Closed quexten closed 1 week ago
Attention: Patch coverage is 0%
with 456 lines
in your changes missing coverage. Please review.
Project coverage is 29.04%. Comparing base (
9fc89aa
) to head (98aa46e
). Report is 41 commits behind head on main.:exclamation: Current head 98aa46e differs from pull request most recent head dd7013c
Please upload reports for the commit dd7013c to get more accurate results.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Checkmarx One – Scan Summary & Details – 5bba161f-aa04-4c42-9749-4a4f0805bdbd
Severity | Issue | Source File / Package | Checkmarx Insight |
---|---|---|---|
![]() |
Client_DOM_XSS | /apps/web/src/connectors/common.ts: 2 | Attack Vector |
![]() |
Client_DOM_Open_Redirect | /apps/browser/src/platform/popup/layout/popup-header.component.ts: 29 | Attack Vector |
![]() |
Client_DOM_Open_Redirect | /apps/web/src/connectors/common.ts: 2 | Attack Vector |
![]() |
Client_DOM_Open_Redirect | /apps/web/src/connectors/common.ts: 2 | Attack Vector |
![]() |
Client_Use_Of_Iframe_Without_Sandbox | /apps/web/src/connectors/duo.ts: 8 | Attack Vector |
![]() |
Unprotected_Cookie | /apps/web/src/app/auth/two-factor-auth-duo.component.ts: 60 | Attack Vector |
![]() |
Unprotected_Cookie | /apps/web/src/app/auth/two-factor.component.ts: 159 | Attack Vector |
![]() |
Unprotected_Cookie | /apps/web/src/connectors/duo-redirect.ts: 57 | Attack Vector |
![]() |
Unprotected_Cookie | /apps/web/src/connectors/duo-redirect.ts: 112 | Attack Vector |
Severity | Issue | Source File / Package |
---|---|---|
![]() |
Client_DOM_XSS | /apps/web/src/connectors/common.ts: 2 |
![]() |
Client_DOM_Open_Redirect | /apps/web/src/connectors/common.ts: 2 |
![]() |
Client_DOM_Open_Redirect | /apps/web/src/connectors/common.ts: 2 |
Not using this parent PR anymore.
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-7084
📔 Objective
This PR refactors the two-factor component to: Use shared component logic and templates Break up components into per-authenthication-method components
The idea is to never have the orchestrator component deal with auth-method specific logic, but to delegate this to components specifically for the auth method. Further, we do not want to introduce platform-specific components that duplicate logic or templates if we can avoid it.
DO NOT REVIEW THIS PR
The review will be done in a set of smaller PR's since this is quite a complex changeset, untangling the (currently) overcomplex two-factor component. This PR will be merged, after review and QA is done on the individual PR's.
9767 - Shared two-fa options component
9768 - Shared two-fa orchestrator component & totp authenticator component
9769 - Shared two-fa yubikey component
9770 - Shared two-fa email component
9771 - Shared two-fa webauthn component
9772 - Shared two-fa duo component
📸 Screenshots
⏰ Reminders before review
🦮 Reviewer guidelines
:+1:
) or similar for great changes:memo:
) or ℹ️ (:information_source:
) for notes or general info:question:
) for questions:thinking:
) or 💭 (:thought_balloon:
) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:
) for suggestions / improvements:x:
) or ⚠️ (:warning:
) for more significant problems or concerns needing attention:seedling:
) or ♻️ (:recycle:
) for future improvements or indications of technical debt:pick:
) for minor or nitpick changes