From fc5043f07ec55e01bf03588585de987a17625c3b Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Fri, 18 May 2018 10:55:50 -0400 Subject: [PATCH] premium and enc key checks --- src/commands/create.command.ts | 19 +++++++++++++++---- src/commands/delete.command.ts | 8 +++++++- src/commands/get.command.ts | 23 ++++++++++++++++++----- 3 files changed, 40 insertions(+), 10 deletions(-) diff --git a/src/commands/create.command.ts b/src/commands/create.command.ts index 194845f711..71fe5ccda7 100644 --- a/src/commands/create.command.ts +++ b/src/commands/create.command.ts @@ -3,7 +3,9 @@ import * as fs from 'fs'; import * as path from 'path'; import { CipherService } from 'jslib/abstractions/cipher.service'; -import { FolderService } from 'jslib/services/folder.service'; +import { CryptoService } from 'jslib/abstractions/crypto.service'; +import { FolderService } from 'jslib/abstractions/folder.service'; +import { TokenService } from 'jslib/abstractions/token.service'; import { Response } from '../models/response'; import { StringResponse } from '../models/response/stringResponse'; @@ -14,7 +16,8 @@ import { Folder } from '../models/folder'; import { CliUtils } from '../utils'; export class CreateCommand { - constructor(private cipherService: CipherService, private folderService: FolderService) { } + constructor(private cipherService: CipherService, private folderService: FolderService, + private tokenService: TokenService, private cryptoService: CryptoService) { } async run(object: string, requestJson: string, cmd: program.Command): Promise { let req: any = null; @@ -69,14 +72,22 @@ export class CreateCommand { return Response.badRequest('Cannot find file at ' + filePath); } - // TODO: premium and key check - const itemId = cmd.itemid.toLowerCase(); const cipher = await this.cipherService.get(itemId); if (cipher == null) { return Response.notFound(); } + if (cipher.organizationId == null && !this.tokenService.getPremium()) { + return Response.error('A premium membership is required to use this feature.'); + } + + const encKey = await this.cryptoService.getEncKey(); + if (encKey == null) { + return Response.error('You must update your encryption key before you can use this feature. ' + + 'See https://help.bitwarden.com/article/update-encryption-key/'); + } + try { const fileBuf = fs.readFileSync(filePath); await this.cipherService.saveAttachmentRawWithServer(cipher, path.basename(filePath), diff --git a/src/commands/delete.command.ts b/src/commands/delete.command.ts index 7fafe5dd21..abfecdc008 100644 --- a/src/commands/delete.command.ts +++ b/src/commands/delete.command.ts @@ -2,11 +2,13 @@ import * as program from 'commander'; import { CipherService } from 'jslib/abstractions/cipher.service'; import { FolderService } from 'jslib/abstractions/folder.service'; +import { TokenService } from 'jslib/abstractions/token.service'; import { Response } from '../models/response'; export class DeleteCommand { - constructor(private cipherService: CipherService, private folderService: FolderService) { } + constructor(private cipherService: CipherService, private folderService: FolderService, + private tokenService: TokenService) { } async run(object: string, id: string, cmd: program.Command): Promise { if (id != null) { @@ -59,6 +61,10 @@ export class DeleteCommand { return Response.error('Attachment `' + id + '` was not found.'); } + if (cipher.organizationId == null && !this.tokenService.getPremium()) { + return Response.error('A premium membership is required to use this feature.'); + } + try { await this.cipherService.deleteAttachmentWithServer(cipher.id, attachments[0].id); return Response.success(); diff --git a/src/commands/get.command.ts b/src/commands/get.command.ts index 4e1384d154..b20e638aba 100644 --- a/src/commands/get.command.ts +++ b/src/commands/get.command.ts @@ -8,6 +8,7 @@ import { CipherService } from 'jslib/abstractions/cipher.service'; import { CollectionService } from 'jslib/abstractions/collection.service'; import { CryptoService } from 'jslib/abstractions/crypto.service'; import { FolderService } from 'jslib/abstractions/folder.service'; +import { TokenService } from 'jslib/abstractions/token.service'; import { TotpService } from 'jslib/abstractions/totp.service'; import { CipherView } from 'jslib/models/view/cipherView'; @@ -37,7 +38,8 @@ import { CliUtils } from '../utils'; export class GetCommand { constructor(private cipherService: CipherService, private folderService: FolderService, private collectionService: CollectionService, private totpService: TotpService, - private auditService: AuditService, private cryptoService: CryptoService) { } + private auditService: AuditService, private cryptoService: CryptoService, + private tokenService: TokenService) { } async run(object: string, id: string, cmd: program.Command): Promise { if (id != null) { @@ -153,8 +155,6 @@ export class GetCommand { } private async getTotp(id: string) { - // TODO: premium check - const cipherResponse = await this.getCipher(id); if (!cipherResponse.success) { return cipherResponse; @@ -174,6 +174,14 @@ export class GetCommand { return Response.error('Couldn\'t generate TOTP code.'); } + if (!this.tokenService.getPremium()) { + const originalCipher = await this.cipherService.get(id); + if (originalCipher == null || originalCipher.organizationId == null || + !originalCipher.organizationUseTotp) { + return Response.error('A premium membership is required to use this feature.'); + } + } + const res = new StringResponse(totp); return Response.success(res); } @@ -194,8 +202,6 @@ export class GetCommand { return Response.badRequest('--itemid required.'); } - // TODO: Premium check - const itemId = cmd.itemid.toLowerCase(); const cipherResponse = await this.getCipher(itemId); if (!cipherResponse.success) { @@ -216,6 +222,13 @@ export class GetCommand { return Response.multipleResults(attachments.map((a) => a.id)); } + if (!this.tokenService.getPremium()) { + const originalCipher = await this.cipherService.get(cipher.id); + if (originalCipher == null || originalCipher.organizationId == null) { + return Response.error('A premium membership is required to use this feature.'); + } + } + const response = await fet.default(new fet.Request(attachments[0].url, { headers: { cache: 'no-cache' } })); if (response.status !== 200) { return Response.error('A ' + response.status + ' error occurred while downloading the attachment.');