Add support for requesting and using otp for verifying some requests (#527)

Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2025-12-15 07:43:45 +00:00 · 2021-11-09 17:01:22 +01:00
parent 99ff3feb53
commit 8f177e2d3a
54 changed files with 746 additions and 223 deletions
--- a/common/src/models/api/ssoConfigApi.ts
+++ b/common/src/models/api/ssoConfigApi.ts
@@ -37,8 +37,8 @@ enum Saml2SigningBehavior {
 export class SsoConfigApi extends BaseResponse {
    configType: SsoType;

-    useCryptoAgent: boolean;
-    cryptoAgentUrl: string;
+    useKeyConnector: boolean;
+    keyConnectorUrl: string;

    // OpenId
    authority: string;
@@ -81,8 +81,8 @@ export class SsoConfigApi extends BaseResponse {

        this.configType = this.getResponseProperty('ConfigType');

-        this.useCryptoAgent = this.getResponseProperty('UseCryptoAgent');
-        this.cryptoAgentUrl = this.getResponseProperty('CryptoAgentUrl');
+        this.useKeyConnector = this.getResponseProperty('UseKeyConnector');
+        this.keyConnectorUrl = this.getResponseProperty('KeyConnectorUrl');

        this.authority = this.getResponseProperty('Authority');
        this.clientId = this.getResponseProperty('ClientId');
--- a/common/src/models/data/organizationData.ts
+++ b/common/src/models/data/organizationData.ts
@@ -33,6 +33,8 @@ export class OrganizationData {
    providerId: string;
    providerName: string;
    isProviderUser: boolean;
+    usesKeyConnector: boolean;
+    keyConnectorUrl: string;

    constructor(response: ProfileOrganizationResponse) {
        this.id = response.id;
@@ -62,5 +64,7 @@ export class OrganizationData {
        this.hasPublicAndPrivateKeys = response.hasPublicAndPrivateKeys;
        this.providerId = response.providerId;
        this.providerName = response.providerName;
+        this.usesKeyConnector = response.usesKeyConnector;
+        this.keyConnectorUrl = response.keyConnectorUrl;
    }
 }
--- a/common/src/models/domain/organization.ts
+++ b/common/src/models/domain/organization.ts
@@ -34,6 +34,8 @@ export class Organization {
    providerId: string;
    providerName: string;
    isProviderUser: boolean;
+    usesKeyConnector: boolean;
+    keyConnectorUrl: string;

    constructor(obj?: OrganizationData) {
        if (obj == null) {
@@ -68,6 +70,8 @@ export class Organization {
        this.providerId = obj.providerId;
        this.providerName = obj.providerName;
        this.isProviderUser = obj.isProviderUser;
+        this.usesKeyConnector = obj.usesKeyConnector;
+        this.keyConnectorUrl = obj.keyConnectorUrl;
    }

    get canAccess() {
--- a/common/src/models/request/account/setKeyConnectorKeyRequest.ts
+++ b/common/src/models/request/account/setKeyConnectorKeyRequest.ts
@@ -2,7 +2,7 @@ import { KeysRequest } from '../keysRequest';

 import { KdfType } from '../../../enums/kdfType';

-export class SetCryptoAgentKeyRequest {
+export class SetKeyConnectorKeyRequest {
    key: string;
    keys: KeysRequest;
    kdf: KdfType;
--- a/common/src/models/request/account/verifyOTPRequest.ts
+++ b/common/src/models/request/account/verifyOTPRequest.ts
@@ -0,0 +1,7 @@
+export class VerifyOTPRequest {
+    OTP: string;
+
+    constructor(OTP: string) {
+        this.OTP = OTP;
+    }
+}
--- a/common/src/models/request/emailTokenRequest.ts
+++ b/common/src/models/request/emailTokenRequest.ts
@@ -1,6 +1,6 @@
-import { PasswordVerificationRequest } from './passwordVerificationRequest';
+import { SecretVerificationRequest } from './secretVerificationRequest';

-export class EmailTokenRequest extends PasswordVerificationRequest {
+export class EmailTokenRequest extends SecretVerificationRequest {
    newEmail: string;
    masterPasswordHash: string;
 }
--- a/common/src/models/request/keyConnectorUserKeyRequest.ts
+++ b/common/src/models/request/keyConnectorUserKeyRequest.ts
@@ -1,4 +1,4 @@
-export class CryptoAgentUserKeyRequest {
+export class KeyConnectorUserKeyRequest {
    key: string;

    constructor(key: string) {
--- a/common/src/models/request/passwordRequest.ts
+++ b/common/src/models/request/passwordRequest.ts
@@ -1,6 +1,6 @@
-import { PasswordVerificationRequest } from './passwordVerificationRequest';
+import { SecretVerificationRequest } from './secretVerificationRequest';

-export class PasswordRequest extends PasswordVerificationRequest {
+export class PasswordRequest extends SecretVerificationRequest {
    newMasterPasswordHash: string;
    key: string;
 }
--- a/common/src/models/request/passwordVerificationRequest.ts
+++ b/common/src/models/request/passwordVerificationRequest.ts
@@ -1,3 +0,0 @@
-export class PasswordVerificationRequest {
-    masterPasswordHash: string;
-}
--- a/common/src/models/request/secretVerificationRequest.ts
+++ b/common/src/models/request/secretVerificationRequest.ts
@@ -0,0 +1,4 @@
+export class SecretVerificationRequest {
+    masterPasswordHash: string;
+    otp: string;
+}
--- a/common/src/models/request/twoFactorEmailRequest.ts
+++ b/common/src/models/request/twoFactorEmailRequest.ts
@@ -1,11 +1,5 @@
-import { PasswordVerificationRequest } from './passwordVerificationRequest';
+import { SecretVerificationRequest } from './secretVerificationRequest';

-export class TwoFactorEmailRequest extends PasswordVerificationRequest {
+export class TwoFactorEmailRequest extends SecretVerificationRequest {
    email: string;
-
-    constructor(email: string, masterPasswordHash: string) {
-        super();
-        this.masterPasswordHash = masterPasswordHash;
-        this.email = email;
-    }
 }
--- a/common/src/models/request/twoFactorProviderRequest.ts
+++ b/common/src/models/request/twoFactorProviderRequest.ts
@@ -1,7 +1,7 @@
-import { PasswordVerificationRequest } from './passwordVerificationRequest';
+import { SecretVerificationRequest } from './secretVerificationRequest';

 import { TwoFactorProviderType } from '../../enums/twoFactorProviderType';

-export class TwoFactorProviderRequest extends PasswordVerificationRequest {
+export class TwoFactorProviderRequest extends SecretVerificationRequest {
    type: TwoFactorProviderType;
 }
--- a/common/src/models/request/twoFactorRecoveryRequest.ts
+++ b/common/src/models/request/twoFactorRecoveryRequest.ts
@@ -1,6 +1,6 @@
-import { PasswordVerificationRequest } from './passwordVerificationRequest';
+import { SecretVerificationRequest } from './secretVerificationRequest';

-export class TwoFactorRecoveryRequest extends PasswordVerificationRequest {
+export class TwoFactorRecoveryRequest extends SecretVerificationRequest {
    recoveryCode: string;
    email: string;
 }
--- a/common/src/models/request/updateTwoFactorAuthenticatorRequest.ts
+++ b/common/src/models/request/updateTwoFactorAuthenticatorRequest.ts
@@ -1,6 +1,6 @@
-import { PasswordVerificationRequest } from './passwordVerificationRequest';
+import { SecretVerificationRequest } from './secretVerificationRequest';

-export class UpdateTwoFactorAuthenticatorRequest extends PasswordVerificationRequest {
+export class UpdateTwoFactorAuthenticatorRequest extends SecretVerificationRequest {
    token: string;
    key: string;
 }
--- a/common/src/models/request/updateTwoFactorDuoRequest.ts
+++ b/common/src/models/request/updateTwoFactorDuoRequest.ts
@@ -1,6 +1,6 @@
-import { PasswordVerificationRequest } from './passwordVerificationRequest';
+import { SecretVerificationRequest } from './secretVerificationRequest';

-export class UpdateTwoFactorDuoRequest extends PasswordVerificationRequest {
+export class UpdateTwoFactorDuoRequest extends SecretVerificationRequest {
    integrationKey: string;
    secretKey: string;
    host: string;
--- a/common/src/models/request/updateTwoFactorEmailRequest.ts
+++ b/common/src/models/request/updateTwoFactorEmailRequest.ts
@@ -1,6 +1,6 @@
-import { PasswordVerificationRequest } from './passwordVerificationRequest';
+import { SecretVerificationRequest } from './secretVerificationRequest';

-export class UpdateTwoFactorEmailRequest extends PasswordVerificationRequest {
+export class UpdateTwoFactorEmailRequest extends SecretVerificationRequest {
    token: string;
    email: string;
 }
--- a/common/src/models/request/updateTwoFactorWebAuthnDeleteRequest.ts
+++ b/common/src/models/request/updateTwoFactorWebAuthnDeleteRequest.ts
@@ -1,5 +1,5 @@
-import { PasswordVerificationRequest } from './passwordVerificationRequest';
+import { SecretVerificationRequest } from './secretVerificationRequest';

-export class UpdateTwoFactorWebAuthnDeleteRequest extends PasswordVerificationRequest {
+export class UpdateTwoFactorWebAuthnDeleteRequest extends SecretVerificationRequest {
    id: number;
 }
--- a/common/src/models/request/updateTwoFactorWebAuthnRequest.ts
+++ b/common/src/models/request/updateTwoFactorWebAuthnRequest.ts
@@ -1,6 +1,6 @@
-import { PasswordVerificationRequest } from './passwordVerificationRequest';
+import { SecretVerificationRequest } from './secretVerificationRequest';

-export class UpdateTwoFactorWebAuthnRequest extends PasswordVerificationRequest {
+export class UpdateTwoFactorWebAuthnRequest extends SecretVerificationRequest {
    deviceResponse: PublicKeyCredential;
    name: string;
    id: number;
--- a/common/src/models/request/updateTwoFactorYubioOtpRequest.ts
+++ b/common/src/models/request/updateTwoFactorYubioOtpRequest.ts
@@ -1,6 +1,6 @@
-import { PasswordVerificationRequest } from './passwordVerificationRequest';
+import { SecretVerificationRequest } from './secretVerificationRequest';

-export class UpdateTwoFactorYubioOtpRequest extends PasswordVerificationRequest {
+export class UpdateTwoFactorYubioOtpRequest extends SecretVerificationRequest {
    key1: string;
    key2: string;
    key3: string;
--- a/common/src/models/response/identityTokenResponse.ts
+++ b/common/src/models/response/identityTokenResponse.ts
@@ -15,7 +15,7 @@ export class IdentityTokenResponse extends BaseResponse {
    kdf: KdfType;
    kdfIterations: number;
    forcePasswordReset: boolean;
-    cryptoAgentUrl: string;
+    keyConnectorUrl: string;

    constructor(response: any) {
        super(response);
@@ -31,6 +31,6 @@ export class IdentityTokenResponse extends BaseResponse {
        this.kdf = this.getResponseProperty('Kdf');
        this.kdfIterations = this.getResponseProperty('KdfIterations');
        this.forcePasswordReset = this.getResponseProperty('ForcePasswordReset');
-        this.cryptoAgentUrl = this.getResponseProperty('CryptoAgentUrl');
+        this.keyConnectorUrl = this.getResponseProperty('KeyConnectorUrl');
    }
 }
--- a/common/src/models/response/keyConnectorUserKeyResponse.ts
+++ b/common/src/models/response/keyConnectorUserKeyResponse.ts
@@ -1,6 +1,6 @@
 import { BaseResponse } from './baseResponse';

-export class CryptoAgentUserKeyResponse extends BaseResponse {
+export class KeyConnectorUserKeyResponse extends BaseResponse {
    key: string;

    constructor(response: any) {
--- a/common/src/models/response/profileOrganizationResponse.ts
+++ b/common/src/models/response/profileOrganizationResponse.ts
@@ -33,6 +33,8 @@ export class ProfileOrganizationResponse extends BaseResponse {
    userId: string;
    providerId: string;
    providerName: string;
+    usesKeyConnector: boolean;
+    keyConnectorUrl: string;

    constructor(response: any) {
        super(response);
@@ -64,5 +66,7 @@ export class ProfileOrganizationResponse extends BaseResponse {
        this.userId = this.getResponseProperty('UserId');
        this.providerId = this.getResponseProperty('ProviderId');
        this.providerName = this.getResponseProperty('ProviderName');
+        this.usesKeyConnector = this.getResponseProperty('UsesKeyConnector') ?? false;
+        this.keyConnectorUrl = this.getResponseProperty('KeyConnectorUrl');
    }
 }
--- a/common/src/models/response/profileProviderOrganizationResponse.ts
+++ b/common/src/models/response/profileProviderOrganizationResponse.ts
@@ -1,68 +1,8 @@
-import { BaseResponse } from './baseResponse';
-
-import { OrganizationUserStatusType } from '../../enums/organizationUserStatusType';
-import { OrganizationUserType } from '../../enums/organizationUserType';
-import { PermissionsApi } from '../api/permissionsApi';
-
-export class ProfileProviderOrganizationResponse extends BaseResponse {
-    id: string;
-    name: string;
-    usePolicies: boolean;
-    useGroups: boolean;
-    useDirectory: boolean;
-    useEvents: boolean;
-    useTotp: boolean;
-    use2fa: boolean;
-    useApi: boolean;
-    useSso: boolean;
-    useResetPassword: boolean;
-    selfHost: boolean;
-    usersGetPremium: boolean;
-    seats: number;
-    maxCollections: number;
-    maxStorageGb?: number;
-    key: string;
-    hasPublicAndPrivateKeys: boolean;
-    status: OrganizationUserStatusType;
-    type: OrganizationUserType;
-    enabled: boolean;
-    ssoBound: boolean;
-    identifier: string;
-    permissions: PermissionsApi;
-    resetPasswordEnrolled: boolean;
-    userId: string;
-    providerId: string;
-    providerName: string;
+import { ProfileOrganizationResponse } from './profileOrganizationResponse';

+export class ProfileProviderOrganizationResponse extends ProfileOrganizationResponse {
    constructor(response: any) {
        super(response);
-        this.id = this.getResponseProperty('Id');
-        this.name = this.getResponseProperty('Name');
-        this.usePolicies = this.getResponseProperty('UsePolicies');
-        this.useGroups = this.getResponseProperty('UseGroups');
-        this.useDirectory = this.getResponseProperty('UseDirectory');
-        this.useEvents = this.getResponseProperty('UseEvents');
-        this.useTotp = this.getResponseProperty('UseTotp');
-        this.use2fa = this.getResponseProperty('Use2fa');
-        this.useApi = this.getResponseProperty('UseApi');
-        this.useSso = this.getResponseProperty('UseSso');
-        this.useResetPassword = this.getResponseProperty('UseResetPassword');
-        this.selfHost = this.getResponseProperty('SelfHost');
-        this.usersGetPremium = this.getResponseProperty('UsersGetPremium');
-        this.seats = this.getResponseProperty('Seats');
-        this.maxCollections = this.getResponseProperty('MaxCollections');
-        this.maxStorageGb = this.getResponseProperty('MaxStorageGb');
-        this.key = this.getResponseProperty('Key');
-        this.hasPublicAndPrivateKeys = this.getResponseProperty('HasPublicAndPrivateKeys');
-        this.status = this.getResponseProperty('Status');
-        this.type = this.getResponseProperty('Type');
-        this.enabled = this.getResponseProperty('Enabled');
-        this.ssoBound = this.getResponseProperty('SsoBound');
-        this.identifier = this.getResponseProperty('Identifier');
-        this.permissions = new PermissionsApi(this.getResponseProperty('permissions'));
-        this.resetPasswordEnrolled = this.getResponseProperty('ResetPasswordEnrolled');
-        this.userId = this.getResponseProperty('UserId');
-        this.providerId = this.getResponseProperty('ProviderId');
-        this.providerName = this.getResponseProperty('ProviderName');
+        this.usesKeyConnector = false;
    }
 }
--- a/common/src/models/response/profileResponse.ts
+++ b/common/src/models/response/profileResponse.ts
@@ -16,6 +16,7 @@ export class ProfileResponse extends BaseResponse {
    privateKey: string;
    securityStamp: string;
    forcePasswordReset: boolean;
+    usesKeyConnector: boolean;
    organizations: ProfileOrganizationResponse[] = [];
    providers: ProfileProviderResponse[] = [];
    providerOrganizations: ProfileProviderOrganizationResponse[] = [];
@@ -34,6 +35,7 @@ export class ProfileResponse extends BaseResponse {
        this.privateKey = this.getResponseProperty('PrivateKey');
        this.securityStamp = this.getResponseProperty('SecurityStamp');
        this.forcePasswordReset = this.getResponseProperty('ForcePasswordReset') ?? false;
+        this.usesKeyConnector = this.getResponseProperty('UsesKeyConnector') ?? false;

        const organizations = this.getResponseProperty('Organizations');
        if (organizations != null) {