Copy jslib into Directory Connector [TI-6] (#262)

jslib/common/spec/misc/logInStrategies/apiLogIn.strategy.spec.ts

@@ -0,0 +1,114 @@
+import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
+
+import { ApiService } from "jslib-common/abstractions/api.service";
+import { AppIdService } from "jslib-common/abstractions/appId.service";
+import { CryptoService } from "jslib-common/abstractions/crypto.service";
+import { EnvironmentService } from "jslib-common/abstractions/environment.service";
+import { KeyConnectorService } from "jslib-common/abstractions/keyConnector.service";
+import { LogService } from "jslib-common/abstractions/log.service";
+import { MessagingService } from "jslib-common/abstractions/messaging.service";
+import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
+import { StateService } from "jslib-common/abstractions/state.service";
+import { TokenService } from "jslib-common/abstractions/token.service";
+import { TwoFactorService } from "jslib-common/abstractions/twoFactor.service";
+import { ApiLogInStrategy } from "jslib-common/misc/logInStrategies/apiLogin.strategy";
+import { Utils } from "jslib-common/misc/utils";
+import { ApiLogInCredentials } from "jslib-common/models/domain/logInCredentials";
+
+import { identityTokenResponseFactory } from "./logIn.strategy.spec";
+
+describe("ApiLogInStrategy", () => {
+  let cryptoService: SubstituteOf<CryptoService>;
+  let apiService: SubstituteOf<ApiService>;
+  let tokenService: SubstituteOf<TokenService>;
+  let appIdService: SubstituteOf<AppIdService>;
+  let platformUtilsService: SubstituteOf<PlatformUtilsService>;
+  let messagingService: SubstituteOf<MessagingService>;
+  let logService: SubstituteOf<LogService>;
+  let environmentService: SubstituteOf<EnvironmentService>;
+  let keyConnectorService: SubstituteOf<KeyConnectorService>;
+  let stateService: SubstituteOf<StateService>;
+  let twoFactorService: SubstituteOf<TwoFactorService>;
+
+  let apiLogInStrategy: ApiLogInStrategy;
+  let credentials: ApiLogInCredentials;
+
+  const deviceId = Utils.newGuid();
+  const keyConnectorUrl = "KEY_CONNECTOR_URL";
+  const apiClientId = "API_CLIENT_ID";
+  const apiClientSecret = "API_CLIENT_SECRET";
+
+  beforeEach(async () => {
+    cryptoService = Substitute.for<CryptoService>();
+    apiService = Substitute.for<ApiService>();
+    tokenService = Substitute.for<TokenService>();
+    appIdService = Substitute.for<AppIdService>();
+    platformUtilsService = Substitute.for<PlatformUtilsService>();
+    messagingService = Substitute.for<MessagingService>();
+    logService = Substitute.for<LogService>();
+    environmentService = Substitute.for<EnvironmentService>();
+    stateService = Substitute.for<StateService>();
+    keyConnectorService = Substitute.for<KeyConnectorService>();
+    twoFactorService = Substitute.for<TwoFactorService>();
+
+    appIdService.getAppId().resolves(deviceId);
+    tokenService.getTwoFactorToken().resolves(null);
+
+    apiLogInStrategy = new ApiLogInStrategy(
+      cryptoService,
+      apiService,
+      tokenService,
+      appIdService,
+      platformUtilsService,
+      messagingService,
+      logService,
+      stateService,
+      twoFactorService,
+      environmentService,
+      keyConnectorService
+    );
+
+    credentials = new ApiLogInCredentials(apiClientId, apiClientSecret);
+  });
+
+  it("sends api key credentials to the server", async () => {
+    apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+    await apiLogInStrategy.logIn(credentials);
+
+    apiService.received(1).postIdentityToken(
+      Arg.is((actual) => {
+        const apiTokenRequest = actual as any;
+        return (
+          apiTokenRequest.clientId === apiClientId &&
+          apiTokenRequest.clientSecret === apiClientSecret &&
+          apiTokenRequest.device.identifier === deviceId &&
+          apiTokenRequest.twoFactor.provider == null &&
+          apiTokenRequest.twoFactor.token == null &&
+          apiTokenRequest.captchaResponse == null
+        );
+      })
+    );
+  });
+
+  it("sets the local environment after a successful login", async () => {
+    apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+
+    await apiLogInStrategy.logIn(credentials);
+
+    stateService.received(1).setApiKeyClientId(apiClientId);
+    stateService.received(1).setApiKeyClientSecret(apiClientSecret);
+    stateService.received(1).addAccount(Arg.any());
+  });
+
+  it("gets and sets the Key Connector key from environmentUrl", async () => {
+    const tokenResponse = identityTokenResponseFactory();
+    tokenResponse.apiUseKeyConnector = true;
+
+    apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+    environmentService.getKeyConnectorUrl().returns(keyConnectorUrl);
+
+    await apiLogInStrategy.logIn(credentials);
+
+    keyConnectorService.received(1).getAndSetKey(keyConnectorUrl);
+  });
+});

jslib/common/spec/misc/logInStrategies/logIn.strategy.spec.ts

@@ -0,0 +1,288 @@
+import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
+
+import { ApiService } from "jslib-common/abstractions/api.service";
+import { AppIdService } from "jslib-common/abstractions/appId.service";
+import { AuthService } from "jslib-common/abstractions/auth.service";
+import { CryptoService } from "jslib-common/abstractions/crypto.service";
+import { LogService } from "jslib-common/abstractions/log.service";
+import { MessagingService } from "jslib-common/abstractions/messaging.service";
+import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
+import { StateService } from "jslib-common/abstractions/state.service";
+import { TokenService } from "jslib-common/abstractions/token.service";
+import { TwoFactorService } from "jslib-common/abstractions/twoFactor.service";
+import { TwoFactorProviderType } from "jslib-common/enums/twoFactorProviderType";
+import { PasswordLogInStrategy } from "jslib-common/misc/logInStrategies/passwordLogin.strategy";
+import { Utils } from "jslib-common/misc/utils";
+import { Account, AccountProfile, AccountTokens } from "jslib-common/models/domain/account";
+import { AuthResult } from "jslib-common/models/domain/authResult";
+import { EncString } from "jslib-common/models/domain/encString";
+import { PasswordLogInCredentials } from "jslib-common/models/domain/logInCredentials";
+import { PasswordTokenRequest } from "jslib-common/models/request/identityToken/passwordTokenRequest";
+import { TokenRequestTwoFactor } from "jslib-common/models/request/identityToken/tokenRequestTwoFactor";
+import { IdentityCaptchaResponse } from "jslib-common/models/response/identityCaptchaResponse";
+import { IdentityTokenResponse } from "jslib-common/models/response/identityTokenResponse";
+import { IdentityTwoFactorResponse } from "jslib-common/models/response/identityTwoFactorResponse";
+
+const email = "hello@world.com";
+const masterPassword = "password";
+
+const deviceId = Utils.newGuid();
+const accessToken = "ACCESS_TOKEN";
+const refreshToken = "REFRESH_TOKEN";
+const encKey = "ENC_KEY";
+const privateKey = "PRIVATE_KEY";
+const captchaSiteKey = "CAPTCHA_SITE_KEY";
+const kdf = 0;
+const kdfIterations = 10000;
+const userId = Utils.newGuid();
+const masterPasswordHash = "MASTER_PASSWORD_HASH";
+
+const decodedToken = {
+  sub: userId,
+  email: email,
+  premium: false,
+};
+
+const twoFactorProviderType = TwoFactorProviderType.Authenticator;
+const twoFactorToken = "TWO_FACTOR_TOKEN";
+const twoFactorRemember = true;
+
+export function identityTokenResponseFactory() {
+  return new IdentityTokenResponse({
+    ForcePasswordReset: false,
+    Kdf: kdf,
+    KdfIterations: kdfIterations,
+    Key: encKey,
+    PrivateKey: privateKey,
+    ResetMasterPassword: false,
+    access_token: accessToken,
+    expires_in: 3600,
+    refresh_token: refreshToken,
+    scope: "api offline_access",
+    token_type: "Bearer",
+  });
+}
+
+describe("LogInStrategy", () => {
+  let cryptoService: SubstituteOf<CryptoService>;
+  let apiService: SubstituteOf<ApiService>;
+  let tokenService: SubstituteOf<TokenService>;
+  let appIdService: SubstituteOf<AppIdService>;
+  let platformUtilsService: SubstituteOf<PlatformUtilsService>;
+  let messagingService: SubstituteOf<MessagingService>;
+  let logService: SubstituteOf<LogService>;
+  let stateService: SubstituteOf<StateService>;
+  let twoFactorService: SubstituteOf<TwoFactorService>;
+  let authService: SubstituteOf<AuthService>;
+
+  let passwordLogInStrategy: PasswordLogInStrategy;
+  let credentials: PasswordLogInCredentials;
+
+  beforeEach(async () => {
+    cryptoService = Substitute.for<CryptoService>();
+    apiService = Substitute.for<ApiService>();
+    tokenService = Substitute.for<TokenService>();
+    appIdService = Substitute.for<AppIdService>();
+    platformUtilsService = Substitute.for<PlatformUtilsService>();
+    messagingService = Substitute.for<MessagingService>();
+    logService = Substitute.for<LogService>();
+    stateService = Substitute.for<StateService>();
+    twoFactorService = Substitute.for<TwoFactorService>();
+    authService = Substitute.for<AuthService>();
+
+    appIdService.getAppId().resolves(deviceId);
+
+    // The base class is abstract so we test it via PasswordLogInStrategy
+    passwordLogInStrategy = new PasswordLogInStrategy(
+      cryptoService,
+      apiService,
+      tokenService,
+      appIdService,
+      platformUtilsService,
+      messagingService,
+      logService,
+      stateService,
+      twoFactorService,
+      authService
+    );
+    credentials = new PasswordLogInCredentials(email, masterPassword);
+  });
+
+  describe("base class", () => {
+    it("sets the local environment after a successful login", async () => {
+      apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+      tokenService.decodeToken(accessToken).resolves(decodedToken);
+
+      await passwordLogInStrategy.logIn(credentials);
+
+      stateService.received(1).addAccount(
+        new Account({
+          profile: {
+            ...new AccountProfile(),
+            ...{
+              userId: userId,
+              email: email,
+              hasPremiumPersonally: false,
+              kdfIterations: kdfIterations,
+              kdfType: kdf,
+            },
+          },
+          tokens: {
+            ...new AccountTokens(),
+            ...{
+              accessToken: accessToken,
+              refreshToken: refreshToken,
+            },
+          },
+        })
+      );
+      cryptoService.received(1).setEncKey(encKey);
+      cryptoService.received(1).setEncPrivateKey(privateKey);
+
+      stateService.received(1).setBiometricLocked(false);
+      messagingService.received(1).send("loggedIn");
+    });
+
+    it("builds AuthResult", async () => {
+      const tokenResponse = identityTokenResponseFactory();
+      tokenResponse.forcePasswordReset = true;
+      tokenResponse.resetMasterPassword = true;
+
+      apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+
+      const result = await passwordLogInStrategy.logIn(credentials);
+
+      const expected = new AuthResult();
+      expected.forcePasswordReset = true;
+      expected.resetMasterPassword = true;
+      expected.twoFactorProviders = null;
+      expected.captchaSiteKey = "";
+      expect(result).toEqual(expected);
+    });
+
+    it("rejects login if CAPTCHA is required", async () => {
+      // Sample CAPTCHA response
+      const tokenResponse = new IdentityCaptchaResponse({
+        error: "invalid_grant",
+        error_description: "Captcha required.",
+        HCaptcha_SiteKey: captchaSiteKey,
+      });
+
+      apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+
+      const result = await passwordLogInStrategy.logIn(credentials);
+
+      stateService.didNotReceive().addAccount(Arg.any());
+      messagingService.didNotReceive().send(Arg.any());
+
+      const expected = new AuthResult();
+      expected.captchaSiteKey = captchaSiteKey;
+      expect(result).toEqual(expected);
+    });
+
+    it("makes a new public and private key for an old account", async () => {
+      const tokenResponse = identityTokenResponseFactory();
+      tokenResponse.privateKey = null;
+      cryptoService.makeKeyPair(Arg.any()).resolves(["PUBLIC_KEY", new EncString("PRIVATE_KEY")]);
+
+      apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+
+      await passwordLogInStrategy.logIn(credentials);
+
+      apiService.received(1).postAccountKeys(Arg.any());
+    });
+  });
+
+  describe("Two-factor authentication", () => {
+    it("rejects login if 2FA is required", async () => {
+      // Sample response where TOTP 2FA required
+      const tokenResponse = new IdentityTwoFactorResponse({
+        TwoFactorProviders: ["0"],
+        TwoFactorProviders2: { 0: null },
+        error: "invalid_grant",
+        error_description: "Two factor required.",
+      });
+
+      apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+
+      const result = await passwordLogInStrategy.logIn(credentials);
+
+      stateService.didNotReceive().addAccount(Arg.any());
+      messagingService.didNotReceive().send(Arg.any());
+
+      const expected = new AuthResult();
+      expected.twoFactorProviders = new Map<TwoFactorProviderType, { [key: string]: string }>();
+      expected.twoFactorProviders.set(0, null);
+      expect(result).toEqual(expected);
+    });
+
+    it("sends stored 2FA token to server", async () => {
+      tokenService.getTwoFactorToken().resolves(twoFactorToken);
+      apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+
+      await passwordLogInStrategy.logIn(credentials);
+
+      apiService.received(1).postIdentityToken(
+        Arg.is((actual) => {
+          const passwordTokenRequest = actual as any;
+          return (
+            passwordTokenRequest.twoFactor.provider === TwoFactorProviderType.Remember &&
+            passwordTokenRequest.twoFactor.token === twoFactorToken &&
+            passwordTokenRequest.twoFactor.remember === false
+          );
+        })
+      );
+    });
+
+    it("sends 2FA token provided by user to server (single step)", async () => {
+      // This occurs if the user enters the 2FA code as an argument in the CLI
+      apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+      credentials.twoFactor = new TokenRequestTwoFactor(
+        twoFactorProviderType,
+        twoFactorToken,
+        twoFactorRemember
+      );
+
+      await passwordLogInStrategy.logIn(credentials);
+
+      apiService.received(1).postIdentityToken(
+        Arg.is((actual) => {
+          const passwordTokenRequest = actual as any;
+          return (
+            passwordTokenRequest.twoFactor.provider === twoFactorProviderType &&
+            passwordTokenRequest.twoFactor.token === twoFactorToken &&
+            passwordTokenRequest.twoFactor.remember === twoFactorRemember
+          );
+        })
+      );
+    });
+
+    it("sends 2FA token provided by user to server (two-step)", async () => {
+      // Simulate a partially completed login
+      passwordLogInStrategy.tokenRequest = new PasswordTokenRequest(
+        email,
+        masterPasswordHash,
+        null,
+        null
+      );
+
+      apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+
+      await passwordLogInStrategy.logInTwoFactor(
+        new TokenRequestTwoFactor(twoFactorProviderType, twoFactorToken, twoFactorRemember),
+        null
+      );
+
+      apiService.received(1).postIdentityToken(
+        Arg.is((actual) => {
+          const passwordTokenRequest = actual as any;
+          return (
+            passwordTokenRequest.twoFactor.provider === twoFactorProviderType &&
+            passwordTokenRequest.twoFactor.token === twoFactorToken &&
+            passwordTokenRequest.twoFactor.remember === twoFactorRemember
+          );
+        })
+      );
+    });
+  });
+});

jslib/common/spec/misc/logInStrategies/passwordLogIn.strategy.spec.ts

@@ -0,0 +1,110 @@
+import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
+
+import { ApiService } from "jslib-common/abstractions/api.service";
+import { AppIdService } from "jslib-common/abstractions/appId.service";
+import { AuthService } from "jslib-common/abstractions/auth.service";
+import { CryptoService } from "jslib-common/abstractions/crypto.service";
+import { LogService } from "jslib-common/abstractions/log.service";
+import { MessagingService } from "jslib-common/abstractions/messaging.service";
+import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
+import { StateService } from "jslib-common/abstractions/state.service";
+import { TokenService } from "jslib-common/abstractions/token.service";
+import { TwoFactorService } from "jslib-common/abstractions/twoFactor.service";
+import { HashPurpose } from "jslib-common/enums/hashPurpose";
+import { PasswordLogInStrategy } from "jslib-common/misc/logInStrategies/passwordLogin.strategy";
+import { Utils } from "jslib-common/misc/utils";
+import { PasswordLogInCredentials } from "jslib-common/models/domain/logInCredentials";
+import { SymmetricCryptoKey } from "jslib-common/models/domain/symmetricCryptoKey";
+
+import { identityTokenResponseFactory } from "./logIn.strategy.spec";
+
+const email = "hello@world.com";
+const masterPassword = "password";
+const hashedPassword = "HASHED_PASSWORD";
+const localHashedPassword = "LOCAL_HASHED_PASSWORD";
+const preloginKey = new SymmetricCryptoKey(
+  Utils.fromB64ToArray(
+    "N2KWjlLpfi5uHjv+YcfUKIpZ1l+W+6HRensmIqD+BFYBf6N/dvFpJfWwYnVBdgFCK2tJTAIMLhqzIQQEUmGFgg=="
+  )
+);
+const deviceId = Utils.newGuid();
+
+describe("PasswordLogInStrategy", () => {
+  let cryptoService: SubstituteOf<CryptoService>;
+  let apiService: SubstituteOf<ApiService>;
+  let tokenService: SubstituteOf<TokenService>;
+  let appIdService: SubstituteOf<AppIdService>;
+  let platformUtilsService: SubstituteOf<PlatformUtilsService>;
+  let messagingService: SubstituteOf<MessagingService>;
+  let logService: SubstituteOf<LogService>;
+  let stateService: SubstituteOf<StateService>;
+  let twoFactorService: SubstituteOf<TwoFactorService>;
+  let authService: SubstituteOf<AuthService>;
+
+  let passwordLogInStrategy: PasswordLogInStrategy;
+  let credentials: PasswordLogInCredentials;
+
+  beforeEach(async () => {
+    cryptoService = Substitute.for<CryptoService>();
+    apiService = Substitute.for<ApiService>();
+    tokenService = Substitute.for<TokenService>();
+    appIdService = Substitute.for<AppIdService>();
+    platformUtilsService = Substitute.for<PlatformUtilsService>();
+    messagingService = Substitute.for<MessagingService>();
+    logService = Substitute.for<LogService>();
+    stateService = Substitute.for<StateService>();
+    twoFactorService = Substitute.for<TwoFactorService>();
+    authService = Substitute.for<AuthService>();
+
+    appIdService.getAppId().resolves(deviceId);
+    tokenService.getTwoFactorToken().resolves(null);
+
+    authService.makePreloginKey(Arg.any(), Arg.any()).resolves(preloginKey);
+
+    cryptoService.hashPassword(masterPassword, Arg.any()).resolves(hashedPassword);
+    cryptoService
+      .hashPassword(masterPassword, Arg.any(), HashPurpose.LocalAuthorization)
+      .resolves(localHashedPassword);
+
+    passwordLogInStrategy = new PasswordLogInStrategy(
+      cryptoService,
+      apiService,
+      tokenService,
+      appIdService,
+      platformUtilsService,
+      messagingService,
+      logService,
+      stateService,
+      twoFactorService,
+      authService
+    );
+    credentials = new PasswordLogInCredentials(email, masterPassword);
+
+    apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+  });
+
+  it("sends master password credentials to the server", async () => {
+    await passwordLogInStrategy.logIn(credentials);
+
+    apiService.received(1).postIdentityToken(
+      Arg.is((actual) => {
+        const passwordTokenRequest = actual as any; // Need to access private fields
+        return (
+          passwordTokenRequest.email === email &&
+          passwordTokenRequest.masterPasswordHash === hashedPassword &&
+          passwordTokenRequest.device.identifier === deviceId &&
+          passwordTokenRequest.twoFactor.provider == null &&
+          passwordTokenRequest.twoFactor.token == null &&
+          passwordTokenRequest.captchaResponse == null
+        );
+      })
+    );
+  });
+
+  it("sets the local environment after a successful login", async () => {
+    await passwordLogInStrategy.logIn(credentials);
+
+    cryptoService.received(1).setKey(preloginKey);
+    cryptoService.received(1).setKeyHash(localHashedPassword);
+  });
+});

jslib/common/spec/misc/logInStrategies/ssoLogIn.strategy.spec.ts

@@ -0,0 +1,127 @@
+import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
+
+import { ApiService } from "jslib-common/abstractions/api.service";
+import { AppIdService } from "jslib-common/abstractions/appId.service";
+import { CryptoService } from "jslib-common/abstractions/crypto.service";
+import { KeyConnectorService } from "jslib-common/abstractions/keyConnector.service";
+import { LogService } from "jslib-common/abstractions/log.service";
+import { MessagingService } from "jslib-common/abstractions/messaging.service";
+import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
+import { StateService } from "jslib-common/abstractions/state.service";
+import { TokenService } from "jslib-common/abstractions/token.service";
+import { TwoFactorService } from "jslib-common/abstractions/twoFactor.service";
+import { SsoLogInStrategy } from "jslib-common/misc/logInStrategies/ssoLogin.strategy";
+import { Utils } from "jslib-common/misc/utils";
+import { SsoLogInCredentials } from "jslib-common/models/domain/logInCredentials";
+
+import { identityTokenResponseFactory } from "./logIn.strategy.spec";
+
+describe("SsoLogInStrategy", () => {
+  let cryptoService: SubstituteOf<CryptoService>;
+  let apiService: SubstituteOf<ApiService>;
+  let tokenService: SubstituteOf<TokenService>;
+  let appIdService: SubstituteOf<AppIdService>;
+  let platformUtilsService: SubstituteOf<PlatformUtilsService>;
+  let messagingService: SubstituteOf<MessagingService>;
+  let logService: SubstituteOf<LogService>;
+  let keyConnectorService: SubstituteOf<KeyConnectorService>;
+  let stateService: SubstituteOf<StateService>;
+  let twoFactorService: SubstituteOf<TwoFactorService>;
+
+  let ssoLogInStrategy: SsoLogInStrategy;
+  let credentials: SsoLogInCredentials;
+
+  const deviceId = Utils.newGuid();
+  const encKey = "ENC_KEY";
+  const privateKey = "PRIVATE_KEY";
+  const keyConnectorUrl = "KEY_CONNECTOR_URL";
+
+  const ssoCode = "SSO_CODE";
+  const ssoCodeVerifier = "SSO_CODE_VERIFIER";
+  const ssoRedirectUrl = "SSO_REDIRECT_URL";
+  const ssoOrgId = "SSO_ORG_ID";
+
+  beforeEach(async () => {
+    cryptoService = Substitute.for<CryptoService>();
+    apiService = Substitute.for<ApiService>();
+    tokenService = Substitute.for<TokenService>();
+    appIdService = Substitute.for<AppIdService>();
+    platformUtilsService = Substitute.for<PlatformUtilsService>();
+    messagingService = Substitute.for<MessagingService>();
+    logService = Substitute.for<LogService>();
+    stateService = Substitute.for<StateService>();
+    keyConnectorService = Substitute.for<KeyConnectorService>();
+    twoFactorService = Substitute.for<TwoFactorService>();
+
+    tokenService.getTwoFactorToken().resolves(null);
+    appIdService.getAppId().resolves(deviceId);
+
+    ssoLogInStrategy = new SsoLogInStrategy(
+      cryptoService,
+      apiService,
+      tokenService,
+      appIdService,
+      platformUtilsService,
+      messagingService,
+      logService,
+      stateService,
+      twoFactorService,
+      keyConnectorService
+    );
+    credentials = new SsoLogInCredentials(ssoCode, ssoCodeVerifier, ssoRedirectUrl, ssoOrgId);
+  });
+
+  it("sends SSO information to server", async () => {
+    apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
+
+    await ssoLogInStrategy.logIn(credentials);
+
+    apiService.received(1).postIdentityToken(
+      Arg.is((actual) => {
+        const ssoTokenRequest = actual as any;
+        return (
+          ssoTokenRequest.code === ssoCode &&
+          ssoTokenRequest.codeVerifier === ssoCodeVerifier &&
+          ssoTokenRequest.redirectUri === ssoRedirectUrl &&
+          ssoTokenRequest.device.identifier === deviceId &&
+          ssoTokenRequest.twoFactor.provider == null &&
+          ssoTokenRequest.twoFactor.token == null
+        );
+      })
+    );
+  });
+
+  it("does not set keys for new SSO user flow", async () => {
+    const tokenResponse = identityTokenResponseFactory();
+    tokenResponse.key = null;
+    apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+
+    await ssoLogInStrategy.logIn(credentials);
+
+    cryptoService.didNotReceive().setEncPrivateKey(privateKey);
+    cryptoService.didNotReceive().setEncKey(encKey);
+  });
+
+  it("gets and sets KeyConnector key for enrolled user", async () => {
+    const tokenResponse = identityTokenResponseFactory();
+    tokenResponse.keyConnectorUrl = keyConnectorUrl;
+
+    apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+
+    await ssoLogInStrategy.logIn(credentials);
+
+    keyConnectorService.received(1).getAndSetKey(keyConnectorUrl);
+  });
+
+  it("converts new SSO user to Key Connector on first login", async () => {
+    const tokenResponse = identityTokenResponseFactory();
+    tokenResponse.keyConnectorUrl = keyConnectorUrl;
+    tokenResponse.key = null;
+
+    apiService.postIdentityToken(Arg.any()).resolves(tokenResponse);
+
+    await ssoLogInStrategy.logIn(credentials);
+
+    keyConnectorService.received(1).convertNewSsoUserToKeyConnector(tokenResponse, ssoOrgId);
+  });
+});

jslib/common/spec/misc/sequentialize.spec.ts

@@ -0,0 +1,127 @@
+import { sequentialize } from "jslib-common/misc/sequentialize";
+
+describe("sequentialize decorator", () => {
+  it("should call the function once", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(1);
+  });
+
+  it("should call the function once for each instance of the object", async () => {
+    const foo = new Foo();
+    const foo2 = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+      promises.push(foo2.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(1);
+    expect(foo2.calls).toBe(1);
+  });
+
+  it("should call the function once with key function", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.baz(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(1);
+  });
+
+  it("should call the function again when already resolved", async () => {
+    const foo = new Foo();
+    await foo.bar(1);
+    expect(foo.calls).toBe(1);
+    await foo.bar(1);
+    expect(foo.calls).toBe(2);
+  });
+
+  it("should call the function again when already resolved with a key function", async () => {
+    const foo = new Foo();
+    await foo.baz(1);
+    expect(foo.calls).toBe(1);
+    await foo.baz(1);
+    expect(foo.calls).toBe(2);
+  });
+
+  it("should call the function for each argument", async () => {
+    const foo = new Foo();
+    await Promise.all([foo.bar(1), foo.bar(1), foo.bar(2), foo.bar(2), foo.bar(3), foo.bar(3)]);
+    expect(foo.calls).toBe(3);
+  });
+
+  it("should call the function for each argument with key function", async () => {
+    const foo = new Foo();
+    await Promise.all([foo.baz(1), foo.baz(1), foo.baz(2), foo.baz(2), foo.baz(3), foo.baz(3)]);
+    expect(foo.calls).toBe(3);
+  });
+
+  it("should return correct result for each call", async () => {
+    const foo = new Foo();
+    const allRes: number[] = [];
+
+    await Promise.all([
+      foo.bar(1).then((res) => allRes.push(res)),
+      foo.bar(1).then((res) => allRes.push(res)),
+      foo.bar(2).then((res) => allRes.push(res)),
+      foo.bar(2).then((res) => allRes.push(res)),
+      foo.bar(3).then((res) => allRes.push(res)),
+      foo.bar(3).then((res) => allRes.push(res)),
+    ]);
+    expect(foo.calls).toBe(3);
+    expect(allRes.length).toBe(6);
+    allRes.sort();
+    expect(allRes).toEqual([2, 2, 4, 4, 6, 6]);
+  });
+
+  it("should return correct result for each call with key function", async () => {
+    const foo = new Foo();
+    const allRes: number[] = [];
+
+    await Promise.all([
+      foo.baz(1).then((res) => allRes.push(res)),
+      foo.baz(1).then((res) => allRes.push(res)),
+      foo.baz(2).then((res) => allRes.push(res)),
+      foo.baz(2).then((res) => allRes.push(res)),
+      foo.baz(3).then((res) => allRes.push(res)),
+      foo.baz(3).then((res) => allRes.push(res)),
+    ]);
+    expect(foo.calls).toBe(3);
+    expect(allRes.length).toBe(6);
+    allRes.sort();
+    expect(allRes).toEqual([3, 3, 6, 6, 9, 9]);
+  });
+});
+
+class Foo {
+  calls = 0;
+
+  @sequentialize((args) => "bar" + args[0])
+  bar(a: number): Promise<number> {
+    this.calls++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        res(a * 2);
+      }, Math.random() * 100);
+    });
+  }
+
+  @sequentialize((args) => "baz" + args[0])
+  baz(a: number): Promise<number> {
+    this.calls++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        res(a * 3);
+      }, Math.random() * 100);
+    });
+  }
+}

jslib/common/spec/misc/throttle.spec.ts

@@ -0,0 +1,110 @@
+import { sequentialize } from "jslib-common/misc/sequentialize";
+import { throttle } from "jslib-common/misc/throttle";
+
+describe("throttle decorator", () => {
+  it("should call the function once at a time", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+  });
+
+  it("should call the function once at a time for each object", async () => {
+    const foo = new Foo();
+    const foo2 = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.bar(1));
+      promises.push(foo2.bar(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+    expect(foo2.calls).toBe(10);
+  });
+
+  it("should call the function limit at a time", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.baz(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+  });
+
+  it("should call the function limit at a time for each object", async () => {
+    const foo = new Foo();
+    const foo2 = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.baz(1));
+      promises.push(foo2.baz(1));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(10);
+    expect(foo2.calls).toBe(10);
+  });
+
+  it("should work together with sequentialize", async () => {
+    const foo = new Foo();
+    const promises = [];
+    for (let i = 0; i < 10; i++) {
+      promises.push(foo.qux(Math.floor(i / 2) * 2));
+    }
+    await Promise.all(promises);
+
+    expect(foo.calls).toBe(5);
+  });
+});
+
+class Foo {
+  calls = 0;
+  inflight = 0;
+
+  @throttle(1, () => "bar")
+  bar(a: number) {
+    this.calls++;
+    this.inflight++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        expect(this.inflight).toBe(1);
+        this.inflight--;
+        res(a * 2);
+      }, Math.random() * 10);
+    });
+  }
+
+  @throttle(5, () => "baz")
+  baz(a: number) {
+    this.calls++;
+    this.inflight++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        expect(this.inflight).toBeLessThanOrEqual(5);
+        this.inflight--;
+        res(a * 3);
+      }, Math.random() * 10);
+    });
+  }
+
+  @sequentialize((args) => "qux" + args[0])
+  @throttle(1, () => "qux")
+  qux(a: number) {
+    this.calls++;
+    this.inflight++;
+    return new Promise((res) => {
+      setTimeout(() => {
+        expect(this.inflight).toBe(1);
+        this.inflight--;
+        res(a * 3);
+      }, Math.random() * 10);
+    });
+  }
+}

jslib/common/spec/misc/utils.spec.ts

@@ -0,0 +1,73 @@
+import { Utils } from "jslib-common/misc/utils";
+
+describe("Utils Service", () => {
+  describe("getDomain", () => {
+    it("should fail for invalid urls", () => {
+      expect(Utils.getDomain(null)).toBeNull();
+      expect(Utils.getDomain(undefined)).toBeNull();
+      expect(Utils.getDomain(" ")).toBeNull();
+      expect(Utils.getDomain('https://bit!:"_&ward.com')).toBeNull();
+      expect(Utils.getDomain("bitwarden")).toBeNull();
+    });
+
+    it("should fail for data urls", () => {
+      expect(Utils.getDomain("data:image/jpeg;base64,AAA")).toBeNull();
+    });
+
+    it("should handle urls without protocol", () => {
+      expect(Utils.getDomain("bitwarden.com")).toBe("bitwarden.com");
+      expect(Utils.getDomain("wrong://bitwarden.com")).toBe("bitwarden.com");
+    });
+
+    it("should handle valid urls", () => {
+      expect(Utils.getDomain("https://bitwarden")).toBe("bitwarden");
+      expect(Utils.getDomain("https://bitwarden.com")).toBe("bitwarden.com");
+      expect(Utils.getDomain("http://bitwarden.com")).toBe("bitwarden.com");
+      expect(Utils.getDomain("http://vault.bitwarden.com")).toBe("bitwarden.com");
+      expect(
+        Utils.getDomain("https://user:password@bitwarden.com:8080/password/sites?and&query#hash")
+      ).toBe("bitwarden.com");
+      expect(Utils.getDomain("https://bitwarden.unknown")).toBe("bitwarden.unknown");
+    });
+
+    it("should support localhost and IP", () => {
+      expect(Utils.getDomain("https://localhost")).toBe("localhost");
+      expect(Utils.getDomain("https://192.168.1.1")).toBe("192.168.1.1");
+    });
+
+    it("should reject invalid hostnames", () => {
+      expect(Utils.getDomain("https://mywebsite.com$.mywebsite.com")).toBeNull();
+      expect(Utils.getDomain("https://mywebsite.com!.mywebsite.com")).toBeNull();
+    });
+  });
+
+  describe("getHostname", () => {
+    it("should fail for invalid urls", () => {
+      expect(Utils.getHostname(null)).toBeNull();
+      expect(Utils.getHostname(undefined)).toBeNull();
+      expect(Utils.getHostname(" ")).toBeNull();
+      expect(Utils.getHostname('https://bit!:"_&ward.com')).toBeNull();
+      expect(Utils.getHostname("bitwarden")).toBeNull();
+    });
+
+    it("should handle valid urls", () => {
+      expect(Utils.getHostname("bitwarden.com")).toBe("bitwarden.com");
+      expect(Utils.getHostname("https://bitwarden.com")).toBe("bitwarden.com");
+      expect(Utils.getHostname("http://bitwarden.com")).toBe("bitwarden.com");
+      expect(Utils.getHostname("http://vault.bitwarden.com")).toBe("vault.bitwarden.com");
+    });
+
+    it("should support localhost and IP", () => {
+      expect(Utils.getHostname("https://localhost")).toBe("localhost");
+      expect(Utils.getHostname("https://192.168.1.1")).toBe("192.168.1.1");
+    });
+  });
+
+  describe("newGuid", () => {
+    it("should create a valid guid", () => {
+      const validGuid =
+        /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+      expect(Utils.newGuid()).toMatch(validGuid);
+    });
+  });
+});