@bitwarden/cli 2023.9.1 → 2023.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/bw.js +684 -83
- package/build/bw.js.map +1 -1
- package/package.json +1 -1
package/build/bw.js
CHANGED
|
@@ -20,7 +20,7 @@ module.exports = require("url");
|
|
|
20
20
|
/***/ 147:
|
|
21
21
|
/***/ ((module) => {
|
|
22
22
|
|
|
23
|
-
module.exports = JSON.parse('{"name":"@bitwarden/cli","description":"A secure and free password manager for all of your devices.","version":"2023.
|
|
23
|
+
module.exports = JSON.parse('{"name":"@bitwarden/cli","description":"A secure and free password manager for all of your devices.","version":"2023.10.0","keywords":["bitwarden","password","vault","password manager","cli"],"author":"Bitwarden Inc. <hello@bitwarden.com> (https://bitwarden.com)","homepage":"https://bitwarden.com","repository":{"type":"git","url":"https://github.com/bitwarden/clients"},"license":"GPL-3.0-only","scripts":{"clean":"rimraf dist","build":"webpack","build:debug":"npm run build && node --inspect ./build/bw.js","build:watch":"webpack --watch","build:prod":"cross-env NODE_ENV=production webpack","build:prod:watch":"cross-env NODE_ENV=production webpack --watch","package":"npm run package:win && npm run package:mac && npm run package:lin","package:win":"pkg . --targets win-x64 --output ./dist/windows/bw.exe","package:mac":"pkg . --targets macos-x64 --output ./dist/macos/bw","package:lin":"pkg . --targets linux-x64 --output ./dist/linux/bw","debug":"node --inspect ./build/bw.js","dist":"npm run build:prod && npm run clean && npm run package","dist:win":"npm run build:prod && npm run clean && npm run package:win","dist:mac":"npm run build:prod && npm run clean && npm run package:mac","dist:lin":"npm run build:prod && npm run clean && npm run package:lin","publish:npm":"npm run build:prod && npm publish --access public","test":"jest","test:watch":"jest --watch","test:watch:all":"jest --watchAll"},"bin":{"bw":"build/bw.js"},"pkg":{"assets":["./build/**/*","../../node_modules/argon2/**/*"]},"dependencies":{"@koa/multer":"3.0.2","@koa/router":"12.0.0","argon2":"0.31.0","big-integer":"1.6.51","browser-hrtime":"1.1.8","chalk":"4.1.2","commander":"7.2.0","form-data":"4.0.0","https-proxy-agent":"5.0.1","inquirer":"8.2.6","jsdom":"22.1.0","jszip":"3.10.1","koa":"2.14.2","koa-bodyparser":"4.4.1","koa-json":"2.0.2","lowdb":"1.0.0","lunr":"2.3.9","multer":"1.4.5-lts.1","node-fetch":"2.6.12","node-forge":"1.3.1","open":"8.4.2","papaparse":"5.4.1","proper-lockfile":"4.1.2","rxjs":"7.8.1","tldts":"6.0.14","zxcvbn":"4.4.2"}}');
|
|
24
24
|
|
|
25
25
|
/***/ })
|
|
26
26
|
|
|
@@ -360,15 +360,6 @@ class PlanResponse extends BaseResponse {
|
|
|
360
360
|
this.nameLocalizationKey = this.getResponseProperty("NameLocalizationKey");
|
|
361
361
|
this.descriptionLocalizationKey = this.getResponseProperty("DescriptionLocalizationKey");
|
|
362
362
|
this.canBeUsedByBusiness = this.getResponseProperty("CanBeUsedByBusiness");
|
|
363
|
-
this.baseSeats = this.getResponseProperty("BaseSeats");
|
|
364
|
-
this.baseStorageGb = this.getResponseProperty("BaseStorageGb");
|
|
365
|
-
this.maxCollections = this.getResponseProperty("MaxCollections");
|
|
366
|
-
this.maxUsers = this.getResponseProperty("MaxUsers");
|
|
367
|
-
this.hasAdditionalSeatsOption = this.getResponseProperty("HasAdditionalSeatsOption");
|
|
368
|
-
this.maxAdditionalSeats = this.getResponseProperty("MaxAdditionalSeats");
|
|
369
|
-
this.hasAdditionalStorageOption = this.getResponseProperty("HasAdditionalStorageOption");
|
|
370
|
-
this.maxAdditionalStorage = this.getResponseProperty("MaxAdditionalStorage");
|
|
371
|
-
this.hasPremiumAccessOption = this.getResponseProperty("HasPremiumAccessOption");
|
|
372
363
|
this.trialPeriodDays = this.getResponseProperty("TrialPeriodDays");
|
|
373
364
|
this.hasSelfHost = this.getResponseProperty("HasSelfHost");
|
|
374
365
|
this.hasPolicies = this.getResponseProperty("HasPolicies");
|
|
@@ -385,22 +376,53 @@ class PlanResponse extends BaseResponse {
|
|
|
385
376
|
this.displaySortOrder = this.getResponseProperty("SortOrder");
|
|
386
377
|
this.legacyYear = this.getResponseProperty("LegacyYear");
|
|
387
378
|
this.disabled = this.getResponseProperty("Disabled");
|
|
388
|
-
|
|
379
|
+
const passwordManager = this.getResponseProperty("PasswordManager");
|
|
380
|
+
const secretsManager = this.getResponseProperty("SecretsManager");
|
|
381
|
+
this.PasswordManager =
|
|
382
|
+
passwordManager == null ? null : new PasswordManagerPlanFeaturesResponse(passwordManager);
|
|
383
|
+
this.SecretsManager =
|
|
384
|
+
secretsManager == null ? null : new SecretsManagerPlanFeaturesResponse(secretsManager);
|
|
385
|
+
}
|
|
386
|
+
}
|
|
387
|
+
class SecretsManagerPlanFeaturesResponse extends BaseResponse {
|
|
388
|
+
constructor(response) {
|
|
389
|
+
super(response);
|
|
389
390
|
this.stripeSeatPlanId = this.getResponseProperty("StripeSeatPlanId");
|
|
390
|
-
this.
|
|
391
|
-
this.stripePremiumAccessPlanId = this.getResponseProperty("StripePremiumAccessPlanId");
|
|
391
|
+
this.baseSeats = this.getResponseProperty("BaseSeats");
|
|
392
392
|
this.basePrice = this.getResponseProperty("BasePrice");
|
|
393
393
|
this.seatPrice = this.getResponseProperty("SeatPrice");
|
|
394
|
-
this.
|
|
395
|
-
this.
|
|
396
|
-
this.
|
|
394
|
+
this.hasAdditionalSeatsOption = this.getResponseProperty("HasAdditionalSeatsOption");
|
|
395
|
+
this.maxAdditionalSeats = this.getResponseProperty("MaxAdditionalSeats");
|
|
396
|
+
this.maxSeats = this.getResponseProperty("MaxSeats");
|
|
397
|
+
this.stripeServiceAccountPlanId = this.getResponseProperty("StripeServiceAccountPlanId");
|
|
397
398
|
this.additionalPricePerServiceAccount = this.getResponseProperty("AdditionalPricePerServiceAccount");
|
|
398
399
|
this.baseServiceAccount = this.getResponseProperty("BaseServiceAccount");
|
|
399
400
|
this.maxServiceAccount = this.getResponseProperty("MaxServiceAccount");
|
|
400
401
|
this.hasAdditionalServiceAccountOption = this.getResponseProperty("HasAdditionalServiceAccountOption");
|
|
401
|
-
this.maxProjects = this.getResponseProperty("MaxProjects");
|
|
402
402
|
this.maxAdditionalServiceAccounts = this.getResponseProperty("MaxAdditionalServiceAccounts");
|
|
403
|
-
this.
|
|
403
|
+
this.maxProjects = this.getResponseProperty("MaxProjects");
|
|
404
|
+
}
|
|
405
|
+
}
|
|
406
|
+
class PasswordManagerPlanFeaturesResponse extends BaseResponse {
|
|
407
|
+
constructor(response) {
|
|
408
|
+
super(response);
|
|
409
|
+
this.stripePlanId = this.getResponseProperty("StripePlanId");
|
|
410
|
+
this.stripeSeatPlanId = this.getResponseProperty("StripeSeatPlanId");
|
|
411
|
+
this.stripeStoragePlanId = this.getResponseProperty("StripeStoragePlanId");
|
|
412
|
+
this.stripePremiumAccessPlanId = this.getResponseProperty("StripePremiumAccessPlanId");
|
|
413
|
+
this.basePrice = this.getResponseProperty("BasePrice");
|
|
414
|
+
this.seatPrice = this.getResponseProperty("SeatPrice");
|
|
415
|
+
this.baseSeats = this.getResponseProperty("BaseSeats");
|
|
416
|
+
this.maxAdditionalSeats = this.getResponseProperty("MaxAdditionalSeats");
|
|
417
|
+
this.premiumAccessOptionPrice = this.getResponseProperty("PremiumAccessOptionPrice");
|
|
418
|
+
this.maxSeats = this.getResponseProperty("MaxSeats");
|
|
419
|
+
this.additionalStoragePricePerGb = this.getResponseProperty("AdditionalStoragePricePerGb");
|
|
420
|
+
this.hasAdditionalSeatsOption = this.getResponseProperty("HasAdditionalSeatsOption");
|
|
421
|
+
this.baseStorageGb = this.getResponseProperty("BaseStorageGb");
|
|
422
|
+
this.maxCollections = this.getResponseProperty("MaxCollections");
|
|
423
|
+
this.hasAdditionalStorageOption = this.getResponseProperty("HasAdditionalStorageOption");
|
|
424
|
+
this.maxAdditionalStorage = this.getResponseProperty("MaxAdditionalStorage");
|
|
425
|
+
this.hasPremiumAccessOption = this.getResponseProperty("HasPremiumAccessOption");
|
|
404
426
|
}
|
|
405
427
|
}
|
|
406
428
|
|
|
@@ -421,9 +443,6 @@ class OrganizationResponse extends BaseResponse {
|
|
|
421
443
|
this.billingEmail = this.getResponseProperty("BillingEmail");
|
|
422
444
|
const plan = this.getResponseProperty("Plan");
|
|
423
445
|
this.plan = plan == null ? null : new PlanResponse(plan);
|
|
424
|
-
const secretsManagerPlan = this.getResponseProperty("SecretsManagerPlan");
|
|
425
|
-
this.secretsManagerPlan =
|
|
426
|
-
secretsManagerPlan == null ? null : new PlanResponse(secretsManagerPlan);
|
|
427
446
|
this.planType = this.getResponseProperty("PlanType");
|
|
428
447
|
this.seats = this.getResponseProperty("Seats");
|
|
429
448
|
this.maxAutoscaleSeats = this.getResponseProperty("MaxAutoscaleSeats");
|
|
@@ -459,11 +478,13 @@ class SubscriptionResponse extends BaseResponse {
|
|
|
459
478
|
this.usingInAppPurchase = this.getResponseProperty("UsingInAppPurchase");
|
|
460
479
|
const subscription = this.getResponseProperty("Subscription");
|
|
461
480
|
const upcomingInvoice = this.getResponseProperty("UpcomingInvoice");
|
|
481
|
+
const discount = this.getResponseProperty("Discount");
|
|
462
482
|
this.subscription = subscription == null ? null : new BillingSubscriptionResponse(subscription);
|
|
463
483
|
this.upcomingInvoice =
|
|
464
484
|
upcomingInvoice == null
|
|
465
485
|
? null
|
|
466
486
|
: new BillingSubscriptionUpcomingInvoiceResponse(upcomingInvoice);
|
|
487
|
+
this.discount = discount == null ? null : new BillingCustomerDiscount(discount);
|
|
467
488
|
}
|
|
468
489
|
}
|
|
469
490
|
class BillingSubscriptionResponse extends BaseResponse {
|
|
@@ -493,7 +514,6 @@ class BillingSubscriptionItemResponse extends BaseResponse {
|
|
|
493
514
|
this.interval = this.getResponseProperty("Interval");
|
|
494
515
|
this.sponsoredSubscriptionItem = this.getResponseProperty("SponsoredSubscriptionItem");
|
|
495
516
|
this.addonSubscriptionItem = this.getResponseProperty("AddonSubscriptionItem");
|
|
496
|
-
this.bitwardenProduct = this.getResponseProperty("BitwardenProduct");
|
|
497
517
|
}
|
|
498
518
|
}
|
|
499
519
|
class BillingSubscriptionUpcomingInvoiceResponse extends BaseResponse {
|
|
@@ -503,6 +523,13 @@ class BillingSubscriptionUpcomingInvoiceResponse extends BaseResponse {
|
|
|
503
523
|
this.amount = this.getResponseProperty("Amount");
|
|
504
524
|
}
|
|
505
525
|
}
|
|
526
|
+
class BillingCustomerDiscount extends BaseResponse {
|
|
527
|
+
constructor(response) {
|
|
528
|
+
super(response);
|
|
529
|
+
this.id = this.getResponseProperty("Id");
|
|
530
|
+
this.active = this.getResponseProperty("Active");
|
|
531
|
+
}
|
|
532
|
+
}
|
|
506
533
|
|
|
507
534
|
;// CONCATENATED MODULE: ../../libs/common/src/billing/models/response/organization-subscription.response.ts
|
|
508
535
|
|
|
@@ -519,6 +546,8 @@ class OrganizationSubscriptionResponse extends OrganizationResponse {
|
|
|
519
546
|
upcomingInvoice == null
|
|
520
547
|
? null
|
|
521
548
|
: new BillingSubscriptionUpcomingInvoiceResponse(upcomingInvoice);
|
|
549
|
+
const discount = this.getResponseProperty("Discount");
|
|
550
|
+
this.discount = discount == null ? null : new BillingCustomerDiscount(discount);
|
|
522
551
|
this.expiration = this.getResponseProperty("Expiration");
|
|
523
552
|
this.expirationWithoutGracePeriod = this.getResponseProperty("ExpirationWithoutGracePeriod");
|
|
524
553
|
this.secretsManagerBeta = this.getResponseProperty("SecretsManagerBeta");
|
|
@@ -1530,9 +1559,9 @@ var ClientType;
|
|
|
1530
1559
|
ClientType["Web"] = "web";
|
|
1531
1560
|
ClientType["Browser"] = "browser";
|
|
1532
1561
|
ClientType["Desktop"] = "desktop";
|
|
1533
|
-
|
|
1562
|
+
// Mobile = "mobile",
|
|
1534
1563
|
ClientType["Cli"] = "cli";
|
|
1535
|
-
|
|
1564
|
+
// DirectoryConnector = "connector",
|
|
1536
1565
|
})(ClientType || (ClientType = {}));
|
|
1537
1566
|
|
|
1538
1567
|
;// CONCATENATED MODULE: ../../libs/common/src/enums/device-type.enum.ts
|
|
@@ -3308,6 +3337,96 @@ class ProviderService {
|
|
|
3308
3337
|
}
|
|
3309
3338
|
}
|
|
3310
3339
|
|
|
3340
|
+
;// CONCATENATED MODULE: ../../libs/common/src/auth/enums/authentication-status.ts
|
|
3341
|
+
var AuthenticationStatus;
|
|
3342
|
+
(function (AuthenticationStatus) {
|
|
3343
|
+
AuthenticationStatus[AuthenticationStatus["LoggedOut"] = 0] = "LoggedOut";
|
|
3344
|
+
AuthenticationStatus[AuthenticationStatus["Locked"] = 1] = "Locked";
|
|
3345
|
+
AuthenticationStatus[AuthenticationStatus["Unlocked"] = 2] = "Unlocked";
|
|
3346
|
+
})(AuthenticationStatus || (AuthenticationStatus = {}));
|
|
3347
|
+
|
|
3348
|
+
;// CONCATENATED MODULE: ../../libs/common/src/auth/services/account.service.ts
|
|
3349
|
+
var account_service_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3350
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
3351
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
3352
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
3353
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
3354
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
3355
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
3356
|
+
});
|
|
3357
|
+
};
|
|
3358
|
+
|
|
3359
|
+
|
|
3360
|
+
class AccountServiceImplementation {
|
|
3361
|
+
constructor(messagingService, logService) {
|
|
3362
|
+
this.messagingService = messagingService;
|
|
3363
|
+
this.logService = logService;
|
|
3364
|
+
this.accounts = new external_rxjs_namespaceObject.BehaviorSubject({});
|
|
3365
|
+
this.activeAccountId = new external_rxjs_namespaceObject.BehaviorSubject(undefined);
|
|
3366
|
+
this.lock = new external_rxjs_namespaceObject.Subject();
|
|
3367
|
+
this.logout = new external_rxjs_namespaceObject.Subject();
|
|
3368
|
+
this.accounts$ = this.accounts.asObservable();
|
|
3369
|
+
this.activeAccount$ = this.activeAccountId.pipe((0,external_rxjs_namespaceObject.combineLatestWith)(this.accounts$), (0,external_rxjs_namespaceObject.map)(([id, accounts]) => (id ? Object.assign({ id }, accounts[id]) : undefined)), (0,external_rxjs_namespaceObject.distinctUntilChanged)(), (0,external_rxjs_namespaceObject.shareReplay)({ bufferSize: 1, refCount: false }));
|
|
3370
|
+
this.accountLock$ = this.lock.asObservable();
|
|
3371
|
+
this.accountLogout$ = this.logout.asObservable();
|
|
3372
|
+
}
|
|
3373
|
+
addAccount(userId, accountData) {
|
|
3374
|
+
this.accounts.value[userId] = accountData;
|
|
3375
|
+
this.accounts.next(this.accounts.value);
|
|
3376
|
+
}
|
|
3377
|
+
setAccountName(userId, name) {
|
|
3378
|
+
this.setAccountInfo(userId, Object.assign(Object.assign({}, this.accounts.value[userId]), { name }));
|
|
3379
|
+
}
|
|
3380
|
+
setAccountEmail(userId, email) {
|
|
3381
|
+
this.setAccountInfo(userId, Object.assign(Object.assign({}, this.accounts.value[userId]), { email }));
|
|
3382
|
+
}
|
|
3383
|
+
setAccountStatus(userId, status) {
|
|
3384
|
+
this.setAccountInfo(userId, Object.assign(Object.assign({}, this.accounts.value[userId]), { status }));
|
|
3385
|
+
if (status === AuthenticationStatus.LoggedOut) {
|
|
3386
|
+
this.logout.next(userId);
|
|
3387
|
+
}
|
|
3388
|
+
else if (status === AuthenticationStatus.Locked) {
|
|
3389
|
+
this.lock.next(userId);
|
|
3390
|
+
}
|
|
3391
|
+
}
|
|
3392
|
+
switchAccount(userId) {
|
|
3393
|
+
if (userId == null) {
|
|
3394
|
+
// indicates no account is active
|
|
3395
|
+
this.activeAccountId.next(undefined);
|
|
3396
|
+
return;
|
|
3397
|
+
}
|
|
3398
|
+
if (this.accounts.value[userId] == null) {
|
|
3399
|
+
throw new Error("Account does not exist");
|
|
3400
|
+
}
|
|
3401
|
+
this.activeAccountId.next(userId);
|
|
3402
|
+
}
|
|
3403
|
+
// TODO: update to use our own account status settings. Requires inverting direction of state service accounts flow
|
|
3404
|
+
delete() {
|
|
3405
|
+
var _a;
|
|
3406
|
+
return account_service_awaiter(this, void 0, void 0, function* () {
|
|
3407
|
+
try {
|
|
3408
|
+
(_a = this.messagingService) === null || _a === void 0 ? void 0 : _a.send("logout");
|
|
3409
|
+
}
|
|
3410
|
+
catch (e) {
|
|
3411
|
+
this.logService.error(e);
|
|
3412
|
+
throw e;
|
|
3413
|
+
}
|
|
3414
|
+
});
|
|
3415
|
+
}
|
|
3416
|
+
setAccountInfo(userId, accountInfo) {
|
|
3417
|
+
if (this.accounts.value[userId] == null) {
|
|
3418
|
+
throw new Error("Account does not exist");
|
|
3419
|
+
}
|
|
3420
|
+
// Avoid unnecessary updates
|
|
3421
|
+
// TODO: Faster comparison, maybe include a hash on the objects?
|
|
3422
|
+
if (JSON.stringify(this.accounts.value[userId]) === JSON.stringify(accountInfo)) {
|
|
3423
|
+
return;
|
|
3424
|
+
}
|
|
3425
|
+
this.accounts.value[userId] = accountInfo;
|
|
3426
|
+
this.accounts.next(this.accounts.value);
|
|
3427
|
+
}
|
|
3428
|
+
}
|
|
3429
|
+
|
|
3311
3430
|
;// CONCATENATED MODULE: ../../libs/common/src/platform/models/domain/symmetric-crypto-key.ts
|
|
3312
3431
|
|
|
3313
3432
|
|
|
@@ -3497,14 +3616,6 @@ class ErrorResponse extends BaseResponse {
|
|
|
3497
3616
|
}
|
|
3498
3617
|
}
|
|
3499
3618
|
|
|
3500
|
-
;// CONCATENATED MODULE: ../../libs/common/src/auth/enums/authentication-status.ts
|
|
3501
|
-
var AuthenticationStatus;
|
|
3502
|
-
(function (AuthenticationStatus) {
|
|
3503
|
-
AuthenticationStatus[AuthenticationStatus["LoggedOut"] = 0] = "LoggedOut";
|
|
3504
|
-
AuthenticationStatus[AuthenticationStatus["Locked"] = 1] = "Locked";
|
|
3505
|
-
AuthenticationStatus[AuthenticationStatus["Unlocked"] = 2] = "Unlocked";
|
|
3506
|
-
})(AuthenticationStatus || (AuthenticationStatus = {}));
|
|
3507
|
-
|
|
3508
3619
|
;// CONCATENATED MODULE: ../../libs/common/src/auth/enums/authentication-type.ts
|
|
3509
3620
|
var authentication_type_AuthenticationType;
|
|
3510
3621
|
(function (AuthenticationType) {
|
|
@@ -3515,6 +3626,10 @@ var authentication_type_AuthenticationType;
|
|
|
3515
3626
|
})(authentication_type_AuthenticationType || (authentication_type_AuthenticationType = {}));
|
|
3516
3627
|
|
|
3517
3628
|
;// CONCATENATED MODULE: ../../libs/common/src/auth/models/domain/force-reset-password-reason.ts
|
|
3629
|
+
/*
|
|
3630
|
+
* This enum is used to determine if a user should be forced to reset their password
|
|
3631
|
+
* on login (server flag) or unlock via MP (client evaluation).
|
|
3632
|
+
*/
|
|
3518
3633
|
var ForceResetPasswordReason;
|
|
3519
3634
|
(function (ForceResetPasswordReason) {
|
|
3520
3635
|
/**
|
|
@@ -3523,11 +3638,13 @@ var ForceResetPasswordReason;
|
|
|
3523
3638
|
ForceResetPasswordReason[ForceResetPasswordReason["None"] = 0] = "None";
|
|
3524
3639
|
/**
|
|
3525
3640
|
* Occurs when an organization admin forces a user to reset their password.
|
|
3641
|
+
* Communicated via server flag.
|
|
3526
3642
|
*/
|
|
3527
3643
|
ForceResetPasswordReason[ForceResetPasswordReason["AdminForcePasswordReset"] = 1] = "AdminForcePasswordReset";
|
|
3528
3644
|
/**
|
|
3529
3645
|
* Occurs when a user logs in / unlocks their vault with a master password that does not meet an organization's
|
|
3530
3646
|
* master password policy that is enforced on login/unlock.
|
|
3647
|
+
* Only set client side b/c server can't evaluate MP.
|
|
3531
3648
|
*/
|
|
3532
3649
|
ForceResetPasswordReason[ForceResetPasswordReason["WeakMasterPassword"] = 2] = "WeakMasterPassword";
|
|
3533
3650
|
})(ForceResetPasswordReason || (ForceResetPasswordReason = {}));
|
|
@@ -4159,6 +4276,7 @@ var login_strategy_awaiter = (undefined && undefined.__awaiter) || function (thi
|
|
|
4159
4276
|
|
|
4160
4277
|
|
|
4161
4278
|
|
|
4279
|
+
|
|
4162
4280
|
class LogInStrategy {
|
|
4163
4281
|
constructor(cryptoService, apiService, tokenService, appIdService, platformUtilsService, messagingService, logService, stateService, twoFactorService) {
|
|
4164
4282
|
this.cryptoService = cryptoService;
|
|
@@ -4252,7 +4370,16 @@ class LogInStrategy {
|
|
|
4252
4370
|
processTokenResponse(response) {
|
|
4253
4371
|
return login_strategy_awaiter(this, void 0, void 0, function* () {
|
|
4254
4372
|
const result = new AuthResult();
|
|
4373
|
+
// Old encryption keys must be migrated, but is currently only available on web.
|
|
4374
|
+
// Other clients shouldn't continue the login process.
|
|
4375
|
+
if (this.encryptionKeyMigrationRequired(response)) {
|
|
4376
|
+
result.requiresEncryptionKeyMigration = true;
|
|
4377
|
+
if (this.platformUtilsService.getClientType() !== ClientType.Web) {
|
|
4378
|
+
return result;
|
|
4379
|
+
}
|
|
4380
|
+
}
|
|
4255
4381
|
result.resetMasterPassword = response.resetMasterPassword;
|
|
4382
|
+
// Convert boolean to enum
|
|
4256
4383
|
if (response.forcePasswordReset) {
|
|
4257
4384
|
result.forcePasswordReset = ForceResetPasswordReason.AdminForcePasswordReset;
|
|
4258
4385
|
}
|
|
@@ -4268,6 +4395,11 @@ class LogInStrategy {
|
|
|
4268
4395
|
return result;
|
|
4269
4396
|
});
|
|
4270
4397
|
}
|
|
4398
|
+
// Old accounts used master key for encryption. We are forcing migrations but only need to
|
|
4399
|
+
// check on password logins
|
|
4400
|
+
encryptionKeyMigrationRequired(response) {
|
|
4401
|
+
return false;
|
|
4402
|
+
}
|
|
4271
4403
|
createKeyPairForOldAccount() {
|
|
4272
4404
|
return login_strategy_awaiter(this, void 0, void 0, function* () {
|
|
4273
4405
|
try {
|
|
@@ -4390,6 +4522,10 @@ class PasswordLogInStrategy extends LogInStrategy {
|
|
|
4390
4522
|
}
|
|
4391
4523
|
setUserKey(response) {
|
|
4392
4524
|
return password_login_strategy_awaiter(this, void 0, void 0, function* () {
|
|
4525
|
+
// If migration is required, we won't have a user key to set yet.
|
|
4526
|
+
if (this.encryptionKeyMigrationRequired(response)) {
|
|
4527
|
+
return;
|
|
4528
|
+
}
|
|
4393
4529
|
yield this.cryptoService.setMasterKeyEncryptedUserKey(response.key);
|
|
4394
4530
|
const masterKey = yield this.cryptoService.getMasterKey();
|
|
4395
4531
|
if (masterKey) {
|
|
@@ -4404,6 +4540,9 @@ class PasswordLogInStrategy extends LogInStrategy {
|
|
|
4404
4540
|
yield this.cryptoService.setPrivateKey((_a = response.privateKey) !== null && _a !== void 0 ? _a : (yield this.createKeyPairForOldAccount()));
|
|
4405
4541
|
});
|
|
4406
4542
|
}
|
|
4543
|
+
encryptionKeyMigrationRequired(response) {
|
|
4544
|
+
return !response.key;
|
|
4545
|
+
}
|
|
4407
4546
|
getMasterPasswordPolicyOptionsFromResponse(response) {
|
|
4408
4547
|
if (response == null || response instanceof IdentityCaptchaResponse) {
|
|
4409
4548
|
return null;
|
|
@@ -4536,6 +4675,7 @@ var sso_login_strategy_awaiter = (undefined && undefined.__awaiter) || function
|
|
|
4536
4675
|
|
|
4537
4676
|
|
|
4538
4677
|
|
|
4678
|
+
|
|
4539
4679
|
class SsoLogInStrategy extends LogInStrategy {
|
|
4540
4680
|
constructor(cryptoService, apiService, tokenService, appIdService, platformUtilsService, messagingService, logService, stateService, twoFactorService, keyConnectorService, deviceTrustCryptoService, authReqCryptoService, i18nService) {
|
|
4541
4681
|
super(cryptoService, apiService, tokenService, appIdService, platformUtilsService, messagingService, logService, stateService, twoFactorService);
|
|
@@ -4551,6 +4691,10 @@ class SsoLogInStrategy extends LogInStrategy {
|
|
|
4551
4691
|
const [ssoAuthResult] = yield this.startLogIn();
|
|
4552
4692
|
this.email = ssoAuthResult.email;
|
|
4553
4693
|
this.ssoEmail2FaSessionToken = ssoAuthResult.ssoEmail2FaSessionToken;
|
|
4694
|
+
// Auth guard currently handles redirects for this.
|
|
4695
|
+
if (ssoAuthResult.forcePasswordReset == ForceResetPasswordReason.AdminForcePasswordReset) {
|
|
4696
|
+
yield this.stateService.setForcePasswordResetReason(ssoAuthResult.forcePasswordReset);
|
|
4697
|
+
}
|
|
4554
4698
|
return ssoAuthResult;
|
|
4555
4699
|
});
|
|
4556
4700
|
}
|
|
@@ -5214,7 +5358,7 @@ class DeviceTrustCryptoService {
|
|
|
5214
5358
|
}
|
|
5215
5359
|
}
|
|
5216
5360
|
|
|
5217
|
-
;// CONCATENATED MODULE: ../../libs/common/src/abstractions/devices/responses/device.response.ts
|
|
5361
|
+
;// CONCATENATED MODULE: ../../libs/common/src/auth/abstractions/devices/responses/device.response.ts
|
|
5218
5362
|
|
|
5219
5363
|
class DeviceResponse extends BaseResponse {
|
|
5220
5364
|
constructor(response) {
|
|
@@ -5229,15 +5373,6 @@ class DeviceResponse extends BaseResponse {
|
|
|
5229
5373
|
}
|
|
5230
5374
|
}
|
|
5231
5375
|
|
|
5232
|
-
;// CONCATENATED MODULE: ../../libs/common/src/services/devices/requests/trusted-device-keys.request.ts
|
|
5233
|
-
class TrustedDeviceKeysRequest {
|
|
5234
|
-
constructor(encryptedUserKey, encryptedPublicKey, encryptedPrivateKey) {
|
|
5235
|
-
this.encryptedUserKey = encryptedUserKey;
|
|
5236
|
-
this.encryptedPublicKey = encryptedPublicKey;
|
|
5237
|
-
this.encryptedPrivateKey = encryptedPrivateKey;
|
|
5238
|
-
}
|
|
5239
|
-
}
|
|
5240
|
-
|
|
5241
5376
|
;// CONCATENATED MODULE: ../../libs/common/src/auth/models/response/protected-device.response.ts
|
|
5242
5377
|
|
|
5243
5378
|
|
|
@@ -5258,6 +5393,15 @@ class ProtectedDeviceResponse extends BaseResponse {
|
|
|
5258
5393
|
}
|
|
5259
5394
|
}
|
|
5260
5395
|
|
|
5396
|
+
;// CONCATENATED MODULE: ../../libs/common/src/auth/services/devices/requests/trusted-device-keys.request.ts
|
|
5397
|
+
class TrustedDeviceKeysRequest {
|
|
5398
|
+
constructor(encryptedUserKey, encryptedPublicKey, encryptedPrivateKey) {
|
|
5399
|
+
this.encryptedUserKey = encryptedUserKey;
|
|
5400
|
+
this.encryptedPublicKey = encryptedPublicKey;
|
|
5401
|
+
this.encryptedPrivateKey = encryptedPrivateKey;
|
|
5402
|
+
}
|
|
5403
|
+
}
|
|
5404
|
+
|
|
5261
5405
|
;// CONCATENATED MODULE: ../../libs/common/src/auth/services/devices-api.service.implementation.ts
|
|
5262
5406
|
var devices_api_service_implementation_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
5263
5407
|
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
@@ -14159,6 +14303,11 @@ class CryptoService {
|
|
|
14159
14303
|
}
|
|
14160
14304
|
});
|
|
14161
14305
|
}
|
|
14306
|
+
isLegacyUser(masterKey, userId) {
|
|
14307
|
+
return crypto_service_awaiter(this, void 0, void 0, function* () {
|
|
14308
|
+
return yield this.validateUserKey((masterKey !== null && masterKey !== void 0 ? masterKey : (yield this.getMasterKey(userId))));
|
|
14309
|
+
});
|
|
14310
|
+
}
|
|
14162
14311
|
getUserKeyWithLegacySupport(userId) {
|
|
14163
14312
|
return crypto_service_awaiter(this, void 0, void 0, function* () {
|
|
14164
14313
|
const userKey = yield this.getUserKey(userId);
|
|
@@ -14546,7 +14695,8 @@ class CryptoService {
|
|
|
14546
14695
|
}
|
|
14547
14696
|
makeKeyPair(key) {
|
|
14548
14697
|
return crypto_service_awaiter(this, void 0, void 0, function* () {
|
|
14549
|
-
|
|
14698
|
+
// Default to user key
|
|
14699
|
+
key || (key = yield this.getUserKeyWithLegacySupport());
|
|
14550
14700
|
const keyPair = yield this.cryptoFunctionService.rsaGenerateKeyPair(2048);
|
|
14551
14701
|
const publicB64 = utils_Utils.fromBufferToB64(keyPair[0]);
|
|
14552
14702
|
const privateEnc = yield this.encryptService.encrypt(keyPair[1], key);
|
|
@@ -14949,19 +15099,26 @@ class CryptoService {
|
|
|
14949
15099
|
migrateAutoKeyIfNeeded(userId) {
|
|
14950
15100
|
return crypto_service_awaiter(this, void 0, void 0, function* () {
|
|
14951
15101
|
const oldAutoKey = yield this.stateService.getCryptoMasterKeyAuto({ userId: userId });
|
|
14952
|
-
if (oldAutoKey) {
|
|
14953
|
-
|
|
14954
|
-
const masterKey = new SymmetricCryptoKey(utils_Utils.fromB64ToArray(oldAutoKey));
|
|
14955
|
-
const encryptedUserKey = yield this.stateService.getEncryptedCryptoSymmetricKey({
|
|
14956
|
-
userId: userId,
|
|
14957
|
-
});
|
|
14958
|
-
const userKey = yield this.decryptUserKeyWithMasterKey(masterKey, new EncString(encryptedUserKey), userId);
|
|
14959
|
-
// migrate
|
|
14960
|
-
yield this.stateService.setUserKeyAutoUnlock(userKey.keyB64, { userId: userId });
|
|
14961
|
-
yield this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
|
|
14962
|
-
// set encrypted user key in case user immediately locks without syncing
|
|
14963
|
-
yield this.setMasterKeyEncryptedUserKey(encryptedUserKey);
|
|
15102
|
+
if (!oldAutoKey) {
|
|
15103
|
+
return;
|
|
14964
15104
|
}
|
|
15105
|
+
// Decrypt
|
|
15106
|
+
const masterKey = new SymmetricCryptoKey(utils_Utils.fromB64ToArray(oldAutoKey));
|
|
15107
|
+
if (yield this.isLegacyUser(masterKey, userId)) {
|
|
15108
|
+
// Legacy users don't have a user key, so no need to migrate.
|
|
15109
|
+
// Instead, set the master key for additional isLegacyUser checks that will log the user out.
|
|
15110
|
+
yield this.setMasterKey(masterKey, userId);
|
|
15111
|
+
return;
|
|
15112
|
+
}
|
|
15113
|
+
const encryptedUserKey = yield this.stateService.getEncryptedCryptoSymmetricKey({
|
|
15114
|
+
userId: userId,
|
|
15115
|
+
});
|
|
15116
|
+
const userKey = yield this.decryptUserKeyWithMasterKey(masterKey, new EncString(encryptedUserKey), userId);
|
|
15117
|
+
// Migrate
|
|
15118
|
+
yield this.stateService.setUserKeyAutoUnlock(userKey.keyB64, { userId: userId });
|
|
15119
|
+
yield this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
|
|
15120
|
+
// Set encrypted user key in case user immediately locks without syncing
|
|
15121
|
+
yield this.setMasterKeyEncryptedUserKey(encryptedUserKey);
|
|
14965
15122
|
});
|
|
14966
15123
|
}
|
|
14967
15124
|
decryptAndMigrateOldPinKey(masterPasswordOnRestart, pin, email, kdf, kdfConfig, oldPinKey) {
|
|
@@ -15219,7 +15376,7 @@ class EncryptServiceImplementation {
|
|
|
15219
15376
|
return null;
|
|
15220
15377
|
}
|
|
15221
15378
|
}
|
|
15222
|
-
return yield this.cryptoFunctionService.aesDecryptFast(fastParams);
|
|
15379
|
+
return yield this.cryptoFunctionService.aesDecryptFast(fastParams, "cbc");
|
|
15223
15380
|
});
|
|
15224
15381
|
}
|
|
15225
15382
|
decryptToBytes(encThing, key) {
|
|
@@ -15251,7 +15408,7 @@ class EncryptServiceImplementation {
|
|
|
15251
15408
|
return null;
|
|
15252
15409
|
}
|
|
15253
15410
|
}
|
|
15254
|
-
const result = yield this.cryptoFunctionService.aesDecrypt(encThing.dataBytes, encThing.ivBytes, key.encKey);
|
|
15411
|
+
const result = yield this.cryptoFunctionService.aesDecrypt(encThing.dataBytes, encThing.ivBytes, key.encKey, "cbc");
|
|
15255
15412
|
return result !== null && result !== void 0 ? result : null;
|
|
15256
15413
|
});
|
|
15257
15414
|
}
|
|
@@ -17348,6 +17505,27 @@ class IdentityData {
|
|
|
17348
17505
|
}
|
|
17349
17506
|
}
|
|
17350
17507
|
|
|
17508
|
+
;// CONCATENATED MODULE: ../../libs/common/src/vault/models/data/fido2-credential.data.ts
|
|
17509
|
+
class Fido2CredentialData {
|
|
17510
|
+
constructor(data) {
|
|
17511
|
+
if (data == null) {
|
|
17512
|
+
return;
|
|
17513
|
+
}
|
|
17514
|
+
this.credentialId = data.credentialId;
|
|
17515
|
+
this.keyType = data.keyType;
|
|
17516
|
+
this.keyAlgorithm = data.keyAlgorithm;
|
|
17517
|
+
this.keyCurve = data.keyCurve;
|
|
17518
|
+
this.keyValue = data.keyValue;
|
|
17519
|
+
this.rpId = data.rpId;
|
|
17520
|
+
this.userHandle = data.userHandle;
|
|
17521
|
+
this.counter = data.counter;
|
|
17522
|
+
this.rpName = data.rpName;
|
|
17523
|
+
this.userDisplayName = data.userDisplayName;
|
|
17524
|
+
this.discoverable = data.discoverable;
|
|
17525
|
+
this.creationDate = data.creationDate;
|
|
17526
|
+
}
|
|
17527
|
+
}
|
|
17528
|
+
|
|
17351
17529
|
;// CONCATENATED MODULE: ../../libs/common/src/vault/models/data/login-uri.data.ts
|
|
17352
17530
|
class LoginUriData {
|
|
17353
17531
|
constructor(data) {
|
|
@@ -17362,8 +17540,10 @@ class LoginUriData {
|
|
|
17362
17540
|
|
|
17363
17541
|
;// CONCATENATED MODULE: ../../libs/common/src/vault/models/data/login.data.ts
|
|
17364
17542
|
|
|
17543
|
+
|
|
17365
17544
|
class LoginData {
|
|
17366
17545
|
constructor(data) {
|
|
17546
|
+
var _a;
|
|
17367
17547
|
if (data == null) {
|
|
17368
17548
|
return;
|
|
17369
17549
|
}
|
|
@@ -17375,6 +17555,9 @@ class LoginData {
|
|
|
17375
17555
|
if (data.uris) {
|
|
17376
17556
|
this.uris = data.uris.map((u) => new LoginUriData(u));
|
|
17377
17557
|
}
|
|
17558
|
+
if (data.fido2Credentials) {
|
|
17559
|
+
this.fido2Credentials = (_a = data.fido2Credentials) === null || _a === void 0 ? void 0 : _a.map((key) => new Fido2CredentialData(key));
|
|
17560
|
+
}
|
|
17378
17561
|
}
|
|
17379
17562
|
}
|
|
17380
17563
|
|
|
@@ -17465,6 +17648,7 @@ class CollectionData {
|
|
|
17465
17648
|
this.name = response.name;
|
|
17466
17649
|
this.externalId = response.externalId;
|
|
17467
17650
|
this.readOnly = response.readOnly;
|
|
17651
|
+
this.hidePasswords = response.hidePasswords;
|
|
17468
17652
|
}
|
|
17469
17653
|
}
|
|
17470
17654
|
|
|
@@ -17933,6 +18117,24 @@ identity_view_decorate([
|
|
|
17933
18117
|
identity_view_metadata("design:paramtypes", [])
|
|
17934
18118
|
], IdentityView.prototype, "fullName", null);
|
|
17935
18119
|
|
|
18120
|
+
;// CONCATENATED MODULE: ../../libs/common/src/vault/models/view/fido2-credential.view.ts
|
|
18121
|
+
|
|
18122
|
+
class Fido2CredentialView extends ItemView {
|
|
18123
|
+
constructor() {
|
|
18124
|
+
super(...arguments);
|
|
18125
|
+
this.creationDate = null;
|
|
18126
|
+
}
|
|
18127
|
+
get subTitle() {
|
|
18128
|
+
return this.userDisplayName;
|
|
18129
|
+
}
|
|
18130
|
+
static fromJSON(obj) {
|
|
18131
|
+
const creationDate = obj.creationDate != null ? new Date(obj.creationDate) : null;
|
|
18132
|
+
return Object.assign(new Fido2CredentialView(), obj, {
|
|
18133
|
+
creationDate,
|
|
18134
|
+
});
|
|
18135
|
+
}
|
|
18136
|
+
}
|
|
18137
|
+
|
|
17936
18138
|
;// CONCATENATED MODULE: ../../libs/common/src/vault/models/view/login-uri.view.ts
|
|
17937
18139
|
|
|
17938
18140
|
|
|
@@ -18104,6 +18306,7 @@ var login_view_metadata = (undefined && undefined.__metadata) || function (k, v)
|
|
|
18104
18306
|
|
|
18105
18307
|
|
|
18106
18308
|
|
|
18309
|
+
|
|
18107
18310
|
class LoginView extends ItemView {
|
|
18108
18311
|
constructor(l) {
|
|
18109
18312
|
super();
|
|
@@ -18113,6 +18316,7 @@ class LoginView extends ItemView {
|
|
|
18113
18316
|
this.totp = null;
|
|
18114
18317
|
this.uris = null;
|
|
18115
18318
|
this.autofillOnPageLoad = null;
|
|
18319
|
+
this.fido2Credentials = null;
|
|
18116
18320
|
if (!l) {
|
|
18117
18321
|
return;
|
|
18118
18322
|
}
|
|
@@ -18146,6 +18350,9 @@ class LoginView extends ItemView {
|
|
|
18146
18350
|
get hasUris() {
|
|
18147
18351
|
return this.uris != null && this.uris.length > 0;
|
|
18148
18352
|
}
|
|
18353
|
+
get hasFido2Credentials() {
|
|
18354
|
+
return this.fido2Credentials != null && this.fido2Credentials.length > 0;
|
|
18355
|
+
}
|
|
18149
18356
|
matchesUri(targetUri, equivalentDomains, defaultUriMatch = null) {
|
|
18150
18357
|
if (this.uris == null) {
|
|
18151
18358
|
return false;
|
|
@@ -18153,12 +18360,14 @@ class LoginView extends ItemView {
|
|
|
18153
18360
|
return this.uris.some((uri) => uri.matchesUri(targetUri, equivalentDomains, defaultUriMatch));
|
|
18154
18361
|
}
|
|
18155
18362
|
static fromJSON(obj) {
|
|
18156
|
-
var _a;
|
|
18363
|
+
var _a, _b;
|
|
18157
18364
|
const passwordRevisionDate = obj.passwordRevisionDate == null ? null : new Date(obj.passwordRevisionDate);
|
|
18158
18365
|
const uris = (_a = obj.uris) === null || _a === void 0 ? void 0 : _a.map((uri) => LoginUriView.fromJSON(uri));
|
|
18366
|
+
const fido2Credentials = (_b = obj.fido2Credentials) === null || _b === void 0 ? void 0 : _b.map((key) => Fido2CredentialView.fromJSON(key));
|
|
18159
18367
|
return Object.assign(new LoginView(), obj, {
|
|
18160
|
-
passwordRevisionDate
|
|
18161
|
-
uris
|
|
18368
|
+
passwordRevisionDate,
|
|
18369
|
+
uris,
|
|
18370
|
+
fido2Credentials,
|
|
18162
18371
|
});
|
|
18163
18372
|
}
|
|
18164
18373
|
}
|
|
@@ -18398,6 +18607,7 @@ class CollectionView {
|
|
|
18398
18607
|
this.organizationId = null;
|
|
18399
18608
|
this.name = null;
|
|
18400
18609
|
this.externalId = null;
|
|
18610
|
+
// readOnly applies to the items within a collection
|
|
18401
18611
|
this.readOnly = null;
|
|
18402
18612
|
this.hidePasswords = null;
|
|
18403
18613
|
if (!c) {
|
|
@@ -18411,6 +18621,20 @@ class CollectionView {
|
|
|
18411
18621
|
this.hidePasswords = c.hidePasswords;
|
|
18412
18622
|
}
|
|
18413
18623
|
}
|
|
18624
|
+
// For editing collection details, not the items within it.
|
|
18625
|
+
canEdit(org) {
|
|
18626
|
+
if (org.id !== this.organizationId) {
|
|
18627
|
+
throw new Error("Id of the organization provided does not match the org id of the collection.");
|
|
18628
|
+
}
|
|
18629
|
+
return (org === null || org === void 0 ? void 0 : org.canEditAnyCollection) || (org === null || org === void 0 ? void 0 : org.canEditAssignedCollections);
|
|
18630
|
+
}
|
|
18631
|
+
// For deleting a collection, not the items within it.
|
|
18632
|
+
canDelete(org) {
|
|
18633
|
+
if (org.id !== this.organizationId) {
|
|
18634
|
+
throw new Error("Id of the organization provided does not match the org id of the collection.");
|
|
18635
|
+
}
|
|
18636
|
+
return (org === null || org === void 0 ? void 0 : org.canDeleteAnyCollection) || (org === null || org === void 0 ? void 0 : org.canDeleteAssignedCollections);
|
|
18637
|
+
}
|
|
18414
18638
|
}
|
|
18415
18639
|
|
|
18416
18640
|
;// CONCATENATED MODULE: ../../libs/common/src/platform/models/domain/state.ts
|
|
@@ -18485,6 +18709,7 @@ var state_service_awaiter = (undefined && undefined.__awaiter) || function (this
|
|
|
18485
18709
|
|
|
18486
18710
|
|
|
18487
18711
|
|
|
18712
|
+
|
|
18488
18713
|
|
|
18489
18714
|
|
|
18490
18715
|
const keys = {
|
|
@@ -18505,12 +18730,13 @@ const partialKeys = {
|
|
|
18505
18730
|
};
|
|
18506
18731
|
const DDG_SHARED_KEY = "DuckDuckGoSharedKey";
|
|
18507
18732
|
class StateService {
|
|
18508
|
-
constructor(storageService, secureStorageService, memoryStorageService, logService, stateFactory, useAccountCache = true) {
|
|
18733
|
+
constructor(storageService, secureStorageService, memoryStorageService, logService, stateFactory, accountService, useAccountCache = true) {
|
|
18509
18734
|
this.storageService = storageService;
|
|
18510
18735
|
this.secureStorageService = secureStorageService;
|
|
18511
18736
|
this.memoryStorageService = memoryStorageService;
|
|
18512
18737
|
this.logService = logService;
|
|
18513
18738
|
this.stateFactory = stateFactory;
|
|
18739
|
+
this.accountService = accountService;
|
|
18514
18740
|
this.useAccountCache = useAccountCache;
|
|
18515
18741
|
this.accountsSubject = new external_rxjs_namespaceObject.BehaviorSubject({});
|
|
18516
18742
|
this.accounts$ = this.accountsSubject.asObservable();
|
|
@@ -18577,6 +18803,19 @@ class StateService {
|
|
|
18577
18803
|
}
|
|
18578
18804
|
yield this.pushAccounts();
|
|
18579
18805
|
this.activeAccountSubject.next(state.activeUserId);
|
|
18806
|
+
// TODO: Temporary update to avoid routing all account status changes through account service for now.
|
|
18807
|
+
// account service tracks logged out accounts, but State service does not, so we need to add the active account
|
|
18808
|
+
// if it's not in the accounts list.
|
|
18809
|
+
if (state.activeUserId != null && this.accountsSubject.value[state.activeUserId] == null) {
|
|
18810
|
+
const activeDiskAccount = yield this.getAccountFromDisk({ userId: state.activeUserId });
|
|
18811
|
+
this.accountService.addAccount(state.activeUserId, {
|
|
18812
|
+
name: activeDiskAccount.profile.name,
|
|
18813
|
+
email: activeDiskAccount.profile.email,
|
|
18814
|
+
status: AuthenticationStatus.LoggedOut,
|
|
18815
|
+
});
|
|
18816
|
+
}
|
|
18817
|
+
this.accountService.switchAccount(state.activeUserId);
|
|
18818
|
+
// End TODO
|
|
18580
18819
|
return state;
|
|
18581
18820
|
}));
|
|
18582
18821
|
});
|
|
@@ -18593,6 +18832,12 @@ class StateService {
|
|
|
18593
18832
|
state.accounts[userId] = this.createAccount();
|
|
18594
18833
|
const diskAccount = yield this.getAccountFromDisk({ userId: userId });
|
|
18595
18834
|
state.accounts[userId].profile = diskAccount.profile;
|
|
18835
|
+
// TODO: Temporary update to avoid routing all account status changes through account service for now.
|
|
18836
|
+
this.accountService.addAccount(userId, {
|
|
18837
|
+
status: AuthenticationStatus.Locked,
|
|
18838
|
+
name: diskAccount.profile.name,
|
|
18839
|
+
email: diskAccount.profile.email,
|
|
18840
|
+
});
|
|
18596
18841
|
return state;
|
|
18597
18842
|
}));
|
|
18598
18843
|
});
|
|
@@ -18608,6 +18853,12 @@ class StateService {
|
|
|
18608
18853
|
}));
|
|
18609
18854
|
yield this.scaffoldNewAccountStorage(account);
|
|
18610
18855
|
yield this.setLastActive(new Date().getTime(), { userId: account.profile.userId });
|
|
18856
|
+
// TODO: Temporary update to avoid routing all account status changes through account service for now.
|
|
18857
|
+
this.accountService.addAccount(account.profile.userId, {
|
|
18858
|
+
status: AuthenticationStatus.Locked,
|
|
18859
|
+
name: account.profile.name,
|
|
18860
|
+
email: account.profile.email,
|
|
18861
|
+
});
|
|
18611
18862
|
yield this.setActiveUser(account.profile.userId);
|
|
18612
18863
|
this.activeAccountSubject.next(account.profile.userId);
|
|
18613
18864
|
});
|
|
@@ -18619,6 +18870,8 @@ class StateService {
|
|
|
18619
18870
|
state.activeUserId = userId;
|
|
18620
18871
|
yield this.storageService.save(keys.activeUserId, userId);
|
|
18621
18872
|
this.activeAccountSubject.next(state.activeUserId);
|
|
18873
|
+
// TODO: temporary update to avoid routing all account status changes through account service for now.
|
|
18874
|
+
this.accountService.switchAccount(userId);
|
|
18622
18875
|
return state;
|
|
18623
18876
|
}));
|
|
18624
18877
|
yield this.pushAccounts();
|
|
@@ -18895,6 +19148,8 @@ class StateService {
|
|
|
18895
19148
|
const account = yield this.getAccount(this.reconcileOptions(options, yield this.defaultInMemoryOptions()));
|
|
18896
19149
|
account.keys.cryptoMasterKey = value;
|
|
18897
19150
|
yield this.saveAccount(account, this.reconcileOptions(options, yield this.defaultInMemoryOptions()));
|
|
19151
|
+
const nextStatus = value != null ? AuthenticationStatus.Unlocked : AuthenticationStatus.Locked;
|
|
19152
|
+
this.accountService.setAccountStatus(options.userId, nextStatus);
|
|
18898
19153
|
if (options.userId == this.activeAccountSubject.getValue()) {
|
|
18899
19154
|
const nextValue = value != null;
|
|
18900
19155
|
// Avoid emitting if we are already unlocked
|
|
@@ -18922,6 +19177,8 @@ class StateService {
|
|
|
18922
19177
|
const account = yield this.getAccount(this.reconcileOptions(options, yield this.defaultInMemoryOptions()));
|
|
18923
19178
|
account.keys.userKey = value;
|
|
18924
19179
|
yield this.saveAccount(account, this.reconcileOptions(options, yield this.defaultInMemoryOptions()));
|
|
19180
|
+
const nextStatus = value != null ? AuthenticationStatus.Unlocked : AuthenticationStatus.Locked;
|
|
19181
|
+
this.accountService.setAccountStatus(options.userId, nextStatus);
|
|
18925
19182
|
if ((options === null || options === void 0 ? void 0 : options.userId) == this.activeAccountSubject.getValue()) {
|
|
18926
19183
|
const nextValue = value != null;
|
|
18927
19184
|
// Avoid emitting if we are already unlocked
|
|
@@ -20771,7 +21028,6 @@ class StateService {
|
|
|
20771
21028
|
yield this.saveAccount(account, this.reconcileOptions({ userId: account.profile.userId }, yield this.defaultOnDiskOptions()));
|
|
20772
21029
|
});
|
|
20773
21030
|
}
|
|
20774
|
-
//
|
|
20775
21031
|
pushAccounts() {
|
|
20776
21032
|
return state_service_awaiter(this, void 0, void 0, function* () {
|
|
20777
21033
|
yield this.pruneInMemoryAccounts();
|
|
@@ -20890,6 +21146,8 @@ class StateService {
|
|
|
20890
21146
|
this.deleteDiskCache(userId);
|
|
20891
21147
|
return state;
|
|
20892
21148
|
}));
|
|
21149
|
+
// TODO: Invert this logic, we should remove accounts based on logged out emit
|
|
21150
|
+
this.accountService.setAccountStatus(userId, AuthenticationStatus.LoggedOut);
|
|
20893
21151
|
});
|
|
20894
21152
|
}
|
|
20895
21153
|
pruneInMemoryAccounts() {
|
|
@@ -22236,6 +22494,7 @@ var vault_timeout_service_awaiter = (undefined && undefined.__awaiter) || functi
|
|
|
22236
22494
|
|
|
22237
22495
|
|
|
22238
22496
|
|
|
22497
|
+
|
|
22239
22498
|
class VaultTimeoutService {
|
|
22240
22499
|
constructor(cipherService, folderService, collectionService, cryptoService, platformUtilsService, messagingService, searchService, stateService, authService, vaultTimeoutSettingsService, lockedCallback = null, loggedOutCallback = null) {
|
|
22241
22500
|
this.cipherService = cipherService;
|
|
@@ -22349,10 +22608,18 @@ class VaultTimeoutService {
|
|
|
22349
22608
|
}
|
|
22350
22609
|
migrateKeyForNeverLockIfNeeded() {
|
|
22351
22610
|
return vault_timeout_service_awaiter(this, void 0, void 0, function* () {
|
|
22611
|
+
// Web can't set vault timeout to never
|
|
22612
|
+
if (this.platformUtilsService.getClientType() == ClientType.Web) {
|
|
22613
|
+
return;
|
|
22614
|
+
}
|
|
22352
22615
|
const accounts = yield (0,external_rxjs_namespaceObject.firstValueFrom)(this.stateService.accounts$);
|
|
22353
22616
|
for (const userId in accounts) {
|
|
22354
22617
|
if (userId != null) {
|
|
22355
22618
|
yield this.cryptoService.migrateAutoKeyIfNeeded(userId);
|
|
22619
|
+
// Legacy users should be logged out since we're not on the web vault and can't migrate.
|
|
22620
|
+
if (yield this.cryptoService.isLegacyUser(null, userId)) {
|
|
22621
|
+
yield this.logOut(userId);
|
|
22622
|
+
}
|
|
22356
22623
|
}
|
|
22357
22624
|
}
|
|
22358
22625
|
});
|
|
@@ -23548,6 +23815,120 @@ class Identity extends Domain {
|
|
|
23548
23815
|
}
|
|
23549
23816
|
}
|
|
23550
23817
|
|
|
23818
|
+
;// CONCATENATED MODULE: ../../libs/common/src/vault/models/domain/fido2-credential.ts
|
|
23819
|
+
var fido2_credential_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
23820
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
23821
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
23822
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
23823
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
23824
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
23825
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
23826
|
+
});
|
|
23827
|
+
};
|
|
23828
|
+
|
|
23829
|
+
|
|
23830
|
+
|
|
23831
|
+
|
|
23832
|
+
class Fido2Credential extends Domain {
|
|
23833
|
+
constructor(obj) {
|
|
23834
|
+
super();
|
|
23835
|
+
this.credentialId = null;
|
|
23836
|
+
if (obj == null) {
|
|
23837
|
+
return;
|
|
23838
|
+
}
|
|
23839
|
+
this.buildDomainModel(this, obj, {
|
|
23840
|
+
credentialId: null,
|
|
23841
|
+
keyType: null,
|
|
23842
|
+
keyAlgorithm: null,
|
|
23843
|
+
keyCurve: null,
|
|
23844
|
+
keyValue: null,
|
|
23845
|
+
rpId: null,
|
|
23846
|
+
userHandle: null,
|
|
23847
|
+
counter: null,
|
|
23848
|
+
rpName: null,
|
|
23849
|
+
userDisplayName: null,
|
|
23850
|
+
discoverable: null,
|
|
23851
|
+
}, []);
|
|
23852
|
+
this.creationDate = obj.creationDate != null ? new Date(obj.creationDate) : null;
|
|
23853
|
+
}
|
|
23854
|
+
decrypt(orgId, encKey) {
|
|
23855
|
+
return fido2_credential_awaiter(this, void 0, void 0, function* () {
|
|
23856
|
+
const view = yield this.decryptObj(new Fido2CredentialView(), {
|
|
23857
|
+
credentialId: null,
|
|
23858
|
+
keyType: null,
|
|
23859
|
+
keyAlgorithm: null,
|
|
23860
|
+
keyCurve: null,
|
|
23861
|
+
keyValue: null,
|
|
23862
|
+
rpId: null,
|
|
23863
|
+
userHandle: null,
|
|
23864
|
+
rpName: null,
|
|
23865
|
+
userDisplayName: null,
|
|
23866
|
+
discoverable: null,
|
|
23867
|
+
}, orgId, encKey);
|
|
23868
|
+
const { counter } = yield this.decryptObj({ counter: "" }, {
|
|
23869
|
+
counter: null,
|
|
23870
|
+
}, orgId, encKey);
|
|
23871
|
+
// Counter will end up as NaN if this fails
|
|
23872
|
+
view.counter = parseInt(counter);
|
|
23873
|
+
const { discoverable } = yield this.decryptObj({ discoverable: "" }, {
|
|
23874
|
+
discoverable: null,
|
|
23875
|
+
}, orgId, encKey);
|
|
23876
|
+
view.discoverable = discoverable === "true";
|
|
23877
|
+
view.creationDate = this.creationDate;
|
|
23878
|
+
return view;
|
|
23879
|
+
});
|
|
23880
|
+
}
|
|
23881
|
+
toFido2CredentialData() {
|
|
23882
|
+
const i = new Fido2CredentialData();
|
|
23883
|
+
i.creationDate = this.creationDate.toISOString();
|
|
23884
|
+
this.buildDataModel(this, i, {
|
|
23885
|
+
credentialId: null,
|
|
23886
|
+
keyType: null,
|
|
23887
|
+
keyAlgorithm: null,
|
|
23888
|
+
keyCurve: null,
|
|
23889
|
+
keyValue: null,
|
|
23890
|
+
rpId: null,
|
|
23891
|
+
userHandle: null,
|
|
23892
|
+
counter: null,
|
|
23893
|
+
rpName: null,
|
|
23894
|
+
userDisplayName: null,
|
|
23895
|
+
discoverable: null,
|
|
23896
|
+
});
|
|
23897
|
+
return i;
|
|
23898
|
+
}
|
|
23899
|
+
static fromJSON(obj) {
|
|
23900
|
+
if (obj == null) {
|
|
23901
|
+
return null;
|
|
23902
|
+
}
|
|
23903
|
+
const credentialId = EncString.fromJSON(obj.credentialId);
|
|
23904
|
+
const keyType = EncString.fromJSON(obj.keyType);
|
|
23905
|
+
const keyAlgorithm = EncString.fromJSON(obj.keyAlgorithm);
|
|
23906
|
+
const keyCurve = EncString.fromJSON(obj.keyCurve);
|
|
23907
|
+
const keyValue = EncString.fromJSON(obj.keyValue);
|
|
23908
|
+
const rpId = EncString.fromJSON(obj.rpId);
|
|
23909
|
+
const userHandle = EncString.fromJSON(obj.userHandle);
|
|
23910
|
+
const counter = EncString.fromJSON(obj.counter);
|
|
23911
|
+
const rpName = EncString.fromJSON(obj.rpName);
|
|
23912
|
+
const userDisplayName = EncString.fromJSON(obj.userDisplayName);
|
|
23913
|
+
const discoverable = EncString.fromJSON(obj.discoverable);
|
|
23914
|
+
const creationDate = obj.creationDate != null ? new Date(obj.creationDate) : null;
|
|
23915
|
+
return Object.assign(new Fido2Credential(), obj, {
|
|
23916
|
+
credentialId,
|
|
23917
|
+
keyType,
|
|
23918
|
+
keyAlgorithm,
|
|
23919
|
+
keyCurve,
|
|
23920
|
+
keyValue,
|
|
23921
|
+
rpId,
|
|
23922
|
+
userHandle,
|
|
23923
|
+
counter,
|
|
23924
|
+
rpName,
|
|
23925
|
+
userDisplayName,
|
|
23926
|
+
discoverable,
|
|
23927
|
+
creationDate,
|
|
23928
|
+
});
|
|
23929
|
+
}
|
|
23930
|
+
}
|
|
23931
|
+
|
|
23551
23932
|
;// CONCATENATED MODULE: ../../libs/common/src/vault/models/domain/login-uri.ts
|
|
23552
23933
|
|
|
23553
23934
|
|
|
@@ -23603,6 +23984,7 @@ var login_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
|
|
|
23603
23984
|
|
|
23604
23985
|
|
|
23605
23986
|
|
|
23987
|
+
|
|
23606
23988
|
class Login extends Domain {
|
|
23607
23989
|
constructor(obj) {
|
|
23608
23990
|
super();
|
|
@@ -23623,6 +24005,9 @@ class Login extends Domain {
|
|
|
23623
24005
|
this.uris.push(new LoginUri(u));
|
|
23624
24006
|
});
|
|
23625
24007
|
}
|
|
24008
|
+
if (obj.fido2Credentials) {
|
|
24009
|
+
this.fido2Credentials = obj.fido2Credentials.map((key) => new Fido2Credential(key));
|
|
24010
|
+
}
|
|
23626
24011
|
}
|
|
23627
24012
|
decrypt(orgId, encKey) {
|
|
23628
24013
|
return login_awaiter(this, void 0, void 0, function* () {
|
|
@@ -23638,6 +24023,9 @@ class Login extends Domain {
|
|
|
23638
24023
|
view.uris.push(uri);
|
|
23639
24024
|
}
|
|
23640
24025
|
}
|
|
24026
|
+
if (this.fido2Credentials != null) {
|
|
24027
|
+
view.fido2Credentials = yield Promise.all(this.fido2Credentials.map((key) => key.decrypt(orgId, encKey)));
|
|
24028
|
+
}
|
|
23641
24029
|
return view;
|
|
23642
24030
|
});
|
|
23643
24031
|
}
|
|
@@ -23657,10 +24045,13 @@ class Login extends Domain {
|
|
|
23657
24045
|
l.uris.push(u.toLoginUriData());
|
|
23658
24046
|
});
|
|
23659
24047
|
}
|
|
24048
|
+
if (this.fido2Credentials != null && this.fido2Credentials.length > 0) {
|
|
24049
|
+
l.fido2Credentials = this.fido2Credentials.map((key) => key.toFido2CredentialData());
|
|
24050
|
+
}
|
|
23660
24051
|
return l;
|
|
23661
24052
|
}
|
|
23662
24053
|
static fromJSON(obj) {
|
|
23663
|
-
var _a;
|
|
24054
|
+
var _a, _b, _c;
|
|
23664
24055
|
if (obj == null) {
|
|
23665
24056
|
return null;
|
|
23666
24057
|
}
|
|
@@ -23669,12 +24060,14 @@ class Login extends Domain {
|
|
|
23669
24060
|
const totp = EncString.fromJSON(obj.totp);
|
|
23670
24061
|
const passwordRevisionDate = obj.passwordRevisionDate == null ? null : new Date(obj.passwordRevisionDate);
|
|
23671
24062
|
const uris = (_a = obj.uris) === null || _a === void 0 ? void 0 : _a.map((uri) => LoginUri.fromJSON(uri));
|
|
24063
|
+
const fido2Credentials = (_c = (_b = obj.fido2Credentials) === null || _b === void 0 ? void 0 : _b.map((key) => Fido2Credential.fromJSON(key))) !== null && _c !== void 0 ? _c : [];
|
|
23672
24064
|
return Object.assign(new Login(), obj, {
|
|
23673
24065
|
username,
|
|
23674
24066
|
password,
|
|
23675
24067
|
totp,
|
|
23676
|
-
passwordRevisionDate
|
|
23677
|
-
uris
|
|
24068
|
+
passwordRevisionDate,
|
|
24069
|
+
uris,
|
|
24070
|
+
fido2Credentials,
|
|
23678
24071
|
});
|
|
23679
24072
|
}
|
|
23680
24073
|
}
|
|
@@ -24173,9 +24566,33 @@ class LoginUriApi extends BaseResponse {
|
|
|
24173
24566
|
}
|
|
24174
24567
|
}
|
|
24175
24568
|
|
|
24569
|
+
;// CONCATENATED MODULE: ../../libs/common/src/vault/api/fido2-credential.api.ts
|
|
24570
|
+
|
|
24571
|
+
class Fido2CredentialApi extends BaseResponse {
|
|
24572
|
+
constructor(data = null) {
|
|
24573
|
+
super(data);
|
|
24574
|
+
if (data == null) {
|
|
24575
|
+
return;
|
|
24576
|
+
}
|
|
24577
|
+
this.credentialId = this.getResponseProperty("CredentialId");
|
|
24578
|
+
this.keyType = this.getResponseProperty("KeyType");
|
|
24579
|
+
this.keyAlgorithm = this.getResponseProperty("KeyAlgorithm");
|
|
24580
|
+
this.keyCurve = this.getResponseProperty("KeyCurve");
|
|
24581
|
+
this.keyValue = this.getResponseProperty("keyValue");
|
|
24582
|
+
this.rpId = this.getResponseProperty("RpId");
|
|
24583
|
+
this.userHandle = this.getResponseProperty("UserHandle");
|
|
24584
|
+
this.counter = this.getResponseProperty("Counter");
|
|
24585
|
+
this.rpName = this.getResponseProperty("RpName");
|
|
24586
|
+
this.userDisplayName = this.getResponseProperty("UserDisplayName");
|
|
24587
|
+
this.discoverable = this.getResponseProperty("Discoverable");
|
|
24588
|
+
this.creationDate = this.getResponseProperty("CreationDate");
|
|
24589
|
+
}
|
|
24590
|
+
}
|
|
24591
|
+
|
|
24176
24592
|
;// CONCATENATED MODULE: ../../libs/common/src/models/api/login.api.ts
|
|
24177
24593
|
|
|
24178
24594
|
|
|
24595
|
+
|
|
24179
24596
|
class LoginApi extends BaseResponse {
|
|
24180
24597
|
constructor(data = null) {
|
|
24181
24598
|
super(data);
|
|
@@ -24191,6 +24608,10 @@ class LoginApi extends BaseResponse {
|
|
|
24191
24608
|
if (uris != null) {
|
|
24192
24609
|
this.uris = uris.map((u) => new LoginUriApi(u));
|
|
24193
24610
|
}
|
|
24611
|
+
const fido2Credentials = this.getResponseProperty("Fido2Credentials");
|
|
24612
|
+
if (fido2Credentials != null) {
|
|
24613
|
+
this.fido2Credentials = fido2Credentials.map((key) => new Fido2CredentialApi(key));
|
|
24614
|
+
}
|
|
24194
24615
|
}
|
|
24195
24616
|
}
|
|
24196
24617
|
|
|
@@ -24219,6 +24640,7 @@ class AttachmentRequest {
|
|
|
24219
24640
|
|
|
24220
24641
|
|
|
24221
24642
|
|
|
24643
|
+
|
|
24222
24644
|
class CipherRequest {
|
|
24223
24645
|
constructor(cipher) {
|
|
24224
24646
|
var _a;
|
|
@@ -24251,6 +24673,30 @@ class CipherRequest {
|
|
|
24251
24673
|
return uri;
|
|
24252
24674
|
});
|
|
24253
24675
|
}
|
|
24676
|
+
if (cipher.login.fido2Credentials != null) {
|
|
24677
|
+
this.login.fido2Credentials = cipher.login.fido2Credentials.map((key) => {
|
|
24678
|
+
const keyApi = new Fido2CredentialApi();
|
|
24679
|
+
keyApi.credentialId =
|
|
24680
|
+
key.credentialId != null ? key.credentialId.encryptedString : null;
|
|
24681
|
+
keyApi.keyType =
|
|
24682
|
+
key.keyType != null ? key.keyType.encryptedString : null;
|
|
24683
|
+
keyApi.keyAlgorithm =
|
|
24684
|
+
key.keyAlgorithm != null ? key.keyAlgorithm.encryptedString : null;
|
|
24685
|
+
keyApi.keyCurve =
|
|
24686
|
+
key.keyCurve != null ? key.keyCurve.encryptedString : null;
|
|
24687
|
+
keyApi.keyValue = key.keyValue != null ? key.keyValue.encryptedString : null;
|
|
24688
|
+
keyApi.rpId = key.rpId != null ? key.rpId.encryptedString : null;
|
|
24689
|
+
keyApi.rpName = key.rpName != null ? key.rpName.encryptedString : null;
|
|
24690
|
+
keyApi.counter = key.counter != null ? key.counter.encryptedString : null;
|
|
24691
|
+
keyApi.userHandle = key.userHandle != null ? key.userHandle.encryptedString : null;
|
|
24692
|
+
keyApi.userDisplayName =
|
|
24693
|
+
key.userDisplayName != null ? key.userDisplayName.encryptedString : null;
|
|
24694
|
+
keyApi.discoverable =
|
|
24695
|
+
key.discoverable != null ? key.discoverable.encryptedString : null;
|
|
24696
|
+
keyApi.creationDate = key.creationDate != null ? key.creationDate.toISOString() : null;
|
|
24697
|
+
return keyApi;
|
|
24698
|
+
});
|
|
24699
|
+
}
|
|
24254
24700
|
break;
|
|
24255
24701
|
case CipherType.SecureNote:
|
|
24256
24702
|
this.secureNote = new SecureNoteApi();
|
|
@@ -24453,6 +24899,7 @@ var cipher_service_awaiter = (undefined && undefined.__awaiter) || function (thi
|
|
|
24453
24899
|
|
|
24454
24900
|
|
|
24455
24901
|
|
|
24902
|
+
|
|
24456
24903
|
|
|
24457
24904
|
|
|
24458
24905
|
const CIPHER_KEY_ENC_MIN_SERVER_VER = new external_semver_namespaceObject.SemVer("2023.9.1");
|
|
@@ -24653,10 +25100,6 @@ class CipherService {
|
|
|
24653
25100
|
yield this.reindexCiphers();
|
|
24654
25101
|
return yield this.getDecryptedCipherCache();
|
|
24655
25102
|
}
|
|
24656
|
-
const hasKey = yield this.cryptoService.hasUserKey();
|
|
24657
|
-
if (!hasKey) {
|
|
24658
|
-
throw new Error("No user key found.");
|
|
24659
|
-
}
|
|
24660
25103
|
const ciphers = yield this.getAll();
|
|
24661
25104
|
const orgKeys = yield this.cryptoService.getOrgKeys();
|
|
24662
25105
|
const userKey = yield this.cryptoService.getUserKeyWithLegacySupport();
|
|
@@ -24713,13 +25156,16 @@ class CipherService {
|
|
|
24713
25156
|
const ciphers = yield this.getAllDecrypted();
|
|
24714
25157
|
defaultMatch !== null && defaultMatch !== void 0 ? defaultMatch : (defaultMatch = yield this.stateService.getDefaultUriMatch());
|
|
24715
25158
|
return ciphers.filter((cipher) => {
|
|
24716
|
-
|
|
25159
|
+
const cipherIsLogin = cipher.type === CipherType.Login && cipher.login !== null;
|
|
25160
|
+
if (cipher.deletedDate !== null) {
|
|
24717
25161
|
return false;
|
|
24718
25162
|
}
|
|
24719
|
-
if (
|
|
25163
|
+
if (Array.isArray(includeOtherTypes) &&
|
|
25164
|
+
includeOtherTypes.includes(cipher.type) &&
|
|
25165
|
+
!cipherIsLogin) {
|
|
24720
25166
|
return true;
|
|
24721
25167
|
}
|
|
24722
|
-
if (
|
|
25168
|
+
if (cipherIsLogin) {
|
|
24723
25169
|
return cipher.login.matchesUri(url, equivalentDomains, defaultMatch);
|
|
24724
25170
|
}
|
|
24725
25171
|
return false;
|
|
@@ -25388,6 +25834,27 @@ class CipherService {
|
|
|
25388
25834
|
cipher.login.uris.push(loginUri);
|
|
25389
25835
|
}
|
|
25390
25836
|
}
|
|
25837
|
+
if (model.login.fido2Credentials != null) {
|
|
25838
|
+
cipher.login.fido2Credentials = yield Promise.all(model.login.fido2Credentials.map((viewKey) => cipher_service_awaiter(this, void 0, void 0, function* () {
|
|
25839
|
+
const domainKey = new Fido2Credential();
|
|
25840
|
+
yield this.encryptObjProperty(viewKey, domainKey, {
|
|
25841
|
+
credentialId: null,
|
|
25842
|
+
keyType: null,
|
|
25843
|
+
keyAlgorithm: null,
|
|
25844
|
+
keyCurve: null,
|
|
25845
|
+
keyValue: null,
|
|
25846
|
+
rpId: null,
|
|
25847
|
+
rpName: null,
|
|
25848
|
+
userHandle: null,
|
|
25849
|
+
userDisplayName: null,
|
|
25850
|
+
origin: null,
|
|
25851
|
+
}, key);
|
|
25852
|
+
domainKey.counter = yield this.cryptoService.encrypt(String(viewKey.counter), key);
|
|
25853
|
+
domainKey.discoverable = yield this.cryptoService.encrypt(String(viewKey.discoverable), key);
|
|
25854
|
+
domainKey.creationDate = viewKey.creationDate;
|
|
25855
|
+
return domainKey;
|
|
25856
|
+
})));
|
|
25857
|
+
}
|
|
25391
25858
|
return;
|
|
25392
25859
|
case CipherType.SecureNote:
|
|
25393
25860
|
cipher.secureNote = new SecureNote();
|
|
@@ -26932,6 +27399,117 @@ class IdentityExport {
|
|
|
26932
27399
|
}
|
|
26933
27400
|
}
|
|
26934
27401
|
|
|
27402
|
+
;// CONCATENATED MODULE: ../../libs/common/src/models/export/fido2-credential.export.ts
|
|
27403
|
+
|
|
27404
|
+
|
|
27405
|
+
|
|
27406
|
+
/**
|
|
27407
|
+
* Represents format of Fido2 Credentials in JSON exports.
|
|
27408
|
+
*/
|
|
27409
|
+
class Fido2CredentialExport {
|
|
27410
|
+
/**
|
|
27411
|
+
* Generates a template for Fido2CredentialExport
|
|
27412
|
+
* @returns Instance of Fido2CredentialExport with predefined values.
|
|
27413
|
+
*/
|
|
27414
|
+
static template() {
|
|
27415
|
+
const req = new Fido2CredentialExport();
|
|
27416
|
+
req.credentialId = "keyId";
|
|
27417
|
+
req.keyType = "keyType";
|
|
27418
|
+
req.keyAlgorithm = "keyAlgorithm";
|
|
27419
|
+
req.keyCurve = "keyCurve";
|
|
27420
|
+
req.keyValue = "keyValue";
|
|
27421
|
+
req.rpId = "rpId";
|
|
27422
|
+
req.userHandle = "userHandle";
|
|
27423
|
+
req.counter = "counter";
|
|
27424
|
+
req.rpName = "rpName";
|
|
27425
|
+
req.userDisplayName = "userDisplayName";
|
|
27426
|
+
req.discoverable = "false";
|
|
27427
|
+
req.creationDate = null;
|
|
27428
|
+
return req;
|
|
27429
|
+
}
|
|
27430
|
+
/**
|
|
27431
|
+
* Converts a Fido2CredentialExport object to its view representation.
|
|
27432
|
+
* @param req - The Fido2CredentialExport object to be converted.
|
|
27433
|
+
* @param view - (Optional) The Fido2CredentialView object to popualte with Fido2CredentialExport data
|
|
27434
|
+
* @returns Fido2CredentialView - The populated view, or a new instance if none was provided.
|
|
27435
|
+
*/
|
|
27436
|
+
static toView(req, view = new Fido2CredentialView()) {
|
|
27437
|
+
view.credentialId = req.credentialId;
|
|
27438
|
+
view.keyType = req.keyType;
|
|
27439
|
+
view.keyAlgorithm = req.keyAlgorithm;
|
|
27440
|
+
view.keyCurve = req.keyCurve;
|
|
27441
|
+
view.keyValue = req.keyValue;
|
|
27442
|
+
view.rpId = req.rpId;
|
|
27443
|
+
view.userHandle = req.userHandle;
|
|
27444
|
+
view.counter = parseInt(req.counter);
|
|
27445
|
+
view.rpName = req.rpName;
|
|
27446
|
+
view.userDisplayName = req.userDisplayName;
|
|
27447
|
+
view.discoverable = req.discoverable === "true";
|
|
27448
|
+
view.creationDate = new Date(req.creationDate);
|
|
27449
|
+
return view;
|
|
27450
|
+
}
|
|
27451
|
+
/**
|
|
27452
|
+
* Converts a Fido2CredentialExport object to its domain representation.
|
|
27453
|
+
* @param req - The Fido2CredentialExport object to be converted.
|
|
27454
|
+
* @param domain - (Optional) The Fido2Credential object to popualte with Fido2CredentialExport data
|
|
27455
|
+
* @returns Fido2Credential - The populated domain, or a new instance if none was provided.
|
|
27456
|
+
*/
|
|
27457
|
+
static toDomain(req, domain = new Fido2Credential()) {
|
|
27458
|
+
domain.credentialId = req.credentialId != null ? new EncString(req.credentialId) : null;
|
|
27459
|
+
domain.keyType = req.keyType != null ? new EncString(req.keyType) : null;
|
|
27460
|
+
domain.keyAlgorithm = req.keyAlgorithm != null ? new EncString(req.keyAlgorithm) : null;
|
|
27461
|
+
domain.keyCurve = req.keyCurve != null ? new EncString(req.keyCurve) : null;
|
|
27462
|
+
domain.keyValue = req.keyValue != null ? new EncString(req.keyValue) : null;
|
|
27463
|
+
domain.rpId = req.rpId != null ? new EncString(req.rpId) : null;
|
|
27464
|
+
domain.userHandle = req.userHandle != null ? new EncString(req.userHandle) : null;
|
|
27465
|
+
domain.counter = req.counter != null ? new EncString(req.counter) : null;
|
|
27466
|
+
domain.rpName = req.rpName != null ? new EncString(req.rpName) : null;
|
|
27467
|
+
domain.userDisplayName =
|
|
27468
|
+
req.userDisplayName != null ? new EncString(req.userDisplayName) : null;
|
|
27469
|
+
domain.discoverable = req.discoverable != null ? new EncString(req.discoverable) : null;
|
|
27470
|
+
domain.creationDate = req.creationDate;
|
|
27471
|
+
return domain;
|
|
27472
|
+
}
|
|
27473
|
+
/**
|
|
27474
|
+
* Constructs a new Fid2CredentialExport instance.
|
|
27475
|
+
*
|
|
27476
|
+
* @param o - The credential storing the data being exported. When not provided, an empty export is created instead.
|
|
27477
|
+
*/
|
|
27478
|
+
constructor(o) {
|
|
27479
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
|
|
27480
|
+
if (o == null) {
|
|
27481
|
+
return;
|
|
27482
|
+
}
|
|
27483
|
+
if (o instanceof Fido2CredentialView) {
|
|
27484
|
+
this.credentialId = o.credentialId;
|
|
27485
|
+
this.keyType = o.keyType;
|
|
27486
|
+
this.keyAlgorithm = o.keyAlgorithm;
|
|
27487
|
+
this.keyCurve = o.keyCurve;
|
|
27488
|
+
this.keyValue = o.keyValue;
|
|
27489
|
+
this.rpId = o.rpId;
|
|
27490
|
+
this.userHandle = o.userHandle;
|
|
27491
|
+
this.counter = String(o.counter);
|
|
27492
|
+
this.rpName = o.rpName;
|
|
27493
|
+
this.userDisplayName = o.userDisplayName;
|
|
27494
|
+
this.discoverable = String(o.discoverable);
|
|
27495
|
+
}
|
|
27496
|
+
else {
|
|
27497
|
+
this.credentialId = (_a = o.credentialId) === null || _a === void 0 ? void 0 : _a.encryptedString;
|
|
27498
|
+
this.keyType = (_b = o.keyType) === null || _b === void 0 ? void 0 : _b.encryptedString;
|
|
27499
|
+
this.keyAlgorithm = (_c = o.keyAlgorithm) === null || _c === void 0 ? void 0 : _c.encryptedString;
|
|
27500
|
+
this.keyCurve = (_d = o.keyCurve) === null || _d === void 0 ? void 0 : _d.encryptedString;
|
|
27501
|
+
this.keyValue = (_e = o.keyValue) === null || _e === void 0 ? void 0 : _e.encryptedString;
|
|
27502
|
+
this.rpId = (_f = o.rpId) === null || _f === void 0 ? void 0 : _f.encryptedString;
|
|
27503
|
+
this.userHandle = (_g = o.userHandle) === null || _g === void 0 ? void 0 : _g.encryptedString;
|
|
27504
|
+
this.counter = (_h = o.counter) === null || _h === void 0 ? void 0 : _h.encryptedString;
|
|
27505
|
+
this.rpName = (_j = o.rpName) === null || _j === void 0 ? void 0 : _j.encryptedString;
|
|
27506
|
+
this.userDisplayName = (_k = o.userDisplayName) === null || _k === void 0 ? void 0 : _k.encryptedString;
|
|
27507
|
+
this.discoverable = (_l = o.discoverable) === null || _l === void 0 ? void 0 : _l.encryptedString;
|
|
27508
|
+
}
|
|
27509
|
+
this.creationDate = o.creationDate;
|
|
27510
|
+
}
|
|
27511
|
+
}
|
|
27512
|
+
|
|
26935
27513
|
;// CONCATENATED MODULE: ../../libs/common/src/models/export/login-uri.export.ts
|
|
26936
27514
|
|
|
26937
27515
|
|
|
@@ -26974,6 +27552,7 @@ class LoginUriExport {
|
|
|
26974
27552
|
|
|
26975
27553
|
|
|
26976
27554
|
|
|
27555
|
+
|
|
26977
27556
|
class LoginExport {
|
|
26978
27557
|
static template() {
|
|
26979
27558
|
const req = new LoginExport();
|
|
@@ -26981,6 +27560,7 @@ class LoginExport {
|
|
|
26981
27560
|
req.username = "jdoe";
|
|
26982
27561
|
req.password = "myp@ssword123";
|
|
26983
27562
|
req.totp = "JBSWY3DPEHPK3PXP";
|
|
27563
|
+
req.fido2Credentials = [Fido2CredentialExport.template()];
|
|
26984
27564
|
return req;
|
|
26985
27565
|
}
|
|
26986
27566
|
static toView(req, view = new LoginView()) {
|
|
@@ -26990,6 +27570,9 @@ class LoginExport {
|
|
|
26990
27570
|
view.username = req.username;
|
|
26991
27571
|
view.password = req.password;
|
|
26992
27572
|
view.totp = req.totp;
|
|
27573
|
+
if (req.fido2Credentials != null) {
|
|
27574
|
+
view.fido2Credentials = req.fido2Credentials.map((key) => Fido2CredentialExport.toView(key));
|
|
27575
|
+
}
|
|
26993
27576
|
return view;
|
|
26994
27577
|
}
|
|
26995
27578
|
static toDomain(req, domain = new Login()) {
|
|
@@ -26999,10 +27582,12 @@ class LoginExport {
|
|
|
26999
27582
|
domain.username = req.username != null ? new EncString(req.username) : null;
|
|
27000
27583
|
domain.password = req.password != null ? new EncString(req.password) : null;
|
|
27001
27584
|
domain.totp = req.totp != null ? new EncString(req.totp) : null;
|
|
27585
|
+
// Fido2credentials are currently not supported for exports.
|
|
27002
27586
|
return domain;
|
|
27003
27587
|
}
|
|
27004
27588
|
constructor(o) {
|
|
27005
27589
|
var _a, _b, _c;
|
|
27590
|
+
this.fido2Credentials = [];
|
|
27006
27591
|
if (o == null) {
|
|
27007
27592
|
return;
|
|
27008
27593
|
}
|
|
@@ -27014,6 +27599,9 @@ class LoginExport {
|
|
|
27014
27599
|
this.uris = o.uris.map((u) => new LoginUriExport(u));
|
|
27015
27600
|
}
|
|
27016
27601
|
}
|
|
27602
|
+
if (o.fido2Credentials != null) {
|
|
27603
|
+
this.fido2Credentials = o.fido2Credentials.map((key) => new Fido2CredentialExport(key));
|
|
27604
|
+
}
|
|
27017
27605
|
if (o instanceof LoginView) {
|
|
27018
27606
|
this.username = o.username;
|
|
27019
27607
|
this.password = o.password;
|
|
@@ -27395,6 +27983,7 @@ class FolderWithIdExport extends FolderExport {
|
|
|
27395
27983
|
|
|
27396
27984
|
|
|
27397
27985
|
|
|
27986
|
+
|
|
27398
27987
|
|
|
27399
27988
|
;// CONCATENATED MODULE: ../../libs/exporter/src/export-helper.ts
|
|
27400
27989
|
class ExportHelper {
|
|
@@ -33792,9 +34381,9 @@ const featuredImportOptions = [
|
|
|
33792
34381
|
{ id: "dashlanecsv", name: "Dashlane (csv)" },
|
|
33793
34382
|
{ id: "firefoxcsv", name: "Firefox (csv)" },
|
|
33794
34383
|
{ id: "keepass2xml", name: "KeePass 2 (xml)" },
|
|
33795
|
-
{ id: "lastpasscsv", name: "LastPass
|
|
34384
|
+
{ id: "lastpasscsv", name: "LastPass" },
|
|
33796
34385
|
{ id: "safaricsv", name: "Safari and macOS (csv)" },
|
|
33797
|
-
{ id: "1password1pux", name: "1Password (1pux)" },
|
|
34386
|
+
{ id: "1password1pux", name: "1Password (1pux/json)" },
|
|
33798
34387
|
];
|
|
33799
34388
|
const regularImportOptions = [
|
|
33800
34389
|
{ id: "keepassxcsv", name: "KeePassX (csv)" },
|
|
@@ -34220,10 +34809,13 @@ class ImportService {
|
|
|
34220
34809
|
}
|
|
34221
34810
|
}
|
|
34222
34811
|
|
|
34223
|
-
;// CONCATENATED MODULE: ../../libs/importer/src/index.ts
|
|
34812
|
+
;// CONCATENATED MODULE: ../../libs/importer/src/services/index.ts
|
|
34813
|
+
|
|
34224
34814
|
|
|
34225
34815
|
|
|
34226
34816
|
|
|
34817
|
+
|
|
34818
|
+
;// CONCATENATED MODULE: ../../libs/importer/src/index.ts
|
|
34227
34819
|
|
|
34228
34820
|
|
|
34229
34821
|
|
|
@@ -34386,17 +34978,17 @@ class NodeCryptoFunctionService {
|
|
|
34386
34978
|
}
|
|
34387
34979
|
return p;
|
|
34388
34980
|
}
|
|
34389
|
-
aesDecryptFast(parameters) {
|
|
34981
|
+
aesDecryptFast(parameters, mode) {
|
|
34390
34982
|
return node_crypto_function_service_awaiter(this, void 0, void 0, function* () {
|
|
34391
|
-
const decBuf = yield this.aesDecrypt(parameters.data, parameters.iv, parameters.encKey);
|
|
34983
|
+
const decBuf = yield this.aesDecrypt(parameters.data, parameters.iv, parameters.encKey, mode);
|
|
34392
34984
|
return utils_Utils.fromBufferToUtf8(decBuf);
|
|
34393
34985
|
});
|
|
34394
34986
|
}
|
|
34395
|
-
aesDecrypt(data, iv, key) {
|
|
34987
|
+
aesDecrypt(data, iv, key, mode) {
|
|
34396
34988
|
const nodeData = this.toNodeBuffer(data);
|
|
34397
|
-
const nodeIv = this.toNodeBuffer(iv);
|
|
34989
|
+
const nodeIv = mode === "ecb" ? null : this.toNodeBuffer(iv);
|
|
34398
34990
|
const nodeKey = this.toNodeBuffer(key);
|
|
34399
|
-
const decipher = external_crypto_namespaceObject.createDecipheriv(
|
|
34991
|
+
const decipher = external_crypto_namespaceObject.createDecipheriv(this.toNodeCryptoAesMode(mode), nodeKey, nodeIv);
|
|
34400
34992
|
const decBuf = Buffer.concat([decipher.update(nodeData), decipher.final()]);
|
|
34401
34993
|
return Promise.resolve(this.toUint8Buffer(decBuf));
|
|
34402
34994
|
}
|
|
@@ -34502,6 +35094,9 @@ class NodeCryptoFunctionService {
|
|
|
34502
35094
|
const publicKey = external_node_forge_namespaceObject.pki.publicKeyFromAsn1(asn1);
|
|
34503
35095
|
return external_node_forge_namespaceObject.pki.publicKeyToPem(publicKey);
|
|
34504
35096
|
}
|
|
35097
|
+
toNodeCryptoAesMode(mode) {
|
|
35098
|
+
return mode === "cbc" ? "aes-256-cbc" : "aes-256-ecb";
|
|
35099
|
+
}
|
|
34505
35100
|
}
|
|
34506
35101
|
|
|
34507
35102
|
;// CONCATENATED MODULE: ../../libs/common/src/platform/abstractions/config/server-config.ts
|
|
@@ -35345,6 +35940,7 @@ class CollectionDetailsResponse extends CollectionResponse {
|
|
|
35345
35940
|
constructor(response) {
|
|
35346
35941
|
super(response);
|
|
35347
35942
|
this.readOnly = this.getResponseProperty("ReadOnly") || false;
|
|
35943
|
+
this.hidePasswords = this.getResponseProperty("HidePasswords") || false;
|
|
35348
35944
|
}
|
|
35349
35945
|
}
|
|
35350
35946
|
class CollectionAccessDetailsResponse extends CollectionResponse {
|
|
@@ -36525,7 +37121,7 @@ class ApiService {
|
|
|
36525
37121
|
// Plan APIs
|
|
36526
37122
|
getPlans() {
|
|
36527
37123
|
return api_service_awaiter(this, void 0, void 0, function* () {
|
|
36528
|
-
const r = yield this.send("GET", "/plans
|
|
37124
|
+
const r = yield this.send("GET", "/plans", null, false, true);
|
|
36529
37125
|
return new ListResponse(r, PlanResponse);
|
|
36530
37126
|
});
|
|
36531
37127
|
}
|
|
@@ -37768,6 +38364,9 @@ class LoginCommand {
|
|
|
37768
38364
|
else {
|
|
37769
38365
|
response = yield this.authService.logIn(new PasswordLogInCredentials(email, password, null, twoFactor));
|
|
37770
38366
|
}
|
|
38367
|
+
if (response.requiresEncryptionKeyMigration) {
|
|
38368
|
+
return Response.error("Encryption key migration required. Please login through the web vault to update your encryption key.");
|
|
38369
|
+
}
|
|
37771
38370
|
if (response.captchaSiteKey) {
|
|
37772
38371
|
const credentials = new PasswordLogInCredentials(email, password);
|
|
37773
38372
|
const handledResponse = yield this.handleCaptchaRequired(twoFactor, credentials);
|
|
@@ -42882,7 +43481,7 @@ class ImportCommand {
|
|
|
42882
43481
|
}
|
|
42883
43482
|
try {
|
|
42884
43483
|
let contents;
|
|
42885
|
-
if (format === "1password1pux") {
|
|
43484
|
+
if (format === "1password1pux" && filepath.endsWith(".1pux")) {
|
|
42886
43485
|
contents = yield CliUtils.extractZipContent(filepath, "export.data");
|
|
42887
43486
|
}
|
|
42888
43487
|
else if (format === "protonpass" && filepath.endsWith(".zip")) {
|
|
@@ -43402,6 +44001,7 @@ var bw_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _argum
|
|
|
43402
44001
|
|
|
43403
44002
|
|
|
43404
44003
|
|
|
44004
|
+
|
|
43405
44005
|
|
|
43406
44006
|
|
|
43407
44007
|
// Polyfills
|
|
@@ -43438,7 +44038,8 @@ class Main {
|
|
|
43438
44038
|
this.storageService = new LowdbStorageService(this.logService, null, p, false, true);
|
|
43439
44039
|
this.secureStorageService = new NodeEnvSecureStorageService(this.storageService, this.logService, () => this.cryptoService);
|
|
43440
44040
|
this.memoryStorageService = new MemoryStorageService();
|
|
43441
|
-
this.
|
|
44041
|
+
this.accountService = new AccountServiceImplementation(null, this.logService);
|
|
44042
|
+
this.stateService = new StateService(this.storageService, this.secureStorageService, this.memoryStorageService, this.logService, new StateFactory(GlobalState, Account), this.accountService);
|
|
43442
44043
|
this.cryptoService = new CryptoService(this.cryptoFunctionService, this.encryptService, this.platformUtilsService, this.logService, this.stateService);
|
|
43443
44044
|
this.appIdService = new AppIdService(this.storageService);
|
|
43444
44045
|
this.tokenService = new TokenService(this.stateService);
|