diff --git a/src/abstractions/api.service.ts b/src/abstractions/api.service.ts index 189b4c9c7c..8d0e5652db 100644 --- a/src/abstractions/api.service.ts +++ b/src/abstractions/api.service.ts @@ -153,6 +153,8 @@ export abstract class ApiService { postAccountRecoverDeleteToken: (request: VerifyDeleteRecoverRequest) => Promise; postAccountKdf: (request: KdfRequest) => Promise; getEnterprisePortalSignInToken: () => Promise; + postUserApiKey: (id: string, request: PasswordVerificationRequest) => Promise; + postUserRotateApiKey: (id: string, request: PasswordVerificationRequest) => Promise; getFolder: (id: string) => Promise; postFolder: (request: FolderRequest) => Promise; diff --git a/src/abstractions/auth.service.ts b/src/abstractions/auth.service.ts index 7a7b23f73a..d5041720ce 100644 --- a/src/abstractions/auth.service.ts +++ b/src/abstractions/auth.service.ts @@ -9,21 +9,27 @@ export abstract class AuthService { code: string; codeVerifier: string; ssoRedirectUrl: string; + clientId: string; + clientSecret: string; twoFactorProvidersData: Map; selectedTwoFactorProviderType: TwoFactorProviderType; logIn: (email: string, masterPassword: string) => Promise; logInSso: (code: string, codeVerifier: string, redirectUrl: string) => Promise; + logInApiKey: (clientId: string, clientSecret: string) => Promise; logInTwoFactor: (twoFactorProvider: TwoFactorProviderType, twoFactorToken: string, remember?: boolean) => Promise; logInComplete: (email: string, masterPassword: string, twoFactorProvider: TwoFactorProviderType, twoFactorToken: string, remember?: boolean) => Promise; logInSsoComplete: (code: string, codeVerifier: string, redirectUrl: string, twoFactorProvider: TwoFactorProviderType, twoFactorToken: string, remember?: boolean) => Promise; + logInApiKeyComplete: (clientId: string, clientSecret: string, twoFactorProvider: TwoFactorProviderType, + twoFactorToken: string, remember?: boolean) => Promise; logOut: (callback: Function) => void; getSupportedTwoFactorProviders: (win: Window) => any[]; getDefaultTwoFactorProvider: (u2fSupported: boolean) => TwoFactorProviderType; makePreloginKey: (masterPassword: string, email: string) => Promise; + authingWithApiKey: () => boolean; authingWithSso: () => boolean; authingWithPassword: () => boolean; } diff --git a/src/angular/components/two-factor.component.ts b/src/angular/components/two-factor.component.ts index 4fe4e0c4b1..709ce2d4db 100644 --- a/src/angular/components/two-factor.component.ts +++ b/src/angular/components/two-factor.component.ts @@ -8,7 +8,6 @@ import { Router, } from '@angular/router'; -import { DeviceType } from '../../enums/deviceType'; import { TwoFactorProviderType } from '../../enums/twoFactorProviderType'; import { TwoFactorEmailRequest } from '../../models/request/twoFactorEmailRequest'; @@ -59,8 +58,7 @@ export class TwoFactorComponent implements OnInit, OnDestroy { } async ngOnInit() { - if ((!this.authService.authingWithSso() && !this.authService.authingWithPassword()) || - this.authService.twoFactorProvidersData == null) { + if (!this.authing || this.authService.twoFactorProvidersData == null) { this.router.navigate([this.loginRoute]); return; } @@ -75,7 +73,7 @@ export class TwoFactorComponent implements OnInit, OnDestroy { } }); - if (this.authService.authingWithSso()) { + if (this.needsLock) { this.successRoute = 'lock'; } @@ -246,4 +244,12 @@ export class TwoFactorComponent implements OnInit, OnDestroy { this.u2f.cleanup(); } } + + get authing(): boolean { + return this.authService.authingWithPassword() || this.authService.authingWithSso() || this.authService.authingWithApiKey() + } + + get needsLock(): boolean { + return this.authService.authingWithSso() || this.authService.authingWithApiKey(); + } } diff --git a/src/cli/commands/login.command.ts b/src/cli/commands/login.command.ts index 26d401df8e..396e37d2f2 100644 --- a/src/cli/commands/login.command.ts +++ b/src/cli/commands/login.command.ts @@ -46,7 +46,38 @@ export class LoginCommand { let ssoCodeVerifier: string = null; let ssoCode: string = null; - if (cmd.sso != null && this.canInteract) { + + let clientId: string = null; + let clientSecret: string = null; + + if (cmd.apikey != null) { + const storedClientId: string = process.env.BW_CLIENTID; + const storedClientSecret: string = process.env.BW_CLIENTSECRET; + if (storedClientId == null) { + if (this.canInteract) { + const answer: inquirer.Answers = await inquirer.createPromptModule({ output: process.stderr })({ + type: 'input', + name: 'clientId', + message: 'client_id:', + }); + clientId = answer.clientId; + } else { + clientId = null; + } + } else { + clientId = storedClientId; + } + if (this.canInteract && storedClientSecret == null) { + const answer: inquirer.Answers = await inquirer.createPromptModule({ output: process.stderr })({ + type: 'input', + name: 'clientSecret', + message: 'client_secret:', + }); + clientSecret = answer.clientSecret; + } else { + clientSecret = storedClientSecret; + } + } else if (cmd.sso != null && this.canInteract) { const passwordOptions: any = { type: 'password', length: 64, @@ -117,7 +148,10 @@ export class LoginCommand { let response: AuthResult = null; if (twoFactorToken != null && twoFactorMethod != null) { - if (ssoCode != null && ssoCodeVerifier != null) { + if (clientId != null && clientSecret != null) { + response = await this.authService.logInApiKeyComplete(clientId, clientSecret, twoFactorMethod, + twoFactorToken, false); + } else if (ssoCode != null && ssoCodeVerifier != null) { response = await this.authService.logInSsoComplete(ssoCode, ssoCodeVerifier, this.ssoRedirectUri, twoFactorMethod, twoFactorToken, false); } else { @@ -125,9 +159,10 @@ export class LoginCommand { twoFactorToken, false); } } else { - if (ssoCode != null && ssoCodeVerifier != null) { + if (clientId != null && clientSecret != null) { + response = await this.authService.logInApiKey(clientId, clientSecret); + } else if (ssoCode != null && ssoCodeVerifier != null) { response = await this.authService.logInSso(ssoCode, ssoCodeVerifier, this.ssoRedirectUri); - } else { response = await this.authService.logIn(email, password); } diff --git a/src/models/request/tokenRequest.ts b/src/models/request/tokenRequest.ts index f0ff702428..a3db628670 100644 --- a/src/models/request/tokenRequest.ts +++ b/src/models/request/tokenRequest.ts @@ -8,12 +8,14 @@ export class TokenRequest { code: string; codeVerifier: string; redirectUri: string; + clientId: string; + clientSecret: string; token: string; provider: TwoFactorProviderType; remember: boolean; device?: DeviceRequest; - constructor(credentials: string[], codes: string[], provider: TwoFactorProviderType, + constructor(credentials: string[], codes: string[], clientIdClientSecret: string[], provider: TwoFactorProviderType, token: string, remember: boolean, device?: DeviceRequest) { if (credentials != null && credentials.length > 1) { this.email = credentials[0]; @@ -22,6 +24,9 @@ export class TokenRequest { this.code = codes[0]; this.codeVerifier = codes[1]; this.redirectUri = codes[2]; + } else if (clientIdClientSecret != null && clientIdClientSecret.length > 1) { + this.clientId = clientIdClientSecret[0] + this.clientSecret = clientIdClientSecret[1] } this.token = token; this.provider = provider; @@ -35,7 +40,11 @@ export class TokenRequest { client_id: clientId, }; - if (this.masterPasswordHash != null && this.email != null) { + if (this.clientSecret != null) { + obj.scope = 'api'; + obj.grant_type = 'client_credentials'; + obj.client_secret = this.clientSecret; + } else if (this.masterPasswordHash != null && this.email != null) { obj.grant_type = 'password'; obj.username = this.email; obj.password = this.masterPasswordHash; diff --git a/src/services/api.service.ts b/src/services/api.service.ts index e5656ab602..cfcdddb573 100644 --- a/src/services/api.service.ts +++ b/src/services/api.service.ts @@ -179,7 +179,7 @@ export class ApiService implements ApiServiceAbstraction { headers.set('User-Agent', this.customUserAgent); } const response = await this.fetch(new Request(this.identityBaseUrl + '/connect/token', { - body: this.qsStringify(request.toIdentityToken(this.platformUtilsService.identityClientId)), + body: this.qsStringify(request.toIdentityToken(request.clientId ?? this.platformUtilsService.identityClientId)), credentials: this.getCredentials(), cache: 'no-store', headers: headers, @@ -360,6 +360,16 @@ export class ApiService implements ApiServiceAbstraction { return this.send('GET', '/accounts/sso/user-identifier', null, true, true); } + async postUserApiKey(id: string, request: PasswordVerificationRequest): Promise { + const r = await this.send('POST', '/accounts/api-key', request, true, true); + return new ApiKeyResponse(r); + } + + async postUserRotateApiKey(id: string, request: PasswordVerificationRequest): Promise { + const r = await this.send('POST', '/accounts/rotate-api-key', request, true, true); + return new ApiKeyResponse(r); + } + // Folder APIs async getFolder(id: string): Promise { diff --git a/src/services/auth.service.ts b/src/services/auth.service.ts index 5633d66dda..d8ec84277d 100644 --- a/src/services/auth.service.ts +++ b/src/services/auth.service.ts @@ -9,7 +9,6 @@ import { KeysRequest } from '../models/request/keysRequest'; import { PreloginRequest } from '../models/request/preloginRequest'; import { TokenRequest } from '../models/request/tokenRequest'; -import { ErrorResponse } from '../models/response/errorResponse'; import { IdentityTokenResponse } from '../models/response/identityTokenResponse'; import { IdentityTwoFactorResponse } from '../models/response/identityTwoFactorResponse'; @@ -81,6 +80,8 @@ export class AuthService implements AuthServiceAbstraction { code: string; codeVerifier: string; ssoRedirectUrl: string; + clientId: string; + clientSecret: string; twoFactorProvidersData: Map; selectedTwoFactorProviderType: TwoFactorProviderType = null; @@ -118,19 +119,27 @@ export class AuthService implements AuthServiceAbstraction { this.selectedTwoFactorProviderType = null; const key = await this.makePreloginKey(masterPassword, email); const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key); - return await this.logInHelper(email, hashedPassword, null, null, null, key, - null, null, null); + return await this.logInHelper(email, hashedPassword, null, null, null, null, null, + key, null, null, null); } async logInSso(code: string, codeVerifier: string, redirectUrl: string): Promise { this.selectedTwoFactorProviderType = null; - return await this.logInHelper(null, null, code, codeVerifier, redirectUrl, null, null, null, null); + return await this.logInHelper(null, null, code, codeVerifier, redirectUrl, null, null, + null, null, null, null); + } + + async logInApiKey(clientId: string, clientSecret: string): Promise { + this.selectedTwoFactorProviderType = null; + return await this.logInHelper(null, null, null, null, null, clientId, clientSecret, + null, null, null, null); } async logInTwoFactor(twoFactorProvider: TwoFactorProviderType, twoFactorToken: string, remember?: boolean): Promise { return await this.logInHelper(this.email, this.masterPasswordHash, this.code, this.codeVerifier, - this.ssoRedirectUrl, this.key, twoFactorProvider, twoFactorToken, remember); + this.ssoRedirectUrl, this.clientId, this.clientSecret, this.key, twoFactorProvider, + twoFactorToken, remember); } async logInComplete(email: string, masterPassword: string, twoFactorProvider: TwoFactorProviderType, @@ -138,14 +147,21 @@ export class AuthService implements AuthServiceAbstraction { this.selectedTwoFactorProviderType = null; const key = await this.makePreloginKey(masterPassword, email); const hashedPassword = await this.cryptoService.hashPassword(masterPassword, key); - return await this.logInHelper(email, hashedPassword, null, null, null, key, twoFactorProvider, twoFactorToken, - remember); + return await this.logInHelper(email, hashedPassword, null, null, null, null, null, key, + twoFactorProvider, twoFactorToken, remember); } async logInSsoComplete(code: string, codeVerifier: string, redirectUrl: string, twoFactorProvider: TwoFactorProviderType, twoFactorToken: string, remember?: boolean): Promise { this.selectedTwoFactorProviderType = null; return await this.logInHelper(null, null, code, codeVerifier, redirectUrl, null, + null, null, twoFactorProvider, twoFactorToken, remember); + } + + async logInApiKeyComplete(clientId: string, clientSecret: string, twoFactorProvider: TwoFactorProviderType, + twoFactorToken: string, remember?: boolean): Promise { + this.selectedTwoFactorProviderType = null; + return await this.logInHelper(null, null, null, null, null, clientId, clientSecret, null, twoFactorProvider, twoFactorToken, remember); } @@ -233,6 +249,10 @@ export class AuthService implements AuthServiceAbstraction { return this.cryptoService.makeKey(masterPassword, email, kdf, kdfIterations); } + authingWithApiKey(): boolean { + return this.clientId != null && this.clientSecret != null; + } + authingWithSso(): boolean { return this.code != null && this.codeVerifier != null && this.ssoRedirectUrl != null; } @@ -242,14 +262,16 @@ export class AuthService implements AuthServiceAbstraction { } private async logInHelper(email: string, hashedPassword: string, code: string, codeVerifier: string, - redirectUrl: string, key: SymmetricCryptoKey, twoFactorProvider?: TwoFactorProviderType, - twoFactorToken?: string, remember?: boolean): Promise { + redirectUrl: string, clientId: string, clientSecret: string, key: SymmetricCryptoKey, + twoFactorProvider?: TwoFactorProviderType, twoFactorToken?: string, remember?: boolean): Promise { const storedTwoFactorToken = await this.tokenService.getTwoFactorToken(email); const appId = await this.appIdService.getAppId(); const deviceRequest = new DeviceRequest(appId, this.platformUtilsService); let emailPassword: string[] = []; let codeCodeVerifier: string[] = []; + let clientIdClientSecret: string[] = []; + if (email != null && hashedPassword != null) { emailPassword = [email, hashedPassword]; } else { @@ -260,16 +282,22 @@ export class AuthService implements AuthServiceAbstraction { } else { codeCodeVerifier = null; } + if (clientId != null && clientSecret != null) { + clientIdClientSecret = [clientId, clientSecret] + } else { + clientIdClientSecret = null; + } let request: TokenRequest; if (twoFactorToken != null && twoFactorProvider != null) { - request = new TokenRequest(emailPassword, codeCodeVerifier, twoFactorProvider, twoFactorToken, remember, - deviceRequest); + request = new TokenRequest(emailPassword, codeCodeVerifier, clientIdClientSecret, twoFactorProvider, + twoFactorToken, remember, deviceRequest); } else if (storedTwoFactorToken != null) { - request = new TokenRequest(emailPassword, codeCodeVerifier, TwoFactorProviderType.Remember, + request = new TokenRequest(emailPassword, codeCodeVerifier, clientIdClientSecret, TwoFactorProviderType.Remember, storedTwoFactorToken, false, deviceRequest); } else { - request = new TokenRequest(emailPassword, codeCodeVerifier, null, null, false, deviceRequest); + request = new TokenRequest(emailPassword, codeCodeVerifier, clientIdClientSecret, null, + null, false, deviceRequest); } const response = await this.apiService.postIdentityToken(request); @@ -286,6 +314,8 @@ export class AuthService implements AuthServiceAbstraction { this.code = code; this.codeVerifier = codeVerifier; this.ssoRedirectUrl = redirectUrl; + this.clientId = clientId; + this.clientSecret = clientSecret; this.key = this.setCryptoKeys ? key : null; this.twoFactorProvidersData = twoFactorResponse.twoFactorProviders2; result.twoFactorProviders = twoFactorResponse.twoFactorProviders2; @@ -343,6 +373,8 @@ export class AuthService implements AuthServiceAbstraction { this.code = null; this.codeVerifier = null; this.ssoRedirectUrl = null; + this.clientId = null; + this.clientSecret = null; this.twoFactorProvidersData = null; this.selectedTwoFactorProviderType = null; }