bitwarden · eliykat · Apr 1, 2022 · Mar 30, 2022 · Mar 30, 2022 · Mar 30, 2022
diff --git a/angular/src/components/two-factor.component.ts b/angular/src/components/two-factor.component.ts
@@ -14,6 +14,7 @@ import { TwoFactorService } from "jslib-common/abstractions/twoFactor.service";
 import { TwoFactorProviderType } from "jslib-common/enums/twoFactorProviderType";
 import { WebAuthnIFrame } from "jslib-common/misc/webauthn_iframe";
 import { AuthResult } from "jslib-common/models/domain/authResult";
+import { TokenRequestTwoFactor } from "jslib-common/models/request/identityToken/tokenRequestTwoFactor";
 import { TwoFactorEmailRequest } from "jslib-common/models/request/twoFactorEmailRequest";
 import { TwoFactorProviders } from "jslib-common/services/twoFactor.service";
 
@@ -191,11 +192,7 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
 
   async doSubmit() {
     this.formPromise = this.authService.logInTwoFactor(
-      {
-        provider: this.selectedProviderType,
-        token: this.token,
-        remember: this.remember,
-      },
+      new TokenRequestTwoFactor(this.selectedProviderType, this.token, this.remember),
       this.captchaToken
     );
     const response: AuthResult = await this.formPromise;

diff --git a/angular/src/services/jslib-services.module.ts b/angular/src/services/jslib-services.module.ts
@@ -211,19 +211,22 @@ import { ValidationService } from "./validation.service";
         tokenService: TokenServiceAbstraction,
         platformUtilsService: PlatformUtilsServiceAbstraction,
         environmentService: EnvironmentServiceAbstraction,
-        messagingService: MessagingServiceAbstraction
+        messagingService: MessagingServiceAbstraction,
+        appIdService: AppIdServiceAbstraction
       ) =>
         new ApiService(
           tokenService,
           platformUtilsService,
           environmentService,
+          appIdService,
           async (expired: boolean) => messagingService.send("logout", { expired: expired })
         ),
       deps: [
         TokenServiceAbstraction,
         PlatformUtilsServiceAbstraction,
         EnvironmentServiceAbstraction,
         MessagingServiceAbstraction,
+        AppIdServiceAbstraction,
       ],
     },
     {

diff --git a/common/spec/misc/logInStrategies/logIn.strategy.spec.ts b/common/spec/misc/logInStrategies/logIn.strategy.spec.ts
@@ -18,6 +18,7 @@ import { AuthResult } from "jslib-common/models/domain/authResult";
 import { EncString } from "jslib-common/models/domain/encString";
 import { PasswordLogInCredentials } from "jslib-common/models/domain/logInCredentials";
 import { PasswordTokenRequest } from "jslib-common/models/request/identityToken/passwordTokenRequest";
+import { TokenRequestTwoFactor } from "jslib-common/models/request/identityToken/tokenRequestTwoFactor";
 import { IdentityCaptchaResponse } from "jslib-common/models/response/identityCaptchaResponse";
 import { IdentityTokenResponse } from "jslib-common/models/response/identityTokenResponse";
 import { IdentityTwoFactorResponse } from "jslib-common/models/response/identityTwoFactorResponse";
@@ -236,11 +237,11 @@ describe("LogInStrategy", () => {
     it("sends 2FA token provided by user to server (single step)", async () => {
       // This occurs if the user enters the 2FA code as an argument in the CLI
       apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
-      credentials.twoFactor = {
-        provider: twoFactorProviderType,
-        token: twoFactorToken,
-        remember: twoFactorRemember,
-      };
+      credentials.twoFactor = new TokenRequestTwoFactor(
+        twoFactorProviderType,
+        twoFactorToken,
+        twoFactorRemember
+      );
 
       await passwordLogInStrategy.logIn(credentials);
 
@@ -268,11 +269,7 @@ describe("LogInStrategy", () => {
       apiService.postIdentityToken(Arg.any()).resolves(identityTokenResponseFactory());
 
       await passwordLogInStrategy.logInTwoFactor(
-        {
-          provider: twoFactorProviderType,
-          token: twoFactorToken,
-          remember: twoFactorRemember,
-        },
+        new TokenRequestTwoFactor(twoFactorProviderType, twoFactorToken, twoFactorRemember),
         null
       );
 

diff --git a/common/src/abstractions/auth.service.ts b/common/src/abstractions/auth.service.ts
@@ -5,7 +5,7 @@ import {
   SsoLogInCredentials,
 } from "../models/domain/logInCredentials";
 import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";
-import { TokenRequestTwoFactor } from "../models/request/identityToken/tokenRequest";
+import { TokenRequestTwoFactor } from "../models/request/identityToken/tokenRequestTwoFactor";
 
 export abstract class AuthService {
   masterPasswordHash: string;

diff --git a/common/src/misc/logInStrategies/logIn.strategy.ts b/common/src/misc/logInStrategies/logIn.strategy.ts
@@ -19,7 +19,7 @@ import { DeviceRequest } from "../../models/request/deviceRequest";
 import { ApiTokenRequest } from "../../models/request/identityToken/apiTokenRequest";
 import { PasswordTokenRequest } from "../../models/request/identityToken/passwordTokenRequest";
 import { SsoTokenRequest } from "../../models/request/identityToken/ssoTokenRequest";
-import { TokenRequestTwoFactor } from "../../models/request/identityToken/tokenRequest";
+import { TokenRequestTwoFactor } from "../../models/request/identityToken/tokenRequestTwoFactor";
 import { KeysRequest } from "../../models/request/keysRequest";
 import { IdentityCaptchaResponse } from "../../models/response/identityCaptchaResponse";
 import { IdentityTokenResponse } from "../../models/response/identityTokenResponse";
@@ -86,18 +86,10 @@ export abstract class LogInStrategy {
 
     const storedTwoFactorToken = await this.tokenService.getTwoFactorToken();
     if (storedTwoFactorToken != null) {
-      return {
-        token: storedTwoFactorToken,
-        provider: TwoFactorProviderType.Remember,
-        remember: false,
-      };
+      return new TokenRequestTwoFactor(TwoFactorProviderType.Remember, storedTwoFactorToken, false);
     }
 
-    return {
-      token: null,
-      provider: null,
-      remember: false,
-    };
+    return new TokenRequestTwoFactor();
   }
 
   protected async saveAccountInformation(tokenResponse: IdentityTokenResponse) {

diff --git a/common/src/misc/logInStrategies/passwordLogin.strategy.ts b/common/src/misc/logInStrategies/passwordLogin.strategy.ts
@@ -13,7 +13,7 @@ import { AuthResult } from "../../models/domain/authResult";
 import { PasswordLogInCredentials } from "../../models/domain/logInCredentials";
 import { SymmetricCryptoKey } from "../../models/domain/symmetricCryptoKey";
 import { PasswordTokenRequest } from "../../models/request/identityToken/passwordTokenRequest";
-import { TokenRequestTwoFactor } from "../../models/request/identityToken/tokenRequest";
+import { TokenRequestTwoFactor } from "../../models/request/identityToken/tokenRequestTwoFactor";
 
 import { LogInStrategy } from "./logIn.strategy";
 

diff --git a/common/src/models/domain/logInCredentials.ts b/common/src/models/domain/logInCredentials.ts
@@ -1,5 +1,5 @@
 import { AuthenticationType } from "../../enums/authenticationType";
-import { TokenRequestTwoFactor } from "../request/identityToken/tokenRequest";
+import { TokenRequestTwoFactor } from "../request/identityToken/tokenRequestTwoFactor";
 
 export class PasswordLogInCredentials {
   readonly type = AuthenticationType.Password;

diff --git a/common/src/models/request/identityToken/apiTokenRequest.ts b/common/src/models/request/identityToken/apiTokenRequest.ts
@@ -1,6 +1,7 @@
 import { DeviceRequest } from "../deviceRequest";
 
-import { TokenRequest, TokenRequestTwoFactor } from "./tokenRequest";
+import { TokenRequest } from "./tokenRequest";
+import { TokenRequestTwoFactor } from "./tokenRequestTwoFactor";
 
 export class ApiTokenRequest extends TokenRequest {
   constructor(

diff --git a/common/src/models/request/identityToken/passwordTokenRequest.ts b/common/src/models/request/identityToken/passwordTokenRequest.ts
@@ -3,7 +3,8 @@ import { Utils } from "../../../misc/utils";
 import { CaptchaProtectedRequest } from "../captchaProtectedRequest";
 import { DeviceRequest } from "../deviceRequest";
 
-import { TokenRequest, TokenRequestTwoFactor } from "./tokenRequest";
+import { TokenRequest } from "./tokenRequest";
+import { TokenRequestTwoFactor } from "./tokenRequestTwoFactor";
 
 export class PasswordTokenRequest extends TokenRequest implements CaptchaProtectedRequest {
   constructor(

diff --git a/common/src/models/request/identityToken/ssoTokenRequest.ts b/common/src/models/request/identityToken/ssoTokenRequest.ts
@@ -1,6 +1,7 @@
 import { DeviceRequest } from "../deviceRequest";
 
-import { TokenRequest, TokenRequestTwoFactor } from "./tokenRequest";
+import { TokenRequest } from "./tokenRequest";
+import { TokenRequestTwoFactor } from "./tokenRequestTwoFactor";
 
 export class SsoTokenRequest extends TokenRequest {
   constructor(

diff --git a/common/src/models/request/identityToken/tokenRequest.ts b/common/src/models/request/identityToken/tokenRequest.ts
@@ -1,11 +1,6 @@
-import { TwoFactorProviderType } from "../../../enums/twoFactorProviderType";
 import { DeviceRequest } from "../deviceRequest";
 
-export interface TokenRequestTwoFactor {
-  provider: TwoFactorProviderType;
-  token: string;
-  remember: boolean;
-}
+import { TokenRequestTwoFactor } from "./tokenRequestTwoFactor";
 
 export abstract class TokenRequest {
   protected device?: DeviceRequest;

diff --git a/common/src/models/request/identityToken/tokenRequestTwoFactor.ts b/common/src/models/request/identityToken/tokenRequestTwoFactor.ts
@@ -0,0 +1,9 @@
+import { TwoFactorProviderType } from "jslib-common/enums/twoFactorProviderType";
+
+export class TokenRequestTwoFactor {
+  constructor(
+    public provider: TwoFactorProviderType = null,
+    public token: string = null,
+    public remember: boolean = false
+  ) {}
+}
diff --git a/common/src/services/api.service.ts b/common/src/services/api.service.ts
@@ -1,3 +1,7 @@
+import { AppIdService } from "jslib-common/abstractions/appId.service";
+import { DeviceRequest } from "jslib-common/models/request/deviceRequest";
+import { TokenRequestTwoFactor } from "jslib-common/models/request/identityToken/tokenRequestTwoFactor";
+
 import { ApiService as ApiServiceAbstraction } from "../abstractions/api.service";
 import { EnvironmentService } from "../abstractions/environment.service";
 import { PlatformUtilsService } from "../abstractions/platformUtils.service";
@@ -174,7 +178,6 @@ import { UserKeyResponse } from "../models/response/userKeyResponse";
 import { SendAccessView } from "../models/view/sendAccessView";
 
 export class ApiService implements ApiServiceAbstraction {
-  protected apiKeyRefresh: (clientId: string, clientSecret: string) => Promise<any>;
   private device: DeviceType;
   private deviceType: string;
   private isWebClient = false;
@@ -184,6 +187,7 @@ export class ApiService implements ApiServiceAbstraction {
     private tokenService: TokenService,
     private platformUtilsService: PlatformUtilsService,
     private environmentService: EnvironmentService,
+    private appIdService: AppIdService,
     private logoutCallback: (expired: boolean) => Promise<void>,
     private customUserAgent: string = null
   ) {
@@ -2332,20 +2336,6 @@ export class ApiService implements ApiServiceAbstraction {
     throw new Error("Cannot refresh token, no refresh token or api keys are stored");
   }
 
-  protected async doApiTokenRefresh(): Promise<void> {
-    const clientId = await this.tokenService.getClientId();
-    const clientSecret = await this.tokenService.getClientSecret();
-    if (
-      Utils.isNullOrWhitespace(clientId) ||
-      Utils.isNullOrWhitespace(clientSecret) ||
-      this.apiKeyRefresh == null
-    ) {
-      throw new Error();
-    }
-
-    await this.apiKeyRefresh(clientId, clientSecret);
-  }
-
   protected async doRefreshToken(): Promise<void> {
     const refreshToken = await this.tokenService.getRefreshToken();
     if (refreshToken == null || refreshToken === "") {
@@ -2389,6 +2379,28 @@ export class ApiService implements ApiServiceAbstraction {
     }
   }
 
+  protected async doApiTokenRefresh(): Promise<void> {
+    const clientId = await this.tokenService.getClientId();
+    const clientSecret = await this.tokenService.getClientSecret();
+
+    const appId = await this.appIdService.getAppId();
+    const deviceRequest = new DeviceRequest(appId, this.platformUtilsService);
+
+    const tokenRequest = new ApiTokenRequest(
+      clientId,
+      clientSecret,
+      new TokenRequestTwoFactor(),
+      deviceRequest
+    );
+
+    const response = await this.postIdentityToken(tokenRequest);
+    if (!(response instanceof IdentityTokenResponse)) {
+      throw new Error("Invalid response received when refreshing api token");
+    }
+
+    await this.tokenService.setToken(response.accessToken);
+  }
+
   private async send(
     method: "GET" | "POST" | "PUT" | "DELETE",
     path: string,

diff --git a/common/src/services/auth.service.ts b/common/src/services/auth.service.ts
@@ -23,7 +23,7 @@ import {
   SsoLogInCredentials,
 } from "../models/domain/logInCredentials";
 import { SymmetricCryptoKey } from "../models/domain/symmetricCryptoKey";
-import { TokenRequestTwoFactor } from "../models/request/identityToken/tokenRequest";
+import { TokenRequestTwoFactor } from "../models/request/identityToken/tokenRequestTwoFactor";
 import { PreloginRequest } from "../models/request/preloginRequest";
 import { ErrorResponse } from "../models/response/errorResponse";
 

diff --git a/common/src/services/state.service.ts b/common/src/services/state.service.ts
@@ -2489,11 +2489,10 @@ export class StateService<
   protected async deAuthenticateAccount(userId: string) {
     await this.setAccessToken(null, { userId: userId });
     await this.setLastActive(null, { userId: userId });
-    const index = this.state.authenticatedAccounts.indexOf(userId);
-    if (index > -1) {
-      this.state.authenticatedAccounts.splice(index, 1);
-      await this.storageService.save(keys.authenticatedAccounts, this.state.authenticatedAccounts);
-    }
+    this.state.authenticatedAccounts = this.state.authenticatedAccounts.filter(
+      (activeUserId) => activeUserId !== userId
+    );
+    await this.storageService.save(keys.authenticatedAccounts, this.state.authenticatedAccounts);
   }
 
   protected async removeAccountFromDisk(userId: string) {

diff --git a/node/src/cli/commands/login.command.ts b/node/src/cli/commands/login.command.ts
@@ -24,7 +24,7 @@ import {
   PasswordLogInCredentials,
   SsoLogInCredentials,
 } from "jslib-common/models/domain/logInCredentials";
-import { TokenRequestTwoFactor } from "jslib-common/models/request/identityToken/tokenRequest";
+import { TokenRequestTwoFactor } from "jslib-common/models/request/identityToken/tokenRequestTwoFactor";
 import { TwoFactorEmailRequest } from "jslib-common/models/request/twoFactorEmailRequest";
 import { UpdateTempPasswordRequest } from "jslib-common/models/request/updateTempPasswordRequest";
 import { ErrorResponse } from "jslib-common/models/response/errorResponse";
@@ -150,11 +150,7 @@ export class LoginCommand {
     const twoFactor =
       twoFactorToken == null
         ? null
-        : {
-            provider: twoFactorMethod,
-            token: twoFactorToken,
-            remember: false,
-          };
+        : new TokenRequestTwoFactor(twoFactorMethod, twoFactorToken, false);
 
     try {
       if (this.validatedParams != null) {
@@ -258,21 +254,13 @@ export class LoginCommand {
         }
 
         response = await this.authService.logInTwoFactor(
-          {
-            provider: selectedProvider.type,
-            token: twoFactorToken,
-            remember: false,
-          },
+          new TokenRequestTwoFactor(selectedProvider.type, twoFactorToken),
           null
         );
       }
 
       if (response.captchaSiteKey) {
-        const twoFactorRequest: TokenRequestTwoFactor = {
-          provider: selectedProvider.type,
-          token: twoFactorToken,
-          remember: false,
-        };
+        const twoFactorRequest = new TokenRequestTwoFactor(selectedProvider.type, twoFactorToken);
         const handledResponse = await this.handleCaptchaRequired(twoFactorRequest);
 
         // Error Response

diff --git a/node/src/services/nodeApi.service.ts b/node/src/services/nodeApi.service.ts
@@ -2,6 +2,7 @@ import * as FormData from "form-data";
 import { HttpsProxyAgent } from "https-proxy-agent";
 import * as fe from "node-fetch";
 
+import { AppIdService } from "jslib-common/abstractions/appId.service";
 import { EnvironmentService } from "jslib-common/abstractions/environment.service";
 import { PlatformUtilsService } from "jslib-common/abstractions/platformUtils.service";
 import { TokenService } from "jslib-common/abstractions/token.service";
@@ -18,12 +19,18 @@ export class NodeApiService extends ApiService {
     tokenService: TokenService,
     platformUtilsService: PlatformUtilsService,
     environmentService: EnvironmentService,
+    appIdService: AppIdService,
     logoutCallback: (expired: boolean) => Promise<void>,
-    customUserAgent: string = null,
-    apiKeyRefresh: (clientId: string, clientSecret: string) => Promise<any>
+    customUserAgent: string = null
   ) {
-    super(tokenService, platformUtilsService, environmentService, logoutCallback, customUserAgent);
-    this.apiKeyRefresh = apiKeyRefresh;
+    super(
+      tokenService,
+      platformUtilsService,
+      environmentService,
+      appIdService,
+      logoutCallback,
+      customUserAgent
+    );
   }
 
   nativeFetch(request: Request): Promise<Response> {