@bitwarden/cli 2023.9.0 → 2023.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/build/bw.js +1154 -180
  2. package/build/bw.js.map +1 -1
  3. package/package.json +1 -1
package/build/bw.js CHANGED
@@ -20,7 +20,7 @@ module.exports = require("url");
20
20
  /***/ 147:
21
21
  /***/ ((module) => {
22
22
 
23
- module.exports = JSON.parse('{"name":"@bitwarden/cli","description":"A secure and free password manager for all of your devices.","version":"2023.9.0","keywords":["bitwarden","password","vault","password manager","cli"],"author":"Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)","homepage":"https://bitwarden.com","repository":{"type":"git","url":"https://github.com/bitwarden/clients"},"license":"GPL-3.0-only","scripts":{"clean":"rimraf dist","build":"webpack","build:debug":"npm run build && node --inspect ./build/bw.js","build:watch":"webpack --watch","build:prod":"cross-env NODE_ENV=production webpack","build:prod:watch":"cross-env NODE_ENV=production webpack --watch","package":"npm run package:win && npm run package:mac && npm run package:lin","package:win":"pkg . --targets win-x64 --output ./dist/windows/bw.exe","package:mac":"pkg . --targets macos-x64 --output ./dist/macos/bw","package:lin":"pkg . --targets linux-x64 --output ./dist/linux/bw","debug":"node --inspect ./build/bw.js","dist":"npm run build:prod && npm run clean && npm run package","dist:win":"npm run build:prod && npm run clean && npm run package:win","dist:mac":"npm run build:prod && npm run clean && npm run package:mac","dist:lin":"npm run build:prod && npm run clean && npm run package:lin","publish:npm":"npm run build:prod && npm publish --access public","test":"jest","test:watch":"jest --watch","test:watch:all":"jest --watchAll"},"bin":{"bw":"build/bw.js"},"pkg":{"assets":["./build/**/*","../../node_modules/argon2/**/*"]},"dependencies":{"@koa/multer":"3.0.2","@koa/router":"12.0.0","argon2":"0.31.0","big-integer":"1.6.51","browser-hrtime":"1.1.8","chalk":"4.1.2","commander":"7.2.0","form-data":"4.0.0","https-proxy-agent":"5.0.1","inquirer":"8.2.6","jsdom":"22.1.0","jszip":"3.10.1","koa":"2.14.2","koa-bodyparser":"4.4.1","koa-json":"2.0.2","lowdb":"1.0.0","lunr":"2.3.9","multer":"1.4.5-lts.1","node-fetch":"2.6.12","node-forge":"1.3.1","open":"8.4.2","papaparse":"5.4.1","proper-lockfile":"4.1.2","rxjs":"7.8.1","tldts":"6.0.14","zxcvbn":"4.4.2"}}');
23
+ module.exports = JSON.parse('{"name":"@bitwarden/cli","description":"A secure and free password manager for all of your devices.","version":"2023.10.0","keywords":["bitwarden","password","vault","password manager","cli"],"author":"Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)","homepage":"https://bitwarden.com","repository":{"type":"git","url":"https://github.com/bitwarden/clients"},"license":"GPL-3.0-only","scripts":{"clean":"rimraf dist","build":"webpack","build:debug":"npm run build && node --inspect ./build/bw.js","build:watch":"webpack --watch","build:prod":"cross-env NODE_ENV=production webpack","build:prod:watch":"cross-env NODE_ENV=production webpack --watch","package":"npm run package:win && npm run package:mac && npm run package:lin","package:win":"pkg . --targets win-x64 --output ./dist/windows/bw.exe","package:mac":"pkg . --targets macos-x64 --output ./dist/macos/bw","package:lin":"pkg . --targets linux-x64 --output ./dist/linux/bw","debug":"node --inspect ./build/bw.js","dist":"npm run build:prod && npm run clean && npm run package","dist:win":"npm run build:prod && npm run clean && npm run package:win","dist:mac":"npm run build:prod && npm run clean && npm run package:mac","dist:lin":"npm run build:prod && npm run clean && npm run package:lin","publish:npm":"npm run build:prod && npm publish --access public","test":"jest","test:watch":"jest --watch","test:watch:all":"jest --watchAll"},"bin":{"bw":"build/bw.js"},"pkg":{"assets":["./build/**/*","../../node_modules/argon2/**/*"]},"dependencies":{"@koa/multer":"3.0.2","@koa/router":"12.0.0","argon2":"0.31.0","big-integer":"1.6.51","browser-hrtime":"1.1.8","chalk":"4.1.2","commander":"7.2.0","form-data":"4.0.0","https-proxy-agent":"5.0.1","inquirer":"8.2.6","jsdom":"22.1.0","jszip":"3.10.1","koa":"2.14.2","koa-bodyparser":"4.4.1","koa-json":"2.0.2","lowdb":"1.0.0","lunr":"2.3.9","multer":"1.4.5-lts.1","node-fetch":"2.6.12","node-forge":"1.3.1","open":"8.4.2","papaparse":"5.4.1","proper-lockfile":"4.1.2","rxjs":"7.8.1","tldts":"6.0.14","zxcvbn":"4.4.2"}}');
24
24
 
25
25
  /***/ })
26
26
 
@@ -360,15 +360,6 @@ class PlanResponse extends BaseResponse {
360
360
  this.nameLocalizationKey = this.getResponseProperty("NameLocalizationKey");
361
361
  this.descriptionLocalizationKey = this.getResponseProperty("DescriptionLocalizationKey");
362
362
  this.canBeUsedByBusiness = this.getResponseProperty("CanBeUsedByBusiness");
363
- this.baseSeats = this.getResponseProperty("BaseSeats");
364
- this.baseStorageGb = this.getResponseProperty("BaseStorageGb");
365
- this.maxCollections = this.getResponseProperty("MaxCollections");
366
- this.maxUsers = this.getResponseProperty("MaxUsers");
367
- this.hasAdditionalSeatsOption = this.getResponseProperty("HasAdditionalSeatsOption");
368
- this.maxAdditionalSeats = this.getResponseProperty("MaxAdditionalSeats");
369
- this.hasAdditionalStorageOption = this.getResponseProperty("HasAdditionalStorageOption");
370
- this.maxAdditionalStorage = this.getResponseProperty("MaxAdditionalStorage");
371
- this.hasPremiumAccessOption = this.getResponseProperty("HasPremiumAccessOption");
372
363
  this.trialPeriodDays = this.getResponseProperty("TrialPeriodDays");
373
364
  this.hasSelfHost = this.getResponseProperty("HasSelfHost");
374
365
  this.hasPolicies = this.getResponseProperty("HasPolicies");
@@ -385,22 +376,53 @@ class PlanResponse extends BaseResponse {
385
376
  this.displaySortOrder = this.getResponseProperty("SortOrder");
386
377
  this.legacyYear = this.getResponseProperty("LegacyYear");
387
378
  this.disabled = this.getResponseProperty("Disabled");
388
- this.stripePlanId = this.getResponseProperty("StripePlanId");
379
+ const passwordManager = this.getResponseProperty("PasswordManager");
380
+ const secretsManager = this.getResponseProperty("SecretsManager");
381
+ this.PasswordManager =
382
+ passwordManager == null ? null : new PasswordManagerPlanFeaturesResponse(passwordManager);
383
+ this.SecretsManager =
384
+ secretsManager == null ? null : new SecretsManagerPlanFeaturesResponse(secretsManager);
385
+ }
386
+ }
387
+ class SecretsManagerPlanFeaturesResponse extends BaseResponse {
388
+ constructor(response) {
389
+ super(response);
389
390
  this.stripeSeatPlanId = this.getResponseProperty("StripeSeatPlanId");
390
- this.stripeStoragePlanId = this.getResponseProperty("StripeStoragePlanId");
391
- this.stripePremiumAccessPlanId = this.getResponseProperty("StripePremiumAccessPlanId");
391
+ this.baseSeats = this.getResponseProperty("BaseSeats");
392
392
  this.basePrice = this.getResponseProperty("BasePrice");
393
393
  this.seatPrice = this.getResponseProperty("SeatPrice");
394
- this.additionalStoragePricePerGb = this.getResponseProperty("AdditionalStoragePricePerGb");
395
- this.premiumAccessOptionPrice = this.getResponseProperty("PremiumAccessOptionPrice");
396
- this.bitwardenProduct = this.getResponseProperty("BitwardenProduct");
394
+ this.hasAdditionalSeatsOption = this.getResponseProperty("HasAdditionalSeatsOption");
395
+ this.maxAdditionalSeats = this.getResponseProperty("MaxAdditionalSeats");
396
+ this.maxSeats = this.getResponseProperty("MaxSeats");
397
+ this.stripeServiceAccountPlanId = this.getResponseProperty("StripeServiceAccountPlanId");
397
398
  this.additionalPricePerServiceAccount = this.getResponseProperty("AdditionalPricePerServiceAccount");
398
399
  this.baseServiceAccount = this.getResponseProperty("BaseServiceAccount");
399
400
  this.maxServiceAccount = this.getResponseProperty("MaxServiceAccount");
400
401
  this.hasAdditionalServiceAccountOption = this.getResponseProperty("HasAdditionalServiceAccountOption");
401
- this.maxProjects = this.getResponseProperty("MaxProjects");
402
402
  this.maxAdditionalServiceAccounts = this.getResponseProperty("MaxAdditionalServiceAccounts");
403
- this.stripeServiceAccountPlanId = this.getResponseProperty("StripeServiceAccountPlanId");
403
+ this.maxProjects = this.getResponseProperty("MaxProjects");
404
+ }
405
+ }
406
+ class PasswordManagerPlanFeaturesResponse extends BaseResponse {
407
+ constructor(response) {
408
+ super(response);
409
+ this.stripePlanId = this.getResponseProperty("StripePlanId");
410
+ this.stripeSeatPlanId = this.getResponseProperty("StripeSeatPlanId");
411
+ this.stripeStoragePlanId = this.getResponseProperty("StripeStoragePlanId");
412
+ this.stripePremiumAccessPlanId = this.getResponseProperty("StripePremiumAccessPlanId");
413
+ this.basePrice = this.getResponseProperty("BasePrice");
414
+ this.seatPrice = this.getResponseProperty("SeatPrice");
415
+ this.baseSeats = this.getResponseProperty("BaseSeats");
416
+ this.maxAdditionalSeats = this.getResponseProperty("MaxAdditionalSeats");
417
+ this.premiumAccessOptionPrice = this.getResponseProperty("PremiumAccessOptionPrice");
418
+ this.maxSeats = this.getResponseProperty("MaxSeats");
419
+ this.additionalStoragePricePerGb = this.getResponseProperty("AdditionalStoragePricePerGb");
420
+ this.hasAdditionalSeatsOption = this.getResponseProperty("HasAdditionalSeatsOption");
421
+ this.baseStorageGb = this.getResponseProperty("BaseStorageGb");
422
+ this.maxCollections = this.getResponseProperty("MaxCollections");
423
+ this.hasAdditionalStorageOption = this.getResponseProperty("HasAdditionalStorageOption");
424
+ this.maxAdditionalStorage = this.getResponseProperty("MaxAdditionalStorage");
425
+ this.hasPremiumAccessOption = this.getResponseProperty("HasPremiumAccessOption");
404
426
  }
405
427
  }
406
428
 
@@ -421,9 +443,6 @@ class OrganizationResponse extends BaseResponse {
421
443
  this.billingEmail = this.getResponseProperty("BillingEmail");
422
444
  const plan = this.getResponseProperty("Plan");
423
445
  this.plan = plan == null ? null : new PlanResponse(plan);
424
- const secretsManagerPlan = this.getResponseProperty("SecretsManagerPlan");
425
- this.secretsManagerPlan =
426
- secretsManagerPlan == null ? null : new PlanResponse(secretsManagerPlan);
427
446
  this.planType = this.getResponseProperty("PlanType");
428
447
  this.seats = this.getResponseProperty("Seats");
429
448
  this.maxAutoscaleSeats = this.getResponseProperty("MaxAutoscaleSeats");
@@ -459,11 +478,13 @@ class SubscriptionResponse extends BaseResponse {
459
478
  this.usingInAppPurchase = this.getResponseProperty("UsingInAppPurchase");
460
479
  const subscription = this.getResponseProperty("Subscription");
461
480
  const upcomingInvoice = this.getResponseProperty("UpcomingInvoice");
481
+ const discount = this.getResponseProperty("Discount");
462
482
  this.subscription = subscription == null ? null : new BillingSubscriptionResponse(subscription);
463
483
  this.upcomingInvoice =
464
484
  upcomingInvoice == null
465
485
  ? null
466
486
  : new BillingSubscriptionUpcomingInvoiceResponse(upcomingInvoice);
487
+ this.discount = discount == null ? null : new BillingCustomerDiscount(discount);
467
488
  }
468
489
  }
469
490
  class BillingSubscriptionResponse extends BaseResponse {
@@ -493,7 +514,6 @@ class BillingSubscriptionItemResponse extends BaseResponse {
493
514
  this.interval = this.getResponseProperty("Interval");
494
515
  this.sponsoredSubscriptionItem = this.getResponseProperty("SponsoredSubscriptionItem");
495
516
  this.addonSubscriptionItem = this.getResponseProperty("AddonSubscriptionItem");
496
- this.bitwardenProduct = this.getResponseProperty("BitwardenProduct");
497
517
  }
498
518
  }
499
519
  class BillingSubscriptionUpcomingInvoiceResponse extends BaseResponse {
@@ -503,6 +523,13 @@ class BillingSubscriptionUpcomingInvoiceResponse extends BaseResponse {
503
523
  this.amount = this.getResponseProperty("Amount");
504
524
  }
505
525
  }
526
+ class BillingCustomerDiscount extends BaseResponse {
527
+ constructor(response) {
528
+ super(response);
529
+ this.id = this.getResponseProperty("Id");
530
+ this.active = this.getResponseProperty("Active");
531
+ }
532
+ }
506
533
 
507
534
  ;// CONCATENATED MODULE: ../../libs/common/src/billing/models/response/organization-subscription.response.ts
508
535
 
@@ -519,6 +546,8 @@ class OrganizationSubscriptionResponse extends OrganizationResponse {
519
546
  upcomingInvoice == null
520
547
  ? null
521
548
  : new BillingSubscriptionUpcomingInvoiceResponse(upcomingInvoice);
549
+ const discount = this.getResponseProperty("Discount");
550
+ this.discount = discount == null ? null : new BillingCustomerDiscount(discount);
522
551
  this.expiration = this.getResponseProperty("Expiration");
523
552
  this.expirationWithoutGracePeriod = this.getResponseProperty("ExpirationWithoutGracePeriod");
524
553
  this.secretsManagerBeta = this.getResponseProperty("SecretsManagerBeta");
@@ -1530,9 +1559,9 @@ var ClientType;
1530
1559
  ClientType["Web"] = "web";
1531
1560
  ClientType["Browser"] = "browser";
1532
1561
  ClientType["Desktop"] = "desktop";
1533
- ClientType["Mobile"] = "mobile";
1562
+ // Mobile = "mobile",
1534
1563
  ClientType["Cli"] = "cli";
1535
- ClientType["DirectoryConnector"] = "connector";
1564
+ // DirectoryConnector = "connector",
1536
1565
  })(ClientType || (ClientType = {}));
1537
1566
 
1538
1567
  ;// CONCATENATED MODULE: ../../libs/common/src/enums/device-type.enum.ts
@@ -3308,6 +3337,96 @@ class ProviderService {
3308
3337
  }
3309
3338
  }
3310
3339
 
3340
+ ;// CONCATENATED MODULE: ../../libs/common/src/auth/enums/authentication-status.ts
3341
+ var AuthenticationStatus;
3342
+ (function (AuthenticationStatus) {
3343
+ AuthenticationStatus[AuthenticationStatus["LoggedOut"] = 0] = "LoggedOut";
3344
+ AuthenticationStatus[AuthenticationStatus["Locked"] = 1] = "Locked";
3345
+ AuthenticationStatus[AuthenticationStatus["Unlocked"] = 2] = "Unlocked";
3346
+ })(AuthenticationStatus || (AuthenticationStatus = {}));
3347
+
3348
+ ;// CONCATENATED MODULE: ../../libs/common/src/auth/services/account.service.ts
3349
+ var account_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
3350
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
3351
+ return new (P || (P = Promise))(function (resolve, reject) {
3352
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
3353
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
3354
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
3355
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
3356
+ });
3357
+ };
3358
+
3359
+
3360
+ class AccountServiceImplementation {
3361
+ constructor(messagingService, logService) {
3362
+ this.messagingService = messagingService;
3363
+ this.logService = logService;
3364
+ this.accounts = new external_rxjs_namespaceObject.BehaviorSubject({});
3365
+ this.activeAccountId = new external_rxjs_namespaceObject.BehaviorSubject(undefined);
3366
+ this.lock = new external_rxjs_namespaceObject.Subject();
3367
+ this.logout = new external_rxjs_namespaceObject.Subject();
3368
+ this.accounts$ = this.accounts.asObservable();
3369
+ this.activeAccount$ = this.activeAccountId.pipe((0,external_rxjs_namespaceObject.combineLatestWith)(this.accounts$), (0,external_rxjs_namespaceObject.map)(([id, accounts]) => (id ? Object.assign({ id }, accounts[id]) : undefined)), (0,external_rxjs_namespaceObject.distinctUntilChanged)(), (0,external_rxjs_namespaceObject.shareReplay)({ bufferSize: 1, refCount: false }));
3370
+ this.accountLock$ = this.lock.asObservable();
3371
+ this.accountLogout$ = this.logout.asObservable();
3372
+ }
3373
+ addAccount(userId, accountData) {
3374
+ this.accounts.value[userId] = accountData;
3375
+ this.accounts.next(this.accounts.value);
3376
+ }
3377
+ setAccountName(userId, name) {
3378
+ this.setAccountInfo(userId, Object.assign(Object.assign({}, this.accounts.value[userId]), { name }));
3379
+ }
3380
+ setAccountEmail(userId, email) {
3381
+ this.setAccountInfo(userId, Object.assign(Object.assign({}, this.accounts.value[userId]), { email }));
3382
+ }
3383
+ setAccountStatus(userId, status) {
3384
+ this.setAccountInfo(userId, Object.assign(Object.assign({}, this.accounts.value[userId]), { status }));
3385
+ if (status === AuthenticationStatus.LoggedOut) {
3386
+ this.logout.next(userId);
3387
+ }
3388
+ else if (status === AuthenticationStatus.Locked) {
3389
+ this.lock.next(userId);
3390
+ }
3391
+ }
3392
+ switchAccount(userId) {
3393
+ if (userId == null) {
3394
+ // indicates no account is active
3395
+ this.activeAccountId.next(undefined);
3396
+ return;
3397
+ }
3398
+ if (this.accounts.value[userId] == null) {
3399
+ throw new Error("Account does not exist");
3400
+ }
3401
+ this.activeAccountId.next(userId);
3402
+ }
3403
+ // TODO: update to use our own account status settings. Requires inverting direction of state service accounts flow
3404
+ delete() {
3405
+ var _a;
3406
+ return account_service_awaiter(this, void 0, void 0, function* () {
3407
+ try {
3408
+ (_a = this.messagingService) === null || _a === void 0 ? void 0 : _a.send("logout");
3409
+ }
3410
+ catch (e) {
3411
+ this.logService.error(e);
3412
+ throw e;
3413
+ }
3414
+ });
3415
+ }
3416
+ setAccountInfo(userId, accountInfo) {
3417
+ if (this.accounts.value[userId] == null) {
3418
+ throw new Error("Account does not exist");
3419
+ }
3420
+ // Avoid unnecessary updates
3421
+ // TODO: Faster comparison, maybe include a hash on the objects?
3422
+ if (JSON.stringify(this.accounts.value[userId]) === JSON.stringify(accountInfo)) {
3423
+ return;
3424
+ }
3425
+ this.accounts.value[userId] = accountInfo;
3426
+ this.accounts.next(this.accounts.value);
3427
+ }
3428
+ }
3429
+
3311
3430
  ;// CONCATENATED MODULE: ../../libs/common/src/platform/models/domain/symmetric-crypto-key.ts
3312
3431
 
3313
3432
 
@@ -3497,14 +3616,6 @@ class ErrorResponse extends BaseResponse {
3497
3616
  }
3498
3617
  }
3499
3618
 
3500
- ;// CONCATENATED MODULE: ../../libs/common/src/auth/enums/authentication-status.ts
3501
- var AuthenticationStatus;
3502
- (function (AuthenticationStatus) {
3503
- AuthenticationStatus[AuthenticationStatus["LoggedOut"] = 0] = "LoggedOut";
3504
- AuthenticationStatus[AuthenticationStatus["Locked"] = 1] = "Locked";
3505
- AuthenticationStatus[AuthenticationStatus["Unlocked"] = 2] = "Unlocked";
3506
- })(AuthenticationStatus || (AuthenticationStatus = {}));
3507
-
3508
3619
  ;// CONCATENATED MODULE: ../../libs/common/src/auth/enums/authentication-type.ts
3509
3620
  var authentication_type_AuthenticationType;
3510
3621
  (function (AuthenticationType) {
@@ -3515,6 +3626,10 @@ var authentication_type_AuthenticationType;
3515
3626
  })(authentication_type_AuthenticationType || (authentication_type_AuthenticationType = {}));
3516
3627
 
3517
3628
  ;// CONCATENATED MODULE: ../../libs/common/src/auth/models/domain/force-reset-password-reason.ts
3629
+ /*
3630
+ * This enum is used to determine if a user should be forced to reset their password
3631
+ * on login (server flag) or unlock via MP (client evaluation).
3632
+ */
3518
3633
  var ForceResetPasswordReason;
3519
3634
  (function (ForceResetPasswordReason) {
3520
3635
  /**
@@ -3523,11 +3638,13 @@ var ForceResetPasswordReason;
3523
3638
  ForceResetPasswordReason[ForceResetPasswordReason["None"] = 0] = "None";
3524
3639
  /**
3525
3640
  * Occurs when an organization admin forces a user to reset their password.
3641
+ * Communicated via server flag.
3526
3642
  */
3527
3643
  ForceResetPasswordReason[ForceResetPasswordReason["AdminForcePasswordReset"] = 1] = "AdminForcePasswordReset";
3528
3644
  /**
3529
3645
  * Occurs when a user logs in / unlocks their vault with a master password that does not meet an organization's
3530
3646
  * master password policy that is enforced on login/unlock.
3647
+ * Only set client side b/c server can't evaluate MP.
3531
3648
  */
3532
3649
  ForceResetPasswordReason[ForceResetPasswordReason["WeakMasterPassword"] = 2] = "WeakMasterPassword";
3533
3650
  })(ForceResetPasswordReason || (ForceResetPasswordReason = {}));
@@ -4159,6 +4276,7 @@ var login_strategy_awaiter = (undefined && undefined.__awaiter) || function (thi
4159
4276
 
4160
4277
 
4161
4278
 
4279
+
4162
4280
  class LogInStrategy {
4163
4281
  constructor(cryptoService, apiService, tokenService, appIdService, platformUtilsService, messagingService, logService, stateService, twoFactorService) {
4164
4282
  this.cryptoService = cryptoService;
@@ -4252,7 +4370,16 @@ class LogInStrategy {
4252
4370
  processTokenResponse(response) {
4253
4371
  return login_strategy_awaiter(this, void 0, void 0, function* () {
4254
4372
  const result = new AuthResult();
4373
+ // Old encryption keys must be migrated, but is currently only available on web.
4374
+ // Other clients shouldn't continue the login process.
4375
+ if (this.encryptionKeyMigrationRequired(response)) {
4376
+ result.requiresEncryptionKeyMigration = true;
4377
+ if (this.platformUtilsService.getClientType() !== ClientType.Web) {
4378
+ return result;
4379
+ }
4380
+ }
4255
4381
  result.resetMasterPassword = response.resetMasterPassword;
4382
+ // Convert boolean to enum
4256
4383
  if (response.forcePasswordReset) {
4257
4384
  result.forcePasswordReset = ForceResetPasswordReason.AdminForcePasswordReset;
4258
4385
  }
@@ -4268,6 +4395,11 @@ class LogInStrategy {
4268
4395
  return result;
4269
4396
  });
4270
4397
  }
4398
+ // Old accounts used master key for encryption. We are forcing migrations but only need to
4399
+ // check on password logins
4400
+ encryptionKeyMigrationRequired(response) {
4401
+ return false;
4402
+ }
4271
4403
  createKeyPairForOldAccount() {
4272
4404
  return login_strategy_awaiter(this, void 0, void 0, function* () {
4273
4405
  try {
@@ -4390,6 +4522,10 @@ class PasswordLogInStrategy extends LogInStrategy {
4390
4522
  }
4391
4523
  setUserKey(response) {
4392
4524
  return password_login_strategy_awaiter(this, void 0, void 0, function* () {
4525
+ // If migration is required, we won't have a user key to set yet.
4526
+ if (this.encryptionKeyMigrationRequired(response)) {
4527
+ return;
4528
+ }
4393
4529
  yield this.cryptoService.setMasterKeyEncryptedUserKey(response.key);
4394
4530
  const masterKey = yield this.cryptoService.getMasterKey();
4395
4531
  if (masterKey) {
@@ -4404,6 +4540,9 @@ class PasswordLogInStrategy extends LogInStrategy {
4404
4540
  yield this.cryptoService.setPrivateKey((_a = response.privateKey) !== null && _a !== void 0 ? _a : (yield this.createKeyPairForOldAccount()));
4405
4541
  });
4406
4542
  }
4543
+ encryptionKeyMigrationRequired(response) {
4544
+ return !response.key;
4545
+ }
4407
4546
  getMasterPasswordPolicyOptionsFromResponse(response) {
4408
4547
  if (response == null || response instanceof IdentityCaptchaResponse) {
4409
4548
  return null;
@@ -4536,6 +4675,7 @@ var sso_login_strategy_awaiter = (undefined && undefined.__awaiter) || function
4536
4675
 
4537
4676
 
4538
4677
 
4678
+
4539
4679
  class SsoLogInStrategy extends LogInStrategy {
4540
4680
  constructor(cryptoService, apiService, tokenService, appIdService, platformUtilsService, messagingService, logService, stateService, twoFactorService, keyConnectorService, deviceTrustCryptoService, authReqCryptoService, i18nService) {
4541
4681
  super(cryptoService, apiService, tokenService, appIdService, platformUtilsService, messagingService, logService, stateService, twoFactorService);
@@ -4551,6 +4691,10 @@ class SsoLogInStrategy extends LogInStrategy {
4551
4691
  const [ssoAuthResult] = yield this.startLogIn();
4552
4692
  this.email = ssoAuthResult.email;
4553
4693
  this.ssoEmail2FaSessionToken = ssoAuthResult.ssoEmail2FaSessionToken;
4694
+ // Auth guard currently handles redirects for this.
4695
+ if (ssoAuthResult.forcePasswordReset == ForceResetPasswordReason.AdminForcePasswordReset) {
4696
+ yield this.stateService.setForcePasswordResetReason(ssoAuthResult.forcePasswordReset);
4697
+ }
4554
4698
  return ssoAuthResult;
4555
4699
  });
4556
4700
  }
@@ -5214,7 +5358,7 @@ class DeviceTrustCryptoService {
5214
5358
  }
5215
5359
  }
5216
5360
 
5217
- ;// CONCATENATED MODULE: ../../libs/common/src/abstractions/devices/responses/device.response.ts
5361
+ ;// CONCATENATED MODULE: ../../libs/common/src/auth/abstractions/devices/responses/device.response.ts
5218
5362
 
5219
5363
  class DeviceResponse extends BaseResponse {
5220
5364
  constructor(response) {
@@ -5229,15 +5373,6 @@ class DeviceResponse extends BaseResponse {
5229
5373
  }
5230
5374
  }
5231
5375
 
5232
- ;// CONCATENATED MODULE: ../../libs/common/src/services/devices/requests/trusted-device-keys.request.ts
5233
- class TrustedDeviceKeysRequest {
5234
- constructor(encryptedUserKey, encryptedPublicKey, encryptedPrivateKey) {
5235
- this.encryptedUserKey = encryptedUserKey;
5236
- this.encryptedPublicKey = encryptedPublicKey;
5237
- this.encryptedPrivateKey = encryptedPrivateKey;
5238
- }
5239
- }
5240
-
5241
5376
  ;// CONCATENATED MODULE: ../../libs/common/src/auth/models/response/protected-device.response.ts
5242
5377
 
5243
5378
 
@@ -5258,6 +5393,15 @@ class ProtectedDeviceResponse extends BaseResponse {
5258
5393
  }
5259
5394
  }
5260
5395
 
5396
+ ;// CONCATENATED MODULE: ../../libs/common/src/auth/services/devices/requests/trusted-device-keys.request.ts
5397
+ class TrustedDeviceKeysRequest {
5398
+ constructor(encryptedUserKey, encryptedPublicKey, encryptedPrivateKey) {
5399
+ this.encryptedUserKey = encryptedUserKey;
5400
+ this.encryptedPublicKey = encryptedPublicKey;
5401
+ this.encryptedPrivateKey = encryptedPrivateKey;
5402
+ }
5403
+ }
5404
+
5261
5405
  ;// CONCATENATED MODULE: ../../libs/common/src/auth/services/devices-api.service.implementation.ts
5262
5406
  var devices_api_service_implementation_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
5263
5407
  function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -6090,6 +6234,73 @@ class BroadcasterService {
6090
6234
  }
6091
6235
  }
6092
6236
 
6237
+ ;// CONCATENATED MODULE: ../../libs/common/src/platform/models/response/server-config.response.ts
6238
+
6239
+ class ServerConfigResponse extends BaseResponse {
6240
+ constructor(response) {
6241
+ super(response);
6242
+ this.featureStates = {};
6243
+ if (response == null) {
6244
+ return;
6245
+ }
6246
+ this.version = this.getResponseProperty("Version");
6247
+ this.gitHash = this.getResponseProperty("GitHash");
6248
+ this.server = new ThirdPartyServerConfigResponse(this.getResponseProperty("Server"));
6249
+ this.environment = new EnvironmentServerConfigResponse(this.getResponseProperty("Environment"));
6250
+ this.featureStates = this.getResponseProperty("FeatureStates");
6251
+ }
6252
+ }
6253
+ class EnvironmentServerConfigResponse extends BaseResponse {
6254
+ constructor(data = null) {
6255
+ super(data);
6256
+ if (data == null) {
6257
+ return;
6258
+ }
6259
+ this.cloudRegion = this.getResponseProperty("CloudRegion");
6260
+ this.vault = this.getResponseProperty("Vault");
6261
+ this.api = this.getResponseProperty("Api");
6262
+ this.identity = this.getResponseProperty("Identity");
6263
+ this.notifications = this.getResponseProperty("Notifications");
6264
+ this.sso = this.getResponseProperty("Sso");
6265
+ }
6266
+ }
6267
+ class ThirdPartyServerConfigResponse extends BaseResponse {
6268
+ constructor(data = null) {
6269
+ super(data);
6270
+ if (data == null) {
6271
+ return;
6272
+ }
6273
+ this.name = this.getResponseProperty("Name");
6274
+ this.url = this.getResponseProperty("Url");
6275
+ }
6276
+ }
6277
+
6278
+ ;// CONCATENATED MODULE: ../../libs/common/src/platform/services/config/config-api.service.ts
6279
+ var config_api_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
6280
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
6281
+ return new (P || (P = Promise))(function (resolve, reject) {
6282
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6283
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
6284
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
6285
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
6286
+ });
6287
+ };
6288
+
6289
+
6290
+ class ConfigApiService {
6291
+ constructor(apiService, authService) {
6292
+ this.apiService = apiService;
6293
+ this.authService = authService;
6294
+ }
6295
+ get() {
6296
+ return config_api_service_awaiter(this, void 0, void 0, function* () {
6297
+ const authed = (yield this.authService.getAuthStatus()) !== AuthenticationStatus.LoggedOut;
6298
+ const r = yield this.apiService.send("GET", "/config", null, authed, true);
6299
+ return new ServerConfigResponse(r);
6300
+ });
6301
+ }
6302
+ }
6303
+
6093
6304
  ;// CONCATENATED MODULE: ../../libs/common/src/platform/services/container.service.ts
6094
6305
  class ContainerService {
6095
6306
  constructor(cryptoService, encryptService) {
@@ -14092,6 +14303,11 @@ class CryptoService {
14092
14303
  }
14093
14304
  });
14094
14305
  }
14306
+ isLegacyUser(masterKey, userId) {
14307
+ return crypto_service_awaiter(this, void 0, void 0, function* () {
14308
+ return yield this.validateUserKey((masterKey !== null && masterKey !== void 0 ? masterKey : (yield this.getMasterKey(userId))));
14309
+ });
14310
+ }
14095
14311
  getUserKeyWithLegacySupport(userId) {
14096
14312
  return crypto_service_awaiter(this, void 0, void 0, function* () {
14097
14313
  const userKey = yield this.getUserKey(userId);
@@ -14479,7 +14695,8 @@ class CryptoService {
14479
14695
  }
14480
14696
  makeKeyPair(key) {
14481
14697
  return crypto_service_awaiter(this, void 0, void 0, function* () {
14482
- key || (key = yield this.getUserKey());
14698
+ // Default to user key
14699
+ key || (key = yield this.getUserKeyWithLegacySupport());
14483
14700
  const keyPair = yield this.cryptoFunctionService.rsaGenerateKeyPair(2048);
14484
14701
  const publicB64 = utils_Utils.fromBufferToB64(keyPair[0]);
14485
14702
  const privateEnc = yield this.encryptService.encrypt(keyPair[1], key);
@@ -14545,6 +14762,12 @@ class CryptoService {
14545
14762
  return new SymmetricCryptoKey(sendKey);
14546
14763
  });
14547
14764
  }
14765
+ makeCipherKey() {
14766
+ return crypto_service_awaiter(this, void 0, void 0, function* () {
14767
+ const randomBytes = yield this.cryptoFunctionService.aesGenerateKey(512);
14768
+ return new SymmetricCryptoKey(randomBytes);
14769
+ });
14770
+ }
14548
14771
  clearKeys(userId) {
14549
14772
  return crypto_service_awaiter(this, void 0, void 0, function* () {
14550
14773
  yield this.clearUserKey(true, userId);
@@ -14876,19 +15099,26 @@ class CryptoService {
14876
15099
  migrateAutoKeyIfNeeded(userId) {
14877
15100
  return crypto_service_awaiter(this, void 0, void 0, function* () {
14878
15101
  const oldAutoKey = yield this.stateService.getCryptoMasterKeyAuto({ userId: userId });
14879
- if (oldAutoKey) {
14880
- // decrypt
14881
- const masterKey = new SymmetricCryptoKey(utils_Utils.fromB64ToArray(oldAutoKey));
14882
- const encryptedUserKey = yield this.stateService.getEncryptedCryptoSymmetricKey({
14883
- userId: userId,
14884
- });
14885
- const userKey = yield this.decryptUserKeyWithMasterKey(masterKey, new EncString(encryptedUserKey), userId);
14886
- // migrate
14887
- yield this.stateService.setUserKeyAutoUnlock(userKey.keyB64, { userId: userId });
14888
- yield this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
14889
- // set encrypted user key in case user immediately locks without syncing
14890
- yield this.setMasterKeyEncryptedUserKey(encryptedUserKey);
15102
+ if (!oldAutoKey) {
15103
+ return;
15104
+ }
15105
+ // Decrypt
15106
+ const masterKey = new SymmetricCryptoKey(utils_Utils.fromB64ToArray(oldAutoKey));
15107
+ if (yield this.isLegacyUser(masterKey, userId)) {
15108
+ // Legacy users don't have a user key, so no need to migrate.
15109
+ // Instead, set the master key for additional isLegacyUser checks that will log the user out.
15110
+ yield this.setMasterKey(masterKey, userId);
15111
+ return;
14891
15112
  }
15113
+ const encryptedUserKey = yield this.stateService.getEncryptedCryptoSymmetricKey({
15114
+ userId: userId,
15115
+ });
15116
+ const userKey = yield this.decryptUserKeyWithMasterKey(masterKey, new EncString(encryptedUserKey), userId);
15117
+ // Migrate
15118
+ yield this.stateService.setUserKeyAutoUnlock(userKey.keyB64, { userId: userId });
15119
+ yield this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
15120
+ // Set encrypted user key in case user immediately locks without syncing
15121
+ yield this.setMasterKeyEncryptedUserKey(encryptedUserKey);
14892
15122
  });
14893
15123
  }
14894
15124
  decryptAndMigrateOldPinKey(masterPasswordOnRestart, pin, email, kdf, kdfConfig, oldPinKey) {
@@ -15146,7 +15376,7 @@ class EncryptServiceImplementation {
15146
15376
  return null;
15147
15377
  }
15148
15378
  }
15149
- return yield this.cryptoFunctionService.aesDecryptFast(fastParams);
15379
+ return yield this.cryptoFunctionService.aesDecryptFast(fastParams, "cbc");
15150
15380
  });
15151
15381
  }
15152
15382
  decryptToBytes(encThing, key) {
@@ -15178,7 +15408,7 @@ class EncryptServiceImplementation {
15178
15408
  return null;
15179
15409
  }
15180
15410
  }
15181
- const result = yield this.cryptoFunctionService.aesDecrypt(encThing.dataBytes, encThing.ivBytes, key.encKey);
15411
+ const result = yield this.cryptoFunctionService.aesDecrypt(encThing.dataBytes, encThing.ivBytes, key.encKey, "cbc");
15182
15412
  return result !== null && result !== void 0 ? result : null;
15183
15413
  });
15184
15414
  }
@@ -17275,6 +17505,27 @@ class IdentityData {
17275
17505
  }
17276
17506
  }
17277
17507
 
17508
+ ;// CONCATENATED MODULE: ../../libs/common/src/vault/models/data/fido2-credential.data.ts
17509
+ class Fido2CredentialData {
17510
+ constructor(data) {
17511
+ if (data == null) {
17512
+ return;
17513
+ }
17514
+ this.credentialId = data.credentialId;
17515
+ this.keyType = data.keyType;
17516
+ this.keyAlgorithm = data.keyAlgorithm;
17517
+ this.keyCurve = data.keyCurve;
17518
+ this.keyValue = data.keyValue;
17519
+ this.rpId = data.rpId;
17520
+ this.userHandle = data.userHandle;
17521
+ this.counter = data.counter;
17522
+ this.rpName = data.rpName;
17523
+ this.userDisplayName = data.userDisplayName;
17524
+ this.discoverable = data.discoverable;
17525
+ this.creationDate = data.creationDate;
17526
+ }
17527
+ }
17528
+
17278
17529
  ;// CONCATENATED MODULE: ../../libs/common/src/vault/models/data/login-uri.data.ts
17279
17530
  class LoginUriData {
17280
17531
  constructor(data) {
@@ -17289,8 +17540,10 @@ class LoginUriData {
17289
17540
 
17290
17541
  ;// CONCATENATED MODULE: ../../libs/common/src/vault/models/data/login.data.ts
17291
17542
 
17543
+
17292
17544
  class LoginData {
17293
17545
  constructor(data) {
17546
+ var _a;
17294
17547
  if (data == null) {
17295
17548
  return;
17296
17549
  }
@@ -17302,6 +17555,9 @@ class LoginData {
17302
17555
  if (data.uris) {
17303
17556
  this.uris = data.uris.map((u) => new LoginUriData(u));
17304
17557
  }
17558
+ if (data.fido2Credentials) {
17559
+ this.fido2Credentials = (_a = data.fido2Credentials) === null || _a === void 0 ? void 0 : _a.map((key) => new Fido2CredentialData(key));
17560
+ }
17305
17561
  }
17306
17562
  }
17307
17563
 
@@ -17355,6 +17611,7 @@ class CipherData {
17355
17611
  this.creationDate = response.creationDate;
17356
17612
  this.deletedDate = response.deletedDate;
17357
17613
  this.reprompt = response.reprompt;
17614
+ this.key = response.key;
17358
17615
  switch (this.type) {
17359
17616
  case CipherType.Login:
17360
17617
  this.login = new LoginData(response.login);
@@ -17391,6 +17648,7 @@ class CollectionData {
17391
17648
  this.name = response.name;
17392
17649
  this.externalId = response.externalId;
17393
17650
  this.readOnly = response.readOnly;
17651
+ this.hidePasswords = response.hidePasswords;
17394
17652
  }
17395
17653
  }
17396
17654
 
@@ -17859,6 +18117,24 @@ identity_view_decorate([
17859
18117
  identity_view_metadata("design:paramtypes", [])
17860
18118
  ], IdentityView.prototype, "fullName", null);
17861
18119
 
18120
+ ;// CONCATENATED MODULE: ../../libs/common/src/vault/models/view/fido2-credential.view.ts
18121
+
18122
+ class Fido2CredentialView extends ItemView {
18123
+ constructor() {
18124
+ super(...arguments);
18125
+ this.creationDate = null;
18126
+ }
18127
+ get subTitle() {
18128
+ return this.userDisplayName;
18129
+ }
18130
+ static fromJSON(obj) {
18131
+ const creationDate = obj.creationDate != null ? new Date(obj.creationDate) : null;
18132
+ return Object.assign(new Fido2CredentialView(), obj, {
18133
+ creationDate,
18134
+ });
18135
+ }
18136
+ }
18137
+
17862
18138
  ;// CONCATENATED MODULE: ../../libs/common/src/vault/models/view/login-uri.view.ts
17863
18139
 
17864
18140
 
@@ -18030,6 +18306,7 @@ var login_view_metadata = (undefined && undefined.__metadata) || function (k, v)
18030
18306
 
18031
18307
 
18032
18308
 
18309
+
18033
18310
  class LoginView extends ItemView {
18034
18311
  constructor(l) {
18035
18312
  super();
@@ -18039,6 +18316,7 @@ class LoginView extends ItemView {
18039
18316
  this.totp = null;
18040
18317
  this.uris = null;
18041
18318
  this.autofillOnPageLoad = null;
18319
+ this.fido2Credentials = null;
18042
18320
  if (!l) {
18043
18321
  return;
18044
18322
  }
@@ -18072,6 +18350,9 @@ class LoginView extends ItemView {
18072
18350
  get hasUris() {
18073
18351
  return this.uris != null && this.uris.length > 0;
18074
18352
  }
18353
+ get hasFido2Credentials() {
18354
+ return this.fido2Credentials != null && this.fido2Credentials.length > 0;
18355
+ }
18075
18356
  matchesUri(targetUri, equivalentDomains, defaultUriMatch = null) {
18076
18357
  if (this.uris == null) {
18077
18358
  return false;
@@ -18079,12 +18360,14 @@ class LoginView extends ItemView {
18079
18360
  return this.uris.some((uri) => uri.matchesUri(targetUri, equivalentDomains, defaultUriMatch));
18080
18361
  }
18081
18362
  static fromJSON(obj) {
18082
- var _a;
18363
+ var _a, _b;
18083
18364
  const passwordRevisionDate = obj.passwordRevisionDate == null ? null : new Date(obj.passwordRevisionDate);
18084
18365
  const uris = (_a = obj.uris) === null || _a === void 0 ? void 0 : _a.map((uri) => LoginUriView.fromJSON(uri));
18366
+ const fido2Credentials = (_b = obj.fido2Credentials) === null || _b === void 0 ? void 0 : _b.map((key) => Fido2CredentialView.fromJSON(key));
18085
18367
  return Object.assign(new LoginView(), obj, {
18086
- passwordRevisionDate: passwordRevisionDate,
18087
- uris: uris,
18368
+ passwordRevisionDate,
18369
+ uris,
18370
+ fido2Credentials,
18088
18371
  });
18089
18372
  }
18090
18373
  }
@@ -18324,6 +18607,7 @@ class CollectionView {
18324
18607
  this.organizationId = null;
18325
18608
  this.name = null;
18326
18609
  this.externalId = null;
18610
+ // readOnly applies to the items within a collection
18327
18611
  this.readOnly = null;
18328
18612
  this.hidePasswords = null;
18329
18613
  if (!c) {
@@ -18337,6 +18621,20 @@ class CollectionView {
18337
18621
  this.hidePasswords = c.hidePasswords;
18338
18622
  }
18339
18623
  }
18624
+ // For editing collection details, not the items within it.
18625
+ canEdit(org) {
18626
+ if (org.id !== this.organizationId) {
18627
+ throw new Error("Id of the organization provided does not match the org id of the collection.");
18628
+ }
18629
+ return (org === null || org === void 0 ? void 0 : org.canEditAnyCollection) || (org === null || org === void 0 ? void 0 : org.canEditAssignedCollections);
18630
+ }
18631
+ // For deleting a collection, not the items within it.
18632
+ canDelete(org) {
18633
+ if (org.id !== this.organizationId) {
18634
+ throw new Error("Id of the organization provided does not match the org id of the collection.");
18635
+ }
18636
+ return (org === null || org === void 0 ? void 0 : org.canDeleteAnyCollection) || (org === null || org === void 0 ? void 0 : org.canDeleteAssignedCollections);
18637
+ }
18340
18638
  }
18341
18639
 
18342
18640
  ;// CONCATENATED MODULE: ../../libs/common/src/platform/models/domain/state.ts
@@ -18411,6 +18709,7 @@ var state_service_awaiter = (undefined && undefined.__awaiter) || function (this
18411
18709
 
18412
18710
 
18413
18711
 
18712
+
18414
18713
 
18415
18714
 
18416
18715
  const keys = {
@@ -18431,12 +18730,13 @@ const partialKeys = {
18431
18730
  };
18432
18731
  const DDG_SHARED_KEY = "DuckDuckGoSharedKey";
18433
18732
  class StateService {
18434
- constructor(storageService, secureStorageService, memoryStorageService, logService, stateFactory, useAccountCache = true) {
18733
+ constructor(storageService, secureStorageService, memoryStorageService, logService, stateFactory, accountService, useAccountCache = true) {
18435
18734
  this.storageService = storageService;
18436
18735
  this.secureStorageService = secureStorageService;
18437
18736
  this.memoryStorageService = memoryStorageService;
18438
18737
  this.logService = logService;
18439
18738
  this.stateFactory = stateFactory;
18739
+ this.accountService = accountService;
18440
18740
  this.useAccountCache = useAccountCache;
18441
18741
  this.accountsSubject = new external_rxjs_namespaceObject.BehaviorSubject({});
18442
18742
  this.accounts$ = this.accountsSubject.asObservable();
@@ -18503,6 +18803,19 @@ class StateService {
18503
18803
  }
18504
18804
  yield this.pushAccounts();
18505
18805
  this.activeAccountSubject.next(state.activeUserId);
18806
+ // TODO: Temporary update to avoid routing all account status changes through account service for now.
18807
+ // account service tracks logged out accounts, but State service does not, so we need to add the active account
18808
+ // if it's not in the accounts list.
18809
+ if (state.activeUserId != null && this.accountsSubject.value[state.activeUserId] == null) {
18810
+ const activeDiskAccount = yield this.getAccountFromDisk({ userId: state.activeUserId });
18811
+ this.accountService.addAccount(state.activeUserId, {
18812
+ name: activeDiskAccount.profile.name,
18813
+ email: activeDiskAccount.profile.email,
18814
+ status: AuthenticationStatus.LoggedOut,
18815
+ });
18816
+ }
18817
+ this.accountService.switchAccount(state.activeUserId);
18818
+ // End TODO
18506
18819
  return state;
18507
18820
  }));
18508
18821
  });
@@ -18519,6 +18832,12 @@ class StateService {
18519
18832
  state.accounts[userId] = this.createAccount();
18520
18833
  const diskAccount = yield this.getAccountFromDisk({ userId: userId });
18521
18834
  state.accounts[userId].profile = diskAccount.profile;
18835
+ // TODO: Temporary update to avoid routing all account status changes through account service for now.
18836
+ this.accountService.addAccount(userId, {
18837
+ status: AuthenticationStatus.Locked,
18838
+ name: diskAccount.profile.name,
18839
+ email: diskAccount.profile.email,
18840
+ });
18522
18841
  return state;
18523
18842
  }));
18524
18843
  });
@@ -18534,6 +18853,12 @@ class StateService {
18534
18853
  }));
18535
18854
  yield this.scaffoldNewAccountStorage(account);
18536
18855
  yield this.setLastActive(new Date().getTime(), { userId: account.profile.userId });
18856
+ // TODO: Temporary update to avoid routing all account status changes through account service for now.
18857
+ this.accountService.addAccount(account.profile.userId, {
18858
+ status: AuthenticationStatus.Locked,
18859
+ name: account.profile.name,
18860
+ email: account.profile.email,
18861
+ });
18537
18862
  yield this.setActiveUser(account.profile.userId);
18538
18863
  this.activeAccountSubject.next(account.profile.userId);
18539
18864
  });
@@ -18545,6 +18870,8 @@ class StateService {
18545
18870
  state.activeUserId = userId;
18546
18871
  yield this.storageService.save(keys.activeUserId, userId);
18547
18872
  this.activeAccountSubject.next(state.activeUserId);
18873
+ // TODO: temporary update to avoid routing all account status changes through account service for now.
18874
+ this.accountService.switchAccount(userId);
18548
18875
  return state;
18549
18876
  }));
18550
18877
  yield this.pushAccounts();
@@ -18821,6 +19148,8 @@ class StateService {
18821
19148
  const account = yield this.getAccount(this.reconcileOptions(options, yield this.defaultInMemoryOptions()));
18822
19149
  account.keys.cryptoMasterKey = value;
18823
19150
  yield this.saveAccount(account, this.reconcileOptions(options, yield this.defaultInMemoryOptions()));
19151
+ const nextStatus = value != null ? AuthenticationStatus.Unlocked : AuthenticationStatus.Locked;
19152
+ this.accountService.setAccountStatus(options.userId, nextStatus);
18824
19153
  if (options.userId == this.activeAccountSubject.getValue()) {
18825
19154
  const nextValue = value != null;
18826
19155
  // Avoid emitting if we are already unlocked
@@ -18848,6 +19177,8 @@ class StateService {
18848
19177
  const account = yield this.getAccount(this.reconcileOptions(options, yield this.defaultInMemoryOptions()));
18849
19178
  account.keys.userKey = value;
18850
19179
  yield this.saveAccount(account, this.reconcileOptions(options, yield this.defaultInMemoryOptions()));
19180
+ const nextStatus = value != null ? AuthenticationStatus.Unlocked : AuthenticationStatus.Locked;
19181
+ this.accountService.setAccountStatus(options.userId, nextStatus);
18851
19182
  if ((options === null || options === void 0 ? void 0 : options.userId) == this.activeAccountSubject.getValue()) {
18852
19183
  const nextValue = value != null;
18853
19184
  // Avoid emitting if we are already unlocked
@@ -20697,7 +21028,6 @@ class StateService {
20697
21028
  yield this.saveAccount(account, this.reconcileOptions({ userId: account.profile.userId }, yield this.defaultOnDiskOptions()));
20698
21029
  });
20699
21030
  }
20700
- //
20701
21031
  pushAccounts() {
20702
21032
  return state_service_awaiter(this, void 0, void 0, function* () {
20703
21033
  yield this.pruneInMemoryAccounts();
@@ -20816,6 +21146,8 @@ class StateService {
20816
21146
  this.deleteDiskCache(userId);
20817
21147
  return state;
20818
21148
  }));
21149
+ // TODO: Invert this logic, we should remove accounts based on logged out emit
21150
+ this.accountService.setAccountStatus(userId, AuthenticationStatus.LoggedOut);
20819
21151
  });
20820
21152
  }
20821
21153
  pruneInMemoryAccounts() {
@@ -22162,6 +22494,7 @@ var vault_timeout_service_awaiter = (undefined && undefined.__awaiter) || functi
22162
22494
 
22163
22495
 
22164
22496
 
22497
+
22165
22498
  class VaultTimeoutService {
22166
22499
  constructor(cipherService, folderService, collectionService, cryptoService, platformUtilsService, messagingService, searchService, stateService, authService, vaultTimeoutSettingsService, lockedCallback = null, loggedOutCallback = null) {
22167
22500
  this.cipherService = cipherService;
@@ -22275,10 +22608,18 @@ class VaultTimeoutService {
22275
22608
  }
22276
22609
  migrateKeyForNeverLockIfNeeded() {
22277
22610
  return vault_timeout_service_awaiter(this, void 0, void 0, function* () {
22611
+ // Web can't set vault timeout to never
22612
+ if (this.platformUtilsService.getClientType() == ClientType.Web) {
22613
+ return;
22614
+ }
22278
22615
  const accounts = yield (0,external_rxjs_namespaceObject.firstValueFrom)(this.stateService.accounts$);
22279
22616
  for (const userId in accounts) {
22280
22617
  if (userId != null) {
22281
22618
  yield this.cryptoService.migrateAutoKeyIfNeeded(userId);
22619
+ // Legacy users should be logged out since we're not on the web vault and can't migrate.
22620
+ if (yield this.cryptoService.isLegacyUser(null, userId)) {
22621
+ yield this.logOut(userId);
22622
+ }
22282
22623
  }
22283
22624
  }
22284
22625
  });
@@ -23100,6 +23441,57 @@ class SendService {
23100
23441
  }
23101
23442
  }
23102
23443
 
23444
+ ;// CONCATENATED MODULE: external "semver"
23445
+ const external_semver_namespaceObject = require("semver");
23446
+ ;// CONCATENATED MODULE: ../../libs/common/src/platform/misc/flags.ts
23447
+ function getFlags(envFlags) {
23448
+ if (typeof envFlags === "string") {
23449
+ return JSON.parse(envFlags);
23450
+ }
23451
+ else {
23452
+ return envFlags;
23453
+ }
23454
+ }
23455
+ /**
23456
+ * Gets the value of a feature flag from environment.
23457
+ * All flags default to "on" (true).
23458
+ * Only use for shared code in `libs`, otherwise use the client-specific function.
23459
+ * @param flag The name of the feature flag to check
23460
+ * @returns The value of the flag
23461
+ */
23462
+ function flagEnabled(flag) {
23463
+ const flags = getFlags({"enableCipherKeyEncryption":false});
23464
+ return flags[flag] == null || !!flags[flag];
23465
+ }
23466
+ /**
23467
+ * Gets the value of a dev flag from environment.
23468
+ * Will always return false unless in development.
23469
+ * Only use for shared code in `libs`, otherwise use the client-specific function.
23470
+ * @param flag The name of the dev flag to check
23471
+ * @returns The value of the flag
23472
+ */
23473
+ function devFlagEnabled(flag) {
23474
+ if (process.env.ENV !== "development") {
23475
+ return false;
23476
+ }
23477
+ const devFlags = getFlags(process.env.DEV_FLAGS);
23478
+ return devFlags[flag] == null || !!devFlags[flag];
23479
+ }
23480
+ /**
23481
+ * Gets the value of a dev flag from environment.
23482
+ * Will always return false unless in development.
23483
+ * @param flag The name of the dev flag to check
23484
+ * @returns The value of the flag
23485
+ * @throws Error if the flag is not enabled
23486
+ */
23487
+ function devFlagValue(flag) {
23488
+ if (!devFlagEnabled(flag)) {
23489
+ throw new Error(`This method should not be called, it is protected by a disabled dev flag.`);
23490
+ }
23491
+ const devFlags = getFlags(process.env.DEV_FLAGS);
23492
+ return devFlags[flag];
23493
+ }
23494
+
23103
23495
  ;// CONCATENATED MODULE: ../../libs/common/src/vault/models/domain/attachment.ts
23104
23496
  var attachment_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
23105
23497
  function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
@@ -23423,6 +23815,120 @@ class Identity extends Domain {
23423
23815
  }
23424
23816
  }
23425
23817
 
23818
+ ;// CONCATENATED MODULE: ../../libs/common/src/vault/models/domain/fido2-credential.ts
23819
+ var fido2_credential_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
23820
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
23821
+ return new (P || (P = Promise))(function (resolve, reject) {
23822
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
23823
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
23824
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
23825
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
23826
+ });
23827
+ };
23828
+
23829
+
23830
+
23831
+
23832
+ class Fido2Credential extends Domain {
23833
+ constructor(obj) {
23834
+ super();
23835
+ this.credentialId = null;
23836
+ if (obj == null) {
23837
+ return;
23838
+ }
23839
+ this.buildDomainModel(this, obj, {
23840
+ credentialId: null,
23841
+ keyType: null,
23842
+ keyAlgorithm: null,
23843
+ keyCurve: null,
23844
+ keyValue: null,
23845
+ rpId: null,
23846
+ userHandle: null,
23847
+ counter: null,
23848
+ rpName: null,
23849
+ userDisplayName: null,
23850
+ discoverable: null,
23851
+ }, []);
23852
+ this.creationDate = obj.creationDate != null ? new Date(obj.creationDate) : null;
23853
+ }
23854
+ decrypt(orgId, encKey) {
23855
+ return fido2_credential_awaiter(this, void 0, void 0, function* () {
23856
+ const view = yield this.decryptObj(new Fido2CredentialView(), {
23857
+ credentialId: null,
23858
+ keyType: null,
23859
+ keyAlgorithm: null,
23860
+ keyCurve: null,
23861
+ keyValue: null,
23862
+ rpId: null,
23863
+ userHandle: null,
23864
+ rpName: null,
23865
+ userDisplayName: null,
23866
+ discoverable: null,
23867
+ }, orgId, encKey);
23868
+ const { counter } = yield this.decryptObj({ counter: "" }, {
23869
+ counter: null,
23870
+ }, orgId, encKey);
23871
+ // Counter will end up as NaN if this fails
23872
+ view.counter = parseInt(counter);
23873
+ const { discoverable } = yield this.decryptObj({ discoverable: "" }, {
23874
+ discoverable: null,
23875
+ }, orgId, encKey);
23876
+ view.discoverable = discoverable === "true";
23877
+ view.creationDate = this.creationDate;
23878
+ return view;
23879
+ });
23880
+ }
23881
+ toFido2CredentialData() {
23882
+ const i = new Fido2CredentialData();
23883
+ i.creationDate = this.creationDate.toISOString();
23884
+ this.buildDataModel(this, i, {
23885
+ credentialId: null,
23886
+ keyType: null,
23887
+ keyAlgorithm: null,
23888
+ keyCurve: null,
23889
+ keyValue: null,
23890
+ rpId: null,
23891
+ userHandle: null,
23892
+ counter: null,
23893
+ rpName: null,
23894
+ userDisplayName: null,
23895
+ discoverable: null,
23896
+ });
23897
+ return i;
23898
+ }
23899
+ static fromJSON(obj) {
23900
+ if (obj == null) {
23901
+ return null;
23902
+ }
23903
+ const credentialId = EncString.fromJSON(obj.credentialId);
23904
+ const keyType = EncString.fromJSON(obj.keyType);
23905
+ const keyAlgorithm = EncString.fromJSON(obj.keyAlgorithm);
23906
+ const keyCurve = EncString.fromJSON(obj.keyCurve);
23907
+ const keyValue = EncString.fromJSON(obj.keyValue);
23908
+ const rpId = EncString.fromJSON(obj.rpId);
23909
+ const userHandle = EncString.fromJSON(obj.userHandle);
23910
+ const counter = EncString.fromJSON(obj.counter);
23911
+ const rpName = EncString.fromJSON(obj.rpName);
23912
+ const userDisplayName = EncString.fromJSON(obj.userDisplayName);
23913
+ const discoverable = EncString.fromJSON(obj.discoverable);
23914
+ const creationDate = obj.creationDate != null ? new Date(obj.creationDate) : null;
23915
+ return Object.assign(new Fido2Credential(), obj, {
23916
+ credentialId,
23917
+ keyType,
23918
+ keyAlgorithm,
23919
+ keyCurve,
23920
+ keyValue,
23921
+ rpId,
23922
+ userHandle,
23923
+ counter,
23924
+ rpName,
23925
+ userDisplayName,
23926
+ discoverable,
23927
+ creationDate,
23928
+ });
23929
+ }
23930
+ }
23931
+
23426
23932
  ;// CONCATENATED MODULE: ../../libs/common/src/vault/models/domain/login-uri.ts
23427
23933
 
23428
23934
 
@@ -23478,6 +23984,7 @@ var login_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
23478
23984
 
23479
23985
 
23480
23986
 
23987
+
23481
23988
  class Login extends Domain {
23482
23989
  constructor(obj) {
23483
23990
  super();
@@ -23498,6 +24005,9 @@ class Login extends Domain {
23498
24005
  this.uris.push(new LoginUri(u));
23499
24006
  });
23500
24007
  }
24008
+ if (obj.fido2Credentials) {
24009
+ this.fido2Credentials = obj.fido2Credentials.map((key) => new Fido2Credential(key));
24010
+ }
23501
24011
  }
23502
24012
  decrypt(orgId, encKey) {
23503
24013
  return login_awaiter(this, void 0, void 0, function* () {
@@ -23513,6 +24023,9 @@ class Login extends Domain {
23513
24023
  view.uris.push(uri);
23514
24024
  }
23515
24025
  }
24026
+ if (this.fido2Credentials != null) {
24027
+ view.fido2Credentials = yield Promise.all(this.fido2Credentials.map((key) => key.decrypt(orgId, encKey)));
24028
+ }
23516
24029
  return view;
23517
24030
  });
23518
24031
  }
@@ -23532,10 +24045,13 @@ class Login extends Domain {
23532
24045
  l.uris.push(u.toLoginUriData());
23533
24046
  });
23534
24047
  }
24048
+ if (this.fido2Credentials != null && this.fido2Credentials.length > 0) {
24049
+ l.fido2Credentials = this.fido2Credentials.map((key) => key.toFido2CredentialData());
24050
+ }
23535
24051
  return l;
23536
24052
  }
23537
24053
  static fromJSON(obj) {
23538
- var _a;
24054
+ var _a, _b, _c;
23539
24055
  if (obj == null) {
23540
24056
  return null;
23541
24057
  }
@@ -23544,12 +24060,14 @@ class Login extends Domain {
23544
24060
  const totp = EncString.fromJSON(obj.totp);
23545
24061
  const passwordRevisionDate = obj.passwordRevisionDate == null ? null : new Date(obj.passwordRevisionDate);
23546
24062
  const uris = (_a = obj.uris) === null || _a === void 0 ? void 0 : _a.map((uri) => LoginUri.fromJSON(uri));
24063
+ const fido2Credentials = (_c = (_b = obj.fido2Credentials) === null || _b === void 0 ? void 0 : _b.map((key) => Fido2Credential.fromJSON(key))) !== null && _c !== void 0 ? _c : [];
23547
24064
  return Object.assign(new Login(), obj, {
23548
24065
  username,
23549
24066
  password,
23550
24067
  totp,
23551
- passwordRevisionDate: passwordRevisionDate,
23552
- uris: uris,
24068
+ passwordRevisionDate,
24069
+ uris,
24070
+ fido2Credentials,
23553
24071
  });
23554
24072
  }
23555
24073
  }
@@ -23647,6 +24165,8 @@ var cipher_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _a
23647
24165
 
23648
24166
 
23649
24167
 
24168
+
24169
+
23650
24170
  class Cipher extends Domain {
23651
24171
  constructor(obj, localData = null) {
23652
24172
  super();
@@ -23660,6 +24180,7 @@ class Cipher extends Domain {
23660
24180
  folderId: null,
23661
24181
  name: null,
23662
24182
  notes: null,
24183
+ key: null,
23663
24184
  }, ["id", "organizationId", "folderId"]);
23664
24185
  this.type = obj.type;
23665
24186
  this.favorite = obj.favorite;
@@ -23712,9 +24233,16 @@ class Cipher extends Domain {
23712
24233
  this.passwordHistory = null;
23713
24234
  }
23714
24235
  }
24236
+ // We are passing the organizationId into the EncString.decrypt() method here, but because the encKey will always be
24237
+ // present and so the organizationId will not be used.
24238
+ // We will refactor the EncString.decrypt() in https://bitwarden.atlassian.net/browse/PM-3762 to remove the dependency on the organizationId.
23715
24239
  decrypt(encKey) {
23716
24240
  return cipher_awaiter(this, void 0, void 0, function* () {
23717
24241
  const model = new CipherView(this);
24242
+ if (this.key != null) {
24243
+ const encryptService = utils_Utils.getContainerService().getEncryptService();
24244
+ encKey = new SymmetricCryptoKey(yield encryptService.decryptToBytes(this.key, encKey));
24245
+ }
23718
24246
  yield this.decryptObj(model, {
23719
24247
  name: null,
23720
24248
  notes: null,
@@ -23735,13 +24263,12 @@ class Cipher extends Domain {
23735
24263
  default:
23736
24264
  break;
23737
24265
  }
23738
- const orgId = this.organizationId;
23739
24266
  if (this.attachments != null && this.attachments.length > 0) {
23740
24267
  const attachments = [];
23741
24268
  yield this.attachments.reduce((promise, attachment) => {
23742
24269
  return promise
23743
24270
  .then(() => {
23744
- return attachment.decrypt(orgId, encKey);
24271
+ return attachment.decrypt(this.organizationId, encKey);
23745
24272
  })
23746
24273
  .then((decAttachment) => {
23747
24274
  attachments.push(decAttachment);
@@ -23754,7 +24281,7 @@ class Cipher extends Domain {
23754
24281
  yield this.fields.reduce((promise, field) => {
23755
24282
  return promise
23756
24283
  .then(() => {
23757
- return field.decrypt(orgId, encKey);
24284
+ return field.decrypt(this.organizationId, encKey);
23758
24285
  })
23759
24286
  .then((decField) => {
23760
24287
  fields.push(decField);
@@ -23767,7 +24294,7 @@ class Cipher extends Domain {
23767
24294
  yield this.passwordHistory.reduce((promise, ph) => {
23768
24295
  return promise
23769
24296
  .then(() => {
23770
- return ph.decrypt(orgId, encKey);
24297
+ return ph.decrypt(this.organizationId, encKey);
23771
24298
  })
23772
24299
  .then((decPh) => {
23773
24300
  passwordHistory.push(decPh);
@@ -23779,6 +24306,7 @@ class Cipher extends Domain {
23779
24306
  });
23780
24307
  }
23781
24308
  toCipherData() {
24309
+ var _a;
23782
24310
  const c = new CipherData();
23783
24311
  c.id = this.id;
23784
24312
  c.organizationId = this.organizationId;
@@ -23793,6 +24321,7 @@ class Cipher extends Domain {
23793
24321
  c.creationDate = this.creationDate != null ? this.creationDate.toISOString() : null;
23794
24322
  c.deletedDate = this.deletedDate != null ? this.deletedDate.toISOString() : null;
23795
24323
  c.reprompt = this.reprompt;
24324
+ c.key = (_a = this.key) === null || _a === void 0 ? void 0 : _a.encryptedString;
23796
24325
  this.buildDataModel(this, c, {
23797
24326
  name: null,
23798
24327
  notes: null,
@@ -23837,6 +24366,7 @@ class Cipher extends Domain {
23837
24366
  const attachments = (_a = obj.attachments) === null || _a === void 0 ? void 0 : _a.map((a) => Attachment.fromJSON(a));
23838
24367
  const fields = (_b = obj.fields) === null || _b === void 0 ? void 0 : _b.map((f) => Field.fromJSON(f));
23839
24368
  const passwordHistory = (_c = obj.passwordHistory) === null || _c === void 0 ? void 0 : _c.map((ph) => Password.fromJSON(ph));
24369
+ const key = EncString.fromJSON(obj.key);
23840
24370
  Object.assign(domain, obj, {
23841
24371
  name,
23842
24372
  notes,
@@ -23845,6 +24375,7 @@ class Cipher extends Domain {
23845
24375
  attachments,
23846
24376
  fields,
23847
24377
  passwordHistory,
24378
+ key,
23848
24379
  });
23849
24380
  switch (obj.type) {
23850
24381
  case CipherType.Card:
@@ -24035,9 +24566,33 @@ class LoginUriApi extends BaseResponse {
24035
24566
  }
24036
24567
  }
24037
24568
 
24569
+ ;// CONCATENATED MODULE: ../../libs/common/src/vault/api/fido2-credential.api.ts
24570
+
24571
+ class Fido2CredentialApi extends BaseResponse {
24572
+ constructor(data = null) {
24573
+ super(data);
24574
+ if (data == null) {
24575
+ return;
24576
+ }
24577
+ this.credentialId = this.getResponseProperty("CredentialId");
24578
+ this.keyType = this.getResponseProperty("KeyType");
24579
+ this.keyAlgorithm = this.getResponseProperty("KeyAlgorithm");
24580
+ this.keyCurve = this.getResponseProperty("KeyCurve");
24581
+ this.keyValue = this.getResponseProperty("keyValue");
24582
+ this.rpId = this.getResponseProperty("RpId");
24583
+ this.userHandle = this.getResponseProperty("UserHandle");
24584
+ this.counter = this.getResponseProperty("Counter");
24585
+ this.rpName = this.getResponseProperty("RpName");
24586
+ this.userDisplayName = this.getResponseProperty("UserDisplayName");
24587
+ this.discoverable = this.getResponseProperty("Discoverable");
24588
+ this.creationDate = this.getResponseProperty("CreationDate");
24589
+ }
24590
+ }
24591
+
24038
24592
  ;// CONCATENATED MODULE: ../../libs/common/src/models/api/login.api.ts
24039
24593
 
24040
24594
 
24595
+
24041
24596
  class LoginApi extends BaseResponse {
24042
24597
  constructor(data = null) {
24043
24598
  super(data);
@@ -24053,6 +24608,10 @@ class LoginApi extends BaseResponse {
24053
24608
  if (uris != null) {
24054
24609
  this.uris = uris.map((u) => new LoginUriApi(u));
24055
24610
  }
24611
+ const fido2Credentials = this.getResponseProperty("Fido2Credentials");
24612
+ if (fido2Credentials != null) {
24613
+ this.fido2Credentials = fido2Credentials.map((key) => new Fido2CredentialApi(key));
24614
+ }
24056
24615
  }
24057
24616
  }
24058
24617
 
@@ -24081,8 +24640,10 @@ class AttachmentRequest {
24081
24640
 
24082
24641
 
24083
24642
 
24643
+
24084
24644
  class CipherRequest {
24085
24645
  constructor(cipher) {
24646
+ var _a;
24086
24647
  this.type = cipher.type;
24087
24648
  this.folderId = cipher.folderId;
24088
24649
  this.organizationId = cipher.organizationId;
@@ -24091,6 +24652,7 @@ class CipherRequest {
24091
24652
  this.favorite = cipher.favorite;
24092
24653
  this.lastKnownRevisionDate = cipher.revisionDate;
24093
24654
  this.reprompt = cipher.reprompt;
24655
+ this.key = (_a = cipher.key) === null || _a === void 0 ? void 0 : _a.encryptedString;
24094
24656
  switch (this.type) {
24095
24657
  case CipherType.Login:
24096
24658
  this.login = new LoginApi();
@@ -24111,6 +24673,30 @@ class CipherRequest {
24111
24673
  return uri;
24112
24674
  });
24113
24675
  }
24676
+ if (cipher.login.fido2Credentials != null) {
24677
+ this.login.fido2Credentials = cipher.login.fido2Credentials.map((key) => {
24678
+ const keyApi = new Fido2CredentialApi();
24679
+ keyApi.credentialId =
24680
+ key.credentialId != null ? key.credentialId.encryptedString : null;
24681
+ keyApi.keyType =
24682
+ key.keyType != null ? key.keyType.encryptedString : null;
24683
+ keyApi.keyAlgorithm =
24684
+ key.keyAlgorithm != null ? key.keyAlgorithm.encryptedString : null;
24685
+ keyApi.keyCurve =
24686
+ key.keyCurve != null ? key.keyCurve.encryptedString : null;
24687
+ keyApi.keyValue = key.keyValue != null ? key.keyValue.encryptedString : null;
24688
+ keyApi.rpId = key.rpId != null ? key.rpId.encryptedString : null;
24689
+ keyApi.rpName = key.rpName != null ? key.rpName.encryptedString : null;
24690
+ keyApi.counter = key.counter != null ? key.counter.encryptedString : null;
24691
+ keyApi.userHandle = key.userHandle != null ? key.userHandle.encryptedString : null;
24692
+ keyApi.userDisplayName =
24693
+ key.userDisplayName != null ? key.userDisplayName.encryptedString : null;
24694
+ keyApi.discoverable =
24695
+ key.discoverable != null ? key.discoverable.encryptedString : null;
24696
+ keyApi.creationDate = key.creationDate != null ? key.creationDate.toISOString() : null;
24697
+ return keyApi;
24698
+ });
24699
+ }
24114
24700
  break;
24115
24701
  case CipherType.SecureNote:
24116
24702
  this.secureNote = new SecureNoteApi();
@@ -24311,8 +24897,14 @@ var cipher_service_awaiter = (undefined && undefined.__awaiter) || function (thi
24311
24897
 
24312
24898
 
24313
24899
 
24900
+
24901
+
24902
+
24903
+
24904
+
24905
+ const CIPHER_KEY_ENC_MIN_SERVER_VER = new external_semver_namespaceObject.SemVer("2023.9.1");
24314
24906
  class CipherService {
24315
- constructor(cryptoService, settingsService, apiService, i18nService, searchService, stateService, encryptService, cipherFileUploadService) {
24907
+ constructor(cryptoService, settingsService, apiService, i18nService, searchService, stateService, encryptService, cipherFileUploadService, configService) {
24316
24908
  this.cryptoService = cryptoService;
24317
24909
  this.settingsService = settingsService;
24318
24910
  this.apiService = apiService;
@@ -24321,6 +24913,7 @@ class CipherService {
24321
24913
  this.stateService = stateService;
24322
24914
  this.encryptService = encryptService;
24323
24915
  this.cipherFileUploadService = cipherFileUploadService;
24916
+ this.configService = configService;
24324
24917
  this.sortedCiphersCache = new SortedCiphersCache(this.sortCiphersByLastUsed);
24325
24918
  }
24326
24919
  getDecryptedCipherCache() {
@@ -24347,56 +24940,17 @@ class CipherService {
24347
24940
  yield this.clearDecryptedCiphersState(userId);
24348
24941
  });
24349
24942
  }
24350
- encrypt(model, key, originalCipher = null) {
24943
+ encrypt(model, keyForEncryption, keyForCipherKeyDecryption, originalCipher = null) {
24944
+ var _a;
24351
24945
  return cipher_service_awaiter(this, void 0, void 0, function* () {
24352
- // Adjust password history
24353
24946
  if (model.id != null) {
24354
24947
  if (originalCipher == null) {
24355
24948
  originalCipher = yield this.get(model.id);
24356
24949
  }
24357
24950
  if (originalCipher != null) {
24358
- const existingCipher = yield originalCipher.decrypt();
24359
- model.passwordHistory = existingCipher.passwordHistory || [];
24360
- if (model.type === CipherType.Login && existingCipher.type === CipherType.Login) {
24361
- if (existingCipher.login.password != null &&
24362
- existingCipher.login.password !== "" &&
24363
- existingCipher.login.password !== model.login.password) {
24364
- const ph = new PasswordHistoryView();
24365
- ph.password = existingCipher.login.password;
24366
- ph.lastUsedDate = model.login.passwordRevisionDate = new Date();
24367
- model.passwordHistory.splice(0, 0, ph);
24368
- }
24369
- else {
24370
- model.login.passwordRevisionDate = existingCipher.login.passwordRevisionDate;
24371
- }
24372
- }
24373
- if (existingCipher.hasFields) {
24374
- const existingHiddenFields = existingCipher.fields.filter((f) => f.type === FieldType.Hidden &&
24375
- f.name != null &&
24376
- f.name !== "" &&
24377
- f.value != null &&
24378
- f.value !== "");
24379
- const hiddenFields = model.fields == null
24380
- ? []
24381
- : model.fields.filter((f) => f.type === FieldType.Hidden && f.name != null && f.name !== "");
24382
- existingHiddenFields.forEach((ef) => {
24383
- const matchedField = hiddenFields.find((f) => f.name === ef.name);
24384
- if (matchedField == null || matchedField.value !== ef.value) {
24385
- const ph = new PasswordHistoryView();
24386
- ph.password = ef.name + ": " + ef.value;
24387
- ph.lastUsedDate = new Date();
24388
- model.passwordHistory.splice(0, 0, ph);
24389
- }
24390
- });
24391
- }
24392
- }
24393
- if (model.passwordHistory != null && model.passwordHistory.length === 0) {
24394
- model.passwordHistory = null;
24395
- }
24396
- else if (model.passwordHistory != null && model.passwordHistory.length > 5) {
24397
- // only save last 5 history
24398
- model.passwordHistory = model.passwordHistory.slice(0, 5);
24951
+ yield this.updateModelfromExistingCipher(model, originalCipher);
24399
24952
  }
24953
+ this.adjustPasswordHistoryLength(model);
24400
24954
  }
24401
24955
  const cipher = new Cipher();
24402
24956
  cipher.id = model.id;
@@ -24408,29 +24962,28 @@ class CipherService {
24408
24962
  cipher.revisionDate = model.revisionDate;
24409
24963
  cipher.reprompt = model.reprompt;
24410
24964
  cipher.edit = model.edit;
24411
- if (key == null && cipher.organizationId != null) {
24412
- key = yield this.cryptoService.getOrgKey(cipher.organizationId);
24413
- if (key == null) {
24414
- throw new Error("Cannot encrypt cipher for organization. No key.");
24965
+ if (yield this.getCipherKeyEncryptionEnabled()) {
24966
+ cipher.key = (_a = originalCipher === null || originalCipher === void 0 ? void 0 : originalCipher.key) !== null && _a !== void 0 ? _a : null;
24967
+ const userOrOrgKey = yield this.getKeyForCipherKeyDecryption(cipher);
24968
+ // The keyForEncryption is only used for encrypting the cipher key, not the cipher itself, since cipher key encryption is enabled.
24969
+ // If the caller has provided a key for cipher key encryption, use it. Otherwise, use the user or org key.
24970
+ keyForEncryption || (keyForEncryption = userOrOrgKey);
24971
+ // If the caller has provided a key for cipher key decryption, use it. Otherwise, use the user or org key.
24972
+ keyForCipherKeyDecryption || (keyForCipherKeyDecryption = userOrOrgKey);
24973
+ return this.encryptCipherWithCipherKey(model, cipher, keyForEncryption, keyForCipherKeyDecryption);
24974
+ }
24975
+ else {
24976
+ if (keyForEncryption == null && cipher.organizationId != null) {
24977
+ keyForEncryption = yield this.cryptoService.getOrgKey(cipher.organizationId);
24978
+ if (keyForEncryption == null) {
24979
+ throw new Error("Cannot encrypt cipher for organization. No key.");
24980
+ }
24415
24981
  }
24982
+ // We want to ensure that the cipher key is null if cipher key encryption is disabled
24983
+ // so that decryption uses the proper key.
24984
+ cipher.key = null;
24985
+ return this.encryptCipher(model, cipher, keyForEncryption);
24416
24986
  }
24417
- yield Promise.all([
24418
- this.encryptObjProperty(model, cipher, {
24419
- name: null,
24420
- notes: null,
24421
- }, key),
24422
- this.encryptCipherData(cipher, model, key),
24423
- this.encryptFields(model.fields, key).then((fields) => {
24424
- cipher.fields = fields;
24425
- }),
24426
- this.encryptPasswordHistories(model.passwordHistory, key).then((ph) => {
24427
- cipher.passwordHistory = ph;
24428
- }),
24429
- this.encryptAttachments(model.attachments, key).then((attachments) => {
24430
- cipher.attachments = attachments;
24431
- }),
24432
- ]);
24433
- return cipher;
24434
24987
  });
24435
24988
  }
24436
24989
  encryptAttachments(attachmentsModel, key) {
@@ -24547,10 +25100,6 @@ class CipherService {
24547
25100
  yield this.reindexCiphers();
24548
25101
  return yield this.getDecryptedCipherCache();
24549
25102
  }
24550
- const hasKey = yield this.cryptoService.hasUserKey();
24551
- if (!hasKey) {
24552
- throw new Error("No user key found.");
24553
- }
24554
25103
  const ciphers = yield this.getAll();
24555
25104
  const orgKeys = yield this.cryptoService.getOrgKeys();
24556
25105
  const userKey = yield this.cryptoService.getUserKeyWithLegacySupport();
@@ -24607,13 +25156,16 @@ class CipherService {
24607
25156
  const ciphers = yield this.getAllDecrypted();
24608
25157
  defaultMatch !== null && defaultMatch !== void 0 ? defaultMatch : (defaultMatch = yield this.stateService.getDefaultUriMatch());
24609
25158
  return ciphers.filter((cipher) => {
24610
- if (cipher.deletedDate != null) {
25159
+ const cipherIsLogin = cipher.type === CipherType.Login && cipher.login !== null;
25160
+ if (cipher.deletedDate !== null) {
24611
25161
  return false;
24612
25162
  }
24613
- if (includeOtherTypes != null && includeOtherTypes.indexOf(cipher.type) > -1) {
25163
+ if (Array.isArray(includeOtherTypes) &&
25164
+ includeOtherTypes.includes(cipher.type) &&
25165
+ !cipherIsLogin) {
24614
25166
  return true;
24615
25167
  }
24616
- if (cipher.type === CipherType.Login && cipher.login !== null) {
25168
+ if (cipherIsLogin) {
24617
25169
  return cipher.login.matchesUri(url, equivalentDomains, defaultMatch);
24618
25170
  }
24619
25171
  return false;
@@ -24774,7 +25326,7 @@ class CipherService {
24774
25326
  yield Promise.all(attachmentPromises);
24775
25327
  cipher.organizationId = organizationId;
24776
25328
  cipher.collectionIds = collectionIds;
24777
- const encCipher = yield this.encrypt(cipher);
25329
+ const encCipher = yield this.encryptSharedCipher(cipher);
24778
25330
  const request = new CipherShareRequest(encCipher);
24779
25331
  const response = yield this.apiService.putShareCipher(cipher.id, request);
24780
25332
  const data = new CipherData(response, collectionIds);
@@ -24788,7 +25340,7 @@ class CipherService {
24788
25340
  for (const cipher of ciphers) {
24789
25341
  cipher.organizationId = organizationId;
24790
25342
  cipher.collectionIds = collectionIds;
24791
- promises.push(this.encrypt(cipher).then((c) => {
25343
+ promises.push(this.encryptSharedCipher(cipher).then((c) => {
24792
25344
  encCiphers.push(c);
24793
25345
  }));
24794
25346
  }
@@ -24827,12 +25379,22 @@ class CipherService {
24827
25379
  }
24828
25380
  saveAttachmentRawWithServer(cipher, filename, data, admin = false) {
24829
25381
  return cipher_service_awaiter(this, void 0, void 0, function* () {
24830
- let encKey;
24831
- encKey = yield this.cryptoService.getOrgKey(cipher.organizationId);
24832
- encKey || (encKey = yield this.cryptoService.getUserKeyWithLegacySupport());
24833
- const dataEncKey = yield this.cryptoService.makeDataEncKey(encKey);
24834
- const encFileName = yield this.encryptService.encrypt(filename, encKey);
24835
- const encData = yield this.encryptService.encryptToBytes(data, dataEncKey[0]);
25382
+ const encKey = yield this.getKeyForCipherKeyDecryption(cipher);
25383
+ const cipherKeyEncryptionEnabled = yield this.getCipherKeyEncryptionEnabled();
25384
+ const cipherEncKey = cipherKeyEncryptionEnabled && cipher.key != null
25385
+ ? new SymmetricCryptoKey(yield this.encryptService.decryptToBytes(cipher.key, encKey))
25386
+ : encKey;
25387
+ //if cipher key encryption is disabled but the item has an individual key,
25388
+ //then we rollback to using the user key as the main key of encryption of the item
25389
+ //in order to keep item and it's attachments with the same encryption level
25390
+ if (cipher.key != null && !cipherKeyEncryptionEnabled) {
25391
+ const model = yield cipher.decrypt(yield this.getKeyForCipherKeyDecryption(cipher));
25392
+ cipher = yield this.encrypt(model);
25393
+ yield this.updateWithServer(cipher);
25394
+ }
25395
+ const encFileName = yield this.encryptService.encrypt(filename, cipherEncKey);
25396
+ const dataEncKey = yield this.cryptoService.makeDataEncKey(cipherEncKey);
25397
+ const encData = yield this.encryptService.encryptToBytes(new Uint8Array(data), dataEncKey[0]);
24836
25398
  const response = yield this.cipherFileUploadService.upload(cipher, encFileName, encData, admin, dataEncKey);
24837
25399
  const cData = new CipherData(response, cipher.collectionIds);
24838
25400
  if (!admin) {
@@ -25120,7 +25682,68 @@ class CipherService {
25120
25682
  yield this.restore(restores);
25121
25683
  });
25122
25684
  }
25685
+ getKeyForCipherKeyDecryption(cipher) {
25686
+ return cipher_service_awaiter(this, void 0, void 0, function* () {
25687
+ return ((yield this.cryptoService.getOrgKey(cipher.organizationId)) ||
25688
+ (yield this.cryptoService.getUserKeyWithLegacySupport()));
25689
+ });
25690
+ }
25123
25691
  // Helpers
25692
+ // In the case of a cipher that is being shared with an organization, we want to decrypt the
25693
+ // cipher key with the user's key and then re-encrypt it with the organization's key.
25694
+ encryptSharedCipher(model) {
25695
+ return cipher_service_awaiter(this, void 0, void 0, function* () {
25696
+ const keyForCipherKeyDecryption = yield this.cryptoService.getUserKeyWithLegacySupport();
25697
+ return yield this.encrypt(model, null, keyForCipherKeyDecryption);
25698
+ });
25699
+ }
25700
+ updateModelfromExistingCipher(model, originalCipher) {
25701
+ return cipher_service_awaiter(this, void 0, void 0, function* () {
25702
+ const existingCipher = yield originalCipher.decrypt(yield this.getKeyForCipherKeyDecryption(originalCipher));
25703
+ model.passwordHistory = existingCipher.passwordHistory || [];
25704
+ if (model.type === CipherType.Login && existingCipher.type === CipherType.Login) {
25705
+ if (existingCipher.login.password != null &&
25706
+ existingCipher.login.password !== "" &&
25707
+ existingCipher.login.password !== model.login.password) {
25708
+ const ph = new PasswordHistoryView();
25709
+ ph.password = existingCipher.login.password;
25710
+ ph.lastUsedDate = model.login.passwordRevisionDate = new Date();
25711
+ model.passwordHistory.splice(0, 0, ph);
25712
+ }
25713
+ else {
25714
+ model.login.passwordRevisionDate = existingCipher.login.passwordRevisionDate;
25715
+ }
25716
+ }
25717
+ if (existingCipher.hasFields) {
25718
+ const existingHiddenFields = existingCipher.fields.filter((f) => f.type === FieldType.Hidden &&
25719
+ f.name != null &&
25720
+ f.name !== "" &&
25721
+ f.value != null &&
25722
+ f.value !== "");
25723
+ const hiddenFields = model.fields == null
25724
+ ? []
25725
+ : model.fields.filter((f) => f.type === FieldType.Hidden && f.name != null && f.name !== "");
25726
+ existingHiddenFields.forEach((ef) => {
25727
+ const matchedField = hiddenFields.find((f) => f.name === ef.name);
25728
+ if (matchedField == null || matchedField.value !== ef.value) {
25729
+ const ph = new PasswordHistoryView();
25730
+ ph.password = ef.name + ": " + ef.value;
25731
+ ph.lastUsedDate = new Date();
25732
+ model.passwordHistory.splice(0, 0, ph);
25733
+ }
25734
+ });
25735
+ }
25736
+ });
25737
+ }
25738
+ adjustPasswordHistoryLength(model) {
25739
+ if (model.passwordHistory != null && model.passwordHistory.length === 0) {
25740
+ model.passwordHistory = null;
25741
+ }
25742
+ else if (model.passwordHistory != null && model.passwordHistory.length > 5) {
25743
+ // only save last 5 history
25744
+ model.passwordHistory = model.passwordHistory.slice(0, 5);
25745
+ }
25746
+ }
25124
25747
  shareAttachmentWithServer(attachmentView, cipherId, organizationId) {
25125
25748
  return cipher_service_awaiter(this, void 0, void 0, function* () {
25126
25749
  const attachmentResponse = yield this.apiService.nativeFetch(new Request(attachmentView.url, { cache: "no-store" }));
@@ -25211,6 +25834,27 @@ class CipherService {
25211
25834
  cipher.login.uris.push(loginUri);
25212
25835
  }
25213
25836
  }
25837
+ if (model.login.fido2Credentials != null) {
25838
+ cipher.login.fido2Credentials = yield Promise.all(model.login.fido2Credentials.map((viewKey) => cipher_service_awaiter(this, void 0, void 0, function* () {
25839
+ const domainKey = new Fido2Credential();
25840
+ yield this.encryptObjProperty(viewKey, domainKey, {
25841
+ credentialId: null,
25842
+ keyType: null,
25843
+ keyAlgorithm: null,
25844
+ keyCurve: null,
25845
+ keyValue: null,
25846
+ rpId: null,
25847
+ rpName: null,
25848
+ userHandle: null,
25849
+ userDisplayName: null,
25850
+ origin: null,
25851
+ }, key);
25852
+ domainKey.counter = yield this.cryptoService.encrypt(String(viewKey.counter), key);
25853
+ domainKey.discoverable = yield this.cryptoService.encrypt(String(viewKey.discoverable), key);
25854
+ domainKey.creationDate = viewKey.creationDate;
25855
+ return domainKey;
25856
+ })));
25857
+ }
25214
25858
  return;
25215
25859
  case CipherType.SecureNote:
25216
25860
  cipher.secureNote = new SecureNote();
@@ -25298,6 +25942,49 @@ class CipherService {
25298
25942
  clearSortedCiphers() {
25299
25943
  this.sortedCiphersCache.clear();
25300
25944
  }
25945
+ encryptCipher(model, cipher, key) {
25946
+ return cipher_service_awaiter(this, void 0, void 0, function* () {
25947
+ yield Promise.all([
25948
+ this.encryptObjProperty(model, cipher, {
25949
+ name: null,
25950
+ notes: null,
25951
+ }, key),
25952
+ this.encryptCipherData(cipher, model, key),
25953
+ this.encryptFields(model.fields, key).then((fields) => {
25954
+ cipher.fields = fields;
25955
+ }),
25956
+ this.encryptPasswordHistories(model.passwordHistory, key).then((ph) => {
25957
+ cipher.passwordHistory = ph;
25958
+ }),
25959
+ this.encryptAttachments(model.attachments, key).then((attachments) => {
25960
+ cipher.attachments = attachments;
25961
+ }),
25962
+ ]);
25963
+ return cipher;
25964
+ });
25965
+ }
25966
+ encryptCipherWithCipherKey(model, cipher, keyForCipherKeyEncryption, keyForCipherKeyDecryption) {
25967
+ return cipher_service_awaiter(this, void 0, void 0, function* () {
25968
+ // First, we get the key for cipher key encryption, in its decrypted form
25969
+ let decryptedCipherKey;
25970
+ if (cipher.key == null) {
25971
+ decryptedCipherKey = yield this.cryptoService.makeCipherKey();
25972
+ }
25973
+ else {
25974
+ decryptedCipherKey = new SymmetricCryptoKey(yield this.encryptService.decryptToBytes(cipher.key, keyForCipherKeyDecryption));
25975
+ }
25976
+ // Then, we have to encrypt the cipher key with the proper key.
25977
+ cipher.key = yield this.encryptService.encrypt(decryptedCipherKey.key, keyForCipherKeyEncryption);
25978
+ // Finally, we can encrypt the cipher with the decrypted cipher key.
25979
+ return this.encryptCipher(model, cipher, decryptedCipherKey);
25980
+ });
25981
+ }
25982
+ getCipherKeyEncryptionEnabled() {
25983
+ return cipher_service_awaiter(this, void 0, void 0, function* () {
25984
+ return (flagEnabled("enableCipherKeyEncryption") &&
25985
+ (yield (0,external_rxjs_namespaceObject.firstValueFrom)(this.configService.checkServerMeetsVersionRequirement$(CIPHER_KEY_ENC_MIN_SERVER_VER))));
25986
+ });
25987
+ }
25301
25988
  }
25302
25989
  cipher_service_decorate([
25303
25990
  sequentialize(() => "getAllDecrypted"),
@@ -26712,6 +27399,117 @@ class IdentityExport {
26712
27399
  }
26713
27400
  }
26714
27401
 
27402
+ ;// CONCATENATED MODULE: ../../libs/common/src/models/export/fido2-credential.export.ts
27403
+
27404
+
27405
+
27406
+ /**
27407
+ * Represents format of Fido2 Credentials in JSON exports.
27408
+ */
27409
+ class Fido2CredentialExport {
27410
+ /**
27411
+ * Generates a template for Fido2CredentialExport
27412
+ * @returns Instance of Fido2CredentialExport with predefined values.
27413
+ */
27414
+ static template() {
27415
+ const req = new Fido2CredentialExport();
27416
+ req.credentialId = "keyId";
27417
+ req.keyType = "keyType";
27418
+ req.keyAlgorithm = "keyAlgorithm";
27419
+ req.keyCurve = "keyCurve";
27420
+ req.keyValue = "keyValue";
27421
+ req.rpId = "rpId";
27422
+ req.userHandle = "userHandle";
27423
+ req.counter = "counter";
27424
+ req.rpName = "rpName";
27425
+ req.userDisplayName = "userDisplayName";
27426
+ req.discoverable = "false";
27427
+ req.creationDate = null;
27428
+ return req;
27429
+ }
27430
+ /**
27431
+ * Converts a Fido2CredentialExport object to its view representation.
27432
+ * @param req - The Fido2CredentialExport object to be converted.
27433
+ * @param view - (Optional) The Fido2CredentialView object to popualte with Fido2CredentialExport data
27434
+ * @returns Fido2CredentialView - The populated view, or a new instance if none was provided.
27435
+ */
27436
+ static toView(req, view = new Fido2CredentialView()) {
27437
+ view.credentialId = req.credentialId;
27438
+ view.keyType = req.keyType;
27439
+ view.keyAlgorithm = req.keyAlgorithm;
27440
+ view.keyCurve = req.keyCurve;
27441
+ view.keyValue = req.keyValue;
27442
+ view.rpId = req.rpId;
27443
+ view.userHandle = req.userHandle;
27444
+ view.counter = parseInt(req.counter);
27445
+ view.rpName = req.rpName;
27446
+ view.userDisplayName = req.userDisplayName;
27447
+ view.discoverable = req.discoverable === "true";
27448
+ view.creationDate = new Date(req.creationDate);
27449
+ return view;
27450
+ }
27451
+ /**
27452
+ * Converts a Fido2CredentialExport object to its domain representation.
27453
+ * @param req - The Fido2CredentialExport object to be converted.
27454
+ * @param domain - (Optional) The Fido2Credential object to popualte with Fido2CredentialExport data
27455
+ * @returns Fido2Credential - The populated domain, or a new instance if none was provided.
27456
+ */
27457
+ static toDomain(req, domain = new Fido2Credential()) {
27458
+ domain.credentialId = req.credentialId != null ? new EncString(req.credentialId) : null;
27459
+ domain.keyType = req.keyType != null ? new EncString(req.keyType) : null;
27460
+ domain.keyAlgorithm = req.keyAlgorithm != null ? new EncString(req.keyAlgorithm) : null;
27461
+ domain.keyCurve = req.keyCurve != null ? new EncString(req.keyCurve) : null;
27462
+ domain.keyValue = req.keyValue != null ? new EncString(req.keyValue) : null;
27463
+ domain.rpId = req.rpId != null ? new EncString(req.rpId) : null;
27464
+ domain.userHandle = req.userHandle != null ? new EncString(req.userHandle) : null;
27465
+ domain.counter = req.counter != null ? new EncString(req.counter) : null;
27466
+ domain.rpName = req.rpName != null ? new EncString(req.rpName) : null;
27467
+ domain.userDisplayName =
27468
+ req.userDisplayName != null ? new EncString(req.userDisplayName) : null;
27469
+ domain.discoverable = req.discoverable != null ? new EncString(req.discoverable) : null;
27470
+ domain.creationDate = req.creationDate;
27471
+ return domain;
27472
+ }
27473
+ /**
27474
+ * Constructs a new Fid2CredentialExport instance.
27475
+ *
27476
+ * @param o - The credential storing the data being exported. When not provided, an empty export is created instead.
27477
+ */
27478
+ constructor(o) {
27479
+ var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
27480
+ if (o == null) {
27481
+ return;
27482
+ }
27483
+ if (o instanceof Fido2CredentialView) {
27484
+ this.credentialId = o.credentialId;
27485
+ this.keyType = o.keyType;
27486
+ this.keyAlgorithm = o.keyAlgorithm;
27487
+ this.keyCurve = o.keyCurve;
27488
+ this.keyValue = o.keyValue;
27489
+ this.rpId = o.rpId;
27490
+ this.userHandle = o.userHandle;
27491
+ this.counter = String(o.counter);
27492
+ this.rpName = o.rpName;
27493
+ this.userDisplayName = o.userDisplayName;
27494
+ this.discoverable = String(o.discoverable);
27495
+ }
27496
+ else {
27497
+ this.credentialId = (_a = o.credentialId) === null || _a === void 0 ? void 0 : _a.encryptedString;
27498
+ this.keyType = (_b = o.keyType) === null || _b === void 0 ? void 0 : _b.encryptedString;
27499
+ this.keyAlgorithm = (_c = o.keyAlgorithm) === null || _c === void 0 ? void 0 : _c.encryptedString;
27500
+ this.keyCurve = (_d = o.keyCurve) === null || _d === void 0 ? void 0 : _d.encryptedString;
27501
+ this.keyValue = (_e = o.keyValue) === null || _e === void 0 ? void 0 : _e.encryptedString;
27502
+ this.rpId = (_f = o.rpId) === null || _f === void 0 ? void 0 : _f.encryptedString;
27503
+ this.userHandle = (_g = o.userHandle) === null || _g === void 0 ? void 0 : _g.encryptedString;
27504
+ this.counter = (_h = o.counter) === null || _h === void 0 ? void 0 : _h.encryptedString;
27505
+ this.rpName = (_j = o.rpName) === null || _j === void 0 ? void 0 : _j.encryptedString;
27506
+ this.userDisplayName = (_k = o.userDisplayName) === null || _k === void 0 ? void 0 : _k.encryptedString;
27507
+ this.discoverable = (_l = o.discoverable) === null || _l === void 0 ? void 0 : _l.encryptedString;
27508
+ }
27509
+ this.creationDate = o.creationDate;
27510
+ }
27511
+ }
27512
+
26715
27513
  ;// CONCATENATED MODULE: ../../libs/common/src/models/export/login-uri.export.ts
26716
27514
 
26717
27515
 
@@ -26754,6 +27552,7 @@ class LoginUriExport {
26754
27552
 
26755
27553
 
26756
27554
 
27555
+
26757
27556
  class LoginExport {
26758
27557
  static template() {
26759
27558
  const req = new LoginExport();
@@ -26761,6 +27560,7 @@ class LoginExport {
26761
27560
  req.username = "jdoe";
26762
27561
  req.password = "myp@ssword123";
26763
27562
  req.totp = "JBSWY3DPEHPK3PXP";
27563
+ req.fido2Credentials = [Fido2CredentialExport.template()];
26764
27564
  return req;
26765
27565
  }
26766
27566
  static toView(req, view = new LoginView()) {
@@ -26770,6 +27570,9 @@ class LoginExport {
26770
27570
  view.username = req.username;
26771
27571
  view.password = req.password;
26772
27572
  view.totp = req.totp;
27573
+ if (req.fido2Credentials != null) {
27574
+ view.fido2Credentials = req.fido2Credentials.map((key) => Fido2CredentialExport.toView(key));
27575
+ }
26773
27576
  return view;
26774
27577
  }
26775
27578
  static toDomain(req, domain = new Login()) {
@@ -26779,10 +27582,12 @@ class LoginExport {
26779
27582
  domain.username = req.username != null ? new EncString(req.username) : null;
26780
27583
  domain.password = req.password != null ? new EncString(req.password) : null;
26781
27584
  domain.totp = req.totp != null ? new EncString(req.totp) : null;
27585
+ // Fido2credentials are currently not supported for exports.
26782
27586
  return domain;
26783
27587
  }
26784
27588
  constructor(o) {
26785
27589
  var _a, _b, _c;
27590
+ this.fido2Credentials = [];
26786
27591
  if (o == null) {
26787
27592
  return;
26788
27593
  }
@@ -26794,6 +27599,9 @@ class LoginExport {
26794
27599
  this.uris = o.uris.map((u) => new LoginUriExport(u));
26795
27600
  }
26796
27601
  }
27602
+ if (o.fido2Credentials != null) {
27603
+ this.fido2Credentials = o.fido2Credentials.map((key) => new Fido2CredentialExport(key));
27604
+ }
26797
27605
  if (o instanceof LoginView) {
26798
27606
  this.username = o.username;
26799
27607
  this.password = o.password;
@@ -26961,6 +27769,7 @@ class CipherExport {
26961
27769
  domain.notes = req.notes != null ? new EncString(req.notes) : null;
26962
27770
  domain.favorite = req.favorite;
26963
27771
  domain.reprompt = (_a = req.reprompt) !== null && _a !== void 0 ? _a : CipherRepromptType.None;
27772
+ domain.key = req.key != null ? new EncString(req.key) : null;
26964
27773
  if (req.fields != null) {
26965
27774
  domain.fields = req.fields.map((f) => FieldExport.toDomain(f));
26966
27775
  }
@@ -26988,7 +27797,7 @@ class CipherExport {
26988
27797
  }
26989
27798
  // Use build method instead of ctor so that we can control order of JSON stringify for pretty print
26990
27799
  build(o) {
26991
- var _a, _b;
27800
+ var _a, _b, _c;
26992
27801
  this.organizationId = o.organizationId;
26993
27802
  this.folderId = o.folderId;
26994
27803
  this.type = o.type;
@@ -27000,6 +27809,7 @@ class CipherExport {
27000
27809
  else {
27001
27810
  this.name = (_a = o.name) === null || _a === void 0 ? void 0 : _a.encryptedString;
27002
27811
  this.notes = (_b = o.notes) === null || _b === void 0 ? void 0 : _b.encryptedString;
27812
+ this.key = (_c = o.key) === null || _c === void 0 ? void 0 : _c.encryptedString;
27003
27813
  }
27004
27814
  this.favorite = o.favorite;
27005
27815
  if (o.fields != null) {
@@ -27173,6 +27983,7 @@ class FolderWithIdExport extends FolderExport {
27173
27983
 
27174
27984
 
27175
27985
 
27986
+
27176
27987
 
27177
27988
  ;// CONCATENATED MODULE: ../../libs/exporter/src/export-helper.ts
27178
27989
  class ExportHelper {
@@ -27398,12 +28209,15 @@ class VaultExportService {
27398
28209
  if (exportData.ciphers != null && exportData.ciphers.length > 0) {
27399
28210
  exportData.ciphers
27400
28211
  .filter((c) => c.deletedDate === null)
27401
- .forEach((c) => {
28212
+ .forEach((c) => vault_export_service_awaiter(this, void 0, void 0, function* () {
27402
28213
  const cipher = new Cipher(new CipherData(c));
27403
- exportPromises.push(cipher.decrypt().then((decCipher) => {
28214
+ exportPromises.push(this.cipherService
28215
+ .getKeyForCipherKeyDecryption(cipher)
28216
+ .then((key) => cipher.decrypt(key))
28217
+ .then((decCipher) => {
27404
28218
  decCiphers.push(decCipher);
27405
28219
  }));
27406
- });
28220
+ }));
27407
28221
  }
27408
28222
  }
27409
28223
  return Promise.all(exportPromises);
@@ -28409,10 +29223,11 @@ var bitwarden_json_importer_awaiter = (undefined && undefined.__awaiter) || func
28409
29223
 
28410
29224
 
28411
29225
  class BitwardenJsonImporter extends base_importer_BaseImporter {
28412
- constructor(cryptoService, i18nService) {
29226
+ constructor(cryptoService, i18nService, cipherService) {
28413
29227
  super();
28414
29228
  this.cryptoService = cryptoService;
28415
29229
  this.i18nService = i18nService;
29230
+ this.cipherService = cipherService;
28416
29231
  }
28417
29232
  parse(data) {
28418
29233
  return bitwarden_json_importer_awaiter(this, void 0, void 0, function* () {
@@ -28472,7 +29287,7 @@ class BitwardenJsonImporter extends base_importer_BaseImporter {
28472
29287
  }
28473
29288
  });
28474
29289
  }
28475
- const view = yield cipher.decrypt();
29290
+ const view = yield cipher.decrypt(yield this.cipherService.getKeyForCipherKeyDecryption(cipher));
28476
29291
  this.cleanupCipher(view);
28477
29292
  this.result.ciphers.push(view);
28478
29293
  }
@@ -28584,8 +29399,8 @@ var bitwarden_password_protected_importer_awaiter = (undefined && undefined.__aw
28584
29399
 
28585
29400
 
28586
29401
  class BitwardenPasswordProtectedImporter extends BitwardenJsonImporter {
28587
- constructor(cryptoService, i18nService, promptForPassword_callback) {
28588
- super(cryptoService, i18nService);
29402
+ constructor(cryptoService, i18nService, cipherService, promptForPassword_callback) {
29403
+ super(cryptoService, i18nService, cipherService);
28589
29404
  this.promptForPassword_callback = promptForPassword_callback;
28590
29405
  }
28591
29406
  parse(data) {
@@ -33566,9 +34381,9 @@ const featuredImportOptions = [
33566
34381
  { id: "dashlanecsv", name: "Dashlane (csv)" },
33567
34382
  { id: "firefoxcsv", name: "Firefox (csv)" },
33568
34383
  { id: "keepass2xml", name: "KeePass 2 (xml)" },
33569
- { id: "lastpasscsv", name: "LastPass (csv)" },
34384
+ { id: "lastpasscsv", name: "LastPass" },
33570
34385
  { id: "safaricsv", name: "Safari and macOS (csv)" },
33571
- { id: "1password1pux", name: "1Password (1pux)" },
34386
+ { id: "1password1pux", name: "1Password (1pux/json)" },
33572
34387
  ];
33573
34388
  const regularImportOptions = [
33574
34389
  { id: "keepassxcsv", name: "KeePassX (csv)" },
@@ -33736,7 +34551,7 @@ class ImportService {
33736
34551
  return new BitwardenCsvImporter();
33737
34552
  case "bitwardenjson":
33738
34553
  case "bitwardenpasswordprotected":
33739
- return new BitwardenPasswordProtectedImporter(this.cryptoService, this.i18nService, promptForPassword_callback);
34554
+ return new BitwardenPasswordProtectedImporter(this.cryptoService, this.i18nService, this.cipherService, promptForPassword_callback);
33740
34555
  case "lastpasscsv":
33741
34556
  case "passboltcsv":
33742
34557
  return new LastPassCsvImporter();
@@ -33994,11 +34809,14 @@ class ImportService {
33994
34809
  }
33995
34810
  }
33996
34811
 
33997
- ;// CONCATENATED MODULE: ../../libs/importer/src/index.ts
34812
+ ;// CONCATENATED MODULE: ../../libs/importer/src/services/index.ts
33998
34813
 
33999
34814
 
34000
34815
 
34001
34816
 
34817
+
34818
+ ;// CONCATENATED MODULE: ../../libs/importer/src/index.ts
34819
+
34002
34820
 
34003
34821
 
34004
34822
  ;// CONCATENATED MODULE: external "crypto"
@@ -34160,17 +34978,17 @@ class NodeCryptoFunctionService {
34160
34978
  }
34161
34979
  return p;
34162
34980
  }
34163
- aesDecryptFast(parameters) {
34981
+ aesDecryptFast(parameters, mode) {
34164
34982
  return node_crypto_function_service_awaiter(this, void 0, void 0, function* () {
34165
- const decBuf = yield this.aesDecrypt(parameters.data, parameters.iv, parameters.encKey);
34983
+ const decBuf = yield this.aesDecrypt(parameters.data, parameters.iv, parameters.encKey, mode);
34166
34984
  return utils_Utils.fromBufferToUtf8(decBuf);
34167
34985
  });
34168
34986
  }
34169
- aesDecrypt(data, iv, key) {
34987
+ aesDecrypt(data, iv, key, mode) {
34170
34988
  const nodeData = this.toNodeBuffer(data);
34171
- const nodeIv = this.toNodeBuffer(iv);
34989
+ const nodeIv = mode === "ecb" ? null : this.toNodeBuffer(iv);
34172
34990
  const nodeKey = this.toNodeBuffer(key);
34173
- const decipher = external_crypto_namespaceObject.createDecipheriv("aes-256-cbc", nodeKey, nodeIv);
34991
+ const decipher = external_crypto_namespaceObject.createDecipheriv(this.toNodeCryptoAesMode(mode), nodeKey, nodeIv);
34174
34992
  const decBuf = Buffer.concat([decipher.update(nodeData), decipher.final()]);
34175
34993
  return Promise.resolve(this.toUint8Buffer(decBuf));
34176
34994
  }
@@ -34276,6 +35094,150 @@ class NodeCryptoFunctionService {
34276
35094
  const publicKey = external_node_forge_namespaceObject.pki.publicKeyFromAsn1(asn1);
34277
35095
  return external_node_forge_namespaceObject.pki.publicKeyToPem(publicKey);
34278
35096
  }
35097
+ toNodeCryptoAesMode(mode) {
35098
+ return mode === "cbc" ? "aes-256-cbc" : "aes-256-ecb";
35099
+ }
35100
+ }
35101
+
35102
+ ;// CONCATENATED MODULE: ../../libs/common/src/platform/abstractions/config/server-config.ts
35103
+ const dayInMilliseconds = 24 * 3600 * 1000;
35104
+ const eighteenHoursInMilliseconds = 18 * 3600 * 1000;
35105
+ class ServerConfig {
35106
+ constructor(serverConfigData) {
35107
+ var _a, _b;
35108
+ this.featureStates = {};
35109
+ this.version = serverConfigData.version;
35110
+ this.gitHash = serverConfigData.gitHash;
35111
+ this.server = serverConfigData.server;
35112
+ this.utcDate = new Date(serverConfigData.utcDate);
35113
+ this.environment = serverConfigData.environment;
35114
+ this.featureStates = serverConfigData.featureStates;
35115
+ if (((_a = this.server) === null || _a === void 0 ? void 0 : _a.name) == null && ((_b = this.server) === null || _b === void 0 ? void 0 : _b.url) == null) {
35116
+ this.server = null;
35117
+ }
35118
+ }
35119
+ getAgeInMilliseconds() {
35120
+ var _a;
35121
+ return new Date().getTime() - ((_a = this.utcDate) === null || _a === void 0 ? void 0 : _a.getTime());
35122
+ }
35123
+ isValid() {
35124
+ return this.getAgeInMilliseconds() <= dayInMilliseconds;
35125
+ }
35126
+ expiresSoon() {
35127
+ return this.getAgeInMilliseconds() >= eighteenHoursInMilliseconds;
35128
+ }
35129
+ static fromJSON(obj) {
35130
+ if (obj == null) {
35131
+ return null;
35132
+ }
35133
+ return new ServerConfig(obj);
35134
+ }
35135
+ }
35136
+
35137
+ ;// CONCATENATED MODULE: ../../libs/common/src/platform/services/config/config.service.ts
35138
+ var config_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
35139
+ function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
35140
+ return new (P || (P = Promise))(function (resolve, reject) {
35141
+ function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
35142
+ function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
35143
+ function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
35144
+ step((generator = generator.apply(thisArg, _arguments || [])).next());
35145
+ });
35146
+ };
35147
+
35148
+
35149
+
35150
+
35151
+
35152
+
35153
+ const ONE_HOUR_IN_MILLISECONDS = 1000 * 3600;
35154
+ class ConfigService {
35155
+ constructor(stateService, configApiService, authService, environmentService, logService,
35156
+ // Used to avoid duplicate subscriptions, e.g. in browser between the background and popup
35157
+ subscribe = true) {
35158
+ this.stateService = stateService;
35159
+ this.configApiService = configApiService;
35160
+ this.authService = authService;
35161
+ this.environmentService = environmentService;
35162
+ this.logService = logService;
35163
+ this.subscribe = subscribe;
35164
+ this.inited = false;
35165
+ this._serverConfig = new external_rxjs_namespaceObject.ReplaySubject(1);
35166
+ this.serverConfig$ = this._serverConfig.asObservable();
35167
+ this._forceFetchConfig = new external_rxjs_namespaceObject.Subject();
35168
+ this.refreshTimer$ = (0,external_rxjs_namespaceObject.timer)(ONE_HOUR_IN_MILLISECONDS, ONE_HOUR_IN_MILLISECONDS); // after 1 hour, then every hour
35169
+ this.cloudRegion$ = this.serverConfig$.pipe((0,external_rxjs_namespaceObject.map)((config) => { var _a, _b; return (_b = (_a = config === null || config === void 0 ? void 0 : config.environment) === null || _a === void 0 ? void 0 : _a.cloudRegion) !== null && _b !== void 0 ? _b : Region.US; }));
35170
+ }
35171
+ init() {
35172
+ if (!this.subscribe || this.inited) {
35173
+ return;
35174
+ }
35175
+ const latestServerConfig$ = (0,external_rxjs_namespaceObject.defer)(() => this.configApiService.get()).pipe((0,external_rxjs_namespaceObject.map)((response) => new ServerConfigData(response)), (0,external_rxjs_namespaceObject.delayWhen)((data) => this.saveConfig(data)), (0,external_rxjs_namespaceObject.catchError)((e) => {
35176
+ // fall back to stored ServerConfig (if any)
35177
+ this.logService.error("Unable to fetch ServerConfig: " + (e === null || e === void 0 ? void 0 : e.message));
35178
+ return this.stateService.getServerConfig();
35179
+ }));
35180
+ // If you need to fetch a new config when an event occurs, add an observable that emits on that event here
35181
+ (0,external_rxjs_namespaceObject.merge)(this.refreshTimer$, // an overridable interval
35182
+ this.environmentService.urls, // when environment URLs change (including when app is started)
35183
+ this._forceFetchConfig // manual
35184
+ )
35185
+ .pipe((0,external_rxjs_namespaceObject.concatMap)(() => latestServerConfig$), (0,external_rxjs_namespaceObject.map)((data) => (data == null ? null : new ServerConfig(data))))
35186
+ .subscribe((config) => this._serverConfig.next(config));
35187
+ this.inited = true;
35188
+ }
35189
+ getFeatureFlag$(key, defaultValue) {
35190
+ return this.serverConfig$.pipe((0,external_rxjs_namespaceObject.map)((serverConfig) => {
35191
+ if ((serverConfig === null || serverConfig === void 0 ? void 0 : serverConfig.featureStates) == null || serverConfig.featureStates[key] == null) {
35192
+ return defaultValue;
35193
+ }
35194
+ return serverConfig.featureStates[key];
35195
+ }));
35196
+ }
35197
+ getFeatureFlag(key, defaultValue) {
35198
+ return config_service_awaiter(this, void 0, void 0, function* () {
35199
+ return yield (0,external_rxjs_namespaceObject.firstValueFrom)(this.getFeatureFlag$(key, defaultValue));
35200
+ });
35201
+ }
35202
+ triggerServerConfigFetch() {
35203
+ this._forceFetchConfig.next();
35204
+ }
35205
+ saveConfig(data) {
35206
+ var _a;
35207
+ return config_service_awaiter(this, void 0, void 0, function* () {
35208
+ if ((yield this.authService.getAuthStatus()) === AuthenticationStatus.LoggedOut) {
35209
+ return;
35210
+ }
35211
+ yield this.stateService.setServerConfig(data);
35212
+ this.environmentService.setCloudWebVaultUrl((_a = data.environment) === null || _a === void 0 ? void 0 : _a.cloudRegion);
35213
+ });
35214
+ }
35215
+ /**
35216
+ * Verifies whether the server version meets the minimum required version
35217
+ * @param minimumRequiredServerVersion The minimum version required
35218
+ * @returns True if the server version is greater than or equal to the minimum required version
35219
+ */
35220
+ checkServerMeetsVersionRequirement$(minimumRequiredServerVersion) {
35221
+ return this.serverConfig$.pipe((0,external_rxjs_namespaceObject.map)((serverConfig) => {
35222
+ if (serverConfig == null) {
35223
+ return false;
35224
+ }
35225
+ const serverVersion = new external_semver_namespaceObject.SemVer(serverConfig.version);
35226
+ return serverVersion.compare(minimumRequiredServerVersion) >= 0;
35227
+ }));
35228
+ }
35229
+ }
35230
+
35231
+ ;// CONCATENATED MODULE: ./src/platform/services/cli-config.service.ts
35232
+
35233
+
35234
+ class CliConfigService extends ConfigService {
35235
+ constructor() {
35236
+ super(...arguments);
35237
+ // The rxjs timer uses setTimeout/setInterval under the hood, which prevents the node process from exiting
35238
+ // when the command is finished. Cli should never be alive long enough to use the timer, so we disable it.
35239
+ this.refreshTimer$ = external_rxjs_namespaceObject.NEVER;
35240
+ }
34279
35241
  }
34280
35242
 
34281
35243
  ;// CONCATENATED MODULE: external "child_process"
@@ -34958,6 +35920,7 @@ class CipherResponse extends BaseResponse {
34958
35920
  this.passwordHistory = passwordHistory.map((h) => new PasswordHistoryResponse(h));
34959
35921
  }
34960
35922
  this.reprompt = this.getResponseProperty("Reprompt") || CipherRepromptType.None;
35923
+ this.key = this.getResponseProperty("Key") || null;
34961
35924
  }
34962
35925
  }
34963
35926
 
@@ -34977,6 +35940,7 @@ class CollectionDetailsResponse extends CollectionResponse {
34977
35940
  constructor(response) {
34978
35941
  super(response);
34979
35942
  this.readOnly = this.getResponseProperty("ReadOnly") || false;
35943
+ this.hidePasswords = this.getResponseProperty("HidePasswords") || false;
34980
35944
  }
34981
35945
  }
34982
35946
  class CollectionAccessDetailsResponse extends CollectionResponse {
@@ -36157,7 +37121,7 @@ class ApiService {
36157
37121
  // Plan APIs
36158
37122
  getPlans() {
36159
37123
  return api_service_awaiter(this, void 0, void 0, function* () {
36160
- const r = yield this.send("GET", "/plans/all", null, false, true);
37124
+ const r = yield this.send("GET", "/plans", null, false, true);
36161
37125
  return new ListResponse(r, PlanResponse);
36162
37126
  });
36163
37127
  }
@@ -37400,6 +38364,9 @@ class LoginCommand {
37400
38364
  else {
37401
38365
  response = yield this.authService.logIn(new PasswordLogInCredentials(email, password, null, twoFactor));
37402
38366
  }
38367
+ if (response.requiresEncryptionKeyMigration) {
38368
+ return Response.error("Encryption key migration required. Please login through the web vault to update your encryption key.");
38369
+ }
37403
38370
  if (response.captchaSiteKey) {
37404
38371
  const credentials = new PasswordLogInCredentials(email, password);
37405
38372
  const handledResponse = yield this.handleCaptchaRequired(twoFactor, credentials);
@@ -38724,11 +39691,11 @@ class ShareCommand {
38724
39691
  if (cipher.organizationId != null) {
38725
39692
  return Response.badRequest("This item already belongs to an organization.");
38726
39693
  }
38727
- const cipherView = yield cipher.decrypt();
39694
+ const cipherView = yield cipher.decrypt(yield this.cipherService.getKeyForCipherKeyDecryption(cipher));
38728
39695
  try {
38729
39696
  yield this.cipherService.shareWithServer(cipherView, organizationId, req);
38730
39697
  const updatedCipher = yield this.cipherService.get(cipher.id);
38731
- const decCipher = yield updatedCipher.decrypt();
39698
+ const decCipher = yield updatedCipher.decrypt(yield this.cipherService.getKeyForCipherKeyDecryption(updatedCipher));
38732
39699
  const res = new cipher_response_CipherResponse(decCipher);
38733
39700
  return Response.success(res);
38734
39701
  }
@@ -39824,7 +40791,7 @@ class CreateCommand {
39824
40791
  try {
39825
40792
  yield this.cipherService.createWithServer(cipher);
39826
40793
  const newCipher = yield this.cipherService.get(cipher.id);
39827
- const decCipher = yield newCipher.decrypt();
40794
+ const decCipher = yield newCipher.decrypt(yield this.cipherService.getKeyForCipherKeyDecryption(newCipher));
39828
40795
  const res = new cipher_response_CipherResponse(decCipher);
39829
40796
  return Response.success(res);
39830
40797
  }
@@ -39877,7 +40844,7 @@ class CreateCommand {
39877
40844
  try {
39878
40845
  yield this.cipherService.saveAttachmentRawWithServer(cipher, fileName, new Uint8Array(fileBuf).buffer);
39879
40846
  const updatedCipher = yield this.cipherService.get(cipher.id);
39880
- const decCipher = yield updatedCipher.decrypt();
40847
+ const decCipher = yield updatedCipher.decrypt(yield this.cipherService.getKeyForCipherKeyDecryption(updatedCipher));
39881
40848
  return Response.success(new cipher_response_CipherResponse(decCipher));
39882
40849
  }
39883
40850
  catch (e) {
@@ -40200,7 +41167,7 @@ class EditCommand {
40200
41167
  if (cipher == null) {
40201
41168
  return Response.notFound();
40202
41169
  }
40203
- let cipherView = yield cipher.decrypt();
41170
+ let cipherView = yield cipher.decrypt(yield this.cipherService.getKeyForCipherKeyDecryption(cipher));
40204
41171
  if (cipherView.isDeleted) {
40205
41172
  return Response.badRequest("You may not edit a deleted item. Use the restore command first.");
40206
41173
  }
@@ -40209,7 +41176,7 @@ class EditCommand {
40209
41176
  try {
40210
41177
  yield this.cipherService.updateWithServer(encCipher);
40211
41178
  const updatedCipher = yield this.cipherService.get(cipher.id);
40212
- const decCipher = yield updatedCipher.decrypt();
41179
+ const decCipher = yield updatedCipher.decrypt(yield this.cipherService.getKeyForCipherKeyDecryption(updatedCipher));
40213
41180
  const res = new cipher_response_CipherResponse(decCipher);
40214
41181
  return Response.success(res);
40215
41182
  }
@@ -40231,7 +41198,7 @@ class EditCommand {
40231
41198
  try {
40232
41199
  yield this.cipherService.saveCollectionsWithServer(cipher);
40233
41200
  const updatedCipher = yield this.cipherService.get(cipher.id);
40234
- const decCipher = yield updatedCipher.decrypt();
41201
+ const decCipher = yield updatedCipher.decrypt(yield this.cipherService.getKeyForCipherKeyDecryption(updatedCipher));
40235
41202
  const res = new cipher_response_CipherResponse(decCipher);
40236
41203
  return Response.success(res);
40237
41204
  }
@@ -40448,7 +41415,7 @@ class GetCommand extends DownloadCommand {
40448
41415
  if (utils_Utils.isGuid(id)) {
40449
41416
  const cipher = yield this.cipherService.get(id);
40450
41417
  if (cipher != null) {
40451
- decCipher = yield cipher.decrypt();
41418
+ decCipher = yield cipher.decrypt(yield this.cipherService.getKeyForCipherKeyDecryption(cipher));
40452
41419
  }
40453
41420
  }
40454
41421
  else if (id.trim() !== "") {
@@ -42514,7 +43481,7 @@ class ImportCommand {
42514
43481
  }
42515
43482
  try {
42516
43483
  let contents;
42517
- if (format === "1password1pux") {
43484
+ if (format === "1password1pux" && filepath.endsWith(".1pux")) {
42518
43485
  contents = yield CliUtils.extractZipContent(filepath, "export.data");
42519
43486
  }
42520
43487
  else if (format === "protonpass" && filepath.endsWith(".zip")) {
@@ -43030,6 +43997,9 @@ var bw_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argum
43030
43997
 
43031
43998
 
43032
43999
 
44000
+
44001
+
44002
+
43033
44003
 
43034
44004
 
43035
44005
 
@@ -43068,7 +44038,8 @@ class Main {
43068
44038
  this.storageService = new LowdbStorageService(this.logService, null, p, false, true);
43069
44039
  this.secureStorageService = new NodeEnvSecureStorageService(this.storageService, this.logService, () => this.cryptoService);
43070
44040
  this.memoryStorageService = new MemoryStorageService();
43071
- this.stateService = new StateService(this.storageService, this.secureStorageService, this.memoryStorageService, this.logService, new StateFactory(GlobalState, Account));
44041
+ this.accountService = new AccountServiceImplementation(null, this.logService);
44042
+ this.stateService = new StateService(this.storageService, this.secureStorageService, this.memoryStorageService, this.logService, new StateFactory(GlobalState, Account), this.accountService);
43072
44043
  this.cryptoService = new CryptoService(this.cryptoFunctionService, this.encryptService, this.platformUtilsService, this.logService, this.stateService);
43073
44044
  this.appIdService = new AppIdService(this.storageService);
43074
44045
  this.tokenService = new TokenService(this.stateService);
@@ -43089,10 +44060,7 @@ class Main {
43089
44060
  this.cipherFileUploadService = new CipherFileUploadService(this.apiService, this.fileUploadService);
43090
44061
  this.sendApiService = this.sendApiService = new SendApiService(this.apiService, this.fileUploadService, this.sendService);
43091
44062
  this.searchService = new SearchService(this.logService, this.i18nService);
43092
- this.cipherService = new CipherService(this.cryptoService, this.settingsService, this.apiService, this.i18nService, this.searchService, this.stateService, this.encryptService, this.cipherFileUploadService);
43093
44063
  this.broadcasterService = new BroadcasterService();
43094
- this.folderService = new FolderService(this.cryptoService, this.i18nService, this.cipherService, this.stateService);
43095
- this.folderApiService = new FolderApiService(this.folderService, this.apiService);
43096
44064
  this.collectionService = new CollectionService(this.cryptoService, this.i18nService, this.stateService);
43097
44065
  this.providerService = new ProviderService(this.stateService);
43098
44066
  this.organizationService = new organization_service_OrganizationService(this.stateService);
@@ -43107,6 +44075,11 @@ class Main {
43107
44075
  this.deviceTrustCryptoService = new DeviceTrustCryptoService(this.cryptoFunctionService, this.cryptoService, this.encryptService, this.stateService, this.appIdService, this.devicesApiService, this.i18nService, this.platformUtilsService);
43108
44076
  this.authRequestCryptoService = new AuthRequestCryptoServiceImplementation(this.cryptoService);
43109
44077
  this.authService = new AuthService(this.cryptoService, this.apiService, this.tokenService, this.appIdService, this.platformUtilsService, this.messagingService, this.logService, this.keyConnectorService, this.environmentService, this.stateService, this.twoFactorService, this.i18nService, this.encryptService, this.passwordStrengthService, this.policyService, this.deviceTrustCryptoService, this.authRequestCryptoService);
44078
+ this.configApiService = new ConfigApiService(this.apiService, this.authService);
44079
+ this.configService = new CliConfigService(this.stateService, this.configApiService, this.authService, this.environmentService, this.logService, true);
44080
+ this.cipherService = new CipherService(this.cryptoService, this.settingsService, this.apiService, this.i18nService, this.searchService, this.stateService, this.encryptService, this.cipherFileUploadService, this.configService);
44081
+ this.folderService = new FolderService(this.cryptoService, this.i18nService, this.cipherService, this.stateService);
44082
+ this.folderApiService = new FolderApiService(this.folderService, this.apiService);
43110
44083
  const lockedCallback = (userId) => bw_awaiter(this, void 0, void 0, function* () { return yield this.cryptoService.clearStoredUserKey(KeySuffixOptions.Auto); });
43111
44084
  this.userVerificationService = new UserVerificationService(this.stateService, this.cryptoService, this.i18nService, this.userVerificationApiService);
43112
44085
  this.vaultTimeoutSettingsService = new VaultTimeoutSettingsService(this.cryptoService, this.tokenService, this.policyService, this.stateService, this.userVerificationService);
@@ -43163,6 +44136,7 @@ class Main {
43163
44136
  const locale = yield this.stateService.getLocale();
43164
44137
  yield this.i18nService.init(locale);
43165
44138
  this.twoFactorService.init();
44139
+ this.configService.init();
43166
44140
  const installedVersion = yield this.stateService.getInstalledVersion();
43167
44141
  const currentVersion = yield this.platformUtilsService.getApplicationVersion();
43168
44142
  if (installedVersion == null || installedVersion !== currentVersion) {