From 09d28266dcdfc00a6536832c26a575b9f6613a11 Mon Sep 17 00:00:00 2001 From: Colton Hurst Date: Wed, 10 Apr 2024 18:56:39 -0400 Subject: [PATCH 01/15] [SM-1178] Rename Service Accounts to Machine Accounts (#698) ## Type of change - [ ] Bug fix - [x] New feature development - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ## Objective Rename instances (& similar) of "service account" to "machine account". This only impacts public facing text, so items in README's, documentation, help docs, etc. ## Before you submit - Please add **unit tests** where it makes sense to do so --- crates/bitwarden-napi/README.md | 2 +- crates/bws/src/main.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crates/bitwarden-napi/README.md b/crates/bitwarden-napi/README.md index d16c8152d..d9e3e7f27 100644 --- a/crates/bitwarden-napi/README.md +++ b/crates/bitwarden-napi/README.md @@ -20,7 +20,7 @@ const accessToken = "-- REDACTED --"; const client = new BitwardenClient(settings, LogLevel.Info); -// Authenticating using a service accounts access token +// Authenticating using a machine account access token const result = await client.loginWithAccessToken(accessToken); if (!result.success) { throw Error("Authentication failed"); diff --git a/crates/bws/src/main.rs b/crates/bws/src/main.rs index 182e20679..0f94fd7ec 100644 --- a/crates/bws/src/main.rs +++ b/crates/bws/src/main.rs @@ -40,7 +40,7 @@ struct Cli { #[arg(short = 'c', long, global = true, value_enum, default_value_t = Color::Auto, help="Use colors in the output")] color: Color, - #[arg(short = 't', long, global = true, env = ACCESS_TOKEN_KEY_VAR_NAME, hide_env_values = true, help="Specify access token for the service account")] + #[arg(short = 't', long, global = true, env = ACCESS_TOKEN_KEY_VAR_NAME, hide_env_values = true, help="Specify access token for the machine account")] access_token: Option, #[arg( From 4b5aaa628ac7814da2672983b405d34ba2f82546 Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Thu, 11 Apr 2024 11:23:35 +0200 Subject: [PATCH 02/15] Fix android build errors (#703) Since we share the same version across crates we need to load it from the root `cargo.Toml` instead of `crates/bitwarden/cargo.Toml`. Resolves the Android SDK no longer building. --- languages/kotlin/sdk/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/languages/kotlin/sdk/build.gradle b/languages/kotlin/sdk/build.gradle index 9b3ca3585..d92dad56a 100644 --- a/languages/kotlin/sdk/build.gradle +++ b/languages/kotlin/sdk/build.gradle @@ -55,7 +55,7 @@ publishing { def branchName = "git branch --show-current".execute().text.trim() if (branchName == "main") { - def content = ['grep', '-o', '^version = ".*"', '../../crates/bitwarden/Cargo.toml'].execute().text.trim() + def content = ['grep', '-o', '^version = ".*"', '../../Cargo.toml'].execute().text.trim() def match = ~/version = "(.*)"/ def matcher = match.matcher(content) matcher.find() From 975ac0c8992d7723c284173808e5771395fa79d2 Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Thu, 11 Apr 2024 14:04:30 +0200 Subject: [PATCH 03/15] Add bitwarden-cli and bitwarden-exporters to publish-rust-crates (#704) We need to be able to publish these crates to release the SDK. --- .github/workflows/publish-rust-crates.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.github/workflows/publish-rust-crates.yml b/.github/workflows/publish-rust-crates.yml index f6a52d5d1..d470b5194 100644 --- a/.github/workflows/publish-rust-crates.yml +++ b/.github/workflows/publish-rust-crates.yml @@ -34,11 +34,21 @@ on: required: true default: true type: boolean + publish_bitwarden-cli: + description: "Publish bitwarden-cli crate" + required: true + default: true + type: boolean publish_bitwarden-generators: description: "Publish bitwarden-generators crate" required: true default: true type: boolean + publish_bitwarden-exporters: + description: "Publish bitwarden-exporters crate" + required: true + default: true + type: boolean defaults: run: @@ -72,7 +82,9 @@ jobs: PUBLISH_BITWARDEN_API_API: ${{ github.event.inputs.publish_bitwarden-api-api }} PUBLISH_BITWARDEN_API_IDENTITY: ${{ github.event.inputs.publish_bitwarden-api-identity }} PUBLISH_BITWARDEN_CRYPTO: ${{ github.event.inputs.publish_bitwarden-crypto }} + PUBLISH_BITWARDEN_CLI: ${{ github.event.inputs.publish_bitwarden-cli }} PUBLISH_BITWARDEN_GENERATORS: ${{ github.event.inputs.publish_bitwarden-generators }} + PUBLISH_BITWARDEN_EXPORTERS: ${{ github.event.inputs.publish_bitwarden-exporters }} run: | if [[ "$PUBLISH_BITWARDEN" == "false" ]] && [[ "$PUBLISH_BITWARDEN_API_API" == "false" ]] && [[ "$PUBLISH_BITWARDEN_API_IDENTITY" == "false" ]]; then echo "===================================" @@ -104,11 +116,21 @@ jobs: PACKAGES_LIST="$PACKAGES_LIST bitwarden-crypto" fi + if [[ "$PUBLISH_BITWARDEN_CLI" == "true" ]]; then + PACKAGES_COMMAND="$PACKAGES_COMMAND -p bitwarden-cli" + PACKAGES_LIST="$PACKAGES_LIST bitwarden-cli" + fi + if [[ "$PUBLISH_BITWARDEN_GENERATORS" == "true" ]]; then PACKAGES_COMMAND="$PACKAGES_COMMAND -p bitwarden-generators" PACKAGES_LIST="$PACKAGES_LIST bitwarden-generators" fi + if [[ "$PUBLISH_BITWARDEN_EXPORTERS" == "true" ]]; then + PACKAGES_COMMAND="$PACKAGES_COMMAND -p bitwarden-generators" + PACKAGES_LIST="$PACKAGES_LIST bitwarden-generators" + fi + echo "Packages command: " $PACKAGES_COMMAND echo "Packages list: " $PACKAGES_LIST From b4205cc7e508862818461dd739f81fae9a4bca62 Mon Sep 17 00:00:00 2001 From: Colton Hurst Date: Thu, 11 Apr 2024 09:59:56 -0400 Subject: [PATCH 04/15] SM-1147: Switch to try_init with pyo3_log (#676) ## Type of change - [x] Bug fix - [ ] New feature development - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ## Objective When running the `ansible-playbook` command, we needed to export the following variable: `export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES`. This suppresses fork safety warnings on Mac OS. With this set, you can safely query for individual secrets. However, if you query for secrets within an Ansible loop or with a Jinja2 template, we receive an error that is caused by setting up a logger more than once. (This error comes from the `pyo3_log` crate.) If we switch to using the `pyo3_log::try_init` function, we ignore the case where a logger is already set up if the attempt fails. This happens because the `pyo3_log::init` function [can panic](https://github.com/vorner/pyo3-log/blob/70819388bfcb58a7ca91a27179a73cea0abde31e/src/lib.rs#L569). This also introduces panic safety. ## Code changes - **client.rs:** Switch to `try_init` ## Before you submit - Please add **unit tests** where it makes sense to do so --- crates/bitwarden-py/src/client.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/crates/bitwarden-py/src/client.rs b/crates/bitwarden-py/src/client.rs index f1d282b41..c3ea62444 100644 --- a/crates/bitwarden-py/src/client.rs +++ b/crates/bitwarden-py/src/client.rs @@ -8,7 +8,10 @@ pub struct BitwardenClient(JsonClient); impl BitwardenClient { #[new] pub fn new(settings_string: Option) -> Self { - pyo3_log::init(); + // This will only fail if another logger was already initialized, so we can ignore the + // result + let _ = pyo3_log::try_init(); + Self(JsonClient::new(settings_string)) } From e7b6c1ded84f863929d02dd769a90ad3ce095ff0 Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Thu, 11 Apr 2024 17:24:40 +0200 Subject: [PATCH 05/15] Use the shared bitwarden-cli in bws (#705) Now that we are publishing the `bitwarden-cli` crate we should start using the shared functionality in the `bws` crate. And continually extract common code out from it. --- Cargo.lock | 1 + crates/bitwarden-cli/src/color.rs | 6 ++++++ crates/bws/Cargo.toml | 1 + crates/bws/src/main.rs | 14 ++++---------- crates/bws/src/render.rs | 24 ++++-------------------- 5 files changed, 16 insertions(+), 30 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 47e2b9e9d..b17f861ec 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -597,6 +597,7 @@ version = "0.4.0" dependencies = [ "bat", "bitwarden", + "bitwarden-cli", "chrono", "clap", "clap_complete", diff --git a/crates/bitwarden-cli/src/color.rs b/crates/bitwarden-cli/src/color.rs index 410a8b6ed..2e3a2c007 100644 --- a/crates/bitwarden-cli/src/color.rs +++ b/crates/bitwarden-cli/src/color.rs @@ -8,6 +8,9 @@ pub enum Color { } impl Color { + /** + * Evaluate if colors are supported + */ pub fn is_enabled(self) -> bool { match self { Color::No => false, @@ -17,6 +20,9 @@ impl Color { } } +/** + * Installs color_eyre, if Color is disabled we use an empty theme to disable error colors. + */ pub fn install_color_eyre(color: Color) -> color_eyre::Result<(), color_eyre::Report> { if color.is_enabled() { color_eyre::install() diff --git a/crates/bws/Cargo.toml b/crates/bws/Cargo.toml index 23f78cfd5..d27daca6f 100644 --- a/crates/bws/Cargo.toml +++ b/crates/bws/Cargo.toml @@ -19,6 +19,7 @@ bat = { version = "0.24.0", features = [ "regex-onig", ], default-features = false } bitwarden = { workspace = true, features = ["secrets"] } +bitwarden-cli = { workspace = true } chrono = { version = "0.4.35", features = [ "clock", "std", diff --git a/crates/bws/src/main.rs b/crates/bws/src/main.rs index 0f94fd7ec..d57aee5a6 100644 --- a/crates/bws/src/main.rs +++ b/crates/bws/src/main.rs @@ -14,6 +14,7 @@ use bitwarden::{ }, }, }; +use bitwarden_cli::{install_color_eyre, Color}; use clap::{ArgGroup, CommandFactory, Parser, Subcommand}; use clap_complete::Shell; use color_eyre::eyre::{bail, Result}; @@ -24,7 +25,7 @@ mod render; mod state; use config::ProfileKey; -use render::{serialize_response, Color, Output}; +use render::{serialize_response, Output}; use uuid::Uuid; #[derive(Parser, Debug)] @@ -236,16 +237,9 @@ const SERVER_URL_KEY_VAR_NAME: &str = "BWS_SERVER_URL"; #[allow(clippy::comparison_chain)] async fn process_commands() -> Result<()> { let cli = Cli::parse(); + let color = cli.color; - let color = cli.color.is_enabled(); - if color { - color_eyre::install()?; - } else { - // Use an empty theme to disable error coloring - color_eyre::config::HookBuilder::new() - .theme(color_eyre::config::Theme::new()) - .install()?; - } + install_color_eyre(color)?; let Some(command) = cli.command else { let mut cmd = Cli::command(); diff --git a/crates/bws/src/render.rs b/crates/bws/src/render.rs index c92c78662..7acdd30a6 100644 --- a/crates/bws/src/render.rs +++ b/crates/bws/src/render.rs @@ -1,4 +1,5 @@ use bitwarden::secrets_manager::{projects::ProjectResponse, secrets::SecretResponse}; +use bitwarden_cli::Color; use chrono::{DateTime, Utc}; use clap::ValueEnum; use comfy_table::Table; @@ -15,29 +16,12 @@ pub(crate) enum Output { None, } -#[derive(Copy, Clone, PartialEq, Eq, PartialOrd, Ord, ValueEnum, Debug)] -pub(crate) enum Color { - No, - Yes, - Auto, -} - -impl Color { - pub(crate) fn is_enabled(self) -> bool { - match self { - Color::No => false, - Color::Yes => true, - Color::Auto => supports_color::on(supports_color::Stream::Stdout).is_some(), - } - } -} - const ASCII_HEADER_ONLY: &str = " -- "; pub(crate) fn serialize_response, const N: usize>( data: T, output: Output, - color: bool, + color: Color, ) { match output { Output::JSON => { @@ -101,8 +85,8 @@ pub(crate) fn serialize_response, const N: usiz } } -fn pretty_print(language: &str, data: &str, color: bool) { - if color { +fn pretty_print(language: &str, data: &str, color: Color) { + if color.is_enabled() { bat::PrettyPrinter::new() .input_from_bytes(data.as_bytes()) .language(language) From e0513dcd14c8a7e6b44ae858d83abfe34d796691 Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Thu, 11 Apr 2024 17:25:06 +0200 Subject: [PATCH 06/15] Change fastMail to use forDomain instead of url (#707) It seems the web clients use `forDomain` instead of `url` for website. This changes the SDK to send the same values. --- crates/bitwarden-generators/src/username_forwarders/fastmail.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/bitwarden-generators/src/username_forwarders/fastmail.rs b/crates/bitwarden-generators/src/username_forwarders/fastmail.rs index 6cc63647a..8a73250c4 100644 --- a/crates/bitwarden-generators/src/username_forwarders/fastmail.rs +++ b/crates/bitwarden-generators/src/username_forwarders/fastmail.rs @@ -34,7 +34,7 @@ pub async fn generate_with_api_url( "new-masked-email": { "state": "enabled", "description": "", - "url": website, + "forDomain": website, "emailPrefix": null, }, }, From 7e1a3cb73014a7c12f30d769f49dd57c217dd504 Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Fri, 12 Apr 2024 11:56:16 +0200 Subject: [PATCH 07/15] Enable http2 feature for reqwest (#708) Some websites will require `http2` support and we should have that feature enabled to avoid errors. --- Cargo.lock | 1 + crates/bitwarden-api-api/Cargo.toml | 2 +- crates/bitwarden-api-identity/Cargo.toml | 2 +- crates/bitwarden-generators/Cargo.toml | 1 + crates/bitwarden/Cargo.toml | 1 + support/openapi-template/Cargo.mustache | 2 +- 6 files changed, 6 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b17f861ec..a00d91bd8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2617,6 +2617,7 @@ dependencies = [ "bytes", "futures-core", "futures-util", + "h2", "http", "http-body", "http-body-util", diff --git a/crates/bitwarden-api-api/Cargo.toml b/crates/bitwarden-api-api/Cargo.toml index a06a0f0e5..cfe357998 100644 --- a/crates/bitwarden-api-api/Cargo.toml +++ b/crates/bitwarden-api-api/Cargo.toml @@ -23,7 +23,7 @@ url = ">=2.3.1, <3" uuid = { version = ">=1.3.3, <2", features = ["serde"] } [dependencies.reqwest] version = ">=0.12, <0.13" -features = ["json", "multipart"] +features = ["http2", "json", "multipart"] default-features = false [dev-dependencies] diff --git a/crates/bitwarden-api-identity/Cargo.toml b/crates/bitwarden-api-identity/Cargo.toml index e5a49efac..74d96d144 100644 --- a/crates/bitwarden-api-identity/Cargo.toml +++ b/crates/bitwarden-api-identity/Cargo.toml @@ -23,7 +23,7 @@ url = ">=2.3.1, <3" uuid = { version = ">=1.3.3, <2", features = ["serde"] } [dependencies.reqwest] version = ">=0.12, <0.13" -features = ["json", "multipart"] +features = ["http2", "json", "multipart"] default-features = false [dev-dependencies] diff --git a/crates/bitwarden-generators/Cargo.toml b/crates/bitwarden-generators/Cargo.toml index af8ce60aa..3f79ac539 100644 --- a/crates/bitwarden-generators/Cargo.toml +++ b/crates/bitwarden-generators/Cargo.toml @@ -20,6 +20,7 @@ mobile = ["dep:uniffi"] # Mobile-specific features bitwarden-crypto = { workspace = true } rand = ">=0.8.5, <0.9" reqwest = { version = ">=0.12, <0.13", features = [ + "http2", "json", ], default-features = false } schemars = { version = ">=0.8.9, <0.9", features = ["uuid1", "chrono"] } diff --git a/crates/bitwarden/Cargo.toml b/crates/bitwarden/Cargo.toml index e064360c8..b34f9c9a1 100644 --- a/crates/bitwarden/Cargo.toml +++ b/crates/bitwarden/Cargo.toml @@ -48,6 +48,7 @@ hmac = ">=0.12.1, <0.13" log = ">=0.4.18, <0.5" rand = ">=0.8.5, <0.9" reqwest = { version = ">=0.12, <0.13", features = [ + "http2", "json", ], default-features = false } schemars = { version = ">=0.8.9, <0.9", features = ["uuid1", "chrono"] } diff --git a/support/openapi-template/Cargo.mustache b/support/openapi-template/Cargo.mustache index 6417d15cd..08f1a942e 100644 --- a/support/openapi-template/Cargo.mustache +++ b/support/openapi-template/Cargo.mustache @@ -65,7 +65,7 @@ reqwest-middleware = "0.2.0" {{/supportMiddleware}} [dependencies.reqwest] version = "^0.11" -features = ["json", "multipart"] +features = ["http2", "json", "multipart"] default-features = false {{/supportAsync}} {{/reqwest}} From b611974a84b10d5bce10f4c299f5589e9416fbd5 Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Fri, 12 Apr 2024 13:26:59 +0200 Subject: [PATCH 08/15] Fix java build (#709) In #703 we fixed the android java build, but forgot that java also needed to be updated. --- languages/java/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/languages/java/build.gradle b/languages/java/build.gradle index f044ea485..ed4a72f22 100644 --- a/languages/java/build.gradle +++ b/languages/java/build.gradle @@ -36,7 +36,7 @@ repositories { def branchName = "git branch --show-current".execute().text.trim() if (branchName == "main") { - def content = ['grep', '-o', '^version = ".*"', '../../crates/bitwarden/Cargo.toml'].execute().text.trim() + def content = ['grep', '-o', '^version = ".*"', '../../Cargo.toml'].execute().text.trim() def match = ~/version = "(.*)"/ def matcher = match.matcher(content) matcher.find() From 499e2131bc4cb58d7cbae372262a85be138adead Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 15 Apr 2024 11:04:02 +0200 Subject: [PATCH 09/15] [deps]: Update @types/node to v18.19.31 (#715) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@types/node](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node)) | [`18.19.26` -> `18.19.31`](https://renovatebot.com/diffs/npm/@types%2fnode/18.19.26/18.19.31) | [![age](https://developer.mend.io/api/mc/badges/age/npm/@types%2fnode/18.19.31?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@types%2fnode/18.19.31?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@types%2fnode/18.19.26/18.19.31?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@types%2fnode/18.19.26/18.19.31?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Configuration 📅 **Schedule**: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/bitwarden/sdk). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- languages/js/sdk-client/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/languages/js/sdk-client/package-lock.json b/languages/js/sdk-client/package-lock.json index dc788c8ce..071d01578 100644 --- a/languages/js/sdk-client/package-lock.json +++ b/languages/js/sdk-client/package-lock.json @@ -39,9 +39,9 @@ } }, "node_modules/@types/node": { - "version": "18.19.26", - "resolved": "https://registry.npmjs.org/@types/node/-/node-18.19.26.tgz", - "integrity": "sha512-+wiMJsIwLOYCvUqSdKTrfkS8mpTp+MPINe6+Np4TAGFWWRWiBQ5kSq9nZGCSPkzx9mvT+uEukzpX4MOSCydcvw==", + "version": "18.19.31", + "resolved": "https://registry.npmjs.org/@types/node/-/node-18.19.31.tgz", + "integrity": "sha512-ArgCD39YpyyrtFKIqMDvjz79jto5fcI/SVUs2HwB+f0dAzq68yqOdyaSivLiLugSziTpNXLQrVb7RZFmdZzbhA==", "dev": true, "dependencies": { "undici-types": "~5.26.4" From 6d45212dae09c99ab8ac79e20a1bf2182afaacb0 Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Mon, 15 Apr 2024 14:10:08 +0200 Subject: [PATCH 10/15] Set login_method when registering for tde (#711) We should set login_method when registering TDE keys --- .../bitwarden-crypto/src/keys/master_key.rs | 21 +++++++++++++++++++ crates/bitwarden-crypto/src/keys/mod.rs | 5 ++++- crates/bitwarden-uniffi/src/auth/mod.rs | 13 ++++++------ .../api/response/identity_success_response.rs | 6 ++++-- crates/bitwarden/src/auth/client_auth.rs | 3 ++- .../bitwarden/src/auth/login/auth_request.rs | 6 +----- crates/bitwarden/src/auth/login/mod.rs | 3 +-- crates/bitwarden/src/auth/register.rs | 8 +++---- crates/bitwarden/src/auth/tde.rs | 10 ++++++++- crates/bitwarden/src/util.rs | 18 ---------------- 10 files changed, 51 insertions(+), 42 deletions(-) diff --git a/crates/bitwarden-crypto/src/keys/master_key.rs b/crates/bitwarden-crypto/src/keys/master_key.rs index b6921fc6b..1fd678452 100644 --- a/crates/bitwarden-crypto/src/keys/master_key.rs +++ b/crates/bitwarden-crypto/src/keys/master_key.rs @@ -21,6 +21,27 @@ pub enum Kdf { }, } +impl Default for Kdf { + fn default() -> Self { + Kdf::PBKDF2 { + iterations: default_pbkdf2_iterations(), + } + } +} + +pub fn default_pbkdf2_iterations() -> NonZeroU32 { + NonZeroU32::new(600_000).expect("Non-zero number") +} +pub fn default_argon2_iterations() -> NonZeroU32 { + NonZeroU32::new(3).expect("Non-zero number") +} +pub fn default_argon2_memory() -> NonZeroU32 { + NonZeroU32::new(64).expect("Non-zero number") +} +pub fn default_argon2_parallelism() -> NonZeroU32 { + NonZeroU32::new(4).expect("Non-zero number") +} + #[derive(Copy, Clone, JsonSchema)] #[cfg_attr(feature = "mobile", derive(uniffi::Enum))] pub enum HashPurpose { diff --git a/crates/bitwarden-crypto/src/keys/mod.rs b/crates/bitwarden-crypto/src/keys/mod.rs index 435f1011b..62b378808 100644 --- a/crates/bitwarden-crypto/src/keys/mod.rs +++ b/crates/bitwarden-crypto/src/keys/mod.rs @@ -1,7 +1,10 @@ mod key_encryptable; pub use key_encryptable::{CryptoKey, KeyDecryptable, KeyEncryptable}; mod master_key; -pub use master_key::{HashPurpose, Kdf, MasterKey}; +pub use master_key::{ + default_argon2_iterations, default_argon2_memory, default_argon2_parallelism, + default_pbkdf2_iterations, HashPurpose, Kdf, MasterKey, +}; mod shareable_key; pub use shareable_key::derive_shareable_key; mod symmetric_crypto_key; diff --git a/crates/bitwarden-uniffi/src/auth/mod.rs b/crates/bitwarden-uniffi/src/auth/mod.rs index 62b709045..c6aed44eb 100644 --- a/crates/bitwarden-uniffi/src/auth/mod.rs +++ b/crates/bitwarden-uniffi/src/auth/mod.rs @@ -82,16 +82,15 @@ impl ClientAuth { /// Generate keys needed for TDE process pub async fn make_register_tde_keys( &self, + email: String, org_public_key: String, remember_device: bool, ) -> Result { - Ok(self - .0 - .0 - .write() - .await - .auth() - .make_register_tde_keys(org_public_key, remember_device)?) + Ok(self.0 .0.write().await.auth().make_register_tde_keys( + email, + org_public_key, + remember_device, + )?) } /// Validate the user password diff --git a/crates/bitwarden/src/auth/api/response/identity_success_response.rs b/crates/bitwarden/src/auth/api/response/identity_success_response.rs index fb59c1caa..94ebe9445 100644 --- a/crates/bitwarden/src/auth/api/response/identity_success_response.rs +++ b/crates/bitwarden/src/auth/api/response/identity_success_response.rs @@ -22,7 +22,7 @@ pub struct IdentityTokenSuccessResponse { #[serde( rename = "kdfIterations", alias = "KdfIterations", - default = "crate::util::default_pbkdf2_iterations" + default = "bitwarden_crypto::default_pbkdf2_iterations" )] kdf_iterations: NonZeroU32, @@ -41,6 +41,8 @@ pub struct IdentityTokenSuccessResponse { #[cfg(test)] mod test { + use bitwarden_crypto::default_pbkdf2_iterations; + use super::*; impl Default for IdentityTokenSuccessResponse { @@ -54,7 +56,7 @@ mod test { key: Default::default(), two_factor_token: Default::default(), kdf: KdfType::default(), - kdf_iterations: crate::util::default_pbkdf2_iterations(), + kdf_iterations: default_pbkdf2_iterations(), reset_master_password: Default::default(), force_password_reset: Default::default(), api_use_key_connector: Default::default(), diff --git a/crates/bitwarden/src/auth/client_auth.rs b/crates/bitwarden/src/auth/client_auth.rs index 5029d389b..b3afe133a 100644 --- a/crates/bitwarden/src/auth/client_auth.rs +++ b/crates/bitwarden/src/auth/client_auth.rs @@ -76,10 +76,11 @@ impl<'a> ClientAuth<'a> { pub fn make_register_tde_keys( &mut self, + email: String, org_public_key: String, remember_device: bool, ) -> Result { - make_register_tde_keys(self.client, org_public_key, remember_device) + make_register_tde_keys(self.client, email, org_public_key, remember_device) } pub async fn register(&mut self, input: &RegisterRequest) -> Result<()> { diff --git a/crates/bitwarden/src/auth/login/auth_request.rs b/crates/bitwarden/src/auth/login/auth_request.rs index 0e9cb6795..fb449e5d4 100644 --- a/crates/bitwarden/src/auth/login/auth_request.rs +++ b/crates/bitwarden/src/auth/login/auth_request.rs @@ -1,5 +1,3 @@ -use std::num::NonZeroU32; - use bitwarden_api_api::{ apis::auth_requests_api::{auth_requests_id_response_get, auth_requests_post}, models::{AuthRequestCreateRequestModel, AuthRequestType}, @@ -86,9 +84,7 @@ pub(crate) async fn complete_auth_request( .await?; if let IdentityTokenResponse::Authenticated(r) = response { - let kdf = Kdf::PBKDF2 { - iterations: NonZeroU32::new(600_000).expect("Non-zero number"), - }; + let kdf = Kdf::default(); client.set_tokens( r.access_token.clone(), diff --git a/crates/bitwarden/src/auth/login/mod.rs b/crates/bitwarden/src/auth/login/mod.rs index 53ea712cc..745e0b78c 100644 --- a/crates/bitwarden/src/auth/login/mod.rs +++ b/crates/bitwarden/src/auth/login/mod.rs @@ -58,8 +58,7 @@ pub(crate) fn parse_prelogin(response: PreloginResponseModel) -> Result { use std::num::NonZeroU32; use bitwarden_api_identity::models::KdfType; - - use crate::util::{ + use bitwarden_crypto::{ default_argon2_iterations, default_argon2_memory, default_argon2_parallelism, default_pbkdf2_iterations, }; diff --git a/crates/bitwarden/src/auth/register.rs b/crates/bitwarden/src/auth/register.rs index 31b69c515..5cedd9c53 100644 --- a/crates/bitwarden/src/auth/register.rs +++ b/crates/bitwarden/src/auth/register.rs @@ -2,11 +2,11 @@ use bitwarden_api_identity::{ apis::accounts_api::accounts_register_post, models::{KeysRequestModel, RegisterRequestModel}, }; -use bitwarden_crypto::{HashPurpose, MasterKey, RsaKeyPair}; +use bitwarden_crypto::{default_pbkdf2_iterations, HashPurpose, MasterKey, RsaKeyPair}; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; -use crate::{client::Kdf, error::Result, util::default_pbkdf2_iterations, Client}; +use crate::{client::Kdf, error::Result, Client}; #[derive(Serialize, Deserialize, Debug, JsonSchema)] #[serde(rename_all = "camelCase", deny_unknown_fields)] @@ -21,9 +21,7 @@ pub struct RegisterRequest { pub(super) async fn register(client: &mut Client, req: &RegisterRequest) -> Result<()> { let config = client.get_api_configurations().await; - let kdf = Kdf::PBKDF2 { - iterations: default_pbkdf2_iterations(), - }; + let kdf = Kdf::default(); let keys = make_register_keys(req.email.to_owned(), req.password.to_owned(), kdf)?; diff --git a/crates/bitwarden/src/auth/tde.rs b/crates/bitwarden/src/auth/tde.rs index 0bbbb904a..420448f16 100644 --- a/crates/bitwarden/src/auth/tde.rs +++ b/crates/bitwarden/src/auth/tde.rs @@ -1,6 +1,6 @@ use base64::{engine::general_purpose::STANDARD, Engine}; use bitwarden_crypto::{ - AsymmetricEncString, AsymmetricPublicCryptoKey, DeviceKey, EncString, SymmetricCryptoKey, + AsymmetricEncString, AsymmetricPublicCryptoKey, DeviceKey, EncString, Kdf, SymmetricCryptoKey, TrustDeviceResponse, UserKey, }; @@ -11,6 +11,7 @@ use crate::{error::Result, Client}; /// password reset. If remember_device is true, it also generates a device key. pub(super) fn make_register_tde_keys( client: &mut Client, + email: String, org_public_key: String, remember_device: bool, ) -> Result { @@ -30,6 +31,13 @@ pub(super) fn make_register_tde_keys( None }; + client.set_login_method(crate::client::LoginMethod::User( + crate::client::UserLoginMethod::Username { + client_id: "".to_owned(), + email, + kdf: Kdf::default(), + }, + )); client.initialize_user_crypto_decrypted_key(user_key.0, key_pair.private.clone())?; Ok(RegisterTdeKeyResponse { diff --git a/crates/bitwarden/src/util.rs b/crates/bitwarden/src/util.rs index 5611b4077..aaf47a1a6 100644 --- a/crates/bitwarden/src/util.rs +++ b/crates/bitwarden/src/util.rs @@ -1,26 +1,8 @@ -use std::num::NonZeroU32; - use base64::{ alphabet, engine::{DecodePaddingMode, GeneralPurpose, GeneralPurposeConfig}, }; -pub fn default_pbkdf2_iterations() -> NonZeroU32 { - NonZeroU32::new(600_000).expect("Non-zero number") -} -#[cfg(feature = "internal")] -pub fn default_argon2_iterations() -> NonZeroU32 { - NonZeroU32::new(3).expect("Non-zero number") -} -#[cfg(feature = "internal")] -pub fn default_argon2_memory() -> NonZeroU32 { - NonZeroU32::new(64).expect("Non-zero number") -} -#[cfg(feature = "internal")] -pub fn default_argon2_parallelism() -> NonZeroU32 { - NonZeroU32::new(4).expect("Non-zero number") -} - const INDIFFERENT: GeneralPurposeConfig = GeneralPurposeConfig::new().with_decode_padding_mode(DecodePaddingMode::Indifferent); From 0be54d1820f053056f6ba530633400579928f1ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Mon, 15 Apr 2024 14:58:31 +0200 Subject: [PATCH 11/15] Publish WASM package to enable argon2 support on CLI (#691) ## Type of change ``` - [ ] Bug fix - [x] New feature development - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [x] Build/deploy pipeline (DevOps) - [ ] Other ``` ## Objective Continuation of #680 I've created workflows to publish the WASM builds to NPM, so that it can be used from the CLI client. The publishing step is based on the NAPI builds, and I've tested it against the Github NPM registry. We'll need to get a build going and published on the NPM registry to be able to use it on the CLI. --------- Co-authored-by: Hinton --- .github/workflows/build-wasm.yml | 58 ++++++++++++ .github/workflows/release-wasm.yml | 132 ++++++++++++++++++++++++++++ Cargo.lock | 1 + crates/bitwarden-wasm/Cargo.toml | 4 + crates/bitwarden-wasm/src/client.rs | 25 ++++++ languages/js/wasm/package.json | 5 +- 6 files changed, 224 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/build-wasm.yml create mode 100644 .github/workflows/release-wasm.yml diff --git a/.github/workflows/build-wasm.yml b/.github/workflows/build-wasm.yml new file mode 100644 index 000000000..0bc29b4e0 --- /dev/null +++ b/.github/workflows/build-wasm.yml @@ -0,0 +1,58 @@ +--- +name: Build @bitwarden/sdk-wasm + +on: + pull_request: + push: + branches: + - "main" + - "rc" + - "hotfix-rc" + workflow_dispatch: + +defaults: + run: + shell: bash + working-directory: crates/bitwarden-wasm + +jobs: + build: + name: Building @bitwarden/sdk-wasm + runs-on: ubuntu-22.04 + + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Setup Node + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + with: + node-version: 18 + cache: "npm" + + - name: Install dependencies + run: npm i -g binaryen + + - name: Install rust + uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 # stable + with: + toolchain: stable + targets: wasm32-unknown-unknown + + - name: Cache cargo registry + uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3 + with: + key: wasm-cargo-cache + + - name: Install wasm-bindgen-cli + run: cargo install wasm-bindgen-cli + + - name: Build + run: ./build.sh -r + + - name: Upload artifact + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + with: + name: sdk-bitwarden-wasm + path: ${{ github.workspace }}/languages/js/wasm/* + if-no-files-found: error diff --git a/.github/workflows/release-wasm.yml b/.github/workflows/release-wasm.yml new file mode 100644 index 000000000..c4946a0e1 --- /dev/null +++ b/.github/workflows/release-wasm.yml @@ -0,0 +1,132 @@ +--- +name: Release @bitwarden/sdk-wasm +run-name: Release @bitwarden/sdk-wasm ${{ inputs.release_type }} + +on: + workflow_dispatch: + inputs: + release_type: + description: "Release Options" + required: true + default: "Release" + type: choice + options: + - Release + - Dry Run + npm_publish: + description: "Publish to NPM registry" + required: true + default: true + type: boolean + +defaults: + run: + shell: bash + working-directory: languages/js/wasm + +jobs: + setup: + name: Setup + runs-on: ubuntu-22.04 + outputs: + release-version: ${{ steps.version.outputs.version }} + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Branch check + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: | + if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then + echo "===================================" + echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches" + echo "===================================" + exit 1 + fi + + - name: Check Release Version + id: version + uses: bitwarden/gh-actions/release-version-check@main + with: + release-type: ${{ github.event.inputs.release_type }} + project-type: ts + file: languages/js/wasm/package.json + monorepo: false + + - name: Create GitHub deployment + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7 + id: deployment + with: + token: "${{ secrets.GITHUB_TOKEN }}" + initial-status: "in_progress" + environment: "Bitwarden SDK WASM - Production" + description: "Deployment ${{ steps.version.outputs.version }} from branch ${{ github.ref_name }}" + task: release + + - name: Update deployment status to Success + if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }} + uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "success" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + + - name: Update deployment status to Failure + if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }} + uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1 + with: + token: "${{ secrets.GITHUB_TOKEN }}" + state: "failure" + deployment-id: ${{ steps.deployment.outputs.deployment_id }} + + npm: + name: Publish NPM + runs-on: ubuntu-22.04 + needs: setup + if: inputs.npm_publish + env: + _PKG_VERSION: ${{ needs.setup.outputs.release-version }} + steps: + - name: Checkout repo + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Setup Node + uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + with: + node-version: 18 + cache: "npm" + + - name: Login to Azure + uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 + with: + creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }} + + - name: Retrieve secrets + id: retrieve-secrets + uses: bitwarden/gh-actions/get-keyvault-secrets@main + with: + keyvault: "bitwarden-ci" + secrets: "npm-api-key" + + - name: Download artifacts + uses: bitwarden/gh-actions/download-artifacts@main + with: + workflow: build-wasm.yml + path: ${{ github.workspace }}/languages/js/wasm + workflow_conclusion: success + branch: ${{ github.event.inputs.release_type == 'Dry Run' && 'main' || github.ref_name }} + + - name: Setup NPM + run: | + echo 'registry="https://registry.npmjs.org/"' > ./.npmrc + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ./.npmrc + + echo 'registry="https://registry.npmjs.org/"' > ~/.npmrc + echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" >> ~/.npmrc + env: + NPM_TOKEN: ${{ steps.retrieve-secrets.outputs.npm-api-key }} + + - name: Publish NPM + if: ${{ github.event.inputs.release_type != 'Dry Run' }} + run: npm publish --access public --registry=https://registry.npmjs.org/ --userconfig=./.npmrc diff --git a/Cargo.lock b/Cargo.lock index a00d91bd8..bda3a9c4a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -522,6 +522,7 @@ dependencies = [ name = "bitwarden-wasm" version = "0.1.0" dependencies = [ + "argon2", "bitwarden-json", "console_error_panic_hook", "console_log", diff --git a/crates/bitwarden-wasm/Cargo.toml b/crates/bitwarden-wasm/Cargo.toml index ff4cf13c3..a4ba8b6ae 100644 --- a/crates/bitwarden-wasm/Cargo.toml +++ b/crates/bitwarden-wasm/Cargo.toml @@ -15,6 +15,10 @@ keywords.workspace = true crate-type = ["cdylib"] [dependencies] +argon2 = { version = ">=0.5.0, <0.6", features = [ + "alloc", + "zeroize", +], default-features = false } bitwarden-json = { path = "../bitwarden-json", features = [ "secrets", "internal", diff --git a/crates/bitwarden-wasm/src/client.rs b/crates/bitwarden-wasm/src/client.rs index 542759731..bca8c2383 100644 --- a/crates/bitwarden-wasm/src/client.rs +++ b/crates/bitwarden-wasm/src/client.rs @@ -1,6 +1,7 @@ extern crate console_error_panic_hook; use std::rc::Rc; +use argon2::{Algorithm, Argon2, Params, Version}; use bitwarden_json::client::Client as JsonClient; use js_sys::Promise; use log::Level; @@ -54,3 +55,27 @@ impl BitwardenClient { }) } } + +#[wasm_bindgen] +pub fn argon2( + password: &[u8], + salt: &[u8], + iterations: u32, + memory: u32, + parallelism: u32, +) -> Result, JsError> { + let argon = Argon2::new( + Algorithm::Argon2id, + Version::V0x13, + Params::new( + memory * 1024, // Convert MiB to KiB + iterations, + parallelism, + Some(32), + )?, + ); + + let mut hash = [0u8; 32]; + argon.hash_password_into(password, salt, &mut hash)?; + Ok(hash.to_vec()) +} diff --git a/languages/js/wasm/package.json b/languages/js/wasm/package.json index 26379c9a6..eadbb5fb3 100644 --- a/languages/js/wasm/package.json +++ b/languages/js/wasm/package.json @@ -4,17 +4,20 @@ "files": [ "bitwarden_wasm_bg.js", "bitwarden_wasm_bg.wasm", + "bitwarden_wasm_bg.wasm.d.ts", + "bitwarden_wasm_bg.wasm.js", "bitwarden_wasm.d.ts", "bitwarden_wasm.js", "index.js", - "node/bitwarden_wasm_bg.wasm.d.ts", "node/bitwarden_wasm_bg.wasm", + "node/bitwarden_wasm_bg.wasm.d.ts", "node/bitwarden_wasm.d.ts", "node/bitwarden_wasm.js" ], "main": "node/bitwarden_wasm.js", "module": "index.js", "types": "bitwarden_wasm.d.ts", + "scripts": {}, "sideEffects": [ "./bitwarden_wasm.js", "./snippets/*" From 38b4d25dd7e2b0c64aa7acca5b92d29f8f639fae Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 15 Apr 2024 10:57:14 -0400 Subject: [PATCH 12/15] [deps]: Update dtolnay/rust-toolchain digest to bb45937 (#713) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build-android.yml | 4 ++-- .github/workflows/build-cli.yml | 8 ++++---- .github/workflows/build-napi.yml | 2 +- .github/workflows/build-python-wheels.yml | 2 +- .github/workflows/build-rust-crates.yml | 4 ++-- .github/workflows/build-rust-cross-platform.yml | 2 +- .github/workflows/build-wasm.yml | 2 +- .github/workflows/direct-minimal-versions.yml | 2 +- .github/workflows/generate_schemas.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/memory-testing.yml | 2 +- .github/workflows/minimum-rust-version.yml | 2 +- .github/workflows/publish-rust-crates.yml | 2 +- .github/workflows/release-cli.yml | 2 +- .github/workflows/rust-test.yml | 6 +++--- .github/workflows/version-bump.yml | 2 +- 16 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/workflows/build-android.yml b/.github/workflows/build-android.yml index 8bff66f33..c6b2ae5c5 100644 --- a/.github/workflows/build-android.yml +++ b/.github/workflows/build-android.yml @@ -28,7 +28,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable @@ -70,7 +70,7 @@ jobs: fetch-depth: 0 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/build-cli.yml b/.github/workflows/build-cli.yml index ad3386ddf..37f5c15c8 100644 --- a/.github/workflows/build-cli.yml +++ b/.github/workflows/build-cli.yml @@ -61,7 +61,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: ${{ matrix.settings.target }} @@ -151,7 +151,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: ${{ matrix.settings.target }} @@ -260,7 +260,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: ${{ matrix.settings.target }} @@ -411,7 +411,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/build-napi.yml b/.github/workflows/build-napi.yml index 3737d3767..3bf8f2add 100644 --- a/.github/workflows/build-napi.yml +++ b/.github/workflows/build-napi.yml @@ -61,7 +61,7 @@ jobs: cache-dependency-path: crates/bitwarden-napi/package-lock.json - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: ${{ matrix.settings.target }} diff --git a/.github/workflows/build-python-wheels.yml b/.github/workflows/build-python-wheels.yml index 1c0459dd6..9578a42d6 100644 --- a/.github/workflows/build-python-wheels.yml +++ b/.github/workflows/build-python-wheels.yml @@ -71,7 +71,7 @@ jobs: node-version: 18 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: ${{ matrix.settings.target }} diff --git a/.github/workflows/build-rust-crates.yml b/.github/workflows/build-rust-crates.yml index dc6db5c91..09952a126 100644 --- a/.github/workflows/build-rust-crates.yml +++ b/.github/workflows/build-rust-crates.yml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: ${{ matrix.settings.target }} @@ -69,7 +69,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: ${{ matrix.settings.target }} diff --git a/.github/workflows/build-rust-cross-platform.yml b/.github/workflows/build-rust-cross-platform.yml index cacacf0e0..ae745cbde 100644 --- a/.github/workflows/build-rust-cross-platform.yml +++ b/.github/workflows/build-rust-cross-platform.yml @@ -32,7 +32,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/build-wasm.yml b/.github/workflows/build-wasm.yml index 0bc29b4e0..7b5de8435 100644 --- a/.github/workflows/build-wasm.yml +++ b/.github/workflows/build-wasm.yml @@ -34,7 +34,7 @@ jobs: run: npm i -g binaryen - name: Install rust - uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: wasm32-unknown-unknown diff --git a/.github/workflows/direct-minimal-versions.yml b/.github/workflows/direct-minimal-versions.yml index 084ed3cff..3340cd767 100644 --- a/.github/workflows/direct-minimal-versions.yml +++ b/.github/workflows/direct-minimal-versions.yml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: nightly targets: ${{ matrix.settings.target }} diff --git a/.github/workflows/generate_schemas.yml b/.github/workflows/generate_schemas.yml index 5c62cee01..6513ee998 100644 --- a/.github/workflows/generate_schemas.yml +++ b/.github/workflows/generate_schemas.yml @@ -22,7 +22,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 8767cba89..cb35c99c1 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -20,7 +20,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/memory-testing.yml b/.github/workflows/memory-testing.yml index 1723644f2..d8b6db002 100644 --- a/.github/workflows/memory-testing.yml +++ b/.github/workflows/memory-testing.yml @@ -30,7 +30,7 @@ jobs: sudo apt -y install gdb - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/minimum-rust-version.yml b/.github/workflows/minimum-rust-version.yml index 6213fed32..e371d4026 100644 --- a/.github/workflows/minimum-rust-version.yml +++ b/.github/workflows/minimum-rust-version.yml @@ -30,7 +30,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: # Important: When updating this, make sure to update the Readme file # and also the `rust-version` field in all the `Cargo.toml`. diff --git a/.github/workflows/publish-rust-crates.yml b/.github/workflows/publish-rust-crates.yml index d470b5194..705624d7e 100644 --- a/.github/workflows/publish-rust-crates.yml +++ b/.github/workflows/publish-rust-crates.yml @@ -159,7 +159,7 @@ jobs: secrets: "cratesio-api-token" - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index 3b42c3238..a9bc9e3fe 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -142,7 +142,7 @@ jobs: secrets: "cratesio-api-token" - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable diff --git a/.github/workflows/rust-test.yml b/.github/workflows/rust-test.yml index 06904ee3b..2ea84b6aa 100644 --- a/.github/workflows/rust-test.yml +++ b/.github/workflows/rust-test.yml @@ -39,7 +39,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable @@ -58,7 +58,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable components: llvm-tools @@ -87,7 +87,7 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable targets: wasm32-unknown-unknown diff --git a/.github/workflows/version-bump.yml b/.github/workflows/version-bump.yml index 8b4c33ee3..b2809518b 100644 --- a/.github/workflows/version-bump.yml +++ b/.github/workflows/version-bump.yml @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Install rust - uses: dtolnay/rust-toolchain@dc6353516c68da0f06325f42ad880f76a5e77ec9 # stable + uses: dtolnay/rust-toolchain@bb45937a053e097f8591208d8e74c90db1873d07 # stable with: toolchain: stable From 9c7a1a0f4d96f841416fb3acf8cc683cd0f7707c Mon Sep 17 00:00:00 2001 From: Vince Grassia <593223+vgrassia@users.noreply.github.com> Date: Mon, 15 Apr 2024 16:17:53 -0400 Subject: [PATCH 13/15] DEVOPS-1939 - Pin actions to main (#717) --- .github/workflows/publish-php.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-php.yml b/.github/workflows/publish-php.yml index 2b716c893..dca601213 100644 --- a/.github/workflows/publish-php.yml +++ b/.github/workflows/publish-php.yml @@ -86,7 +86,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@2e9a183f0543d25868fbb784dfe205fea6ff09a5 + uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: ${{ env._KEY_VAULT }} secrets: "github-pat-bitwarden-devops-bot-repo-scope" @@ -167,7 +167,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@2e9a183f0543d25868fbb784dfe205fea6ff09a5 + uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: ${{ env._KEY_VAULT }} secrets: "github-pat-bitwarden-devops-bot-repo-scope" @@ -247,7 +247,7 @@ jobs: - name: Retrieve secrets id: retrieve-secrets - uses: bitwarden/gh-actions/get-keyvault-secrets@2e9a183f0543d25868fbb784dfe205fea6ff09a5 + uses: bitwarden/gh-actions/get-keyvault-secrets@main with: keyvault: ${{ env._KEY_VAULT }} secrets: "github-pat-bitwarden-devops-bot-repo-scope, From 0e7bc70a2f91a99f64eea2703f064463907cf1bf Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Tue, 16 Apr 2024 13:45:17 +0200 Subject: [PATCH 14/15] [PM-7447] Publish prerelease to GitHub packages (#716) We have a desire to publish every build of the wasm to gh package for faster use in the clients repository. --- .github/workflows/build-wasm.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/build-wasm.yml b/.github/workflows/build-wasm.yml index 7b5de8435..9f1752a06 100644 --- a/.github/workflows/build-wasm.yml +++ b/.github/workflows/build-wasm.yml @@ -28,6 +28,7 @@ jobs: uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 18 + registry-url: "https://npm.pkg.github.com" cache: "npm" - name: Install dependencies @@ -56,3 +57,20 @@ jobs: name: sdk-bitwarden-wasm path: ${{ github.workspace }}/languages/js/wasm/* if-no-files-found: error + + - name: Set version + if: ${{ github.ref == 'refs/head/main' }} + # Fetches current version from registry and uses prerelease to bump it + run: | + npm version --no-git-tag-version $(npm view @bitwarden/sdk-wasm@latest version) + npm version --no-git-tag-version prerelease + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + working-directory: languages/js/wasm + + - name: Publish NPM + if: ${{ github.ref == 'refs/head/main' }} + run: npm publish --access public + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + working-directory: languages/js/wasm From 21ad6b2387f9a971d2bab5fec8ddc04338589958 Mon Sep 17 00:00:00 2001 From: Oscar Hinton Date: Tue, 16 Apr 2024 15:12:39 +0200 Subject: [PATCH 15/15] Fix if condition on wasm workflow (#718) Should be `refs/heads/main` not `refs/head/main`. --- .github/workflows/build-wasm.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-wasm.yml b/.github/workflows/build-wasm.yml index 9f1752a06..87e14d2e2 100644 --- a/.github/workflows/build-wasm.yml +++ b/.github/workflows/build-wasm.yml @@ -59,7 +59,7 @@ jobs: if-no-files-found: error - name: Set version - if: ${{ github.ref == 'refs/head/main' }} + if: ${{ github.ref == 'refs/heads/main' }} # Fetches current version from registry and uses prerelease to bump it run: | npm version --no-git-tag-version $(npm view @bitwarden/sdk-wasm@latest version) @@ -69,7 +69,7 @@ jobs: working-directory: languages/js/wasm - name: Publish NPM - if: ${{ github.ref == 'refs/head/main' }} + if: ${{ github.ref == 'refs/heads/main' }} run: npm publish --access public env: NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}