public static async Task <AuditEventType[]> GetAvailableEvents(this IAuthentication auth) { var rq = new GetAuditEventDimensionsCommand(); var rs = await auth.ExecuteAuthCommand <GetAuditEventDimensionsCommand, GetAuditEventDimensionsResponse>(rq); return(rs.Dimensions?.AuditEventTypes); }
private static async Task <List <KeeperApiResponse> > ExecuteCommands(this IAuthentication auth, IReadOnlyCollection <KeeperApiCommand> commands) { var responses = new List <KeeperApiResponse>(); var pos = 0; while (pos < commands.Count) { var executeRq = new ExecuteCommand { Requests = commands.Skip(pos).Take(99).ToArray() }; pos += 99; var executeRs = await auth.ExecuteAuthCommand <ExecuteCommand, ExecuteResponse>(executeRq); responses.AddRange(executeRs.Results); if (responses.Count < pos) { break; } await Task.Delay(TimeSpan.FromSeconds(10)); } return(responses); }
public static async Task ShareAccount(this IAuthentication auth, AccountShareTo[] shareAccountTo) { if (shareAccountTo != null) { foreach (var shareTo in shareAccountTo) { var key = CryptoUtils.LoadPublicKey(shareTo.PublicKey.Base64UrlDecode()); var command = new ShareAccountCommand { ToRoleId = shareTo.RoleId, TransferKey = CryptoUtils.EncryptRsa(auth.AuthContext.DataKey, key).Base64UrlEncode() }; await auth.ExecuteAuthCommand(command); } } }
public static async Task <string> ChangeMasterPassword(this IAuthentication auth) { if (auth.AuthCallback is IPostLoginTaskUI postUi) { var userParams = await auth.Endpoint.GetNewUserParams(auth.Username); var rules = userParams.PasswordMatchDescription .Zip(userParams.PasswordMatchRegex, (description, pattern) => new PasswordRule { description = description, match = true, pattern = pattern }) .ToArray(); var ruleMatcher = new PasswordRuleMatcher(rules); var newPassword = await postUi.GetNewPassword(ruleMatcher); var failedRules = ruleMatcher.MatchFailedRules(newPassword); if (failedRules.Length != 0) { throw new KeeperApiException("password_rule_failed", failedRules[0]); } var iterations = 100000; var authSalt = CryptoUtils.GetRandomBytes(16); var authVerifier = CryptoUtils.CreateAuthVerifier(newPassword, authSalt, iterations); var keySalt = CryptoUtils.GetRandomBytes(16); var encryptionParameters = CryptoUtils.CreateEncryptionParams(newPassword, keySalt, iterations, auth.AuthContext.DataKey); var command = new ChangeMasterPasswordCommand { AuthVerifier = authVerifier.Base64UrlEncode(), EncryptionParams = encryptionParameters.Base64UrlEncode() }; await auth.ExecuteAuthCommand(command); return(newPassword); } return(null); }
public static async Task <Tuple <GetAuditEventReportsResponse, long> > GetUserEvents(this IAuthentication auth, string forUser, long recentUnixTime, long latestUnixTime = 0) { if (recentUnixTime < 0 || latestUnixTime < 0 || string.IsNullOrEmpty(forUser)) { return(null); } if (recentUnixTime == 0) { recentUnixTime = DateTimeOffset.Now.ToUnixTimeMilliseconds() / 1000; } var rq = new GetAuditEventReportsCommand { Filter = new ReportFilter { Username = forUser, Created = new CreatedFilter { Max = recentUnixTime == 0 ? (long?)null : recentUnixTime, Min = latestUnixTime == 0 ? (long?)null : latestUnixTime } }, Limit = 1000, ReportType = "raw", Order = "descending" }; var rs = await auth.ExecuteAuthCommand <GetAuditEventReportsCommand, GetAuditEventReportsResponse>(rq); var response = Tuple.Create <GetAuditEventReportsResponse, long>(rs, -1); if (rs.Events == null || rs.Events.Count == 0) { return(response); } if (rq.Limit > 0 && rs.Events?.Count < 0.95 * rq.Limit) { return(response); } var pos = rs.Events.Count - 1; if (!rs.Events[pos].TryGetValue("created", out var lastCreated)) { return(response); } while (pos > 0) { pos--; if (rs.Events[pos].TryGetValue("created", out var created)) { if (!Equals(created, lastCreated)) { break; } } } if (pos <= 0 || pos >= rs.Events.Count - 1) { return(response); } if (!(lastCreated is IConvertible conv)) { return(response); } rs.Events.RemoveRange(pos + 1, rs.Events.Count - pos - 1); return(Tuple.Create(rs, conv.ToInt64(CultureInfo.InvariantCulture) + 1)); }
public static async Task ExecuteDeviceApprove(IAuthentication auth, IList <string> messages) { var keysRq = new EnterpriseDataCommand { include = new[] { "devices_request_for_admin_approval" } }; var rs = await auth.ExecuteAuthCommand <EnterpriseDataCommand, EnterpriseDataResponse>(keysRq); if ((rs.DeviceRequestForApproval?.Count ?? 0) == 0) { return; } var userDataKeys = new Dictionary <long, byte[]>(); foreach (var drq in rs.DeviceRequestForApproval) { if (!userDataKeys.ContainsKey(drq.EnterpriseUserId)) { userDataKeys[drq.EnterpriseUserId] = null; } } var dataKeyRq = new UserDataKeyRequest(); dataKeyRq.EnterpriseUserId.AddRange(userDataKeys.Keys); var dataKeyRs = await auth.ExecuteAuthRest <UserDataKeyRequest, EnterpriseUserDataKeys>("enterprise/get_enterprise_user_data_key", dataKeyRq); foreach (var key in dataKeyRs.Keys) { if (key.UserEncryptedDataKey.IsEmpty) { continue; } if (key.KeyTypeId != 2) { continue; } try { var userDataKey = CryptoUtils.DecryptEc(key.UserEncryptedDataKey.ToByteArray(), _enterprisePrivateKey); userDataKeys[key.EnterpriseUserId] = userDataKey; } catch (Exception e) { messages.Add($"Data key decrypt error: {e.Message}"); } } var approveDevicesRq = new ApproveUserDevicesRequest(); foreach (var drq in rs.DeviceRequestForApproval) { if (!userDataKeys.ContainsKey(drq.EnterpriseUserId) || userDataKeys[drq.EnterpriseUserId] == null) { continue; } var dataKey = userDataKeys[drq.EnterpriseUserId]; var devicePublicKey = CryptoUtils.LoadPublicEcKey(drq.DevicePublicKey.Base64UrlDecode()); var encDataKey = CryptoUtils.EncryptEc(dataKey, devicePublicKey); var approveRq = new ApproveUserDeviceRequest { EnterpriseUserId = drq.EnterpriseUserId, EncryptedDeviceToken = ByteString.CopyFrom(drq.EncryptedDeviceToken.Base64UrlDecode()), EncryptedDeviceDataKey = ByteString.CopyFrom(encDataKey), DenyApproval = false, }; approveDevicesRq.DeviceRequests.Add(approveRq); } if (approveDevicesRq.DeviceRequests.Count == 0) { return; } var approveRs = await auth.ExecuteAuthRest <ApproveUserDevicesRequest, ApproveUserDevicesResponse>("enterprise/approve_user_devices", approveDevicesRq); foreach (var deviceRs in approveRs.DeviceResponses) { var message = $"Approve device for {deviceRs.EnterpriseUserId} {(deviceRs.Failed ? "failed" : "succeeded")}"; Debug.WriteLine(message); messages.Add(message); } }
/// <summary> /// Executes JSON authenticated command. /// </summary> /// <typeparam name="TC">JSON authenticated command type.</typeparam> /// <param name="auth">The authenticated connection.</param> /// <param name="command">SON authenticated command.</param> /// <returns>Awaitable task.</returns> /// <exception cref="KeeperApiException">Keeper API Exception.</exception> /// <seealso cref="IKeeperEndpoint.ExecuteV2Command"/> public static Task ExecuteAuthCommand <TC>(this IAuthentication auth, TC command) where TC : AuthenticatedCommand { return(auth.ExecuteAuthCommand <TC, KeeperApiResponse>(command)); }
/// <summary> /// Executes JSON authenticated command. /// </summary> /// <typeparam name="TC">JSON authenticated command type.</typeparam> /// <typeparam name="TR">JSON response type.</typeparam> /// <param name="auth">The authenticated connection.</param> /// <param name="command">JSON authenticated command.</param> /// <param name="throwOnError">if <c>True</c> throw exception on Keeper error.</param> /// <returns>A Task returning JSON response.</returns> /// <exception cref="KeeperApiException">Keeper API Exception.</exception> /// <seealso cref="IKeeperEndpoint.ExecuteV2Command"/> public static async Task <TR> ExecuteAuthCommand <TC, TR>(this IAuthentication auth, TC command, bool throwOnError = true) where TC : AuthenticatedCommand where TR : KeeperApiResponse { return((TR)await auth.ExecuteAuthCommand(command, typeof(TR), throwOnError)); }
/// <summary> /// Executes JSON authenticated command that does not return data. /// </summary> /// <param name="auth">The authenticated connection.</param> /// <param name="command">JSON authenticated command.</param> /// <returns>A Task returning basic JSON response.</returns> /// <seealso cref="IKeeperEndpoint.ExecuteV2Command"/> public static async Task <KeeperApiResponse> ExecuteAuthCommand(this IAuthentication auth, AuthenticatedCommand command) { return(await auth.ExecuteAuthCommand(command, typeof(KeeperApiResponse), true)); }