@loginguards/loginguards-win 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +3 -1
  2. package/package.json +1 -1
  3. package/src/storage.js +27 -3
package/README.md CHANGED
@@ -13,12 +13,14 @@ Enterprise-grade password breach prevention for Windows domains.
13
13
  ## Install (development)
14
14
 
15
15
  ```bash
16
- npm install -g .
16
+ npm i -g @loginguards/loginguards-win
17
17
  loginguards-win configure
18
18
  loginguards-win install
19
19
  loginguards-win test
20
+ loginguards-win --help
20
21
  ```
21
22
 
23
+
22
24
  ## Configuration
23
25
 
24
26
  - API base: `https://api.loginguards.com/v1`
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@loginguards/loginguards-win",
3
- "version": "0.1.1",
3
+ "version": "0.1.2",
4
4
  "description": "LoginGuards Active Directory Password Protection for Windows",
5
5
  "private": false,
6
6
  "license": "SEE LICENSE IN LICENSE",
package/src/storage.js CHANGED
@@ -62,16 +62,40 @@ async function dpapiProtect(plain) {
62
62
  $plain = @'
63
63
  ${plain.replace(/'/g, "''")}
64
64
  '@
65
- $bytes = [System.Text.Encoding]::UTF8.GetBytes($plain)
66
- $enc = [System.Security.Cryptography.ProtectedData]::Protect($bytes, $null, [System.Security.Cryptography.DataProtectionScope]::LocalMachine)
67
- [Convert]::ToBase64String($enc)
65
+ try { Add-Type -AssemblyName 'System.Security' -ErrorAction SilentlyContinue } catch {}
66
+ try {
67
+ $bytes = [System.Text.Encoding]::UTF8.GetBytes($plain)
68
+ $enc = [System.Security.Cryptography.ProtectedData]::Protect($bytes, $null, [System.Security.Cryptography.DataProtectionScope]::LocalMachine)
69
+ [Convert]::ToBase64String($enc)
70
+ } catch {
71
+ try {
72
+ $secure = ConvertTo-SecureString $plain -AsPlainText -Force
73
+ $hasScope = (Get-Command ConvertFrom-SecureString).Parameters.ContainsKey('Scope')
74
+ if ($hasScope) { $encStr = ConvertFrom-SecureString $secure -Scope LocalMachine } else { $encStr = ConvertFrom-SecureString $secure }
75
+ 'SS:' + $encStr
76
+ } catch { throw }
77
+ }
68
78
  `;
69
79
  const { stdout } = await runPS(script);
70
80
  return stdout.trim();
71
81
  }
72
82
 
73
83
  async function dpapiUnprotect(b64) {
84
+ if (b64.startsWith('SS:')) {
85
+ const encStr = b64.slice(3);
86
+ const scriptSS = `
87
+ $encStr = @'
88
+ ${encStr.replace(/'/g, "''")}
89
+ '@
90
+ $secure = ConvertTo-SecureString $encStr
91
+ $bstr = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($secure)
92
+ [Runtime.InteropServices.Marshal]::PtrToStringUni($bstr)
93
+ `;
94
+ const { stdout } = await runPS(scriptSS);
95
+ return stdout.replace(/\r?\n$/, '');
96
+ }
74
97
  const script = `
98
+ try { Add-Type -AssemblyName 'System.Security' -ErrorAction SilentlyContinue } catch {}
75
99
  $b64 = '${b64.replace(/'/g, "''")}'
76
100
  $bytes = [Convert]::FromBase64String($b64)
77
101
  $dec = [System.Security.Cryptography.ProtectedData]::Unprotect($bytes, $null, [System.Security.Cryptography.DataProtectionScope]::LocalMachine)