bitty-tui 0.0.6 → 0.0.7

package/dist/clients/bw.d.ts

@@ -1,3 +1,28 @@
+/**
+ * Bitwarden client for Node.js
+ * This client provides methods to interact with the Bitwarden API and decrypt/encrypt the ciphers.
+ *
+ * Authentication flow:
+ * 1. Prelogin API to get KDF iterations
+ * 2. Derive master key using email, password and KDF iterations
+ * 3. Get token API using derived password hash
+ * 4. Decode user and private keys
+ *
+ * Cipher decryption:
+ * 1. Fetch sync data from Bitwarden API
+ * 2. Decrypt organization keys using private key
+ * 3. Choose the appropriate decryption key:
+ *  - User key for personal ciphers
+ *  - Organization key for org ciphers
+ *  - Cipher-specific key if available
+ * 4. Decrypt cipher fields using the chosen key
+ */
+export declare class FetchError extends Error {
+    status: number;
+    data: string;
+    constructor(status: number, data: string, message?: string);
+    json(): any;
+}
 export declare enum CipherType {
     Login = 1,
     SecureNote = 2,
@@ -14,6 +39,7 @@ export declare enum KeyType {
     RSA_SHA256_MAC = "5",
     RSA_SHA1_MAC = "6"
 }
+export declare const TwoFactorProvider: Record<string, string>;
 export interface Cipher {
     id: string;
     type: CipherType;
@@ -68,6 +94,10 @@ export interface Cipher {
     }[];
 }
 export type CipherDto = Omit<Cipher, "id" | "data">;
+export declare enum KdfType {
+    PBKDF2 = 0,
+    Argon2id = 1
+}
 export interface SyncResponse {
     ciphers: Cipher[];
     profile?: {
@@ -109,10 +139,36 @@ export declare class Client {
     constructor(uri?: ClientConfig);
     private patchObject;
     setUrls(uri: ClientConfig): void;
-    login(email: string, password: string): Promise<void>;
+    /**
+     * Authenticates a user with the Bitwarden server using their email and password.
+     * The login process involves three main steps:
+     * 1. Prelogin request to get KDF iterations
+     * 2. Master key derivation using email, password and KDF iterations (see Bw.deriveMasterKey)
+     * 3. Token acquisition using derived credentials
+     * 4. User and private key decryption (see Bw.decodeUserKeys)
+     *
+     * After successful authentication, it sets up the client with:
+     * - Access token for API requests
+     * - Refresh token for token renewal
+     * - Token expiration timestamp
+     * - Derived encryption keys (master key, user key, private key)
+     */
+    login(email: string, password: string, skipPrelogin?: boolean, opts?: Record<string, any>): Promise<void>;
+    sendEmailMfaCode(email: string): Promise<void>;
     checkToken(): Promise<void>;
+    /**
+     * Fetches the latest sync data from the Bitwarden server and decrypts organization keys if available.
+     * The orgKeys are decrypted using the private key derived during login.
+     * The sync data is cached for future use.
+     */
     syncRefresh(): Promise<SyncResponse | null>;
     decryptOrgKeys(): void;
+    /**
+     * Get the appropriate decryption key for a given cipher.
+     * If the cipher belongs to an organization, return the organization's key.
+     * If the cipher has its own custom key, the custom key is decrypted using the appropriate key and returned.
+     * Otherwise, it uses the user's key.
+     */
     getDecryptionKey(cipher: Partial<Cipher>): Key | undefined;
     getDecryptedSync({ forceRefresh }?: {
         forceRefresh?: boolean | undefined;

package/dist/clients/bw.js

@@ -1,5 +1,37 @@
+/**
+ * Bitwarden client for Node.js
+ * This client provides methods to interact with the Bitwarden API and decrypt/encrypt the ciphers.
+ *
+ * Authentication flow:
+ * 1. Prelogin API to get KDF iterations
+ * 2. Derive master key using email, password and KDF iterations
+ * 3. Get token API using derived password hash
+ * 4. Decode user and private keys
+ *
+ * Cipher decryption:
+ * 1. Fetch sync data from Bitwarden API
+ * 2. Decrypt organization keys using private key
+ * 3. Choose the appropriate decryption key:
+ *  - User key for personal ciphers
+ *  - Organization key for org ciphers
+ *  - Cipher-specific key if available
+ * 4. Decrypt cipher fields using the chosen key
+ */
 import https from "node:https";
 import crypto from "node:crypto";
+import * as argon2 from "argon2";
+export class FetchError extends Error {
+    status;
+    data;
+    constructor(status, data, message) {
+        super(message ?? `FetchError: ${status} ${data}`);
+        this.status = status;
+        this.data = data;
+    }
+    json() {
+        return JSON.parse(this.data);
+    }
+}
 function fetch(url, options = {}, body = null) {
     return new Promise((resolve, reject) => {
         const urlObj = new URL(url);
@@ -17,10 +49,12 @@ function fetch(url, options = {}, body = null) {
             const onEnd = () => {
                 cleanup();
                 if (res.statusCode && (res.statusCode < 200 || res.statusCode >= 300)) {
-                    reject(new Error(`HTTP error: ${res.statusCode} ${res.statusMessage}`));
+                    console.error("HTTP error body:", data);
+                    reject(new FetchError(res.statusCode, data, `HTTP error: ${res.statusCode} ${res.statusMessage}`));
                     return;
                 }
                 resolve({
+                    status: res.statusCode,
                     json: () => Promise.resolve(JSON.parse(data)),
                     text: () => Promise.resolve(data),
                 });
@@ -65,9 +99,39 @@ export var KeyType;
     KeyType["RSA_SHA256_MAC"] = "5";
     KeyType["RSA_SHA1_MAC"] = "6";
 })(KeyType || (KeyType = {}));
+export const TwoFactorProvider = {
+    "0": "Authenticator",
+    "1": "Email",
+    "2": "Fido2",
+    "3": "Yubikey",
+    "4": "Duo",
+};
+export var KdfType;
+(function (KdfType) {
+    KdfType[KdfType["PBKDF2"] = 0] = "PBKDF2";
+    KdfType[KdfType["Argon2id"] = 1] = "Argon2id";
+})(KdfType || (KdfType = {}));
+const DEVICE_IDENTIFIER = "928f9664-5559-4a7b-9853-caf5bfa5dd57";
 class Bw {
-    deriveMasterKey(email, password, kdfIterations) {
-        const masterKey = this.derivePbkdf2(password, email, kdfIterations);
+    /**
+     * Derives the master key and related keys from the user's email and password.
+     *
+     * First, it derives the master key using PBKDF2 (Argon2 should be implemented in the future).
+     * The master key is derived from the password using the email as the salt and the specified number of iterations.
+     * The master password hash is then derived from the master key using the password as the salt with a single iteration of PBKDF2.
+     *
+     * The master password hash will be used for authentication.
+     * The master key is used to derive the encryption and MAC keys using HKDF with SHA-256.
+     * The encryption key will be used to decrypt the user keys.
+     */
+    async deriveMasterKey(email, password, prelogin) {
+        let masterKey;
+        if (prelogin.kdf === KdfType.PBKDF2) {
+            masterKey = this.derivePbkdf2(password, email, prelogin.kdfIterations);
+        }
+        else {
+            masterKey = await this.deriveArgon2(password, email, prelogin.kdfIterations, prelogin.kdfMemory, prelogin.kdfParallelism);
+        }
         const masterPasswordHashBytes = this.derivePbkdf2(masterKey, password, 1);
         const masterPasswordHash = Buffer.from(masterPasswordHashBytes).toString("base64");
         const encryptionKey = this.hkdfExpandSha256(masterKey, "enc");
@@ -81,6 +145,11 @@ class Bw {
             },
         };
     }
+    /**
+     * Decode the user key and private key.
+     * The user key is decrypted using the encryption key.
+     * The private key is decrypted using the user key.
+     */
     decodeUserKeys(userKey, privateKey, keys) {
         if (!keys.encryptionKey)
             throw new Error("Encryption key not derived yet");
@@ -98,6 +167,12 @@ class Bw {
         }
         return keys;
     }
+    /**
+     * Decrypt a Bitwarden-formatted string using the provided key.
+     * The function first parses the string to extract the type, IV, ciphertext, and HMAC.
+     * It then selects the appropriate decryption method based on the type.
+     * Supported types: AES-256(0), AES-256-MAC(2), AES-128-MAC(1), RSA-SHA1(4), RSA-SHA256(3), RSA-SHA1-MAC(6), and RSA-SHA256-MAC(5).
+     */
     decryptKey(value, key) {
         const data = this.parseBwString(value);
         try {
@@ -118,12 +193,15 @@ class Bw {
             }
         }
         catch (error) {
+            console.error("Error decrypting key:", error);
             throw error;
         }
     }
+    // Decrypt as UTF-8 string
     decrypt(value, key) {
         return this.decryptKey(value, key).toString("utf-8");
     }
+    // Encrypt a string using the given key
     encrypt(value, key) {
         if (!value || !key?.key) {
             throw new Error("Missing value or key for encryption");
@@ -157,15 +235,52 @@ class Bw {
         const macB64 = mac.toString("base64");
         return `2.${ivB64}|${encryptedB64}|${macB64}`;
     }
+    // PBKDF2 key derivation
     derivePbkdf2(password, salt, iterations) {
         return crypto.pbkdf2Sync(password, salt, iterations, 32, "sha256");
     }
+    // Argon2 key derivation
+    async deriveArgon2(password, salt, iterations, memory, parallelism) {
+        const saltHash = crypto
+            .createHash("sha256")
+            .update(Buffer.from(salt.toString(), "utf-8"))
+            .digest();
+        const hash = await argon2.hash(password.toString(), {
+            salt: saltHash,
+            timeCost: iterations,
+            memoryCost: memory * 1024,
+            parallelism,
+            hashLength: 32,
+            type: argon2.argon2id,
+            raw: true,
+        });
+        return Buffer.from(hash);
+    }
     hkdfExpandSha256(ikm, info) {
         const mac = crypto.createHmac("sha256", ikm);
         mac.update(info);
         mac.update(Buffer.from([0x01]));
         return mac.digest();
     }
+    /**
+     * Parse a Bitwarden-formatted string into its components.
+     * The function extracts the type, IV, ciphertext, and HMAC from the string.
+     * The bitwarden string format is as follows:
+     * A type (1 character) followed by a dot ('.'), then key parts separated by pipes ('|')
+     * <type>.[<iv_base64>|]<ciphertext_base64>|<hmac_base64>
+     *
+     * AES types (0, 1, 2) include the IV, while RSA types (3, 4, 5, 6) do not.
+     *
+     * Examples:
+     *   - 0.MTIzNDU2Nzg5MGFiY2RlZg==|c29tZWNpcGhlcnRleHQ=|aG1hY3ZhbHVl
+     *   - 3.c29tZWNpcGhlcnRleHQ=|aG1hY3ZhbHVl
+     *
+     *   type   iv_base64                    ciphertext_base64        hmac_base64
+     *   -------------------------------------------------------------------------
+     *   0.     MTIzNDU2Nzg5MGFiY2RlZg==  |  c29tZWNpcGhlcnRleHQ=  |  aG1hY3ZhbHVl
+     *   3.                                  c29tZWNpcGhlcnRleHQ=  |  aG1hY3ZhbHVl
+     *
+     */
     parseBwString(value) {
         if (!value?.length) {
             throw new Error("Empty value");
@@ -187,6 +302,7 @@ class Bw {
         const hmac = hmacB64 ? Buffer.from(hmacB64, "base64") : null;
         return { type, iv, key: ciphertext, mac: hmac };
     }
+    // AES decryption
     decryptAes(ciphertext, key, algorithm) {
         if (!ciphertext.iv)
             throw new Error("Missing IV for AES decryption");
@@ -203,6 +319,7 @@ class Bw {
         const final = decipher.final();
         return Buffer.concat([decrypted, final]);
     }
+    // RSA OAEP decryption
     decryptRsaOaep(ciphertext, key, hashAlgorithm) {
         const privateKey = crypto.createPrivateKey({
             key: Buffer.from(key.key),
@@ -269,22 +386,52 @@ export class Client {
             this.identityUrl = uri.identityUrl;
         }
     }
-    async login(email, password) {
-        const prelogin = await fetch(`${this.identityUrl}/accounts/prelogin`, {
-            method: "POST",
-            headers: {
-                "Content-Type": "application/json",
-            },
-        }, {
-            email,
-        }).then((r) => r.json());
-        const keys = mcbw.deriveMasterKey(email, password, prelogin.kdfIterations);
+    /**
+     * Authenticates a user with the Bitwarden server using their email and password.
+     * The login process involves three main steps:
+     * 1. Prelogin request to get KDF iterations
+     * 2. Master key derivation using email, password and KDF iterations (see Bw.deriveMasterKey)
+     * 3. Token acquisition using derived credentials
+     * 4. User and private key decryption (see Bw.decodeUserKeys)
+     *
+     * After successful authentication, it sets up the client with:
+     * - Access token for API requests
+     * - Refresh token for token renewal
+     * - Token expiration timestamp
+     * - Derived encryption keys (master key, user key, private key)
+     */
+    async login(email, password, skipPrelogin = false, opts) {
+        let keys = this.keys;
+        if (!skipPrelogin) {
+            const prelogin = await fetch(`${this.identityUrl}/accounts/prelogin`, {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/json",
+                },
+            }, {
+                email,
+            }).then((r) => r.json());
+            keys = await mcbw.deriveMasterKey(email, password, prelogin);
+            this.keys = keys;
+        }
+        const bodyParams = new URLSearchParams();
+        bodyParams.append("username", email);
+        bodyParams.append("password", keys.masterPasswordHash);
+        bodyParams.append("grant_type", "password");
+        bodyParams.append("deviceName", "chrome");
+        bodyParams.append("deviceType", "9");
+        bodyParams.append("deviceIdentifier", DEVICE_IDENTIFIER);
+        bodyParams.append("client_id", "web");
+        bodyParams.append("scope", "api offline_access");
+        for (const [key, value] of Object.entries(opts || {})) {
+            bodyParams.append(key, value);
+        }
         const identityReq = await fetch(`${this.identityUrl}/connect/token`, {
             method: "POST",
             headers: {
                 "Content-Type": "application/x-www-form-urlencoded",
             },
-        }, `username=${email}&password=${keys.masterPasswordHash}&grant_type=password&deviceName=chrome&deviceType=9&deviceIdentifier=928f9664-5559-4a7b-9853-caf5bfa5dd57&client_id=web&scope=api%20offline_access`).then((r) => r.json());
+        }, bodyParams.toString()).then((r) => r.json());
         this.token = identityReq.access_token;
         this.refreshToken = identityReq.refresh_token;
         this.tokenExpiration = Date.now() + identityReq.expires_in * 1000;
@@ -298,6 +445,22 @@ export class Client {
         this.decryptedSyncCache = null;
         this.orgKeys = {};
     }
+    async sendEmailMfaCode(email) {
+        fetch("https://vault.bitwarden.eu/api/two-factor/send-email-login", {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+            },
+        }, JSON.stringify({
+            email: email,
+            masterPasswordHash: this.keys.masterPasswordHash,
+            ssoEmail2FaSessionToken: "",
+            deviceIdentifier: DEVICE_IDENTIFIER,
+            authRequestAccessCode: "",
+            authRequestId: "",
+        }));
+    }
+    // Check and refresh token if needed
     async checkToken() {
         if (!this.tokenExpiration || Date.now() >= this.tokenExpiration) {
             if (!this.refreshToken) {
@@ -314,6 +477,11 @@ export class Client {
             this.tokenExpiration = Date.now() + identityReq.expires_in * 1000;
         }
     }
+    /**
+     * Fetches the latest sync data from the Bitwarden server and decrypts organization keys if available.
+     * The orgKeys are decrypted using the private key derived during login.
+     * The sync data is cached for future use.
+     */
     async syncRefresh() {
         await this.checkToken();
         this.syncCache = await fetch(`${this.apiUrl}/sync?excludeDomains=true`, {
@@ -338,6 +506,12 @@ export class Client {
             };
         }
     }
+    /**
+     * Get the appropriate decryption key for a given cipher.
+     * If the cipher belongs to an organization, return the organization's key.
+     * If the cipher has its own custom key, the custom key is decrypted using the appropriate key and returned.
+     * Otherwise, it uses the user's key.
+     */
     getDecryptionKey(cipher) {
         let key = this.keys.userKey;
         if (cipher.organizationId) {
@@ -348,6 +522,7 @@ export class Client {
         }
         return key;
     }
+    // fetch and decrypt the bw sync data
     async getDecryptedSync({ forceRefresh = false } = {}) {
         if (this.decryptedSyncCache && !forceRefresh) {
             return this.decryptedSyncCache;
@@ -361,24 +536,17 @@ export class Client {
                 const key = this.getDecryptionKey(cipher);
                 const ret = JSON.parse(JSON.stringify(cipher));
                 ret.name = this.decrypt(cipher.name, key);
-                ret.data.name = ret.name;
                 ret.notes = this.decrypt(cipher.notes, key);
-                ret.data.notes = ret.notes;
                 if (cipher.login) {
                     ret.login.username = this.decrypt(cipher.login.username, key);
-                    ret.data.username = ret.login.username;
                     ret.login.password = this.decrypt(cipher.login.password, key);
-                    ret.data.password = ret.login.password;
                     ret.login.totp = this.decrypt(cipher.login.totp, key);
-                    ret.data.totp = ret.login.totp;
                     ret.login.uri = this.decrypt(cipher.login.uri, key);
-                    ret.data.uri = ret.login.uri;
                     if (cipher.login.uris?.length) {
                         ret.login.uris = cipher.login.uris?.map((uri) => ({
                             uri: this.decrypt(uri.uri, key),
                             uriChecksum: uri.uriChecksum,
                         }));
-                        ret.data.uris = ret.login.uris;
                     }
                 }
                 if (cipher.identity) {
@@ -433,7 +601,6 @@ export class Client {
                             value: this.decrypt(field.value, key),
                         };
                     });
-                    ret.data.fields = ret.fields;
                 }
                 return ret;
             }),
@@ -508,6 +675,7 @@ export class Client {
             return null;
         const key = this.getDecryptionKey(patch);
         const data = this.patchObject(original, this.encryptCipher(obj, key));
+        data.data = undefined;
         const s = await fetch(`${this.apiUrl}/ciphers/${id}`, {
             method: "PUT",
             headers: {
@@ -532,7 +700,6 @@ export class Client {
     }
     encryptCipher(obj, key) {
         const { ...ret } = obj;
-        delete obj.data;
         if (ret.name) {
             ret.name = this.encrypt(ret.name, key);
         }

package/dist/components/Button.d.ts

@@ -3,8 +3,9 @@ import { ReactNode } from "react";
 type Props = {
     isActive?: boolean;
     doubleConfirm?: boolean;
+    autoFocus?: boolean;
     onClick: () => void;
     children: ReactNode;
 } & React.ComponentProps<typeof Box>;
-export declare const Button: ({ isActive, doubleConfirm, onClick, children, ...props }: Props) => import("react/jsx-runtime").JSX.Element;
+export declare const Button: ({ isActive, doubleConfirm, onClick, children, autoFocus, ...props }: Props) => import("react/jsx-runtime").JSX.Element;
 export {};

package/dist/components/Button.js

@@ -2,8 +2,8 @@ import { jsx as _jsx } from "react/jsx-runtime";
 import { Text, Box, useFocus, useInput } from "ink";
 import { useRef, useState } from "react";
 import { primary } from "../theme/style.js";
-export const Button = ({ isActive = true, doubleConfirm, onClick, children, ...props }) => {
-    const { isFocused } = useFocus();
+export const Button = ({ isActive = true, doubleConfirm, onClick, children, autoFocus = false, ...props }) => {
+    const { isFocused } = useFocus({ autoFocus: autoFocus });
     const [askConfirm, setAskConfirm] = useState(false);
     const timeoutRef = useRef(null);
     useInput((input, key) => {

package/dist/dashboard/DashboardView.js

@@ -12,7 +12,7 @@ export function DashboardView({ onLogout }) {
     const { sync, error, fetchSync } = useBwSync();
     const [syncState, setSyncState] = useState(sync);
     const [searchQuery, setSearchQuery] = useState("");
-    const [listIndex, setListIndex] = useState(0);
+    const [listSelected, setListSelected] = useState(null);
     const [showDetails, setShowDetails] = useState(true);
     const [focusedComponent, setFocusedComponent] = useState("list");
     const [detailMode, setDetailMode] = useState("view");
@@ -34,13 +34,18 @@ export function DashboardView({ onLogout }) {
                 c.login?.username?.toLowerCase().includes(search));
         }) ?? []).sort((a, b) => a.name.localeCompare(b.name));
     }, [syncState, searchQuery]);
+    const listIndex = useMemo(() => {
+        if (!listSelected)
+            return 0;
+        return filteredCiphers.findIndex((c) => c.id === listSelected.id);
+    }, [listSelected, filteredCiphers]);
     const selectedCipher = detailMode === "new" ? editedCipher : filteredCiphers[listIndex];
     const logout = async () => {
         await clearConfig();
         onLogout();
     };
     useEffect(() => {
-        setListIndex(0);
+        setListSelected(null);
     }, [searchQuery]);
     useEffect(() => {
         setSyncState(sync);
@@ -99,7 +104,7 @@ export function DashboardView({ onLogout }) {
     return (_jsxs(Box, { flexDirection: "column", width: "100%", height: stdout.rows - 1, children: [_jsx(Box, { borderStyle: "double", borderColor: primary, paddingX: 2, justifyContent: "center", flexShrink: 0, children: _jsx(Text, { bold: true, color: primary, children: "BiTTY" }) }), _jsxs(Box, { children: [_jsx(Box, { width: "40%", children: _jsx(TextInput, { id: "search", placeholder: focusedComponent === "search" ? "" : "[/] Search in vault", value: searchQuery, isActive: false, onChange: setSearchQuery, onSubmit: () => {
                                 setFocusedComponent("list");
                                 focusNext();
-                            } }) }), statusMessage && (_jsx(Box, { width: "60%", padding: 1, children: _jsx(Text, { color: statusMessageColor, children: statusMessage }) }))] }), _jsxs(Box, { minHeight: 20, flexGrow: 1, children: [_jsx(VaultList, { filteredCiphers: filteredCiphers, isFocused: focusedComponent === "list", selected: listIndex, onSelect: (index) => setListIndex(index) }), _jsx(CipherDetail, { selectedCipher: showDetails ? selectedCipher : null, mode: detailMode, isFocused: focusedComponent === "detail", onChange: (cipher) => {
+                            } }) }), statusMessage && (_jsx(Box, { width: "60%", padding: 1, children: _jsx(Text, { color: statusMessageColor, children: statusMessage }) }))] }), _jsxs(Box, { minHeight: 20, flexGrow: 1, children: [_jsx(VaultList, { filteredCiphers: filteredCiphers, isFocused: focusedComponent === "list", selected: listIndex, onSelect: (index) => setListSelected(filteredCiphers[index] || null) }), _jsx(CipherDetail, { selectedCipher: showDetails ? selectedCipher : null, mode: detailMode, isFocused: focusedComponent === "detail", onChange: (cipher) => {
                             if (detailMode === "new") {
                                 setEditedCipher(cipher);
                                 return;

package/dist/hooks/bw.js

@@ -91,6 +91,7 @@ export const useBwSync = () => {
             setSync(sync);
         }
         catch (e) {
+            console.error("Error fetching sync data:", e);
             setError("Error fetching sync data");
         }
     }, []);

package/dist/login/LoginView.js

@@ -7,6 +7,7 @@ import { primary } from "../theme/style.js";
 import { bwClient, loadConfig, saveConfig } from "../hooks/bw.js";
 import { useStatusMessage } from "../hooks/status-message.js";
 import { Checkbox } from "../components/Checkbox.js";
+import { FetchError, TwoFactorProvider } from "../clients/bw.js";
 const art = `
  ███████████   ███  ███████████ ███████████ █████ █████
 ░░███░░░░░███ ░░░  ░█░░░███░░░█░█░░░███░░░█░░███ ░░███
@@ -22,6 +23,8 @@ export function LoginView({ onLogin }) {
     const [url, setUrl] = useState("https://vault.bitwarden.eu");
     const [email, setEmail] = useState("");
     const [password, setPassword] = useState("");
+    const [mfaParams, setMfaParams] = useState(null);
+    const [askMfa, setAskMfa] = useState(null);
     const [rememberMe, setRememberMe] = useState(false);
     const { stdout } = useStdout();
     const { focusNext } = useFocusManager();
@@ -36,7 +39,30 @@ export function LoginView({ onLogin }) {
             if (url?.trim().length) {
                 bwClient.setUrls({ baseUrl: url });
             }
-            await bwClient.login(email, password);
+            try {
+                if (mfaParams) {
+                    mfaParams.twoFactorRemember = rememberMe ? 1 : 0;
+                }
+                await bwClient.login(email, password, !!mfaParams, mfaParams);
+            }
+            catch (e) {
+                if (e instanceof FetchError) {
+                    const data = e.json();
+                    if (data.TwoFactorProviders) {
+                        if (data.TwoFactorProviders.length === 1) {
+                            setMfaParams({
+                                twoFactorProvider: data.TwoFactorProviders[0],
+                            });
+                        }
+                        else if (data.TwoFactorProviders.length > 1) {
+                            setAskMfa(data.TwoFactorProviders);
+                        }
+                    }
+                }
+                else {
+                    throw e;
+                }
+            }
             if (!bwClient.refreshToken || !bwClient.keys)
                 throw new Error("Missing URL or keys after login");
             onLogin();
@@ -68,12 +94,21 @@ export function LoginView({ onLogin }) {
             }
         })();
     }, []);
-    return (_jsxs(Box, { flexDirection: "column", alignItems: "center", padding: 1, flexGrow: 1, minHeight: stdout.rows - 2, children: [_jsx(Box, { marginBottom: 2, children: _jsx(Text, { color: primary, children: art }) }), loading ? (_jsx(Text, { children: "Loading..." })) : (_jsxs(Box, { flexDirection: "column", width: "50%", children: [_jsx(TextInput, { placeholder: "Server URL", value: url, onChange: setUrl }), _jsx(TextInput, { autoFocus: true, placeholder: "Email address", value: email, onChange: setEmail }), _jsx(TextInput, { placeholder: "Master password", value: password, onChange: setPassword, onSubmit: () => {
+    return (_jsxs(Box, { flexDirection: "column", alignItems: "center", padding: 1, flexGrow: 1, minHeight: stdout.rows - 2, children: [_jsx(Box, { marginBottom: 2, children: _jsx(Text, { color: primary, children: art }) }), loading ? (_jsx(Text, { children: "Loading..." })) : askMfa ? (_jsx(Box, { flexDirection: "column", width: "50%", children: Object.values(askMfa).map((provider) => (_jsx(Button, { autoFocus: true, onClick: () => {
+                        if (provider === "1") {
+                            bwClient.sendEmailMfaCode(email);
+                        }
+                        setMfaParams((p) => ({
+                            ...p,
+                            twoFactorProvider: provider,
+                        }));
+                        setAskMfa(null);
+                    }, children: TwoFactorProvider[provider] }, provider))) })) : mfaParams && mfaParams.twoFactorProvider ? (_jsx(Box, { flexDirection: "column", width: "50%", children: _jsx(TextInput, { autoFocus: true, placeholder: `Enter your ${TwoFactorProvider[mfaParams.twoFactorProvider]} code`, value: mfaParams.twoFactorToken || "", onChange: (value) => setMfaParams((p) => ({ ...p, twoFactorToken: value })), onSubmit: () => handleLogin() }) })) : (_jsxs(Box, { flexDirection: "column", width: "50%", children: [_jsx(TextInput, { placeholder: "Server URL", value: url, onChange: setUrl }), _jsx(TextInput, { autoFocus: true, placeholder: "Email address", value: email, onChange: setEmail }), _jsx(TextInput, { placeholder: "Master password", value: password, onChange: setPassword, onSubmit: () => {
                             if (email?.length && password?.length) {
                                 handleLogin();
                             }
                             else {
                                 focusNext();
                             }
-                        }, isPassword: true }), _jsxs(Box, { children: [_jsx(Checkbox, { label: "Remember me (less secure)", value: rememberMe, width: "50%", onToggle: setRememberMe }), _jsx(Button, { width: "50%", onClick: handleLogin, children: "Log In" })] }), statusMessage && (_jsx(Box, { marginTop: 1, width: "100%", justifyContent: "center", children: _jsx(Text, { color: statusMessageColor, children: statusMessage }) }))] }))] }));
+                        }, isPassword: true }), _jsxs(Box, { children: [_jsx(Checkbox, { label: "Remember me (less secure)", value: rememberMe, width: "50%", onToggle: setRememberMe }), _jsx(Button, { width: "50%", onClick: () => handleLogin(), children: "Log In" })] }), statusMessage && (_jsx(Box, { marginTop: 1, width: "100%", justifyContent: "center", children: _jsx(Text, { color: statusMessageColor, children: statusMessage }) }))] }))] }));
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bitty-tui",
-  "version": "0.0.6",
+  "version": "0.0.7",
   "license": "MIT",
   "repository": "https://github.com/mceck/bitty",
   "keywords": [
@@ -29,6 +29,7 @@
     "dist"
   ],
   "dependencies": {
+    "argon2": "^0.44.0",
     "chalk": "^5.6.2",
     "clipboardy": "^4.0.0",
     "ink": "^6.3.0",

package/readme.md

@@ -17,6 +17,13 @@ Works also with Vaultwarden.
 
 If you check "Remember me" during login, your vault encryption keys will be stored in plain text in your home folder (`$HOME/.config/bitty/config.json`). Use this option only if you are the only user of your machine.
 
+## TODO
+
+- Implement Argon2 key derivation
+- Collections support
+- Handle more fields editing
+- Handle creating different cipher types
+
 ## Acknowledgments
 
 - [Bitwarden](https://github.com/bitwarden)