[PS 1045] bw login with apikey argument fails on cli (#3959)

* Add fix for bw login with apikey argument fails bug

* Changes after running the prettier

* Revert chnages on the launch.json file

* Changes after running a lint

* Renaming a filename to remove capital letters

* Resolving the error on test run

* Renaming file names due lint errors

* Renaming new files to conform to snake case

* Remove the test for user api login strategy

* Adding the user api login test and file renaming

* Rename file name to organization-api-login.spec.ts

* Fixing the lint error on PR

* Adding the apiLogIn.strategy to whitelist-capital-letters

* Removing all the apiLogIn.strategy in whitelist-capital-letters.

* Fixing PR comment relating OrganizationApiTokenRequest

* Resolve PR comment on OrganizationApiTokenRequest model

* Fixing PR comment of separating organization token model

* fixing the lint error message

* Fixing the lint error

* Reverting the changes on lunch.js

* revert the actual content on launch.json

* Reverting changes relating to organization api login

* Removing the OrganizationIdentityTokenResponse file

* Removing OrganizationIdentityTokenResponse file

Co-authored-by: dynwee <onwudiweokeke@gmail.com>

.github/whitelist-capital-letters.txt

@@ -36,7 +36,6 @@
 ./libs/angular/src/interfaces/selectOptions.ts
 ./libs/components/src/stories/Introduction.stories.mdx
 ./libs/common/spec/misc/logInStrategies/logIn.strategy.spec.ts
-./libs/common/spec/misc/logInStrategies/apiLogIn.strategy.spec.ts
 ./libs/common/spec/misc/logInStrategies/passwordLogIn.strategy.spec.ts
 ./libs/common/spec/misc/logInStrategies/ssoLogIn.strategy.spec.ts
 ./libs/common/spec/web/services/webCryptoFunction.service.spec.ts
@@ -60,7 +59,6 @@
 ./libs/common/spec/services/consoleLog.service.spec.ts
 ./libs/common/src/misc/logInStrategies/ssoLogin.strategy.ts
 ./libs/common/src/misc/logInStrategies/passwordLogin.strategy.ts
-./libs/common/src/misc/logInStrategies/apiLogin.strategy.ts
 ./libs/common/src/misc/logInStrategies/passwordlessLogin.strategy.ts
 ./libs/common/src/misc/logInStrategies/logIn.strategy.ts
 ./libs/common/src/misc/nodeUtils.ts

libs/angular/src/components/two-factor.component.ts

@@ -281,12 +281,12 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
     return (
       this.authService.authingWithPassword() ||
       this.authService.authingWithSso() ||
-      this.authService.authingWithApiKey() ||
+      this.authService.authingWithUserApiKey() ||
       this.authService.authingWithPasswordless()
     );
   }
 
   get needsLock(): boolean {
-    return this.authService.authingWithSso() || this.authService.authingWithApiKey();
+    return this.authService.authingWithSso() || this.authService.authingWithUserApiKey();
   }
 }

libs/common/spec/misc/logInStrategies/user-api-login.strategy.spec.ts

@@ -12,13 +12,13 @@ import { PlatformUtilsService } from "@bitwarden/common/abstractions/platformUti
 import { StateService } from "@bitwarden/common/abstractions/state.service";
 import { TokenService } from "@bitwarden/common/abstractions/token.service";
 import { TwoFactorService } from "@bitwarden/common/abstractions/twoFactor.service";
-import { ApiLogInStrategy } from "@bitwarden/common/misc/logInStrategies/apiLogin.strategy";
+import { UserApiLogInStrategy } from "@bitwarden/common/misc/logInStrategies/user-api-login.strategy";
 import { Utils } from "@bitwarden/common/misc/utils";
-import { ApiLogInCredentials } from "@bitwarden/common/models/domain/log-in-credentials";
+import { UserApiLogInCredentials } from "@bitwarden/common/models/domain/log-in-credentials";
 
 import { identityTokenResponseFactory } from "./logIn.strategy.spec";
 
-describe("ApiLogInStrategy", () => {
+describe("UserApiLogInStrategy", () => {
   let cryptoService: SubstituteOf<CryptoService>;
   let apiService: SubstituteOf<ApiService>;
   let tokenService: SubstituteOf<TokenService>;
@@ -31,8 +31,8 @@ describe("ApiLogInStrategy", () => {
   let stateService: SubstituteOf<StateService>;
   let twoFactorService: SubstituteOf<TwoFactorService>;
 
-  let apiLogInStrategy: ApiLogInStrategy;
+  let apiLogInStrategy: UserApiLogInStrategy;
-  let credentials: ApiLogInCredentials;
+  let credentials: UserApiLogInCredentials;
 
   const deviceId = Utils.newGuid();
   const keyConnectorUrl = "KEY_CONNECTOR_URL";
@@ -55,7 +55,7 @@ describe("ApiLogInStrategy", () => {
     appIdService.getAppId().resolves(deviceId);
     tokenService.getTwoFactorToken().resolves(null);
 
-    apiLogInStrategy = new ApiLogInStrategy(
+    apiLogInStrategy = new UserApiLogInStrategy(
       cryptoService,
       apiService,
       tokenService,
@@ -69,7 +69,7 @@ describe("ApiLogInStrategy", () => {
       keyConnectorService
     );
 
-    credentials = new ApiLogInCredentials(apiClientId, apiClientSecret);
+    credentials = new UserApiLogInCredentials(apiClientId, apiClientSecret);
   });
 
   it("sends api key credentials to the server", async () => {

libs/common/src/abstractions/api.service.ts

@@ -24,9 +24,9 @@ import { EmergencyAccessUpdateRequest } from "../models/request/emergency-access
 import { EventRequest } from "../models/request/event.request";
 import { GroupRequest } from "../models/request/group.request";
 import { IapCheckRequest } from "../models/request/iap-check.request";
-import { ApiTokenRequest } from "../models/request/identity-token/api-token.request";
 import { PasswordTokenRequest } from "../models/request/identity-token/password-token.request";
 import { SsoTokenRequest } from "../models/request/identity-token/sso-token.request";
+import { UserApiTokenRequest } from "../models/request/identity-token/user-api-token.request";
 import { ImportCiphersRequest } from "../models/request/import-ciphers.request";
 import { ImportOrganizationCiphersRequest } from "../models/request/import-organization-ciphers.request";
 import { KdfRequest } from "../models/request/kdf.request";
@@ -175,7 +175,7 @@ export abstract class ApiService {
   ) => Promise<any>;
 
   postIdentityToken: (
-    request: PasswordTokenRequest | SsoTokenRequest | ApiTokenRequest
+    request: PasswordTokenRequest | SsoTokenRequest | UserApiTokenRequest
   ) => Promise<IdentityTokenResponse | IdentityTwoFactorResponse | IdentityCaptchaResponse>;
   refreshIdentityToken: () => Promise<any>;
 

libs/common/src/abstractions/auth.service.ts

@@ -3,7 +3,7 @@ import { Observable } from "rxjs";
 import { AuthenticationStatus } from "../enums/authenticationStatus";
 import { AuthResult } from "../models/domain/auth-result";
 import {
-  ApiLogInCredentials,
+  UserApiLogInCredentials,
   PasswordLogInCredentials,
   SsoLogInCredentials,
   PasswordlessLogInCredentials,
@@ -20,7 +20,7 @@ export abstract class AuthService {
 
   logIn: (
     credentials:
-      | ApiLogInCredentials
+      | UserApiLogInCredentials
       | PasswordLogInCredentials
       | SsoLogInCredentials
       | PasswordlessLogInCredentials
@@ -31,7 +31,7 @@ export abstract class AuthService {
   ) => Promise<AuthResult>;
   logOut: (callback: () => void) => void;
   makePreloginKey: (masterPassword: string, email: string) => Promise<SymmetricCryptoKey>;
-  authingWithApiKey: () => boolean;
+  authingWithUserApiKey: () => boolean;
   authingWithSso: () => boolean;
   authingWithPassword: () => boolean;
   authingWithPasswordless: () => boolean;

libs/common/src/enums/authenticationType.ts

@@ -1,6 +1,6 @@
 export enum AuthenticationType {
   Password = 0,
   Sso = 1,
-  Api = 2,
+  UserApi = 2,
   Passwordless = 3,
 }

libs/common/src/misc/logInStrategies/logIn.strategy.ts

@@ -11,23 +11,23 @@ import { TwoFactorProviderType } from "../../enums/twoFactorProviderType";
 import { Account, AccountProfile, AccountTokens } from "../../models/domain/account";
 import { AuthResult } from "../../models/domain/auth-result";
 import {
-  ApiLogInCredentials,
+  UserApiLogInCredentials,
   PasswordLogInCredentials,
   SsoLogInCredentials,
   PasswordlessLogInCredentials,
 } from "../../models/domain/log-in-credentials";
 import { DeviceRequest } from "../../models/request/device.request";
-import { ApiTokenRequest } from "../../models/request/identity-token/api-token.request";
 import { PasswordTokenRequest } from "../../models/request/identity-token/password-token.request";
 import { SsoTokenRequest } from "../../models/request/identity-token/sso-token.request";
 import { TokenTwoFactorRequest } from "../../models/request/identity-token/token-two-factor.request";
+import { UserApiTokenRequest } from "../../models/request/identity-token/user-api-token.request";
 import { KeysRequest } from "../../models/request/keys.request";
 import { IdentityCaptchaResponse } from "../../models/response/identity-captcha.response";
 import { IdentityTokenResponse } from "../../models/response/identity-token.response";
 import { IdentityTwoFactorResponse } from "../../models/response/identity-two-factor.response";
 
 export abstract class LogInStrategy {
-  protected abstract tokenRequest: ApiTokenRequest | PasswordTokenRequest | SsoTokenRequest;
+  protected abstract tokenRequest: UserApiTokenRequest | PasswordTokenRequest | SsoTokenRequest;
   protected captchaBypassToken: string = null;
 
   constructor(
@@ -44,7 +44,7 @@ export abstract class LogInStrategy {
 
   abstract logIn(
     credentials:
-      | ApiLogInCredentials
+      | UserApiLogInCredentials
       | PasswordLogInCredentials
       | SsoLogInCredentials
       | PasswordlessLogInCredentials

libs/common/src/misc/logInStrategies/user-api-login.strategy.ts

@@ -9,14 +9,14 @@ import { PlatformUtilsService } from "../../abstractions/platformUtils.service";
 import { StateService } from "../../abstractions/state.service";
 import { TokenService } from "../../abstractions/token.service";
 import { TwoFactorService } from "../../abstractions/twoFactor.service";
-import { ApiLogInCredentials } from "../../models/domain/log-in-credentials";
+import { UserApiLogInCredentials } from "../../models/domain/log-in-credentials";
-import { ApiTokenRequest } from "../../models/request/identity-token/api-token.request";
+import { UserApiTokenRequest } from "../../models/request/identity-token/user-api-token.request";
 import { IdentityTokenResponse } from "../../models/response/identity-token.response";
 
 import { LogInStrategy } from "./logIn.strategy";
 
-export class ApiLogInStrategy extends LogInStrategy {
+export class UserApiLogInStrategy extends LogInStrategy {
-  tokenRequest: ApiTokenRequest;
+  tokenRequest: UserApiTokenRequest;
 
   constructor(
     cryptoService: CryptoService,
@@ -51,8 +51,8 @@ export class ApiLogInStrategy extends LogInStrategy {
     }
   }
 
-  async logIn(credentials: ApiLogInCredentials) {
+  async logIn(credentials: UserApiLogInCredentials) {
-    this.tokenRequest = new ApiTokenRequest(
+    this.tokenRequest = new UserApiTokenRequest(
       credentials.clientId,
       credentials.clientSecret,
       await this.buildTwoFactor(),

libs/common/src/models/domain/log-in-credentials.ts

@@ -26,8 +26,8 @@ export class SsoLogInCredentials {
   ) {}
 }
 
-export class ApiLogInCredentials {
+export class UserApiLogInCredentials {
-  readonly type = AuthenticationType.Api;
+  readonly type = AuthenticationType.UserApi;
 
   constructor(public clientId: string, public clientSecret: string) {}
 }

libs/common/src/models/request/identity-token/token.request.ts

@@ -42,10 +42,12 @@ export abstract class TokenRequest {
       obj.authRequest = this.passwordlessAuthRequest;
     }
 
-    if (this.twoFactor.token && this.twoFactor.provider != null) {
+    if (this.twoFactor) {
-      obj.twoFactorToken = this.twoFactor.token;
+      if (this.twoFactor.token && this.twoFactor.provider != null) {
-      obj.twoFactorProvider = this.twoFactor.provider;
+        obj.twoFactorToken = this.twoFactor.token;
-      obj.twoFactorRemember = this.twoFactor.remember ? "1" : "0";
+        obj.twoFactorProvider = this.twoFactor.provider;
+        obj.twoFactorRemember = this.twoFactor.remember ? "1" : "0";
+      }
     }
 
     return obj;

libs/common/src/models/request/identity-token/user-api-token.request.ts

@@ -3,7 +3,7 @@ import { DeviceRequest } from "../device.request";
 import { TokenTwoFactorRequest } from "./token-two-factor.request";
 import { TokenRequest } from "./token.request";
 
-export class ApiTokenRequest extends TokenRequest {
+export class UserApiTokenRequest extends TokenRequest {
   constructor(
     public clientId: string,
     public clientSecret: string,

libs/common/src/services/api.service.ts

@@ -31,10 +31,10 @@ import { EmergencyAccessUpdateRequest } from "../models/request/emergency-access
 import { EventRequest } from "../models/request/event.request";
 import { GroupRequest } from "../models/request/group.request";
 import { IapCheckRequest } from "../models/request/iap-check.request";
-import { ApiTokenRequest } from "../models/request/identity-token/api-token.request";
 import { PasswordTokenRequest } from "../models/request/identity-token/password-token.request";
 import { SsoTokenRequest } from "../models/request/identity-token/sso-token.request";
 import { TokenTwoFactorRequest } from "../models/request/identity-token/token-two-factor.request";
+import { UserApiTokenRequest } from "../models/request/identity-token/user-api-token.request";
 import { ImportCiphersRequest } from "../models/request/import-ciphers.request";
 import { ImportOrganizationCiphersRequest } from "../models/request/import-organization-ciphers.request";
 import { KdfRequest } from "../models/request/kdf.request";
@@ -206,7 +206,7 @@ export class ApiService implements ApiServiceAbstraction {
   // Auth APIs
 
   async postIdentityToken(
-    request: ApiTokenRequest | PasswordTokenRequest | SsoTokenRequest
+    request: UserApiTokenRequest | PasswordTokenRequest | SsoTokenRequest
   ): Promise<IdentityTokenResponse | IdentityTwoFactorResponse | IdentityCaptchaResponse> {
     const headers = new Headers({
       "Content-Type": "application/x-www-form-urlencoded; charset=utf-8",
@@ -219,7 +219,7 @@ export class ApiService implements ApiServiceAbstraction {
     request.alterIdentityTokenHeaders(headers);
 
     const identityToken =
-      request instanceof ApiTokenRequest
+      request instanceof UserApiTokenRequest
         ? request.toIdentityToken()
         : request.toIdentityToken(this.platformUtilsService.getClientType());
 
@@ -2271,8 +2271,7 @@ export class ApiService implements ApiServiceAbstraction {
 
     const appId = await this.appIdService.getAppId();
     const deviceRequest = new DeviceRequest(appId, this.platformUtilsService);
-
+    const tokenRequest = new UserApiTokenRequest(
-    const tokenRequest = new ApiTokenRequest(
       clientId,
       clientSecret,
       new TokenTwoFactorRequest(),

libs/common/src/services/auth.service.ts

@@ -17,13 +17,13 @@ import { AuthenticationStatus } from "../enums/authenticationStatus";
 import { AuthenticationType } from "../enums/authenticationType";
 import { KdfType } from "../enums/kdfType";
 import { KeySuffixOptions } from "../enums/keySuffixOptions";
-import { ApiLogInStrategy } from "../misc/logInStrategies/apiLogin.strategy";
 import { PasswordLogInStrategy } from "../misc/logInStrategies/passwordLogin.strategy";
 import { PasswordlessLogInStrategy } from "../misc/logInStrategies/passwordlessLogin.strategy";
 import { SsoLogInStrategy } from "../misc/logInStrategies/ssoLogin.strategy";
+import { UserApiLogInStrategy } from "../misc/logInStrategies/user-api-login.strategy";
 import { AuthResult } from "../models/domain/auth-result";
 import {
-  ApiLogInCredentials,
+  UserApiLogInCredentials,
   PasswordLogInCredentials,
   SsoLogInCredentials,
   PasswordlessLogInCredentials,
@@ -67,7 +67,7 @@ export class AuthService implements AuthServiceAbstraction {
   }
 
   private logInStrategy:
-    | ApiLogInStrategy
+    | UserApiLogInStrategy
     | PasswordLogInStrategy
     | SsoLogInStrategy
     | PasswordlessLogInStrategy;
@@ -92,7 +92,7 @@ export class AuthService implements AuthServiceAbstraction {
 
   async logIn(
     credentials:
-      | ApiLogInCredentials
+      | UserApiLogInCredentials
       | PasswordLogInCredentials
       | SsoLogInCredentials
       | PasswordlessLogInCredentials
@@ -100,7 +100,7 @@ export class AuthService implements AuthServiceAbstraction {
     this.clearState();
 
     let strategy:
-      | ApiLogInStrategy
+      | UserApiLogInStrategy
       | PasswordLogInStrategy
       | SsoLogInStrategy
       | PasswordlessLogInStrategy;
@@ -134,8 +134,8 @@ export class AuthService implements AuthServiceAbstraction {
           this.keyConnectorService
         );
         break;
-      case AuthenticationType.Api:
+      case AuthenticationType.UserApi:
-        strategy = new ApiLogInStrategy(
+        strategy = new UserApiLogInStrategy(
           this.cryptoService,
           this.apiService,
           this.tokenService,
@@ -203,8 +203,8 @@ export class AuthService implements AuthServiceAbstraction {
     this.messagingService.send("loggedOut");
   }
 
-  authingWithApiKey(): boolean {
+  authingWithUserApiKey(): boolean {
-    return this.logInStrategy instanceof ApiLogInStrategy;
+    return this.logInStrategy instanceof UserApiLogInStrategy;
   }
 
   authingWithSso(): boolean {
@@ -272,7 +272,7 @@ export class AuthService implements AuthServiceAbstraction {
 
   private saveState(
     strategy:
-      | ApiLogInStrategy
+      | UserApiLogInStrategy
       | PasswordLogInStrategy
       | SsoLogInStrategy
       | PasswordlessLogInStrategy

libs/node/src/cli/commands/login.command.ts

@@ -21,7 +21,7 @@ import { NodeUtils } from "@bitwarden/common/misc/nodeUtils";
 import { Utils } from "@bitwarden/common/misc/utils";
 import { AuthResult } from "@bitwarden/common/models/domain/auth-result";
 import {
-  ApiLogInCredentials,
+  UserApiLogInCredentials,
   PasswordLogInCredentials,
   SsoLogInCredentials,
 } from "@bitwarden/common/models/domain/log-in-credentials";
@@ -160,7 +160,12 @@ export class LoginCommand {
 
       let response: AuthResult = null;
       if (clientId != null && clientSecret != null) {
-        response = await this.authService.logIn(new ApiLogInCredentials(clientId, clientSecret));
+        if (!clientId.startsWith("user")) {
+          return Response.error("Invalid API Key; Organization API Key currently not supported");
+        }
+        response = await this.authService.logIn(
+          new UserApiLogInCredentials(clientId, clientSecret)
+        );
       } else if (ssoCode != null && ssoCodeVerifier != null) {
         response = await this.authService.logIn(
           new SsoLogInCredentials(