bitwarden-core 3.0.0

Internal crate for the bitwarden crate. Do not use.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

#[cfg(feature = "secrets")]
use bitwarden_crypto::KeyStore;

use super::login::LoginError;
use crate::{
    NotAuthenticatedError,
    auth::api::{request::ApiTokenRequest, response::IdentityTokenResponse},
    client::UserLoginMethod,
};
#[cfg(feature = "secrets")]
use crate::{
    auth::api::request::AccessTokenRequest,
    client::ServiceAccountLoginMethod,
    key_management::KeySlotIds,
    key_management::SymmetricKeySlotId,
    secrets_manager::state::{self, ClientState},
};

pub async fn renew_pm_token_sdk_managed(
    refresh_token: Option<String>,
    login_method: &UserLoginMethod,
    identity_config: bitwarden_api_api::Configuration,
) -> Result<(String, Option<String>, u64), LoginError> {
    let res = match login_method {
        UserLoginMethod::Username { client_id, .. } => {
            let refresh = refresh_token.ok_or(NotAuthenticatedError)?;

            crate::auth::api::request::RenewTokenRequest::new(refresh, client_id.to_owned())
                .send(&identity_config)
                .await?
        }
        UserLoginMethod::ApiKey {
            client_id,
            client_secret,
            ..
        } => {
            ApiTokenRequest::new(client_id, client_secret)
                .send(&identity_config)
                .await?
        }
    };

    match res {
        IdentityTokenResponse::Refreshed(r) => Ok((r.access_token, r.refresh_token, r.expires_in)),
        IdentityTokenResponse::Authenticated(r) => {
            Ok((r.access_token, r.refresh_token, r.expires_in))
        }
        _ => {
            // We should never get here
            Err(LoginError::InvalidResponse)
        }
    }
}

#[cfg(feature = "secrets")]
pub async fn renew_sm_token_sdk_managed(
    login_method: &ServiceAccountLoginMethod,
    identity_config: bitwarden_api_api::Configuration,
    key_store: KeyStore<KeySlotIds>,
) -> Result<(String, Option<String>, u64), LoginError> {
    let res = match login_method {
        ServiceAccountLoginMethod::AccessToken {
            access_token,
            state_file,
            ..
        } => {
            let result =
                AccessTokenRequest::new(access_token.access_token_id, &access_token.client_secret)
                    .send(&identity_config)
                    .await?;

            if let (IdentityTokenResponse::Payload(r), Some(state_file)) = (&result, state_file) {
                let ctx = key_store.context();
                #[allow(deprecated)]
                if let Ok(enc_key) = ctx.dangerous_get_symmetric_key(SymmetricKeySlotId::User) {
                    let state = ClientState::new(r.access_token.clone(), enc_key.to_base64());
                    _ = state::set(state_file, access_token, state);
                }
            }

            result
        }
    };

    match res {
        IdentityTokenResponse::Refreshed(r) => Ok((r.access_token, r.refresh_token, r.expires_in)),
        IdentityTokenResponse::Authenticated(r) => {
            Ok((r.access_token, r.refresh_token, r.expires_in))
        }
        IdentityTokenResponse::Payload(r) => Ok((r.access_token, r.refresh_token, r.expires_in)),
        _ => {
            // We should never get here
            Err(LoginError::InvalidResponse)
        }
    }
}