secrez 2.1.12 → 2.1.13

package/README.md

@@ -43,8 +43,6 @@ Secrez aims to provide a secure password management solution that is available e
 
 To achieve its goal, Secrez uses several strategies. First, any secret is a local file. Second, any file, whether it's a tree version, a directory, a text file, or a binary file, is immutable. Finally, any change can be pulled/pushed to a remote private repository. You can either create a private repository on GitHub, BitBucket, etc. or set up your own self-hosted Git server.
 
-In addition to functioning as a password manager, Secrez also includes an optional decentralized, surveillance-resistant, end-to-end encrypted messaging system. This provides an extra layer of security for your communications, ensuring that your messages cannot be intercepted or read by anyone other than the intended recipient.
-
 Overall, Secrez offers a powerful and secure solution for managing your passwords and secrets, all from the command line.
 
 ## The structure
@@ -370,6 +368,10 @@ Secrez is not intended to compete with password managers, so do not expect it to
 
 ## History
 
+**2.1.12**
+
+- enforce the usage of pnpm during global install. When that is not possible, for example with yarn, it blocks the execution asking the user to uninstall and install it again properly
+
 **2.1.11**
 
 - fix warning "(node:70960) [DEP0190] DeprecationWarning: Passing args to a child process with shell option true can lead to security vulnerabilities" caused by the Git checker
@@ -498,6 +500,10 @@ Secrez is not intended to compete with password managers, so do not expect it to
 - remove second factor authentication due to potentially critical issues with Python and the required libraries on macOS (2FA will be restored as soon as either a pure Javascript library is available or using external Python libraries is reliable again)
 - `Bash` has been renamed `Shell`
 
+**0.11.0**
+
+- removed support for FIDO2 second factor authentication due to potential critical issues with Python and the required libraries on MacOS (2FA may be restored if a pure Javascript library becomes available)
+
 **0.10.8**
 
 - expose a prompt mock to allow other software to run commands programmatically
@@ -886,30 +892,29 @@ Thank you for any contributions! 😉
 ## Test coverage
 
 ```
-  162 passing (1m)
-  1 pending
+  162 passing (2m)
 
 --------------------|---------|----------|---------|---------|--------------------------------------
 File                | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s                    
 --------------------|---------|----------|---------|---------|--------------------------------------
-All files           |   80.07 |    67.69 |   80.91 |   79.96 |                                      
+All files           |   81.62 |    68.94 |   83.57 |   81.53 |                                      
  src                |   57.62 |    53.75 |      55 |   58.11 |                                      
   Command.js        |   74.66 |    74.13 |   78.57 |   75.67 | ...5-62,73,80,93,127,164-172,179-182 
   PreCommand.js     |    8.82 |        0 |       0 |    8.82 | 6-97                                 
   cliConfig.js      |     100 |      100 |     100 |     100 |                                      
- src/commands       |   83.06 |    69.43 |   90.82 |   82.94 |                                      
+ src/commands       |   83.01 |    69.34 |   90.82 |   82.89 |                                      
   Alias.js          |    88.6 |    78.68 |     100 |   88.46 | 101,112,139,169,173,180,190,213-214  
   Bash.js           |      75 |        0 |   66.66 |      75 | 18-19                                
   Cat.js            |   98.91 |    88.88 |     100 |   98.91 | 152                                  
   Cd.js             |   96.42 |    86.66 |     100 |   96.42 | 44                                   
-  Conf.js           |    8.64 |        0 |      20 |    8.64 | 98-509                               
+  Conf.js           |    8.64 |        0 |      20 |    8.64 | 47-216                               
   Contacts.js       |   86.06 |     75.6 |     100 |   85.95 | ...5,165,172,184,237,250,260,268-269 
   Copy.js           |    91.2 |    71.92 |     100 |   91.11 | 115,166,183,205-210,225-226,253      
   Ds.js             |   90.27 |     82.6 |     100 |   90.14 | 99,108-113,125,147-148               
   Edit.js           |   12.94 |        0 |      40 |   12.94 | 88-222                               
   Export.js         |   90.17 |    76.92 |     100 |   90.17 | ...3-198,209,227-231,236,248,257,260 
   Find.js           |   93.58 |    86.66 |     100 |   93.42 | 101,164,200-203,209                  
-  Git.js            |   96.15 |       75 |     100 |   96.15 | 61                                   
+  Git.js            |    92.3 |    66.66 |     100 |    92.3 | 40,61                                
   Help.js           |     100 |       80 |     100 |     100 | 29                                   
   Import.js         |   92.41 |    85.38 |     100 |   92.34 | ...7,387,393,441,457-458,466-473,500 
   Lcat.js           |     100 |    85.71 |     100 |     100 | 54                                   
@@ -935,18 +940,12 @@ All files           |   80.07 |    67.69 |   80.91 |   79.96 |
   index.js          |    87.5 |       50 |     100 |   86.95 | 15,22,31                             
  src/prompts        |      75 |    33.33 |      50 |      75 |                                      
   MainPromptMock.js |      75 |    33.33 |      50 |      75 | 29-35,44                             
- src/utils          |   67.61 |     62.5 |   54.16 |   67.21 |                                      
+ src/utils          |   83.07 |    78.43 |   66.66 |   82.81 |                                      
   AliasManager.js   |     100 |    91.66 |     100 |     100 | 47                                   
   ContactManager.js |   73.33 |       60 |   85.71 |   73.33 | 12,34-36                             
-  Fido2Client.js    |    9.61 |        0 |       0 |    9.61 | 8-108                                
   HelpProto.js      |   89.07 |     82.6 |     100 |   88.88 | 49,135-137,153-154,171-176,195       
   Logger.js         |   63.63 |    56.25 |   36.84 |   62.79 | ...25,37-49,57,65-69,74,84,88,93,105 
 --------------------|---------|----------|---------|---------|--------------------------------------
-
-> secrez@2.1.11-beta.0 posttest /Users/francescosullo/Projects/Secrez/secrez/packages/secrez
-> nyc check-coverage --statements 65 --branches 50 --functions 65 --lines 65
-
-
 ```
 
 ## Copyright

package/bin/secrez.js

@@ -10,44 +10,45 @@ const pkg = require("../package");
 const MainPrompt = require("../src/prompts/MainPrompt");
 const Logger = require("../src/utils/Logger");
 
-// Check if the package was installed with pnpm
+// Check if the package was installed with pnpm (skip check in development)
 const installPath = __dirname;
-if (installPath.indexOf("pnpm") === -1) {
-  console.error(
-    chalk.red.bold("\n⚠️  Installation Error\n")
-  );
+if (process.env.NODE_ENV !== "dev" && installPath.indexOf("pnpm") === -1) {
+  console.error(chalk.red.bold("\n⚠️  Installation Error\n"));
   console.error(
     chalk.yellow(
       "Secrez must be installed globally using pnpm.\n" +
-      "It appears this package was installed with a different package manager.\n"
+        "It appears this package was installed with a different package manager.\n"
     )
   );
-  console.error(
-    chalk.white("\nPlease follow these steps:\n")
-  );
+  console.error(chalk.white("\nPlease follow these steps:\n"));
   console.error(
     chalk.cyan(
       "1. Uninstall secrez using the package manager you previously used:\n" +
-      "   - If you used npm:  " + chalk.bold("npm uninstall -g secrez") + "\n" +
-      "   - If you used yarn: " + chalk.bold("yarn global remove secrez") + "\n"
+        "   - If you used npm:  " +
+        chalk.bold("npm uninstall -g secrez") +
+        "\n" +
+        "   - If you used yarn: " +
+        chalk.bold("yarn global remove secrez") +
+        "\n"
     )
   );
   console.error(
     chalk.cyan(
       "2. Install pnpm globally if you haven't already:\n" +
-      "   " + chalk.bold("npm install -g pnpm") + "\n"
+        "   " +
+        chalk.bold("npm install -g pnpm") +
+        "\n"
     )
   );
   console.error(
-    chalk.cyan(
-      "3. Setup pnpm:\n" +
-      "   " + chalk.bold("pnpm setup") + "\n"
-    )
+    chalk.cyan("3. Setup pnpm:\n" + "   " + chalk.bold("pnpm setup") + "\n")
   );
   console.error(
     chalk.cyan(
       "4. Install secrez globally using pnpm:\n" +
-      "   " + chalk.bold("pnpm install -g secrez") + "\n"
+        "   " +
+        chalk.bold("pnpm install -g secrez") +
+        "\n"
     )
   );
   process.exit(1);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "secrez",
-  "version": "2.1.12",
+  "version": "2.1.13",
   "license": "MIT",
   "nyc": {
     "include": "src",

package/scripts/preinstall.js

@@ -1,6 +1,6 @@
 if (process.env.npm_execpath.indexOf("pnpm") === -1) {
   console.error(
-    '\x1b[31m\x1b[1m\nThis project requires pnpm as a package manager.\n\x1b[0m'
+    "\x1b[31m\x1b[1m\nThis project requires pnpm as a package manager.\n\x1b[0m"
   );
   process.exit(1);
 }

package/src/Welcome.js

@@ -3,7 +3,6 @@ const inquirer = require("inquirer");
 const fs = require("fs-extra");
 const Crypto = require("@secrez/crypto");
 const Logger = require("./utils/Logger");
-// const Fido2Client = require("./utils/Fido2Client"); // FIDO2 support removed
 
 class Welcome {
   async start(secrez, options) {
@@ -35,10 +34,7 @@ Thanks.`);
     }
 
     if (await fs.pathExists(this.secrez.config.keysPath)) {
-      let errorCode = await this.login();
-      if (errorCode === 1) {
-        await this.handleDeprecatedFido2();
-      }
+      await this.login();
     } else {
       Logger.grey("Please signup to create your local account");
       await this.signup();
@@ -111,97 +107,6 @@ Thanks.`);
     }
   }
 
-  // sharedLogin() method removed - FIDO2 support deprecated
-  /*
-  async sharedLogin() {
-    let fido2Client = new Fido2Client(this.secrez);
-    let authenticator;
-    let list = await fido2Client.getKeys();
-    const conf = await this.secrez.readConf();
-    let choices = [];
-    for (let authenticator in conf.data.keys) {
-      choices.push(authenticator);
-    }
-    for (;;) {
-      if (list.length === 1) {
-        authenticator = list[0];
-      } else {
-        let p = await inquirer.prompt([
-          {
-            type: "list",
-            name: "authenticator",
-            message: "Which second factor would you like to use?",
-            choices,
-          },
-        ]);
-        authenticator = p.authenticator;
-      }
-      let secret;
-      try {
-        try {
-          if (fido2Client.keys[authenticator]) {
-            Logger.grey("Touch your fido2 authenticator device now...");
-            secret = await fido2Client.verifySecret(authenticator);
-          } else {
-            let exitCode = Crypto.getRandomBase58String(2);
-            let p = await inquirer.prompt([
-              {
-                name: "recoveryCode",
-                type: "input",
-                message: "Type or paste your recovery code:",
-                validate: (value) => {
-                  if (value.length) {
-                    return true;
-                  } else {
-                    return `
-            Please
-            paste
-            a
-            valid
-            recovery
-            code
-            or
-            type ${exitCode}
-            to
-            choose
-            another
-            factor.`;
-                  }
-                },
-              },
-            ]);
-            if (p.recoveryCode === exitCode) {
-              continue;
-            }
-            secret = p.recoveryCode;
-          }
-          let resCode = await this.secrez.sharedSignin(authenticator, secret);
-          if (this.secrez.masterKeyHash) {
-            await this.saveIterations();
-          }
-          if (resCode === 1) {
-            Logger.bold(chalk.red("Your data has been upgraded."));
-            Logger.red(
-              "To avoid conflicts, any registered second factor has been removed."
-            );
-            Logger.grey("Please, register them again, thanks.");
-          }
-          return;
-        } catch (e) {
-          Logger.red(`${e.message}.Try
-            again
-            or
-            Ctrl - C
-            to
-            exit.`);
-        }
-      } catch (e) {
-        Logger.red("Unrecognized error. Try again or Ctrl-C to exit.");
-      }
-    }
-  }
-  */
-
   async signup() {
     for (;;) {
       try {
@@ -248,52 +153,6 @@ Thanks.`);
       }
     }
   }
-
-  async handleDeprecatedFido2() {
-    Logger.yellow(
-      "FIDO2 second factor authentication is no longer supported in this version."
-    );
-    Logger.grey("Removing deprecated FIDO2 configuration...");
-
-    try {
-      const conf = await this.secrez.readConf();
-      const data = conf.data;
-
-      if (data.keys) {
-        // Remove all FIDO2 keys from the configuration
-        delete data.keys;
-
-        // Save the cleaned configuration
-        await this.secrez.saveConf(conf);
-
-        Logger.green("FIDO2 configuration has been removed successfully.");
-        Logger.grey("You can now login with your master password only.");
-
-        // Try to login again with the cleaned configuration
-        let errorCode = await this.login();
-        if (errorCode === 1) {
-          Logger.red(
-            "Login still failed. Please check your password or create a new account."
-          );
-          // eslint-disable-next-line no-process-exit
-          process.exit(1);
-        }
-      } else {
-        Logger.red(
-          "No FIDO2 keys found, but login still requires second factor. This may indicate a corrupted configuration."
-        );
-        // eslint-disable-next-line no-process-exit
-        process.exit(1);
-      }
-    } catch (e) {
-      Logger.red(`Failed to clean FIDO2 configuration: ${e.message}`);
-      Logger.grey(
-        "You may need to manually remove the keys.json file and create a new account."
-      );
-      // eslint-disable-next-line no-process-exit
-      process.exit(1);
-    }
-  }
 }
 
 module.exports = new Welcome();

package/src/commands/Conf.js

@@ -1,11 +1,5 @@
-// const Fido2Client = require('../utils/Fido2Client')
-// const _ = require('lodash')
-// const Case = require('case')
-const {
-  //config,
-  ConfigUtils,
-} = require("@secrez/core");
-// const Crypto = require('@secrez/crypto')
+const { ConfigUtils } = require("@secrez/core");
+
 const chalk = require("chalk");
 
 class Conf extends require("../Command") {
@@ -25,33 +19,6 @@ class Conf extends require("../Command") {
         alias: "s",
         type: Boolean,
       },
-      // {
-      //   name: 'register',
-      //   alias: 'r',
-      //   type: String
-      // },
-      // {
-      //   name: 'unregister',
-      //   alias: 'u',
-      //   type: String
-      // },
-      // {
-      //   name: 'recovery-code',
-      //   type: Boolean
-      // },
-      // {
-      //   name: 'fido2',
-      //   type: Boolean
-      // },
-      // {
-      //   name: 'list',
-      //   alias: 'l',
-      //   type: Boolean
-      // },
-      // {
-      //   name: 'use-this',
-      //   type: String
-      // },
       {
         name: "new-password",
         type: Boolean,
@@ -72,28 +39,10 @@ class Conf extends require("../Command") {
         ["conf -s", "shows the general settings"],
         ["conf --new-password", "changes your password"],
         ["conf --new-iterations-number", "changes the number of iterations"],
-        // ['conf --fido2 -r solo',
-        //   'registers a new key saving it as "solo"; if there are registered keys, it will checks if the new one is one of them before adding it.'],
-        // ['conf -l', 'lists second factors'],
-        // ['conf --recovery-code -r memo',
-        //   'registers an emergency recovery code called "memo" to be used if all the factors are lost'],
-        // ['conf --recovery-code -r seed --use-this "salad spring peace silk snake real they thunder please final clinic close"', 'registers an emergency recovery code called "seed" using the seed passed with the parameter "--use-this"'],
-        // ['conf -u solo',
-        //   'unregister the fido2 key "solo"; if that is the only key, it unregister also any emergency code and restores the normal access.']
       ],
     };
   }
 
-  // isEmergencyCodeSetUp() {
-  //   const conf = this.secrez.getConf()
-  //   let keys = conf.data.keys || {}
-  //   for (let authenticator in keys) {
-  //     if (keys[authenticator].type === this.secrez.config.sharedKeys.RECOVERY_CODE) {
-  //       return true
-  //     }
-  //   }
-  // }
-  //
   async getAllFactors() {
     let allFactors = {};
     const conf = this.secrez.getConf();
@@ -103,32 +52,6 @@ class Conf extends require("../Command") {
     }
     return allFactors;
   }
-  //
-  // async verifyIfAlreadyRegistered() {
-  //   let client = this.fido2Client
-  //   let list = await client.getKeys(true)
-  //   let now = 'now'
-  //   for (let l of list) {
-  //     this.Logger.grey(`Touch your fido2 authenticator device ${now}...`)
-  //     try {
-  //       if (await client.verifySecret(l[0])) {
-  //         return l[0]
-  //       }
-  //     } catch (e) {
-  //     }
-  //     now = 'again'
-  //   }
-  //   return false
-  // }
-  //
-  // exists(list, authenticator) {
-  //   for (let l of list) {
-  //     if (l[0] === authenticator) {
-  //       return true
-  //     }
-  //   }
-  //   return false
-  // }
 
   async showConf(options) {
     const env = await ConfigUtils.getEnv(this.secrez.config);
@@ -139,63 +62,6 @@ class Conf extends require("../Command") {
     );
   }
 
-  // async showList(options) {
-  //   let allFactors = await this.getAllFactors()
-  //   if (!Object.keys(allFactors).length) {
-  //     return this.Logger.grey('No registered second factors')
-  //   }
-  //   this.Logger.reset('Registered second factors:')
-  //   let max = 0
-  //   let factors = []
-  //   for (let factor in allFactors) {
-  //     max = Math.max(max, factor.length)
-  //     factors.push([factor, allFactors[factor]])
-  //   }
-  //   factors.sort((a, b) => {
-  //     let A = a[1]
-  //     let B = b[1]
-  //     return A > B ? 1 : A < B ? -1 : 0
-  //   })
-  //   for (let factor of factors) {
-  //     let type = factor[1]
-  //     if ((options.fido2 && type !== config.sharedKeys.FIDO2_KEY)
-  //         || (options.recoveryCode && type !== config.sharedKeys.RECOVERY_CODE)) {
-  //       continue
-  //     }
-  //     type = chalk.grey(`(${type === config.sharedKeys.FIDO2_KEY ? 'fido2 key' : 'recoveryCode'})`)
-  //     this.Logger.reset(`${factor[0]} ${' '.repeat(max - factor[0].length)} ${type}`)
-  //   }
-  // }
-  //
-  // async setRecoveryCode(options) {
-  //   let client = this.fido2Client
-  //   let list = await client.getKeys(true)
-  //   if (!Object.keys(list).length) {
-  //     throw new Error('An emergency recovery code can be set only if at least one security key has been registered.')
-  //   }
-  //   let authenticator = Case.snake(_.trim(options.register))
-  //   if (!authenticator) {
-  //     throw new Error('A valid name for the recovery code is required')
-  //   }
-  //   let conf = this.secrez.getConf()
-  //   if (conf.data.keys[authenticator]) {
-  //     throw new Error('A second factor with this name already exists')
-  //   }
-  //   let recoveryCode = options.useThis || Crypto.getMnemonic()
-  //   let type = this.secrez.config.sharedKeys.RECOVERY_CODE
-  //   let parts = this.secrez.generateSharedSecrets(recoveryCode)
-  //   let sharedData = {
-  //     parts,
-  //     type,
-  //     authenticator
-  //   }
-  //   await this.secrez.saveSharedSecrets(sharedData)
-  //   await client.updateConf()
-  //   this.Logger.reset('Your recover code is:')
-  //   this.Logger.yellow(recoveryCode)
-  //   await this.saveAndOverwrite(`main:/.RECOVERY_CODE_${authenticator}`, 'recovery code', recoveryCode, 'it')
-  // }
-  //
   async saveAndOverwrite(p, spec, content, message) {
     try {
       await this.prompt.commands.rm.rm({
@@ -211,135 +77,6 @@ class Conf extends require("../Command") {
       `For your convenience, ${message} has been saved in main:${node.getPath()}`
     );
   }
-  //
-  // async setFido2(options) {
-  //   let client = this.fido2Client
-  //   let list = await client.getKeys(true)
-  //   let authenticator = Case.snake(_.trim(options.register))
-  //   if (!authenticator) {
-  //     throw new Error('A valid name for the authenticator is required')
-  //   }
-  //   if (!options.register) {
-  //     throw new Error('The nickname of the key is invalid')
-  //   }
-  //   let conf = {}
-  //   let savedConf = await this.secrez.readConf()
-  //   if (savedConf.data.keys) {
-  //     conf = savedConf.data.keys
-  //   }
-  //   if (conf[authenticator]) {
-  //     throw new Error('A second factor with this name already exists')
-  //   }
-  //   let len = list.length
-  //   let existentName
-  //   if (len) {
-  //     this.Logger.reset(`${len} key${len > 1 ? 's' : ''} already registered. Before registering a new one, must be sure that this is a new one.`)
-  //     existentName = await this.verifyIfAlreadyRegistered()
-  //   }
-  //   if (existentName) {
-  //     throw new Error(`This key is already registered as "${existentName}"`)
-  //   } else {
-  //     this.Logger.bold('This device is not registered, yet. You can register it now.')
-  //   }
-  //
-  //   let fido2Options = {
-  //     id: Crypto.getRandomBase58String(12),
-  //     authenticator
-  //   }
-  //
-  //   this.Logger.grey('Touch your fido2 authenticator device now...')
-  //   let result = await client.setCredential(fido2Options)
-  //   client.checkErrorCode(result, 1)
-  //
-  //   fido2Options.credential = result.message
-  //   fido2Options.salt = Crypto.getRandomBase58String(32)
-  //
-  //   this.Logger.grey('Touch your fido2 authenticator device again...')
-  //   result = await client.getSecret(fido2Options)
-  //   client.checkErrorCode(result, 2)
-  //
-  //   fido2Options.secret = result.message
-  //
-  //   let yes = await this.useConfirm({
-  //     message: `Are you sure you want to use the key ${authenticator} as a second factor? If you lose it who could not be able to access you account anymore.`,
-  //     default: false
-  //   })
-  //   if (yes) {
-  //     let type = this.secrez.config.sharedKeys.FIDO2_KEY
-  //     let parts = this.secrez.generateSharedSecrets(fido2Options.secret)
-  //
-  //     let sharedData = {
-  //       parts,
-  //       type,
-  //       authenticator,
-  //       id: fido2Options.id,
-  //       salt: fido2Options.salt,
-  //       credential: fido2Options.credential,
-  //       hash: Crypto.b58Hash(fido2Options.secret)
-  //     }
-  //     await this.secrez.saveSharedSecrets(sharedData)
-  //     await client.updateConf()
-  //     this.Logger.reset(`A second factor using ${authenticator} has been set.`)
-  //     if (!this.isEmergencyCodeSetUp()) {
-  //       let yes = await this.useConfirm({
-  //         message: `An emergency recovery code would allow you to recover the account if you lose ${authenticator}. Would you like to set it now?`,
-  //         default: true
-  //       })
-  //       if (yes) {
-  //         let name = await this.useInput({
-  //           message: 'Type the nickname of the recovery code'
-  //         })
-  //         if (name) {
-  //           options.recoveryCode = true
-  //           options.register = name
-  //           return await this.conf(options)
-  //         } else {
-  //           this.Logger.grey('Emergency code not set')
-  //         }
-  //       }
-  //     }
-  //   } else {
-  //     throw new Error('Operation canceled')
-  //   }
-  // }
-  //
-  // async unregister(options) {
-  //   let authenticator = Case.snake(_.trim(options.unregister))
-  //   let allFactors = await this.getAllFactors()
-  //   if (!allFactors[authenticator]) {
-  //     throw new Error(`Authenticator ${authenticator} not found`)
-  //   }
-  //   let yes = await this.useConfirm({
-  //     message: `Are you sure you want to remove the ${authenticator} authenticator?`,
-  //     default: false
-  //   })
-  //   let code
-  //   if (yes) {
-  //     code = await this.secrez.removeSharedSecret(authenticator)
-  //     this.Logger.reset(code === 1 ? `${authenticator} has been removed` : 'All second factors have been removed')
-  //   } else {
-  //     this.Logger.grey('Operation canceled')
-  //   }
-  //   if (code === 2) {
-  //     for (let factor in allFactors) {
-  //       if (allFactors[factor] === this.secrez.config.sharedKeys.RECOVERY_CODE) {
-  //         try {
-  //           await this.prompt.commands.rm.rm({
-  //             path: `main:/.RECOVERY_CODE_${factor}`
-  //           })
-  //         } catch (e) {
-  //         }
-  //       }
-  //     }
-  //   } else if (allFactors[authenticator] === this.secrez.config.sharedKeys.RECOVERY_CODE) {
-  //     try {
-  //       await this.prompt.commands.rm.rm({
-  //         path: `main:/.RECOVERY_CODE_${authenticator}`
-  //       })
-  //     } catch (e) {
-  //     }
-  //   }
-  // }
 
   async upgradeAccount(options) {
     let pw = options.newPassword;
@@ -448,28 +185,8 @@ class Conf extends require("../Command") {
   }
 
   async conf(options) {
-    // if (!this.fido2Client) {
-    //   this.fido2Client = new Fido2Client(this.secrez)
-    // }
-    // if (options.list) {
-    //   await this.showList(options)
-    // } else
     if (options.show) {
       await this.showConf(options);
-      // } else if (options.recoveryCode) {
-      //   await this.setRecoveryCode(options)
-      // } else if (options.fido2) {
-      //   let yes = await this.useConfirm({
-      //     message: 'Fido2 requires external libraries written in Python. It is an experimental feature, and it is not guaranteed to work. Are you sure you want to set it up?',
-      //     default: false
-      //   })
-      //   if (!yes) {
-      //     throw new Error('Operation canceled')
-      //   }
-      //   await this.fido2Client.checkIfReady()
-      //   await this.setFido2(options)
-      // } else if (options.unregister) {
-      //   await this.unregister(options)
     } else if (options.newPassword || options.newIterationsNumber) {
       await this.upgradeAccount(options);
     } else {
@@ -482,9 +199,6 @@ class Conf extends require("../Command") {
       return this.showHelp();
     }
     try {
-      // if (!Object.keys(options).length) {
-      //   options.list = true
-      // }
       this.validate(options);
 
       // Check for git conflicts before changing password or iterations
@@ -495,15 +209,8 @@ class Conf extends require("../Command") {
         }
       }
 
-      // if (options.fido2 && options.recoveryCode) {
-      //   throw new Error('Conflicting params. Launch "conf -h" for examples.')
-      // }
-      // if (options.register && !(options.fido2 || options.recoveryCode)) {
-      //   throw new Error('Missing parameters. Launch "conf -h" for examples.')
-      // }
       await this.conf(options);
     } catch (e) {
-      // console.error(e)
       this.Logger.red(e.message);
     }
     await this.prompt.run();

package/scripts/fido2_credential.py

@@ -1,88 +0,0 @@
-# Copyright (c) 2018 Yubico AB
-# All rights reserved.
-#
-#   Redistribution and use in source and binary forms, with or
-#   without modification, are permitted provided that the following
-#   conditions are met:
-#
-#    1. Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#    2. Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-
-from __future__ import print_function, absolute_import, unicode_literals
-
-from fido2.hid import CtapHidDevice
-from fido2.client import Fido2Client
-from fido2.ctap2.extensions import HmacSecretExtension
-from fido2.utils import websafe_encode
-
-import sys, getopt, random, string
-
-def randomString(stringLength=8):
-    letters = string.ascii_lowercase
-    return ''.join(random.choice(letters) for i in range(stringLength))
-
-argv = sys.argv[1:]
-try:
-    opts, args = getopt.getopt(argv,"i:n:",[])
-except getopt.GetoptError:
-    print('python fido2_credential.py -i id -n name')
-    sys.exit(2)
-for opt, arg in opts:
-    if opt in ("-i"):
-        user_id = arg
-    elif opt in ("-n"):
-        user_name = arg
-
-try:
-    from fido2.pcsc import CtapPcscDevice
-except ImportError:
-    CtapPcscDevice = None
-
-
-def enumerate_devices():
-    for dev in CtapHidDevice.list_devices():
-        yield dev
-    if CtapPcscDevice:
-        for dev in CtapPcscDevice.list_devices():
-            yield dev
-
-for dev in enumerate_devices():
-    client = Fido2Client(dev, "https://secrez.io")
-    if HmacSecretExtension.NAME in client.info.extensions:
-        break
-else:
-    print("No Authenticator with the HmacSecret extension found!")
-    sys.exit(1)
-
-rp = {"id": "secrez.io", "name": "secrez"}
-user = {"id": bytes(user_id, encoding='utf-8'), "name": user_name}
-challenge = bytes(randomString(12), encoding='utf-8')
-hmac_ext = HmacSecretExtension(client.ctap2)
-attestation_object, client_data = client.make_credential(
-    {
-        "rp": rp,
-        "user": user,
-        "challenge": challenge,
-        "pubKeyCredParams": [{"type": "public-key", "alg": -7}],
-        "extensions": hmac_ext.create_dict(),
-    }
-)
-credential = attestation_object.auth_data.credential_data
-print(websafe_encode(credential))

package/scripts/hmac_secret.py

@@ -1,111 +0,0 @@
-# Copyright (c) 2018 Yubico AB
-# All rights reserved.
-#
-#   Redistribution and use in source and binary forms, with or
-#   without modification, are permitted provided that the following
-#   conditions are met:
-#
-#    1. Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#    2. Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-
-from __future__ import print_function, absolute_import, unicode_literals
-
-from fido2.hid import CtapHidDevice
-from fido2.client import Fido2Client
-from fido2.ctap2.extensions import HmacSecretExtension
-from fido2.utils import websafe_encode, websafe_decode
-from fido2.ctap2 import AttestedCredentialData
-
-from binascii import b2a_hex
-import sys, getopt, random, string
-
-def randomString(stringLength=8):
-    letters = string.ascii_lowercase
-    return ''.join(random.choice(letters) for i in range(stringLength))
-
-argv = sys.argv[1:]
-try:
-    opts, args = getopt.getopt(argv,"i:n:s:c:",[])
-except getopt.GetoptError:
-    print('test.py -i <inputfile> -o <outputfile>')
-    sys.exit(2)
-for opt, arg in opts:
-    if opt in ("-i"):
-        user_id = arg
-    elif opt in ("-n"):
-        user_name = arg
-    elif opt in ("-s"):
-        salt = bytes(arg, encoding='utf-8')
-    elif opt in ("-c"):
-        credential = AttestedCredentialData(websafe_decode(arg))
-
-try:
-    from fido2.pcsc import CtapPcscDevice
-except ImportError:
-    CtapPcscDevice = None
-
-
-def enumerate_devices():
-    for dev in CtapHidDevice.list_devices():
-        yield dev
-    if CtapPcscDevice:
-        for dev in CtapPcscDevice.list_devices():
-            yield dev
-
-
-# Locate a device
-for dev in enumerate_devices():
-    client = Fido2Client(dev, "https://secrez.io")
-    if HmacSecretExtension.NAME in client.info.extensions:
-        break
-else:
-    print("No Authenticator with the HmacSecret extension found!")
-    sys.exit(1)
-
-# use_nfc = CtapPcscDevice and isinstance(dev, CtapPcscDevice)
-
-# Prepare parameters for makeCredential
-rp = {"id": "secrez.io", "name": "secrez.io"}
-user = {"id": bytes(user_id, encoding='utf-8'), "name": user_name}
-
-challenge = bytes(randomString(12), encoding='utf-8')
-
-hmac_ext = HmacSecretExtension(client.ctap2)
-
-challenge = bytes(randomString(12), encoding='utf-8')
-
-allow_list = [{"type": "public-key", "id": credential.credential_id}]
-
-assertions, client_data = client.get_assertion(
-    {
-        "rpId": rp["id"],
-        "challenge": challenge,
-        "allowCredentials": allow_list,
-        "extensions": hmac_ext.get_dict(salt),
-    }
-)
-
-assertion = assertions[0]
-hmac_res = hmac_ext.results_for(assertion.auth_data)
-
-secret = b2a_hex(hmac_res[0]).decode("utf-8")
-
-print(secret)
-

package/scripts/is_fido2_ready.py

@@ -1,56 +0,0 @@
-# Copyright (c) 2018 Yubico AB
-# All rights reserved.
-#
-#   Redistribution and use in source and binary forms, with or
-#   without modification, are permitted provided that the following
-#   conditions are met:
-#
-#    1. Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#    2. Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
-# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
-# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
-# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-# POSSIBILITY OF SUCH DAMAGE.
-
-from __future__ import print_function, absolute_import, unicode_literals
-
-from fido2.hid import CtapHidDevice
-from fido2.client import Fido2Client
-from fido2.ctap2.extensions import HmacSecretExtension
-from fido2.utils import websafe_encode, websafe_decode
-from fido2.ctap2 import AttestedCredentialData
-
-from binascii import b2a_hex
-import sys, getopt, random, string
-
-try:
-    from fido2.pcsc import CtapPcscDevice
-except ImportError:
-    CtapPcscDevice = None
-
-def enumerate_devices():
-    for dev in CtapHidDevice.list_devices():
-        yield dev
-    if CtapPcscDevice:
-        for dev in CtapPcscDevice.list_devices():
-            yield dev
-
-for dev in enumerate_devices():
-    client = Fido2Client(dev, "https://secrez.io")
-    if HmacSecretExtension.NAME in client.info.extensions:
-        break
-
-print('Ready')

package/src/utils/Fido2Client.js

@@ -1,118 +0,0 @@
-const path = require("path");
-const { Crypto } = require("@secrez/core");
-const { execAsync } = require("@secrez/utils");
-const _ = require("lodash");
-
-class Fido2Client {
-  constructor(secrez) {
-    this.keys = {};
-    this.secrez = secrez;
-    this.scriptsPath = path.resolve(__dirname, "../../scripts");
-  }
-
-  async updateConf() {
-    const conf = await this.secrez.readConf();
-    this.keys = {};
-    if (conf.data.keys) {
-      let keys = conf.data.keys;
-      for (let authenticator in keys) {
-        if (
-          keys[authenticator].type === this.secrez.config.sharedKeys.FIDO2_KEY
-        ) {
-          let key = (this.keys[authenticator] = _.clone(keys[authenticator]));
-          key.id = this.secrez.preDecryptData(key.id);
-          key.salt = this.secrez.preDecryptData(key.salt);
-          key.credential = this.secrez.preDecryptData(key.credential);
-        }
-      }
-    }
-  }
-
-  async getKeys(asAList) {
-    await this.updateConf();
-    if (asAList) {
-      let list = [];
-      for (let authenticator in this.keys) {
-        list.push([authenticator, this.keys[authenticator].type]);
-      }
-      return list;
-    } else {
-      return this.keys;
-    }
-  }
-
-  setParams(options) {
-    let params = [
-      options.credential ? "hmac_secret.py" : "fido2_credential.py",
-      "-n",
-      options.authenticator,
-      "-i",
-      options.id,
-    ];
-    if (options.credential) {
-      params.push("-c", options.credential);
-    }
-    if (options.salt) {
-      params.push("-s", options.salt);
-    }
-    return params;
-  }
-
-  async checkIfReady() {
-    let result = await execAsync("which", __dirname, ["python"]);
-    if (result.code !== 0 || typeof result.message === "undefined") {
-      throw new Error(
-        "The Fido2 module requires Python. Please install it on your computer."
-      );
-    }
-    result = await execAsync("python", this.scriptsPath, ["is_fido2_ready.py"]);
-    if (result.message !== "Ready") {
-      throw new Error(
-        'Python-fido2 is required. Install it with "pip install fido2"'
-      );
-    }
-  }
-
-  async setCredential(options) {
-    return await execAsync("python", this.scriptsPath, this.setParams(options));
-  }
-
-  async getSecret(options) {
-    return await execAsync("python", this.scriptsPath, this.setParams(options));
-  }
-
-  async verifySecret(authenticator) {
-    await this.updateConf();
-    let key = this.keys[authenticator];
-    let fido2Options = {
-      id: key.id,
-      authenticator,
-      salt: key.salt,
-      credential: key.credential,
-    };
-    let result = await this.getSecret(fido2Options);
-    this.checkErrorCode(result, 1);
-    if (Crypto.b58Hash(result.message) === key.hash) {
-      return result.message;
-    } else {
-      throw new Error(`You used a different key for ${authenticator}`);
-    }
-  }
-
-  checkErrorCode(result, num) {
-    if (result.code !== 0) {
-      let err = "No Authenticator with the HmacSecret extension found!";
-      if (result.error === err) {
-        throw new Error(err);
-      } else {
-        throw new Error(
-          num === 1
-            ? "Fido2 authenticator device not found"
-            : "Something went wrong"
-        );
-      }
-    }
-  }
-}
-
-module.exports = Fido2Client;