@zohocorporation/vault-cli 1.1.2

package/out/util/login.util.js

@@ -0,0 +1,352 @@
+import { Logger } from "../js/logger/index.js";
+import { CREDENTIALS, VAULT_ENDPOINTS, ACCOUNT_ENDPOINTS, OPERATION, SHARING } from "./consts.util.js";
+import { _pull } from "./index.util.js";
+import { Utilities } from "./index.util.js";
+import { DC } from "./consts.util.js";
+import Vault from "../js/crypto/index.js";
+import { generateWorkspaceHash, header } from "../commands/login/login.utils.js";
+import { setHeaders } from "../commands/login/login.utils.js";
+import { getPassPhrase } from "../commands/unlock/unlock.utils.js";
+import { getDecryptedCredentials, insertToDB } from "./dbutils/db.utils.js";
+import { getConfig } from "./dev.utils.js";
+import { MODE } from "./consts.util.js";
+import { RSA_KEY_TYPE } from "./types.util.js";
+import { Utilites } from "../old/index.js";
+export class Login {
+    passphrase;
+    credentialsPath;
+    accessToken;
+    refreshToken;
+    createdTime;
+    dc;
+    tokenSalt;
+    masterKey;
+    iteration;
+    passauth;
+    salt;
+    loginType;
+    orgKey;
+    zuid;
+    constructor(passphrase, dc) {
+        this.passphrase = passphrase;
+        this.credentialsPath = "";
+        this.accessToken = "";
+        this.refreshToken = "";
+        this.createdTime = 0;
+        this.dc = !!dc ? dc : DC.US;
+        this.zuid = '';
+    }
+    getDC() {
+        return this.dc;
+    }
+    setDC(dc) {
+        this.dc = dc;
+    }
+    getPassPhrase() {
+        return this.passphrase;
+    }
+    setPassPhrase(passphrase) {
+        this.passauth = passphrase;
+    }
+    setMasterKey(masterKey) {
+        this.masterKey = masterKey;
+    }
+    getDcAndSetHeader = async () => {
+        const data = await getDecryptedCredentials(generateWorkspaceHash());
+        if (!data) {
+            throw new Error("cannot find data");
+        }
+        const { credentials, createdtime, dc } = data;
+        const { access_token, refresh_token } = credentials;
+        this.accessToken = !!access_token ? access_token : "";
+        this.refreshToken = !!refresh_token ? refresh_token : "";
+        this.createdTime = !!createdtime ? +createdtime : 0;
+        this.dc = !!dc ? dc : DC.US;
+        await this.checkAccessTokenValidity();
+        setHeaders("Authorization", `Zoho-oauthtoken ${this.accessToken}`);
+    };
+    async getAccessTokenforunlock() {
+        return new Promise(async (resolve, reject) => {
+            try {
+                const data = await getDecryptedCredentials(generateWorkspaceHash());
+                if (!data) {
+                    reject("User configuration is null");
+                }
+                const { credentials } = data;
+                resolve(credentials.access_token);
+            }
+            catch (err) {
+                Logger.error(err);
+            }
+        });
+    }
+    getKeyForToken() {
+        if (this.tokenSalt === undefined) {
+            this.tokenSalt = Utilities.generateRandomToken(40);
+        }
+        return Vault.PBKDF2_key(this.masterKey, this.tokenSalt, this.iteration);
+    }
+    async refreshAccessToken() {
+        /*
+              generate new access token with the help of refresh token
+             */
+        const config = getConfig();
+        let { MODE: mode, CLIENT_ID, CLIENT_SECRET } = config;
+        if (mode === MODE.PRODUCTION) {
+            CLIENT_ID = CREDENTIALS.CLIENT_ID;
+            CLIENT_SECRET = CREDENTIALS.CLIENT_SECRET;
+        }
+        let newCreatedTime = Date.now();
+        let data = {
+            refresh_token: this.refreshToken,
+            client_id: CLIENT_ID,
+            client_secret: CLIENT_SECRET,
+            grant_type: "refresh_token",
+        };
+        try {
+            let response = await _pull(header, Utilities.getAccountsUrl(this.dc) + ACCOUNT_ENDPOINTS.URL_GENERATE_TOKEN, data, "POST");
+            const resp = response.data;
+            if (resp.hasOwnProperty("access_token")) {
+                this.accessToken = resp.access_token;
+                Utilities.writeToFile(JSON.stringify({
+                    refreshToken: data.refresh_token,
+                    accessToken: resp.access_token,
+                    createdTime: newCreatedTime,
+                    dc: this.dc,
+                }), this.credentialsPath);
+            }
+        }
+        catch (e) {
+            Logger.error(e);
+        }
+    }
+    async checkAccessTokenValidity() {
+        const localtime = Date.now();
+        let diffMs = localtime - (!!this.createdTime ? this.createdTime : 0); // milliseconds between now & Christmas
+        let diffMins = Math.abs(Math.round(diffMs / 1000 / 60));
+        if (diffMins > 50) {
+            await this.refreshAccessToken();
+        }
+    }
+    async setUserConfig() {
+        const resp = await _pull(header, Utilities.getVaultUrl(this.dc) + VAULT_ENDPOINTS.URL_LOGIN, { OPERATION_NAME: OPERATION.GET_LOGIN }, "POST");
+        const { ITERATION, PASSPHRASE, LOGIN, SALT, USER } = resp.data.operation.details;
+        this.iteration = ITERATION;
+        this.passauth = PASSPHRASE;
+        this.loginType = LOGIN;
+        this.salt = SALT;
+        this.zuid = USER.ZUID ? USER.ZUID : '';
+    }
+    async getMasterKey(passphrase) {
+        if (this.salt === undefined) {
+            await this.setUserConfig();
+        }
+        if (this.masterKey === undefined) {
+            let masterKey;
+            if (this.loginType === "PBKDF2_AES") {
+                masterKey = await Vault.PBKDF2_key(passphrase, this.salt, this.iteration);
+            }
+            else {
+                //TODO check this case
+                masterKey = Vault.hash(passphrase);
+            }
+            if (this.checkLogin(masterKey)) {
+                this.masterKey = masterKey;
+                return masterKey;
+            }
+            else {
+                return undefined;
+            }
+        }
+        else {
+            return this.masterKey;
+        }
+    }
+    async getZUID() {
+        if (!this.zuid) {
+            await this.setUserConfig();
+        }
+        return this.zuid;
+    }
+    checkLogin(masterKey) {
+        const decryptedPassAuth = Vault.decrypt(this.passauth, masterKey);
+        try {
+            return !isNaN(Date.parse(JSON.parse(decryptedPassAuth).date));
+        }
+        catch (e) {
+            return false;
+        }
+    }
+    async getMasterKeyAfterConfiguration() {
+        const isCLITrusted = await Utilities.isTrusted();
+        if (isCLITrusted.status) {
+            return isCLITrusted.masterKey;
+        }
+        const passPhrase = await getPassPhrase(undefined);
+        const masterKey = await this.getMasterKey(passPhrase);
+        if (masterKey === undefined) {
+            console.log("Invalid master password please try again");
+            return;
+        }
+        return masterKey;
+    }
+    async getOrgKey() {
+        return new Promise(async (resolve, reject) => {
+            try {
+                const userConfig = await getDecryptedCredentials(generateWorkspaceHash());
+                const { credentials } = userConfig;
+                if (credentials && credentials.orgkey) {
+                    resolve(credentials.orgkey);
+                    return;
+                }
+                if (this.orgKey === undefined) {
+                    const resp = await _pull(header, Utilities.getVaultUrl(this.dc) + VAULT_ENDPOINTS.URL_ORG_KEY, {}, undefined);
+                    const { privateKey: encPrivateKey, sharedKey, rsaKeyType } = resp.data.operation.Details;
+                    let privateKey = Vault.decrypt(encPrivateKey, this.masterKey);
+                    let keyType = '';
+                    switch (rsaKeyType) {
+                        case RSA_KEY_TYPE.RSA_1024:
+                            Utilites;
+                            keyType = RSA_KEY_TYPE.RSA_1024;
+                            break;
+                        case RSA_KEY_TYPE.RSA_4096:
+                            keyType = RSA_KEY_TYPE.RSA_4096;
+                            privateKey = await Utilites.importPrivateKey(privateKey);
+                            break;
+                        default:
+                            Logger.error("Invalid RSA Key Type"); //No I18N
+                            return;
+                    }
+                    this.orgKey = await Vault.RSA_decrypt(sharedKey, privateKey, keyType);
+                }
+                credentials.orgkey = this.orgKey ? this.orgKey : '';
+                await insertToDB(userConfig);
+                resolve(this.orgKey);
+            }
+            catch (err) {
+                Logger.error(err);
+                reject(new Error("Error getting Orgkey"));
+            }
+        });
+    }
+    convertStringToJSON(str) {
+        return new Promise((resolve, reject) => {
+            try {
+                if (str == undefined) {
+                    reject(new Error("cannot convert undefined to JSON"));
+                    return;
+                }
+                resolve(JSON.parse(str));
+            }
+            catch (err) {
+                Logger.error(err);
+                reject(new Error("Problem while converting string to JSON"));
+            }
+        });
+    }
+    async decryptSecretData(secretData, decryptionKey, secretFieldData, notSafe, sharinglevel) {
+        return new Promise(async (resolve, reject) => {
+            try {
+                const secretDataJSON = await this.convertStringToJSON(secretData);
+                for (const key in secretDataJSON) {
+                    const fieldInfo = secretFieldData.find((field) => field.name === key);
+                    const chiperText = secretDataJSON[key];
+                    if (chiperText !== undefined) {
+                        delete secretDataJSON[key];
+                        const jsonKey = fieldInfo?.label;
+                        secretDataJSON[jsonKey] = await this.getDecryptedSecretData(chiperText, decryptionKey, notSafe, sharinglevel, fieldInfo?.type);
+                    }
+                }
+                resolve(secretDataJSON);
+            }
+            catch (err) {
+                Logger.error(err);
+                reject(new Error("Problem while decrypting secretData"));
+            }
+        });
+    }
+    async getDecryptedSecretData(chiperText, decryptionKey, notSafe, sharinglevel, type) {
+        return new Promise((resolve, reject) => {
+            if (type === "password") {
+                if ((sharinglevel !== undefined && Utilities.getSharingPrivilege(sharinglevel) === SHARING.AUTOLOGIN) || !notSafe) {
+                    resolve("*********");
+                    return;
+                }
+            }
+            const decryptedData = Vault.decrypt(chiperText, decryptionKey);
+            resolve(decryptedData);
+        });
+    }
+    async maskDecryptedSecretData(decryptedSecData, secretFieldData, notSafe, sharinglevel) {
+        return new Promise((resolve, reject) => {
+            try {
+                const containsPassowdField = secretFieldData.some((elem) => elem.type === 'password');
+                if (containsPassowdField && ((sharinglevel !== undefined && Utilities.getSharingPrivilege(sharinglevel) === SHARING.AUTOLOGIN) || !notSafe)) {
+                    decryptedSecData['password'] = '*********';
+                }
+                resolve(true);
+            }
+            catch (err) {
+                Logger.error(err);
+                reject(false);
+            }
+        });
+    }
+    async getDecryptedCustomColumn(customcolStr, decryptionKey, notSafe, sharinglevel) {
+        return new Promise(async (resolve, reject) => {
+            try {
+                const customCol = JSON.parse(Vault.Base64_decode(customcolStr));
+                await this.maskDecryptedCustomCol(customCol.customcol, notSafe, sharinglevel, decryptionKey);
+                resolve(customCol.customcol);
+            }
+            catch (err) {
+                Logger.error(err);
+                reject(new Error("Error getting decrypted custom column"));
+            }
+        });
+    }
+    async maskDecryptedCustomCol(res, notSafe, sharinglevel, decryptionKey) {
+        if (res == undefined) {
+            return;
+        }
+        res.forEach((col) => {
+            if (col.type === "password" && ((sharinglevel !== undefined && Utilities.getSharingPrivilege(sharinglevel) === SHARING.AUTOLOGIN) || !notSafe)) {
+                col.value = "*********";
+                return;
+            }
+            col.value = Vault.decrypt(col.value, decryptionKey);
+        });
+    }
+    async decryptSecretObject(secretObj, secretFieldData, notSafe) {
+        const { secretData, isshared, sharinglevel } = secretObj;
+        if (!secretData) {
+            return;
+        }
+        const decryptionKey = isshared == "NO" ? this.masterKey : await this.getOrgKey();
+        if (!decryptionKey) {
+            throw new Error("Decryption missing try lock and unlock once");
+        }
+        const decryptedSecData = await this.decryptSecretData(secretData, decryptionKey, secretFieldData, notSafe, sharinglevel);
+        // await this.maskDecryptedSecretData(decryptedSecData, secretFieldData, notSafe, sharinglevel);
+        secretObj.secretData = decryptedSecData;
+        if (secretObj.notes !== "" && !!secretObj.notes) {
+            secretObj.notes = await this.getDecryptedSecretData(secretObj.notes, decryptionKey, notSafe, sharinglevel, "notes");
+        }
+        if (secretObj.customcolumn !== "" && !!secretObj.customcolumn) {
+            const res = await this.getDecryptedCustomColumn(secretObj.customcolumn, decryptionKey, notSafe, sharinglevel);
+            secretObj.customcolumn = { customcol: res };
+        }
+    }
+    async decrypt(chipertext, isShared) {
+        try {
+            if (isShared === "NO") {
+                return Vault.decrypt(chipertext, this.masterKey);
+            }
+            return Vault.decrypt(chipertext, await this.getOrgKey());
+        }
+        catch (err) {
+            Logger.error(err);
+        }
+    }
+}
+//# sourceMappingURL=login.util.js.map

package/out/util/passwordtypes.util.js

@@ -0,0 +1,91 @@
+import { Utilities, _pull } from "./index.util.js";
+import { OPTIONS, VAULT_ENDPOINTS } from "./consts.util.js";
+import { generateWorkspaceHash, header } from "../commands/login/login.utils.js";
+import { getDecryptedCredentials } from "./dbutils/db.utils.js";
+import { Logger } from "../js/logger/index.js";
+export class PasswordTypes {
+    dc;
+    constructor(dc) {
+        this.dc = dc;
+    }
+    static getUserConfig = async (dc) => {
+        try {
+            const res = await _pull(header, Utilities.getVaultUrl(dc) + VAULT_ENDPOINTS.USER_CONFIG, undefined, undefined);
+            const { data: { operation: { Details } } } = res;
+            return Details;
+        }
+        catch (err) {
+            Logger.error(err);
+        }
+    };
+    static resolveWithNoPolicyId = (dc, isAddOrCategory) => {
+        return new Promise(async (resolve, reject) => {
+            try {
+                const decryptedCredentials = await getDecryptedCredentials(generateWorkspaceHash());
+                const zuid = decryptedCredentials.zuid;
+                const resp = await _pull(header, Utilities.getVaultUrl(dc) + VAULT_ENDPOINTS.URL_SECRET_TYPES, { allTypes: true, getDefaults: true }, undefined);
+                const { data: { operation: { Details: { secret_types } } } } = resp;
+                const userConfig = await this.getUserConfig(dc);
+                let secretTypes = secret_types;
+                if (isAddOrCategory) {
+                    secretTypes = secretTypes.filter(function (type) {
+                        if (userConfig.SHOW_USER_DEFINED_SECRETTYPE != undefined && userConfig.SHOW_USER_DEFINED_SECRETTYPE == "Enabled") {
+                            return ((type.added_by == undefined || (type.added_by != undefined && type.added_by.zuid == zuid)) &&
+                                (type.status && ((userConfig.FILE_ATTACHMENT != undefined &&
+                                    userConfig.FILE_ATTACHMENT == "Disabled") ? ((type.is_system_defined && type.secret_type_name == "File Store") ? false : true) : true))) && type.secret_type_name !== "Passkey"; //No I18N
+                        }
+                        else {
+                            return type.status && ((userConfig.FILE_ATTACHMENT != undefined
+                                && userConfig.FILE_ATTACHMENT == "Disabled") ? ((type.is_system_defined && type.secret_type_name == "File Store") ? false : true) : true) && type.secret_type_name !== "Passkey"; // No I18N
+                        }
+                    });
+                }
+                resolve(secretTypes);
+            }
+            catch (err) {
+                reject(new Error("Error while resolving with no policy id"));
+            }
+        });
+    };
+    static resolveWithPolicyId = (policyId, dc) => {
+        return new Promise(async (resolve, reject) => {
+            try {
+                const resp = await _pull(header, `${Utilities.getVaultUrl(dc)}${VAULT_ENDPOINTS.URL_SECRET_TYPES}/${policyId}`, undefined, undefined);
+                const { data: { operation: { Details } } } = resp;
+                resolve([Details]);
+            }
+            catch (err) {
+                reject(new Error("Error getting password types with policy id"));
+            }
+        });
+    };
+    static constructFormattedSecretTypes = (sceretTypeArr, policyId, operation) => {
+        const formattedScerets = {};
+        sceretTypeArr.forEach((secretType) => {
+            if (secretType.status || operation == OPTIONS.LIST || operation === OPTIONS.SEARCH) {
+                formattedScerets[secretType.secret_type_id] = secretType;
+            }
+            else if (!secretType.status && policyId != undefined) {
+                formattedScerets[secretType.secret_type_id] = secretType;
+            }
+        });
+        return formattedScerets;
+    };
+    static getPasswordTypes = (dc, policyId, operation, isAddOrCategory) => {
+        return new Promise(async (resolve, reject) => {
+            try {
+                if (!policyId) {
+                    const secTypeArr = await this.resolveWithNoPolicyId(dc, isAddOrCategory);
+                    resolve(this.constructFormattedSecretTypes(secTypeArr, policyId, operation));
+                    return;
+                }
+                const secTypeArr = await this.resolveWithPolicyId(policyId, dc);
+                resolve(this.constructFormattedSecretTypes(secTypeArr, policyId, operation));
+            }
+            catch (err) {
+                reject(new Error("Cannot get passowrd types"));
+            }
+        });
+    };
+}
+//# sourceMappingURL=passwordtypes.util.js.map

package/out/util/print.util.js

@@ -0,0 +1,4 @@
+export const showError = (msg) => {
+    console.log(`error: ${msg}`);
+};
+//# sourceMappingURL=print.util.js.map