bitwarden · quexten · Dec 2, 2024 · Nov 14, 2024 · Nov 14, 2024 · Nov 21, 2024
@@ -17,7 +17,7 @@ pub mod importer;
 pub struct BitwardenDesktopAgent {
     keystore: ssh_agent::KeyStore,
     cancellation_token: CancellationToken,
-    show_ui_request_tx: tokio::sync::mpsc::Sender<(u32, String)>,
+    show_ui_request_tx: tokio::sync::mpsc::Sender<(u32, (String, bool))>,
     get_ui_response_rx: Arc<Mutex<tokio::sync::broadcast::Receiver<(u32, bool)>>>,
     request_id: Arc<Mutex<u32>>,
     /// before first unlock, or after account switching, listing keys should require an unlock to get a list of public keys
@@ -35,8 +35,9 @@ impl ssh_agent::Agent for BitwardenDesktopAgent {
         let request_id = self.get_request_id().await;
 
         let mut rx_channel = self.get_ui_response_rx.lock().await.resubscribe();
+        let message = (request_id, (ssh_key.cipher_uuid.clone(), false));
         self.show_ui_request_tx
-            .send((request_id, ssh_key.cipher_uuid.clone()))
+            .send(message)
             .await
             .expect("Should send request to ui");
         while let Ok((id, response)) = rx_channel.recv().await {
@@ -55,8 +56,9 @@ impl ssh_agent::Agent for BitwardenDesktopAgent {
         let request_id = self.get_request_id().await;
 
         let mut rx_channel = self.get_ui_response_rx.lock().await.resubscribe();
+        let message = (request_id, ("".to_string(), true));
         self.show_ui_request_tx
-            .send((request_id, "".to_string()))
+            .send(message)
             .await
             .expect("Should send request to ui");
         while let Ok((id, response)) = rx_channel.recv().await {

@@ -14,7 +14,7 @@ use super::BitwardenDesktopAgent;
 
 impl BitwardenDesktopAgent {
     pub async fn start_server(
-        auth_request_tx: tokio::sync::mpsc::Sender<(u32, String)>,
+        auth_request_tx: tokio::sync::mpsc::Sender<(u32, (String, bool))>,
         auth_response_rx: Arc<Mutex<tokio::sync::broadcast::Receiver<(u32, bool)>>>,
     ) -> Result<Self, anyhow::Error> {
         let agent = BitwardenDesktopAgent {

@@ -12,7 +12,7 @@ use super::BitwardenDesktopAgent;
 
 impl BitwardenDesktopAgent {
     pub async fn start_server(
-        auth_request_tx: tokio::sync::mpsc::Sender<(u32, String)>,
+        auth_request_tx: tokio::sync::mpsc::Sender<(u32, (String, bool))>,
         auth_response_rx: Arc<Mutex<tokio::sync::broadcast::Receiver<(u32, bool)>>>,
     ) -> Result<Self, anyhow::Error> {
         let agent_state = BitwardenDesktopAgent {

@@ -69,7 +69,7 @@ export declare namespace sshagent {
     status: SshKeyImportStatus
     sshKey?: SshKey
   }
-  export function serve(callback: (err: Error | null, arg: string) => any): Promise<SshAgentState>
+  export function serve(callback: (err: Error | null, arg0: string, arg1: boolean) => any): Promise<SshAgentState>
   export function stop(agentState: SshAgentState): void
   export function isRunning(agentState: SshAgentState): boolean
   export function setKeys(agentState: SshAgentState, newKeys: Array<PrivateKey>): void

@@ -247,15 +247,15 @@ pub mod sshagent {
 
     #[napi]
     pub async fn serve(
-        callback: ThreadsafeFunction<String, CalleeHandled>,
+        callback: ThreadsafeFunction<(String, bool), CalleeHandled>,
     ) -> napi::Result<SshAgentState> {
-        let (auth_request_tx, mut auth_request_rx) = tokio::sync::mpsc::channel::<(u32, String)>(32);
+        let (auth_request_tx, mut auth_request_rx) = tokio::sync::mpsc::channel::<(u32, (String, bool))>(32);
         let (auth_response_tx, auth_response_rx) = tokio::sync::broadcast::channel::<(u32, bool)>(32);
         let auth_response_tx_arc = Arc::new(Mutex::new(auth_response_tx));
         tokio::spawn(async move {
             let _ = auth_response_rx;
 
-            while let Some((request_id, cipher_uuid)) = auth_request_rx.recv().await {
+            while let Some((request_id, (cipher_uuid, is_list_request))) = auth_request_rx.recv().await {
                 let cloned_request_id = request_id.clone();
                 let cloned_cipher_uuid = cipher_uuid.clone();
                 let cloned_response_tx_arc = auth_response_tx_arc.clone();
@@ -266,7 +266,7 @@ pub mod sshagent {
                     let auth_response_tx_arc = cloned_response_tx_arc;
                     let callback = cloned_callback;
                     let promise_result: Result<Promise<bool>, napi::Error> =
-                        callback.call_async(Ok(cipher_uuid)).await;
+                        callback.call_async(Ok((cipher_uuid, is_list_request))).await;
                     match promise_result {
                         Ok(promise_result) => match promise_result.await {
                             Ok(result) => {

@@ -27,7 +27,7 @@
   init() {
     // handle sign request passing to UI
     sshagent
-      .serve(async (err: Error, cipherId: string) => {
+      .serve(async (err: Error, cipherId: string, isListRequest: boolean) => {
         // clear all old (> SIGN_TIMEOUT) requests
         this.requestResponses = this.requestResponses.filter(
           (response) => response.timestamp > new Date(Date.now() - this.SIGN_TIMEOUT),
@@ -37,6 +37,7 @@
         const id_for_this_request = this.request_id;
         this.messagingService.send("sshagent.signrequest", {
           cipherId,
+          isListRequest,
           requestId: id_for_this_request,
         });
 
@@ -112,9 +113,9 @@
      }
    });

    ipcMain.handle("sshagent.clearkeys", async (event: any) => {
      if (this.agentState != null) {
        sshagent.clearKeys(this.agentState);
      }
    });
  }

@@ -18,7 +18,7 @@
  withLatestFrom,
 } from "rxjs";

 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
@@ -54,7 +54,7 @@
    private i18nService: I18nService,
    private desktopSettingsService: DesktopSettingsService,
    private configService: ConfigService,
    private accountService: AccountService,
  ) {}

  async init() {
@@ -115,39 +115,36 @@
             ),
           ),
           // This concatMap handles showing the dialog to approve the request.
-          concatMap(([message, ciphers]) => {
+          switchMap(([message, ciphers]) => {
             const cipherId = message.cipherId as string;
+            const isListRequest = message.isListRequest as boolean;
             const requestId = message.requestId as number;
 
-            // cipherid is empty has the special meaning of "unlock in order to list public keys"
-            if (cipherId == "") {
-              return of(true).pipe(
-                switchMap(async (result) => {
-                  const sshCiphers = ciphers.filter(
-                    (cipher) => cipher.type === CipherType.SshKey && !cipher.isDeleted,
-                  );
-                  const keys = sshCiphers.map((cipher) => {
-                    return {
-                      name: cipher.name,
-                      privateKey: cipher.sshKey.privateKey,
-                      cipherId: cipher.id,
-                    };
-                  });
-                  await ipc.platform.sshAgent.setKeys(keys);
-                  await ipc.platform.sshAgent.signRequestResponse(requestId, Boolean(result));
-                }),
-              );
+            if (isListRequest) {
+              (async () => {
+                const sshCiphers = ciphers.filter(
+                  (cipher) => cipher.type === CipherType.SshKey && !cipher.isDeleted,
+                );
+                const keys = sshCiphers.map((cipher) => {
+                  return {
+                    name: cipher.name,
+                    privateKey: cipher.sshKey.privateKey,
+                    cipherId: cipher.id,
+                  };
+                });
+                await ipc.platform.sshAgent.setKeys(keys);
+                await ipc.platform.sshAgent.signRequestResponse(requestId, true);
+              })().catch((e) => this.logService.error("Failed to respond to SSH request", e));
+              return;
             }
 
             if (ciphers === undefined) {
-              return of(false).pipe(
-                switchMap((result) =>
-                  ipc.platform.sshAgent.signRequestResponse(requestId, Boolean(result)),
-                ),
-              );
+              ipc.platform.sshAgent
+                .signRequestResponse(requestId, false)
+                .catch((e) => this.logService.error("Failed to respond to SSH request", e));
             }
 
             const cipher = ciphers.find((cipher) => cipher.id == cipherId);

            ipc.platform.focusWindow();
            const dialogRef = ApproveSshRequestComponent.open(
@@ -158,7 +155,7 @@
 
             return dialogRef.closed.pipe(
               switchMap((result) => {
-                return ipc.platform.sshAgent.signRequestResponse(requestId, Boolean(result));
+                return ipc.platform.sshAgent.signRequestResponse(requestId, result);
               }),
             );
           }),
@@ -166,13 +163,13 @@
        )
        .subscribe();

      this.accountService.activeAccount$
        .pipe(skip(1), takeUntil(this.destroy$))
        .subscribe((account) => {
          this.logService.info("Active account changed, clearing SSH keys");
          ipc.platform.sshAgent
            .clearKeys()
            .catch((e) => this.logService.error("Failed to clear SSH keys", e));
        });

      combineLatest([
@@ -182,7 +179,7 @@
        .pipe(
          concatMap(async ([, enabled]) => {
            if (!enabled) {
              await ipc.platform.sshAgent.clearKeys();
              return;
            }