All: Add support for public-private key pairs and improved master password support (#5438)

Also improved SCSS support, which was needed for the master password dialog.

packages/lib/services/e2ee/utils.test.ts

@@ -1,8 +1,9 @@
-import { afterAllCleanUp, setupDatabaseAndSynchronizer, switchClient, encryptionService, expectNotThrow } from '../../testing/test-utils';
+import { afterAllCleanUp, setupDatabaseAndSynchronizer, switchClient, encryptionService, expectNotThrow, expectThrow, kvStore } from '../../testing/test-utils';
 import MasterKey from '../../models/MasterKey';
-import { migrateMasterPassword, showMissingMasterKeyMessage } from './utils';
-import { localSyncInfo, setActiveMasterKeyId, setMasterKeyEnabled } from '../synchronizer/syncInfoUtils';
+import { migrateMasterPassword, resetMasterPassword, showMissingMasterKeyMessage, updateMasterPassword } from './utils';
+import { localSyncInfo, masterKeyById, masterKeyEnabled, setActiveMasterKeyId, setMasterKeyEnabled, setPpk } from '../synchronizer/syncInfoUtils';
 import Setting from '../../models/Setting';
+import { generateKeyPair, ppkPasswordIsValid } from './ppk';
 
 describe('e2ee/utils', function() {
 
@@ -71,4 +72,80 @@ describe('e2ee/utils', function() {
 		}
 	});
 
+	it('should update the master password', async () => {
+		const masterPassword1 = '111111';
+		const masterPassword2 = '222222';
+		Setting.setValue('encryption.masterPassword', masterPassword1);
+		const mk1 = await MasterKey.save(await encryptionService().generateMasterKey(masterPassword1));
+		const mk2 = await MasterKey.save(await encryptionService().generateMasterKey(masterPassword1));
+
+		setPpk(await generateKeyPair(encryptionService(), masterPassword1));
+
+		await updateMasterPassword(masterPassword1, masterPassword2);
+
+		expect(Setting.value('encryption.masterPassword')).toBe(masterPassword2);
+		expect(await ppkPasswordIsValid(encryptionService(), localSyncInfo().ppk, masterPassword1)).toBe(false);
+		expect(await ppkPasswordIsValid(encryptionService(), localSyncInfo().ppk, masterPassword2)).toBe(true);
+		expect(await encryptionService().checkMasterKeyPassword(await MasterKey.load(mk1.id), masterPassword1)).toBe(false);
+		expect(await encryptionService().checkMasterKeyPassword(await MasterKey.load(mk2.id), masterPassword1)).toBe(false);
+		expect(await encryptionService().checkMasterKeyPassword(await MasterKey.load(mk1.id), masterPassword2)).toBe(true);
+		expect(await encryptionService().checkMasterKeyPassword(await MasterKey.load(mk2.id), masterPassword2)).toBe(true);
+
+		await expectThrow(async () => updateMasterPassword('wrong', masterPassword1));
+	});
+
+	it('should set and verify master password when a data key exists', async () => {
+		const password = '111111';
+
+		await MasterKey.save(await encryptionService().generateMasterKey(password));
+
+		await expectThrow(async () => updateMasterPassword('', 'wrong'));
+		await expectNotThrow(async () => updateMasterPassword('', password));
+		expect(Setting.value('encryption.masterPassword')).toBe(password);
+	});
+
+	it('should set and verify master password when a private key exists', async () => {
+		const password = '111111';
+
+		setPpk(await generateKeyPair(encryptionService(), password));
+
+		await expectThrow(async () => updateMasterPassword('', 'wrong'));
+		await expectNotThrow(async () => updateMasterPassword('', password));
+		expect(Setting.value('encryption.masterPassword')).toBe(password);
+	});
+
+	it('should only set the master password if not already set', async () => {
+		expect(localSyncInfo().ppk).toBeFalsy();
+		await updateMasterPassword('', '111111');
+		expect(Setting.value('encryption.masterPassword')).toBe('111111');
+		expect(localSyncInfo().ppk).toBeFalsy();
+		expect(localSyncInfo().masterKeys.length).toBe(0);
+	});
+
+	it('should change the master password even if no key is present', async () => {
+		await updateMasterPassword('', '111111');
+		expect(Setting.value('encryption.masterPassword')).toBe('111111');
+
+		await updateMasterPassword('111111', '222222');
+		expect(Setting.value('encryption.masterPassword')).toBe('222222');
+	});
+
+	it('should reset a master password', async () => {
+		const masterPassword1 = '111111';
+		const masterPassword2 = '222222';
+		Setting.setValue('encryption.masterPassword', masterPassword1);
+		const mk1 = await MasterKey.save(await encryptionService().generateMasterKey(masterPassword1));
+		const mk2 = await MasterKey.save(await encryptionService().generateMasterKey(masterPassword1));
+		setPpk(await generateKeyPair(encryptionService(), masterPassword1));
+
+		const previousPpk = localSyncInfo().ppk;
+		await resetMasterPassword(encryptionService(), kvStore(), masterPassword2);
+
+		expect(masterKeyEnabled(masterKeyById(mk1.id))).toBe(false);
+		expect(masterKeyEnabled(masterKeyById(mk2.id))).toBe(false);
+		expect(localSyncInfo().ppk.id).not.toBe(previousPpk.id);
+		expect(localSyncInfo().ppk.privateKey.ciphertext).not.toBe(previousPpk.privateKey.ciphertext);
+		expect(localSyncInfo().ppk.publicKey).not.toBe(previousPpk.publicKey);
+	});
+
 });