@lifeready/core 9.0.2 → 9.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/bundles/lifeready-core.umd.js +201 -177
  2. package/bundles/lifeready-core.umd.js.map +1 -1
  3. package/bundles/lifeready-core.umd.min.js +1 -1
  4. package/bundles/lifeready-core.umd.min.js.map +1 -1
  5. package/esm2015/lib/api/types/lr-graphql.types.js +4 -1
  6. package/esm2015/lib/key-exchange/key-exchange.service.js +17 -1
  7. package/esm2015/lib/register/register.service.js +3 -3
  8. package/fesm2015/lifeready-core.js +20 -1
  9. package/fesm2015/lifeready-core.js.map +1 -1
  10. package/package.json +1 -1
package/bundles/lifeready-core.umd.js CHANGED
@@ -3966,8 +3966,11 @@
3966
3966
  ScenarioLastClaimState["RESET"] = "RESET";
3967
3967
  })(exports.ScenarioLastClaimState || (exports.ScenarioLastClaimState = {}));
3968
3968
  (function (LinkTypeField) {
3969
+ // HARD links will persist the child as long as the parent exists
3969
3970
  LinkTypeField["HARD"] = "HARD";
3971
+ // SOFT links will provides permission inheritance but will not persist the child if the parent is deleted
3970
3972
  LinkTypeField["SOFT"] = "SOFT";
3973
+ // REFERENCE links do not provide permission inheritance and will not persist the child if the parent is deleted
3971
3974
  LinkTypeField["REFERENCE"] = "REFERENCE";
3972
3975
  })(exports.LinkTypeField || (exports.LinkTypeField = {}));
3973
3976
  (function (BillingPeriodField) {
@@ -8258,12 +8261,12 @@
8258
8261
  KeyExchangeService.prototype.getOtKey = function (keyExchange, otKeyK) {
8259
8262
  return __awaiter(this, void 0, void 0, function () {
8260
8263
  var prk, decryptedCipher;
8261
- return __generator(this, function (_a) {
8262
- switch (_a.label) {
8264
+ return __generator(this, function (_b) {
8265
+ switch (_b.label) {
8263
8266
  case 0:
8264
8267
  if (!otKeyK) return [3 /*break*/, 2];
8265
8268
  return [4 /*yield*/, KeyFactoryService.asKey(Object.assign(Object.assign({}, JSON.parse(keyExchange.otk.otKeyParams)), { k: otKeyK }))];
8266
- case 1: return [2 /*return*/, _a.sent()];
8269
+ case 1: return [2 /*return*/, _b.sent()];
8267
8270
  case 2:
8268
8271
  if (!(keyExchange.otk.state === 'OTK_INITIATED' &&
8269
8272
  !keyExchange.isInitiator &&
@@ -8273,10 +8276,10 @@
8273
8276
  serializations: [JoseSerialization.COMPACT],
8274
8277
  })];
8275
8278
  case 3:
8276
- decryptedCipher = _a.sent();
8279
+ decryptedCipher = _b.sent();
8277
8280
  if (!decryptedCipher.otKey) return [3 /*break*/, 5];
8278
8281
  return [4 /*yield*/, KeyFactoryService.asKey(decryptedCipher.otKey)];
8279
- case 4: return [2 /*return*/, _a.sent()];
8282
+ case 4: return [2 /*return*/, _b.sent()];
8280
8283
  case 5: return [2 /*return*/, null];
8281
8284
  }
8282
8285
  });
@@ -8284,22 +8287,32 @@
8284
8287
  };
8285
8288
  KeyExchangeService.prototype.decryptOtk = function (keyExchange, otKeyK) {
8286
8289
  return __awaiter(this, void 0, void 0, function () {
8287
- var otKey, otk, _a, _b, _c, _d;
8288
- return __generator(this, function (_e) {
8289
- switch (_e.label) {
8290
+ var otKey, otk, _b, _c, _d, _e;
8291
+ return __generator(this, function (_f) {
8292
+ switch (_f.label) {
8290
8293
  case 0: return [4 /*yield*/, this.getOtKey(keyExchange, otKeyK)];
8291
8294
  case 1:
8292
- otKey = _e.sent();
8295
+ otKey = _f.sent();
8293
8296
  otk = keyExchange.otk;
8294
8297
  if (!(otKey && otk.otKeyCipher)) return [3 /*break*/, 3];
8295
- _b = (_a = Object).assign;
8296
- _c = [Object.assign({}, otk)];
8297
- _d = { otKey: otKey };
8298
+ _c = (_b = Object).assign;
8299
+ _d = [Object.assign({}, otk)];
8300
+ _e = { otKey: otKey };
8298
8301
  return [4 /*yield*/, this.encryptionService.decrypt(otKey, keyExchange.otk.otKeyCipher)];
8299
8302
  case 2:
8300
- otk = _b.apply(_a, _c.concat([(_d.otKeyCipherClearJson = _e.sent(), _d)]));
8301
- _e.label = 3;
8302
- case 3: return [2 /*return*/, Object.assign(Object.assign({}, keyExchange), { otk: otk })];
8303
+ otk = _c.apply(_b, _d.concat([(_e.otKeyCipherClearJson = _f.sent(), _e)]));
8304
+ return [3 /*break*/, 4];
8305
+ case 3:
8306
+ if (otk.otKeyCipher && !otKey) {
8307
+ // Log a warning when we have cipher data but couldn't obtain the key to decrypt it.
8308
+ // This typically happens when:
8309
+ // - The otKeyK (raw one-time key from URL hash) was not provided or was empty
8310
+ // - The responder doesn't have a responderPbkCipher (new user via invite)
8311
+ console.warn('KeyExchangeService: Unable to decrypt OTK cipher - one-time key not available. ' +
8312
+ 'otKeyK provided:', !!otKeyK, 'otKeyK value:', otKeyK ? '[present]' : '[empty/missing]');
8313
+ }
8314
+ _f.label = 4;
8315
+ case 4: return [2 /*return*/, Object.assign(Object.assign({}, keyExchange), { otk: otk })];
8303
8316
  }
8304
8317
  });
8305
8318
  });
@@ -8307,16 +8320,16 @@
8307
8320
  KeyExchangeService.prototype.decryptResponseCipher = function (otKey, otPrk, content) {
8308
8321
  return __awaiter(this, void 0, void 0, function () {
8309
8322
  var error_1;
8310
- return __generator(this, function (_a) {
8311
- switch (_a.label) {
8323
+ return __generator(this, function (_b) {
8324
+ switch (_b.label) {
8312
8325
  case 0:
8313
- _a.trys.push([0, 2, , 3]);
8326
+ _b.trys.push([0, 2, , 3]);
8314
8327
  return [4 /*yield*/, this.encryptionService.decrypt(otKey, content)];
8315
8328
  case 1:
8316
- content = _a.sent();
8329
+ content = _b.sent();
8317
8330
  return [3 /*break*/, 3];
8318
8331
  case 2:
8319
- error_1 = _a.sent();
8332
+ error_1 = _b.sent();
8320
8333
  if (error_1.message !== 'no key found') {
8321
8334
  throw error_1;
8322
8335
  }
@@ -8324,44 +8337,44 @@
8324
8337
  case 3: return [4 /*yield*/, this.encryptionService.decrypt(otPrk, content)];
8325
8338
  case 4:
8326
8339
  // The Prk is single-use and only used to send information from the responder back to the initiator.
8327
- return [2 /*return*/, _a.sent()];
8340
+ return [2 /*return*/, _b.sent()];
8328
8341
  }
8329
8342
  });
8330
8343
  });
8331
8344
  };
8332
8345
  KeyExchangeService.prototype.decryptKeyExchangeAsInitiator = function (keyExchange) {
8333
8346
  return __awaiter(this, void 0, void 0, function () {
8334
- var rootKey, initiatorRootKeyCipherClearJson, otKey, otk, _a, _b, _c, _d, _e, _f, _g;
8335
- return __generator(this, function (_h) {
8336
- switch (_h.label) {
8347
+ var rootKey, initiatorRootKeyCipherClearJson, otKey, otk, _b, _c, _d, _e, _f, _g, _h;
8348
+ return __generator(this, function (_j) {
8349
+ switch (_j.label) {
8337
8350
  case 0:
8338
8351
  rootKey = this.keyService.currentRootKey;
8339
8352
  return [4 /*yield*/, this.encryptionService.decrypt(rootKey.jwk, keyExchange.initiatorRootKeyCipher)];
8340
8353
  case 1:
8341
- initiatorRootKeyCipherClearJson = (_h.sent());
8354
+ initiatorRootKeyCipherClearJson = (_j.sent());
8342
8355
  return [4 /*yield*/, KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.otKey)];
8343
8356
  case 2:
8344
- otKey = _h.sent();
8357
+ otKey = _j.sent();
8345
8358
  keyExchange = Object.assign(Object.assign({}, keyExchange), { initiatorRootKeyCipherClearJson: initiatorRootKeyCipherClearJson });
8346
8359
  otk = keyExchange.otk;
8347
8360
  if (!otk.initiatorOneTimePbkCipher) return [3 /*break*/, 5];
8348
- _b = (_a = Object).assign;
8349
- _c = [Object.assign({}, otk)];
8350
- _d = {};
8351
- _e = this.decryptResponseCipher;
8352
- _f = [otKey];
8361
+ _c = (_b = Object).assign;
8362
+ _d = [Object.assign({}, otk)];
8363
+ _e = {};
8364
+ _f = this.decryptResponseCipher;
8365
+ _g = [otKey];
8353
8366
  return [4 /*yield*/, KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.oneTimePrk)];
8354
- case 3: return [4 /*yield*/, _e.apply(this, _f.concat([_h.sent(), otk.initiatorOneTimePbkCipher]))];
8367
+ case 3: return [4 /*yield*/, _f.apply(this, _g.concat([_j.sent(), otk.initiatorOneTimePbkCipher]))];
8355
8368
  case 4:
8356
- otk = _b.apply(_a, _c.concat([(_d.initiatorOneTimePbkCipherClearJson = _h.sent(), _d)]));
8357
- _h.label = 5;
8369
+ otk = _c.apply(_b, _d.concat([(_e.initiatorOneTimePbkCipherClearJson = _j.sent(), _e)]));
8370
+ _j.label = 5;
8358
8371
  case 5:
8359
8372
  if (!otk.otKeyCipher) return [3 /*break*/, 7];
8360
- _g = otk;
8373
+ _h = otk;
8361
8374
  return [4 /*yield*/, this.encryptionService.decrypt(otKey, otk.otKeyCipher)];
8362
8375
  case 6:
8363
- _g.otKeyCipherClearJson = _h.sent();
8364
- _h.label = 7;
8376
+ _h.otKeyCipherClearJson = _j.sent();
8377
+ _j.label = 7;
8365
8378
  case 7: return [2 /*return*/, Object.assign(Object.assign({}, keyExchange), { otk: otk })];
8366
8379
  }
8367
8380
  });
@@ -8369,14 +8382,14 @@
8369
8382
  };
8370
8383
  KeyExchangeService.prototype.decryptKeyExchangeAsResponder = function (keyExchange, otKeyK) {
8371
8384
  return __awaiter(this, void 0, void 0, function () {
8372
- return __generator(this, function (_a) {
8385
+ return __generator(this, function (_b) {
8373
8386
  return [2 /*return*/, this.decryptOtk(keyExchange, otKeyK)];
8374
8387
  });
8375
8388
  });
8376
8389
  };
8377
8390
  KeyExchangeService.prototype.decryptKeyExchange = function (keyExchange, otKeyK) {
8378
8391
  return __awaiter(this, void 0, void 0, function () {
8379
- return __generator(this, function (_a) {
8392
+ return __generator(this, function (_b) {
8380
8393
  if (keyExchange.isInitiator) {
8381
8394
  return [2 /*return*/, this.decryptKeyExchangeAsInitiator(keyExchange)];
8382
8395
  }
@@ -8387,13 +8400,13 @@
8387
8400
  });
8388
8401
  });
8389
8402
  };
8390
- KeyExchangeService.prototype.getKeyExchanges = function (_a) {
8391
- var _b = _a === void 0 ? {} : _a, state = _b.state;
8403
+ KeyExchangeService.prototype.getKeyExchanges = function (_b) {
8404
+ var _c = _b === void 0 ? {} : _b, state = _c.state;
8392
8405
  return __awaiter(this, void 0, void 0, function () {
8393
8406
  var keyExchanges;
8394
8407
  var _this = this;
8395
- return __generator(this, function (_a) {
8396
- switch (_a.label) {
8408
+ return __generator(this, function (_b) {
8409
+ switch (_b.label) {
8397
8410
  case 0: return [4 /*yield*/, this.query({
8398
8411
  query: KeyExchangesQuery2,
8399
8412
  variables: {
@@ -8401,7 +8414,7 @@
8401
8414
  },
8402
8415
  })];
8403
8416
  case 1:
8404
- keyExchanges = (_a.sent()).keyExchanges;
8417
+ keyExchanges = (_b.sent()).keyExchanges;
8405
8418
  return [2 /*return*/, Promise.all(keyExchanges.edges.map(function (edge) { return _this.decryptKeyExchange(edge.node); }))];
8406
8419
  }
8407
8420
  });
@@ -8413,12 +8426,12 @@
8413
8426
  * @param otKeyK Is the raw one-time key (string). If the responder is explicitly specified at time of initiation, then
8414
8427
  * it's possible to have the otKey wrapped by the public key of the responder. In which case, the otKeyK is not needed.
8415
8428
  */
8416
- KeyExchangeService.prototype.getKeyExchange = function (id, _a) {
8417
- var _b = _a === void 0 ? {} : _a, otKeyK = _b.otKeyK, token = _b.token;
8429
+ KeyExchangeService.prototype.getKeyExchange = function (id, _b) {
8430
+ var _c = _b === void 0 ? {} : _b, otKeyK = _c.otKeyK, token = _c.token;
8418
8431
  return __awaiter(this, void 0, void 0, function () {
8419
8432
  var res;
8420
- return __generator(this, function (_a) {
8421
- switch (_a.label) {
8433
+ return __generator(this, function (_b) {
8434
+ switch (_b.label) {
8422
8435
  case 0: return [4 /*yield*/, this.query({
8423
8436
  query: token ? KeyExchangeTokenQuery2 : KeyExchangeQuery2,
8424
8437
  variables: {
@@ -8428,7 +8441,7 @@
8428
8441
  includeKeyGraph: !token,
8429
8442
  })];
8430
8443
  case 1:
8431
- res = _a.sent();
8444
+ res = _b.sent();
8432
8445
  return [2 /*return*/, this.decryptKeyExchange(res.keyExchange, otKeyK)];
8433
8446
  }
8434
8447
  });
@@ -8436,7 +8449,7 @@
8436
8449
  };
8437
8450
  KeyExchangeService.prototype.getCurrentUserSharedKey = function (input) {
8438
8451
  return __awaiter(this, void 0, void 0, function () {
8439
- return __generator(this, function (_a) {
8452
+ return __generator(this, function (_b) {
8440
8453
  return [2 /*return*/, this.query({
8441
8454
  query: CurrentUserSharedKeyQuery2,
8442
8455
  variables: {
@@ -8477,38 +8490,38 @@
8477
8490
  KeyExchangeService.prototype.initiateOtk = function (input) {
8478
8491
  if (input === void 0) { input = {}; }
8479
8492
  return __awaiter(this, void 0, void 0, function () {
8480
- var _a;
8481
- return __generator(this, function (_b) {
8482
- switch (_b.label) {
8493
+ var _b;
8494
+ return __generator(this, function (_c) {
8495
+ switch (_c.label) {
8483
8496
  case 0:
8484
- _a = this.mutate;
8497
+ _b = this.mutate;
8485
8498
  return [4 /*yield*/, this.initiateOtkMutation(input)];
8486
- case 1: return [2 /*return*/, _a.apply(this, [(_b.sent()).lrMutation])];
8499
+ case 1: return [2 /*return*/, _b.apply(this, [(_c.sent()).lrMutation])];
8487
8500
  }
8488
8501
  });
8489
8502
  });
8490
8503
  };
8491
- KeyExchangeService.prototype.initiateOtkMutation = function (_a) {
8492
- var _b = _a === void 0 ? {} : _a, message = _b.message, email = _b.email, contactCard = _b.contactCard, upgrade = _b.upgrade;
8504
+ KeyExchangeService.prototype.initiateOtkMutation = function (_b) {
8505
+ var _c = _b === void 0 ? {} : _b, message = _c.message, email = _c.email, contactCard = _c.contactCard, upgrade = _c.upgrade;
8493
8506
  return __awaiter(this, void 0, void 0, function () {
8494
8507
  var otKey, nonce, initiatorOneTimePrk, initiatorPrk, initiatorSigPrk, initiatorPlainDataSig, initiator, plainOtKeyCipher, otKeyCipher, initiatorRootKeyCipherClearJson, rootKey, initiatorRootKeyCipher, otKeyK, lrMutation;
8495
- return __generator(this, function (_a) {
8496
- switch (_a.label) {
8508
+ return __generator(this, function (_b) {
8509
+ switch (_b.label) {
8497
8510
  case 0: return [4 /*yield*/, this.keyFactory.createKey()];
8498
8511
  case 1:
8499
- otKey = _a.sent();
8512
+ otKey = _b.sent();
8500
8513
  nonce = this.keyFactory.randomString(this.CLIENT_NONCE_LENGTH);
8501
8514
  return [4 /*yield*/, this.keyFactory.createPkcKey()];
8502
8515
  case 2:
8503
- initiatorOneTimePrk = _a.sent();
8516
+ initiatorOneTimePrk = _b.sent();
8504
8517
  initiatorPrk = this.keyService.currentPxk;
8505
8518
  initiatorSigPrk = this.keyService.currentSigPxk;
8506
8519
  initiatorPlainDataSig = null;
8507
8520
  if (!(contactCard && contactCard.ownerPlainDataJson)) return [3 /*break*/, 4];
8508
8521
  return [4 /*yield*/, this.encryptionService.signToString(initiatorSigPrk.jwk, contactCard.ownerPlainDataJson)];
8509
8522
  case 3:
8510
- initiatorPlainDataSig = _a.sent();
8511
- _a.label = 4;
8523
+ initiatorPlainDataSig = _b.sent();
8524
+ _b.label = 4;
8512
8525
  case 4:
8513
8526
  initiator = {
8514
8527
  message: message,
@@ -8527,7 +8540,7 @@
8527
8540
  };
8528
8541
  return [4 /*yield*/, this.keyGraph.encryptToString(otKey, plainOtKeyCipher)];
8529
8542
  case 5:
8530
- otKeyCipher = _a.sent();
8543
+ otKeyCipher = _b.sent();
8531
8544
  initiatorRootKeyCipherClearJson = {
8532
8545
  nonce: nonce,
8533
8546
  oneTimePrk: initiatorOneTimePrk.toJSON(true),
@@ -8545,7 +8558,7 @@
8545
8558
  rootKey = this.keyService.currentRootKey;
8546
8559
  return [4 /*yield*/, this.keyGraph.encryptToString(rootKey.jwk, initiatorRootKeyCipherClearJson)];
8547
8560
  case 6:
8548
- initiatorRootKeyCipher = _a.sent();
8561
+ initiatorRootKeyCipher = _b.sent();
8549
8562
  otKeyK = otKey.toJSON(true).k;
8550
8563
  lrMutation = new LrMutation({
8551
8564
  mutation: InitiateKeyExchangeOtkMutation,
@@ -8576,44 +8589,52 @@
8576
8589
  KeyExchangeService.prototype.respondOtk = function (input) {
8577
8590
  return this.mutate(this.respondOtkMutation(input));
8578
8591
  };
8579
- KeyExchangeService.prototype.respondOtkMutation = function (_a) {
8580
- var keyExchangeId = _a.keyExchangeId, token = _a.token, decryptedOtk = _a.decryptedOtk, message = _a.message, initiatorContactCard = _a.initiatorContactCard, responderContactCard = _a.responderContactCard;
8592
+ KeyExchangeService.prototype.respondOtkMutation = function (_b) {
8593
+ var keyExchangeId = _b.keyExchangeId, token = _b.token, decryptedOtk = _b.decryptedOtk, message = _b.message, initiatorContactCard = _b.initiatorContactCard, responderContactCard = _b.responderContactCard;
8594
+ var _a;
8581
8595
  return __awaiter(this, void 0, void 0, function () {
8582
- var rootKey, masterKey, sharedKey, mkSharedKey, rkWrappedSharedKey, mkWrappedMkSharedKey, initiatorOneTimePbk, initiatorPbk, initiatorSigPbk, responderPrk, responderSigPrk, signedInitiatorPbk, signedInitiatorSigPbk, initiatorOneTimePbkCipherClearJson, receivedCardInput, sharedCipherDataClearJson, receiverKey, ccSharedKey, sigPxk, _a, _b, _c, _d, _e, _f, _g, _h, sharedCipherData, _j, _k, _l, responderCardInput, ownerKey, ccSharedKey, sigPxk, _m, _o, _p, _q, _r, _s, _t, _u, sharedCipherData, _v, _w, _x, _y, _z, _0, initiatorOneTimePbkCipher;
8583
- return __generator(this, function (_1) {
8584
- switch (_1.label) {
8596
+ var rootKey, masterKey, sharedKey, mkSharedKey, rkWrappedSharedKey, mkWrappedMkSharedKey, initiatorOneTimePbk, initiatorPbk, initiatorSigPbk, responderPrk, responderSigPrk, signedInitiatorPbk, signedInitiatorSigPbk, initiatorOneTimePbkCipherClearJson, receivedCardInput, sharedCipherDataClearJson, receiverKey, ccSharedKey, sigPxk, _b, _c, _d, _e, _f, _g, _h, _j, sharedCipherData, _k, _l, _m, responderCardInput, ownerKey, ccSharedKey, sigPxk, _o, _p, _q, _r, _s, _t, _u, _v, sharedCipherData, _w, _x, _y, _z, _0, _1, initiatorOneTimePbkCipher;
8597
+ return __generator(this, function (_2) {
8598
+ switch (_2.label) {
8585
8599
  case 0:
8600
+ // Validate that the OTK was properly decrypted before proceeding.
8601
+ // This can fail if the one-time key (otKeyK) was not provided or was invalid,
8602
+ // which can happen if the invite URL hash fragment was lost (e.g., page refresh after hash removal).
8603
+ if (!((_a = decryptedOtk === null || decryptedOtk === void 0 ? void 0 : decryptedOtk.otKeyCipherClearJson) === null || _a === void 0 ? void 0 : _a.initiator)) {
8604
+ throw new Error('Failed to decrypt key exchange data. The invite link may be invalid or expired. ' +
8605
+ 'Please request a new invite from the sender.');
8606
+ }
8586
8607
  rootKey = this.keyService.currentRootKey;
8587
8608
  masterKey = this.keyService.currentMasterKey;
8588
8609
  return [4 /*yield*/, this.keyFactory.createKey()];
8589
8610
  case 1:
8590
- sharedKey = _1.sent();
8611
+ sharedKey = _2.sent();
8591
8612
  return [4 /*yield*/, this.keyFactory.createKey()];
8592
8613
  case 2:
8593
- mkSharedKey = _1.sent();
8614
+ mkSharedKey = _2.sent();
8594
8615
  return [4 /*yield*/, this.encryptionService.encrypt(rootKey.jwk, sharedKey.toJSON(true))];
8595
8616
  case 3:
8596
- rkWrappedSharedKey = _1.sent();
8617
+ rkWrappedSharedKey = _2.sent();
8597
8618
  return [4 /*yield*/, this.encryptionService.encrypt(masterKey.jwk, mkSharedKey.toJSON(true))];
8598
8619
  case 4:
8599
- mkWrappedMkSharedKey = _1.sent();
8620
+ mkWrappedMkSharedKey = _2.sent();
8600
8621
  return [4 /*yield*/, KeyFactoryService.asKey(decryptedOtk.otKeyCipherClearJson.initiator.oneTimePbk)];
8601
8622
  case 5:
8602
- initiatorOneTimePbk = _1.sent();
8623
+ initiatorOneTimePbk = _2.sent();
8603
8624
  return [4 /*yield*/, KeyFactoryService.asKey(decryptedOtk.otKeyCipherClearJson.initiator.pbk)];
8604
8625
  case 6:
8605
- initiatorPbk = _1.sent();
8626
+ initiatorPbk = _2.sent();
8606
8627
  return [4 /*yield*/, KeyFactoryService.asKey(decryptedOtk.otKeyCipherClearJson.initiator.sigPbk)];
8607
8628
  case 7:
8608
- initiatorSigPbk = _1.sent();
8629
+ initiatorSigPbk = _2.sent();
8609
8630
  responderPrk = this.keyService.currentPxk;
8610
8631
  responderSigPrk = this.keyService.currentSigPxk;
8611
8632
  return [4 /*yield*/, this.encryptionService.sign(responderSigPrk.jwk, initiatorPbk.toJSON())];
8612
8633
  case 8:
8613
- signedInitiatorPbk = _1.sent();
8634
+ signedInitiatorPbk = _2.sent();
8614
8635
  return [4 /*yield*/, this.encryptionService.sign(responderSigPrk.jwk, initiatorSigPbk.toJSON())];
8615
8636
  case 9:
8616
- signedInitiatorSigPbk = _1.sent();
8637
+ signedInitiatorSigPbk = _2.sent();
8617
8638
  initiatorOneTimePbkCipherClearJson = {
8618
8639
  nonce: decryptedOtk.otKeyCipherClearJson.nonce,
8619
8640
  sharedKey: sharedKey.toJSON(true),
@@ -8629,102 +8650,102 @@
8629
8650
  .sharedCipherDataClearJson;
8630
8651
  return [4 /*yield*/, this.keyFactory.createKey()];
8631
8652
  case 10:
8632
- receiverKey = _1.sent();
8653
+ receiverKey = _2.sent();
8633
8654
  return [4 /*yield*/, this.keyFactory.createKey()];
8634
8655
  case 11:
8635
- ccSharedKey = _1.sent();
8656
+ ccSharedKey = _2.sent();
8636
8657
  sigPxk = this.keyService.currentSigPxk;
8637
- _a = {};
8638
- _c = (_b = JSON).stringify;
8658
+ _b = {};
8659
+ _d = (_c = JSON).stringify;
8639
8660
  return [4 /*yield*/, this.encryptionService.encrypt(rootKey.jwk, receiverKey.toJSON(true))];
8640
8661
  case 12:
8641
- _a.receiverWrappedKey = _c.apply(_b, [_1.sent()]),
8642
- _a.receiverWrappingKeyId = rootKey.id;
8662
+ _b.receiverWrappedKey = _d.apply(_c, [_2.sent()]),
8663
+ _b.receiverWrappingKeyId = rootKey.id;
8643
8664
  if (!initiatorContactCard) return [3 /*break*/, 14];
8644
- _f = (_e = JSON).stringify;
8665
+ _g = (_f = JSON).stringify;
8645
8666
  return [4 /*yield*/, this.encryptionService.encrypt(receiverKey, initiatorContactCard.receiverCipherDataClearJson)];
8646
8667
  case 13:
8647
- _d = _f.apply(_e, [_1.sent()]);
8668
+ _e = _g.apply(_f, [_2.sent()]);
8648
8669
  return [3 /*break*/, 15];
8649
8670
  case 14:
8650
- _d = '';
8651
- _1.label = 15;
8671
+ _e = '';
8672
+ _2.label = 15;
8652
8673
  case 15:
8653
- _a.receiverCipherData = _d;
8654
- _h = (_g = JSON).stringify;
8674
+ _b.receiverCipherData = _e;
8675
+ _j = (_h = JSON).stringify;
8655
8676
  return [4 /*yield*/, this.encryptionService.encrypt(sharedKey, ccSharedKey.toJSON(true))];
8656
8677
  case 16:
8657
- receivedCardInput = (_a.sharedWrappedKey = _h.apply(_g, [_1.sent()]),
8658
- _a);
8678
+ receivedCardInput = (_b.sharedWrappedKey = _j.apply(_h, [_2.sent()]),
8679
+ _b);
8659
8680
  return [4 /*yield*/, this.encryptionService.encrypt(ccSharedKey, sharedCipherDataClearJson)];
8660
8681
  case 17:
8661
- sharedCipherData = _1.sent();
8662
- _j = receivedCardInput;
8663
- _l = (_k = JSON).stringify;
8682
+ sharedCipherData = _2.sent();
8683
+ _k = receivedCardInput;
8684
+ _m = (_l = JSON).stringify;
8664
8685
  return [4 /*yield*/, this.encryptionService.sign(sigPxk.jwk, sharedCipherData)];
8665
8686
  case 18:
8666
- _j.sharedCipherDataSig = _l.apply(_k, [_1.sent()]);
8687
+ _k.sharedCipherDataSig = _m.apply(_l, [_2.sent()]);
8667
8688
  receivedCardInput.sigPxkId = sigPxk.id;
8668
8689
  initiatorOneTimePbkCipherClearJson.responder.contactCard = Object.assign(Object.assign({}, initiatorOneTimePbkCipherClearJson.responder.contactCard), { sharedCipherKey: ccSharedKey.toJSON(true) });
8669
- _1.label = 19;
8690
+ _2.label = 19;
8670
8691
  case 19:
8671
8692
  if (!responderContactCard) return [3 /*break*/, 31];
8672
8693
  return [4 /*yield*/, this.keyFactory.createKey()];
8673
8694
  case 20:
8674
- ownerKey = _1.sent();
8695
+ ownerKey = _2.sent();
8675
8696
  return [4 /*yield*/, this.keyFactory.createKey()];
8676
8697
  case 21:
8677
- ccSharedKey = _1.sent();
8698
+ ccSharedKey = _2.sent();
8678
8699
  sigPxk = this.keyService.currentSigPxk;
8679
- _m = {};
8680
- _p = (_o = JSON).stringify;
8700
+ _o = {};
8701
+ _q = (_p = JSON).stringify;
8681
8702
  return [4 /*yield*/, this.encryptionService.encrypt(rootKey.jwk, ownerKey.toJSON(true))];
8682
8703
  case 22:
8683
- _m.ownerWrappedKey = _p.apply(_o, [_1.sent()]),
8684
- _m.ownerWrappingKeyId = rootKey.id;
8704
+ _o.ownerWrappedKey = _q.apply(_p, [_2.sent()]),
8705
+ _o.ownerWrappingKeyId = rootKey.id;
8685
8706
  if (!responderContactCard.ownerCipherDataClearJson) return [3 /*break*/, 24];
8686
- _s = (_r = JSON).stringify;
8707
+ _t = (_s = JSON).stringify;
8687
8708
  return [4 /*yield*/, this.encryptionService.encrypt(ownerKey, responderContactCard.ownerCipherDataClearJson)];
8688
8709
  case 23:
8689
- _q = _s.apply(_r, [_1.sent()]);
8710
+ _r = _t.apply(_s, [_2.sent()]);
8690
8711
  return [3 /*break*/, 25];
8691
8712
  case 24:
8692
- _q = '';
8693
- _1.label = 25;
8713
+ _r = '';
8714
+ _2.label = 25;
8694
8715
  case 25:
8695
- _m.ownerCipherData = _q;
8696
- _u = (_t = JSON).stringify;
8716
+ _o.ownerCipherData = _r;
8717
+ _v = (_u = JSON).stringify;
8697
8718
  return [4 /*yield*/, this.encryptionService.encrypt(sharedKey, ccSharedKey.toJSON(true))];
8698
8719
  case 26:
8699
- responderCardInput = (_m.sharedWrappedKey = _u.apply(_t, [_1.sent()]),
8700
- _m);
8720
+ responderCardInput = (_o.sharedWrappedKey = _v.apply(_u, [_2.sent()]),
8721
+ _o);
8701
8722
  return [4 /*yield*/, this.encryptionService.encrypt(ccSharedKey, responderContactCard.sharedCipherDataClearJson)];
8702
8723
  case 27:
8703
- sharedCipherData = _1.sent();
8704
- _v = responderCardInput;
8705
- _x = (_w = JSON).stringify;
8724
+ sharedCipherData = _2.sent();
8725
+ _w = responderCardInput;
8726
+ _y = (_x = JSON).stringify;
8706
8727
  return [4 /*yield*/, this.encryptionService.sign(sigPxk.jwk, sharedCipherData)];
8707
8728
  case 28:
8708
- _v.sharedCipherDataSig = _x.apply(_w, [_1.sent()]);
8729
+ _w.sharedCipherDataSig = _y.apply(_x, [_2.sent()]);
8709
8730
  responderCardInput.sigPxkId = sigPxk.id;
8710
8731
  if (!responderContactCard.ownerPlainDataJson) return [3 /*break*/, 30];
8711
- _y = responderCardInput;
8712
- _0 = (_z = JSON).stringify;
8732
+ _z = responderCardInput;
8733
+ _1 = (_0 = JSON).stringify;
8713
8734
  return [4 /*yield*/, this.encryptionService.sign(responderSigPrk.jwk, responderContactCard.ownerPlainDataJson)];
8714
8735
  case 29:
8715
- _y.ownerPlainDataSig = _0.apply(_z, [_1.sent()]);
8716
- _1.label = 30;
8736
+ _z.ownerPlainDataSig = _1.apply(_0, [_2.sent()]);
8737
+ _2.label = 30;
8717
8738
  case 30:
8718
8739
  // Contact card info readable by the initiator
8719
8740
  initiatorOneTimePbkCipherClearJson.responder.contactCard = Object.assign(Object.assign({}, initiatorOneTimePbkCipherClearJson.responder.contactCard), { sharedCipherDataClearJson: responderContactCard.sharedCipherDataClearJson });
8720
- _1.label = 31;
8741
+ _2.label = 31;
8721
8742
  case 31: return [4 /*yield*/, this.encryptionService.encrypt(initiatorOneTimePbk, initiatorOneTimePbkCipherClearJson)];
8722
8743
  case 32:
8723
- initiatorOneTimePbkCipher = _1.sent();
8744
+ initiatorOneTimePbkCipher = _2.sent();
8724
8745
  return [4 /*yield*/, this.encryptionService.encrypt(decryptedOtk.otKey, initiatorOneTimePbkCipher)];
8725
8746
  case 33:
8726
8747
  // Encrypt with the otk again to keep use of asymmetric keys to a minimum.
8727
- initiatorOneTimePbkCipher = _1.sent();
8748
+ initiatorOneTimePbkCipher = _2.sent();
8728
8749
  return [2 /*return*/, new LrMutation({
8729
8750
  mutation: RespondKeyExchangeOtkMutation,
8730
8751
  variables: {
@@ -8757,26 +8778,26 @@
8757
8778
  KeyExchangeService.prototype.completeOtk = function (input) {
8758
8779
  return this.mutate(this.completeOtkMutation(input));
8759
8780
  };
8760
- KeyExchangeService.prototype.completeOtkMutation = function (_a) {
8761
- var keyExchangeId = _a.keyExchangeId, initiatorRootKeyCipher = _a.initiatorRootKeyCipher, initiatorOneTimePbkCipher = _a.initiatorOneTimePbkCipher, responderContactCard = _a.responderContactCard, initiatorContactCard = _a.initiatorContactCard;
8781
+ KeyExchangeService.prototype.completeOtkMutation = function (_b) {
8782
+ var keyExchangeId = _b.keyExchangeId, initiatorRootKeyCipher = _b.initiatorRootKeyCipher, initiatorOneTimePbkCipher = _b.initiatorOneTimePbkCipher, responderContactCard = _b.responderContactCard, initiatorContactCard = _b.initiatorContactCard;
8762
8783
  return __awaiter(this, void 0, void 0, function () {
8763
- var rootKey, masterKey, initiatorRootKeyCipherClearJson, plainInitiatorOneTimePbkCipher, _a, _b, initiatorSigPrk, responderSigPbk, responderPbk, signedResponderPbk, signedResponderSigPbk, sharedKey, rkWrappedSharedKey, mkSharedKey, mkWrappedMkSharedKey, responderContactCardCipherInput, receiverKey, _c, _d, _e, _f, _g, initiatorContactCardCipherInput, initiatorContactCardSharedCipherInput, initiatorContactCardFromInit, ownerKey, sharedCipherKey, ownerWrappedKey, _h, _j, ownerCipherDataClearJson, ownerCipherData, _k, sharedCipherData, _l, _m, _o;
8764
- return __generator(this, function (_p) {
8765
- switch (_p.label) {
8784
+ var rootKey, masterKey, initiatorRootKeyCipherClearJson, plainInitiatorOneTimePbkCipher, _b, _c, initiatorSigPrk, responderSigPbk, responderPbk, signedResponderPbk, signedResponderSigPbk, sharedKey, rkWrappedSharedKey, mkSharedKey, mkWrappedMkSharedKey, responderContactCardCipherInput, receiverKey, _d, _e, _f, _g, _h, initiatorContactCardCipherInput, initiatorContactCardSharedCipherInput, initiatorContactCardFromInit, ownerKey, sharedCipherKey, ownerWrappedKey, _j, _k, ownerCipherDataClearJson, ownerCipherData, _l, sharedCipherData, _m, _o, _p;
8785
+ return __generator(this, function (_q) {
8786
+ switch (_q.label) {
8766
8787
  case 0:
8767
8788
  rootKey = this.keyService.currentRootKey;
8768
8789
  masterKey = this.keyService.currentMasterKey;
8769
8790
  return [4 /*yield*/, this.encryptionService.decrypt(rootKey.jwk, initiatorRootKeyCipher)];
8770
8791
  case 1:
8771
- initiatorRootKeyCipherClearJson = (_p.sent());
8772
- _a = this.decryptResponseCipher;
8792
+ initiatorRootKeyCipherClearJson = (_q.sent());
8793
+ _b = this.decryptResponseCipher;
8773
8794
  return [4 /*yield*/, KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.otKey)];
8774
8795
  case 2:
8775
- _b = [_p.sent()];
8796
+ _c = [_q.sent()];
8776
8797
  return [4 /*yield*/, KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.oneTimePrk)];
8777
- case 3: return [4 /*yield*/, _a.apply(this, _b.concat([_p.sent(), initiatorOneTimePbkCipher]))];
8798
+ case 3: return [4 /*yield*/, _b.apply(this, _c.concat([_q.sent(), initiatorOneTimePbkCipher]))];
8778
8799
  case 4:
8779
- plainInitiatorOneTimePbkCipher = _p.sent();
8800
+ plainInitiatorOneTimePbkCipher = _q.sent();
8780
8801
  // Check the nonce match to ensure the responder was the one holding the OTK
8781
8802
  if (initiatorRootKeyCipherClearJson.nonce !==
8782
8803
  plainInitiatorOneTimePbkCipher.nonce) {
@@ -8785,69 +8806,69 @@
8785
8806
  initiatorSigPrk = this.keyService.currentSigPxk;
8786
8807
  return [4 /*yield*/, KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.responder.sigPbk)];
8787
8808
  case 5:
8788
- responderSigPbk = _p.sent();
8809
+ responderSigPbk = _q.sent();
8789
8810
  return [4 /*yield*/, KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.responder.pbk)];
8790
8811
  case 6:
8791
- responderPbk = _p.sent();
8812
+ responderPbk = _q.sent();
8792
8813
  return [4 /*yield*/, this.encryptionService.sign(initiatorSigPrk.jwk, responderPbk.toJSON())];
8793
8814
  case 7:
8794
- signedResponderPbk = _p.sent();
8815
+ signedResponderPbk = _q.sent();
8795
8816
  return [4 /*yield*/, this.encryptionService.sign(initiatorSigPrk.jwk, responderSigPbk.toJSON())];
8796
8817
  case 8:
8797
- signedResponderSigPbk = _p.sent();
8818
+ signedResponderSigPbk = _q.sent();
8798
8819
  return [4 /*yield*/, KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.sharedKey)];
8799
8820
  case 9:
8800
- sharedKey = _p.sent();
8821
+ sharedKey = _q.sent();
8801
8822
  return [4 /*yield*/, this.encryptionService.encrypt(rootKey.jwk, sharedKey.toJSON(true))];
8802
8823
  case 10:
8803
- rkWrappedSharedKey = _p.sent();
8824
+ rkWrappedSharedKey = _q.sent();
8804
8825
  return [4 /*yield*/, KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.mkSharedKey)];
8805
8826
  case 11:
8806
- mkSharedKey = _p.sent();
8827
+ mkSharedKey = _q.sent();
8807
8828
  return [4 /*yield*/, this.encryptionService.encrypt(masterKey.jwk, mkSharedKey.toJSON(true))];
8808
8829
  case 12:
8809
- mkWrappedMkSharedKey = _p.sent();
8830
+ mkWrappedMkSharedKey = _q.sent();
8810
8831
  if (!responderContactCard) return [3 /*break*/, 16];
8811
8832
  return [4 /*yield*/, this.keyFactory.createKey()];
8812
8833
  case 13:
8813
- receiverKey = _p.sent();
8814
- _c = {};
8815
- _e = (_d = JSON).stringify;
8834
+ receiverKey = _q.sent();
8835
+ _d = {};
8836
+ _f = (_e = JSON).stringify;
8816
8837
  return [4 /*yield*/, this.encryptionService.encrypt(rootKey.jwk, receiverKey.toJSON(true))];
8817
8838
  case 14:
8818
- _c.receiverWrappedKey = _e.apply(_d, [_p.sent()]),
8819
- _c.receiverWrappingKeyId = rootKey.id;
8820
- _g = (_f = JSON).stringify;
8839
+ _d.receiverWrappedKey = _f.apply(_e, [_q.sent()]),
8840
+ _d.receiverWrappingKeyId = rootKey.id;
8841
+ _h = (_g = JSON).stringify;
8821
8842
  return [4 /*yield*/, this.encryptionService.encrypt(receiverKey, responderContactCard.receiverCipherDataClearJson)];
8822
8843
  case 15:
8823
- responderContactCardCipherInput = (_c.receiverCipherData = _g.apply(_f, [_p.sent()]),
8824
- _c);
8825
- _p.label = 16;
8844
+ responderContactCardCipherInput = (_d.receiverCipherData = _h.apply(_g, [_q.sent()]),
8845
+ _d);
8846
+ _q.label = 16;
8826
8847
  case 16:
8827
8848
  if (!initiatorRootKeyCipherClearJson.initiatorContactCard) return [3 /*break*/, 25];
8828
8849
  initiatorContactCardFromInit = initiatorRootKeyCipherClearJson.initiatorContactCard;
8829
8850
  return [4 /*yield*/, this.keyFactory.createKey()];
8830
8851
  case 17:
8831
- ownerKey = _p.sent();
8852
+ ownerKey = _q.sent();
8832
8853
  return [4 /*yield*/, KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.responder.contactCard.sharedCipherKey)];
8833
8854
  case 18:
8834
- sharedCipherKey = _p.sent();
8835
- _j = (_h = JSON).stringify;
8855
+ sharedCipherKey = _q.sent();
8856
+ _k = (_j = JSON).stringify;
8836
8857
  return [4 /*yield*/, this.encryptionService.encrypt(rootKey.jwk, ownerKey.toJSON(true))];
8837
8858
  case 19:
8838
- ownerWrappedKey = _j.apply(_h, [_p.sent()]);
8859
+ ownerWrappedKey = _k.apply(_j, [_q.sent()]);
8839
8860
  ownerCipherDataClearJson = (initiatorContactCard === null || initiatorContactCard === void 0 ? void 0 : initiatorContactCard.ownerCipherDataClearJson) ||
8840
8861
  initiatorContactCardFromInit.ownerCipherDataClearJson;
8841
8862
  if (!ownerCipherDataClearJson) return [3 /*break*/, 21];
8842
8863
  return [4 /*yield*/, this.keyGraph.encryptToString(ownerKey, ownerCipherDataClearJson)];
8843
8864
  case 20:
8844
- _k = _p.sent();
8865
+ _l = _q.sent();
8845
8866
  return [3 /*break*/, 22];
8846
8867
  case 21:
8847
- _k = '';
8848
- _p.label = 22;
8868
+ _l = '';
8869
+ _q.label = 22;
8849
8870
  case 22:
8850
- ownerCipherData = _k;
8871
+ ownerCipherData = _l;
8851
8872
  initiatorContactCardCipherInput = {
8852
8873
  ownerWrappedKey: ownerWrappedKey,
8853
8874
  ownerWrappingKeyId: rootKey.id,
@@ -8858,14 +8879,14 @@
8858
8879
  };
8859
8880
  return [4 /*yield*/, this.encryptionService.encrypt(sharedCipherKey, initiatorContactCardFromInit.sharedCipherDataClearJson)];
8860
8881
  case 23:
8861
- sharedCipherData = _p.sent();
8862
- _l = initiatorContactCardSharedCipherInput;
8863
- _o = (_m = JSON).stringify;
8882
+ sharedCipherData = _q.sent();
8883
+ _m = initiatorContactCardSharedCipherInput;
8884
+ _p = (_o = JSON).stringify;
8864
8885
  return [4 /*yield*/, this.encryptionService.sign(initiatorSigPrk.jwk, sharedCipherData)];
8865
8886
  case 24:
8866
- _l.sharedCipherDataSig =
8867
- _o.apply(_m, [_p.sent()]);
8868
- _p.label = 25;
8887
+ _m.sharedCipherDataSig =
8888
+ _p.apply(_o, [_q.sent()]);
8889
+ _q.label = 25;
8869
8890
  case 25:
8870
8891
  // TODO ideally we update the shared data in the contact card sent to the responder as well since that
8871
8892
  // CC was created by the responder.
@@ -10280,27 +10301,30 @@
10280
10301
  };
10281
10302
  RegisterService.prototype.hibpBreachedAccounts = function (account) {
10282
10303
  return __awaiter(this, void 0, void 0, function () {
10283
- var response, error_1;
10284
- return __generator(this, function (_a) {
10285
- switch (_a.label) {
10304
+ var response, _a, _b, _c, error_1;
10305
+ return __generator(this, function (_d) {
10306
+ switch (_d.label) {
10286
10307
  case 0:
10287
- _a.trys.push([0, 2, , 3]);
10288
- return [4 /*yield*/, this.http
10289
- .get(this.config.authUrl + "users/hibp/breachedaccount/" + account + "/?truncateResponse=false")
10290
- .toPromise()];
10291
- case 1:
10292
- response = _a.sent();
10293
- return [2 /*return*/, response];
10308
+ _d.trys.push([0, 3, , 4]);
10309
+ _b = (_a = this.http)
10310
+ .get;
10311
+ _c = [this.config.authUrl + "users/hibp/breachedaccount/" + account + "/?truncateResponse=false"];
10312
+ return [4 /*yield*/, httpOptions(this.auth, this.config)];
10313
+ case 1: return [4 /*yield*/, _b.apply(_a, _c.concat([_d.sent()]))
10314
+ .toPromise()];
10294
10315
  case 2:
10295
- error_1 = _a.sent();
10316
+ response = _d.sent();
10317
+ return [2 /*return*/, response];
10318
+ case 3:
10319
+ error_1 = _d.sent();
10296
10320
  if (error_1.status === 404) {
10297
10321
  return [2 /*return*/, null];
10298
10322
  }
10299
10323
  else {
10300
10324
  throw error_1;
10301
10325
  }
10302
- return [3 /*break*/, 3];
10303
- case 3: return [2 /*return*/];
10326
+ return [3 /*break*/, 4];
10327
+ case 4: return [2 /*return*/];
10304
10328
  }
10305
10329
  });
10306
10330
  });