EC-134 Fix api token refresh (#749)

* Fix apikey token refresh

* Refactor: use class for TokenRequestTwoFactor

common/spec/misc/logInStrategies/logIn.strategy.spec.ts

@@ -18,6 +18,7 @@ import { AuthResult } from "jslib-common/models/domain/authResult";
 import { EncString } from "jslib-common/models/domain/encString";
 import { PasswordLogInCredentials } from "jslib-common/models/domain/logInCredentials";
 import { PasswordTokenRequest } from "jslib-common/models/request/identityToken/passwordTokenRequest";
+import { TokenRequestTwoFactor } from "jslib-common/models/request/identityToken/tokenRequestTwoFactor";
 import { IdentityCaptchaResponse } from "jslib-common/models/response/identityCaptchaResponse";
 import { IdentityTokenResponse } from "jslib-common/models/response/identityTokenResponse";
 import { IdentityTwoFactorResponse } from "jslib-common/models/response/identityTwoFactorResponse";
@@ -236,11 +237,11 @@ describe("LogInStrategy", () => {
     it("sends 2FA token provided by user to server (single step)", async () => {
       // This occurs if the user enters the 2FA code as an argument in the CLI
       apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
-      credentials.twoFactor = {
-        provider: twoFactorProviderType,
-        token: twoFactorToken,
-        remember: twoFactorRemember,
-      };
+      credentials.twoFactor = new TokenRequestTwoFactor(
+        twoFactorProviderType,
+        twoFactorToken,
+        twoFactorRemember
+      );
 
       await passwordLogInStrategy.logIn(credentials);
 
@@ -268,11 +269,7 @@ describe("LogInStrategy", () => {
       apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
 
       await passwordLogInStrategy.logInTwoFactor(
-        {
-          provider: twoFactorProviderType,
-          token: twoFactorToken,
-          remember: twoFactorRemember,
-        },
+        new TokenRequestTwoFactor(twoFactorProviderType, twoFactorToken, twoFactorRemember),
         null
       );
 

common/src/abstractions/auth.service.ts

@@ -5,7 +5,7 @@ import {
   SsoLogInCredentials,
 } from "../models/domain/logInCredentials";
 import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";
-import { TokenRequestTwoFactor } from "../models/request/identityToken/tokenRequest";
+import { TokenRequestTwoFactor } from "../models/request/identityToken/tokenRequestTwoFactor";
 
 export abstract class AuthService {
   masterPasswordHash: string;

common/src/misc/logInStrategies/logIn.strategy.ts

@@ -19,7 +19,7 @@ import { DeviceRequest } from "../../models/request/deviceRequest";
 import { ApiTokenRequest } from "../../models/request/identityToken/apiTokenRequest";
 import { PasswordTokenRequest } from "../../models/request/identityToken/passwordTokenRequest";
 import { SsoTokenRequest } from "../../models/request/identityToken/ssoTokenRequest";
-import { TokenRequestTwoFactor } from "../../models/request/identityToken/tokenRequest";
+import { TokenRequestTwoFactor } from "../../models/request/identityToken/tokenRequestTwoFactor";
 import { KeysRequest } from "../../models/request/keysRequest";
 import { IdentityCaptchaResponse } from "../../models/response/identityCaptchaResponse";
 import { IdentityTokenResponse } from "../../models/response/identityTokenResponse";
@@ -86,18 +86,10 @@ export abstract class LogInStrategy {
 
     const storedTwoFactorToken = await this.tokenService.getTwoFactorToken();
     if (storedTwoFactorToken != null) {
-      return {
-        token: storedTwoFactorToken,
-        provider: TwoFactorProviderType.Remember,
-        remember: false,
-      };
+      return new TokenRequestTwoFactor(TwoFactorProviderType.Remember, storedTwoFactorToken, false);
     }
 
-    return {
-      token: null,
-      provider: null,
-      remember: false,
-    };
+    return new TokenRequestTwoFactor();
   }
 
   protected async saveAccountInformation(tokenResponse: IdentityTokenResponse) {

common/src/misc/logInStrategies/passwordLogin.strategy.ts

@@ -13,7 +13,7 @@ import { AuthResult } from "../../models/domain/authResult";
 import { PasswordLogInCredentials } from "../../models/domain/logInCredentials";
 import { SymmetricCryptoKey } from "../../models/domain/symmetricCryptoKey";
 import { PasswordTokenRequest } from "../../models/request/identityToken/passwordTokenRequest";
-import { TokenRequestTwoFactor } from "../../models/request/identityToken/tokenRequest";
+import { TokenRequestTwoFactor } from "../../models/request/identityToken/tokenRequestTwoFactor";
 
 import { LogInStrategy } from "./logIn.strategy";
 

common/src/models/domain/logInCredentials.ts

@@ -1,5 +1,5 @@
 import { AuthenticationType } from "../../enums/authenticationType";
-import { TokenRequestTwoFactor } from "../request/identityToken/tokenRequest";
+import { TokenRequestTwoFactor } from "../request/identityToken/tokenRequestTwoFactor";
 
 export class PasswordLogInCredentials {
   readonly type = AuthenticationType.Password;

common/src/models/request/identityToken/apiTokenRequest.ts

@@ -1,6 +1,7 @@
 import { DeviceRequest } from "../deviceRequest";
 
-import { TokenRequest, TokenRequestTwoFactor } from "./tokenRequest";
+import { TokenRequest } from "./tokenRequest";
+import { TokenRequestTwoFactor } from "./tokenRequestTwoFactor";
 
 export class ApiTokenRequest extends TokenRequest {
   constructor(

common/src/models/request/identityToken/passwordTokenRequest.ts

@@ -3,7 +3,8 @@ import { Utils } from "../../../misc/utils";
 import { CaptchaProtectedRequest } from "../captchaProtectedRequest";
 import { DeviceRequest } from "../deviceRequest";
 
-import { TokenRequest, TokenRequestTwoFactor } from "./tokenRequest";
+import { TokenRequest } from "./tokenRequest";
+import { TokenRequestTwoFactor } from "./tokenRequestTwoFactor";
 
 export class PasswordTokenRequest extends TokenRequest implements CaptchaProtectedRequest {
   constructor(

common/src/models/request/identityToken/ssoTokenRequest.ts

@@ -1,6 +1,7 @@
 import { DeviceRequest } from "../deviceRequest";
 
-import { TokenRequest, TokenRequestTwoFactor } from "./tokenRequest";
+import { TokenRequest } from "./tokenRequest";
+import { TokenRequestTwoFactor } from "./tokenRequestTwoFactor";
 
 export class SsoTokenRequest extends TokenRequest {
   constructor(

common/src/models/request/identityToken/tokenRequest.ts

@@ -1,11 +1,6 @@
-import { TwoFactorProviderType } from "../../../enums/twoFactorProviderType";
 import { DeviceRequest } from "../deviceRequest";
 
-export interface TokenRequestTwoFactor {
-  provider: TwoFactorProviderType;
-  token: string;
-  remember: boolean;
-}
+import { TokenRequestTwoFactor } from "./tokenRequestTwoFactor";
 
 export abstract class TokenRequest {
   protected device?: DeviceRequest;

common/src/models/request/identityToken/tokenRequestTwoFactor.ts

@@ -0,0 +1,9 @@
+import { TwoFactorProviderType } from "jslib-common/enums/twoFactorProviderType";
+
+export class TokenRequestTwoFactor {
+  constructor(
+    public provider: TwoFactorProviderType = null,
+    public token: string = null,
+    public remember: boolean = false
+  ) {}
+}

common/src/services/api.service.ts

@@ -1,3 +1,7 @@
+import { AppIdService } from "jslib-common/abstractions/appId.service";
+import { DeviceRequest } from "jslib-common/models/request/deviceRequest";
+import { TokenRequestTwoFactor } from "jslib-common/models/request/identityToken/tokenRequestTwoFactor";
+
 import { ApiService as ApiServiceAbstraction } from "../abstractions/api.service";
 import { EnvironmentService } from "../abstractions/environment.service";
 import { PlatformUtilsService } from "../abstractions/platformUtils.service";
@@ -174,7 +178,6 @@ import { UserKeyResponse } from "../models/response/userKeyResponse";
 import { SendAccessView } from "../models/view/sendAccessView";
 
 export class ApiService implements ApiServiceAbstraction {
-  protected apiKeyRefresh: (clientId: string, clientSecret: string) => Promise<any>;
   private device: DeviceType;
   private deviceType: string;
   private isWebClient = false;
@@ -184,6 +187,7 @@ export class ApiService implements ApiServiceAbstraction {
     private tokenService: TokenService,
     private platformUtilsService: PlatformUtilsService,
     private environmentService: EnvironmentService,
+    private appIdService: AppIdService,
     private logoutCallback: (expired: boolean) => Promise<void>,
     private customUserAgent: string = null
   ) {
@@ -2332,20 +2336,6 @@ export class ApiService implements ApiServiceAbstraction {
     throw new Error("Cannot refresh token, no refresh token or api keys are stored");
   }
 
-  protected async doApiTokenRefresh(): Promise<void> {
-    const clientId = await this.tokenService.getClientId();
-    const clientSecret = await this.tokenService.getClientSecret();
-    if (
-      Utils.isNullOrWhitespace(clientId) ||
-      Utils.isNullOrWhitespace(clientSecret) ||
-      this.apiKeyRefresh == null
-    ) {
-      throw new Error();
-    }
-
-    await this.apiKeyRefresh(clientId, clientSecret);
-  }
-
   protected async doRefreshToken(): Promise<void> {
     const refreshToken = await this.tokenService.getRefreshToken();
     if (refreshToken == null || refreshToken === "") {
@@ -2389,6 +2379,28 @@ export class ApiService implements ApiServiceAbstraction {
     }
   }
 
+  protected async doApiTokenRefresh(): Promise<void> {
+    const clientId = await this.tokenService.getClientId();
+    const clientSecret = await this.tokenService.getClientSecret();
+
+    const appId = await this.appIdService.getAppId();
+    const deviceRequest = new DeviceRequest(appId, this.platformUtilsService);
+
+    const tokenRequest = new ApiTokenRequest(
+      clientId,
+      clientSecret,
+      new TokenRequestTwoFactor(),
+      deviceRequest
+    );
+
+    const response = await this.postIdentityToken(tokenRequest);
+    if (!(response instanceof IdentityTokenResponse)) {
+      throw new Error("Invalid response received when refreshing api token");
+    }
+
+    await this.tokenService.setToken(response.accessToken);
+  }
+
   private async send(
     method: "GET" | "POST" | "PUT" | "DELETE",
     path: string,

common/src/services/auth.service.ts

@@ -23,7 +23,7 @@ import {
   SsoLogInCredentials,
 } from "../models/domain/logInCredentials";
 import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";
-import { TokenRequestTwoFactor } from "../models/request/identityToken/tokenRequest";
+import { TokenRequestTwoFactor } from "../models/request/identityToken/tokenRequestTwoFactor";
 import { PreloginRequest } from "../models/request/preloginRequest";
 import { ErrorResponse } from "../models/response/errorResponse";
 

common/src/services/state.service.ts

@@ -2489,11 +2489,10 @@ export class StateService<
   protected async deAuthenticateAccount(userId: string) {
     await this.setAccessToken(null, { userId: userId });
     await this.setLastActive(null, { userId: userId });
-    const index = this.state.authenticatedAccounts.indexOf(userId);
-    if (index > -1) {
-      this.state.authenticatedAccounts.splice(index, 1);
-      await this.storageService.save(keys.authenticatedAccounts, this.state.authenticatedAccounts);
-    }
+    this.state.authenticatedAccounts = this.state.authenticatedAccounts.filter(
+      (activeUserId) => activeUserId !== userId
+    );
+    await this.storageService.save(keys.authenticatedAccounts, this.state.authenticatedAccounts);
   }
 
   protected async removeAccountFromDisk(userId: string) {