity(defaultAccountDto());
-    apiClientOptions = await BuildApiClientOptionsService.buildFromAccount(account);
+    apiClientOptions = BuildApiClientOptionsService.buildFromAccount(account);
     model = new PasswordExpirySettingsModel(account, apiClientOptions);
     jest.spyOn(model.organisationSettingsModel, "getOrFind").mockImplementation(() => (Promise.resolve({
       isPluginEnabled: () => false

src/all/background_page/model/passwordPolicies/passwordPoliciesModel.test.js

@@ -31,7 +31,7 @@ describe("PasswordPoliciesModel", () => {
     jest.spyOn(browser.cookies, "get").mockImplementationOnce(() => ({value: "csrf-token"}));
 
     account = new AccountEntity(defaultAccountDto());
-    apiClientOptions = await BuildApiClientOptionsService.buildFromAccount(account);
+    apiClientOptions = BuildApiClientOptionsService.buildFromAccount(account);
   });
 
   describe("::get", () => {

src/all/background_page/model/user.js

@@ -11,6 +11,7 @@ import Validator from "validator";
 import {ValidatorRule} from "../utils/validatorRules";
 
 /**
+ * @deprecated
  * The class that deals with users.
  */
 const User = (function() {

src/all/background_page/model/userPassphrasePolicies/userPassphrasePoliciesModel.test.js

@@ -32,7 +32,7 @@ describe("UserPassphrasePolicies model", () => {
     jest.spyOn(browser.cookies, "get").mockImplementationOnce(() => ({value: "csrf-token"}));
 
     const account = new AccountEntity(defaultAccountDto());
-    apiClientOptions = await BuildApiClientOptionsService.buildFromAccount(account);
+    apiClientOptions = BuildApiClientOptionsService.buildFromAccount(account);
   });
 
   describe('::findOrDefault', () => {

src/all/background_page/pagemod/accountRecoveryPagemod.js

@@ -43,7 +43,7 @@ class AccountRecovery extends Pagemod {
     try {
       const tab = port._port.sender.tab;
       const account = await GetRequestLocalAccountService.getAccountMatchingContinueUrl(tab.url);
-      const apiClientOptions = await BuildApiClientOptionsService.buildFromAccount(account);
+      const apiClientOptions = BuildApiClientOptionsService.buildFromAccount(account);
       for (const event of this.events) {
         event.listen({port, tab}, apiClientOptions, account);
       }