Merge branch 'master' into refactor/authService

2025-12-21 18:53:32 +00:00 · 2021-12-21 09:21:50 +10:00
parent 581e9ad83a 9e26336549
commit 2640e95030
33 changed files with 358 additions and 231 deletions
--- a/.git-blame-ignore-revs
+++ b/.git-blame-ignore-revs
@@ -0,0 +1 @@
+193434461dbd9c48fe5dcbad95693470aec422ac
--- a/README.md
+++ b/README.md
@@ -16,3 +16,23 @@ Common code referenced across Bitwarden JavaScript projects.
 - _Microsoft Build Tools 2015_ in Visual Studio Installer
 - [Windows 10 SDK 17134](https://developer.microsoft.com/en-us/windows/downloads/sdk-archive/)
  either by downloading it seperately or through the Visual Studio Installer.
+
+## Prettier
+
+We recently migrated to using Prettier as code formatter. All previous branches will need to updated to avoid large merge conflicts using the following steps:
+
+1. Check out your local Branch
+2. Run `git merge 8b2dfc6cdcb8ff5b604364c2ea6d343473aee7cd`
+3. Resolve any merge conflicts, commit.
+4. Run `npm run prettier`
+5. Commit
+6. Run `git merge -Xours 193434461dbd9c48fe5dcbad95693470aec422ac`
+7. Push
+
+### Git blame
+
+We also recommend that you configure git to ignore the prettier revision using:
+
+```bash
+git config blame.ignoreRevsFile .git-blame-ignore-revs
+```
--- a/angular/src/components/icon.component.ts
+++ b/angular/src/components/icon.component.ts
@@ -18,6 +18,21 @@ const IconMap: any = {
  "fa-apple": String.fromCharCode(0xf179),
 };

+/**
+ * Provides a mapping from supported card brands to
+ * the filenames of icon that should be present in images/cards folder of clients.
+ */
+const cardIcons: Record<string, string> = {
+  Visa: "card-visa",
+  Mastercard: "card-mastercard",
+  Amex: "card-amex",
+  Discover: "card-discover",
+  "Diners Club": "card-diners-club",
+  JCB: "card-jcb",
+  Maestro: "card-maestro",
+  UnionPay: "card-union-pay",
+};
+
@Component({
  selector: "app-vault-icon",
  templateUrl: "icon.component.html",
@@ -59,6 +74,7 @@ export class IconComponent implements OnChanges {
        break;
      case CipherType.Card:
        this.icon = "fa-credit-card";
+        this.setCardIcon();
        break;
      case CipherType.Identity:
        this.icon = "fa-id-card-o";
@@ -102,4 +118,11 @@ export class IconComponent implements OnChanges {
      this.image = null;
    }
  }
+
+  private setCardIcon() {
+    const brand = this.cipher.card.brand;
+    if (this.imageEnabled && brand in cardIcons) {
+      this.icon = "credit-card-icon " + cardIcons[brand];
+    }
+  }
 }
--- a/angular/src/images/cards/amex-dark.png
+++ b/angular/src/images/cards/amex-dark.png
--- a/angular/src/images/cards/amex-light.png
+++ b/angular/src/images/cards/amex-light.png
--- a/angular/src/images/cards/diners_club-dark.png
+++ b/angular/src/images/cards/diners_club-dark.png
--- a/angular/src/images/cards/diners_club-light.png
+++ b/angular/src/images/cards/diners_club-light.png
--- a/angular/src/images/cards/discover-dark.png
+++ b/angular/src/images/cards/discover-dark.png
--- a/angular/src/images/cards/discover-light.png
+++ b/angular/src/images/cards/discover-light.png
--- a/angular/src/images/cards/jcb-dark.png
+++ b/angular/src/images/cards/jcb-dark.png
--- a/angular/src/images/cards/jcb-light.png
+++ b/angular/src/images/cards/jcb-light.png
--- a/angular/src/images/cards/maestro-dark.png
+++ b/angular/src/images/cards/maestro-dark.png
--- a/angular/src/images/cards/maestro-light.png
+++ b/angular/src/images/cards/maestro-light.png
--- a/angular/src/images/cards/mastercard-dark.png
+++ b/angular/src/images/cards/mastercard-dark.png
--- a/angular/src/images/cards/mastercard-light.png
+++ b/angular/src/images/cards/mastercard-light.png
--- a/angular/src/images/cards/union_pay-dark.png
+++ b/angular/src/images/cards/union_pay-dark.png
--- a/angular/src/images/cards/union_pay-light.png
+++ b/angular/src/images/cards/union_pay-light.png
--- a/angular/src/images/cards/visa-dark.png
+++ b/angular/src/images/cards/visa-dark.png
--- a/angular/src/images/cards/visa-light.png
+++ b/angular/src/images/cards/visa-light.png
--- a/angular/src/scss/icons.scss
+++ b/angular/src/scss/icons.scss
@@ -0,0 +1,44 @@
+$card-icons-base: "~@bitwarden/jslib-angular/src/images/cards/";
+$card-icons: (
+  "visa": $card-icons-base + "visa-light.png",
+  "amex": $card-icons-base + "amex-light.png",
+  "diners-club": $card-icons-base + "diners_club-light.png",
+  "discover": $card-icons-base + "discover-light.png",
+  "jcb": $card-icons-base + "jcb-light.png",
+  "maestro": $card-icons-base + "maestro-light.png",
+  "mastercard": $card-icons-base + "mastercard-light.png",
+  "union-pay": $card-icons-base + "union_pay-light.png",
+);
+
+$card-icons-dark: (
+  "visa": $card-icons-base + "visa-dark.png",
+  "amex": $card-icons-base + "amex-dark.png",
+  "diners-club": $card-icons-base + "diners_club-dark.png",
+  "discover": $card-icons-base + "discover-dark.png",
+  "jcb": $card-icons-base + "jcb-dark.png",
+  "maestro": $card-icons-base + "maestro-dark.png",
+  "mastercard": $card-icons-base + "mastercard-dark.png",
+  "union-pay": $card-icons-base + "union_pay-dark.png",
+);
+
+.credit-card-icon {
+  display: block; // Resolves the parent container being slighly to big
+  height: 19px;
+  width: 24px;
+  background-size: contain;
+  background-repeat: no-repeat;
+}
+
+@each $name, $url in $card-icons {
+  .card-#{$name} {
+    background-image: url("#{$url}");
+  }
+}
+
+@each $theme in $dark-icon-themes {
+  @each $name, $url in $card-icons-dark {
+    .#{$theme} .card-#{$name} {
+      background-image: url("#{$url}");
+    }
+  }
+}
--- a/common/src/abstractions/state.service.ts
+++ b/common/src/abstractions/state.service.ts
@@ -24,11 +24,11 @@ import { CollectionView } from "../models/view/collectionView";
 import { FolderView } from "../models/view/folderView";
 import { SendView } from "../models/view/sendView";

-export abstract class StateService {
-  accounts: BehaviorSubject<{ [userId: string]: Account }>;
+export abstract class StateService<T extends Account = Account> {
+  accounts: BehaviorSubject<{ [userId: string]: T }>;
  activeAccount: BehaviorSubject<string>;

-  addAccount: (account: Account) => Promise<void>;
+  addAccount: (account: T) => Promise<void>;
  setActiveUser: (userId: string) => Promise<void>;
  clean: (options?: StorageOptions) => Promise<void>;
  init: () => Promise<void>;
--- a/common/src/importers/onepasswordImporters/onepassword1PifImporter.ts
+++ b/common/src/importers/onepasswordImporters/onepassword1PifImporter.ts
@@ -172,7 +172,11 @@ export class OnePassword1PifImporter extends BaseImporter implements Importer {
        return;
      }

-      const fieldValue = field[valueKey].toString();
+      // TODO: when date FieldType exists, store this as a date field type instead of formatted Text if k is 'date'
+      const fieldValue =
+        field.k === "date"
+          ? new Date(field[valueKey] * 1000).toUTCString()
+          : field[valueKey].toString();
      const fieldDesignation =
        field[designationKey] != null ? field[designationKey].toString() : null;

--- a/common/src/models/domain/account.ts
+++ b/common/src/models/domain/account.ts
@@ -95,9 +95,6 @@ export class AccountProfile {
  hasPremiumPersonally?: boolean;
  lastActive?: number;
  lastSync?: string;
-  ssoCodeVerifier?: string;
-  ssoOrganizationIdentifier?: string;
-  ssoState?: string;
  userId?: string;
  usesKeyConnector?: boolean;
  keyHash?: string;
@@ -133,9 +130,6 @@ export class AccountSettings {
  enableMinimizeToTray?: boolean;
  enableStartToTray?: boolean;
  enableTray?: boolean;
-  environmentUrls?: any = {
-    server: "bitwarden.com",
-  };
  equivalentDomains?: any;
  minimizeOnCopyToClipboard?: boolean;
  neverDomains?: { [id: string]: any };
--- a/common/src/models/domain/globalState.ts
+++ b/common/src/models/domain/globalState.ts
@@ -5,6 +5,9 @@ export class GlobalState {
  locale?: string;
  openAtLogin?: boolean;
  organizationInvitation?: any;
+  ssoCodeVerifier?: string;
+  ssoOrganizationIdentifier?: string;
+  ssoState?: string;
  rememberedEmail?: string;
  theme?: string;
  window?: Map<string, any> = new Map<string, any>();
@@ -21,4 +24,7 @@ export class GlobalState {
  noAutoPromptBiometrics?: boolean;
  noAutoPromptBiometricsText?: string;
  stateVersion: number;
+  environmentUrls?: any = {
+    server: "bitwarden.com",
+  };
 }
--- a/common/src/models/domain/state.ts
+++ b/common/src/models/domain/state.ts
@@ -1,8 +1,8 @@
 import { Account } from "./account";
 import { GlobalState } from "./globalState";

-export class State {
-  accounts: { [userId: string]: Account } = {};
+export class State<TAccount extends Account = Account> {
+  accounts: { [userId: string]: TAccount } = {};
  globals: GlobalState = new GlobalState();
  activeUserId: string;
 }
--- a/common/src/services/auth.service.ts
+++ b/common/src/services/auth.service.ts
@@ -2,7 +2,7 @@ import { HashPurpose } from "../enums/hashPurpose";
 import { KdfType } from "../enums/kdfType";
 import { TwoFactorProviderType } from "../enums/twoFactorProviderType";

-import { AccountProfile, AccountTokens } from "../models/domain/account";
+import { Account, AccountProfile, AccountTokens } from "../models/domain/account";
 import { AuthResult } from "../models/domain/authResult";
 import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";

@@ -84,7 +84,7 @@ export class AuthService implements AuthServiceAbstraction {
        await this.buildTwoFactor(twoFactor),
        await this.buildDeviceRequest()
      );
-    } 
+    }

    const response = await this.apiService.postIdentityToken(tokenRequest);

@@ -93,7 +93,7 @@ export class AuthService implements AuthServiceAbstraction {
        await this.cryptoService.setKey(key);
        await this.cryptoService.setKeyHash(localHashedPassword);
      }
-    }
+    };
    const result = await this.processTokenResponse(response, false, onSuccess);

    if (result.requiresTwoFactor) {
@@ -112,13 +112,15 @@ export class AuthService implements AuthServiceAbstraction {
  ): Promise<AuthResult> {
    this.twoFactorService.clearSelectedProvider();

-    const tokenRequest = this.savedTokenRequest ?? new SsoTokenRequest(
-      code,
-      codeVerifier,
-      redirectUrl,
-      await this.buildTwoFactor(twoFactor),
-      await this.buildDeviceRequest()
-    );
+    const tokenRequest =
+      this.savedTokenRequest ??
+      new SsoTokenRequest(
+        code,
+        codeVerifier,
+        redirectUrl,
+        await this.buildTwoFactor(twoFactor),
+        await this.buildDeviceRequest()
+      );

    const response = await this.apiService.postIdentityToken(tokenRequest);
    const tokenResponse = response as IdentityTokenResponse;
@@ -137,7 +139,7 @@ export class AuthService implements AuthServiceAbstraction {
          );
        }
      }
-    }
+    };

    const result = await this.processTokenResponse(response, newSsoUser, onSuccess);

@@ -155,12 +157,14 @@ export class AuthService implements AuthServiceAbstraction {
  ): Promise<AuthResult> {
    this.twoFactorService.clearSelectedProvider();

-    const tokenRequest = this.savedTokenRequest ?? new ApiTokenRequest(
-      clientId,
-      clientSecret,
-      await this.buildTwoFactor(twoFactor),
-      await this.buildDeviceRequest()
-    );
+    const tokenRequest =
+      this.savedTokenRequest ??
+      new ApiTokenRequest(
+        clientId,
+        clientSecret,
+        await this.buildTwoFactor(twoFactor),
+        await this.buildDeviceRequest()
+      );

    const response = await this.apiService.postIdentityToken(tokenRequest);

@@ -173,7 +177,7 @@ export class AuthService implements AuthServiceAbstraction {
        const keyConnectorUrl = this.environmentService.getKeyConnectorUrl();
        await this.keyConnectorService.getAndSetKey(keyConnectorUrl);
      }
-    }
+    };

    const result = await this.processTokenResponse(response, false, onSuccess);

@@ -219,13 +223,13 @@ export class AuthService implements AuthServiceAbstraction {
    return this.savedTokenRequest instanceof PasswordTokenRequest;
  }

-    get email(): string {
-        return (this.savedTokenRequest as PasswordTokenRequest).email;
+  get email(): string {
+    return (this.savedTokenRequest as PasswordTokenRequest).email;
  }

-    get masterPasswordHash(): string {
-        return (this.savedTokenRequest as PasswordTokenRequest).masterPasswordHash;
-    }
+  get masterPasswordHash(): string {
+    return (this.savedTokenRequest as PasswordTokenRequest).masterPasswordHash;
+  }

  async makePreloginKey(masterPassword: string, email: string): Promise<SymmetricCryptoKey> {
    email = email.trim().toLowerCase();
@@ -275,7 +279,9 @@ export class AuthService implements AuthServiceAbstraction {

    if (this.setCryptoKeys && !newSsoUser) {
      await this.cryptoService.setEncKey(tokenResponse.key);
-      await this.cryptoService.setEncPrivateKey(tokenResponse.privateKey ?? await this.createKeyPairForOldAccount());
+      await this.cryptoService.setEncPrivateKey(
+        tokenResponse.privateKey ?? (await this.createKeyPairForOldAccount())
+      );
    }

    await onSuccess();
@@ -314,25 +320,27 @@ export class AuthService implements AuthServiceAbstraction {

  private async saveAccountInformation(tokenResponse: IdentityTokenResponse) {
    const accountInformation = await this.tokenService.decodeToken(tokenResponse.accessToken);
-    await this.stateService.addAccount({
-      profile: {
-        ...new AccountProfile(),
-        ...{
-          userId: accountInformation.sub,
-          email: accountInformation.email,
-          hasPremiumPersonally: accountInformation.premium,
-          kdfIterations: tokenResponse.kdfIterations,
-          kdfType: tokenResponse.kdf,
+    await this.stateService.addAccount(
+      new Account({
+        profile: {
+          ...new AccountProfile(),
+          ...{
+            userId: accountInformation.sub,
+            email: accountInformation.email,
+            hasPremiumPersonally: accountInformation.premium,
+            kdfIterations: tokenResponse.kdfIterations,
+            kdfType: tokenResponse.kdf,
+          },
        },
-      },
-      tokens: {
-        ...new AccountTokens(),
-        ...{
-          accessToken: tokenResponse.accessToken,
-          refreshToken: tokenResponse.refreshToken,
+        tokens: {
+          ...new AccountTokens(),
+          ...{
+            accessToken: tokenResponse.accessToken,
+            refreshToken: tokenResponse.refreshToken,
+          },
        },
-      },
-    });
+      })
+    );
  }

  private async createKeyPairForOldAccount() {
--- a/common/src/services/crypto.service.ts
+++ b/common/src/services/crypto.service.ts
@@ -761,13 +761,13 @@ export class CryptoService implements CryptoServiceAbstraction {

  // Helpers
  protected async storeKey(key: SymmetricCryptoKey, userId?: string) {
-    if (
-      (await this.shouldStoreKey(KeySuffixOptions.Auto, userId)) ||
-      (await this.shouldStoreKey(KeySuffixOptions.Biometric, userId))
-    ) {
-      await this.stateService.setCryptoMasterKeyB64(key.keyB64, { userId: userId });
+    if (await this.shouldStoreKey(KeySuffixOptions.Auto, userId)) {
+      await this.stateService.setCryptoMasterKeyAuto(key.keyB64, { userId: userId });
+    } else if (await this.shouldStoreKey(KeySuffixOptions.Biometric, userId)) {
+      await this.stateService.setCryptoMasterKeyBiometric(key.keyB64, { userId: userId });
    } else {
-      await this.stateService.setCryptoMasterKeyB64(null, { userId: userId });
+      await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
+      await this.stateService.setCryptoMasterKeyBiometric(null, { userId: userId });
    }
  }

--- a/common/src/services/environment.service.ts
+++ b/common/src/services/environment.service.ts
@@ -109,18 +109,7 @@ export class EnvironmentService implements EnvironmentServiceAbstraction {
  }

  async setUrlsFromStorage(): Promise<void> {
-    const urlsObj: any = await this.stateService.getEnvironmentUrls();
-    const urls = urlsObj || {
-      base: null,
-      api: null,
-      identity: null,
-      icons: null,
-      notifications: null,
-      events: null,
-      webVault: null,
-      keyConnector: null,
-    };
-
+    const urls: any = await this.stateService.getEnvironmentUrls();
    const envUrls = new EnvironmentUrls();

    if (urls.base) {
--- a/common/src/services/state.service.ts
+++ b/common/src/services/state.service.ts
@@ -1,6 +1,12 @@
 import { StateService as StateServiceAbstraction } from "../abstractions/state.service";

-import { Account } from "../models/domain/account";
+import {
+  Account,
+  AccountData,
+  AccountKeys,
+  AccountProfile,
+  AccountTokens,
+} from "../models/domain/account";

 import { LogService } from "../abstractions/log.service";
 import { StorageService } from "../abstractions/storage.service";
@@ -34,19 +40,21 @@ import { SendData } from "../models/data/sendData";

 import { BehaviorSubject } from "rxjs";

-import { StateMigrationService } from "./stateMigration.service";
+import { StateMigrationService } from "../abstractions/stateMigration.service";

-export class StateService implements StateServiceAbstraction {
-  accounts = new BehaviorSubject<{ [userId: string]: Account }>({});
+export class StateService<TAccount extends Account = Account>
+  implements StateServiceAbstraction<TAccount>
+{
+  accounts = new BehaviorSubject<{ [userId: string]: TAccount }>({});
  activeAccount = new BehaviorSubject<string>(null);

-  private state: State = new State();
+  protected state: State<TAccount> = new State<TAccount>();

  constructor(
-    private storageService: StorageService,
-    private secureStorageService: StorageService,
-    private logService: LogService,
-    private stateMigrationService: StateMigrationService
+    protected storageService: StorageService,
+    protected secureStorageService: StorageService,
+    protected logService: LogService,
+    protected stateMigrationService: StateMigrationService
  ) {}

  async init(): Promise<void> {
@@ -60,7 +68,7 @@ export class StateService implements StateServiceAbstraction {

  async loadStateFromDisk() {
    if ((await this.getActiveUserIdFromStorage()) != null) {
-      const diskState = await this.storageService.get<State>(
+      const diskState = await this.storageService.get<State<TAccount>>(
        "state",
        await this.defaultOnDiskOptions()
      );
@@ -71,10 +79,7 @@ export class StateService implements StateServiceAbstraction {
    }
  }

-  async addAccount(account: Account) {
-    if (account?.profile?.userId == null) {
-      return;
-    }
+  async addAccount(account: TAccount) {
    this.state.accounts[account.profile.userId] = account;
    await this.scaffoldNewAccountStorage(account);
    await this.setActiveUser(account.profile.userId);
@@ -83,7 +88,7 @@ export class StateService implements StateServiceAbstraction {

  async setActiveUser(userId: string): Promise<void> {
    this.state.activeUserId = userId;
-    const storedState = await this.storageService.get<State>(
+    const storedState = await this.storageService.get<State<TAccount>>(
      "state",
      await this.defaultOnDiskOptions()
    );
@@ -1321,47 +1326,64 @@ export class StateService implements StateServiceAbstraction {
  }

  async getEntityId(options?: StorageOptions): Promise<string> {
-    return (await this.getAccount(this.reconcileOptions(options, this.defaultInMemoryOptions)))
-      ?.profile?.entityId;
+    return (
+      await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()))
+    )?.profile?.entityId;
  }

  async setEntityId(value: string, options?: StorageOptions): Promise<void> {
    const account = await this.getAccount(
-      this.reconcileOptions(options, this.defaultInMemoryOptions)
+      this.reconcileOptions(options, await this.defaultOnDiskLocalOptions())
    );
    account.profile.entityId = value;
-    await this.saveAccount(account, this.reconcileOptions(options, this.defaultInMemoryOptions));
+    await this.saveAccount(
+      account,
+      this.reconcileOptions(options, await this.defaultOnDiskLocalOptions())
+    );
  }

  async getEntityType(options?: StorageOptions): Promise<any> {
-    return (await this.getAccount(this.reconcileOptions(options, this.defaultInMemoryOptions)))
-      ?.profile?.entityType;
+    return (
+      await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()))
+    )?.profile?.entityType;
  }

  async setEntityType(value: string, options?: StorageOptions): Promise<void> {
    const account = await this.getAccount(
-      this.reconcileOptions(options, this.defaultInMemoryOptions)
+      this.reconcileOptions(options, await this.defaultOnDiskLocalOptions())
    );
    account.profile.entityType = value;
-    await this.saveAccount(account, this.reconcileOptions(options, this.defaultInMemoryOptions));
+    await this.saveAccount(
+      account,
+      this.reconcileOptions(options, await this.defaultOnDiskLocalOptions())
+    );
  }

  async getEnvironmentUrls(options?: StorageOptions): Promise<any> {
    return (
-      (await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
-        ?.settings?.environmentUrls ?? {
+      (await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
+        ?.environmentUrls ?? {
+        base: null,
+        api: null,
+        identity: null,
+        icons: null,
+        notifications: null,
+        events: null,
+        webVault: null,
+        keyConnector: null,
+        // TODO: this is a bug and we should use base instead for the server detail in the account switcher, otherwise self hosted urls will not show correctly
        server: "bitwarden.com",
      }
    );
  }

  async setEnvironmentUrls(value: any, options?: StorageOptions): Promise<void> {
-    const account = await this.getAccount(
+    const globals = await this.getGlobals(
      this.reconcileOptions(options, await this.defaultOnDiskOptions())
    );
-    account.settings.environmentUrls = value;
-    await this.saveAccount(
-      account,
+    globals.environmentUrls = value;
+    await this.saveGlobals(
+      globals,
      this.reconcileOptions(options, await this.defaultOnDiskOptions())
    );
  }
@@ -1402,17 +1424,20 @@ export class StateService implements StateServiceAbstraction {

  async getEverBeenUnlocked(options?: StorageOptions): Promise<boolean> {
    return (
-      (await this.getAccount(this.reconcileOptions(options, this.defaultInMemoryOptions)))?.profile
-        ?.everBeenUnlocked ?? false
+      (await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions())))
+        ?.profile?.everBeenUnlocked ?? false
    );
  }

  async setEverBeenUnlocked(value: boolean, options?: StorageOptions): Promise<void> {
    const account = await this.getAccount(
-      this.reconcileOptions(options, this.defaultInMemoryOptions)
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
    );
    account.profile.everBeenUnlocked = value;
-    await this.saveAccount(account, this.reconcileOptions(options, this.defaultInMemoryOptions));
+    await this.saveAccount(
+      account,
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
+    );
  }

  async getForcePasswordReset(options?: StorageOptions): Promise<boolean> {
@@ -1874,46 +1899,54 @@ export class StateService implements StateServiceAbstraction {
  }

  async getSsoCodeVerifier(options?: StorageOptions): Promise<string> {
-    return (await this.getAccount(this.reconcileOptions(options, this.defaultInMemoryOptions)))
-      ?.profile?.ssoCodeVerifier;
+    return (
+      await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
+    )?.ssoCodeVerifier;
  }

  async setSsoCodeVerifier(value: string, options?: StorageOptions): Promise<void> {
-    const account = await this.getAccount(
-      this.reconcileOptions(options, this.defaultInMemoryOptions)
+    const globals = await this.getGlobals(
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
+    );
+    globals.ssoCodeVerifier = value;
+    await this.saveGlobals(
+      globals,
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
    );
-    account.profile.ssoCodeVerifier = value;
-    await this.saveAccount(account, this.reconcileOptions(options, this.defaultInMemoryOptions));
  }

  async getSsoOrgIdentifier(options?: StorageOptions): Promise<string> {
    return (
-      await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()))
-    )?.profile?.ssoOrganizationIdentifier;
+      await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()))
+    )?.ssoOrganizationIdentifier;
  }

  async setSsoOrganizationIdentifier(value: string, options?: StorageOptions): Promise<void> {
-    const account = await this.getAccount(
+    const globals = await this.getGlobals(
      this.reconcileOptions(options, await this.defaultOnDiskLocalOptions())
    );
-    account.profile.ssoOrganizationIdentifier = value;
-    await this.saveAccount(
-      account,
+    globals.ssoOrganizationIdentifier = value;
+    await this.saveGlobals(
+      globals,
      this.reconcileOptions(options, await this.defaultOnDiskLocalOptions())
    );
  }

  async getSsoState(options?: StorageOptions): Promise<string> {
-    return (await this.getAccount(this.reconcileOptions(options, this.defaultInMemoryOptions)))
-      ?.profile?.ssoState;
+    return (
+      await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
+    )?.ssoState;
  }

  async setSsoState(value: string, options?: StorageOptions): Promise<void> {
-    const account = await this.getAccount(
-      this.reconcileOptions(options, this.defaultInMemoryOptions)
+    const globals = await this.getGlobals(
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
+    );
+    globals.ssoState = value;
+    await this.saveGlobals(
+      globals,
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
    );
-    account.profile.ssoState = value;
-    await this.saveAccount(account, this.reconcileOptions(options, this.defaultInMemoryOptions));
  }

  async getTheme(options?: StorageOptions): Promise<string> {
@@ -1973,10 +2006,7 @@ export class StateService implements StateServiceAbstraction {
    const accountVaultTimeout = (
      await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()))
    )?.settings?.vaultTimeout;
-    const globalVaultTimeout = (
-      await this.getGlobals(this.reconcileOptions(options, await this.defaultOnDiskLocalOptions()))
-    )?.vaultTimeout;
-    return accountVaultTimeout ?? globalVaultTimeout ?? 15;
+    return accountVaultTimeout;
  }

  async setVaultTimeout(value: number, options?: StorageOptions): Promise<void> {
@@ -2039,7 +2069,7 @@ export class StateService implements StateServiceAbstraction {
    );
  }

-  private async getGlobals(options: StorageOptions): Promise<GlobalState> {
+  protected async getGlobals(options: StorageOptions): Promise<GlobalState> {
    let globals: GlobalState;
    if (this.useMemory(options.storageLocation)) {
      globals = this.getGlobalsFromMemory();
@@ -2052,39 +2082,41 @@ export class StateService implements StateServiceAbstraction {
    return globals ?? new GlobalState();
  }

-  private async saveGlobals(globals: GlobalState, options: StorageOptions) {
+  protected async saveGlobals(globals: GlobalState, options: StorageOptions) {
    return this.useMemory(options.storageLocation)
      ? this.saveGlobalsToMemory(globals)
      : await this.saveGlobalsToDisk(globals, options);
  }

-  private getGlobalsFromMemory(): GlobalState {
+  protected getGlobalsFromMemory(): GlobalState {
    return this.state.globals;
  }

-  private async getGlobalsFromDisk(options: StorageOptions): Promise<GlobalState> {
-    return (await this.storageService.get<State>("state", options))?.globals;
+  protected async getGlobalsFromDisk(options: StorageOptions): Promise<GlobalState> {
+    return (await this.storageService.get<State<TAccount>>("state", options))?.globals;
  }

-  private saveGlobalsToMemory(globals: GlobalState): void {
+  protected saveGlobalsToMemory(globals: GlobalState): void {
    this.state.globals = globals;
  }

-  private async saveGlobalsToDisk(globals: GlobalState, options: StorageOptions): Promise<void> {
+  protected async saveGlobalsToDisk(globals: GlobalState, options: StorageOptions): Promise<void> {
    if (options.useSecureStorage) {
-      const state = (await this.secureStorageService.get<State>("state", options)) ?? new State();
+      const state =
+        (await this.secureStorageService.get<State<TAccount>>("state", options)) ?? new State();
      state.globals = globals;
      await this.secureStorageService.save("state", state, options);
    } else {
-      const state = (await this.storageService.get<State>("state", options)) ?? new State();
+      const state =
+        (await this.storageService.get<State<TAccount>>("state", options)) ?? new State();
      state.globals = globals;
      await this.saveStateToStorage(state, options);
    }
  }

-  private async getAccount(options: StorageOptions): Promise<Account> {
+  protected async getAccount(options: StorageOptions): Promise<TAccount> {
    try {
-      let account: Account;
+      let account: TAccount;
      if (this.useMemory(options.storageLocation)) {
        account = this.getAccountFromMemory(options);
      }
@@ -2093,51 +2125,51 @@ export class StateService implements StateServiceAbstraction {
        account = await this.getAccountFromDisk(options);
      }

-      return account != null ? new Account(account) : null;
+      return account;
    } catch (e) {
      this.logService.error(e);
    }
  }

-  private getAccountFromMemory(options: StorageOptions): Account {
+  protected getAccountFromMemory(options: StorageOptions): TAccount {
    if (this.state.accounts == null) {
      return null;
    }
    return this.state.accounts[this.getUserIdFromMemory(options)];
  }

-  private getUserIdFromMemory(options: StorageOptions): string {
+  protected getUserIdFromMemory(options: StorageOptions): string {
    return options?.userId != null
      ? this.state.accounts[options.userId]?.profile?.userId
      : this.state.activeUserId;
  }

-  private async getAccountFromDisk(options: StorageOptions): Promise<Account> {
+  protected async getAccountFromDisk(options: StorageOptions): Promise<TAccount> {
    if (options?.userId == null && this.state.activeUserId == null) {
      return null;
    }

    const state = options?.useSecureStorage
-      ? (await this.secureStorageService.get<State>("state", options)) ??
-        (await this.storageService.get<State>(
+      ? (await this.secureStorageService.get<State<TAccount>>("state", options)) ??
+        (await this.storageService.get<State<TAccount>>(
          "state",
          this.reconcileOptions(options, { htmlStorageLocation: HtmlStorageLocation.Local })
        ))
-      : await this.storageService.get<State>("state", options);
+      : await this.storageService.get<State<TAccount>>("state", options);

    return state?.accounts[options?.userId ?? this.state.activeUserId];
  }

-  private useMemory(storageLocation: StorageLocation) {
+  protected useMemory(storageLocation: StorageLocation) {
    return storageLocation === StorageLocation.Memory || storageLocation === StorageLocation.Both;
  }

-  private useDisk(storageLocation: StorageLocation) {
+  protected useDisk(storageLocation: StorageLocation) {
    return storageLocation === StorageLocation.Disk || storageLocation === StorageLocation.Both;
  }

-  private async saveAccount(
-    account: Account,
+  protected async saveAccount(
+    account: TAccount,
    options: StorageOptions = {
      storageLocation: StorageLocation.Both,
      useSecureStorage: false,
@@ -2148,86 +2180,75 @@ export class StateService implements StateServiceAbstraction {
      : await this.saveAccountToDisk(account, options);
  }

-  private async saveAccountToDisk(account: Account, options: StorageOptions): Promise<void> {
+  protected async saveAccountToDisk(account: TAccount, options: StorageOptions): Promise<void> {
    const storageLocation = options.useSecureStorage
      ? this.secureStorageService
      : this.storageService;

-    const state = (await storageLocation.get<State>("state", options)) ?? new State();
+    const state =
+      (await storageLocation.get<State<TAccount>>("state", options)) ?? new State<TAccount>();
    state.accounts[account.profile.userId] = account;

    await storageLocation.save("state", state, options);
    await this.pushAccounts();
  }

-  private async saveAccountToMemory(account: Account): Promise<void> {
+  protected async saveAccountToMemory(account: TAccount): Promise<void> {
    if (this.getAccountFromMemory({ userId: account.profile.userId }) !== null) {
      this.state.accounts[account.profile.userId] = account;
    }
    await this.pushAccounts();
  }

-  private async scaffoldNewAccountStorage(account: Account): Promise<void> {
+  protected async scaffoldNewAccountStorage(account: TAccount): Promise<void> {
    await this.scaffoldNewAccountLocalStorage(account);
    await this.scaffoldNewAccountSessionStorage(account);
    await this.scaffoldNewAccountMemoryStorage(account);
  }

-  private async scaffoldNewAccountLocalStorage(account: Account): Promise<void> {
+  protected async scaffoldNewAccountLocalStorage(account: TAccount): Promise<void> {
    const storedState =
-      (await this.storageService.get<State>("state", await this.defaultOnDiskLocalOptions())) ??
-      new State();
+      (await this.storageService.get<State<TAccount>>(
+        "state",
+        await this.defaultOnDiskLocalOptions()
+      )) ?? new State<TAccount>();
    const storedAccount = storedState.accounts[account.profile.userId];
    if (storedAccount != null) {
-      account = {
-        settings: storedAccount.settings,
-        profile: account.profile,
-        tokens: account.tokens,
-        keys: account.keys,
-        data: account.data,
-      };
+      account.settings = storedAccount.settings;
    }
    storedState.accounts[account.profile.userId] = account;
    await this.saveStateToStorage(storedState, await this.defaultOnDiskLocalOptions());
  }

-  private async scaffoldNewAccountMemoryStorage(account: Account): Promise<void> {
+  protected async scaffoldNewAccountMemoryStorage(account: TAccount): Promise<void> {
    const storedState =
-      (await this.storageService.get<State>("state", await this.defaultOnDiskMemoryOptions())) ??
-      new State();
+      (await this.storageService.get<State<TAccount>>(
+        "state",
+        await this.defaultOnDiskMemoryOptions()
+      )) ?? new State<TAccount>();
    const storedAccount = storedState.accounts[account.profile.userId];
    if (storedAccount != null) {
-      account = {
-        settings: storedAccount.settings,
-        profile: account.profile,
-        tokens: account.tokens,
-        keys: account.keys,
-        data: account.data,
-      };
+      account.settings = storedAccount.settings;
    }
    storedState.accounts[account.profile.userId] = account;
    await this.saveStateToStorage(storedState, await this.defaultOnDiskMemoryOptions());
  }

-  private async scaffoldNewAccountSessionStorage(account: Account): Promise<void> {
+  protected async scaffoldNewAccountSessionStorage(account: TAccount): Promise<void> {
    const storedState =
-      (await this.storageService.get<State>("state", await this.defaultOnDiskOptions())) ??
-      new State();
+      (await this.storageService.get<State<TAccount>>(
+        "state",
+        await this.defaultOnDiskOptions()
+      )) ?? new State<TAccount>();
    const storedAccount = storedState.accounts[account.profile.userId];
    if (storedAccount != null) {
-      account = {
-        settings: storedAccount.settings,
-        profile: account.profile,
-        tokens: account.tokens,
-        keys: account.keys,
-        data: account.data,
-      };
+      account.settings = storedAccount.settings;
    }
    storedState.accounts[account.profile.userId] = account;
    await this.saveStateToStorage(storedState, await this.defaultOnDiskOptions());
  }

-  private async pushAccounts(): Promise<void> {
+  protected async pushAccounts(): Promise<void> {
    await this.pruneInMemoryAccounts();
    if (this.state?.accounts == null || Object.keys(this.state.accounts).length < 1) {
      this.accounts.next(null);
@@ -2237,7 +2258,7 @@ export class StateService implements StateServiceAbstraction {
    this.accounts.next(this.state.accounts);
  }

-  private reconcileOptions(
+  protected reconcileOptions(
    requestedOptions: StorageOptions,
    defaultOptions: StorageOptions
  ): StorageOptions {
@@ -2255,11 +2276,11 @@ export class StateService implements StateServiceAbstraction {
    return requestedOptions;
  }

-  private get defaultInMemoryOptions(): StorageOptions {
+  protected get defaultInMemoryOptions(): StorageOptions {
    return { storageLocation: StorageLocation.Memory, userId: this.state.activeUserId };
  }

-  private async defaultOnDiskOptions(): Promise<StorageOptions> {
+  protected async defaultOnDiskOptions(): Promise<StorageOptions> {
    return {
      storageLocation: StorageLocation.Disk,
      htmlStorageLocation: HtmlStorageLocation.Session,
@@ -2268,7 +2289,7 @@ export class StateService implements StateServiceAbstraction {
    };
  }

-  private async defaultOnDiskLocalOptions(): Promise<StorageOptions> {
+  protected async defaultOnDiskLocalOptions(): Promise<StorageOptions> {
    return {
      storageLocation: StorageLocation.Disk,
      htmlStorageLocation: HtmlStorageLocation.Local,
@@ -2277,7 +2298,7 @@ export class StateService implements StateServiceAbstraction {
    };
  }

-  private async defaultOnDiskMemoryOptions(): Promise<StorageOptions> {
+  protected async defaultOnDiskMemoryOptions(): Promise<StorageOptions> {
    return {
      storageLocation: StorageLocation.Disk,
      htmlStorageLocation: HtmlStorageLocation.Memory,
@@ -2286,7 +2307,7 @@ export class StateService implements StateServiceAbstraction {
    };
  }

-  private async defaultSecureStorageOptions(): Promise<StorageOptions> {
+  protected async defaultSecureStorageOptions(): Promise<StorageOptions> {
    return {
      storageLocation: StorageLocation.Disk,
      useSecureStorage: true,
@@ -2294,46 +2315,38 @@ export class StateService implements StateServiceAbstraction {
    };
  }

-  private async getActiveUserIdFromStorage(): Promise<string> {
-    const state = await this.storageService.get<State>("state");
+  protected async getActiveUserIdFromStorage(): Promise<string> {
+    const state = await this.storageService.get<State<TAccount>>("state");
    return state?.activeUserId;
  }

-  private async removeAccountFromLocalStorage(
+  protected async removeAccountFromLocalStorage(
    userId: string = this.state.activeUserId
  ): Promise<void> {
-    const state = await this.storageService.get<State>("state", {
+    const state = await this.storageService.get<State<TAccount>>("state", {
      htmlStorageLocation: HtmlStorageLocation.Local,
    });
    if (state?.accounts[userId] == null) {
      return;
    }
-
-    state.accounts[userId] = new Account({
-      settings: state.accounts[userId].settings,
-    });
-
+    state.accounts[userId] = this.resetAccount(state.accounts[userId]);
    await this.saveStateToStorage(state, await this.defaultOnDiskLocalOptions());
  }

-  private async removeAccountFromSessionStorage(
+  protected async removeAccountFromSessionStorage(
    userId: string = this.state.activeUserId
  ): Promise<void> {
-    const state = await this.storageService.get<State>("state", {
+    const state = await this.storageService.get<State<TAccount>>("state", {
      htmlStorageLocation: HtmlStorageLocation.Session,
    });
    if (state?.accounts[userId] == null) {
      return;
    }
-
-    state.accounts[userId] = new Account({
-      settings: state.accounts[userId].settings,
-    });
-
+    state.accounts[userId] = this.resetAccount(state.accounts[userId]);
    await this.saveStateToStorage(state, await this.defaultOnDiskOptions());
  }

-  private async removeAccountFromSecureStorage(
+  protected async removeAccountFromSecureStorage(
    userId: string = this.state.activeUserId
  ): Promise<void> {
    await this.setCryptoMasterKeyAuto(null, { userId: userId });
@@ -2341,15 +2354,18 @@ export class StateService implements StateServiceAbstraction {
    await this.setCryptoMasterKeyB64(null, { userId: userId });
  }

-  private removeAccountFromMemory(userId: string = this.state.activeUserId): void {
+  protected removeAccountFromMemory(userId: string = this.state.activeUserId): void {
    delete this.state.accounts[userId];
  }

-  private async saveStateToStorage(state: State, options: StorageOptions): Promise<void> {
+  protected async saveStateToStorage(
+    state: State<TAccount>,
+    options: StorageOptions
+  ): Promise<void> {
    await this.storageService.save("state", state, options);
  }

-  private async pruneInMemoryAccounts() {
+  protected async pruneInMemoryAccounts() {
    // We preserve settings for logged out accounts, but we don't want to consider them when thinking about active account state
    for (const userId in this.state.accounts) {
      if (!(await this.getIsAuthenticated({ userId: userId }))) {
@@ -2357,4 +2373,13 @@ export class StateService implements StateServiceAbstraction {
      }
    }
  }
+
+  // settings persist even on reset
+  protected resetAccount(account: TAccount) {
+    account.data = new AccountData();
+    account.keys = new AccountKeys();
+    account.profile = new AccountProfile();
+    account.tokens = new AccountTokens();
+    return account;
+  }
 }
--- a/common/src/services/stateMigration.service.ts
+++ b/common/src/services/stateMigration.service.ts
@@ -114,19 +114,22 @@ export class StateMigrationService {
  readonly latestVersion: number = 2;

  constructor(
-    private storageService: StorageService,
-    private secureStorageService: StorageService
+    protected storageService: StorageService,
+    protected secureStorageService: StorageService
  ) {}

  async needsMigration(): Promise<boolean> {
-    const currentStateVersion = (await this.storageService.get<State>("state"))?.globals
-      ?.stateVersion;
+    const currentStateVersion = (
+      await this.storageService.get<State<Account>>("state", {
+        htmlStorageLocation: HtmlStorageLocation.Local,
+      })
+    )?.globals?.stateVersion;
    return currentStateVersion == null || currentStateVersion < this.latestVersion;
  }

  async migrate(): Promise<void> {
    let currentStateVersion =
-      (await this.storageService.get<State>("state"))?.globals?.stateVersion ?? 1;
+      (await this.storageService.get<State<Account>>("state"))?.globals?.stateVersion ?? 1;
    while (currentStateVersion < this.latestVersion) {
      switch (currentStateVersion) {
        case 1:
@@ -138,10 +141,10 @@ export class StateMigrationService {
    }
  }

-  private async migrateStateFrom1To2(): Promise<void> {
+  protected async migrateStateFrom1To2(): Promise<void> {
    const options: StorageOptions = { htmlStorageLocation: HtmlStorageLocation.Local };
    const userId = await this.storageService.get<string>("userId");
-    const initialState: State =
+    const initialState: State<Account> =
      userId == null
        ? {
            globals: {
@@ -174,6 +177,7 @@ export class StateMigrationService {
                v1Keys.enableBiometric,
                options
              ),
+              environmentUrls: await this.storageService.get<any>(v1Keys.environmentUrls, options),
              installedVersion: await this.storageService.get<string>(
                v1Keys.installedVersion,
                options
@@ -192,6 +196,15 @@ export class StateMigrationService {
              ),
              openAtLogin: await this.storageService.get<boolean>(v1Keys.openAtLogin, options),
              organizationInvitation: await this.storageService.get<string>("", options),
+              ssoCodeVerifier: await this.storageService.get<string>(
+                v1Keys.ssoCodeVerifier,
+                options
+              ),
+              ssoOrganizationIdentifier: await this.storageService.get<string>(
+                v1Keys.ssoIdentifier,
+                options
+              ),
+              ssoState: null,
              rememberedEmail: await this.storageService.get<string>(
                v1Keys.rememberedEmail,
                options
@@ -327,15 +340,6 @@ export class StateMigrationService {
                  keyHash: await this.storageService.get<string>(v1Keys.keyHash, options),
                  lastActive: await this.storageService.get<number>(v1Keys.lastActive, options),
                  lastSync: null,
-                  ssoCodeVerifier: await this.storageService.get<string>(
-                    v1Keys.ssoCodeVerifier,
-                    options
-                  ),
-                  ssoOrganizationIdentifier: await this.storageService.get<string>(
-                    v1Keys.ssoIdentifier,
-                    options
-                  ),
-                  ssoState: null,
                  userId: userId,
                  usesKeyConnector: null,
                },
@@ -439,10 +443,6 @@ export class StateMigrationService {
                    options
                  ),
                  enableTray: await this.storageService.get<boolean>(v1Keys.enableTray, options),
-                  environmentUrls: await this.storageService.get<any>(
-                    v1Keys.environmentUrls,
-                    options
-                  ),
                  equivalentDomains: await this.storageService.get<any>(
                    v1Keys.equivalentDomains,
                    options
--- a/common/src/services/vaultTimeout.service.ts
+++ b/common/src/services/vaultTimeout.service.ts
@@ -53,7 +53,7 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
  async isLocked(userId?: string): Promise<boolean> {
    const neverLock =
      (await this.cryptoService.hasKeyStored(KeySuffixOptions.Auto, userId)) &&
-      !(await this.stateService.getEverBeenUnlocked({ userId: userId }));
+      (await this.stateService.getEverBeenUnlocked({ userId: userId }));
    if (neverLock) {
      // TODO: This also _sets_ the key so when we check memory in the next line it finds a key.
      // We should refactor here.
--- a/node/src/cli/baseProgram.ts
+++ b/node/src/cli/baseProgram.ts
@@ -9,7 +9,7 @@ import { StringResponse } from "./models/response/stringResponse";

 export abstract class BaseProgram {
  constructor(
-    private stateService: StateService,
+    protected stateService: StateService,
    private writeLn: (s: string, finalLine: boolean, error: boolean) => void
  ) {}

--- a/spec/common/importers/onepassword1PifImporter.spec.ts
+++ b/spec/common/importers/onepassword1PifImporter.spec.ts
@@ -476,6 +476,19 @@ describe("1Password 1Pif Importer", () => {

    // remaining fields as custom fields
    expect(cipher.fields.length).toEqual(6);
+    const fields = cipher.fields;
+    expect(fields[0].name).toEqual("sex");
+    expect(fields[0].value).toEqual("male");
+    expect(fields[1].name).toEqual("birth date");
+    expect(fields[1].value).toEqual("Mon, 11 Mar 2019 12:01:00 GMT");
+    expect(fields[2].name).toEqual("occupation");
+    expect(fields[2].value).toEqual("Engineer");
+    expect(fields[3].name).toEqual("department");
+    expect(fields[3].value).toEqual("IT");
+    expect(fields[4].name).toEqual("job title");
+    expect(fields[4].value).toEqual("Developer");
+    expect(fields[5].name).toEqual("home");
+    expect(fields[5].value).toEqual("+49 333 222 111");
  });

  it("should create password history", async () => {