From 9737c829f33138cdd492e5a14acd45c4a946449e Mon Sep 17 00:00:00 2001 From: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Date: Thu, 20 Jan 2022 19:28:48 +1000 Subject: [PATCH] Fix migration to Key Connector in cli commands (#616) * Move CLI Key Connector check out of base class * Add missing await * Move safe operation out of try/catch block * Move Key Connector migration check to unlock command * Set convertAccountRequired flag in syncService * Remove unneeded service --- common/src/services/keyConnector.service.ts | 4 +- common/src/services/sync.service.ts | 1 + node/src/cli/commands/login.command.ts | 77 +-------------------- 3 files changed, 4 insertions(+), 78 deletions(-) diff --git a/common/src/services/keyConnector.service.ts b/common/src/services/keyConnector.service.ts index a258a0e3c2..7296d9b1f4 100644 --- a/common/src/services/keyConnector.service.ts +++ b/common/src/services/keyConnector.service.ts @@ -33,7 +33,7 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction { } async userNeedsMigration() { - const loggedInUsingSso = this.tokenService.getIsExternal(); + const loggedInUsingSso = await this.tokenService.getIsExternal(); const requiredByOrganization = (await this.getManagingOrganization()) != null; const userIsNotUsingKeyConnector = !(await this.getUsesKeyConnector()); @@ -43,9 +43,9 @@ export class KeyConnectorService implements KeyConnectorServiceAbstraction { async migrateUser() { const organization = await this.getManagingOrganization(); const key = await this.cryptoService.getKey(); + const keyConnectorRequest = new KeyConnectorUserKeyRequest(key.encKeyB64); try { - const keyConnectorRequest = new KeyConnectorUserKeyRequest(key.encKeyB64); await this.apiService.postUserKeyToKeyConnector( organization.keyConnectorUrl, keyConnectorRequest diff --git a/common/src/services/sync.service.ts b/common/src/services/sync.service.ts index e3ef51d303..d32db18e16 100644 --- a/common/src/services/sync.service.ts +++ b/common/src/services/sync.service.ts @@ -334,6 +334,7 @@ export class SyncService implements SyncServiceAbstraction { ]); if (await this.keyConnectorService.userNeedsMigration()) { + await this.keyConnectorService.setConvertAccountRequired(true); this.messagingService.send("convertAccountToKeyConnector"); } else { this.keyConnectorService.removeConvertAccountRequired(); diff --git a/node/src/cli/commands/login.command.ts b/node/src/cli/commands/login.command.ts index c1e7caeb1a..8dfac8ec85 100644 --- a/node/src/cli/commands/login.command.ts +++ b/node/src/cli/commands/login.command.ts @@ -14,16 +14,13 @@ import { CryptoService } from "jslib-common/abstractions/crypto.service"; import { CryptoFunctionService } from "jslib-common/abstractions/cryptoFunction.service"; import { EnvironmentService } from "jslib-common/abstractions/environment.service"; import { I18nService } from "jslib-common/abstractions/i18n.service"; -import { KeyConnectorService } from "jslib-common/abstractions/keyConnector.service"; import { PasswordGenerationService } from "jslib-common/abstractions/passwordGeneration.service"; import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service"; import { PolicyService } from "jslib-common/abstractions/policy.service"; import { StateService } from "jslib-common/abstractions/state.service"; -import { SyncService } from "jslib-common/abstractions/sync.service"; import { Response } from "../models/response"; -import { KeyConnectorUserKeyRequest } from "jslib-common/models/request/keyConnectorUserKeyRequest"; import { UpdateTempPasswordRequest } from "jslib-common/models/request/updateTempPasswordRequest"; import { MessageResponse } from "../models/response/messageResponse"; @@ -56,9 +53,7 @@ export class LoginCommand { protected stateService: StateService, protected cryptoService: CryptoService, protected policyService: PolicyService, - clientId: string, - private syncService: SyncService, - protected keyConnectorService: KeyConnectorService + clientId: string ) { this.clientId = clientId; } @@ -315,14 +310,6 @@ export class LoginCommand { ); } - // Full sync required for the reset password and key connector checks - await this.syncService.fullSync(true); - - // Handle converting to Key Connector if required - if (await this.keyConnectorService.userNeedsMigration()) { - return await this.migrateToKeyConnector(); - } - // Handle Updating Temp Password if NOT using an API Key for authentication if (response.forcePasswordReset && clientId == null && clientSecret == null) { return await this.updateTempPassword(); @@ -479,68 +466,6 @@ export class LoginCommand { return userInput; } - private async migrateToKeyConnector() { - // If no interaction available, alert user to use web vault - if (!this.canInteract) { - await this.logout(); - this.authService.logOut(() => { - /* Do nothing */ - }); - return Response.error( - new MessageResponse( - "An organization you are a member of is using Key Connector. " + - "In order to access the vault, you must opt-in to Key Connector now via the web vault. You have been logged out.", - null - ) - ); - } - - const organization = await this.keyConnectorService.getManagingOrganization(); - - const answer: inquirer.Answers = await inquirer.createPromptModule({ output: process.stderr })({ - type: "list", - name: "convert", - message: - organization.name + - " is using a self-hosted key server. A master password is no longer required to log in for members of this organization. ", - choices: [ - { - name: "Remove master password and log in", - value: "remove", - }, - { - name: "Leave organization and log in", - value: "leave", - }, - { - name: "Exit", - value: "exit", - }, - ], - }); - - if (answer.convert === "remove") { - await this.keyConnectorService.migrateUser(); - - // Update environment URL - required for api key login - const urls = this.environmentService.getUrls(); - urls.keyConnector = organization.keyConnectorUrl; - await this.environmentService.setUrls(urls, true); - - return await this.handleSuccessResponse(); - } else if (answer.convert === "leave") { - await this.apiService.postLeaveOrganization(organization.id); - await this.syncService.fullSync(true); - return await this.handleSuccessResponse(); - } else { - await this.logout(); - this.authService.logOut(() => { - /* Do nothing */ - }); - return Response.error("You have been logged out."); - } - } - private async apiClientId(): Promise { let clientId: string = null;