bitwarden/directory-connector
1
0
Fork 0
mirror of https://github.com/bitwarden/directory-connector synced 2026-02-28 02:03:15 +00:00
Code Issues Releases Wiki Activity

Compare commits

base: bitwarden:jared/typescript-5.x
Branches Tags
bitwarden:state-service-wip bitwarden:ac/pm-31851-migrate-to-esm-modules bitwarden:restructure-repo bitwarden:dev-clarity-hands-on bitwarden:jslib-removal bitwarden:ac/pm-12436-replace-node-keytar-sonnet-attempt bitwarden:main bitwarden:ac/pm-20478-modernize-build-workflow bitwarden:ac/pm-20478-check-run-workflow bitwarden:renovate/cross-env-10.x bitwarden:renovate/node-24.x bitwarden:renovate/angular-eslint-monorepo bitwarden:rc bitwarden:state-service-rewrite bitwarden:context-rules bitwarden:gsuite-documentation bitwarden:jared/typescript-upgrade bitwarden:renovate/electron-store-11.x bitwarden:jared/typescript-5.x bitwarden:googleapi-failure-test bitwarden:sugi bitwarden:ac/pm-24898/upgrade-yao bitwarden:jmccannon/test-dc bitwarden:split-build-release-workflows bitwarden:jmccannon/github-node-upgrade bitwarden:feat/disable-suspended-google-accounts-ci bitwarden:ac/pm-15283/upgrade-angular-to-19 bitwarden:ac/pm-11803/deps-update-ldapjs-to-v3 bitwarden:vvolkgang-patch-2 bitwarden:vvolkgang-patch-1 bitwarden:version_bump_vgrassia/test-version-bump_2024-09-11 bitwarden:ac/addison/ac-2777/directory-connector-code-cleanup bitwarden:mimartin12-patch-1 bitwarden:AC-1743/upgrade-node bitwarden:AC-1743/Safe-Major-Upgrades bitwarden:husky-testing bitwarden:ac-1743 bitwarden:update-ast-action bitwarden:DEVOPS-1262-update-all-directory-connector-pipelines-to-use-the-new-ci-only-key-vault bitwarden:DEVOPS-1039-update-release-flow-dry-run-step-names bitwarden:DEVOPS-986-Update-download-artifacts bitwarden:refactor/injectable-services-2 bitwarden:update-ldapjs-2.9.8
bitwarden:v2026.2.0 bitwarden:v2026.1.0 bitwarden:v2025.12.0 bitwarden:v2025.11.0 bitwarden:v2025.10.0 bitwarden:v2025.9.0 bitwarden:v2025.8.0 bitwarden:v2025.7.0 bitwarden:v2025.6.1 bitwarden:v2025.6.0 bitwarden:v2025.5.0 bitwarden:v2025.4.0 bitwarden:v2025.3.0 bitwarden:v2025.1.0 bitwarden:v2024.10.0 bitwarden:v2024.9.0 bitwarden:v2024.3.2 bitwarden:v2023.10.0 bitwarden:v2022.11.0 bitwarden:v2022.6.0 bitwarden:v2.10.2 bitwarden:v2.10.1 bitwarden:v2.10.0 bitwarden:v2.9.10 bitwarden:v2.9.9 bitwarden:v2.9.8 bitwarden:v2.9.7 bitwarden:v2.9.6 bitwarden:v2.9.5 bitwarden:v2.9.4 bitwarden:v2.9.3 bitwarden:v2.9.2 bitwarden:v2.9.1 bitwarden:v2.9.0 bitwarden:v2.8.2 bitwarden:v2.8.1 bitwarden:v2.8.0 bitwarden:v2.7.0 bitwarden:v2.6.2 bitwarden:v2.6.1 bitwarden:v2.6.0 bitwarden:v2.5.3 bitwarden:v2.5.2 bitwarden:v2.5.1 bitwarden:v2.5.0 bitwarden:v2.4.0 bitwarden:v2.3.0 bitwarden:v2.2.0 bitwarden:v2.1.0 bitwarden:v2.0.4 bitwarden:v2.0.3 bitwarden:v2.0.2 bitwarden:v2.0.1 bitwarden:v2.0.0 bitwarden:v1.2.0 bitwarden:v1.1.3 bitwarden:v1.1.2 bitwarden:v1.1.1 bitwarden:v1.1.0 bitwarden:v1.0.0
..
compare: bitwarden:state-service-wip
Branches Tags
bitwarden:state-service-wip bitwarden:ac/pm-31851-migrate-to-esm-modules bitwarden:restructure-repo bitwarden:dev-clarity-hands-on bitwarden:jslib-removal bitwarden:ac/pm-12436-replace-node-keytar-sonnet-attempt bitwarden:main bitwarden:ac/pm-20478-modernize-build-workflow bitwarden:ac/pm-20478-check-run-workflow bitwarden:renovate/cross-env-10.x bitwarden:renovate/node-24.x bitwarden:renovate/angular-eslint-monorepo bitwarden:rc bitwarden:state-service-rewrite bitwarden:context-rules bitwarden:gsuite-documentation bitwarden:jared/typescript-upgrade bitwarden:renovate/electron-store-11.x bitwarden:jared/typescript-5.x bitwarden:googleapi-failure-test bitwarden:sugi bitwarden:ac/pm-24898/upgrade-yao bitwarden:jmccannon/test-dc bitwarden:split-build-release-workflows bitwarden:jmccannon/github-node-upgrade bitwarden:feat/disable-suspended-google-accounts-ci bitwarden:ac/pm-15283/upgrade-angular-to-19 bitwarden:ac/pm-11803/deps-update-ldapjs-to-v3 bitwarden:vvolkgang-patch-2 bitwarden:vvolkgang-patch-1 bitwarden:version_bump_vgrassia/test-version-bump_2024-09-11 bitwarden:ac/addison/ac-2777/directory-connector-code-cleanup bitwarden:mimartin12-patch-1 bitwarden:AC-1743/upgrade-node bitwarden:AC-1743/Safe-Major-Upgrades bitwarden:husky-testing bitwarden:ac-1743 bitwarden:update-ast-action bitwarden:DEVOPS-1262-update-all-directory-connector-pipelines-to-use-the-new-ci-only-key-vault bitwarden:DEVOPS-1039-update-release-flow-dry-run-step-names bitwarden:DEVOPS-986-Update-download-artifacts bitwarden:refactor/injectable-services-2 bitwarden:update-ldapjs-2.9.8
bitwarden:v2026.2.0 bitwarden:v2026.1.0 bitwarden:v2025.12.0 bitwarden:v2025.11.0 bitwarden:v2025.10.0 bitwarden:v2025.9.0 bitwarden:v2025.8.0 bitwarden:v2025.7.0 bitwarden:v2025.6.1 bitwarden:v2025.6.0 bitwarden:v2025.5.0 bitwarden:v2025.4.0 bitwarden:v2025.3.0 bitwarden:v2025.1.0 bitwarden:v2024.10.0 bitwarden:v2024.9.0 bitwarden:v2024.3.2 bitwarden:v2023.10.0 bitwarden:v2022.11.0 bitwarden:v2022.6.0 bitwarden:v2.10.2 bitwarden:v2.10.1 bitwarden:v2.10.0 bitwarden:v2.9.10 bitwarden:v2.9.9 bitwarden:v2.9.8 bitwarden:v2.9.7 bitwarden:v2.9.6 bitwarden:v2.9.5 bitwarden:v2.9.4 bitwarden:v2.9.3 bitwarden:v2.9.2 bitwarden:v2.9.1 bitwarden:v2.9.0 bitwarden:v2.8.2 bitwarden:v2.8.1 bitwarden:v2.8.0 bitwarden:v2.7.0 bitwarden:v2.6.2 bitwarden:v2.6.1 bitwarden:v2.6.0 bitwarden:v2.5.3 bitwarden:v2.5.2 bitwarden:v2.5.1 bitwarden:v2.5.0 bitwarden:v2.4.0 bitwarden:v2.3.0 bitwarden:v2.2.0 bitwarden:v2.1.0 bitwarden:v2.0.4 bitwarden:v2.0.3 bitwarden:v2.0.2 bitwarden:v2.0.1 bitwarden:v2.0.0 bitwarden:v1.2.0 bitwarden:v1.1.3 bitwarden:v1.1.2 bitwarden:v1.1.1 bitwarden:v1.1.0 bitwarden:v1.0.0

57 Commits
jared/type ... state-serv

Author SHA1 Message Date
Brandon
1f0bb5a71e update callers to vNext state service 2026-02-27 13:13:06 -05:00
Brandon
ac96470627 merge state service re-write 2026-02-27 13:12:54 -05:00
Brandon
ded20e9321 clean up 2026-02-27 13:10:21 -05:00
Brandon
43eba4cb92 Migrate all remaining cjs files to esm 2026-02-27 13:02:26 -05:00
Brandon
537b7489a9 migrate configuration files to ESM 2026-02-27 13:00:28 -05:00
Brandon
65f37446b9 add skill for migrating CJS to ESM + example 2026-02-27 12:58:35 -05:00
Brandon
c23fbfbad1 flatten account structure using claude 2026-02-27 12:58:17 -05:00
Brandon
4e8cccdb30 add tech debt context for DC Modernization 2026-02-27 12:55:00 -05:00
Brandon
19d6078f74 fix integration test 2026-02-27 12:54:49 -05:00
Brandon
23acdf63bf fix type issues 2026-02-27 12:54:41 -05:00
Brandon
293f673f5e add tests 2026-02-27 12:54:27 -05:00
Brandon
99f6af8dc8 scaffold new state service, add migration, initial commit 2026-02-27 12:54:18 -05:00
sven-bitwarden
984ae973a1 [PM-31004]: Fix Stackoverflow from Circular Group References (#991) 
* Fix circular groups

* Simplify tests
 2026-02-24 09:31:56 -06:00
renovate[bot]
af430157e0 [deps]: Update minimatch to v10 [SECURITY] - abandoned (#1009) 
* [deps]: Update minimatch to v10 [SECURITY]

* Remove erroneous failing dependencies

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Sven <svernyi@bitwarden.com>
 2026-02-23 13:10:23 -06:00
Jared
db3e7aa685 Refactor error handling in LdapDirectoryService to ensure proper unbinding and error propagation (#995) 2026-02-23 12:42:39 -05:00
Brandon Treston
9a2168c1d7 add lint workflow (#1006) 2026-02-19 11:43:39 -05:00
renovate[bot]
1fd8bf318f [deps]: Update webpack to v5.105.1 (#999) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-17 11:49:12 -05:00
renovate[bot]
c472d5e199 [deps]: Lock file maintenance (#1001) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Jared <TheWolfBadger@gmail.com>
 2026-02-17 11:04:46 -05:00
renovate[bot]
1a42e76c79 [deps]: Update eslint-plugin-rxjs-x to v0.9.1 (#998) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-16 15:47:22 +00:00
Mick Letofsky
1aad9e1cbe Slim down and align with our current practices (#994) 2026-02-11 15:58:42 +01:00
Brandon Treston
3059934d4c remove substitute (#992) 2026-02-10 09:41:26 -05:00
Vincent Salucci
42cf13df08 chore: bump version to 2026.2.0 (#993) 2026-02-09 14:11:35 -06:00
renovate[bot]
1a9f0a2ca7 [deps]: Update babel-loader to v10 (#987) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-06 15:08:41 +00:00
renovate[bot]
30b3595de3 [deps]: Update typescript-eslint monorepo to v8.54.0 (#976) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-06 14:34:42 +00:00
renovate[bot]
28f0ff4b24 [deps]: Update angular-cli monorepo to v21.1.2 (#982) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-05 10:11:28 -06:00
renovate[bot]
14fc69c810 [deps]: Update ngx-toastr to v20 (#989) 
* [deps]: Update ngx-toastr to v20

* Adjust to toastr v20

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Sven <svernyi@bitwarden.com>
 2026-02-04 13:44:40 -06:00
renovate[bot]
1ad0aea61f [deps]: Update prettier to v3.8.1 (#985) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-04 13:27:17 -05:00
renovate[bot]
f41156969c [deps]: Update angular monorepo (#981) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Jared <TheWolfBadger@gmail.com>
 2026-02-04 13:20:42 -05:00
renovate[bot]
39b151b1e0 [deps]: Update mini-css-extract-plugin to v2.10.0 (#984) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-04 13:05:34 -05:00
renovate[bot]
483f26fa6f [deps]: Update type-fest to v5.4.2 (#986) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-03 11:39:06 -05:00
renovate[bot]
8849385d1b [deps]: Update @angular/cdk to v21.1.1 (#980) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-02-03 09:41:55 -05:00
renovate[bot]
a7aff97360 [deps]: Lock file maintenance (#978) 
* [deps]: Lock file maintenance

* add COEP and COOP headers to enabled SharedArrayBuffer

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Brandon <btreston@bitwarden.com>
 2026-02-02 11:49:42 -05:00
renovate[bot]
7381857296 [deps]: Update gh minor (#973) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-29 14:19:11 -05:00
renovate[bot]
ba17d5b438 [deps]: Update electron-updater to v6.7.3 (#974) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-26 11:06:25 -06:00
Daniel James Smith
b5d31e693b Replace deprecated codecov/test-results-action with codecov/codecov-action with report_type set to test_results (#979) 
https://github.com/codecov/test-results-action?tab=readme-ov-file#%EF%B8%8F-deprecation-warning-%EF%B8%8F

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
 2026-01-23 08:06:18 -06:00
Brandon Treston
2854a2eba1 Update Angular to v21 (#972) 
* update jest to v.30.2.0

* ng update 21 wip

* update @angular/cdk@21

* NG 21 WIP

* @ngtools-webpack@21 and jest-preset-angular@16

* updated jest, add babel & jest-enveironment-jsdom

* add missing polyfils for TextEncoder & TextDecoder

* cleanup lock file

* tsconfig cleanup

* fix import

* cleanup

* clean up
 2026-01-21 08:37:52 +10:00
renovate[bot]
4485ecab3c [deps]: Update ldapts to v8.1.3 (#975) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-20 11:44:49 +10:00
renovate[bot]
9e3b2d2d95 [deps]: Update jest-mock-extended to v4 (#977) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-19 09:42:05 -05:00
renovate[bot]
b2997358dc [deps]: Lock file maintenance (#834) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-14 08:07:48 +10:00
renovate[bot]
db258f0191 [deps]: Update @angular/compiler to v20.3.16 [SECURITY] (#967) 
* [deps]: Update @angular/compiler to v20.3.16 [SECURITY]

* Upgrade all Angular packages

* Downgrade jest-mock-extended to support Jest 29

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
 2026-01-14 07:36:46 +10:00
Vincent Salucci
19d7884933 chore: bump version to 2026.1.0 (#969) 2026-01-12 11:32:43 -06:00
Jared McCannon
21ce02f431 [PM-26889] - Typescript 5.9 upgrade with updates (#965) 
* [deps]: Update typescript to v5.9.3

* Updated return types.

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-09 10:07:27 -06:00
renovate[bot]
1af8fc1067 [deps]: Update gh minor (#955) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-08 15:30:59 +10:00
renovate[bot]
6c2f54bad5 [deps]: Update webpack to v5.104.1 (#963) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-08 14:51:53 +10:00
renovate[bot]
bb9a6a61ee [deps]: Update sass to v1.97.1 (#956) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-06 15:00:07 -05:00
renovate[bot]
f0a19b6267 [deps]: Update actions/upload-artifact action to v6 (#958) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2026-01-06 14:51:01 +00:00
Mick Letofsky
220d6c02c7 Revert review Code Triggered by labeled event (#962) 2025-12-31 11:04:31 -05:00
Mick Letofsky
321db6e771 Review Code Triggered by labeled event (#961) 2025-12-30 18:15:46 +01:00
Daniel James Smith
554e14d7a8 Update copyright year to 2026 (#960) 2025-12-30 07:50:18 +10:00
renovate[bot]
f195e27938 [deps]: Update typescript-eslint monorepo to v8.50.0 (#957) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-23 10:33:04 +00:00
renovate[bot]
d1ac1e667e [deps]: Update eslint to v9 (#867) 
* [deps]: Update eslint to v9

* resolve lint errors, upgrade eslint, replace unmaintained packages

* refresh lockfile

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Brandon <btreston@bitwarden.com>
Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
 2025-12-19 19:48:36 -06:00
Mick Letofsky
b9867b131f Remove additional code review prompt file (#954) 2025-12-19 16:57:48 +01:00
renovate[bot]
bb165441ee [deps]: Update @types/node to v22.19.2 (#910) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-17 14:58:52 -06:00
renovate[bot]
b8964aa382 [deps]: Update angular-eslint monorepo to v20.7.0 (#940) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-16 11:47:23 -06:00
Vincent Salucci
db5268ccd1 chore: bump version to 2025.12.0 (#952) 
* chore: bump version to 2025.12.0

* chore: npm install to update package-lock
 2025-12-15 13:44:21 -06:00
renovate[bot]
9a719c9e4e [deps]: Update glob to v13 (#950) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-12 14:35:36 -06:00
renovate[bot]
2f49f4d5f1 [deps]: Update jest-mock-extended to v4 (#868) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2025-12-12 14:42:43 +00:00
102 changed files with 8456 additions and 9623 deletions
Expand all files Collapse all files

416
.claude/CLAUDE.md
View File

@@ -1,3 +1,7 @@
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
# Bitwarden Directory Connector
## Project Overview
@@ -20,6 +24,392 @@ Directory Connector is a TypeScript application that synchronizes users and grou
- Node
- Jest for testing
### Current Project Status
**Mission Critical but Deprioritized:** Directory Connector is used to sync customer directory services with their Bitwarden organization. While SCIM is the more modern cloud-hosted solution, not all directory services support SCIM, and SCIM is only available on Enterprise plans. Therefore, DC remains mission-critical infrastructure for many paying customers, but it's deprioritized in the codebase due to infrequent changes.
**Isolated Repository:** Unlike other Bitwarden client applications that live in a monorepo with shared core libraries, Directory Connector was kept separate when other TypeScript clients moved to the monorepo. It got its own copy of the jslib repo to avoid unnecessary regressions from apparently unrelated code changes in other clients. This severed it from the rest of the codebase, causing:
- Outdated dependencies that can't be updated (ES modules vs CommonJS conflicts)
- File/folder structure that doesn't match modern Bitwarden client patterns
- Accumulated technical debt requiring significant investment to pay down
- jslib contains unused code from all clients, but cannot be deleted due to monolithic/tightly coupled architecture
**Critical Issues (Current Status):**
-~~Electron, Node, and Angular are on unmaintained versions~~ **RESOLVED** - All updated (Electron 39, Node 20, Angular 21, TypeScript 5.9)
-`keytar` is archived (Dec 2022) and incompatible with Node v22, **blocking Node upgrades beyond v20** - **PRIMARY BLOCKER**
- ❌ No ESM support blocks dependency upgrades: googleapis, lowdb, chalk, inquirer, node-fetch, electron-store
- ⚠️ 70 dev dependencies + 31 runtime dependencies = excessive maintenance burden (count increased with Angular 21 tooling)
- ❌ StateService is a large pre-StateProvider monolith containing every getter/setter for all clients (PM-31159 In Progress)
-~~Angular CLI not used~~ **RESOLVED** - Angular CLI 21.1.2 now integrated with angular.json configuration
**Development Approach:** When working on this codebase, prioritize sustainability and maintainability over adding new features. Consider how changes will affect long-term maintenance burden.
## Tech Debt Roadmap
### Progress Summary
**Completed:**
- ✅ Phase 0 (Immediate Priority): All major dependencies upgraded (Node 20, Angular 21, TypeScript 5.9, Electron 39)
- ✅ Phase 6: Angular CLI integration complete
**In Progress:**
- 🔄 Phase 1: StateService rewrite (PM-31159)
**Blocked/Todo:**
- ❌ Phase 2: Remove remaining jslib code (blocked by Phase 1)
- ❌ Phase 3: Repository restructure (should be done before Phase 5)
- ⚠️ Phase 4: Replace Keytar **[CRITICAL BLOCKER]** - blocking Node v22+ upgrades
- ❌ Phase 5: ESM Support (blocked by Phase 3, needed for googleapis, lowdb, chalk, inquirer, etc.)
**Primary Blocker:** Keytar removal (Phase 4) is the most critical task as it blocks Node upgrades beyond v20.
---
### ✅ Immediate Priority: Unsupported Dependencies (COMPLETED)
**Upgrade Path (July 2025 release) - STATUS: COMPLETE**
All major version upgrades have been completed and exceeded targets:
1. ✅ Node 18.20.8 → 20.18 → **COMPLETE** (engines: `~20`, .nvmrc: `v20`)
2. ✅ Angular 17 → 18.2.x → **EXCEEDED** (now at **21.1.1**)
3. ✅ TypeScript 5.4.5 → 5.6.0 → **EXCEEDED** (now at **5.9.3**)
4. ✅ Electron 34 → 36 → **EXCEEDED** (now at **39.2.1**)
5. ✅ Angular matches clients monorepo version (21.x)
**Current Versions:**
- Node: v20 (project target), blocked from v22+ by keytar
- TypeScript: 5.9.3
- Angular: 21.1.1 (all packages)
- Electron: 39.2.1 (well beyond EOL target of 36)
- @yao-pkg/pkg: 5.16.1 (community fork replacing archived pkg)
**Note:** Further Node upgrades to v22+ are **blocked by keytar** (see Phase 4). Electron 36 was EOL October 2028, but we're already on 39.2.1.
### Phase 1: StateService Rewrite (PM-31159, In Progress)
**Problem:** StateService is a post-account-switching, pre-StateProvider monolith containing every getter/setter for all clients. This prevents deletion of unused data models and code. Never very stable, and more complex than DC needs (DC doesn't need account switching).
**Current Status:** 🔄 **Active PR** - [#990](https://github.com/bitwarden/directory-connector/pull/990) (Open, Author: @BTreston)
- PR created: Feb 2, 2026
- Last updated: Feb 5, 2026
- Files changed: 17 files (+1,512, -41 lines)
- Commits: 4 (scaffold, add tests, fix type issues, fix integration test)
**Implementation Details:**
**New Architecture:**
- Created `StateServiceVNext` interface (`src/abstractions/state-vNext.service.ts`)
- New implementation: `StateServiceVNextImplementation` (`src/services/state-service/state-vNext.service.ts`)
- New state model with flat key-value structure (`src/models/state.model.ts`)
- Comprehensive test suite: `state-vNext.service.spec.ts` (488 lines of tests)
**Storage Key Structure:**
```typescript
// vNext Storage Keys (Flat key-value structure)
StorageKeysVNext = {
stateVersion: "stateVersion",
directoryType: "directoryType",
organizationId: "organizationId",
directory_ldap: "directory_ldap",
directory_gsuite: "directory_gsuite",
directory_entra: "directory_entra",
directory_okta: "directory_okta",
directory_onelogin: "directory_onelogin",
sync: "sync",
syncingDir: "syncingDir",
};
// Secure storage keys for sensitive data
SecureStorageKeysVNext = {
ldap: "secret_ldap",
gsuite: "secret_gsuite",
azure: "secret_azure", // Backwards compatible with old name
entra: "secret_entra",
okta: "secret_okta",
oneLogin: "secret_oneLogin",
userDelta: "userDeltaToken",
groupDelta: "groupDeltaToken",
lastUserSync: "lastUserSync",
lastGroupSync: "lastGroupSync",
lastSyncHash: "lastSyncHash",
};
```
**Migration Strategy:**
- State version bumped to `StateVersion.Five` (`jslib/common/src/enums/stateVersion.ts`)
- Enhanced `StateMigrationService` to handle migration from old account-based structure to new flat structure
- Migration keys defined for backwards compatibility (`MigrationKeys`, `SecureStorageKeysMigration`)
- Temporary keys used during migration (`TempKeys`) to preserve data during transition
**File Organization:**
- State-related files moved to `src/services/state-service/` subdirectory:
- `state-vNext.service.ts` (new implementation)
- `state-vNext.service.spec.ts` (488 lines of tests)
- `state.service.ts` (legacy, moved from `src/services/`)
- `stateMigration.service.ts` (enhanced for v5 migration)
- New abstraction: `src/abstractions/state-vNext.service.ts`
- New model: `src/models/state.model.ts` (defines all storage keys)
**Integration:**
- Both old `StateService` and new `StateServiceVNext` injected in parallel during migration phase
- `DirectoryFactoryService` updated to accept both services
- Services module provides both implementations
- CLI (`bwdc.ts`) and GUI (`main.ts`) both instantiate new service alongside old one
**Chosen Approach Benefits:**
- Clean break with old StateService - high degree of certainty
- Simple and focused on DC's needs (no account switching, no rxjs)
- Flat key-value structure easier to maintain
- Versioning and migration capabilities included
- Keeps existing data.json around during transition
- All getters/setters in one place (acceptable for small application)
**Rejected Approaches:**
- Copy StateProvider from clients: Too complex (supports account switching, rxjs, syncing background/foreground contexts)
- Rewrite simplified StateService keeping current data structure: Commits us to previous decisions, keeps monolithic account objects
**Next Steps:**
- Complete PR review and merge
- Monitor for regressions during initial rollout
- After several releases, can remove old StateService and migration code
- Begin Phase 2: Remove remaining jslib code that was only needed by old StateService
### Phase 2: Remove Remaining jslib Code
After StateService is removed, review and delete old models and remaining services that referenced each other. jslib contains unused code from all clients that DC doesn't need.
### Phase 3: Restructure Repository (PM-31852, To Do)
**Current Structure:**
```
src/ # Both Electron and CLI app code
src-cli/ # package.json entry point for CLI only, no code
jslib/
├── common/ # Shared common code
├── node/ # Node specific code used in CLI
└── electron/ # Electron specific code used in GUI
```
**Target Structure:**
```
src-gui/ # Electron specific code only (combining src (partial) + jslib/electron)
src-cli/ # Node and CLI specific code only (combining src (partial) + jslib/node)
libs/ # Shared app-independent DC code, e.g. sync services (combining src (partial) + jslib/common)
```
**Why:** Makes subsequent changes (code reorganizing, ESM support) much easier. This should be done early in the modernization process.
### Phase 4: Replace Keytar (PM-12436, To Do) ⚠️ **CRITICAL BLOCKER**
**Problem:** `keytar` (OS secure storage for secrets) was archived December 2022 and is incompatible with Node v22, **actively blocking Node upgrades beyond v20**.
**Current Status:**
- `keytar`: **7.9.0** (still present in dependencies)
- **This is the #1 blocker preventing Node v22+ upgrades**
- All "Immediate Priority" dependencies have been upgraded, but further progress requires removing keytar
**Solution:** Migrate to Bitwarden's Rust implementation in `desktop_native` (same as clients monorepo did)
1. Implement Rust <-> NAPI integration (like `desktop_native/napi`) from Electron app to Rust code
2. Copy, rename, and expose necessary functions
3. Point to `desktop_native` crate using git link from DC repo (no need for SDK yet):
```rust
desktop_core = { git = "https://github.com/bitwarden/clients", rev = "00cf24972d944638bbd1adc00a0ae3eeabb6eb9a" }
```
**Important:** `keytar` uses wrong encoding on Windows (UTF-8 instead of UTF-16). Bitwarden uses UTF-16. Code should contain a migration - ensure old values are migrated correctly during testing.
**Priority:** This should be prioritized as it's blocking the Node upgrade path and has been archived for over 2 years.
### Phase 5: Add ESM Support (PM-31850, To Do)
**Problem:** No ESM module support prevents upgrading key dependencies.
**Blocked Dependencies (Current Status):**
- ❌ `googleapis`: **149.0.0** → current (major dependency, disabled in renovate.json5)
- ❌ `lowdb`: **1.0.0** → v7
- ❌ `@types/lowdb`: **1.0.15** (can be deleted once inquirer is upgraded)
- ❌ `@electron/notarize`: **2.5.0** → v3.0.1
- ❌ `chalk`: **4.1.2** → v5.3.0
- ❌ `inquirer`: **8.2.6** → v12.1.0
- ❌ `@types/inquirer`: **8.2.10** (should be deleted when inquirer upgraded)
- ❌ `node-fetch`: **2.7.0** → v3.3.2 (should use native Node fetch API when on Node >=21)
- ❌ `electron-store`: **8.2.0** → v10.1.0
**Status:** These dependencies remain blocked as expected. They will stay on old versions until:
1. Phase 3 (Repository Restructure) is complete
2. ESM support is implemented
3. Note: These ESM dependencies are primarily used in CLI build, so restructuring first (Phase 3) will limit the impact of ESM migration.
**Implementation:**
1. Update tsconfig.json and package.json configurations
2. Update import/export syntax to no longer use `require` statements
3. Upgrade dependencies to move away from CommonJS (ESM can import CommonJS, but not vice versa)
4. Trial and error
**Reference:** [Pure ESM package guide](https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c)
### Phase 6: Add Angular CLI (PM-31849, In Progress / Possibly Complete?)
**Problem:** Angular CLI provides great DX and makes it easier to manage Angular changes (e.g. auto-migrations). DC didn't use it.
**Current Status:**
- ✅ `@angular/cli`: **21.1.2** is now present in **runtime dependencies**
- ✅ `@angular/build`: **21.1.2** is present in dev dependencies
- ✅ All Angular tooling has been updated to v21.x
**Status:** ✅ **COMPLETE** - Angular CLI has been successfully integrated:
- `angular.json` configuration file exists
- `.angular/` cache directory present
- `@angular/cli` 21.1.2 in runtime dependencies
- `@angular/build` 21.1.2 in dev dependencies
- All Angular packages updated to v21.x
This migration provides improved DX and access to Angular's auto-migration tools for future updates.
### Additional Considerations
**Reduce Dependency Count:** Current state is 70 dev dependencies + 31 runtime dependencies (101 total). The dev dependency count increased from the original 66 due to Angular 21 upgrade adding additional tooling. After removing old code, review dependency list:
- Can we remove some after code cleanup?
- Could we reintegrate with monorepo to leverage Component Library and shared platform dependencies?
- **Risk:** Becomes tightly coupled with monorepo code → regression risk, move slower due to coupling
**GitHub Workflows:** Need review and modernization:
- PM-20478: Add check-run workflow for CI on community PRs
- PM-18290: Add linting workflow
- PM-18289: Update build workflow
- `pkg` and `pkg-fetch` for packaging Node runtime in CLI release are archived (fork exists but untrusted; clients vets all changes manually)
- Options: Make our own fork, or use Node's single executable binary support (investigate)
## Common Development Commands
### Desktop App (Electron + Angular)
**Initial Setup:**
```bash
npm install # Install dependencies (runs git submodule init automatically)
npm run rebuild # Rebuild native modules for Electron
```
**Development:**
```bash
npm run electron # Build and run desktop app with hot reload and debugging
npm run electron:ignore # Same as above but ignores certificate errors
```
**Building:**
```bash
npm run build # Build both main and renderer processes
npm run build:main # Build Electron main process only
npm run build:renderer # Build Angular renderer process only
npm run build:renderer:watch # Build renderer with file watching
```
**Distribution:**
```bash
npm run dist:mac # Create macOS distributable
npm run dist:win # Create Windows distributable
npm run dist:lin # Create Linux distributable
```
### CLI (bwdc)
**Development:**
```bash
npm run build:cli:watch # Build CLI with file watching
node ./build-cli/bwdc.js --help # Run the CLI from build output
```
**Production Build:**
```bash
npm run build:cli:prod # Build CLI for production
npm run dist:cli # Create platform-specific CLI executables (all platforms)
npm run dist:cli:mac # Create macOS CLI executable only
npm run dist:cli:win # Create Windows CLI executable only
npm run dist:cli:lin # Create Linux CLI executable only
```
### Testing
**Unit Tests:**
```bash
npm test # Run unit tests (excludes integration tests)
npm run test:watch # Run unit tests in watch mode
npm run test:watch:all # Run unit tests in watch mode (all files)
npm run test:types # Run TypeScript type checking without emitting files
```
**Integration Tests:**
```bash
npm run test:integration:setup # Set up Docker containers for LDAP testing
npm run test:integration # Run integration tests
npm run test:integration:watch # Run integration tests in watch mode
```
Integration tests require Docker and test against live directory services. The setup command creates OpenLDAP containers using docker-compose.yml.
### Linting & Formatting
```bash
npm run lint # Run ESLint and Prettier checks
npm run lint:fix # Auto-fix ESLint issues
npm run prettier # Format all files with Prettier
```
### Submodule Management
The `jslib` folder is a git submodule containing shared Bitwarden libraries:
```bash
npm run sub:update # Update submodule to latest remote version
npm run sub:pull # Pull latest changes in submodule
npm run sub:commit # Pull and commit submodule update
```
### Utility Commands
```bash
npm run reset # Remove keytar modules and reinstall (use when switching between CLI/desktop)
npm run clean:dist # Clean desktop distribution files
npm run clean:dist:cli # Clean CLI distribution files
```
**Important:** When switching between developing the desktop app and CLI, run `npm run reset` to avoid native module conflicts.
## Code Architecture & Structure
### Directory Organization
@@ -45,6 +435,32 @@ jslib/ # Legacy folder structure (mix of deprecated/unused and c
3. **Directory Service Pattern**: Each directory provider implements `IDirectoryService` interface
4. **Separation of Concerns**: GUI (Angular app) and CLI (commands) share the same service layer
### Core Synchronization Flow
The sync process follows this pattern:
1. **DirectoryFactoryService** (`src/services/directory-factory.service.ts`) - Creates the appropriate directory service based on DirectoryType configuration
2. **IDirectoryService** implementation (`src/services/directory-services/*.service.ts`) - Each provider (LDAP, Entra ID, Google, Okta, OneLogin) implements:
- `getEntries(force, test)` - Returns `[GroupEntry[], UserEntry[]]`
- Provider-specific authentication and API calls
3. **SyncService** (`src/services/sync.service.ts`) - Orchestrates the sync:
- Calls directory service to get entries
- Filters and deduplicates users/groups
- Uses BatchRequestBuilder or SingleRequestBuilder to format API requests
- Generates hash to detect changes and avoid redundant syncs
- Sends data to Bitwarden API via ApiService
4. **Request Builders** (`src/services/*-request-builder.ts`) - Transform directory entries into Bitwarden API format
### Shared Library (jslib)
The `jslib` folder is a git submodule containing shared Bitwarden code:
- Common services (API, Crypto, Storage, Auth)
- Platform utilities
- Shared models and abstractions
**Important:** This is legacy structure - do not add new code to jslib. New code should go in `src/`.
## Development Conventions
### Code Organization

239
.claude/plan.md Normal file
View File

@@ -0,0 +1,239 @@
# Phase 2 PR #1: Flatten Account Model - IMPLEMENTATION COMPLETE
## Status: ✅ COMPLETED
**Implementation Date:** February 13, 2026
**All tests passing:** 120/120 ✅
**TypeScript compilation:** Success ✅
---
## Summary
Successfully implemented Phase 2 PR #1: Flatten Account Model. The Account model has been simplified from 177 lines (51 + 126 inherited) to 51 lines, removing the BaseAccount inheritance and flattening nested structures into direct properties.
## Changes Implemented
### Files Modified (7 files)
1. **`jslib/common/src/enums/stateVersion.ts`**
- Added `StateVersion.Five` for the flattened Account structure
- Updated `StateVersion.Latest = Five`
2. **`src/models/account.ts`**
- Removed `extends BaseAccount` inheritance
- Removed `ClientKeys` class (redundant)
- Flattened 6 authentication fields to top level:
- `userId`, `entityId`, `apiKeyClientId`
- `accessToken`, `refreshToken`, `apiKeyClientSecret`
- Kept `DirectoryConfigurations` and `DirectorySettings` unchanged
- Added compatibility fields with FIXME comment for jslib infrastructure:
- `data?`, `keys?`, `profile?`, `settings?`, `tokens?` (optional, unused)
- Simplified constructor without Object.assign
3. **`src/services/stateMigration.service.ts`**
- Added `migrateStateFrom3To4()` placeholder migration
- Added `migrateStateFrom4To5()` to flatten nested → flat Account structure
- Updated `migrate()` method with new case statements for v3→v4 and v4→v5
- Updated `migrateStateFrom1To2()` to use flattened structure (removed `account.profile`, `account.clientKeys`)
4. **`src/services/auth.service.ts`**
- Removed imports: `AccountKeys`, `AccountProfile`, `AccountTokens`
- Simplified account creation from 26 lines to 10 lines (62% reduction)
- Direct property assignment instead of nested objects with spread operators
5. **`src/services/state.service.ts`**
- Changed `account.profile.userId``account.userId`
- Removed `account.settings` from `scaffoldNewAccountDiskStorage`
- Added `settings` back to `resetAccount` for base class compatibility (unused but required)
6. **`src/services/authService.spec.ts`**
- Removed imports: `AccountKeys`, `AccountProfile`, `AccountTokens`
- Updated test expectations to match new flat Account structure
### Files Created (1 file)
7. **`src/services/stateMigration.service.spec.ts`**
- Comprehensive migration test suite (5 tests, 210 lines)
- Tests flattening nested account structure
- Tests handling missing nested objects gracefully
- Tests empty account list
- Tests preservation of directory configurations and settings
- Tests state version update
## Code Reduction Achieved
- **Account model:** 177 lines (51 + 126 inherited) → 51 lines (71% reduction)
- **AuthService account creation:** 26 lines → 10 lines (62% reduction)
- **Import statements removed:** 5 jslib imports across multiple files
## Migration Logic
### State Version v4 → v5 Migration
The `migrateStateFrom4To5()` method handles conversion from nested to flat structure:
```typescript
// OLD (nested structure):
{
profile: {
userId: "CLIENT_ID",
entityId: "CLIENT_ID",
apiKeyClientId: "organization.CLIENT_ID"
},
tokens: {
accessToken: "token",
refreshToken: "refresh"
},
keys: {
apiKeyClientSecret: "secret"
}
}
// NEW (flat structure):
{
userId: "CLIENT_ID",
entityId: "CLIENT_ID",
apiKeyClientId: "organization.CLIENT_ID",
accessToken: "token",
refreshToken: "refresh",
apiKeyClientSecret: "secret"
}
```
**Migration Safety:**
- Null-safe property access with `??` operator
- Preserves all directory configurations and settings
- Falls back to userId if profile.userId doesn't exist
- Handles empty account lists gracefully
## Test Results
### Unit Tests: ✅ PASS
```
Test Suites: 14 passed, 14 total
Tests: 120 passed, 120 total
```
New tests added:
- `should flatten nested account structure`
- `should handle missing nested objects gracefully`
- `should handle empty account list`
- `should preserve directory configurations and settings`
- `should update state version after successful migration`
### TypeScript Compilation: ✅ PASS
```
npm run test:types
```
All type checks pass with zero errors.
## Technical Notes
### Compatibility Fields
Added optional compatibility fields to Account model to satisfy jslib infrastructure type constraints:
```typescript
// FIXME: Remove these compatibility fields after StateServiceVNext migration (PR #990) is merged
// These fields are unused but required for type compatibility with jslib's StateService infrastructure
data?: any;
keys?: any;
profile?: any;
settings?: any;
tokens?: any;
```
These will be removed after PR #990 (StateServiceVNext) merges and old StateService is deleted.
### Key Architectural Decision
Chose to add compatibility fields rather than refactor entire jslib infrastructure because:
1. PR #990 (StateServiceVNext) will eventually replace this infrastructure
2. Minimizes changes needed in this PR
3. Avoids conflicts with PR #990
4. Can be cleaned up later
## What This Enables
### Immediate Benefits
- ✅ Simplified Account model (71% code reduction)
- ✅ Clearer authentication field structure
- ✅ Easier debugging (no nested property access)
- ✅ Self-documenting code (obvious what DC needs)
### Enables Future Work
- **Phase 2 PR #2:** Remove StateFactory infrastructure
- **Phase 2 PR #3:** Delete ~90 unused jslib files including:
- EncString (only used by old nested Account)
- SymmetricCryptoKey (only used by old nested Account)
- OrganizationData (completely unused)
- ProviderData (completely unused)
- AccountKeys, AccountProfile, AccountTokens, AccountData, AccountSettings
## Merge Strategy
**Conflict Management:**
- This PR targets current codebase (with old StateService)
- Will conflict with PR #990 (StateServiceVNext) when it merges
- Plan: Rebase this PR after #990 merges
- Expected conflicts: StateService files, Account model structure
- Resolution: Keep StateServiceVNext changes, apply Account flattening to new structure
## Next Steps
1. **Review & Test:** Thorough code review and manual testing
2. **Create PR:** Open PR with comprehensive description and test results
3. **Manual Testing Scenarios:**
- Fresh installation → authentication flow
- Existing installation → migration runs successfully
- All directory types → configuration persists correctly
- CLI authentication → flat structure works
4. **After Merge:**
- Begin Phase 2 PR #2: Remove StateFactory Infrastructure
- Monitor for any migration issues in production
## Related Work
- **Depends On:** None (can merge independently)
- **Blocks:** Phase 2 PR #2 (Remove StateFactory), Phase 2 PR #3 (Delete Unused jslib Files)
- **Conflicts With:** PR #990 (StateServiceVNext) - plan to rebase after #990 merges
- **Part Of:** Phase 2 tech debt cleanup (see CLAUDE.md)
---
## Original Implementation Plan
[The original detailed step-by-step plan from the conversation has been preserved below for reference]
### Context
Directory Connector's Account model currently extends jslib's BaseAccount, inheriting 126 lines of complex nested structures designed for multi-account password manager features that DC doesn't use. This inheritance creates unnecessary coupling and blocks cleanup of unused jslib dependencies.
**Current State:**
- Account extends BaseAccount with nested objects: `profile.userId`, `tokens.accessToken`, `keys.apiKeyClientSecret`
- Only 6 fields from BaseAccount are actually used by DC
- 120+ lines of inherited code (AccountData, AccountKeys, AccountProfile, AccountSettings, AccountTokens) are unused
- Creates dependencies on EncString, SymmetricCryptoKey, OrganizationData, ProviderData that DC never uses
**Problem:**
- Unnecessary complexity for a single-account application
- Blocks deletion of unused jslib models (Phase 2 goal)
- Verbose account creation code (26 lines to set 6 fields)
- Difficult to understand what DC actually needs
**Goal:**
Flatten Account model to contain only the 8 fields DC uses, removing BaseAccount inheritance. This enables Phase 2 PR #2 and PR #3 to delete ~90 unused jslib files.
[Rest of original plan preserved in conversation transcript]

27
.claude/prompts/review-code.md
View File

@@ -1,27 +0,0 @@
Please review this pull request with a focus on:
- Code quality and best practices
- Potential bugs or issues
- Security implications
- Performance considerations
Note: The PR branch is already checked out in the current working directory.
Provide a comprehensive review including:
- Summary of changes since last review
- Critical issues found (be thorough)
- Suggested improvements (be thorough)
- Good practices observed (be concise - list only the most notable items without elaboration)
- Action items for the author
- Leverage collapsible <details> sections where appropriate for lengthy explanations or code
snippets to enhance human readability
When reviewing subsequent commits:
- Track status of previously identified issues (fixed/unfixed/reopened)
- Identify NEW problems introduced since last review
- Note if fixes introduced new issues
IMPORTANT: Be comprehensive about issues and improvements. For good practices, be brief - just note
what was done well without explaining why or praising excessively.

130
.claude/skills/commonjs-to-esm/skill.md Normal file
View File

@@ -0,0 +1,130 @@
---
userInvocable: true
---
# CommonJS to ESM Conversion
Convert a file (or files) from CommonJS module syntax to ECMAScript Modules (ESM).
## Usage
```
/commonjs-to-esm <file-path> [additional-file-paths...]
```
## Parameters
- `file-path` - Path to the file(s) to convert from CommonJS to ESM
## Examples
```
/commonjs-to-esm src/services/auth.service.ts
/commonjs-to-esm src/utils/helper.ts src/utils/parser.ts
```
## Process
This skill performs a comprehensive analysis and planning process:
### 1. Analyze Target File(s)
For each file to convert:
- Read the file contents
- Identify its purpose and functionality
- Catalog all CommonJS patterns used:
- `require()` statements
- `module.exports` assignments
- `exports.x = ...` assignments
- Dynamic requires
- `__dirname` and `__filename` usage
### 2. Find Dependents
- Search for all files that import/require the target file(s)
- Identify the import patterns used by dependents
- Map the dependency tree to understand impact scope
### 3. Analyze Dependencies
- List all modules the target file(s) depend on
- Determine if dependencies support ESM
- Identify potential blocking dependencies (CommonJS-only packages)
- Check for dynamic imports that may need special handling
### 4. Identify Conversion Challenges
Common issues to flag:
- `__dirname` and `__filename` (need `import.meta.url` conversion)
- Dynamic `require()` calls (need `import()` conversion)
- Conditional requires (need refactoring)
- JSON imports (need `assert { type: 'json' }`)
- CommonJS-only dependencies (may block conversion)
- Circular dependencies (may need restructuring)
### 5. Generate Conversion Plan
Create a step-by-step plan that includes:
**Target File Changes:**
- Convert `require()` to `import` statements
- Convert `module.exports` to `export` statements
- Update `__dirname`/`__filename` to use `import.meta.url`
- Handle dynamic imports appropriately
- Update file extensions if needed (e.g., `.js` to `.mjs`)
**Dependent File Changes:**
- Update all import statements in dependent files
- Ensure consistent naming (default vs named exports)
- Update path references if extensions change
**Configuration Changes:**
- `package.json`: Add `"type": "module"` or use `.mjs` extension
- `tsconfig.json`: Update `module` and `moduleResolution` settings
- Build tools: Update bundler/compiler configurations
**Testing Strategy:**
- Run unit tests after conversion
- Verify no runtime errors from import changes
- Check that all exports are accessible
- Test dynamic import scenarios
### 6. Risk Assessment
Evaluate:
- Number of files affected
- Complexity of CommonJS patterns used
- Presence of blocking dependencies
- Potential for breaking changes
### 7. Present Plan
Output a structured plan with:
- Summary of changes needed
- Ordered steps for execution
- List of files to modify
- Configuration changes required
- Testing checkpoints
- Risk factors and mitigation strategies
- Estimated scope (small/medium/large change)
## Notes
- ESM is **not** compatible with CommonJS in all cases - ESM can import CommonJS, but CommonJS **cannot** require ESM
- This means conversions should generally proceed from leaf dependencies upward
- Some packages remain CommonJS-only and may block full conversion
- The skill generates a plan but does NOT automatically execute the conversion - review and approve first
## References
- [Pure ESM package guide](https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c)
- [Node.js ESM documentation](https://nodejs.org/api/esm.html)
- [TypeScript ESM support](https://www.typescriptlang.org/docs/handbook/esm-node.html)

11
.eslintignore
View File

@@ -1,11 +0,0 @@
dist
build
build-cli
coverage
webpack.cli.js
webpack.main.js
webpack.renderer.js
**/node_modules
**/jest.config.js

95
.eslintrc.json
View File

@@ -1,95 +0,0 @@
{
"root": true,
"env": {
"browser": true,
"node": true
},
"overrides": [
{
"files": ["*.ts", "*.js"],
"plugins": ["@typescript-eslint", "rxjs", "rxjs-angular", "import"],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"project": ["./tsconfig.eslint.json"],
"sourceType": "module",
"ecmaVersion": 2020
},
"extends": [
"eslint:recommended",
"plugin:@typescript-eslint/recommended",
"plugin:import/recommended",
"plugin:import/typescript",
"prettier",
"plugin:rxjs/recommended"
],
"settings": {
"import/parsers": {
"@typescript-eslint/parser": [".ts"]
},
"import/resolver": {
"typescript": {
"alwaysTryTypes": true
}
}
},
"rules": {
"@typescript-eslint/explicit-member-accessibility": [
"error",
{ "accessibility": "no-public" }
],
"@typescript-eslint/no-explicit-any": "off", // TODO: This should be re-enabled
"@typescript-eslint/no-misused-promises": ["error", { "checksVoidReturn": false }],
"@typescript-eslint/no-this-alias": ["error", { "allowedNames": ["self"] }],
"@typescript-eslint/no-unused-vars": ["error", { "args": "none" }],
"no-console": "error",
"import/no-unresolved": "off", // TODO: Look into turning off once each package is an actual package.
"import/order": [
"error",
{
"alphabetize": {
"order": "asc"
},
"newlines-between": "always",
"pathGroups": [
{
"pattern": "@/jslib/**/*",
"group": "external",
"position": "after"
},
{
"pattern": "@/src/**/*",
"group": "parent",
"position": "before"
}
],
"pathGroupsExcludedImportTypes": ["builtin"]
}
],
"rxjs-angular/prefer-takeuntil": "error",
"rxjs/no-exposed-subjects": ["error", { "allowProtected": true }],
"no-restricted-syntax": [
"error",
{
"message": "Calling `svgIcon` directly is not allowed",
"selector": "CallExpression[callee.name='svgIcon']"
},
{
"message": "Accessing FormGroup using `get` is not allowed, use `.value` instead",
"selector": "ChainExpression[expression.object.callee.property.name='get'][expression.property.name='value']"
}
],
"curly": ["error", "all"],
"import/namespace": ["off"], // This doesn't resolve namespace imports correctly, but TS will throw for this anyway
"no-restricted-imports": ["error", { "patterns": ["src/**/*"] }]
}
},
{
"files": ["*.html"],
"parser": "@angular-eslint/template-parser",
"plugins": ["@angular-eslint/template"],
"rules": {
"@angular-eslint/template/button-has-type": "error"
}
}
]
}

23
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -9,26 +9,3 @@
## 📸 Screenshots
<!-- Required for any UI changes; delete if not applicable. Use fixed width images for better display. -->
## ⏰ Reminders before review
- Contributor guidelines followed
- All formatters and local linters executed and passed
- Written new unit and / or integration tests where applicable
- Used internationalization (i18n) for all UI strings
- CI builds passed
- Communicated to DevOps any deployment requirements
- Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team
## 🦮 Reviewer guidelines
<!-- Suggested interactions but feel free to use (or not) as you desire! -->
- 👍 (`:+1:`) or similar for great changes
- 📝 (`:memo:`) or (`:information_source:`) for notes or general info
- ❓ (`:question:`) for questions
- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
- 🎨 (`:art:`) for suggestions / improvements
- ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention
- 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt
- ⛏ (`:pick:`) for minor or nitpick changes

52
.github/workflows/build.yml vendored
View File

@@ -23,7 +23,7 @@ jobs:
node_version: ${{ steps.retrieve-node-version.outputs.node_version }}
steps:
- name: Checkout repo
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
@@ -51,12 +51,12 @@ jobs:
contents: read
steps:
- name: Checkout repo
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Set up Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
cache: 'npm'
cache-dependency-path: '**/package-lock.json'
@@ -111,7 +111,7 @@ jobs:
fi
- name: Upload Linux Zip to GitHub
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
path: ./dist-cli/bwdc-linux-${{ env._PACKAGE_VERSION }}.zip
@@ -129,12 +129,12 @@ jobs:
_NODE_VERSION: ${{ needs.setup.outputs.node_version }}
steps:
- name: Checkout repo
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Set up Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
cache: 'npm'
cache-dependency-path: '**/package-lock.json'
@@ -182,7 +182,7 @@ jobs:
fi
- name: Upload Mac Zip to GitHub
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
path: ./dist-cli/bwdc-macos-${{ env._PACKAGE_VERSION }}.zip
@@ -200,7 +200,7 @@ jobs:
_NODE_VERSION: ${{ needs.setup.outputs.node_version }}
steps:
- name: Checkout repo
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
@@ -209,7 +209,7 @@ jobs:
choco install checksum --no-progress
- name: Set up Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
cache: 'npm'
cache-dependency-path: '**/package-lock.json'
@@ -258,7 +258,7 @@ jobs:
}
- name: Upload Windows Zip to GitHub
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
path: ./dist-cli/bwdc-windows-${{ env._PACKAGE_VERSION }}.zip
@@ -279,12 +279,12 @@ jobs:
HUSKY: 0
steps:
- name: Checkout repo
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Set up Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
cache: 'npm'
cache-dependency-path: '**/package-lock.json'
@@ -338,28 +338,28 @@ jobs:
SIGNING_CERT_NAME: ${{ steps.retrieve-secrets.outputs.code-signing-cert-name }}
- name: Upload Portable Executable to GitHub
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe
path: ./dist/Bitwarden-Connector-Portable-${{ env._PACKAGE_VERSION }}.exe
if-no-files-found: error
- name: Upload Installer Executable to GitHub
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe
path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe
if-no-files-found: error
- name: Upload Installer Executable Blockmap to GitHub
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap
path: ./dist/Bitwarden-Connector-Installer-${{ env._PACKAGE_VERSION }}.exe.blockmap
if-no-files-found: error
- name: Upload latest auto-update artifact
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: latest.yml
path: ./dist/latest.yml
@@ -379,12 +379,12 @@ jobs:
HUSKY: 0
steps:
- name: Checkout repo
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Set up Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
cache: 'npm'
cache-dependency-path: '**/package-lock.json'
@@ -411,14 +411,14 @@ jobs:
run: npm run dist:lin
- name: Upload AppImage
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-x86_64.AppImage
if-no-files-found: error
- name: Upload latest auto-update artifact
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: latest-linux.yml
path: ./dist/latest-linux.yml
@@ -439,12 +439,12 @@ jobs:
HUSKY: 0
steps:
- name: Checkout repo
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Set up Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
cache: 'npm'
cache-dependency-path: '**/package-lock.json'
@@ -542,28 +542,28 @@ jobs:
CSC_FOR_PULL_REQUEST: true
- name: Upload .zip artifact
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip
path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}-mac.zip
if-no-files-found: error
- name: Upload .dmg artifact
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg
path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg
if-no-files-found: error
- name: Upload .dmg Blockmap artifact
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap
path: ./dist/Bitwarden-Connector-${{ env._PACKAGE_VERSION }}.dmg.blockmap
if-no-files-found: error
- name: Upload latest auto-update artifact
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: latest-mac.yml
path: ./dist/latest-mac.yml

12
.github/workflows/integration-test.yml vendored
View File

@@ -40,7 +40,7 @@ jobs:
steps:
- name: Check out repo
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
@@ -52,7 +52,7 @@ jobs:
echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
- name: Set up Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
cache: 'npm'
cache-dependency-path: '**/package-lock.json'
@@ -129,7 +129,7 @@ jobs:
- name: Report test results
id: report
uses: dorny/test-reporter@dc3a92680fcc15842eef52e8c4606ea7ce6bd3f3 # v2.1.1
uses: dorny/test-reporter@b082adf0eced0765477756c2a610396589b8c637 # v2.5.0
# This will skip the job if it's a pull request from a fork, because that won't have permission to upload test results.
# PRs from the repository and all other events are OK.
if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.pull_request.head.repo.full_name == github.repository) && !cancelled()
@@ -140,7 +140,9 @@ jobs:
fail-on-error: true
- name: Upload coverage to codecov.io
uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # v5.2.0
uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
- name: Upload results to codecov.io
uses: codecov/test-results-action@4e79e65778be1cecd5df25e14af1eafb6df80ea9 # v1.0.2
uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
with:
report_type: test_results

46
.github/workflows/lint.yml vendored Normal file
View File

@@ -0,0 +1,46 @@
name: Lint
on:
workflow_dispatch:
push:
branches:
- "main"
- "rc"
- "hotfix-rc"
pull_request:
permissions:
contents: read
jobs:
lint:
name: Run linter
if: ${{ startsWith(github.head_ref, 'version_bump_') == false }}
runs-on: ubuntu-24.04
steps:
- name: Check out repo
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- name: Get Node version
id: retrieve-node-version
run: |
NODE_NVMRC=$(cat .nvmrc)
NODE_VERSION=${NODE_NVMRC/v/''}
echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
- name: Set up Node
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
cache: 'npm'
cache-dependency-path: '**/package-lock.json'
node-version: ${{ steps.retrieve-node-version.outputs.node_version }}
- name: Install Node dependencies
run: npm ci
- name: Run ESLint and Prettier
run: npm run lint

4
.github/workflows/release.yml vendored
View File

@@ -26,7 +26,7 @@ jobs:
release_version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout repo
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
@@ -75,7 +75,7 @@ jobs:
- name: Create release
if: ${{ inputs.release_type != 'Dry Run' }}
uses: ncipollo/release-action@cdcc88a9acf3ca41c16c37bb7d21b9ad48560d87 # v1.15.0
uses: ncipollo/release-action@b7eabc95ff50cbeeedec83973935c8f306dfcd0b # v1.20.0
env:
PKG_VERSION: ${{ needs.setup.outputs.release_version }}
with:

2
.github/workflows/review-code.yml vendored
View File

@@ -2,7 +2,7 @@ name: Code Review
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
types: [opened, synchronize, reopened]
permissions: {}

12
.github/workflows/test.yml vendored
View File

@@ -22,7 +22,7 @@ jobs:
steps:
- name: Check out repo
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
@@ -34,7 +34,7 @@ jobs:
echo "node_version=$NODE_VERSION" >> "$GITHUB_OUTPUT"
- name: Set up Node
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
with:
cache: 'npm'
cache-dependency-path: '**/package-lock.json'
@@ -53,7 +53,7 @@ jobs:
run: npm run test --coverage
- name: Report test results
uses: dorny/test-reporter@dc3a92680fcc15842eef52e8c4606ea7ce6bd3f3 # v2.1.1
uses: dorny/test-reporter@b082adf0eced0765477756c2a610396589b8c637 # v2.5.0
# This will skip the job if it's a pull request from a fork, because that won't have permission to upload test results.
# PRs from the repository and all other events are OK.
if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch' || github.event.pull_request.head.repo.full_name == github.repository) && !cancelled()
@@ -64,7 +64,9 @@ jobs:
fail-on-error: true
- name: Upload coverage to codecov.io
uses: codecov/codecov-action@5a605bd92782ce0810fa3b8acc235c921b497052 # v5.2.0
uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
- name: Upload results to codecov.io
uses: codecov/test-results-action@4e79e65778be1cecd5df25e14af1eafb6df80ea9 # v1.0.2
uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
with:
report_type: test_results

4
.github/workflows/version-bump.yml vendored
View File

@@ -42,7 +42,7 @@ jobs:
uses: bitwarden/gh-actions/azure-logout@main
- name: Generate GH App token
uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
id: app-token
with:
app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
@@ -50,7 +50,7 @@ jobs:
permission-contents: write
- name: Checkout Branch
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
token: ${{ steps.app-token.outputs.token }}
persist-credentials: true

10
angular.json
View File

@@ -18,15 +18,17 @@
"prefix": "app",
"architect": {
"build": {
"builder": "@angular-devkit/build-angular:browser",
"builder": "@angular/build:application",
"options": {
"outputPath": "dist",
"outputPath": {
"base": "dist"
},
"index": "src/index.html",
"main": "src/main.ts",
"tsConfig": "tsconfig.json",
"assets": [],
"styles": [],
"scripts": []
"scripts": [],
"browser": "src/main.ts"
}
}
}

6
electron-builder.json
View File

@@ -4,13 +4,13 @@
},
"productName": "Bitwarden Directory Connector",
"appId": "com.bitwarden.directory-connector",
"copyright": "Copyright © 2015-2022 Bitwarden Inc.",
"copyright": "Copyright © 2015-2026 Bitwarden Inc.",
"directories": {
"buildResources": "resources",
"output": "dist",
"app": "build"
},
"afterSign": "scripts/notarize.js",
"afterSign": "scripts/notarize.mjs",
"mac": {
"artifactName": "Bitwarden-Connector-${version}-mac.${ext}",
"category": "public.app-category.productivity",
@@ -22,7 +22,7 @@
},
"win": {
"target": ["portable", "nsis"],
"sign": "scripts/sign.js"
"sign": "scripts/sign.mjs"
},
"linux": {
"category": "Utility",

149
eslint.config.mjs Normal file
View File

@@ -0,0 +1,149 @@
// @ts-check
import eslint from "@eslint/js";
import tsParser from "@typescript-eslint/parser";
import tsPlugin from "@typescript-eslint/eslint-plugin";
import prettierConfig from "eslint-config-prettier";
import importPlugin from "eslint-plugin-import";
import rxjsX from "eslint-plugin-rxjs-x";
import rxjsAngularX from "eslint-plugin-rxjs-angular-x";
import angularEslint from "@angular-eslint/eslint-plugin-template";
import angularParser from "@angular-eslint/template-parser";
import globals from "globals";
export default [
// Global ignores (replaces .eslintignore)
{
ignores: [
"dist/**",
"dist-cli/**",
"build/**",
"build-cli/**",
"coverage/**",
"**/*.cjs",
"eslint.config.mjs",
"scripts/**/*.js",
"**/node_modules/**",
],
},
// Base config for all JavaScript/TypeScript files
{
files: ["**/*.ts", "**/*.js"],
languageOptions: {
ecmaVersion: 2020,
sourceType: "module",
parser: tsParser,
parserOptions: {
project: ["./tsconfig.eslint.json"],
},
globals: {
...globals.browser,
...globals.node,
},
},
plugins: {
"@typescript-eslint": tsPlugin,
import: importPlugin,
"rxjs-x": rxjsX,
"rxjs-angular-x": rxjsAngularX,
},
settings: {
"import/parsers": {
"@typescript-eslint/parser": [".ts"],
},
"import/resolver": {
typescript: {
alwaysTryTypes: true,
},
},
},
rules: {
// ESLint recommended rules
...eslint.configs.recommended.rules,
// TypeScript ESLint recommended rules
...tsPlugin.configs.recommended.rules,
// Import plugin recommended rules
...importPlugin.flatConfigs.recommended.rules,
// RxJS recommended rules
...rxjsX.configs.recommended.rules,
// Custom project rules
"@typescript-eslint/explicit-member-accessibility": ["error", { accessibility: "no-public" }],
"@typescript-eslint/no-explicit-any": "off", // TODO: This should be re-enabled
"@typescript-eslint/no-misused-promises": ["error", { checksVoidReturn: false }],
"@typescript-eslint/no-this-alias": ["error", { allowedNames: ["self"] }],
"@typescript-eslint/no-unused-vars": ["error", { args: "none" }],
"no-console": "error",
"import/no-unresolved": "off", // TODO: Look into turning on once each package is an actual package.
"import/order": [
"error",
{
alphabetize: {
order: "asc",
},
"newlines-between": "always",
pathGroups: [
{
pattern: "@/jslib/**/*",
group: "external",
position: "after",
},
{
pattern: "@/src/**/*",
group: "parent",
position: "before",
},
],
pathGroupsExcludedImportTypes: ["builtin"],
},
],
"rxjs-angular-x/prefer-takeuntil": "error",
"rxjs-x/no-exposed-subjects": ["error", { allowProtected: true }],
"no-restricted-syntax": [
"error",
{
message: "Calling `svgIcon` directly is not allowed",
selector: "CallExpression[callee.name='svgIcon']",
},
{
message: "Accessing FormGroup using `get` is not allowed, use `.value` instead",
selector:
"ChainExpression[expression.object.callee.property.name='get'][expression.property.name='value']",
},
],
curly: ["error", "all"],
"import/namespace": ["off"], // This doesn't resolve namespace imports correctly, but TS will throw for this anyway
"no-restricted-imports": ["error", { patterns: ["src/**/*"] }],
},
},
// Jest test files (includes any test-related files)
{
files: ["**/*.spec.ts", "**/test.setup.ts", "**/spec/**/*.ts", "**/utils/**/*fixtures*.ts"],
languageOptions: {
globals: {
...globals.jest,
},
},
},
// Angular HTML templates
{
files: ["**/*.html"],
languageOptions: {
parser: angularParser,
},
plugins: {
"@angular-eslint/template": angularEslint,
},
rules: {
"@angular-eslint/template/button-has-type": "error",
},
},
// Prettier config (must be last to override other configs)
prettierConfig,
];

17
jest.config.js → jest.config.mjs
View File

@@ -1,14 +1,14 @@
const { pathsToModuleNameMapper } = require("ts-jest");
const { compilerOptions } = require("./tsconfig");
import { pathsToModuleNameMapper } from "ts-jest";
import tsconfig from "./tsconfig.json" with { type: "json" };
const tsPreset = require("ts-jest/jest-preset");
const angularPreset = require("jest-preset-angular/jest-preset");
const { defaultTransformerOptions } = require("jest-preset-angular/presets");
import angularPresetsModule from "jest-preset-angular/presets/index.js";
const { defaultTransformerOptions } = angularPresetsModule;
const { compilerOptions } = tsconfig;
/** @type {import('ts-jest').JestConfigWithTsJest} */
module.exports = {
// ...tsPreset,
// ...angularPreset,
export default {
preset: "jest-preset-angular",
reporters: ["default", "jest-junit"],
@@ -26,7 +26,6 @@ module.exports = {
modulePaths: [compilerOptions.baseUrl],
moduleNameMapper: pathsToModuleNameMapper(compilerOptions.paths, { prefix: "<rootDir>/" }),
setupFilesAfterEnv: ["<rootDir>/test.setup.ts"],
// Workaround for a memory leak that crashes tests in CI:
// https://github.com/facebook/jest/issues/9430#issuecomment-1149882002
// Also anecdotally improves performance when run locally

5
jslib/angular/src/components/modal/modal.ref.ts
View File

@@ -1,5 +1,4 @@
import { Observable, Subject } from "rxjs";
import { first } from "rxjs/operators";
import { lastValueFrom, Observable, Subject } from "rxjs";
export class ModalRef {
onCreated: Observable<HTMLElement>; // Modal added to the DOM.
@@ -45,6 +44,6 @@ export class ModalRef {
}
onClosedPromise(): Promise<any> {
return this.onClosed.pipe(first()).toPromise();
return lastValueFrom(this.onClosed);
}
}

116
jslib/angular/src/components/toastr.component.ts
View File

@@ -1,75 +1,77 @@
import { animate, state, style, transition, trigger } from "@angular/animations";
import { CommonModule } from "@angular/common";
import { Component, ModuleWithProviders, NgModule } from "@angular/core";
import {
DefaultNoComponentGlobalConfig,
GlobalConfig,
Toast as BaseToast,
ToastPackage,
ToastrService,
TOAST_CONFIG,
} from "ngx-toastr";
import { DefaultNoComponentGlobalConfig, GlobalConfig, Toast, TOAST_CONFIG } from "ngx-toastr";
@Component({
selector: "[toast-component2]",
template: `
<button
*ngIf="options.closeButton"
(click)="remove()"
type="button"
class="toast-close-button"
aria-label="Close"
>
<span aria-hidden="true">&times;</span>
</button>
@if (options().closeButton) {
<button (click)="remove()" type="button" class="toast-close-button" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
}
<div class="icon">
<i></i>
</div>
<div>
<div *ngIf="title" [class]="options.titleClass" [attr.aria-label]="title">
{{ title }} <ng-container *ngIf="duplicatesCount">[{{ duplicatesCount + 1 }}]</ng-container>
</div>
<div
*ngIf="message && options.enableHtml"
role="alertdialog"
aria-live="polite"
[class]="options.messageClass"
[innerHTML]="message"
></div>
<div
*ngIf="message && !options.enableHtml"
role="alertdialog"
aria-live="polite"
[class]="options.messageClass"
[attr.aria-label]="message"
>
{{ message }}
</div>
</div>
<div *ngIf="options.progressBar">
<div class="toast-progress" [style.width]="width + '%'"></div>
@if (title()) {
<div [class]="options().titleClass" [attr.aria-label]="title()">
{{ title() }}
@if (duplicatesCount) {
[{{ duplicatesCount + 1 }}]
}
</div>
}
@if (message() && options().enableHtml) {
<div
role="alertdialog"
aria-live="polite"
[class]="options().messageClass"
[innerHTML]="message()"
></div>
}
@if (message() && !options().enableHtml) {
<div
role="alertdialog"
aria-live="polite"
[class]="options().messageClass"
[attr.aria-label]="message()"
>
{{ message() }}
</div>
}
</div>
@if (options().progressBar) {
<div>
<div class="toast-progress" [style.width]="width + '%'"></div>
</div>
}
`,
styles: `
:host {
&.toast-in {
animation: toast-animation var(--animation-duration) var(--animation-easing);
}
&.toast-out {
animation: toast-animation var(--animation-duration) var(--animation-easing) reverse
forwards;
}
}
@keyframes toast-animation {
from {
opacity: 0;
}
to {
opacity: 1;
}
}
`,
animations: [
trigger("flyInOut", [
state("inactive", style({ opacity: 0 })),
state("active", style({ opacity: 1 })),
state("removed", style({ opacity: 0 })),
transition("inactive => active", animate("{{ easeTime }}ms {{ easing }}")),
transition("active => removed", animate("{{ easeTime }}ms {{ easing }}")),
]),
],
preserveWhitespaces: false,
standalone: false,
})
export class BitwardenToast extends BaseToast {
constructor(
protected toastrService: ToastrService,
public toastPackage: ToastPackage,
) {
super(toastrService, toastPackage);
}
}
export class BitwardenToast extends Toast {}
export const BitwardenToastGlobalConfig: GlobalConfig = {
...DefaultNoComponentGlobalConfig,

4
jslib/angular/src/directives/autofocus.directive.ts
View File

@@ -1,7 +1,7 @@
import { Directive, ElementRef, Input, NgZone } from "@angular/core";
import { take } from "rxjs/operators";
import { take } from "rxjs";
import Utils from "@/jslib/common/src/misc/utils";
import { Utils } from "@/jslib/common/src/misc/utils";
@Directive({
selector: "[appAutofocus]",

4
jslib/angular/src/services/modal.service.ts
View File

@@ -9,7 +9,7 @@ import {
Type,
ViewContainerRef,
} from "@angular/core";
import { first } from "rxjs/operators";
import { first, firstValueFrom } from "rxjs";
import { DynamicModalComponent } from "../components/modal/dynamic-modal.component";
import { ModalInjector } from "../components/modal/modal-injector";
@@ -58,7 +58,7 @@ export class ModalService {
viewContainerRef.insert(modalComponentRef.hostView);
await modalRef.onCreated.pipe(first()).toPromise();
await firstValueFrom(modalRef.onCreated);
return [modalRef, modalComponentRef.instance.componentRef.instance];
}

195
jslib/common/spec/domain/encString.spec.ts
View File

@@ -1,195 +0,0 @@
import { Substitute, Arg } from "@fluffy-spoon/substitute";
import { CryptoService } from "@/jslib/common/src/abstractions/crypto.service";
import { EncryptionType } from "@/jslib/common/src/enums/encryptionType";
import { EncString } from "@/jslib/common/src/models/domain/encString";
import { SymmetricCryptoKey } from "@/jslib/common/src/models/domain/symmetricCryptoKey";
import { ContainerService } from "@/jslib/common/src/services/container.service";
describe("EncString", () => {
afterEach(() => {
(window as any).bitwardenContainerService = undefined;
});
describe("Rsa2048_OaepSha256_B64", () => {
it("constructor", () => {
const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
expect(encString).toEqual({
data: "data",
encryptedString: "3.data",
encryptionType: 3,
});
});
describe("parse existing", () => {
it("valid", () => {
const encString = new EncString("3.data");
expect(encString).toEqual({
data: "data",
encryptedString: "3.data",
encryptionType: 3,
});
});
it("invalid", () => {
const encString = new EncString("3.data|test");
expect(encString).toEqual({
encryptedString: "3.data|test",
encryptionType: 3,
});
});
});
describe("decrypt", () => {
const encString = new EncString(EncryptionType.Rsa2048_OaepSha256_B64, "data");
const cryptoService = Substitute.for<CryptoService>();
cryptoService.getOrgKey(null).resolves(null);
cryptoService.decryptToUtf8(encString, Arg.any()).resolves("decrypted");
beforeEach(() => {
(window as any).bitwardenContainerService = new ContainerService(cryptoService);
});
it("decrypts correctly", async () => {
const decrypted = await encString.decrypt(null);
expect(decrypted).toBe("decrypted");
});
it("result should be cached", async () => {
const decrypted = await encString.decrypt(null);
cryptoService.received(1).decryptToUtf8(Arg.any(), Arg.any());
expect(decrypted).toBe("decrypted");
});
});
});
describe("AesCbc256_B64", () => {
it("constructor", () => {
const encString = new EncString(EncryptionType.AesCbc256_B64, "data", "iv");
expect(encString).toEqual({
data: "data",
encryptedString: "0.iv|data",
encryptionType: 0,
iv: "iv",
});
});
describe("parse existing", () => {
it("valid", () => {
const encString = new EncString("0.iv|data");
expect(encString).toEqual({
data: "data",
encryptedString: "0.iv|data",
encryptionType: 0,
iv: "iv",
});
});
it("invalid", () => {
const encString = new EncString("0.iv|data|mac");
expect(encString).toEqual({
encryptedString: "0.iv|data|mac",
encryptionType: 0,
});
});
});
});
describe("AesCbc256_HmacSha256_B64", () => {
it("constructor", () => {
const encString = new EncString(EncryptionType.AesCbc256_HmacSha256_B64, "data", "iv", "mac");
expect(encString).toEqual({
data: "data",
encryptedString: "2.iv|data|mac",
encryptionType: 2,
iv: "iv",
mac: "mac",
});
});
it("valid", () => {
const encString = new EncString("2.iv|data|mac");
expect(encString).toEqual({
data: "data",
encryptedString: "2.iv|data|mac",
encryptionType: 2,
iv: "iv",
mac: "mac",
});
});
it("invalid", () => {
const encString = new EncString("2.iv|data");
expect(encString).toEqual({
encryptedString: "2.iv|data",
encryptionType: 2,
});
});
});
it("Exit early if null", () => {
const encString = new EncString(null);
expect(encString).toEqual({
encryptedString: null,
});
});
describe("decrypt", () => {
it("throws exception when bitwarden container not initialized", async () => {
const encString = new EncString(null);
expect.assertions(1);
try {
await encString.decrypt(null);
} catch (e) {
expect(e.message).toEqual("global bitwardenContainerService not initialized.");
}
});
it("handles value it can't decrypt", async () => {
const encString = new EncString(null);
const cryptoService = Substitute.for<CryptoService>();
cryptoService.getOrgKey(null).resolves(null);
cryptoService.decryptToUtf8(encString, Arg.any()).throws("error");
(window as any).bitwardenContainerService = new ContainerService(cryptoService);
const decrypted = await encString.decrypt(null);
expect(decrypted).toBe("[error: cannot decrypt]");
expect(encString).toEqual({
decryptedValue: "[error: cannot decrypt]",
encryptedString: null,
});
});
it("passes along key", async () => {
const encString = new EncString(null);
const key = Substitute.for<SymmetricCryptoKey>();
const cryptoService = Substitute.for<CryptoService>();
cryptoService.getOrgKey(null).resolves(null);
(window as any).bitwardenContainerService = new ContainerService(cryptoService);
await encString.decrypt(null, key);
cryptoService.received().decryptToUtf8(encString, key);
});
});
});

61
jslib/common/spec/domain/symmetricCryptoKey.spec.ts
View File

@@ -9,7 +9,7 @@ describe("SymmetricCryptoKey", () => {
new SymmetricCryptoKey(null);
};
expect(t).toThrowError("Must provide key");
expect(t).toThrow("Must provide key");
});
describe("guesses encKey from key length", () => {
@@ -17,48 +17,45 @@ describe("SymmetricCryptoKey", () => {
const key = makeStaticByteArray(32);
const cryptoKey = new SymmetricCryptoKey(key);
expect(cryptoKey.encType).toBe(0);
expect(cryptoKey.keyB64).toBe("AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=");
expect(cryptoKey.encKeyB64).toBe("AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=");
expect(cryptoKey.macKey).toBeNull();
expect(cryptoKey.key).toBeInstanceOf(ArrayBuffer);
expect(cryptoKey.encKey).toBeInstanceOf(ArrayBuffer);
expect(cryptoKey.key.byteLength).toBe(32);
expect(cryptoKey.encKey.byteLength).toBe(32);
expect(cryptoKey).toEqual({
encKey: key,
encKeyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
encType: 0,
key: key,
keyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
macKey: null,
});
});
it("AesCbc128_HmacSha256_B64", () => {
const key = makeStaticByteArray(32);
const cryptoKey = new SymmetricCryptoKey(key, EncryptionType.AesCbc128_HmacSha256_B64);
// After TS 5.9 upgrade, properties are ArrayBuffer not Uint8Array
expect(cryptoKey.encType).toBe(1);
expect(cryptoKey.keyB64).toBe("AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=");
expect(cryptoKey.encKeyB64).toBe("AAECAwQFBgcICQoLDA0ODw==");
expect(cryptoKey.macKeyB64).toBe("EBESExQVFhcYGRobHB0eHw==");
expect(cryptoKey.key).toBeInstanceOf(ArrayBuffer);
expect(cryptoKey.encKey).toBeInstanceOf(ArrayBuffer);
expect(cryptoKey.macKey).toBeInstanceOf(ArrayBuffer);
expect(cryptoKey.key.byteLength).toBe(32);
expect(cryptoKey.encKey.byteLength).toBe(16);
expect(cryptoKey.macKey.byteLength).toBe(16);
expect(cryptoKey).toEqual({
encKey: key.slice(0, 16),
encKeyB64: "AAECAwQFBgcICQoLDA0ODw==",
encType: 1,
key: key,
keyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
macKey: key.slice(16, 32),
macKeyB64: "EBESExQVFhcYGRobHB0eHw==",
});
});
it("AesCbc256_HmacSha256_B64", () => {
const key = makeStaticByteArray(64);
const cryptoKey = new SymmetricCryptoKey(key);
// After TS 5.9 upgrade, properties are ArrayBuffer not Uint8Array
expect(cryptoKey.encType).toBe(2);
expect(cryptoKey.keyB64).toBe("AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+Pw==");
expect(cryptoKey.encKeyB64).toBe("AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=");
expect(cryptoKey.macKeyB64).toBe("ICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj8=");
expect(cryptoKey.key).toBeInstanceOf(ArrayBuffer);
expect(cryptoKey.encKey).toBeInstanceOf(ArrayBuffer);
expect(cryptoKey.macKey).toBeInstanceOf(ArrayBuffer);
expect(cryptoKey.key.byteLength).toBe(64);
expect(cryptoKey.encKey.byteLength).toBe(32);
expect(cryptoKey.macKey.byteLength).toBe(32);
expect(cryptoKey).toEqual({
encKey: key.slice(0, 32),
encKeyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
encType: 2,
key: key,
keyB64:
"AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+Pw==",
macKey: key.slice(32, 64),
macKeyB64: "ICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj8=",
});
});
it("unknown length", () => {
@@ -66,7 +63,7 @@ describe("SymmetricCryptoKey", () => {
new SymmetricCryptoKey(makeStaticByteArray(30));
};
expect(t).toThrowError("Unable to determine encType.");
expect(t).toThrow("Unable to determine encType.");
});
});
});

3
jslib/common/spec/services/consoleLog.service.spec.ts
View File

@@ -8,15 +8,12 @@ declare let console: any;
export function interceptConsole(interceptions: any): object {
console = {
log: function () {
// eslint-disable-next-line
interceptions.log = arguments;
},
warn: function () {
// eslint-disable-next-line
interceptions.warn = arguments;
},
error: function () {
// eslint-disable-next-line
interceptions.error = arguments;
},
};

84
jslib/common/spec/services/stateMigration.service.ts
View File

@@ -1,84 +0,0 @@
import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
import { StorageService } from "@/jslib/common/src/abstractions/storage.service";
import { StateVersion } from "@/jslib/common/src/enums/stateVersion";
import { StateFactory } from "@/jslib/common/src/factories/stateFactory";
import { Account } from "@/jslib/common/src/models/domain/account";
import { GlobalState } from "@/jslib/common/src/models/domain/globalState";
import { StateMigrationService } from "@/jslib/common/src/services/stateMigration.service";
const userId = "USER_ID";
describe("State Migration Service", () => {
let storageService: SubstituteOf<StorageService>;
let secureStorageService: SubstituteOf<StorageService>;
let stateFactory: SubstituteOf<StateFactory>;
let stateMigrationService: StateMigrationService;
beforeEach(() => {
storageService = Substitute.for<StorageService>();
secureStorageService = Substitute.for<StorageService>();
stateFactory = Substitute.for<StateFactory>();
stateMigrationService = new StateMigrationService(
storageService,
secureStorageService,
stateFactory,
);
});
describe("StateVersion 3 to 4 migration", async () => {
beforeEach(() => {
const globalVersion3: Partial<GlobalState> = {
stateVersion: StateVersion.Three,
};
storageService.get("global", Arg.any()).resolves(globalVersion3);
storageService.get("authenticatedAccounts", Arg.any()).resolves([userId]);
});
it("clears everBeenUnlocked", async () => {
const accountVersion3: Account = {
profile: {
apiKeyClientId: null,
convertAccountToKeyConnector: null,
email: "EMAIL",
emailVerified: true,
everBeenUnlocked: true,
hasPremiumPersonally: false,
kdfIterations: 100000,
kdfType: 0,
keyHash: "KEY_HASH",
lastSync: "LAST_SYNC",
userId: userId,
usesKeyConnector: false,
forcePasswordReset: false,
},
};
const expectedAccountVersion4: Account = {
profile: {
...accountVersion3.profile,
},
};
delete expectedAccountVersion4.profile.everBeenUnlocked;
storageService.get(userId, Arg.any()).resolves(accountVersion3);
await stateMigrationService.migrate();
storageService.received(1).save(userId, expectedAccountVersion4, Arg.any());
});
it("updates StateVersion number", async () => {
await stateMigrationService.migrate();
storageService.received(1).save(
"global",
Arg.is((globals: GlobalState) => globals.stateVersion === StateVersion.Four),
Arg.any(),
);
});
});
});

13
jslib/common/spec/utils.ts
View File

@@ -1,7 +1,3 @@
import { Substitute, Arg } from "@fluffy-spoon/substitute";
import { EncString } from "@/jslib/common/src/models/domain/encString";
function newGuid() {
return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
const r = (Math.random() * 16) | 0;
@@ -21,17 +17,10 @@ export function BuildTestObject<T, K extends keyof T = keyof T>(
return Object.assign(constructor === null ? {} : new constructor(), def) as T;
}
export function mockEnc(s: string): EncString {
const mock = Substitute.for<EncString>();
mock.decrypt(Arg.any(), Arg.any()).resolves(s);
return mock;
}
export function makeStaticByteArray(length: number, start = 0) {
const arr = new Uint8Array(length);
for (let i = 0; i < length; i++) {
arr[i] = start + i;
}
return arr;
return arr.buffer;
}

3
jslib/common/src/enums/stateVersion.ts
View File

@@ -3,5 +3,6 @@ export enum StateVersion {
Two = 2, // Move to a typed State object
Three = 3, // Fix migration of users' premium status
Four = 4, // Fix 'Never Lock' option by removing stale data
Latest = Four,
Five = 5, // New state service implementation
Latest = Five,
}

5
jslib/common/src/misc/nodeUtils.ts
View File

@@ -26,9 +26,4 @@ export class NodeUtils {
.on("error", (err) => reject(err));
});
}
// https://stackoverflow.com/a/31394257
static bufferToArrayBuffer(buf: Buffer): ArrayBuffer {
return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength) as ArrayBuffer;
}
}

32
jslib/common/src/misc/utils.ts
View File

@@ -1,5 +1,5 @@
/* eslint-disable no-useless-escape */
import url from "url";
import * as url from "url";
import { I18nService } from "../abstractions/i18n.service";
@@ -7,7 +7,7 @@ import * as tldjs from "tldjs";
const nodeURL = typeof window === "undefined" ? url : null;
class Utils {
export class Utils {
static inited = false;
static isNode = false;
static isBrowser = true;
@@ -38,9 +38,7 @@ class Utils {
static fromB64ToArray(str: string): Uint8Array<ArrayBuffer> {
if (Utils.isNode) {
const buffer = Buffer.from(str, "base64");
return new Uint8Array(buffer.buffer, buffer.byteOffset, buffer.byteLength) as Uint8Array<ArrayBuffer>;
return new Uint8Array(Buffer.from(str, "base64"));
} else {
const binaryString = window.atob(str);
const bytes = new Uint8Array(binaryString.length);
@@ -55,7 +53,7 @@ class Utils {
return Utils.fromB64ToArray(Utils.fromUrlB64ToB64(str));
}
static fromHexToArray(str: string): Uint8Array {
static fromHexToArray(str: string): Uint8Array<ArrayBuffer> {
if (Utils.isNode) {
return new Uint8Array(Buffer.from(str, "hex"));
} else {
@@ -69,9 +67,7 @@ class Utils {
static fromUtf8ToArray(str: string): Uint8Array<ArrayBuffer> {
if (Utils.isNode) {
const buffer = Buffer.from(str, "utf8");
return new Uint8Array(buffer.buffer, buffer.byteOffset, buffer.byteLength) as Uint8Array<ArrayBuffer>;
return new Uint8Array(Buffer.from(str, "utf8"));
} else {
const strUtf8 = unescape(encodeURIComponent(str));
const arr = new Uint8Array(strUtf8.length);
@@ -82,7 +78,7 @@ class Utils {
}
}
static fromByteStringToArray(str: string): Uint8Array {
static fromByteStringToArray(str: string): Uint8Array<ArrayBuffer> {
const arr = new Uint8Array(str.length);
for (let i = 0; i < str.length; i++) {
arr[i] = str.charCodeAt(i);
@@ -90,16 +86,12 @@ class Utils {
return arr;
}
static fromBufferToB64(buffer: BufferSource): string {
static fromBufferToB64(buffer: ArrayBuffer): string {
if (Utils.isNode) {
if (ArrayBuffer.isView(buffer)) {
return Buffer.from(buffer.buffer, buffer.byteOffset, buffer.byteLength).toString("base64");
} else {
return Buffer.from(buffer).toString("base64");
}
return Buffer.from(buffer).toString("base64");
} else {
let binary = "";
const bytes = ArrayBuffer.isView(buffer) ? new Uint8Array(buffer.buffer, buffer.byteOffset, buffer.byteLength) : new Uint8Array(buffer);
const bytes = new Uint8Array(buffer);
for (let i = 0; i < bytes.byteLength; i++) {
binary += String.fromCharCode(bytes[i]);
}
@@ -107,8 +99,8 @@ class Utils {
}
}
static fromBufferToUrlB64(buffer: BufferSource): string {
return Utils.fromB64toUrlB64(Utils.fromBufferToB64(buffer));
static fromBufferToUrlB64(buffer: Uint8Array<ArrayBuffer>): string {
return Utils.fromB64toUrlB64(Utils.fromBufferToB64(buffer.buffer));
}
static fromB64toUrlB64(b64Str: string) {
@@ -413,6 +405,4 @@ class Utils {
}
}
export default Utils;
Utils.init();

2
jslib/common/src/models/domain/encString.ts
View File

@@ -1,6 +1,6 @@
import { CryptoService } from "../../abstractions/crypto.service";
import { EncryptionType } from "../../enums/encryptionType";
import Utils from "../../misc/utils";
import { Utils } from "../../misc/utils";
import { SymmetricCryptoKey } from "./symmetricCryptoKey";

28
jslib/common/src/models/domain/symmetricCryptoKey.ts
View File

@@ -1,5 +1,5 @@
import { EncryptionType } from "../../enums/encryptionType";
import Utils from "../../misc/utils";
import { Utils } from "../../misc/utils";
export class SymmetricCryptoKey {
key: ArrayBuffer;
@@ -13,35 +13,33 @@ export class SymmetricCryptoKey {
meta: any;
constructor(key: BufferSource, encType?: EncryptionType) {
constructor(key: ArrayBuffer, encType?: EncryptionType) {
if (key == null) {
throw new Error("Must provide key");
}
const keyBuffer = ArrayBuffer.isView(key) ? key.buffer.slice(key.byteOffset, key.byteOffset + key.byteLength) : key;
if (encType == null) {
if (keyBuffer.byteLength === 32) {
if (key.byteLength === 32) {
encType = EncryptionType.AesCbc256_B64;
} else if (keyBuffer.byteLength === 64) {
} else if (key.byteLength === 64) {
encType = EncryptionType.AesCbc256_HmacSha256_B64;
} else {
throw new Error("Unable to determine encType.");
}
}
this.key = keyBuffer;
this.key = key;
this.encType = encType;
if (encType === EncryptionType.AesCbc256_B64 && keyBuffer.byteLength === 32) {
this.encKey = keyBuffer;
if (encType === EncryptionType.AesCbc256_B64 && key.byteLength === 32) {
this.encKey = key;
this.macKey = null;
} else if (encType === EncryptionType.AesCbc128_HmacSha256_B64 && keyBuffer.byteLength === 32) {
this.encKey = keyBuffer.slice(0, 16);
this.macKey = keyBuffer.slice(16, 32);
} else if (encType === EncryptionType.AesCbc256_HmacSha256_B64 && keyBuffer.byteLength === 64) {
this.encKey = keyBuffer.slice(0, 32);
this.macKey = keyBuffer.slice(32, 64);
} else if (encType === EncryptionType.AesCbc128_HmacSha256_B64 && key.byteLength === 32) {
this.encKey = key.slice(0, 16);
this.macKey = key.slice(16, 32);
} else if (encType === EncryptionType.AesCbc256_HmacSha256_B64 && key.byteLength === 64) {
this.encKey = key.slice(0, 32);
this.macKey = key.slice(32, 64);
} else {
throw new Error("Unsupported encType/key length.");
}

1
jslib/common/src/models/request/identityToken/passwordTokenRequest.ts
View File

@@ -29,5 +29,4 @@ export class PasswordTokenRequest extends TokenRequest implements CaptchaProtect
return obj;
}
}

1
jslib/common/src/models/request/identityToken/tokenRequest.ts
View File

@@ -12,7 +12,6 @@ export abstract class TokenRequest {
this.device = device != null ? device : null;
}
// eslint-disable-next-line
alterIdentityTokenHeaders(headers: Headers) {
// Implemented in subclass if required
}

2
jslib/common/src/models/response/errorResponse.ts
View File

@@ -1,4 +1,4 @@
import Utils from "../../misc/utils";
import { Utils } from "../../misc/utils";
import { BaseResponse } from "./baseResponse";

2
jslib/common/src/models/response/twoFactorWebAuthnResponse.ts
View File

@@ -1,4 +1,4 @@
import Utils from "../../misc/utils";
import { Utils } from "../../misc/utils";
import { BaseResponse } from "./baseResponse";

2
jslib/common/src/services/api.service.ts
View File

@@ -7,7 +7,7 @@ import { EnvironmentService } from "../abstractions/environment.service";
import { PlatformUtilsService } from "../abstractions/platformUtils.service";
import { TokenService } from "../abstractions/token.service";
import { DeviceType } from "../enums/deviceType";
import Utils from "../misc/utils";
import { Utils } from "../misc/utils";
import { ApiTokenRequest } from "../models/request/identityToken/apiTokenRequest";
import { PasswordTokenRequest } from "../models/request/identityToken/passwordTokenRequest";
import { SsoTokenRequest } from "../models/request/identityToken/ssoTokenRequest";

2
jslib/common/src/services/appId.service.ts
View File

@@ -1,7 +1,7 @@
import { AppIdService as AppIdServiceAbstraction } from "../abstractions/appId.service";
import { StorageService } from "../abstractions/storage.service";
import { HtmlStorageLocation } from "../enums/htmlStorageLocation";
import Utils from "../misc/utils";
import { Utils } from "../misc/utils";
export class AppIdService implements AppIdServiceAbstraction {
constructor(private storageService: StorageService) {}

47
jslib/common/src/services/crypto.service.ts
View File

@@ -10,7 +10,7 @@ import { HashPurpose } from "../enums/hashPurpose";
import { KdfType } from "../enums/kdfType";
import { KeySuffixOptions } from "../enums/keySuffixOptions";
import { sequentialize } from "../misc/sequentialize";
import Utils from "../misc/utils";
import { Utils } from "../misc/utils";
import { EEFLongWordList } from "../misc/wordlist";
import { EncArrayBuffer } from "../models/domain/encArrayBuffer";
import { EncString } from "../models/domain/encString";
@@ -109,7 +109,7 @@ export class CryptoService implements CryptoServiceAbstraction {
): Promise<SymmetricCryptoKey> {
const key = await this.retrieveKeyFromStorage(keySuffix, userId);
if (key != null) {
const symmetricKey = new SymmetricCryptoKey(Utils.fromB64ToArray(key));
const symmetricKey = new SymmetricCryptoKey(Utils.fromB64ToArray(key).buffer);
if (!(await this.validateKey(symmetricKey))) {
this.logService.warning("Wrong key, throwing away stored key");
@@ -510,9 +510,9 @@ export class CryptoService implements CryptoServiceAbstraction {
return Promise.resolve(null);
}
let plainBuf: BufferSource;
let plainBuf: ArrayBuffer;
if (typeof plainValue === "string") {
plainBuf = Utils.fromUtf8ToArray(plainValue);
plainBuf = Utils.fromUtf8ToArray(plainValue).buffer;
} else {
plainBuf = plainValue;
}
@@ -585,8 +585,7 @@ export class CryptoService implements CryptoServiceAbstraction {
throw new Error("encPieces unavailable.");
}
const dataArray = Utils.fromB64ToArray(encPieces[0]);
const data = dataArray.buffer as ArrayBuffer;
const data = Utils.fromB64ToArray(encPieces[0]).buffer;
const privateKey = privateKeyValue ?? (await this.getPrivateKey());
if (privateKey == null) {
throw new Error("No private key.");
@@ -609,12 +608,9 @@ export class CryptoService implements CryptoServiceAbstraction {
}
async decryptToBytes(encString: EncString, key?: SymmetricCryptoKey): Promise<ArrayBuffer> {
const ivArray = Utils.fromB64ToArray(encString.iv);
const iv = ivArray.buffer as ArrayBuffer;
const dataArray = Utils.fromB64ToArray(encString.data);
const data = dataArray.buffer as ArrayBuffer;
const macArray = encString.mac ? Utils.fromB64ToArray(encString.mac) : null;
const mac = macArray ? (macArray.buffer as ArrayBuffer) : null;
const iv = Utils.fromB64ToArray(encString.iv).buffer;
const data = Utils.fromB64ToArray(encString.data).buffer;
const mac = encString.mac ? Utils.fromB64ToArray(encString.mac).buffer : null;
const decipher = await this.aesDecryptToBytes(encString.encryptionType, data, iv, mac, key);
if (decipher == null) {
return null;
@@ -640,9 +636,9 @@ export class CryptoService implements CryptoServiceAbstraction {
const encBytes = new Uint8Array(encBuf);
const encType = encBytes[0];
let ctBytes: Uint8Array = null;
let ivBytes: Uint8Array = null;
let macBytes: Uint8Array = null;
let ctBytes: Uint8Array<ArrayBuffer> = null;
let ivBytes: Uint8Array<ArrayBuffer> = null;
let macBytes: Uint8Array<ArrayBuffer> = null;
switch (encType) {
case EncryptionType.AesCbc128_HmacSha256_B64:
@@ -671,9 +667,9 @@ export class CryptoService implements CryptoServiceAbstraction {
return await this.aesDecryptToBytes(
encType,
ctBytes.buffer as ArrayBuffer,
ivBytes.buffer as ArrayBuffer,
macBytes != null ? (macBytes.buffer as ArrayBuffer) : null,
ctBytes.buffer,
ivBytes.buffer,
macBytes != null ? macBytes.buffer : null,
key,
);
}
@@ -760,24 +756,17 @@ export class CryptoService implements CryptoServiceAbstraction {
: await this.stateService.getCryptoMasterKeyBiometric({ userId: userId });
}
private async aesEncrypt(data: BufferSource, key: SymmetricCryptoKey): Promise<EncryptedObject> {
private async aesEncrypt(data: ArrayBuffer, key: SymmetricCryptoKey): Promise<EncryptedObject> {
const obj = new EncryptedObject();
obj.key = await this.getKeyForEncryption(key);
obj.iv = await this.cryptoFunctionService.randomBytes(16);
const dataBuffer = ArrayBuffer.isView(data)
? (data.byteOffset === 0 && data.byteLength === data.buffer.byteLength
? data.buffer as ArrayBuffer
: data.buffer.slice(data.byteOffset, data.byteOffset + data.byteLength) as ArrayBuffer)
: data;
obj.data = await this.cryptoFunctionService.aesEncrypt(dataBuffer, obj.iv, obj.key.encKey);
obj.data = await this.cryptoFunctionService.aesEncrypt(data, obj.iv, obj.key.encKey);
if (obj.key.macKey != null) {
const macData = new Uint8Array(obj.iv.byteLength + obj.data.byteLength);
macData.set(new Uint8Array(obj.iv), 0);
macData.set(new Uint8Array(obj.data), obj.iv.byteLength);
obj.mac = await this.cryptoFunctionService.hmac(macData.buffer as ArrayBuffer, obj.key.macKey, "sha256");
obj.mac = await this.cryptoFunctionService.hmac(macData.buffer, obj.key.macKey, "sha256");
}
return obj;
@@ -843,7 +832,7 @@ export class CryptoService implements CryptoServiceAbstraction {
macData.set(new Uint8Array(iv), 0);
macData.set(new Uint8Array(data), iv.byteLength);
const computedMac = await this.cryptoFunctionService.hmac(
macData.buffer as ArrayBuffer,
macData.buffer,
theKey.macKey,
"sha256",
);

3
jslib/common/src/services/state.service.ts
View File

@@ -38,8 +38,7 @@ const partialKeys = {
export class StateService<
TGlobalState extends GlobalState = GlobalState,
TAccount extends Account = Account,
> implements StateServiceAbstraction<TAccount>
{
> implements StateServiceAbstraction<TAccount> {
protected accountsSubject = new BehaviorSubject<{ [userId: string]: TAccount }>({});
accounts$ = this.accountsSubject.asObservable();

2
jslib/common/src/services/token.service.ts
View File

@@ -1,6 +1,6 @@
import { StateService } from "../abstractions/state.service";
import { TokenService as TokenServiceAbstraction } from "../abstractions/token.service";
import Utils from "../misc/utils";
import { Utils } from "../misc/utils";
import { IdentityTokenResponse } from "../models/response/identityTokenResponse";
export class TokenService implements TokenServiceAbstraction {

4
jslib/electron/src/services/electronStorage.service.ts
View File

@@ -1,13 +1,11 @@
import * as fs from "fs";
import { ipcMain } from "electron";
import Store from "electron-store";
import { StorageService } from "@/jslib/common/src/abstractions/storage.service";
import { NodeUtils } from "@/jslib/common/src/misc/nodeUtils";
// eslint-disable-next-line
const Store = require("electron-store");
export class ElectronStorageService implements StorageService {
private store: any;

14
jslib/electron/src/tray.main.ts
View File

@@ -1,6 +1,14 @@
import * as path from "path";
import { app, BrowserWindow, Menu, MenuItemConstructorOptions, nativeImage, Tray } from "electron";
import {
app,
BrowserWindow,
Menu,
MenuItemConstructorOptions,
NativeImage,
nativeImage,
Tray,
} from "electron";
import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
import { StateService } from "@/jslib/common/src/abstractions/state.service";
@@ -12,8 +20,8 @@ export class TrayMain {
private appName: string;
private tray: Tray;
private icon: string | Electron.NativeImage;
private pressedIcon: Electron.NativeImage;
private icon: string | NativeImage;
private pressedIcon: NativeImage;
constructor(
private windowMain: WindowMain,

14
jslib/electron/src/window.main.ts
View File

@@ -1,7 +1,7 @@
import * as path from "path";
import * as url from "url";
import { app, BrowserWindow, screen } from "electron";
import { app, BrowserWindow, Rectangle, screen } from "electron";
import { LogService } from "@/jslib/common/src/abstractions/log.service";
import { StateService } from "@/jslib/common/src/abstractions/state.service";
@@ -14,7 +14,7 @@ export class WindowMain {
win: BrowserWindow;
isQuitting = false;
private windowStateChangeTimer: NodeJS.Timeout;
private windowStateChangeTimer: ReturnType<typeof setTimeout>;
private windowStates: { [key: string]: any } = {};
private enableAlwaysOnTop = false;
@@ -37,7 +37,6 @@ export class WindowMain {
app.quit();
return;
} else {
// eslint-disable-next-line
app.on("second-instance", (event, argv, workingDirectory) => {
// Someone tried to run a second instance, we should focus our window.
if (this.win != null) {
@@ -128,6 +127,13 @@ export class WindowMain {
},
});
// Enable SharedArrayBuffer. See https://developer.chrome.com/blog/enabling-shared-array-buffer/#cross-origin-isolation
this.win.webContents.session.webRequest.onHeadersReceived((details, callback) => {
details.responseHeaders["Cross-Origin-Opener-Policy"] = ["same-origin"];
details.responseHeaders["Cross-Origin-Embedder-Policy"] = ["require-corp"];
callback({ responseHeaders: details.responseHeaders });
});
if (this.windowStates[mainWindowSizeKey].isMaximized) {
this.win.maximize();
}
@@ -241,7 +247,7 @@ export class WindowMain {
const state = await this.stateService.getWindow();
const isValid = state != null && (this.stateHasBounds(state) || state.isMaximized);
let displayBounds: Electron.Rectangle = null;
let displayBounds: Rectangle = null;
if (!isValid) {
state.width = defaultWidth;
state.height = defaultHeight;

60
jslib/node/spec/services/nodeCryptoFunction.service.spec.ts
View File

@@ -1,4 +1,4 @@
import Utils from "@/jslib/common/src/misc/utils";
import { Utils } from "@/jslib/common/src/misc/utils";
import { SymmetricCryptoKey } from "@/jslib/common/src/models/domain/symmetricCryptoKey";
import { NodeCryptoFunctionService } from "@/jslib/node/src/services/nodeCryptoFunction.service";
@@ -93,9 +93,8 @@ describe("NodeCrypto Function Service", () => {
it("should fail with prk too small", async () => {
const cryptoFunctionService = new NodeCryptoFunctionService();
const prk = Utils.fromB64ToArray(prk16Byte);
const f = cryptoFunctionService.hkdfExpand(
prk.buffer,
Utils.fromB64ToArray(prk16Byte).buffer,
"info",
32,
"sha256",
@@ -105,9 +104,8 @@ describe("NodeCrypto Function Service", () => {
it("should fail with outputByteSize is too large", async () => {
const cryptoFunctionService = new NodeCryptoFunctionService();
const prk = Utils.fromB64ToArray(prk32Byte);
const f = cryptoFunctionService.hkdfExpand(
prk.buffer,
Utils.fromB64ToArray(prk32Byte).buffer,
"info",
8161,
"sha256",
@@ -181,16 +179,16 @@ describe("NodeCrypto Function Service", () => {
it("should successfully encrypt and then decrypt data", async () => {
const nodeCryptoFunctionService = new NodeCryptoFunctionService();
const iv = makeStaticByteArray(16).buffer;
const key = makeStaticByteArray(32).buffer;
const iv = makeStaticByteArray(16);
const key = makeStaticByteArray(32);
const value = "EncryptMe!";
const data = Utils.fromUtf8ToArray(value).buffer;
const data = Utils.fromUtf8ToArray(value);
const encValue = await nodeCryptoFunctionService.aesEncrypt(
data,
iv,
key
data.buffer,
iv.buffer,
key.buffer,
);
const decValue = await nodeCryptoFunctionService.aesDecrypt(encValue, iv, key);
const decValue = await nodeCryptoFunctionService.aesDecrypt(encValue, iv.buffer, key.buffer);
expect(Utils.fromBufferToUtf8(decValue)).toBe(value);
});
});
@@ -198,9 +196,8 @@ describe("NodeCrypto Function Service", () => {
describe("aesDecryptFast", () => {
it("should successfully decrypt data", async () => {
const nodeCryptoFunctionService = new NodeCryptoFunctionService();
const ivArray = makeStaticByteArray(16);
const iv = Utils.fromBufferToB64(ivArray);
const symKey = new SymmetricCryptoKey(makeStaticByteArray(32));
const iv = Utils.fromBufferToB64(makeStaticByteArray(16).buffer);
const symKey = new SymmetricCryptoKey(makeStaticByteArray(32).buffer);
const data = "ByUF8vhyX4ddU9gcooznwA==";
const params = nodeCryptoFunctionService.aesDecryptFastParameters(data, iv, null, symKey);
const decValue = await nodeCryptoFunctionService.aesDecryptFast(params);
@@ -211,13 +208,13 @@ describe("NodeCrypto Function Service", () => {
describe("aesDecrypt", () => {
it("should successfully decrypt data", async () => {
const nodeCryptoFunctionService = new NodeCryptoFunctionService();
const iv = makeStaticByteArray(16).buffer;
const key = makeStaticByteArray(32).buffer;
const data = Utils.fromB64ToArray("ByUF8vhyX4ddU9gcooznwA==").buffer;
const iv = makeStaticByteArray(16);
const key = makeStaticByteArray(32);
const data = Utils.fromB64ToArray("ByUF8vhyX4ddU9gcooznwA==");
const decValue = await nodeCryptoFunctionService.aesDecrypt(
data,
iv,
key,
data.buffer,
iv.buffer,
key.buffer,
);
expect(Utils.fromBufferToUtf8(decValue)).toBe("EncryptMe!");
});
@@ -227,7 +224,7 @@ describe("NodeCrypto Function Service", () => {
it("should successfully encrypt and then decrypt data", async () => {
const nodeCryptoFunctionService = new NodeCryptoFunctionService();
const pubKey = Utils.fromB64ToArray(RsaPublicKey);
const privKey = Utils.fromB64ToArray(RsaPrivateKey).buffer;
const privKey = Utils.fromB64ToArray(RsaPrivateKey);
const value = "EncryptMe!";
const data = Utils.fromUtf8ToArray(value);
const encValue = await nodeCryptoFunctionService.rsaEncrypt(
@@ -235,7 +232,7 @@ describe("NodeCrypto Function Service", () => {
pubKey.buffer,
"sha1",
);
const decValue = await nodeCryptoFunctionService.rsaDecrypt(encValue, privKey, "sha1");
const decValue = await nodeCryptoFunctionService.rsaDecrypt(encValue, privKey.buffer, "sha1");
expect(Utils.fromBufferToUtf8(decValue)).toBe(value);
});
});
@@ -262,8 +259,8 @@ describe("NodeCrypto Function Service", () => {
describe("rsaExtractPublicKey", () => {
it("should successfully extract key", async () => {
const nodeCryptoFunctionService = new NodeCryptoFunctionService();
const privKey = Utils.fromB64ToArray(RsaPrivateKey).buffer;
const publicKey = await nodeCryptoFunctionService.rsaExtractPublicKey(privKey);
const privKey = Utils.fromB64ToArray(RsaPrivateKey);
const publicKey = await nodeCryptoFunctionService.rsaExtractPublicKey(privKey.buffer);
expect(Utils.fromBufferToB64(publicKey)).toBe(RsaPublicKey);
});
});
@@ -344,7 +341,7 @@ function testHkdf(
utf8Key: string,
unicodeKey: string,
) {
const ikm = Utils.fromB64ToArray("criAmKtfzxanbgea5/kelQ==");
const ikm = Utils.fromB64ToArray("criAmKtfzxanbgea5/kelQ==").buffer;
const regularSalt = "salt";
const utf8Salt = "üser_salt";
@@ -356,26 +353,26 @@ function testHkdf(
it("should create valid " + algorithm + " key from regular input", async () => {
const cryptoFunctionService = new NodeCryptoFunctionService();
const key = await cryptoFunctionService.hkdf(ikm.buffer, regularSalt, regularInfo, 32, algorithm);
const key = await cryptoFunctionService.hkdf(ikm, regularSalt, regularInfo, 32, algorithm);
expect(Utils.fromBufferToB64(key)).toBe(regularKey);
});
it("should create valid " + algorithm + " key from utf8 input", async () => {
const cryptoFunctionService = new NodeCryptoFunctionService();
const key = await cryptoFunctionService.hkdf(ikm.buffer, utf8Salt, utf8Info, 32, algorithm);
const key = await cryptoFunctionService.hkdf(ikm, utf8Salt, utf8Info, 32, algorithm);
expect(Utils.fromBufferToB64(key)).toBe(utf8Key);
});
it("should create valid " + algorithm + " key from unicode input", async () => {
const cryptoFunctionService = new NodeCryptoFunctionService();
const key = await cryptoFunctionService.hkdf(ikm.buffer, unicodeSalt, unicodeInfo, 32, algorithm);
const key = await cryptoFunctionService.hkdf(ikm, unicodeSalt, unicodeInfo, 32, algorithm);
expect(Utils.fromBufferToB64(key)).toBe(unicodeKey);
});
it("should create valid " + algorithm + " key from array buffer input", async () => {
const cryptoFunctionService = new NodeCryptoFunctionService();
const key = await cryptoFunctionService.hkdf(
ikm.buffer,
ikm,
Utils.fromUtf8ToArray(regularSalt).buffer,
Utils.fromUtf8ToArray(regularInfo).buffer,
32,
@@ -395,9 +392,8 @@ function testHkdfExpand(
it("should create valid " + algorithm + " " + outputByteSize + " byte okm", async () => {
const cryptoFunctionService = new NodeCryptoFunctionService();
const prk = Utils.fromB64ToArray(b64prk);
const okm = await cryptoFunctionService.hkdfExpand(
prk.buffer,
Utils.fromB64ToArray(b64prk).buffer,
info,
outputByteSize,
algorithm,

2
jslib/node/src/services/lowdbStorage.service.ts
View File

@@ -8,7 +8,7 @@ import { LogService } from "@/jslib/common/src/abstractions/log.service";
import { StorageService } from "@/jslib/common/src/abstractions/storage.service";
import { NodeUtils } from "@/jslib/common/src/misc/nodeUtils";
import { sequentialize } from "@/jslib/common/src/misc/sequentialize";
import Utils from "@/jslib/common/src/misc/utils";
import { Utils } from "@/jslib/common/src/misc/utils";
export class LowdbStorageService implements StorageService {
protected dataFilePath: string;

25
jslib/node/src/services/nodeCryptoFunction.service.ts
View File

@@ -3,7 +3,7 @@ import * as crypto from "crypto";
import * as forge from "node-forge";
import { CryptoFunctionService } from "@/jslib/common/src/abstractions/cryptoFunction.service";
import Utils from "@/jslib/common/src/misc/utils";
import { Utils } from "@/jslib/common/src/misc/utils";
import { DecryptParameters } from "@/jslib/common/src/models/domain/decryptParameters";
import { SymmetricCryptoKey } from "@/jslib/common/src/models/domain/symmetricCryptoKey";
@@ -147,22 +147,19 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
): DecryptParameters<ArrayBuffer> {
const p = new DecryptParameters<ArrayBuffer>();
p.encKey = key.encKey;
const dataArr = Utils.fromB64ToArray(data);
p.data = dataArr.buffer.slice(dataArr.byteOffset, dataArr.byteOffset + dataArr.byteLength) as ArrayBuffer;
const ivArr = Utils.fromB64ToArray(iv);
p.iv = ivArr.buffer.slice(ivArr.byteOffset, ivArr.byteOffset + ivArr.byteLength) as ArrayBuffer;
p.data = Utils.fromB64ToArray(data).buffer;
p.iv = Utils.fromB64ToArray(iv).buffer;
const macData = new Uint8Array(p.iv.byteLength + p.data.byteLength);
macData.set(new Uint8Array(p.iv), 0);
macData.set(new Uint8Array(p.data), p.iv.byteLength);
p.macData = macData.buffer.slice(macData.byteOffset, macData.byteOffset + macData.byteLength) as ArrayBuffer;
p.macData = macData.buffer;
if (key.macKey != null) {
p.macKey = key.macKey;
}
if (mac != null) {
const macArr = Utils.fromB64ToArray(mac);
p.mac = macArr.buffer.slice(macArr.byteOffset, macArr.byteOffset + macArr.byteLength) as ArrayBuffer;
p.mac = Utils.fromB64ToArray(mac).buffer;
}
return p;
@@ -218,8 +215,7 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
const publicKeyAsn1 = forge.pki.publicKeyToAsn1(forgePublicKey);
const publicKeyByteString = forge.asn1.toDer(publicKeyAsn1).data;
const publicKeyArray = Utils.fromByteStringToArray(publicKeyByteString);
return Promise.resolve(publicKeyArray.buffer as ArrayBuffer);
return Promise.resolve(publicKeyArray.buffer);
}
async rsaGenerateKeyPair(length: 1024 | 2048 | 4096): Promise<[ArrayBuffer, ArrayBuffer]> {
@@ -245,7 +241,7 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
const privateKeyByteString = forge.asn1.toDer(privateKeyPkcs8).getBytes();
const privateKey = Utils.fromByteStringToArray(privateKeyByteString);
resolve([publicKey.buffer as ArrayBuffer, privateKey.buffer as ArrayBuffer]);
resolve([publicKey.buffer, privateKey.buffer]);
},
);
});
@@ -280,12 +276,9 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
private toArrayBuffer(value: Buffer | string | ArrayBuffer): ArrayBuffer {
let buf: ArrayBuffer;
if (typeof value === "string") {
const arr = Utils.fromUtf8ToArray(value);
buf = arr.buffer.slice(arr.byteOffset, arr.byteOffset + arr.byteLength) as ArrayBuffer;
} else if (Buffer.isBuffer(value)) {
buf = value.buffer.slice(value.byteOffset, value.byteOffset + value.byteLength) as ArrayBuffer;
buf = Utils.fromUtf8ToArray(value).buffer;
} else {
buf = value;
buf = new Uint8Array(value).buffer;
}
return buf;
}

13111
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

94
package.json
View File

@@ -2,7 +2,7 @@
"name": "@bitwarden/directory-connector",
"productName": "Bitwarden Directory Connector",
"description": "Sync your user directory to your Bitwarden organization.",
"version": "2025.11.0",
"version": "2026.2.0",
"keywords": [
"bitwarden",
"password",
@@ -31,14 +31,14 @@
"lint": "eslint . && prettier --check .",
"lint:fix": "eslint . --fix",
"build": "concurrently -n Main,Rend -c yellow,cyan \"npm run build:main\" \"npm run build:renderer\"",
"build:main": "webpack --config webpack.main.js",
"build:renderer": "webpack --config webpack.renderer.js",
"build:renderer:watch": "webpack --config webpack.renderer.js --watch",
"build:main": "webpack --config webpack.main.mjs",
"build:renderer": "webpack --config webpack.renderer.mjs",
"build:renderer:watch": "webpack --config webpack.renderer.mjs --watch",
"build:dist": "npm run reset && npm run rebuild && npm run build",
"build:cli": "webpack --config webpack.cli.js",
"build:cli:watch": "webpack --config webpack.cli.js --watch",
"build:cli:prod": "cross-env NODE_ENV=production webpack --config webpack.cli.js",
"build:cli:prod:watch": "cross-env NODE_ENV=production webpack --config webpack.cli.js --watch",
"build:cli": "webpack --config webpack.cli.mjs",
"build:cli:watch": "webpack --config webpack.cli.mjs --watch",
"build:cli:prod": "cross-env NODE_ENV=production webpack --config webpack.cli.mjs",
"build:cli:prod:watch": "cross-env NODE_ENV=production webpack --config webpack.cli.mjs --watch",
"electron": "npm run build:main && concurrently -k -n Main,Rend -c yellow,cyan \"electron --inspect=5858 ./build --watch\" \"npm run build:renderer:watch\"",
"electron:ignore": "npm run build:main && concurrently -k -n Main,Rend -c yellow,cyan \"electron --inspect=5858 --ignore-certificate-errors ./build --watch\" \"npm run build:renderer:watch\"",
"clean:dist": "rimraf --glob ./dist/*",
@@ -73,27 +73,28 @@
"test:types": "npx tsc --noEmit"
},
"devDependencies": {
"@angular-devkit/build-angular": "20.3.3",
"@angular-eslint/eslint-plugin-template": "20.6.0",
"@angular-eslint/template-parser": "20.6.0",
"@angular/compiler-cli": "20.3.15",
"@angular-eslint/eslint-plugin-template": "21.1.0",
"@angular-eslint/template-parser": "21.1.0",
"@angular/build": "21.1.2",
"@angular/compiler-cli": "21.1.1",
"@electron/notarize": "2.5.0",
"@electron/rebuild": "4.0.1",
"@fluffy-spoon/substitute": "1.208.0",
"@microsoft/microsoft-graph-types": "2.43.1",
"@ngtools/webpack": "20.3.3",
"@ngtools/webpack": "21.1.2",
"@types/inquirer": "8.2.10",
"@types/jest": "29.5.14",
"@types/jest": "30.0.0",
"@types/lowdb": "1.0.15",
"@types/node": "22.18.1",
"@types/node": "22.19.2",
"@types/node-fetch": "2.6.12",
"@types/node-forge": "1.3.11",
"@types/proper-lockfile": "4.1.4",
"@types/semver": "7.7.1",
"@types/tldjs": "2.3.4",
"@typescript-eslint/eslint-plugin": "8.48.0",
"@typescript-eslint/parser": "8.48.0",
"@typescript-eslint/eslint-plugin": "8.54.0",
"@typescript-eslint/parser": "8.54.0",
"@yao-pkg/pkg": "5.16.1",
"clean-webpack-plugin": "4.0.0",
"babel-loader": "10.0.0",
"jest-environment-jsdom": "30.2.0",
"concurrently": "9.2.0",
"copy-webpack-plugin": "13.0.0",
"cross-env": "7.0.3",
@@ -104,54 +105,53 @@
"electron-log": "5.4.1",
"electron-reload": "2.0.0-alpha.1",
"electron-store": "8.2.0",
"electron-updater": "6.6.2",
"eslint": "8.57.1",
"electron-updater": "6.7.3",
"eslint": "9.39.1",
"eslint-config-prettier": "10.1.5",
"eslint-import-resolver-typescript": "4.4.4",
"eslint-plugin-import": "2.32.0",
"eslint-plugin-rxjs": "5.0.3",
"eslint-plugin-rxjs-angular": "2.0.1",
"eslint-plugin-rxjs-angular-x": "0.1.0",
"eslint-plugin-rxjs-x": "0.9.1",
"form-data": "4.0.4",
"glob": "11.1.0",
"glob": "13.0.6",
"html-loader": "5.1.0",
"html-webpack-plugin": "5.6.3",
"husky": "9.1.7",
"jest": "29.7.0",
"jest": "30.2.0",
"jest-junit": "16.0.0",
"jest-mock-extended": "3.0.7",
"jest-preset-angular": "14.6.0",
"jest-mock-extended": "4.0.0",
"jest-preset-angular": "16.0.0",
"lint-staged": "16.2.6",
"mini-css-extract-plugin": "2.9.2",
"minimatch": "5.1.2",
"mini-css-extract-plugin": "2.10.0",
"node-forge": "1.3.2",
"node-loader": "2.1.0",
"prettier": "3.7.4",
"prettier": "3.8.1",
"rimraf": "6.1.0",
"rxjs": "7.8.2",
"sass": "1.94.2",
"sass": "1.97.1",
"sass-loader": "16.0.5",
"ts-jest": "29.4.1",
"ts-loader": "9.5.2",
"tsconfig-paths-webpack-plugin": "4.2.0",
"type-fest": "5.3.0",
"type-fest": "5.4.2",
"typescript": "5.9.3",
"webpack": "5.103.0",
"webpack": "5.105.1",
"webpack-cli": "6.0.1",
"webpack-merge": "6.0.1",
"webpack-node-externals": "3.0.0",
"zone.js": "0.15.1"
"zone.js": "0.16.0"
},
"dependencies": {
"@angular/animations": "20.3.15",
"@angular/cdk": "20.2.14",
"@angular/cli": "20.3.3",
"@angular/common": "20.3.15",
"@angular/compiler": "20.3.15",
"@angular/core": "20.3.15",
"@angular/forms": "20.3.15",
"@angular/platform-browser": "20.3.15",
"@angular/platform-browser-dynamic": "20.3.15",
"@angular/router": "20.3.15",
"@angular/animations": "21.1.1",
"@angular/cdk": "21.1.1",
"@angular/cli": "21.1.2",
"@angular/common": "21.1.1",
"@angular/compiler": "21.1.1",
"@angular/core": "21.1.1",
"@angular/forms": "21.1.1",
"@angular/platform-browser": "21.1.1",
"@angular/platform-browser-dynamic": "21.1.1",
"@angular/router": "21.1.1",
"@microsoft/microsoft-graph-client": "3.0.7",
"big-integer": "1.6.52",
"bootstrap": "5.3.7",
@@ -163,16 +163,16 @@
"https-proxy-agent": "7.0.6",
"inquirer": "8.2.6",
"keytar": "7.9.0",
"ldapts": "8.0.1",
"ldapts": "8.1.3",
"lowdb": "1.0.0",
"ngx-toastr": "19.1.0",
"ngx-toastr": "20.0.4",
"node-fetch": "2.7.0",
"parse5": "8.0.0",
"proper-lockfile": "4.1.2",
"rxjs": "7.8.2",
"tldjs": "2.3.1",
"uuid": "11.1.0",
"zone.js": "0.15.1"
"zone.js": "0.16.0"
},
"engines": {
"node": "~20",

6
scripts/notarize.js → scripts/notarize.mjs
View File

@@ -1,7 +1,7 @@
import { notarize } from "@electron/notarize";
import { config } from "dotenv";
import "dotenv/config";
import notarizeModule from "@electron/notarize";
config();
const { notarize } = notarizeModule;
export default async function notarizing(context) {
const { electronPlatformName, appOutDir } = context;

6
scripts/sign.js → scripts/sign.mjs
View File

@@ -1,11 +1,7 @@
/* eslint-disable no-console */
import { execSync } from "child_process";
export default async function (configuration) {
if (
parseInt(process.env.ELECTRON_BUILDER_SIGN) === 1 &&
configuration.path.slice(-4) === ".exe"
) {
if (parseInt(process.env.ELECTRON_BUILDER_SIGN) === 1 && configuration.path.slice(-4) == ".exe") {
console.log(`[*] Signing file: ${configuration.path}`);
execSync(
`azuresigntool sign ` +

60
src/abstractions/state-vNext.service.ts Normal file
View File

@@ -0,0 +1,60 @@
import { StorageOptions } from "@/jslib/common/src/models/domain/storageOptions";
import { DirectoryType } from "@/src/enums/directoryType";
import { EntraIdConfiguration } from "@/src/models/entraIdConfiguration";
import { GSuiteConfiguration } from "@/src/models/gsuiteConfiguration";
import { LdapConfiguration } from "@/src/models/ldapConfiguration";
import { OktaConfiguration } from "@/src/models/oktaConfiguration";
import { OneLoginConfiguration } from "@/src/models/oneLoginConfiguration";
import { SyncConfiguration } from "@/src/models/syncConfiguration";
export abstract class StateServiceVNext {
getDirectory: <IConfiguration>(type: DirectoryType) => Promise<IConfiguration>;
setDirectory: (
type: DirectoryType,
config:
| LdapConfiguration
| GSuiteConfiguration
| EntraIdConfiguration
| OktaConfiguration
| OneLoginConfiguration,
) => Promise<any>;
getLdapConfiguration: (options?: StorageOptions) => Promise<LdapConfiguration>;
setLdapConfiguration: (value: LdapConfiguration, options?: StorageOptions) => Promise<void>;
getGsuiteConfiguration: (options?: StorageOptions) => Promise<GSuiteConfiguration>;
setGsuiteConfiguration: (value: GSuiteConfiguration, options?: StorageOptions) => Promise<void>;
getEntraConfiguration: (options?: StorageOptions) => Promise<EntraIdConfiguration>;
setEntraConfiguration: (value: EntraIdConfiguration, options?: StorageOptions) => Promise<void>;
getOktaConfiguration: (options?: StorageOptions) => Promise<OktaConfiguration>;
setOktaConfiguration: (value: OktaConfiguration, options?: StorageOptions) => Promise<void>;
getOneLoginConfiguration: (options?: StorageOptions) => Promise<OneLoginConfiguration>;
setOneLoginConfiguration: (
value: OneLoginConfiguration,
options?: StorageOptions,
) => Promise<void>;
getOrganizationId: (options?: StorageOptions) => Promise<string>;
setOrganizationId: (value: string, options?: StorageOptions) => Promise<void>;
getSync: (options?: StorageOptions) => Promise<SyncConfiguration>;
setSync: (value: SyncConfiguration, options?: StorageOptions) => Promise<void>;
getDirectoryType: (options?: StorageOptions) => Promise<DirectoryType>;
setDirectoryType: (value: DirectoryType, options?: StorageOptions) => Promise<void>;
getUserDelta: (options?: StorageOptions) => Promise<string>;
setUserDelta: (value: string, options?: StorageOptions) => Promise<void>;
getLastUserSync: (options?: StorageOptions) => Promise<Date>;
setLastUserSync: (value: Date, options?: StorageOptions) => Promise<void>;
getLastGroupSync: (options?: StorageOptions) => Promise<Date>;
setLastGroupSync: (value: Date, options?: StorageOptions) => Promise<void>;
getGroupDelta: (options?: StorageOptions) => Promise<string>;
setGroupDelta: (value: string, options?: StorageOptions) => Promise<void>;
getLastSyncHash: (options?: StorageOptions) => Promise<string>;
setLastSyncHash: (value: string, options?: StorageOptions) => Promise<void>;
getSyncingDir: (options?: StorageOptions) => Promise<boolean>;
setSyncingDir: (value: boolean, options?: StorageOptions) => Promise<void>;
clearSyncSettings: (syncHashToo: boolean) => Promise<void>;
getIsAuthenticated: (options?: StorageOptions) => Promise<boolean>;
getEntityId: (options?: StorageOptions) => Promise<string>;
init: () => Promise<void>;
clean: () => Promise<void>;
getInstalledVersion: (options?: StorageOptions) => Promise<string>;
setInstalledVersion: (value: string, options?: StorageOptions) => Promise<void>;
}

10
src/app/accounts/apiKey.component.ts
View File

@@ -6,10 +6,10 @@ import { ModalService } from "@/jslib/angular/src/services/modal.service";
import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
import { LogService } from "@/jslib/common/src/abstractions/log.service";
import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
import Utils from "@/jslib/common/src/misc/utils";
import { Utils } from "@/jslib/common/src/misc/utils";
import { AuthService } from "../../abstractions/auth.service";
import { StateService } from "../../abstractions/state.service";
import { StateServiceVNext } from "../../abstractions/state-vNext.service";
import { EnvironmentComponent } from "./environment.component";
@@ -23,7 +23,7 @@ import { EnvironmentComponent } from "./environment.component";
// The only subscription in this component is closed from a child component, confusing eslint.
// https://github.com/cartant/eslint-plugin-rxjs-angular/blob/main/docs/rules/prefer-takeuntil.md
//
// eslint-disable-next-line rxjs-angular/prefer-takeuntil
// eslint-disable-next-line rxjs-angular-x/prefer-takeuntil
export class ApiKeyComponent {
@ViewChild("environment", { read: ViewContainerRef, static: true })
environmentModal: ViewContainerRef;
@@ -41,7 +41,7 @@ export class ApiKeyComponent {
private platformUtilsService: PlatformUtilsService,
private modalService: ModalService,
private logService: LogService,
private stateService: StateService,
private stateService: StateServiceVNext,
) {}
async submit() {
@@ -100,7 +100,7 @@ export class ApiKeyComponent {
this.environmentModal,
);
// eslint-disable-next-line rxjs-angular/prefer-takeuntil
// eslint-disable-next-line rxjs-angular-x/prefer-takeuntil
childComponent.onSaved.pipe(takeUntil(modalRef.onClosed)).subscribe(() => {
modalRef.close();
});

4
src/app/app.component.ts
View File

@@ -18,7 +18,7 @@ import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUt
import { TokenService } from "@/jslib/common/src/abstractions/token.service";
import { AuthService } from "../abstractions/auth.service";
import { StateService } from "../abstractions/state.service";
import { StateServiceVNext } from "../abstractions/state-vNext.service";
import { SyncService } from "../services/sync.service";
const BroadcasterSubscriptionId = "AppComponent";
@@ -45,7 +45,7 @@ export class AppComponent implements OnInit {
private platformUtilsService: PlatformUtilsService,
private messagingService: MessagingService,
private syncService: SyncService,
private stateService: StateService,
private stateService: StateServiceVNext,
private logService: LogService,
) {}

7
src/app/main.ts
View File

@@ -1,4 +1,4 @@
import { enableProdMode } from "@angular/core";
import { enableProdMode, provideZoneChangeDetection } from "@angular/core";
import { platformBrowserDynamic } from "@angular/platform-browser-dynamic";
import { isDev } from "@/jslib/electron/src/utils";
@@ -11,4 +11,7 @@ if (!isDev()) {
enableProdMode();
}
platformBrowserDynamic().bootstrapModule(AppModule, { preserveWhitespaces: true });
platformBrowserDynamic().bootstrapModule(AppModule, {
applicationProviders: [provideZoneChangeDetection()],
preserveWhitespaces: true,
});

4
src/app/services/auth-guard.service.ts
View File

@@ -2,12 +2,12 @@ import { Injectable } from "@angular/core";
import { MessagingService } from "@/jslib/common/src/abstractions/messaging.service";
import { StateService } from "../../abstractions/state.service";
import { StateServiceVNext } from "../../abstractions/state-vNext.service";
@Injectable()
export class AuthGuardService {
constructor(
private stateService: StateService,
private stateService: StateServiceVNext,
private messagingService: MessagingService,
) {}

4
src/app/services/launch-guard.service.ts
View File

@@ -1,12 +1,12 @@
import { Injectable } from "@angular/core";
import { Router } from "@angular/router";
import { StateService } from "../../abstractions/state.service";
import { StateServiceVNext } from "../../abstractions/state-vNext.service";
@Injectable()
export class LaunchGuardService {
constructor(
private stateService: StateService,
private stateService: StateServiceVNext,
private router: Router,
) {}

39
src/app/services/services.module.ts
View File

@@ -31,12 +31,14 @@ import { DefaultDirectoryFactoryService } from "@/src/services/directory-factory
import { SingleRequestBuilder } from "@/src/services/single-request-builder";
import { AuthService as AuthServiceAbstraction } from "../../abstractions/auth.service";
import { StateServiceVNext } from "../../abstractions/state-vNext.service";
import { StateService as StateServiceAbstraction } from "../../abstractions/state.service";
import { Account } from "../../models/account";
import { AuthService } from "../../services/auth.service";
import { I18nService } from "../../services/i18n.service";
import { StateService } from "../../services/state.service";
import { StateMigrationService } from "../../services/stateMigration.service";
import { StateServiceVNextImplementation } from "../../services/state-service/state-vNext.service";
import { StateService } from "../../services/state-service/state.service";
import { StateMigrationService } from "../../services/state-service/stateMigration.service";
import { SyncService } from "../../services/sync.service";
import { AuthGuardService } from "./auth-guard.service";
@@ -48,7 +50,7 @@ export function initFactory(
environmentService: EnvironmentServiceAbstraction,
i18nService: I18nServiceAbstraction,
platformUtilsService: PlatformUtilsServiceAbstraction,
stateService: StateServiceAbstraction,
stateService: StateServiceVNext,
cryptoService: CryptoServiceAbstraction,
): () => Promise<void> {
return async () => {
@@ -89,7 +91,7 @@ export function initFactory(
EnvironmentServiceAbstraction,
I18nServiceAbstraction,
PlatformUtilsServiceAbstraction,
StateServiceAbstraction,
StateServiceVNext,
CryptoServiceAbstraction,
],
multi: true,
@@ -166,7 +168,7 @@ export function initFactory(
AppIdServiceAbstraction,
PlatformUtilsServiceAbstraction,
MessagingServiceAbstraction,
StateServiceAbstraction,
StateServiceVNext,
],
}),
safeProvider({
@@ -178,7 +180,7 @@ export function initFactory(
MessagingServiceAbstraction,
I18nServiceAbstraction,
EnvironmentServiceAbstraction,
StateServiceAbstraction,
StateServiceVNext,
BatchRequestBuilder,
SingleRequestBuilder,
DirectoryFactoryService,
@@ -222,6 +224,29 @@ export function initFactory(
StateMigrationServiceAbstraction,
],
}),
// Use new StateServiceVNext with flat key-value structure (new interface)
safeProvider({
provide: StateServiceVNext,
useFactory: (
storageService: StorageServiceAbstraction,
secureStorageService: StorageServiceAbstraction,
logService: LogServiceAbstraction,
stateMigrationService: StateMigrationServiceAbstraction,
) =>
new StateServiceVNextImplementation(
storageService,
secureStorageService,
logService,
stateMigrationService,
true,
),
deps: [
StorageServiceAbstraction,
SECURE_STORAGE,
LogServiceAbstraction,
StateMigrationServiceAbstraction,
],
}),
safeProvider({
provide: SingleRequestBuilder,
deps: [],
@@ -233,7 +258,7 @@ export function initFactory(
safeProvider({
provide: DirectoryFactoryService,
useClass: DefaultDirectoryFactoryService,
deps: [LogServiceAbstraction, I18nServiceAbstraction, StateServiceAbstraction],
deps: [LogServiceAbstraction, I18nServiceAbstraction, StateServiceVNext],
}),
] satisfies SafeProvider[],
})

124
src/app/tabs/dashboard.component.html
View File

@@ -3,17 +3,25 @@
<div class="card-body">
<p>
{{ "lastGroupSync" | i18n }}:
<span *ngIf="!lastGroupSync">-</span>
@if (!lastGroupSync) {
<span>-</span>
}
{{ lastGroupSync | date: "medium" }}
<br />
{{ "lastUserSync" | i18n }}:
<span *ngIf="!lastUserSync">-</span>
@if (!lastUserSync) {
<span>-</span>
}
{{ lastUserSync | date: "medium" }}
</p>
<p>
{{ "syncStatus" | i18n }}:
<strong *ngIf="syncRunning" class="text-success">{{ "running" | i18n }}</strong>
<strong *ngIf="!syncRunning" class="text-danger">{{ "stopped" | i18n }}</strong>
@if (syncRunning) {
<strong class="text-success">{{ "running" | i18n }}</strong>
}
@if (!syncRunning) {
<strong class="text-danger">{{ "stopped" | i18n }}</strong>
}
</p>
<form #startForm [appApiAction]="startPromise" class="d-inline">
<button
@@ -60,57 +68,85 @@
/>
<label class="form-check-label" for="simSinceLast">{{ "testLastSync" | i18n }}</label>
</div>
<ng-container *ngIf="!simForm.loading && (simUsers || simGroups)">
@if (!simForm.loading && (simUsers || simGroups)) {
<hr />
<div class="row">
<div class="col-lg">
<h4>{{ "users" | i18n }}</h4>
<ul class="bwi-ul testing-list" *ngIf="simEnabledUsers && simEnabledUsers.length">
<li *ngFor="let u of simEnabledUsers" title="{{ u.referenceId }}">
<i class="bwi bwi-li bwi-user"></i>
{{ u.displayName }}
</li>
</ul>
<p *ngIf="!simEnabledUsers || !simEnabledUsers.length">
{{ "noUsers" | i18n }}
</p>
@if (simEnabledUsers && simEnabledUsers.length) {
<ul class="bwi-ul testing-list">
@for (u of simEnabledUsers; track u) {
<li title="{{ u.referenceId }}">
<i class="bwi bwi-li bwi-user"></i>
{{ u.displayName }}
</li>
}
</ul>
}
@if (!simEnabledUsers || !simEnabledUsers.length) {
<p>
{{ "noUsers" | i18n }}
</p>
}
<h4>{{ "disabledUsers" | i18n }}</h4>
<ul class="bwi-ul testing-list" *ngIf="simDisabledUsers && simDisabledUsers.length">
<li *ngFor="let u of simDisabledUsers" title="{{ u.referenceId }}">
<i class="bwi bwi-li bwi-user"></i>
{{ u.displayName }}
</li>
</ul>
<p *ngIf="!simDisabledUsers || !simDisabledUsers.length">
{{ "noUsers" | i18n }}
</p>
@if (simDisabledUsers && simDisabledUsers.length) {
<ul class="bwi-ul testing-list">
@for (u of simDisabledUsers; track u) {
<li title="{{ u.referenceId }}">
<i class="bwi bwi-li bwi-user"></i>
{{ u.displayName }}
</li>
}
</ul>
}
@if (!simDisabledUsers || !simDisabledUsers.length) {
<p>
{{ "noUsers" | i18n }}
</p>
}
<h4>{{ "deletedUsers" | i18n }}</h4>
<ul class="bwi-ul testing-list" *ngIf="simDeletedUsers && simDeletedUsers.length">
<li *ngFor="let u of simDeletedUsers" title="{{ u.referenceId }}">
<i class="bwi bwi-li bwi-user"></i>
{{ u.displayName }}
</li>
</ul>
<p *ngIf="!simDeletedUsers || !simDeletedUsers.length">
{{ "noUsers" | i18n }}
</p>
@if (simDeletedUsers && simDeletedUsers.length) {
<ul class="bwi-ul testing-list">
@for (u of simDeletedUsers; track u) {
<li title="{{ u.referenceId }}">
<i class="bwi bwi-li bwi-user"></i>
{{ u.displayName }}
</li>
}
</ul>
}
@if (!simDeletedUsers || !simDeletedUsers.length) {
<p>
{{ "noUsers" | i18n }}
</p>
}
</div>
<div class="col-lg">
<h4>{{ "groups" | i18n }}</h4>
<ul class="bwi-ul testing-list" *ngIf="simGroups && simGroups.length">
<li *ngFor="let g of simGroups" title="{{ g.referenceId }}">
<i class="bwi bwi-li bwi-sitemap"></i>
{{ g.displayName }}
<ul class="small" *ngIf="g.users && g.users.length">
<li *ngFor="let u of g.users" title="{{ u.referenceId }}">
{{ u.displayName }}
@if (simGroups && simGroups.length) {
<ul class="bwi-ul testing-list">
@for (g of simGroups; track g) {
<li title="{{ g.referenceId }}">
<i class="bwi bwi-li bwi-sitemap"></i>
{{ g.displayName }}
@if (g.users && g.users.length) {
<ul class="small">
@for (u of g.users; track u) {
<li title="{{ u.referenceId }}">
{{ u.displayName }}
</li>
}
</ul>
}
</li>
</ul>
</li>
</ul>
<p *ngIf="!simGroups || !simGroups.length">{{ "noGroups" | i18n }}</p>
}
</ul>
}
@if (!simGroups || !simGroups.length) {
<p>{{ "noGroups" | i18n }}</p>
}
</div>
</div>
</ng-container>
}
</div>
</div>

4
src/app/tabs/dashboard.component.ts
View File

@@ -5,7 +5,7 @@ import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
import { MessagingService } from "@/jslib/common/src/abstractions/messaging.service";
import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
import { StateService } from "../../abstractions/state.service";
import { StateServiceVNext } from "../../abstractions/state-vNext.service";
import { GroupEntry } from "../../models/groupEntry";
import { SimResult } from "../../models/simResult";
import { UserEntry } from "../../models/userEntry";
@@ -41,7 +41,7 @@ export class DashboardComponent implements OnInit, OnDestroy {
private messagingService: MessagingService,
private platformUtilsService: PlatformUtilsService,
private changeDetectorRef: ChangeDetectorRef,
private stateService: StateService,
private stateService: StateServiceVNext,
) {}
async ngOnInit() {

4
src/app/tabs/more.component.ts
View File

@@ -5,7 +5,7 @@ import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
import { MessagingService } from "@/jslib/common/src/abstractions/messaging.service";
import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
import { StateService } from "../../abstractions/state.service";
import { StateServiceVNext } from "../../abstractions/state-vNext.service";
const BroadcasterSubscriptionId = "MoreComponent";
@@ -26,7 +26,7 @@ export class MoreComponent implements OnInit {
private broadcasterService: BroadcasterService,
private ngZone: NgZone,
private changeDetectorRef: ChangeDetectorRef,
private stateService: StateService,
private stateService: StateServiceVNext,
) {}
async ngOnInit() {

330
src/app/tabs/settings.component.html
View File

@@ -6,9 +6,11 @@
<div class="mb-3">
<label for="directory" class="form-label">{{ "type" | i18n }}</label>
<select class="form-select" id="directory" name="Directory" [(ngModel)]="directory">
<option *ngFor="let o of directoryOptions" [ngValue]="o.value">
{{ o.name }}
</option>
@for (o of directoryOptions; track o) {
<option [ngValue]="o.value">
{{ o.name }}
</option>
}
</select>
</div>
<div [hidden]="directory != directoryType.Ldap">
@@ -51,20 +53,22 @@
<label class="form-check-label" for="ad">{{ "ldapAd" | i18n }}</label>
</div>
</div>
<div class="mb-3" *ngIf="!ldap.ad">
<div class="form-check">
<input
class="form-check-input"
type="checkbox"
id="pagedSearch"
[(ngModel)]="ldap.pagedSearch"
name="PagedSearch"
/>
<label class="form-check-label" for="pagedSearch">{{
"ldapPagedResults" | i18n
}}</label>
@if (!ldap.ad) {
<div class="mb-3">
<div class="form-check">
<input
class="form-check-input"
type="checkbox"
id="pagedSearch"
[(ngModel)]="ldap.pagedSearch"
name="PagedSearch"
/>
<label class="form-check-label" for="pagedSearch">{{
"ldapPagedResults" | i18n
}}</label>
</div>
</div>
</div>
}
<div class="mb-3">
<div class="form-check">
<input
@@ -79,116 +83,122 @@
}}</label>
</div>
</div>
<div class="ms-4" *ngIf="ldap.ssl">
<div class="mb-3">
<div class="form-check">
<input
class="form-check-input"
type="radio"
[value]="false"
id="ssl"
[(ngModel)]="ldap.startTls"
name="SSL"
/>
<label class="form-check-label" for="ssl">{{ "ldapSsl" | i18n }}</label>
@if (ldap.ssl) {
<div class="ms-4">
<div class="mb-3">
<div class="form-check">
<input
class="form-check-input"
type="radio"
[value]="false"
id="ssl"
[(ngModel)]="ldap.startTls"
name="SSL"
/>
<label class="form-check-label" for="ssl">{{ "ldapSsl" | i18n }}</label>
</div>
<div class="form-check">
<input
class="form-check-input"
type="radio"
[value]="true"
id="startTls"
[(ngModel)]="ldap.startTls"
name="StartTLS"
/>
<label class="form-check-label" for="startTls">{{ "ldapTls" | i18n }}</label>
</div>
</div>
<div class="form-check">
<input
class="form-check-input"
type="radio"
[value]="true"
id="startTls"
[(ngModel)]="ldap.startTls"
name="StartTLS"
/>
<label class="form-check-label" for="startTls">{{ "ldapTls" | i18n }}</label>
@if (ldap.startTls) {
<div class="ms-4">
<p>{{ "ldapTlsUntrustedDesc" | i18n }}</p>
<div class="mb-3">
<label for="tlsCaPath" class="form-label">{{ "ldapTlsCa" | i18n }}</label>
<input
type="file"
class="form-control mb-2"
id="tlsCaPath_file"
(change)="setSslPath('tlsCaPath')"
/>
<input
type="text"
class="form-control"
id="tlsCaPath"
name="TLSCaPath"
[(ngModel)]="ldap.tlsCaPath"
/>
</div>
</div>
}
@if (!ldap.startTls) {
<div class="ms-4">
<p>{{ "ldapSslUntrustedDesc" | i18n }}</p>
<div class="mb-3">
<label for="sslCertPath" class="form-label">{{ "ldapSslCert" | i18n }}</label>
<input
type="file"
class="form-control mb-2"
id="sslCertPath_file"
(change)="setSslPath('sslCertPath')"
/>
<input
type="text"
class="form-control"
id="sslCertPath"
name="SSLCertPath"
[(ngModel)]="ldap.sslCertPath"
/>
</div>
<div class="mb-3">
<label for="sslKeyPath" class="form-label">{{ "ldapSslKey" | i18n }}</label>
<input
type="file"
class="form-control mb-2"
id="sslKeyPath_file"
(change)="setSslPath('sslKeyPath')"
/>
<input
type="text"
class="form-control"
id="sslKeyPath"
name="SSLKeyPath"
[(ngModel)]="ldap.sslKeyPath"
/>
</div>
<div class="mb-3">
<label for="sslCaPath" class="form-label">{{ "ldapSslCa" | i18n }}</label>
<input
type="file"
class="form-control mb-2"
id="sslCaPath_file"
(change)="setSslPath('sslCaPath')"
/>
<input
type="text"
class="form-control"
id="sslCaPath"
name="SSLCaPath"
[(ngModel)]="ldap.sslCaPath"
/>
</div>
</div>
}
<div class="mb-3">
<div class="form-check">
<input
class="form-check-input"
type="checkbox"
id="certDoNotVerify"
[(ngModel)]="ldap.sslAllowUnauthorized"
name="CertDoNoVerify"
/>
<label class="form-check-label" for="certDoNotVerify">{{
"ldapCertDoNotVerify" | i18n
}}</label>
</div>
</div>
</div>
<div class="ms-4" *ngIf="ldap.startTls">
<p>{{ "ldapTlsUntrustedDesc" | i18n }}</p>
<div class="mb-3">
<label for="tlsCaPath" class="form-label">{{ "ldapTlsCa" | i18n }}</label>
<input
type="file"
class="form-control mb-2"
id="tlsCaPath_file"
(change)="setSslPath('tlsCaPath')"
/>
<input
type="text"
class="form-control"
id="tlsCaPath"
name="TLSCaPath"
[(ngModel)]="ldap.tlsCaPath"
/>
</div>
</div>
<div class="ms-4" *ngIf="!ldap.startTls">
<p>{{ "ldapSslUntrustedDesc" | i18n }}</p>
<div class="mb-3">
<label for="sslCertPath" class="form-label">{{ "ldapSslCert" | i18n }}</label>
<input
type="file"
class="form-control mb-2"
id="sslCertPath_file"
(change)="setSslPath('sslCertPath')"
/>
<input
type="text"
class="form-control"
id="sslCertPath"
name="SSLCertPath"
[(ngModel)]="ldap.sslCertPath"
/>
</div>
<div class="mb-3">
<label for="sslKeyPath" class="form-label">{{ "ldapSslKey" | i18n }}</label>
<input
type="file"
class="form-control mb-2"
id="sslKeyPath_file"
(change)="setSslPath('sslKeyPath')"
/>
<input
type="text"
class="form-control"
id="sslKeyPath"
name="SSLKeyPath"
[(ngModel)]="ldap.sslKeyPath"
/>
</div>
<div class="mb-3">
<label for="sslCaPath" class="form-label">{{ "ldapSslCa" | i18n }}</label>
<input
type="file"
class="form-control mb-2"
id="sslCaPath_file"
(change)="setSslPath('sslCaPath')"
/>
<input
type="text"
class="form-control"
id="sslCaPath"
name="SSLCaPath"
[(ngModel)]="ldap.sslCaPath"
/>
</div>
</div>
<div class="mb-3">
<div class="form-check">
<input
class="form-check-input"
type="checkbox"
id="certDoNotVerify"
[(ngModel)]="ldap.sslAllowUnauthorized"
name="CertDoNoVerify"
/>
<label class="form-check-label" for="certDoNotVerify">{{
"ldapCertDoNotVerify" | i18n
}}</label>
</div>
</div>
</div>
}
<div class="mb-3" [hidden]="true">
<div class="form-check">
<input
@@ -211,10 +221,12 @@
name="Username"
[(ngModel)]="ldap.username"
/>
<div class="form-text" *ngIf="ldap.ad">{{ "ex" | i18n }} company\admin</div>
<div class="form-text" *ngIf="!ldap.ad">
{{ "ex" | i18n }} cn=admin,dc=company,dc=com
</div>
@if (ldap.ad) {
<div class="form-text">{{ "ex" | i18n }} company\admin</div>
}
@if (!ldap.ad) {
<div class="form-text">{{ "ex" | i18n }} cn=admin,dc=company,dc=com</div>
}
</div>
<div class="mb-3">
<label for="password" class="form-label">{{ "password" | i18n }}</label>
@@ -604,18 +616,24 @@
name="UserFilter"
[(ngModel)]="sync.userFilter"
></textarea>
<div class="form-text" *ngIf="directory === directoryType.Ldap">
{{ "ex" | i18n }} (&amp;(givenName=John)(|(l=Dallas)(l=Austin)))
</div>
<div class="form-text" *ngIf="directory === directoryType.EntraID">
{{ "ex" | i18n }} exclude:joe&#64;company.com
</div>
<div class="form-text" *ngIf="directory === directoryType.Okta">
{{ "ex" | i18n }} exclude:joe&#64;company.com | profile.firstName eq "John"
</div>
<div class="form-text" *ngIf="directory === directoryType.GSuite">
{{ "ex" | i18n }} exclude:joe&#64;company.com | orgUnitPath=/Engineering
</div>
@if (directory === directoryType.Ldap) {
<div class="form-text">
{{ "ex" | i18n }} (&amp;(givenName=John)(|(l=Dallas)(l=Austin)))
</div>
}
@if (directory === directoryType.EntraID) {
<div class="form-text">{{ "ex" | i18n }} exclude:joe&#64;company.com</div>
}
@if (directory === directoryType.Okta) {
<div class="form-text">
{{ "ex" | i18n }} exclude:joe&#64;company.com | profile.firstName eq "John"
</div>
}
@if (directory === directoryType.GSuite) {
<div class="form-text">
{{ "ex" | i18n }} exclude:joe&#64;company.com | orgUnitPath=/Engineering
</div>
}
</div>
<div class="mb-3" [hidden]="directory != directoryType.Ldap">
<label for="userPath" class="form-label">{{ "userPath" | i18n }}</label>
@@ -681,18 +699,20 @@
name="GroupFilter"
[(ngModel)]="sync.groupFilter"
></textarea>
<div class="form-text" *ngIf="directory === directoryType.Ldap">
{{ "ex" | i18n }} (&amp;(objectClass=group)(!(cn=Sales*))(!(cn=IT*)))
</div>
<div class="form-text" *ngIf="directory === directoryType.EntraID">
{{ "ex" | i18n }} include:Sales,IT
</div>
<div class="form-text" *ngIf="directory === directoryType.Okta">
{{ "ex" | i18n }} include:Sales,IT | type eq "APP_GROUP"
</div>
<div class="form-text" *ngIf="directory === directoryType.GSuite">
{{ "ex" | i18n }} include:Sales,IT
</div>
@if (directory === directoryType.Ldap) {
<div class="form-text">
{{ "ex" | i18n }} (&amp;(objectClass=group)(!(cn=Sales*))(!(cn=IT*)))
</div>
}
@if (directory === directoryType.EntraID) {
<div class="form-text">{{ "ex" | i18n }} include:Sales,IT</div>
}
@if (directory === directoryType.Okta) {
<div class="form-text">{{ "ex" | i18n }} include:Sales,IT | type eq "APP_GROUP"</div>
}
@if (directory === directoryType.GSuite) {
<div class="form-text">{{ "ex" | i18n }} include:Sales,IT</div>
}
</div>
<div class="mb-3" [hidden]="directory != directoryType.Ldap">
<label for="groupPath" class="form-label">{{ "groupPath" | i18n }}</label>
@@ -703,8 +723,12 @@
name="GroupPath"
[(ngModel)]="sync.groupPath"
/>
<div class="form-text" *ngIf="!ldap.ad">{{ "ex" | i18n }} CN=Groups</div>
<div class="form-text" *ngIf="ldap.ad">{{ "ex" | i18n }} CN=Users</div>
@if (!ldap.ad) {
<div class="form-text">{{ "ex" | i18n }} CN=Groups</div>
}
@if (ldap.ad) {
<div class="form-text">{{ "ex" | i18n }} CN=Users</div>
}
</div>
<div [hidden]="directory != directoryType.Ldap || ldap.ad">
<div class="mb-3">

4
src/app/tabs/settings.component.ts
View File

@@ -4,7 +4,7 @@ import { webUtils } from "electron";
import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
import { LogService } from "@/jslib/common/src/abstractions/log.service";
import { StateService } from "../../abstractions/state.service";
import { StateServiceVNext } from "../../abstractions/state-vNext.service";
import { DirectoryType } from "../../enums/directoryType";
import { EntraIdConfiguration } from "../../models/entraIdConfiguration";
import { GSuiteConfiguration } from "../../models/gsuiteConfiguration";
@@ -39,7 +39,7 @@ export class SettingsComponent implements OnInit, OnDestroy {
private changeDetectorRef: ChangeDetectorRef,
private ngZone: NgZone,
private logService: LogService,
private stateService: StateService,
private stateService: StateServiceVNext,
) {
this.directoryOptions = [
{ name: this.i18nService.t("select"), value: null },

31
src/bwdc.ts
View File

@@ -1,4 +1,6 @@
import * as fs from "fs";
import { dirname } from "node:path";
import { fileURLToPath } from "node:url";
import * as path from "path";
import { StorageService as StorageServiceAbstraction } from "@/jslib/common/src/abstractions/storage.service";
@@ -17,7 +19,10 @@ import { ConsoleLogService } from "@/jslib/node/src/cli/services/consoleLog.serv
import { NodeApiService } from "@/jslib/node/src/services/nodeApi.service";
import { NodeCryptoFunctionService } from "@/jslib/node/src/services/nodeCryptoFunction.service";
import packageJson from "../package.json";
import { DirectoryFactoryService } from "./abstractions/directory-factory.service";
import { StateServiceVNext } from "./abstractions/state-vNext.service";
import { Account } from "./models/account";
import { Program } from "./program";
import { AuthService } from "./services/auth.service";
@@ -27,12 +32,15 @@ import { I18nService } from "./services/i18n.service";
import { KeytarSecureStorageService } from "./services/keytarSecureStorage.service";
import { LowdbStorageService } from "./services/lowdbStorage.service";
import { SingleRequestBuilder } from "./services/single-request-builder";
import { StateService } from "./services/state.service";
import { StateMigrationService } from "./services/stateMigration.service";
import { StateServiceVNextImplementation } from "./services/state-service/state-vNext.service";
import { StateService } from "./services/state-service/state.service";
import { StateMigrationService } from "./services/state-service/stateMigration.service";
import { SyncService } from "./services/sync.service";
// eslint-disable-next-line
const packageJson = require("../package.json");
// ESM __dirname polyfill for Node 20
const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);
export class Main {
dataFilePath: string;
@@ -53,6 +61,7 @@ export class Main {
cryptoFunctionService: NodeCryptoFunctionService;
authService: AuthService;
syncService: SyncService;
stateServiceVNext: StateServiceVNext;
stateService: StateService;
stateMigrationService: StateMigrationService;
directoryFactoryService: DirectoryFactoryService;
@@ -116,6 +125,14 @@ export class Main {
process.env.BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS !== "true",
new StateFactory(GlobalState, Account),
);
// Use new StateServiceVNext with flat key-value structure
this.stateServiceVNext = new StateServiceVNextImplementation(
this.storageService,
this.secureStorageService,
this.logService,
this.stateMigrationService,
process.env.BITWARDENCLI_CONNECTOR_PLAINTEXT_SECRETS !== "true",
);
this.cryptoService = new CryptoService(
this.cryptoFunctionService,
@@ -150,13 +167,13 @@ export class Main {
this.appIdService,
this.platformUtilsService,
this.messagingService,
this.stateService,
this.stateServiceVNext,
);
this.directoryFactoryService = new DefaultDirectoryFactoryService(
this.logService,
this.i18nService,
this.stateService,
this.stateServiceVNext,
);
this.batchRequestBuilder = new BatchRequestBuilder();
@@ -168,7 +185,7 @@ export class Main {
this.messagingService,
this.i18nService,
this.environmentService,
this.stateService,
this.stateServiceVNext,
this.batchRequestBuilder,
this.singleRequestBuilder,
this.directoryFactoryService,

4
src/commands/clearCache.command.ts
View File

@@ -4,12 +4,12 @@ import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
import { Response } from "@/jslib/node/src/cli/models/response";
import { MessageResponse } from "@/jslib/node/src/cli/models/response/messageResponse";
import { StateService } from "../abstractions/state.service";
import { StateServiceVNext } from "../abstractions/state-vNext.service";
export class ClearCacheCommand {
constructor(
private i18nService: I18nService,
private stateService: StateService,
private stateService: StateServiceVNext,
) {}
async run(cmd: program.OptionValues): Promise<Response> {

4
src/commands/config.command.ts
View File

@@ -6,7 +6,7 @@ import { NodeUtils } from "@/jslib/common/src/misc/nodeUtils";
import { Response } from "@/jslib/node/src/cli/models/response";
import { MessageResponse } from "@/jslib/node/src/cli/models/response/messageResponse";
import { StateService } from "../abstractions/state.service";
import { StateServiceVNext } from "../abstractions/state-vNext.service";
import { DirectoryType } from "../enums/directoryType";
import { EntraIdConfiguration } from "../models/entraIdConfiguration";
import { GSuiteConfiguration } from "../models/gsuiteConfiguration";
@@ -28,7 +28,7 @@ export class ConfigCommand {
constructor(
private environmentService: EnvironmentService,
private i18nService: I18nService,
private stateService: StateService,
private stateService: StateServiceVNext,
) {}
async run(setting: string, value: string, options: program.OptionValues): Promise<Response> {

4
src/commands/lastSync.command.ts
View File

@@ -1,10 +1,10 @@
import { Response } from "@/jslib/node/src/cli/models/response";
import { StringResponse } from "@/jslib/node/src/cli/models/response/stringResponse";
import { StateService } from "../abstractions/state.service";
import { StateServiceVNext } from "../abstractions/state-vNext.service";
export class LastSyncCommand {
constructor(private stateService: StateService) {}
constructor(private stateService: StateServiceVNext) {}
async run(object: string): Promise<Response> {
try {

2
src/commands/login.command.ts
View File

@@ -3,7 +3,7 @@ import * as inquirer from "inquirer";
import { Response } from "@/jslib/node/src/cli/models/response";
import { MessageResponse } from "@/jslib/node/src/cli/models/response/messageResponse";
import Utils from "../../jslib/common/src/misc/utils";
import { Utils } from "../../jslib/common/src/misc/utils";
import { AuthService } from "../abstractions/auth.service";
export class LoginCommand {

26
src/main.ts
View File

@@ -1,6 +1,9 @@
import { dirname } from "node:path";
import { fileURLToPath } from "node:url";
import * as path from "path";
import { app } from "electron";
import electronReload from "electron-reload";
import { StateFactory } from "@/jslib/common/src/factories/stateFactory";
import { GlobalState } from "@/jslib/common/src/models/domain/globalState";
@@ -11,12 +14,21 @@ import { TrayMain } from "@/jslib/electron/src/tray.main";
import { UpdaterMain } from "@/jslib/electron/src/updater.main";
import { WindowMain } from "@/jslib/electron/src/window.main";
import { StateServiceVNext } from "./abstractions/state-vNext.service";
import { DCCredentialStorageListener } from "./main/credential-storage-listener";
import { MenuMain } from "./main/menu.main";
import { MessagingMain } from "./main/messaging.main";
import { Account } from "./models/account";
import { I18nService } from "./services/i18n.service";
import { StateService } from "./services/state.service";
import { StateServiceVNextImplementation } from "./services/state-service/state-vNext.service";
import { StateService } from "./services/state-service/state.service";
// ESM __dirname polyfill for Node 20
const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);
// Import electron-reload for dev mode hot reload
export class Main {
logService: ElectronLogService;
@@ -24,6 +36,7 @@ export class Main {
storageService: ElectronStorageService;
messagingService: ElectronMainMessagingService;
credentialStorageListener: DCCredentialStorageListener;
stateServiceVNext: StateServiceVNext;
stateService: StateService;
windowMain: WindowMain;
@@ -50,8 +63,7 @@ export class Main {
const watch = args.some((val) => val === "--watch");
if (watch) {
// eslint-disable-next-line
require("electron-reload")(__dirname, {});
electronReload(__dirname, {});
}
this.logService = new ElectronLogService(null, app.getPath("userData"));
@@ -66,6 +78,14 @@ export class Main {
true,
new StateFactory(GlobalState, Account),
);
// Use new StateServiceVNext with flat key-value structure
this.stateServiceVNext = new StateServiceVNextImplementation(
this.storageService,
null,
this.logService,
null,
true,
);
this.windowMain = new WindowMain(
this.stateService,

2
src/main/messaging.main.ts
View File

@@ -9,7 +9,7 @@ import { MenuMain } from "./menu.main";
const SyncCheckInterval = 60 * 1000; // 1 minute
export class MessagingMain {
private syncTimeout: NodeJS.Timeout;
private syncTimeout: ReturnType<typeof setTimeout>;
constructor(
private windowMain: WindowMain,

36
src/models/account.ts
View File

@@ -1,5 +1,3 @@
import { Account as BaseAccount } from "@/jslib/common/src/models/domain/account";
import { DirectoryType } from "@/src/enums/directoryType";
import { EntraIdConfiguration } from "./entraIdConfiguration";
@@ -9,23 +7,39 @@ import { OktaConfiguration } from "./oktaConfiguration";
import { OneLoginConfiguration } from "./oneLoginConfiguration";
import { SyncConfiguration } from "./syncConfiguration";
export class Account extends BaseAccount {
directoryConfigurations?: DirectoryConfigurations = new DirectoryConfigurations();
export class Account {
// Authentication fields (flattened from nested profile/tokens/keys structure)
userId: string;
entityId: string;
apiKeyClientId: string;
accessToken: string;
refreshToken: string;
apiKeyClientSecret: string;
// Directory Connector specific fields
directoryConfigurations: DirectoryConfigurations = new DirectoryConfigurations();
directorySettings: DirectorySettings = new DirectorySettings();
clientKeys: ClientKeys = new ClientKeys();
// FIXME: Remove these compatibility fields after StateServiceVNext migration (PR #990) is merged
// These fields are unused but required for type compatibility with jslib's StateService infrastructure
data?: any;
keys?: any;
profile?: any;
settings?: any;
tokens?: any;
constructor(init: Partial<Account>) {
super(init);
this.userId = init?.userId;
this.entityId = init?.entityId;
this.apiKeyClientId = init?.apiKeyClientId;
this.accessToken = init?.accessToken;
this.refreshToken = init?.refreshToken;
this.apiKeyClientSecret = init?.apiKeyClientSecret;
this.directoryConfigurations = init?.directoryConfigurations ?? new DirectoryConfigurations();
this.directorySettings = init?.directorySettings ?? new DirectorySettings();
}
}
export class ClientKeys {
clientId: string;
clientSecret: string;
}
export class DirectoryConfigurations {
ldap: LdapConfiguration;
gsuite: GSuiteConfiguration;

108
src/models/state.model.ts Normal file
View File

@@ -0,0 +1,108 @@
// ===================================================================
// vNext Storage Keys (Flat key-value structure)
// ===================================================================
export const StorageKeysVNext = {
stateVersion: "stateVersion",
directoryType: "directoryType",
organizationId: "organizationId",
directory_ldap: "directory_ldap",
directory_gsuite: "directory_gsuite",
directory_entra: "directory_entra",
directory_okta: "directory_okta",
directory_onelogin: "directory_onelogin",
sync: "sync",
syncingDir: "syncingDir",
};
export const SecureStorageKeysVNext: { [key: string]: any } = {
ldap: "secret_ldap",
gsuite: "secret_gsuite",
// Azure Active Directory was renamed to Entra ID, but we've kept the old property name
// to be backwards compatible with existing configurations.
azure: "secret_azure",
entra: "secret_entra",
okta: "secret_okta",
oneLogin: "secret_oneLogin",
userDelta: "userDeltaToken",
groupDelta: "groupDeltaToken",
lastUserSync: "lastUserSync",
lastGroupSync: "lastGroupSync",
lastSyncHash: "lastSyncHash",
};
// ===================================================================
// Legacy Storage Keys (Account-based hierarchy)
// ===================================================================
export const SecureStorageKeysLegacy = {
ldap: "ldapPassword",
gsuite: "gsuitePrivateKey",
// Azure Active Directory was renamed to Entra ID, but we've kept the old property name
// to be backwards compatible with existing configurations.
azure: "azureKey",
entra: "entraKey",
okta: "oktaToken",
oneLogin: "oneLoginClientSecret",
userDelta: "userDeltaToken",
groupDelta: "groupDeltaToken",
lastUserSync: "lastUserSync",
lastGroupSync: "lastGroupSync",
lastSyncHash: "lastSyncHash",
};
export const TempKeys = {
tempAccountSettings: "tempAccountSettings",
tempDirectoryConfigs: "tempDirectoryConfigs",
tempDirectorySettings: "tempDirectorySettings",
};
// ===================================================================
// Migration Storage Keys
// ===================================================================
export const SecureStorageKeysMigration: { [key: string]: any } = {
ldap: "ldapPassword",
gsuite: "gsuitePrivateKey",
azure: "azureKey",
entra: "entraIdKey",
okta: "oktaToken",
oneLogin: "oneLoginClientSecret",
directoryConfigPrefix: "directoryConfig_",
sync: "syncConfig",
directoryType: "directoryType",
organizationId: "organizationId",
};
export const MigrationKeys: { [key: string]: any } = {
entityId: "entityId",
directoryType: "directoryType",
organizationId: "organizationId",
lastUserSync: "lastUserSync",
lastGroupSync: "lastGroupSync",
lastSyncHash: "lastSyncHash",
syncingDir: "syncingDir",
syncConfig: "syncConfig",
userDelta: "userDeltaToken",
groupDelta: "groupDeltaToken",
tempDirectoryConfigs: "tempDirectoryConfigs",
tempDirectorySettings: "tempDirectorySettings",
};
export const MigrationStateKeys = {
global: "global",
authenticatedAccounts: "authenticatedAccounts",
};
export const MigrationClientKeys: { [key: string]: any } = {
clientIdOld: "clientId",
clientId: "apikey_clientId",
clientSecretOld: "clientSecret",
clientSecret: "apikey_clientSecret",
};
// ===================================================================
// Shared Constants
// ===================================================================
export const StoredSecurely = "[STORED SECURELY]";

2
src/program.ts
View File

@@ -3,7 +3,7 @@ import * as path from "path";
import * as chalk from "chalk";
import { Command, OptionValues } from "commander";
import Utils from "@/jslib/common/src/misc/utils";
import { Utils } from "@/jslib/common/src/misc/utils";
import { BaseProgram } from "@/jslib/node/src/cli/baseProgram";
import { UpdateCommand } from "@/jslib/node/src/cli/commands/update.command";
import { Response } from "@/jslib/node/src/cli/models/response";

2
src/scss/bootstrap.scss vendored
View File

@@ -28,4 +28,4 @@ $danger: map_get($theme-colors, "danger");
$secondary: map_get($theme-colors, "secondary");
$secondary-alt: map_get($theme-colors, "secondary-alt");
@import "~bootstrap/scss/bootstrap.scss";
@import "bootstrap/scss/bootstrap.scss";

2
src/scss/environment.scss
View File

@@ -1,4 +1,4 @@
@import "~bootstrap/scss/_variables.scss";
@import "bootstrap/scss/_variables.scss";
html.os_windows {
body {

2
src/scss/misc.scss
View File

@@ -1,4 +1,4 @@
@import "~bootstrap/scss/_variables.scss";
@import "bootstrap/scss/_variables.scss";
body {
padding: 10px 0 20px 0;

4
src/scss/plugins.scss
View File

@@ -1,6 +1,6 @@
@import "~ngx-toastr/toastr";
@import "ngx-toastr/toastr";
@import "~bootstrap/scss/_variables.scss";
@import "bootstrap/scss/_variables.scss";
.toast-container {
.toast-close-button {

41
src/services/auth.service.ts
View File

@@ -2,18 +2,12 @@ import { ApiService } from "@/jslib/common/src/abstractions/api.service";
import { AppIdService } from "@/jslib/common/src/abstractions/appId.service";
import { MessagingService } from "@/jslib/common/src/abstractions/messaging.service";
import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
import {
AccountKeys,
AccountProfile,
AccountTokens,
} from "@/jslib/common/src/models/domain/account";
import { DeviceRequest } from "@/jslib/common/src/models/request/deviceRequest";
import { ApiTokenRequest } from "@/jslib/common/src/models/request/identityToken/apiTokenRequest";
import { TokenRequestTwoFactor } from "@/jslib/common/src/models/request/identityToken/tokenRequestTwoFactor";
import { IdentityTokenResponse } from "@/jslib/common/src/models/response/identityTokenResponse";
import { StateService } from "../abstractions/state.service";
import { Account, DirectoryConfigurations, DirectorySettings } from "../models/account";
import { StateServiceVNext } from "../abstractions/state-vNext.service";
export class AuthService {
constructor(
@@ -21,7 +15,7 @@ export class AuthService {
private appIdService: AppIdService,
private platformUtilsService: PlatformUtilsService,
private messagingService: MessagingService,
private stateService: StateService,
private stateService: StateServiceVNext,
) {}
async logIn(credentials: { clientId: string; clientSecret: string }) {
@@ -58,34 +52,9 @@ export class AuthService {
) {
const clientId = tokenRequest.clientId;
const entityId = clientId.split("organization.")[1];
const clientSecret = tokenRequest.clientSecret;
await this.stateService.addAccount(
new Account({
profile: {
...new AccountProfile(),
...{
userId: entityId,
apiKeyClientId: clientId,
entityId: entityId,
},
},
tokens: {
...new AccountTokens(),
...{
accessToken: tokenResponse.accessToken,
refreshToken: tokenResponse.refreshToken,
},
},
keys: {
...new AccountKeys(),
...{
apiKeyClientSecret: clientSecret,
},
},
directorySettings: new DirectorySettings(),
directoryConfigurations: new DirectoryConfigurations(),
}),
);
// DC is single-organization, so we only need to set the organization ID
// TokenService handles token storage via its own StateService instance
await this.stateService.setOrganizationId(entityId);
}
}

69
src/services/authService.spec.ts
View File

@@ -1,21 +1,15 @@
import { Arg, Substitute, SubstituteOf } from "@fluffy-spoon/substitute";
import { mock } from "jest-mock-extended";
import { ApiService } from "@/jslib/common/src/abstractions/api.service";
import { AppIdService } from "@/jslib/common/src/abstractions/appId.service";
import { MessagingService } from "@/jslib/common/src/abstractions/messaging.service";
import { PlatformUtilsService } from "@/jslib/common/src/abstractions/platformUtils.service";
import Utils from "@/jslib/common/src/misc/utils";
import {
AccountKeys,
AccountProfile,
AccountTokens,
} from "@/jslib/common/src/models/domain/account";
import { Utils } from "@/jslib/common/src/misc/utils";
import { IdentityTokenResponse } from "@/jslib/common/src/models/response/identityTokenResponse";
import { MessagingService } from "../../jslib/common/src/abstractions/messaging.service";
import { Account, DirectoryConfigurations, DirectorySettings } from "../models/account";
import { StateServiceVNext } from "../abstractions/state-vNext.service";
import { AuthService } from "./auth.service";
import { StateService } from "./state.service";
const clientId = "organization.CLIENT_ID";
const clientSecret = "CLIENT_SECRET";
@@ -35,22 +29,22 @@ export function identityTokenResponseFactory() {
}
describe("AuthService", () => {
let apiService: SubstituteOf<ApiService>;
let appIdService: SubstituteOf<AppIdService>;
let platformUtilsService: SubstituteOf<PlatformUtilsService>;
let messagingService: SubstituteOf<MessagingService>;
let stateService: SubstituteOf<StateService>;
let apiService: jest.Mocked<ApiService>;
let appIdService: jest.Mocked<AppIdService>;
let platformUtilsService: jest.Mocked<PlatformUtilsService>;
let messagingService: jest.Mocked<MessagingService>;
let stateService: jest.Mocked<StateServiceVNext>;
let authService: AuthService;
beforeEach(async () => {
apiService = Substitute.for();
appIdService = Substitute.for();
platformUtilsService = Substitute.for();
stateService = Substitute.for();
messagingService = Substitute.for();
apiService = mock<ApiService>();
appIdService = mock<AppIdService>();
platformUtilsService = mock<PlatformUtilsService>();
stateService = mock<StateServiceVNext>();
messagingService = mock<MessagingService>();
appIdService.getAppId().resolves(deviceId);
appIdService.getAppId.mockResolvedValue(deviceId);
authService = new AuthService(
apiService,
@@ -61,37 +55,12 @@ describe("AuthService", () => {
);
});
it("sets the local environment after a successful login", async () => {
apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
it("sets the organization ID after a successful login", async () => {
apiService.postIdentityToken.mockResolvedValue(identityTokenResponseFactory());
await authService.logIn({ clientId, clientSecret });
stateService.received(1).addAccount(
new Account({
profile: {
...new AccountProfile(),
...{
userId: "CLIENT_ID",
apiKeyClientId: clientId, // with the "organization." prefix
entityId: "CLIENT_ID",
},
},
tokens: {
...new AccountTokens(),
...{
accessToken: accessToken,
refreshToken: refreshToken,
},
},
keys: {
...new AccountKeys(),
...{
apiKeyClientSecret: clientSecret,
},
},
directorySettings: new DirectorySettings(),
directoryConfigurations: new DirectoryConfigurations(),
}),
);
expect(stateService.setOrganizationId).toHaveBeenCalledTimes(1);
expect(stateService.setOrganizationId).toHaveBeenCalledWith("CLIENT_ID");
});
});

4
src/services/directory-factory.service.ts
View File

@@ -2,7 +2,7 @@ import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
import { LogService } from "@/jslib/common/src/abstractions/log.service";
import { DirectoryFactoryService } from "../abstractions/directory-factory.service";
import { StateService } from "../abstractions/state.service";
import { StateServiceVNext } from "../abstractions/state-vNext.service";
import { DirectoryType } from "../enums/directoryType";
import { EntraIdDirectoryService } from "./directory-services/entra-id-directory.service";
@@ -15,7 +15,7 @@ export class DefaultDirectoryFactoryService implements DirectoryFactoryService {
constructor(
private logService: LogService,
private i18nService: I18nService,
private stateService: StateService,
private stateService: StateServiceVNext,
) {}
createService(directoryType: DirectoryType) {

12
src/services/directory-services/entra-id-directory.service.ts
View File

@@ -7,7 +7,7 @@ import * as graphType from "@microsoft/microsoft-graph-types";
import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
import { LogService } from "@/jslib/common/src/abstractions/log.service";
import { StateService } from "../../abstractions/state.service";
import { StateServiceVNext } from "../../abstractions/state-vNext.service";
import { DirectoryType } from "../../enums/directoryType";
import { EntraIdConfiguration } from "../../models/entraIdConfiguration";
import { GroupEntry } from "../../models/groupEntry";
@@ -44,7 +44,7 @@ export class EntraIdDirectoryService extends BaseDirectoryService implements IDi
constructor(
private logService: LogService,
private i18nService: I18nService,
private stateService: StateService,
private stateService: StateServiceVNext,
) {
super();
this.init();
@@ -132,7 +132,7 @@ export class EntraIdDirectoryService extends BaseDirectoryService implements IDi
}
const setFilter = this.createCustomUserSet(this.syncConfig.userFilter);
// eslint-disable-next-line
while (true) {
const users: graphType.User[] = res.value;
if (users != null) {
@@ -211,7 +211,7 @@ export class EntraIdDirectoryService extends BaseDirectoryService implements IDi
let auMembers = await this.client
.api(`${this.getGraphApiEndpoint()}/v1.0/directory/administrativeUnits/${p}/members`)
.get();
// eslint-disable-next-line
while (true) {
for (const auMember of auMembers.value) {
const groupId = auMember.id;
@@ -328,7 +328,7 @@ export class EntraIdDirectoryService extends BaseDirectoryService implements IDi
const entries: GroupEntry[] = [];
const groupsReq = this.client.api("/groups");
let res = await groupsReq.get();
// eslint-disable-next-line
while (true) {
const groups: graphType.Group[] = res.value;
if (groups != null) {
@@ -421,7 +421,7 @@ export class EntraIdDirectoryService extends BaseDirectoryService implements IDi
const memReq = this.client.api("/groups/" + group.id + "/members");
let memRes = await memReq.get();
// eslint-disable-next-line
while (true) {
const members: any = memRes.value;
if (members != null) {

5
src/services/directory-services/gsuite-directory.service.integration.spec.ts
View File

@@ -1,6 +1,8 @@
import { config as dotenvConfig } from "dotenv";
import { mock, MockProxy } from "jest-mock-extended";
import { StateServiceVNext } from "@/src/abstractions/state-vNext.service";
import { I18nService } from "../../../jslib/common/src/abstractions/i18n.service";
import { LogService } from "../../../jslib/common/src/abstractions/log.service";
import {
@@ -10,7 +12,6 @@ import {
import { groupFixtures } from "../../../utils/google-workspace/group-fixtures";
import { userFixtures } from "../../../utils/google-workspace/user-fixtures";
import { DirectoryType } from "../../enums/directoryType";
import { StateService } from "../state.service";
import { GSuiteDirectoryService } from "./gsuite-directory.service";
@@ -34,7 +35,7 @@ jest.setTimeout(15000);
describe("gsuiteDirectoryService", () => {
let logService: MockProxy<LogService>;
let i18nService: MockProxy<I18nService>;
let stateService: MockProxy<StateService>;
let stateService: MockProxy<StateServiceVNext>;
let directoryService: GSuiteDirectoryService;

11
src/services/directory-services/gsuite-directory.service.ts
View File

@@ -4,7 +4,8 @@ import { admin_directory_v1, google } from "googleapis";
import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
import { LogService } from "@/jslib/common/src/abstractions/log.service";
import { StateService } from "../../abstractions/state.service";
import { StateServiceVNext } from "@/src/abstractions/state-vNext.service";
import { DirectoryType } from "../../enums/directoryType";
import { GroupEntry } from "../../models/groupEntry";
import { GSuiteConfiguration } from "../../models/gsuiteConfiguration";
@@ -24,7 +25,7 @@ export class GSuiteDirectoryService extends BaseDirectoryService implements IDir
constructor(
private logService: LogService,
private i18nService: I18nService,
private stateService: StateService,
private stateService: StateServiceVNext,
) {
super();
this.service = google.admin("directory_v1");
@@ -71,7 +72,7 @@ export class GSuiteDirectoryService extends BaseDirectoryService implements IDir
let nextPageToken: string = null;
const filter = this.createCustomSet(this.syncConfig.userFilter);
// eslint-disable-next-line
while (true) {
this.logService.info("Querying users - nextPageToken:" + nextPageToken);
const p = Object.assign({ query: query, pageToken: nextPageToken }, this.authParams);
@@ -99,7 +100,7 @@ export class GSuiteDirectoryService extends BaseDirectoryService implements IDir
}
nextPageToken = null;
// eslint-disable-next-line
while (true) {
this.logService.info("Querying deleted users - nextPageToken:" + nextPageToken);
const p = Object.assign(
@@ -154,7 +155,6 @@ export class GSuiteDirectoryService extends BaseDirectoryService implements IDir
const query = this.createDirectoryQuery(this.syncConfig.groupFilter);
let nextPageToken: string = null;
// eslint-disable-next-line
while (true) {
this.logService.info("Querying groups - nextPageToken:" + nextPageToken);
let p = null;
@@ -194,7 +194,6 @@ export class GSuiteDirectoryService extends BaseDirectoryService implements IDir
entry.externalId = group.id;
entry.name = group.name;
// eslint-disable-next-line
while (true) {
const p = Object.assign({ groupKey: group.id, pageToken: nextPageToken }, this.authParams);
const memRes = await this.service.members.list(p);

4
src/services/directory-services/ldap-directory.service.integration.spec.ts
View File

@@ -8,8 +8,8 @@ import {
} from "../../../utils/openldap/config-fixtures";
import { groupFixtures } from "../../../utils/openldap/group-fixtures";
import { userFixtures } from "../../../utils/openldap/user-fixtures";
import { StateServiceVNext } from "../../abstractions/state-vNext.service";
import { DirectoryType } from "../../enums/directoryType";
import { StateService } from "../state.service";
import { LdapDirectoryService } from "./ldap-directory.service";
@@ -22,7 +22,7 @@ import { LdapDirectoryService } from "./ldap-directory.service";
describe("ldapDirectoryService", () => {
let logService: MockProxy<LogService>;
let i18nService: MockProxy<I18nService>;
let stateService: MockProxy<StateService>;
let stateService: MockProxy<StateServiceVNext>;
let directoryService: LdapDirectoryService;

13
src/services/directory-services/ldap-directory.service.ts
View File

@@ -5,9 +5,9 @@ import * as ldapts from "ldapts";
import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
import { LogService } from "@/jslib/common/src/abstractions/log.service";
import Utils from "@/jslib/common/src/misc/utils";
import { Utils } from "@/jslib/common/src/misc/utils";
import { StateService } from "../../abstractions/state.service";
import { StateServiceVNext } from "../../abstractions/state-vNext.service";
import { DirectoryType } from "../../enums/directoryType";
import { GroupEntry } from "../../models/groupEntry";
import { LdapConfiguration } from "../../models/ldapConfiguration";
@@ -31,7 +31,7 @@ export class LdapDirectoryService implements IDirectoryService {
constructor(
private logService: LogService,
private i18nService: I18nService,
private stateService: StateService,
private stateService: StateServiceVNext,
) {}
async getEntries(force: boolean, test: boolean): Promise<[GroupEntry[], UserEntry[]]> {
@@ -68,10 +68,12 @@ export class LdapDirectoryService implements IDirectoryService {
}
groups = await this.getGroups(groupForce);
}
} finally {
} catch (e) {
await this.client.unbind();
throw e;
}
await this.client.unbind();
return [groups, users];
}
@@ -453,8 +455,9 @@ export class LdapDirectoryService implements IDirectoryService {
try {
await this.client.bind(user, pass);
} catch {
} catch (error) {
await this.client.unbind();
throw error;
}
}

4
src/services/directory-services/okta-directory.service.ts
View File

@@ -3,7 +3,7 @@ import * as https from "https";
import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
import { LogService } from "@/jslib/common/src/abstractions/log.service";
import { StateService } from "../../abstractions/state.service";
import { StateServiceVNext } from "../../abstractions/state-vNext.service";
import { DirectoryType } from "../../enums/directoryType";
import { GroupEntry } from "../../models/groupEntry";
import { OktaConfiguration } from "../../models/oktaConfiguration";
@@ -23,7 +23,7 @@ export class OktaDirectoryService extends BaseDirectoryService implements IDirec
constructor(
private logService: LogService,
private i18nService: I18nService,
private stateService: StateService,
private stateService: StateServiceVNext,
) {
super();
}

4
src/services/directory-services/onelogin-directory.service.ts
View File

@@ -1,7 +1,7 @@
import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
import { LogService } from "@/jslib/common/src/abstractions/log.service";
import { StateService } from "../../abstractions/state.service";
import { StateServiceVNext } from "../../abstractions/state-vNext.service";
import { DirectoryType } from "../../enums/directoryType";
import { GroupEntry } from "../../models/groupEntry";
import { OneLoginConfiguration } from "../../models/oneLoginConfiguration";
@@ -23,7 +23,7 @@ export class OneLoginDirectoryService extends BaseDirectoryService implements ID
constructor(
private logService: LogService,
private i18nService: I18nService,
private stateService: StateService,
private stateService: StateServiceVNext,
) {
super();
}

2
src/services/lowdbStorage.service.ts
View File

@@ -1,7 +1,7 @@
import * as lock from "proper-lockfile";
import { LogService } from "@/jslib/common/src/abstractions/log.service";
import Utils from "@/jslib/common/src/misc/utils";
import { Utils } from "@/jslib/common/src/misc/utils";
import { LowdbStorageService as LowdbStorageServiceBase } from "@/jslib/node/src/services/lowdbStorage.service";
export class LowdbStorageService extends LowdbStorageServiceBase {

488
src/services/state-service/state-vNext.service.spec.ts Normal file
View File

@@ -0,0 +1,488 @@
import { mock, MockProxy } from "jest-mock-extended";
import { LogService } from "@/jslib/common/src/abstractions/log.service";
import { StateMigrationService } from "@/jslib/common/src/abstractions/stateMigration.service";
import { StorageService } from "@/jslib/common/src/abstractions/storage.service";
import { DirectoryType } from "@/src/enums/directoryType";
import { EntraIdConfiguration } from "@/src/models/entraIdConfiguration";
import { GSuiteConfiguration } from "@/src/models/gsuiteConfiguration";
import { LdapConfiguration } from "@/src/models/ldapConfiguration";
import { OktaConfiguration } from "@/src/models/oktaConfiguration";
import { OneLoginConfiguration } from "@/src/models/oneLoginConfiguration";
import { StorageKeysVNext as StorageKeys, StoredSecurely } from "@/src/models/state.model";
import { SyncConfiguration } from "@/src/models/syncConfiguration";
import { StateServiceVNextImplementation } from "./state-vNext.service";
describe("StateServiceVNextImplementation", () => {
let storageService: MockProxy<StorageService>;
let secureStorageService: MockProxy<StorageService>;
let logService: MockProxy<LogService>;
let stateMigrationService: MockProxy<StateMigrationService>;
let stateService: StateServiceVNextImplementation;
beforeEach(() => {
storageService = mock<StorageService>();
secureStorageService = mock<StorageService>();
logService = mock<LogService>();
stateMigrationService = mock<StateMigrationService>();
stateService = new StateServiceVNextImplementation(
storageService,
secureStorageService,
logService,
stateMigrationService,
true, // useSecureStorageForSecrets
);
});
describe("init", () => {
it("should run migration if needed", async () => {
stateMigrationService.needsMigration.mockResolvedValue(true);
await stateService.init();
expect(stateMigrationService.needsMigration).toHaveBeenCalled();
expect(stateMigrationService.migrate).toHaveBeenCalled();
});
it("should not run migration if not needed", async () => {
stateMigrationService.needsMigration.mockResolvedValue(false);
await stateService.init();
expect(stateMigrationService.needsMigration).toHaveBeenCalled();
expect(stateMigrationService.migrate).not.toHaveBeenCalled();
});
});
describe("clean", () => {
it("should clear all directory settings and configurations", async () => {
await stateService.clean();
// Verify all directory types are cleared
expect(storageService.save).toHaveBeenCalledWith(StorageKeys.directoryType, null);
expect(storageService.save).toHaveBeenCalledWith(StorageKeys.organizationId, null);
expect(storageService.save).toHaveBeenCalledWith(StorageKeys.sync, null);
});
});
describe("Directory Type", () => {
it("should store and retrieve directory type", async () => {
storageService.get.mockResolvedValue(DirectoryType.Ldap);
await stateService.setDirectoryType(DirectoryType.Ldap);
const result = await stateService.getDirectoryType();
expect(storageService.save).toHaveBeenCalledWith(
StorageKeys.directoryType,
DirectoryType.Ldap,
);
expect(result).toBe(DirectoryType.Ldap);
});
it("should return null when directory type is not set", async () => {
storageService.get.mockResolvedValue(null);
const result = await stateService.getDirectoryType();
expect(result).toBeNull();
});
});
describe("Organization Id", () => {
it("should store and retrieve organization ID", async () => {
const orgId = "test-org-123";
storageService.get.mockResolvedValue(orgId);
await stateService.setOrganizationId(orgId);
const result = await stateService.getOrganizationId();
expect(storageService.save).toHaveBeenCalledWith(StorageKeys.organizationId, orgId);
expect(result).toBe(orgId);
});
});
describe("LDAP Configuration", () => {
it("should store and retrieve LDAP configuration with secrets in secure storage", async () => {
const config: LdapConfiguration = {
ssl: true,
startTls: false,
tlsCaPath: null,
sslAllowUnauthorized: false,
sslCertPath: null,
sslKeyPath: null,
sslCaPath: null,
hostname: "ldap.example.com",
port: 636,
domain: null,
rootPath: null,
ad: true,
username: "admin",
password: "secret-password",
currentUser: false,
pagedSearch: true,
};
secureStorageService.get.mockResolvedValue("secret-password");
storageService.get.mockResolvedValue({
...config,
password: StoredSecurely,
});
await stateService.setDirectory(DirectoryType.Ldap, config);
const result = await stateService.getDirectory<LdapConfiguration>(DirectoryType.Ldap);
// Verify password is stored in secure storage
expect(secureStorageService.save).toHaveBeenCalled();
// Verify configuration is stored
expect(storageService.save).toHaveBeenCalled();
// Verify retrieved config has real password from secure storage
expect(result?.password).toBe("secret-password");
});
it("should return null when LDAP configuration is not set", async () => {
storageService.get.mockResolvedValue(null);
const result = await stateService.getLdapConfiguration();
expect(result).toBeNull();
});
it("should handle null password in LDAP configuration", async () => {
const config: LdapConfiguration = {
ssl: true,
startTls: false,
tlsCaPath: null,
sslAllowUnauthorized: false,
sslCertPath: null,
sslKeyPath: null,
sslCaPath: null,
hostname: "ldap.example.com",
port: 636,
domain: null,
rootPath: null,
ad: true,
username: "admin",
password: null,
currentUser: false,
pagedSearch: true,
};
await stateService.setDirectory(DirectoryType.Ldap, config);
// Null passwords should call remove on the secure storage secret key
expect(secureStorageService.remove).toHaveBeenCalled();
});
});
describe("GSuite Configuration", () => {
it("should store and retrieve GSuite configuration with privateKey in secure storage", async () => {
const config: GSuiteConfiguration = {
domain: "example.com",
clientEmail: "service@example.com",
adminUser: "admin@example.com",
privateKey: "private-key-content",
customer: "customer-id",
};
secureStorageService.get.mockResolvedValue("private-key-content");
storageService.get.mockResolvedValue({
...config,
privateKey: StoredSecurely,
});
await stateService.setDirectory(DirectoryType.GSuite, config);
const result = await stateService.getDirectory<GSuiteConfiguration>(DirectoryType.GSuite);
expect(secureStorageService.save).toHaveBeenCalled();
expect(result?.privateKey).toBe("private-key-content");
});
it("should handle null privateKey in GSuite configuration", async () => {
const config: GSuiteConfiguration = {
domain: "example.com",
clientEmail: "service@example.com",
adminUser: "admin@example.com",
privateKey: null,
customer: "customer-id",
};
await stateService.setDirectory(DirectoryType.GSuite, config);
// Null privateKey should call remove on the secure storage secret key
expect(secureStorageService.remove).toHaveBeenCalled();
});
});
describe("Entra ID Configuration", () => {
it("should store and retrieve Entra ID configuration with key in secure storage", async () => {
const config: EntraIdConfiguration = {
identityAuthority: "https://login.microsoftonline.com",
tenant: "tenant-id",
applicationId: "app-id",
key: "secret-key",
};
secureStorageService.get.mockResolvedValue("secret-key");
storageService.get.mockResolvedValue({
...config,
key: StoredSecurely,
});
await stateService.setDirectory(DirectoryType.EntraID, config);
const result = await stateService.getDirectory<EntraIdConfiguration>(DirectoryType.EntraID);
expect(secureStorageService.save).toHaveBeenCalled();
expect(result?.key).toBe("secret-key");
});
it("should maintain backwards compatibility with Azure key storage", async () => {
const config: EntraIdConfiguration = {
identityAuthority: "https://login.microsoftonline.com",
tenant: "tenant-id",
applicationId: "app-id",
key: StoredSecurely,
};
storageService.get.mockResolvedValue(config);
secureStorageService.get.mockResolvedValueOnce(null); // entra key not found
secureStorageService.get.mockResolvedValueOnce("azure-secret-key"); // fallback to azure key
const result = await stateService.getDirectory<EntraIdConfiguration>(DirectoryType.EntraID);
expect(secureStorageService.get).toHaveBeenCalled();
expect(result?.key).toBe("azure-secret-key");
});
});
describe("Okta Configuration", () => {
it("should store and retrieve Okta configuration with token in secure storage", async () => {
const config: OktaConfiguration = {
orgUrl: "https://example.okta.com",
token: "okta-token",
};
secureStorageService.get.mockResolvedValue("okta-token");
storageService.get.mockResolvedValue({
...config,
token: StoredSecurely,
});
await stateService.setDirectory(DirectoryType.Okta, config);
const result = await stateService.getDirectory<OktaConfiguration>(DirectoryType.Okta);
expect(secureStorageService.save).toHaveBeenCalled();
expect(result?.token).toBe("okta-token");
});
});
describe("OneLogin Configuration", () => {
it("should store and retrieve OneLogin configuration with clientSecret in secure storage", async () => {
const config: OneLoginConfiguration = {
region: "us",
clientId: "client-id",
clientSecret: "client-secret",
};
secureStorageService.get.mockResolvedValue("client-secret");
storageService.get.mockResolvedValue({
...config,
clientSecret: StoredSecurely,
});
await stateService.setDirectory(DirectoryType.OneLogin, config);
const result = await stateService.getDirectory<OneLoginConfiguration>(DirectoryType.OneLogin);
expect(secureStorageService.save).toHaveBeenCalled();
expect(result?.clientSecret).toBe("client-secret");
});
});
describe("Sync Configuration", () => {
it("should store and retrieve sync configuration", async () => {
const syncConfig: SyncConfiguration = {
users: true,
groups: true,
interval: 5,
userFilter: null,
groupFilter: null,
removeDisabled: true,
overwriteExisting: false,
largeImport: false,
groupObjectClass: null,
userObjectClass: null,
groupPath: null,
userPath: null,
groupNameAttribute: null,
userEmailAttribute: null,
memberAttribute: "member",
creationDateAttribute: "whenCreated",
revisionDateAttribute: "whenChanged",
useEmailPrefixSuffix: false,
emailPrefixAttribute: null,
emailSuffix: null,
};
storageService.get.mockResolvedValue(syncConfig);
await stateService.setSync(syncConfig);
const result = await stateService.getSync();
expect(storageService.save).toHaveBeenCalledWith(StorageKeys.sync, syncConfig);
expect(result).toEqual(syncConfig);
});
});
describe("Sync Settings", () => {
it("should clear sync settings when clearSyncSettings is called", async () => {
await stateService.clearSyncSettings(false);
// Should set delta and sync values to null
expect(storageService.save).toHaveBeenCalled();
});
it("should clear lastSyncHash when hashToo is true", async () => {
await stateService.clearSyncSettings(true);
// Should set all values including lastSyncHash to null
expect(storageService.save).toHaveBeenCalled();
});
it("should not clear lastSyncHash when hashToo is false", async () => {
await stateService.clearSyncSettings(false);
// Should set delta and sync values but not lastSyncHash
expect(storageService.save).toHaveBeenCalled();
});
});
describe("Last Sync Hash", () => {
it("should store and retrieve last sync hash", async () => {
const hash = "hash";
storageService.get.mockResolvedValue(hash);
await stateService.setLastSyncHash(hash);
const result = await stateService.getLastSyncHash();
expect(storageService.save).toHaveBeenCalled();
expect(result).toBe(hash);
});
});
describe("Delta Tokens", () => {
it("should store and retrieve user delta token", async () => {
const token = "user-delta-token";
storageService.get.mockResolvedValue(token);
await stateService.setUserDelta(token);
const result = await stateService.getUserDelta();
expect(storageService.save).toHaveBeenCalled();
expect(result).toBe(token);
});
it("should store and retrieve group delta token", async () => {
const token = "group-delta-token";
storageService.get.mockResolvedValue(token);
await stateService.setGroupDelta(token);
const result = await stateService.getGroupDelta();
expect(storageService.save).toHaveBeenCalled();
expect(result).toBe(token);
});
});
describe("Last Sync Timestamps", () => {
it("should store and retrieve last user sync timestamp", async () => {
const timestamp = new Date("2024-01-01T00:00:00Z");
storageService.get.mockResolvedValue(timestamp.toISOString());
await stateService.setLastUserSync(timestamp);
const result = await stateService.getLastUserSync();
expect(storageService.save).toHaveBeenCalled();
expect(result?.toISOString()).toBe(timestamp.toISOString());
});
it("should store and retrieve last group sync timestamp", async () => {
const timestamp = new Date("2024-01-01T00:00:00Z");
storageService.get.mockResolvedValue(timestamp.toISOString());
await stateService.setLastGroupSync(timestamp);
const result = await stateService.getLastGroupSync();
expect(storageService.save).toHaveBeenCalled();
expect(result?.toISOString()).toBe(timestamp.toISOString());
});
it("should return null when last user sync timestamp is not set", async () => {
storageService.get.mockResolvedValue(null);
const result = await stateService.getLastUserSync();
expect(result).toBeNull();
});
it("should return null when last group sync timestamp is not set", async () => {
storageService.get.mockResolvedValue(null);
const result = await stateService.getLastGroupSync();
expect(result).toBeNull();
});
});
describe("Secure Storage Flag", () => {
it("should not separate secrets when useSecureStorageForSecrets is false", async () => {
const insecureStateService = new StateServiceVNextImplementation(
storageService,
secureStorageService,
logService,
stateMigrationService,
false, // useSecureStorageForSecrets = false
);
const config: LdapConfiguration = {
ssl: true,
startTls: false,
tlsCaPath: null,
sslAllowUnauthorized: false,
sslCertPath: null,
sslKeyPath: null,
sslCaPath: null,
hostname: "ldap.example.com",
port: 636,
domain: null,
rootPath: null,
ad: true,
username: "admin",
password: "secret-password",
currentUser: false,
pagedSearch: true,
};
storageService.get.mockResolvedValue(config);
// When useSecureStorageForSecrets is false, setDirectory doesn't process secrets
await insecureStateService.setDirectory(DirectoryType.Ldap, config);
// Retrieve config - should return password as-is from storage (not from secure storage)
const result = await insecureStateService.getDirectory<LdapConfiguration>(DirectoryType.Ldap);
// Password should be retrieved directly from storage, not secure storage
expect(result?.password).toBe("secret-password");
expect(secureStorageService.get).not.toHaveBeenCalled();
});
});
});

420
src/services/state-service/state-vNext.service.ts Normal file
View File

@@ -0,0 +1,420 @@
import { LogService } from "@/jslib/common/src/abstractions/log.service";
import { StateMigrationService } from "@/jslib/common/src/abstractions/stateMigration.service";
import { StorageService } from "@/jslib/common/src/abstractions/storage.service";
import { EnvironmentUrls } from "@/jslib/common/src/models/domain/environmentUrls";
import { StorageOptions } from "@/jslib/common/src/models/domain/storageOptions";
import { StateServiceVNext as StateServiceVNextAbstraction } from "@/src/abstractions/state-vNext.service";
import { DirectoryType } from "@/src/enums/directoryType";
import { IConfiguration } from "@/src/models/IConfiguration";
import { EntraIdConfiguration } from "@/src/models/entraIdConfiguration";
import { GSuiteConfiguration } from "@/src/models/gsuiteConfiguration";
import { LdapConfiguration } from "@/src/models/ldapConfiguration";
import { OktaConfiguration } from "@/src/models/oktaConfiguration";
import { OneLoginConfiguration } from "@/src/models/oneLoginConfiguration";
import {
SecureStorageKeysVNext as SecureStorageKeys,
StorageKeysVNext as StorageKeys,
StoredSecurely,
} from "@/src/models/state.model";
import { SyncConfiguration } from "@/src/models/syncConfiguration";
export class StateServiceVNextImplementation implements StateServiceVNextAbstraction {
constructor(
protected storageService: StorageService,
protected secureStorageService: StorageService,
protected logService: LogService,
protected stateMigrationService: StateMigrationService,
private useSecureStorageForSecrets = true,
) {}
async init(): Promise<void> {
if (await this.stateMigrationService.needsMigration()) {
await this.stateMigrationService.migrate();
}
}
async clean(options?: StorageOptions): Promise<void> {
// Clear all directory settings and configurations
// but preserve version and environment settings
await this.setDirectoryType(null);
await this.setOrganizationId(null);
await this.setSync(null);
await this.setLdapConfiguration(null);
await this.setGsuiteConfiguration(null);
await this.setEntraConfiguration(null);
await this.setOktaConfiguration(null);
await this.setOneLoginConfiguration(null);
await this.clearSyncSettings(true);
}
async getIsAuthenticated(options?: StorageOptions): Promise<boolean> {
// DC is authenticated if there's an organization ID
const orgId = await this.getOrganizationId(options);
return orgId != null;
}
async getEntityId(options?: StorageOptions): Promise<string> {
// In DC, entity ID is the same as organization ID
return await this.getOrganizationId(options);
}
// ===================================================================
// Directory Configuration Methods
// ===================================================================
async getDirectory<T extends IConfiguration>(type: DirectoryType): Promise<T> {
const config = await this.getConfiguration(type);
if (config == null) {
return config as T;
}
if (this.useSecureStorageForSecrets) {
// Create a copy to avoid modifying the cached config
const configWithSecrets = Object.assign({}, config);
switch (type) {
case DirectoryType.Ldap:
(configWithSecrets as any).password = await this.getLdapSecret();
break;
case DirectoryType.EntraID:
(configWithSecrets as any).key = await this.getEntraSecret();
break;
case DirectoryType.Okta:
(configWithSecrets as any).token = await this.getOktaSecret();
break;
case DirectoryType.GSuite:
(configWithSecrets as any).privateKey = await this.getGsuiteSecret();
break;
case DirectoryType.OneLogin:
(configWithSecrets as any).clientSecret = await this.getOneLoginSecret();
break;
}
return configWithSecrets as T;
}
return config as T;
}
async setDirectory(
type: DirectoryType,
config:
| LdapConfiguration
| GSuiteConfiguration
| EntraIdConfiguration
| OktaConfiguration
| OneLoginConfiguration,
): Promise<any> {
if (this.useSecureStorageForSecrets) {
switch (type) {
case DirectoryType.Ldap: {
const ldapConfig = config as LdapConfiguration;
await this.setLdapSecret(ldapConfig.password);
ldapConfig.password = StoredSecurely;
await this.setLdapConfiguration(ldapConfig);
break;
}
case DirectoryType.EntraID: {
const entraConfig = config as EntraIdConfiguration;
await this.setEntraSecret(entraConfig.key);
entraConfig.key = StoredSecurely;
await this.setEntraConfiguration(entraConfig);
break;
}
case DirectoryType.Okta: {
const oktaConfig = config as OktaConfiguration;
await this.setOktaSecret(oktaConfig.token);
oktaConfig.token = StoredSecurely;
await this.setOktaConfiguration(oktaConfig);
break;
}
case DirectoryType.GSuite: {
const gsuiteConfig = config as GSuiteConfiguration;
if (gsuiteConfig.privateKey == null) {
await this.setGsuiteSecret(null);
} else {
const normalizedPrivateKey = gsuiteConfig.privateKey.replace(/\\n/g, "\n");
await this.setGsuiteSecret(normalizedPrivateKey);
gsuiteConfig.privateKey = StoredSecurely;
}
await this.setGsuiteConfiguration(gsuiteConfig);
break;
}
case DirectoryType.OneLogin: {
const oneLoginConfig = config as OneLoginConfiguration;
await this.setOneLoginSecret(oneLoginConfig.clientSecret);
oneLoginConfig.clientSecret = StoredSecurely;
await this.setOneLoginConfiguration(oneLoginConfig);
break;
}
}
}
}
async getConfiguration(type: DirectoryType): Promise<IConfiguration> {
switch (type) {
case DirectoryType.Ldap:
return await this.getLdapConfiguration();
case DirectoryType.GSuite:
return await this.getGsuiteConfiguration();
case DirectoryType.EntraID:
return await this.getEntraConfiguration();
case DirectoryType.Okta:
return await this.getOktaConfiguration();
case DirectoryType.OneLogin:
return await this.getOneLoginConfiguration();
}
}
// ===================================================================
// Secret Storage Methods (Secure Storage)
// ===================================================================
private async getLdapSecret(): Promise<string> {
return await this.secureStorageService.get<string>(SecureStorageKeys.ldap);
}
private async setLdapSecret(value: string): Promise<void> {
if (value == null) {
await this.secureStorageService.remove(SecureStorageKeys.ldap);
} else {
await this.secureStorageService.save(SecureStorageKeys.ldap, value);
}
}
private async getGsuiteSecret(): Promise<string> {
return await this.secureStorageService.get<string>(SecureStorageKeys.gsuite);
}
private async setGsuiteSecret(value: string): Promise<void> {
if (value == null) {
await this.secureStorageService.remove(SecureStorageKeys.gsuite);
} else {
await this.secureStorageService.save(SecureStorageKeys.gsuite, value);
}
}
private async getEntraSecret(): Promise<string> {
// Try new key first, fall back to old azure key for backwards compatibility
const entraKey = await this.secureStorageService.get<string>(SecureStorageKeys.entra);
if (entraKey != null) {
return entraKey;
}
return await this.secureStorageService.get<string>(SecureStorageKeys.azure);
}
private async setEntraSecret(value: string): Promise<void> {
if (value == null) {
await this.secureStorageService.remove(SecureStorageKeys.entra);
await this.secureStorageService.remove(SecureStorageKeys.azure);
} else {
await this.secureStorageService.save(SecureStorageKeys.entra, value);
}
}
private async getOktaSecret(): Promise<string> {
return await this.secureStorageService.get<string>(SecureStorageKeys.okta);
}
private async setOktaSecret(value: string): Promise<void> {
if (value == null) {
await this.secureStorageService.remove(SecureStorageKeys.okta);
} else {
await this.secureStorageService.save(SecureStorageKeys.okta, value);
}
}
private async getOneLoginSecret(): Promise<string> {
return await this.secureStorageService.get<string>(SecureStorageKeys.oneLogin);
}
private async setOneLoginSecret(value: string): Promise<void> {
if (value == null) {
await this.secureStorageService.remove(SecureStorageKeys.oneLogin);
} else {
await this.secureStorageService.save(SecureStorageKeys.oneLogin, value);
}
}
// ===================================================================
// Directory-Specific Configuration Methods
// ===================================================================
async getLdapConfiguration(options?: StorageOptions): Promise<LdapConfiguration> {
return await this.storageService.get<LdapConfiguration>(StorageKeys.directory_ldap);
}
async setLdapConfiguration(value: LdapConfiguration, options?: StorageOptions): Promise<void> {
await this.storageService.save(StorageKeys.directory_ldap, value);
}
async getGsuiteConfiguration(options?: StorageOptions): Promise<GSuiteConfiguration> {
return await this.storageService.get<GSuiteConfiguration>(StorageKeys.directory_gsuite);
}
async setGsuiteConfiguration(
value: GSuiteConfiguration,
options?: StorageOptions,
): Promise<void> {
await this.storageService.save(StorageKeys.directory_gsuite, value);
}
async getEntraConfiguration(options?: StorageOptions): Promise<EntraIdConfiguration> {
return await this.storageService.get<EntraIdConfiguration>(StorageKeys.directory_entra);
}
async setEntraConfiguration(
value: EntraIdConfiguration,
options?: StorageOptions,
): Promise<void> {
await this.storageService.save(StorageKeys.directory_entra, value);
}
async getOktaConfiguration(options?: StorageOptions): Promise<OktaConfiguration> {
return await this.storageService.get<OktaConfiguration>(StorageKeys.directory_okta);
}
async setOktaConfiguration(value: OktaConfiguration, options?: StorageOptions): Promise<void> {
await this.storageService.save(StorageKeys.directory_okta, value);
}
async getOneLoginConfiguration(options?: StorageOptions): Promise<OneLoginConfiguration> {
return await this.storageService.get<OneLoginConfiguration>(StorageKeys.directory_onelogin);
}
async setOneLoginConfiguration(
value: OneLoginConfiguration,
options?: StorageOptions,
): Promise<void> {
await this.storageService.save(StorageKeys.directory_onelogin, value);
}
// ===================================================================
// Directory Settings Methods
// ===================================================================
async getOrganizationId(options?: StorageOptions): Promise<string> {
return await this.storageService.get<string>(StorageKeys.organizationId);
}
async setOrganizationId(value: string, options?: StorageOptions): Promise<void> {
const currentId = await this.getOrganizationId();
if (currentId !== value) {
await this.clearSyncSettings();
}
await this.storageService.save(StorageKeys.organizationId, value);
}
async getSync(options?: StorageOptions): Promise<SyncConfiguration> {
return await this.storageService.get<SyncConfiguration>(StorageKeys.sync);
}
async setSync(value: SyncConfiguration, options?: StorageOptions): Promise<void> {
await this.storageService.save(StorageKeys.sync, value);
}
async getDirectoryType(options?: StorageOptions): Promise<DirectoryType> {
return await this.storageService.get<DirectoryType>(StorageKeys.directoryType);
}
async setDirectoryType(value: DirectoryType, options?: StorageOptions): Promise<void> {
const currentType = await this.getDirectoryType();
if (value !== currentType) {
await this.clearSyncSettings();
}
await this.storageService.save(StorageKeys.directoryType, value);
}
async getLastUserSync(options?: StorageOptions): Promise<Date> {
const dateString = await this.storageService.get<string>(SecureStorageKeys.lastUserSync);
return dateString ? new Date(dateString) : null;
}
async setLastUserSync(value: Date, options?: StorageOptions): Promise<void> {
await this.storageService.save(SecureStorageKeys.lastUserSync, value);
}
async getLastGroupSync(options?: StorageOptions): Promise<Date> {
const dateString = await this.storageService.get<string>(SecureStorageKeys.lastGroupSync);
return dateString ? new Date(dateString) : null;
}
async setLastGroupSync(value: Date, options?: StorageOptions): Promise<void> {
await this.storageService.save(SecureStorageKeys.lastGroupSync, value);
}
async getLastSyncHash(options?: StorageOptions): Promise<string> {
return await this.storageService.get<string>(SecureStorageKeys.lastSyncHash);
}
async setLastSyncHash(value: string, options?: StorageOptions): Promise<void> {
await this.storageService.save(SecureStorageKeys.lastSyncHash, value);
}
async getSyncingDir(options?: StorageOptions): Promise<boolean> {
return await this.storageService.get<boolean>(StorageKeys.syncingDir);
}
async setSyncingDir(value: boolean, options?: StorageOptions): Promise<void> {
await this.storageService.save(StorageKeys.syncingDir, value);
}
async getUserDelta(options?: StorageOptions): Promise<string> {
return await this.storageService.get<string>(SecureStorageKeys.userDelta);
}
async setUserDelta(value: string, options?: StorageOptions): Promise<void> {
await this.storageService.save(SecureStorageKeys.userDelta, value);
}
async getGroupDelta(options?: StorageOptions): Promise<string> {
return await this.storageService.get<string>(SecureStorageKeys.groupDelta);
}
async setGroupDelta(value: string, options?: StorageOptions): Promise<void> {
await this.storageService.save(SecureStorageKeys.groupDelta, value);
}
async clearSyncSettings(hashToo = false): Promise<void> {
await this.setUserDelta(null);
await this.setGroupDelta(null);
await this.setLastGroupSync(null);
await this.setLastUserSync(null);
if (hashToo) {
await this.setLastSyncHash(null);
}
}
// ===================================================================
// Environment URLs (inherited from base, simplified implementation)
// ===================================================================
async getEnvironmentUrls(options?: StorageOptions): Promise<EnvironmentUrls> {
return await this.storageService.get<EnvironmentUrls>("environmentUrls");
}
async setEnvironmentUrls(value: EnvironmentUrls): Promise<void> {
await this.storageService.save("environmentUrls", value);
}
// ===================================================================
// Additional State Methods
// ===================================================================
async getLocale(options?: StorageOptions): Promise<string> {
return await this.storageService.get<string>("locale");
}
async setLocale(value: string, options?: StorageOptions): Promise<void> {
await this.storageService.save("locale", value);
}
async getInstalledVersion(options?: StorageOptions): Promise<string> {
return await this.storageService.get<string>("installedVersion");
}
async setInstalledVersion(value: string, options?: StorageOptions): Promise<void> {
await this.storageService.save("installedVersion", value);
}
}

35
src/services/state.service.ts → src/services/state-service/state.service.ts
View File

@@ -16,32 +16,13 @@ import { GSuiteConfiguration } from "@/src/models/gsuiteConfiguration";
import { LdapConfiguration } from "@/src/models/ldapConfiguration";
import { OktaConfiguration } from "@/src/models/oktaConfiguration";
import { OneLoginConfiguration } from "@/src/models/oneLoginConfiguration";
import {
SecureStorageKeysLegacy as SecureStorageKeys,
StoredSecurely,
TempKeys as keys,
} from "@/src/models/state.model";
import { SyncConfiguration } from "@/src/models/syncConfiguration";
const SecureStorageKeys = {
ldap: "ldapPassword",
gsuite: "gsuitePrivateKey",
// Azure Active Directory was renamed to Entra ID, but we've kept the old property name
// to be backwards compatible with existing configurations.
azure: "azureKey",
entra: "entraKey",
okta: "oktaToken",
oneLogin: "oneLoginClientSecret",
userDelta: "userDeltaToken",
groupDelta: "groupDeltaToken",
lastUserSync: "lastUserSync",
lastGroupSync: "lastGroupSync",
lastSyncHash: "lastSyncHash",
};
const keys = {
tempAccountSettings: "tempAccountSettings",
tempDirectoryConfigs: "tempDirectoryConfigs",
tempDirectorySettings: "tempDirectorySettings",
};
const StoredSecurely = "[STORED SECURELY]";
export class StateService
extends BaseStateService<GlobalState, Account>
implements StateServiceAbstraction
@@ -558,18 +539,16 @@ export class StateService
protected async scaffoldNewAccountDiskStorage(account: Account): Promise<void> {
const storageOptions = this.reconcileOptions(
{ userId: account.profile.userId },
{ userId: account.userId },
await this.defaultOnDiskLocalOptions(),
);
const storedAccount = await this.getAccount(storageOptions);
if (storedAccount != null) {
account.settings = storedAccount.settings;
account.directorySettings = storedAccount.directorySettings;
account.directoryConfigurations = storedAccount.directoryConfigurations;
} else if (await this.hasTemporaryStorage()) {
// If migrating to state V2 with an no actively authed account we store temporary data to be copied on auth - this will only be run once.
account.settings = await this.storageService.get<any>(keys.tempAccountSettings);
account.directorySettings = await this.storageService.get<any>(keys.tempDirectorySettings);
account.directoryConfigurations = await this.storageService.get<any>(
keys.tempDirectoryConfigs,
@@ -600,7 +579,7 @@ export class StateService
protected resetAccount(account: Account) {
const persistentAccountInformation = {
settings: account.settings,
settings: account.settings, // Required by base class (unused by DC)
directorySettings: account.directorySettings,
directoryConfigurations: account.directoryConfigurations,
};

193
src/services/stateMigration.service.ts → src/services/state-service/stateMigration.service.ts
View File

@@ -8,48 +8,14 @@ import { GSuiteConfiguration } from "@/src/models/gsuiteConfiguration";
import { LdapConfiguration } from "@/src/models/ldapConfiguration";
import { OktaConfiguration } from "@/src/models/oktaConfiguration";
import { OneLoginConfiguration } from "@/src/models/oneLoginConfiguration";
import {
MigrationClientKeys as ClientKeys,
MigrationKeys as Keys,
MigrationStateKeys as StateKeys,
SecureStorageKeysMigration as SecureStorageKeys,
} from "@/src/models/state.model";
import { SyncConfiguration } from "@/src/models/syncConfiguration";
const SecureStorageKeys: { [key: string]: any } = {
ldap: "ldapPassword",
gsuite: "gsuitePrivateKey",
azure: "azureKey",
entra: "entraIdKey",
okta: "oktaToken",
oneLogin: "oneLoginClientSecret",
directoryConfigPrefix: "directoryConfig_",
sync: "syncConfig",
directoryType: "directoryType",
organizationId: "organizationId",
};
const Keys: { [key: string]: any } = {
entityId: "entityId",
directoryType: "directoryType",
organizationId: "organizationId",
lastUserSync: "lastUserSync",
lastGroupSync: "lastGroupSync",
lastSyncHash: "lastSyncHash",
syncingDir: "syncingDir",
syncConfig: "syncConfig",
userDelta: "userDeltaToken",
groupDelta: "groupDeltaToken",
tempDirectoryConfigs: "tempDirectoryConfigs",
tempDirectorySettings: "tempDirectorySettings",
};
const StateKeys = {
global: "global",
authenticatedAccounts: "authenticatedAccounts",
};
const ClientKeys: { [key: string]: any } = {
clientIdOld: "clientId",
clientId: "apikey_clientId",
clientSecretOld: "clientSecret",
clientSecret: "apikey_clientSecret",
};
export class StateMigrationService extends BaseStateMigrationService {
async migrate(): Promise<void> {
let currentStateVersion = await this.getCurrentStateVersion();
@@ -61,6 +27,13 @@ export class StateMigrationService extends BaseStateMigrationService {
break;
case StateVersion.Two:
await this.migrateStateFrom2To3();
break;
case StateVersion.Three:
await this.migrateStateFrom3To4();
break;
case StateVersion.Four:
await this.migrateStateFrom4To5();
break;
}
currentStateVersion += 1;
}
@@ -143,15 +116,10 @@ export class StateMigrationService extends BaseStateMigrationService {
const account = await this.get<Account>(userId);
account.directoryConfigurations = directoryConfigs;
account.directorySettings = directorySettings;
account.profile = {
userId: userId,
entityId: userId,
apiKeyClientId: clientId,
};
account.clientKeys = {
clientId: clientId,
clientSecret: clientSecret,
};
account.userId = userId;
account.entityId = userId;
account.apiKeyClientId = clientId;
account.apiKeyClientSecret = clientSecret;
await this.set(userId, account);
await clearDirectoryConnectorV1Keys();
@@ -198,4 +166,131 @@ export class StateMigrationService extends BaseStateMigrationService {
globals.stateVersion = StateVersion.Three;
await this.set(StateKeys.global, globals);
}
protected async migrateStateFrom3To4(): Promise<void> {
// Placeholder migration for v3→v4 (no changes needed for DC)
const globals = await this.getGlobals();
globals.stateVersion = StateVersion.Four;
await this.set(StateKeys.global, globals);
}
/**
* Migrate from State v4 (Account-based hierarchy) to v5 (flat key-value structure)
*
* This is a clean break from the Account-based structure. Data is extracted from
* the account and saved into flat keys for simpler access.
*
* Old structure: authenticatedAccounts -> userId -> account.directorySettings/directoryConfigurations
* New structure: flat keys like "directoryType", "organizationId", "directory_ldap", etc.
*
* Secrets migrate from: {userId}_{secretKey} -> secret_{secretKey}
*/
protected async migrateStateFrom4To5(useSecureStorageForSecrets = true): Promise<void> {
// Get the authenticated user IDs from v3 structure
const authenticatedUserIds = await this.get<string[]>(StateKeys.authenticatedAccounts);
if (
!authenticatedUserIds ||
!Array.isArray(authenticatedUserIds) ||
authenticatedUserIds.length === 0
) {
// No accounts to migrate, just update version
const globals = await this.getGlobals();
globals.stateVersion = StateVersion.Five;
await this.set(StateKeys.global, globals);
return;
}
// DC is single-user, so we take the first (and likely only) account
const userId = authenticatedUserIds[0];
const account = await this.get<Account>(userId);
if (!account) {
// No account data found, just update version
const globals = await this.getGlobals();
globals.stateVersion = StateVersion.Five;
await this.set(StateKeys.global, globals);
return;
}
// Migrate directory configurations to flat structure
if (account.directoryConfigurations) {
if (account.directoryConfigurations.ldap) {
await this.set("directory_ldap", account.directoryConfigurations.ldap);
}
if (account.directoryConfigurations.gsuite) {
await this.set("directory_gsuite", account.directoryConfigurations.gsuite);
}
if (account.directoryConfigurations.entra) {
await this.set("directory_entra", account.directoryConfigurations.entra);
} else if (account.directoryConfigurations.azure) {
// Backwards compatibility: migrate azure to entra
await this.set("directory_entra", account.directoryConfigurations.azure);
}
if (account.directoryConfigurations.okta) {
await this.set("directory_okta", account.directoryConfigurations.okta);
}
if (account.directoryConfigurations.oneLogin) {
await this.set("directory_onelogin", account.directoryConfigurations.oneLogin);
}
}
// Migrate directory settings to flat structure
if (account.directorySettings) {
if (account.directorySettings.organizationId) {
await this.set("organizationId", account.directorySettings.organizationId);
}
if (account.directorySettings.directoryType != null) {
await this.set("directoryType", account.directorySettings.directoryType);
}
if (account.directorySettings.sync) {
await this.set("sync", account.directorySettings.sync);
}
if (account.directorySettings.lastUserSync) {
await this.set("lastUserSync", account.directorySettings.lastUserSync);
}
if (account.directorySettings.lastGroupSync) {
await this.set("lastGroupSync", account.directorySettings.lastGroupSync);
}
if (account.directorySettings.lastSyncHash) {
await this.set("lastSyncHash", account.directorySettings.lastSyncHash);
}
if (account.directorySettings.userDelta) {
await this.set("userDelta", account.directorySettings.userDelta);
}
if (account.directorySettings.groupDelta) {
await this.set("groupDelta", account.directorySettings.groupDelta);
}
if (account.directorySettings.syncingDir != null) {
await this.set("syncingDir", account.directorySettings.syncingDir);
}
}
// Migrate secrets from {userId}_* to secret_* pattern
if (useSecureStorageForSecrets) {
const oldSecretKeys = [
{ old: `${userId}_${SecureStorageKeys.ldap}`, new: "secret_ldap" },
{ old: `${userId}_${SecureStorageKeys.gsuite}`, new: "secret_gsuite" },
{ old: `${userId}_${SecureStorageKeys.azure}`, new: "secret_azure" },
{ old: `${userId}_${SecureStorageKeys.entra}`, new: "secret_entra" },
{ old: `${userId}_${SecureStorageKeys.okta}`, new: "secret_okta" },
{ old: `${userId}_${SecureStorageKeys.oneLogin}`, new: "secret_onelogin" },
];
for (const { old: oldKey, new: newKey } of oldSecretKeys) {
if (await this.secureStorageService.has(oldKey)) {
const value = await this.secureStorageService.get(oldKey);
if (value) {
await this.secureStorageService.save(newKey, value);
}
// @TODO Keep old key for now - will remove in future release
// await this.secureStorageService.remove(oldKey);
}
}
}
const globals = await this.getGlobals();
globals.stateVersion = StateVersion.Five;
await this.set(StateKeys.global, globals);
}
}

196
src/services/stateMigration.service.spec.ts Normal file
View File

@@ -0,0 +1,196 @@
import { mock } from "jest-mock-extended";
import { StorageService } from "@/jslib/common/src/abstractions/storage.service";
import { StateVersion } from "@/jslib/common/src/enums/stateVersion";
import { StateFactory } from "@/jslib/common/src/factories/stateFactory";
import { Account, DirectoryConfigurations, DirectorySettings } from "../models/account";
import { StateMigrationService } from "./state-service/stateMigration.service";
describe("StateMigrationService - v4 to v5 migration", () => {
let storageService: jest.Mocked<StorageService>;
let secureStorageService: jest.Mocked<StorageService>;
let stateFactory: jest.Mocked<StateFactory<any, Account>>;
let migrationService: StateMigrationService;
beforeEach(() => {
storageService = mock<StorageService>();
secureStorageService = mock<StorageService>();
stateFactory = mock<StateFactory<any, Account>>();
migrationService = new StateMigrationService(
storageService,
secureStorageService,
stateFactory,
);
});
it("should flatten nested account structure", async () => {
const userId = "test-user-id";
const oldAccount = {
profile: {
userId: userId,
entityId: userId,
apiKeyClientId: "organization.CLIENT_ID",
},
tokens: {
accessToken: "test-access-token",
refreshToken: "test-refresh-token",
},
keys: {
apiKeyClientSecret: "test-secret",
},
directoryConfigurations: new DirectoryConfigurations(),
directorySettings: new DirectorySettings(),
};
storageService.get.mockImplementation((key: string) => {
if (key === "authenticatedAccounts") {
return Promise.resolve([userId]);
}
if (key === userId) {
return Promise.resolve(oldAccount);
}
if (key === "global") {
return Promise.resolve({ stateVersion: StateVersion.Four });
}
return Promise.resolve(null);
});
await migrationService["migrateStateFrom4To5"]();
expect(storageService.save).toHaveBeenCalledWith(
"global",
expect.objectContaining({ stateVersion: StateVersion.Five }),
expect.anything(),
);
});
it("should handle missing nested objects gracefully", async () => {
const userId = "test-user-id";
const partialAccount = {
directoryConfigurations: new DirectoryConfigurations(),
directorySettings: new DirectorySettings(),
};
storageService.get.mockImplementation((key: string) => {
if (key === "authenticatedAccounts") {
return Promise.resolve([userId]);
}
if (key === userId) {
return Promise.resolve(partialAccount);
}
if (key === "global") {
return Promise.resolve({ stateVersion: StateVersion.Four });
}
return Promise.resolve(null);
});
await migrationService["migrateStateFrom4To5"]();
expect(storageService.save).toHaveBeenCalledWith(
"global",
expect.objectContaining({ stateVersion: StateVersion.Five }),
expect.anything(),
);
});
it("should handle empty account list", async () => {
storageService.get.mockImplementation((key: string) => {
if (key === "authenticatedAccounts") {
return Promise.resolve([]);
}
if (key === "global") {
return Promise.resolve({ stateVersion: StateVersion.Four });
}
return Promise.resolve(null);
});
await migrationService["migrateStateFrom4To5"]();
expect(storageService.save).toHaveBeenCalledWith(
"global",
expect.objectContaining({ stateVersion: StateVersion.Five }),
expect.anything(),
);
expect(storageService.save).toHaveBeenCalledTimes(1);
});
it("should preserve directory configurations and settings", async () => {
const userId = "test-user-id";
const directoryConfigs = new DirectoryConfigurations();
directoryConfigs.ldap = { host: "ldap.example.com" } as any;
const directorySettings = new DirectorySettings();
directorySettings.organizationId = "org-123";
directorySettings.lastSyncHash = "hash-abc";
const oldAccount = {
profile: { userId: userId },
tokens: {},
keys: {},
directoryConfigurations: directoryConfigs,
directorySettings: directorySettings,
};
storageService.get.mockImplementation((key: string) => {
if (key === "authenticatedAccounts") {
return Promise.resolve([userId]);
}
if (key === userId) {
return Promise.resolve(oldAccount);
}
if (key === "global") {
return Promise.resolve({ stateVersion: StateVersion.Four });
}
return Promise.resolve(null);
});
await migrationService["migrateStateFrom4To5"]();
expect(storageService.save).toHaveBeenCalledWith(
"directory_ldap",
{ host: "ldap.example.com" },
expect.anything(),
);
expect(storageService.save).toHaveBeenCalledWith(
"organizationId",
"org-123",
expect.anything(),
);
expect(storageService.save).toHaveBeenCalledWith("lastSyncHash", "hash-abc", expect.anything());
});
it("should update state version after successful migration", async () => {
const userId = "test-user-id";
const oldAccount = {
profile: { userId: userId },
tokens: {},
keys: {},
directoryConfigurations: new DirectoryConfigurations(),
directorySettings: new DirectorySettings(),
};
storageService.get.mockImplementation((key: string) => {
if (key === "authenticatedAccounts") {
return Promise.resolve([userId]);
}
if (key === userId) {
return Promise.resolve(oldAccount);
}
if (key === "global") {
return Promise.resolve({ stateVersion: StateVersion.Four });
}
return Promise.resolve(null);
});
await migrationService["migrateStateFrom4To5"]();
expect(storageService.save).toHaveBeenCalledWith(
"global",
expect.objectContaining({ stateVersion: StateVersion.Five }),
expect.anything(),
);
});
});

6
src/services/sync.service.integration.spec.ts
View File

@@ -9,12 +9,12 @@ import { I18nService } from "../../jslib/common/src/abstractions/i18n.service";
import { LogService } from "../../jslib/common/src/abstractions/log.service";
import { getLdapConfiguration, getSyncConfiguration } from "../../utils/openldap/config-fixtures";
import { DirectoryFactoryService } from "../abstractions/directory-factory.service";
import { StateServiceVNext } from "../abstractions/state-vNext.service";
import { DirectoryType } from "../enums/directoryType";
import { BatchRequestBuilder } from "./batch-request-builder";
import { LdapDirectoryService } from "./directory-services/ldap-directory.service";
import { SingleRequestBuilder } from "./single-request-builder";
import { StateService } from "./state.service";
import { SyncService } from "./sync.service";
import * as constants from "./sync.service";
@@ -24,7 +24,7 @@ import { userFixtures } from "@/utils/openldap/user-fixtures";
describe("SyncService", () => {
let logService: MockProxy<LogService>;
let i18nService: MockProxy<I18nService>;
let stateService: MockProxy<StateService>;
let stateService: MockProxy<StateServiceVNext>;
let cryptoFunctionService: MockProxy<CryptoFunctionService>;
let apiService: MockProxy<ApiService>;
let messagingService: MockProxy<MessagingService>;
@@ -116,6 +116,7 @@ describe("SyncService", () => {
stateService.getLastSyncHash.mockResolvedValue("unique hash");
// @ts-expect-error This is a workaround to make the batchsize smaller to trigger the batching logic since its a const.
// eslint-disable-next-line no-import-assign
constants.batchSize = 4;
const syncResult = await syncService.sync(false, false);
@@ -130,6 +131,7 @@ describe("SyncService", () => {
expect(apiService.postPublicImportDirectory).toHaveBeenCalledTimes(7);
// @ts-expect-error Reset batch size to original state.
// eslint-disable-next-line no-import-assign
constants.batchSize = originalBatchSize;
});
});

138
src/services/sync.service.spec.ts
View File

@@ -6,15 +6,17 @@ import { MessagingService } from "@/jslib/common/src/abstractions/messaging.serv
import { OrganizationImportRequest } from "@/jslib/common/src/models/request/organizationImportRequest";
import { ApiService } from "@/jslib/common/src/services/api.service";
import { GroupEntry } from "@/src/models/groupEntry";
import { getSyncConfiguration } from "../../utils/openldap/config-fixtures";
import { DirectoryFactoryService } from "../abstractions/directory-factory.service";
import { StateServiceVNext } from "../abstractions/state-vNext.service";
import { DirectoryType } from "../enums/directoryType";
import { BatchRequestBuilder } from "./batch-request-builder";
import { LdapDirectoryService } from "./directory-services/ldap-directory.service";
import { I18nService } from "./i18n.service";
import { SingleRequestBuilder } from "./single-request-builder";
import { StateService } from "./state.service";
import { SyncService } from "./sync.service";
import * as constants from "./sync.service";
@@ -27,7 +29,7 @@ describe("SyncService", () => {
let messagingService: MockProxy<MessagingService>;
let i18nService: MockProxy<I18nService>;
let environmentService: MockProxy<EnvironmentService>;
let stateService: MockProxy<StateService>;
let stateService: MockProxy<StateServiceVNext>;
let directoryFactory: MockProxy<DirectoryFactoryService>;
let batchRequestBuilder: MockProxy<BatchRequestBuilder>;
let singleRequestBuilder: MockProxy<SingleRequestBuilder>;
@@ -97,6 +99,7 @@ describe("SyncService", () => {
stateService.getLastSyncHash.mockResolvedValue("unique hash");
// @ts-expect-error This is a workaround to make the batchsize smaller to trigger the batching logic since its a const.
// eslint-disable-next-line no-import-assign
constants.batchSize = 4;
const mockRequests = new Array(6).fill({
@@ -119,6 +122,7 @@ describe("SyncService", () => {
expect(apiService.postPublicImportDirectory).toHaveBeenCalledWith(mockRequests[5]);
// @ts-expect-error Reset batch size back to original value.
// eslint-disable-next-line no-import-assign
constants.batchSize = originalBatchSize;
});
@@ -132,4 +136,134 @@ describe("SyncService", () => {
expect(apiService.postPublicImportDirectory).not.toHaveBeenCalled();
});
describe("nested and circular group handling", () => {
function createGroup(
name: string,
userExternalIds: string[] = [],
groupMemberReferenceIds: string[] = [],
) {
return GroupEntry.fromJSON({
name,
referenceId: name,
externalId: name,
userMemberExternalIds: userExternalIds,
groupMemberReferenceIds: groupMemberReferenceIds,
users: [],
});
}
function setupSyncWithGroups(groups: GroupEntry[]) {
const mockDirectoryService = mock<LdapDirectoryService>();
mockDirectoryService.getEntries.mockResolvedValue([groups, []]);
directoryFactory.createService.mockReturnValue(mockDirectoryService);
stateService.getSync.mockResolvedValue(getSyncConfiguration({ groups: true, users: true }));
cryptoFunctionService.hash.mockResolvedValue(new ArrayBuffer(1));
stateService.getLastSyncHash.mockResolvedValue("unique hash");
singleRequestBuilder.buildRequest.mockReturnValue([
{ members: [], groups: [], overwriteExisting: true, largeImport: false },
]);
}
it("should handle simple circular reference (A ↔ B) without stack overflow", async () => {
const groupA = createGroup("GroupA", ["userA"], ["GroupB"]);
const groupB = createGroup("GroupB", ["userB"], ["GroupA"]);
setupSyncWithGroups([groupA, groupB]);
const [groups] = await syncService.sync(true, true);
const [a, b] = groups;
expect(a.userMemberExternalIds).toEqual(new Set(["userA", "userB"]));
expect(b.userMemberExternalIds).toEqual(new Set(["userA", "userB"]));
});
it("should handle longer circular chain (A → B → C → A) without stack overflow", async () => {
const groupA = createGroup("GroupA", ["userA"], ["GroupB"]);
const groupB = createGroup("GroupB", ["userB"], ["GroupC"]);
const groupC = createGroup("GroupC", ["userC"], ["GroupA"]);
setupSyncWithGroups([groupA, groupB, groupC]);
const [groups] = await syncService.sync(true, true);
const allUsers = new Set(["userA", "userB", "userC"]);
for (const group of groups) {
expect(group.userMemberExternalIds).toEqual(allUsers);
}
});
it("should handle diamond structure (A → [B, C] → D)", async () => {
const groupA = createGroup("GroupA", ["userA"], ["GroupB", "GroupC"]);
const groupB = createGroup("GroupB", ["userB"], ["GroupD"]);
const groupC = createGroup("GroupC", ["userC"], ["GroupD"]);
const groupD = createGroup("GroupD", ["userD"], []);
setupSyncWithGroups([groupA, groupB, groupC, groupD]);
const [groups] = await syncService.sync(true, true);
const [a, b, c, d] = groups;
expect(a.userMemberExternalIds).toEqual(new Set(["userA", "userB", "userC", "userD"]));
expect(b.userMemberExternalIds).toEqual(new Set(["userB", "userD"]));
expect(c.userMemberExternalIds).toEqual(new Set(["userC", "userD"]));
expect(d.userMemberExternalIds).toEqual(new Set(["userD"]));
});
it("should handle deep nesting with circular reference at leaf", async () => {
// Structure: A → B → C → D → B (cycle back to B)
const groupA = createGroup("GroupA", ["userA"], ["GroupB"]);
const groupB = createGroup("GroupB", ["userB"], ["GroupC"]);
const groupC = createGroup("GroupC", ["userC"], ["GroupD"]);
const groupD = createGroup("GroupD", ["userD"], ["GroupB"]);
setupSyncWithGroups([groupA, groupB, groupC, groupD]);
const [groups] = await syncService.sync(true, true);
const [a, b, c, d] = groups;
const cycleUsers = new Set(["userB", "userC", "userD"]);
expect(a.userMemberExternalIds).toEqual(new Set(["userA", ...cycleUsers]));
expect(b.userMemberExternalIds).toEqual(cycleUsers);
expect(c.userMemberExternalIds).toEqual(cycleUsers);
expect(d.userMemberExternalIds).toEqual(cycleUsers);
});
it("should handle complex structure with multiple cycles and shared members", async () => {
// Structure:
// A → [B, C]
// B → [D, E]
// C → [E, F]
// D → A (cycle)
// E → C (cycle)
// F → (leaf)
const groupA = createGroup("GroupA", ["userA"], ["GroupB", "GroupC"]);
const groupB = createGroup("GroupB", ["userB"], ["GroupD", "GroupE"]);
const groupC = createGroup("GroupC", ["userC"], ["GroupE", "GroupF"]);
const groupD = createGroup("GroupD", ["userD"], ["GroupA"]);
const groupE = createGroup("GroupE", ["userE"], ["GroupC"]);
const groupF = createGroup("GroupF", ["userF"], []);
setupSyncWithGroups([groupA, groupB, groupC, groupD, groupE, groupF]);
const [groups] = await syncService.sync(true, true);
const allUsers = new Set(["userA", "userB", "userC", "userD", "userE", "userF"]);
const a = groups.find((g) => g.name === "GroupA");
const b = groups.find((g) => g.name === "GroupB");
const c = groups.find((g) => g.name === "GroupC");
const d = groups.find((g) => g.name === "GroupD");
const e = groups.find((g) => g.name === "GroupE");
const f = groups.find((g) => g.name === "GroupF");
// A can reach all groups, so it gets all users
expect(a.userMemberExternalIds).toEqual(allUsers);
// B reaches D, E, and through cycles reaches everything
expect(b.userMemberExternalIds).toEqual(allUsers);
// C reaches E (which cycles back to C) and F
expect(c.userMemberExternalIds).toEqual(new Set(["userC", "userE", "userF"]));
// D cycles to A, which reaches everything
expect(d.userMemberExternalIds).toEqual(allUsers);
// E cycles to C, picking up C's descendants
expect(e.userMemberExternalIds).toEqual(new Set(["userC", "userE", "userF"]));
// F is a leaf
expect(f.userMemberExternalIds).toEqual(new Set(["userF"]));
});
});
});

23
src/services/sync.service.ts
View File

@@ -3,11 +3,11 @@ import { CryptoFunctionService } from "@/jslib/common/src/abstractions/cryptoFun
import { EnvironmentService } from "@/jslib/common/src/abstractions/environment.service";
import { I18nService } from "@/jslib/common/src/abstractions/i18n.service";
import { MessagingService } from "@/jslib/common/src/abstractions/messaging.service";
import Utils from "@/jslib/common/src/misc/utils";
import { Utils } from "@/jslib/common/src/misc/utils";
import { OrganizationImportRequest } from "@/jslib/common/src/models/request/organizationImportRequest";
import { DirectoryFactoryService } from "../abstractions/directory-factory.service";
import { StateService } from "../abstractions/state.service";
import { StateServiceVNext } from "../abstractions/state-vNext.service";
import { DirectoryType } from "../enums/directoryType";
import { GroupEntry } from "../models/groupEntry";
import { SyncConfiguration } from "../models/syncConfiguration";
@@ -32,7 +32,7 @@ export class SyncService {
private messagingService: MessagingService,
private i18nService: I18nService,
private environmentService: EnvironmentService,
private stateService: StateService,
private stateService: StateServiceVNext,
private batchRequestBuilder: BatchRequestBuilder,
private singleRequestBuilder: SingleRequestBuilder,
private directoryFactory: DirectoryFactoryService,
@@ -196,14 +196,27 @@ export class SyncService {
return users == null ? null : users.filter((u) => u.email?.length <= 256);
}
private flattenUsersToGroups(levelGroups: GroupEntry[], allGroups: GroupEntry[]): Set<string> {
private flattenUsersToGroups(
levelGroups: GroupEntry[],
allGroups: GroupEntry[],
visitedGroups?: Set<string>,
): Set<string> {
let allUsers = new Set<string>();
if (allGroups == null) {
return allUsers;
}
for (const group of levelGroups) {
const visited = visitedGroups ?? new Set<string>();
if (visited.has(group.referenceId)) {
continue;
}
visited.add(group.referenceId);
const childGroups = allGroups.filter((g) => group.groupMemberReferenceIds.has(g.referenceId));
const childUsers = this.flattenUsersToGroups(childGroups, allGroups);
const childUsers = this.flattenUsersToGroups(childGroups, allGroups, visited);
childUsers.forEach((id) => group.userMemberExternalIds.add(id));
allUsers = new Set([...allUsers, ...group.userMemberExternalIds]);
}

4
test.setup.ts
View File

@@ -1,7 +1,7 @@
import { webcrypto } from "crypto";
import { TextEncoder, TextDecoder } from "util";
import "jest-preset-angular/setup-jest";
Object.assign(globalThis, { TextEncoder, TextDecoder });
Object.defineProperty(window, "CSS", { value: null });
Object.defineProperty(window, "getComputedStyle", {
value: () => {

2
tsconfig.json
View File

@@ -5,7 +5,7 @@
},
"compilerOptions": {
"pretty": true,
"moduleResolution": "node",
"moduleResolution": "bundler",
"noImplicitAny": true,
"target": "ES2016",
"module": "ES2020",

308
utils/openldap/example-ldifs/directory-circular-groups.ldif Normal file
View File

@@ -0,0 +1,308 @@
version: 1
dn: dc=bitwarden,dc=com
dc: bitwarden
objectClass: dcObject
objectClass: organization
o: Bitwarden
# Organizational Units
dn: ou=Human Resources,dc=bitwarden,dc=com
changetype: add
ou: Human Resources
objectClass: top
objectClass: organizationalUnit
dn: ou=Engineering,dc=bitwarden,dc=com
changetype: add
ou: Engineering
objectClass: top
objectClass: organizationalUnit
dn: ou=Marketing,dc=bitwarden,dc=com
changetype: add
ou: Marketing
objectClass: top
objectClass: organizationalUnit
# Users - Human Resources
dn: cn=Roland Dyke,ou=Human Resources,dc=bitwarden,dc=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Roland Dyke
sn: Dyke
description: This is Roland Dyke's description
facsimileTelephoneNumber: +1 804 674-5794
l: San Francisco
ou: Human Resources
postalAddress: Human Resources$San Francisco
telephoneNumber: +1 804 831-5121
title: Supreme Human Resources Writer
userPassword: Password1
uid: DykeR
givenName: Roland
mail: DykeR@220af87272f04218bb8dd81d50fb19f5.bitwarden.com
carLicense: 4CMGOJ
departmentNumber: 2838
employeeType: Contract
homePhone: +1 804 936-4965
initials: R. D.
mobile: +1 804 592-3734
pager: +1 804 285-2962
roomNumber: 9890
dn: cn=Teirtza Kara,ou=Human Resources,dc=bitwarden,dc=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Teirtza Kara
sn: Kara
description: This is Teirtza Kara's description
facsimileTelephoneNumber: +1 206 759-2040
l: San Francisco
ou: Human Resources
postalAddress: Human Resources$San Francisco
telephoneNumber: +1 206 562-1407
title: Junior Human Resources President
userPassword: Password1
uid: KaraT
givenName: Teirtza
mail: KaraT@c2afe8b3509f4a20b2b784841685bd74.bitwarden.com
carLicense: O9GAN2
departmentNumber: 3880
employeeType: Employee
homePhone: +1 206 154-4842
initials: T. K.
mobile: +1 206 860-1835
pager: +1 206 684-1438
roomNumber: 9079
# Users - Engineering
dn: cn=Alice Chen,ou=Engineering,dc=bitwarden,dc=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Alice Chen
sn: Chen
description: Senior DevOps Engineer
l: Seattle
ou: Engineering
telephoneNumber: +1 206 555-0101
title: Senior DevOps Engineer
userPassword: Password1
uid: ChenA
givenName: Alice
mail: ChenA@bitwarden.com
employeeType: Employee
dn: cn=Bob Martinez,ou=Engineering,dc=bitwarden,dc=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Bob Martinez
sn: Martinez
description: Platform Engineer
l: Austin
ou: Engineering
telephoneNumber: +1 512 555-0102
title: Platform Engineer
userPassword: Password1
uid: MartinezB
givenName: Bob
mail: MartinezB@bitwarden.com
employeeType: Employee
dn: cn=Carol Williams,ou=Engineering,dc=bitwarden,dc=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Carol Williams
sn: Williams
description: QA Lead
l: Denver
ou: Engineering
telephoneNumber: +1 303 555-0103
title: QA Lead
userPassword: Password1
uid: WilliamsC
givenName: Carol
mail: WilliamsC@bitwarden.com
employeeType: Employee
dn: cn=David Kim,ou=Engineering,dc=bitwarden,dc=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: David Kim
sn: Kim
description: QA Engineer
l: Portland
ou: Engineering
telephoneNumber: +1 503 555-0104
title: QA Engineer
userPassword: Password1
uid: KimD
givenName: David
mail: KimD@bitwarden.com
employeeType: Contractor
# Users - Marketing
dn: cn=Eva Johnson,ou=Marketing,dc=bitwarden,dc=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Eva Johnson
sn: Johnson
description: Marketing Director
l: New York
ou: Marketing
telephoneNumber: +1 212 555-0105
title: Marketing Director
userPassword: Password1
uid: JohnsonE
givenName: Eva
mail: JohnsonE@bitwarden.com
employeeType: Employee
dn: cn=Frank Lee,ou=Marketing,dc=bitwarden,dc=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Frank Lee
sn: Lee
description: Content Strategist
l: Chicago
ou: Marketing
telephoneNumber: +1 312 555-0106
title: Content Strategist
userPassword: Password1
uid: LeeF
givenName: Frank
mail: LeeF@bitwarden.com
employeeType: Employee
# ============================================================
# GROUP HIERARCHY
# ============================================================
# Structure (arrows show "contains" relationship):
#
# AllStaff
# ├── Engineering ◄────────────────┐ (CYCLE from Platform)
# │ ├── DevOps │
# │ │ └── Platform ────────┘
# │ └── QA
# ├── Marketing
# └── HR
#
# Contractors ─── DevOps (diamond: second path to Platform)
#
# TestNestA ◄──► TestNestB (simple bidirectional cycle)
#
# ============================================================
# Leaf group - Platform team (CYCLES BACK to Engineering)
dn: cn=Platform,dc=bitwarden,dc=com
changetype: add
cn: Platform
member: cn=Bob Martinez,ou=Engineering,dc=bitwarden,dc=com
member: cn=Engineering,dc=bitwarden,dc=com
objectclass: groupOfNames
objectclass: top
# DevOps group - contains Platform subgroup
dn: cn=DevOps,dc=bitwarden,dc=com
changetype: add
cn: DevOps
member: cn=Alice Chen,ou=Engineering,dc=bitwarden,dc=com
member: cn=Platform,dc=bitwarden,dc=com
objectclass: groupOfNames
objectclass: top
# QA group
dn: cn=QA,dc=bitwarden,dc=com
changetype: add
cn: QA
member: cn=Carol Williams,ou=Engineering,dc=bitwarden,dc=com
member: cn=David Kim,ou=Engineering,dc=bitwarden,dc=com
objectclass: groupOfNames
objectclass: top
# Engineering group - contains DevOps and QA subgroups
dn: cn=Engineering,dc=bitwarden,dc=com
changetype: add
cn: Engineering
member: cn=DevOps,dc=bitwarden,dc=com
member: cn=QA,dc=bitwarden,dc=com
objectclass: groupOfNames
objectclass: top
# Marketing group
dn: cn=Marketing,dc=bitwarden,dc=com
changetype: add
cn: Marketing
member: cn=Eva Johnson,ou=Marketing,dc=bitwarden,dc=com
member: cn=Frank Lee,ou=Marketing,dc=bitwarden,dc=com
objectclass: groupOfNames
objectclass: top
# HR group
dn: cn=HR,dc=bitwarden,dc=com
changetype: add
cn: HR
member: cn=Roland Dyke,ou=Human Resources,dc=bitwarden,dc=com
member: cn=Teirtza Kara,ou=Human Resources,dc=bitwarden,dc=com
objectclass: groupOfNames
objectclass: top
# AllStaff - top-level group containing all departments
dn: cn=AllStaff,dc=bitwarden,dc=com
changetype: add
cn: AllStaff
member: cn=Engineering,dc=bitwarden,dc=com
member: cn=Marketing,dc=bitwarden,dc=com
member: cn=HR,dc=bitwarden,dc=com
objectclass: groupOfNames
objectclass: top
# Contractors group - creates diamond pattern (second path to Platform via DevOps)
dn: cn=Contractors,dc=bitwarden,dc=com
changetype: add
cn: Contractors
member: cn=DevOps,dc=bitwarden,dc=com
member: cn=David Kim,ou=Engineering,dc=bitwarden,dc=com
objectclass: groupOfNames
objectclass: top
# Simple bidirectional cycle test groups (preserved from original)
dn: cn=TestNestA,dc=bitwarden,dc=com
changetype: add
cn: TestNestA
member: cn=TestNestB,dc=bitwarden,dc=com
member: cn=Roland Dyke,ou=Human Resources,dc=bitwarden,dc=com
objectclass: groupOfNames
objectclass: top
dn: cn=TestNestB,dc=bitwarden,dc=com
changetype: add
cn: TestNestB
member: cn=TestNestA,dc=bitwarden,dc=com
member: cn=Teirtza Kara,ou=Human Resources,dc=bitwarden,dc=com
objectclass: groupOfNames
objectclass: top

20
webpack.cli.js → webpack.cli.mjs
View File

@@ -1,10 +1,14 @@
const path = require("path");
import path from "node:path";
import { fileURLToPath } from "node:url";
import { dirname } from "node:path";
const { CleanWebpackPlugin } = require("clean-webpack-plugin");
const CopyWebpackPlugin = require("copy-webpack-plugin");
const TsconfigPathsPlugin = require("tsconfig-paths-webpack-plugin");
const webpack = require("webpack");
const nodeExternals = require("webpack-node-externals");
import CopyWebpackPlugin from "copy-webpack-plugin";
import TsconfigPathsPlugin from "tsconfig-paths-webpack-plugin";
import webpack from "webpack";
import nodeExternals from "webpack-node-externals";
const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);
if (process.env.NODE_ENV == null) {
process.env.NODE_ENV = "development";
@@ -24,7 +28,6 @@ const moduleRules = [
];
const plugins = [
new CleanWebpackPlugin(),
new CopyWebpackPlugin({
patterns: [{ from: "./src/locales", to: "locales" }],
}),
@@ -64,10 +67,11 @@ const config = {
output: {
filename: "[name].js",
path: path.resolve(__dirname, "build-cli"),
clean: true,
},
module: { rules: moduleRules },
plugins: plugins,
externals: [nodeExternals()],
};
module.exports = config;
export default config;

Some files were not shown because too many files have changed in this diff Show More