diff --git a/native/cpp/CommonCpp/NativeModules/CommRustModule.h b/native/cpp/CommonCpp/NativeModules/CommRustModule.h --- a/native/cpp/CommonCpp/NativeModules/CommRustModule.h +++ b/native/cpp/CommonCpp/NativeModules/CommRustModule.h @@ -95,7 +95,8 @@ jsi::String userID, jsi::String deviceID, jsi::String accessToken, - jsi::String password) override; + jsi::String oldPassword, + jsi::String newPassword) override; virtual jsi::Value deletePasswordUser( jsi::Runtime &rt, jsi::String userID, diff --git a/native/cpp/CommonCpp/NativeModules/CommRustModule.cpp b/native/cpp/CommonCpp/NativeModules/CommRustModule.cpp --- a/native/cpp/CommonCpp/NativeModules/CommRustModule.cpp +++ b/native/cpp/CommonCpp/NativeModules/CommRustModule.cpp @@ -372,11 +372,13 @@ jsi::String userID, jsi::String deviceID, jsi::String accessToken, - jsi::String password) { + jsi::String oldPassword, + jsi::String newPassword) { auto userIDRust = jsiStringToRustString(userID, rt); auto deviceIDRust = jsiStringToRustString(deviceID, rt); auto accessTokenRust = jsiStringToRustString(accessToken, rt); - auto passwordRust = jsiStringToRustString(password, rt); + auto oldPasswordRust = jsiStringToRustString(oldPassword, rt); + auto newPasswordRust = jsiStringToRustString(newPassword, rt); return createPromiseAsJSIValue( rt, [=, this](jsi::Runtime &innerRt, std::shared_ptr promise) { @@ -388,7 +390,8 @@ userIDRust, deviceIDRust, accessTokenRust, - passwordRust, + oldPasswordRust, + newPasswordRust, currentID); } catch (const std::exception &e) { error = e.what(); diff --git a/native/cpp/CommonCpp/_generated/rustJSI-generated.cpp b/native/cpp/CommonCpp/_generated/rustJSI-generated.cpp --- a/native/cpp/CommonCpp/_generated/rustJSI-generated.cpp +++ b/native/cpp/CommonCpp/_generated/rustJSI-generated.cpp @@ -34,7 +34,7 @@ return static_cast(&turboModule)->logInWalletUser(rt, args[0].asString(rt), args[1].asString(rt), args[2].asString(rt), args[3].asString(rt), args[4].asString(rt), args[5].asString(rt), args[6].asString(rt), args[7].asString(rt)); } static jsi::Value __hostFunction_CommRustModuleSchemaCxxSpecJSI_updatePassword(jsi::Runtime &rt, TurboModule &turboModule, const jsi::Value* args, size_t count) { - return static_cast(&turboModule)->updatePassword(rt, args[0].asString(rt), args[1].asString(rt), args[2].asString(rt), args[3].asString(rt)); + return static_cast(&turboModule)->updatePassword(rt, args[0].asString(rt), args[1].asString(rt), args[2].asString(rt), args[3].asString(rt), args[4].asString(rt)); } static jsi::Value __hostFunction_CommRustModuleSchemaCxxSpecJSI_deletePasswordUser(jsi::Runtime &rt, TurboModule &turboModule, const jsi::Value* args, size_t count) { return static_cast(&turboModule)->deletePasswordUser(rt, args[0].asString(rt), args[1].asString(rt), args[2].asString(rt), args[3].asString(rt)); @@ -109,7 +109,7 @@ methodMap_["registerWalletUser"] = MethodMetadata {12, __hostFunction_CommRustModuleSchemaCxxSpecJSI_registerWalletUser}; methodMap_["registerReservedWalletUser"] = MethodMetadata {13, __hostFunction_CommRustModuleSchemaCxxSpecJSI_registerReservedWalletUser}; methodMap_["logInWalletUser"] = MethodMetadata {8, __hostFunction_CommRustModuleSchemaCxxSpecJSI_logInWalletUser}; - methodMap_["updatePassword"] = MethodMetadata {4, __hostFunction_CommRustModuleSchemaCxxSpecJSI_updatePassword}; + methodMap_["updatePassword"] = MethodMetadata {5, __hostFunction_CommRustModuleSchemaCxxSpecJSI_updatePassword}; methodMap_["deletePasswordUser"] = MethodMetadata {4, __hostFunction_CommRustModuleSchemaCxxSpecJSI_deletePasswordUser}; methodMap_["deleteWalletUser"] = MethodMetadata {3, __hostFunction_CommRustModuleSchemaCxxSpecJSI_deleteWalletUser}; methodMap_["logOut"] = MethodMetadata {3, __hostFunction_CommRustModuleSchemaCxxSpecJSI_logOut}; diff --git a/native/cpp/CommonCpp/_generated/rustJSI.h b/native/cpp/CommonCpp/_generated/rustJSI.h --- a/native/cpp/CommonCpp/_generated/rustJSI.h +++ b/native/cpp/CommonCpp/_generated/rustJSI.h @@ -27,7 +27,7 @@ virtual jsi::Value registerWalletUser(jsi::Runtime &rt, jsi::String siweMessage, jsi::String siweSignature, jsi::String keyPayload, jsi::String keyPayloadSignature, jsi::String contentPrekey, jsi::String contentPrekeySignature, jsi::String notifPrekey, jsi::String notifPrekeySignature, jsi::Array contentOneTimeKeys, jsi::Array notifOneTimeKeys, jsi::String farcasterID, jsi::String initialDeviceList) = 0; virtual jsi::Value registerReservedWalletUser(jsi::Runtime &rt, jsi::String siweMessage, jsi::String siweSignature, jsi::String keyPayload, jsi::String keyPayloadSignature, jsi::String contentPrekey, jsi::String contentPrekeySignature, jsi::String notifPrekey, jsi::String notifPrekeySignature, jsi::Array contentOneTimeKeys, jsi::Array notifOneTimeKeys, jsi::String keyserverMessage, jsi::String keyserverSignature, jsi::String initialDeviceList) = 0; virtual jsi::Value logInWalletUser(jsi::Runtime &rt, jsi::String siweMessage, jsi::String siweSignature, jsi::String keyPayload, jsi::String keyPayloadSignature, jsi::String contentPrekey, jsi::String contentPrekeySignature, jsi::String notifPrekey, jsi::String notifPrekeySignature) = 0; - virtual jsi::Value updatePassword(jsi::Runtime &rt, jsi::String userID, jsi::String deviceID, jsi::String accessToken, jsi::String password) = 0; + virtual jsi::Value updatePassword(jsi::Runtime &rt, jsi::String userID, jsi::String deviceID, jsi::String accessToken, jsi::String oldPassword, jsi::String newPassword) = 0; virtual jsi::Value deletePasswordUser(jsi::Runtime &rt, jsi::String userID, jsi::String deviceID, jsi::String accessToken, jsi::String password) = 0; virtual jsi::Value deleteWalletUser(jsi::Runtime &rt, jsi::String userID, jsi::String deviceID, jsi::String accessToken) = 0; virtual jsi::Value logOut(jsi::Runtime &rt, jsi::String userID, jsi::String deviceID, jsi::String accessToken) = 0; @@ -126,13 +126,13 @@ return bridging::callFromJs( rt, &T::logInWalletUser, jsInvoker_, instance_, std::move(siweMessage), std::move(siweSignature), std::move(keyPayload), std::move(keyPayloadSignature), std::move(contentPrekey), std::move(contentPrekeySignature), std::move(notifPrekey), std::move(notifPrekeySignature)); } - jsi::Value updatePassword(jsi::Runtime &rt, jsi::String userID, jsi::String deviceID, jsi::String accessToken, jsi::String password) override { + jsi::Value updatePassword(jsi::Runtime &rt, jsi::String userID, jsi::String deviceID, jsi::String accessToken, jsi::String oldPassword, jsi::String newPassword) override { static_assert( - bridging::getParameterCount(&T::updatePassword) == 5, - "Expected updatePassword(...) to have 5 parameters"); + bridging::getParameterCount(&T::updatePassword) == 6, + "Expected updatePassword(...) to have 6 parameters"); return bridging::callFromJs( - rt, &T::updatePassword, jsInvoker_, instance_, std::move(userID), std::move(deviceID), std::move(accessToken), std::move(password)); + rt, &T::updatePassword, jsInvoker_, instance_, std::move(userID), std::move(deviceID), std::move(accessToken), std::move(oldPassword), std::move(newPassword)); } jsi::Value deletePasswordUser(jsi::Runtime &rt, jsi::String userID, jsi::String deviceID, jsi::String accessToken, jsi::String password) override { static_assert( diff --git a/native/native_rust_library/src/identity/account_actions.rs b/native/native_rust_library/src/identity/account_actions.rs --- a/native/native_rust_library/src/identity/account_actions.rs +++ b/native/native_rust_library/src/identity/account_actions.rs @@ -19,7 +19,8 @@ user_id: String, device_id: String, access_token: String, - password: String, + old_password: String, + new_password: String, promise_id: u32, ) { RUNTIME.spawn(async move { @@ -27,7 +28,8 @@ access_token, user_id, device_id, - password, + old_password, + new_password, }; let result = update_user_password_helper(update_password_info).await; handle_void_result_as_callback(result, promise_id); @@ -108,17 +110,25 @@ user_id: String, device_id: String, access_token: String, - password: String, + old_password: String, + new_password: String, } async fn update_user_password_helper( update_password_info: UpdatePasswordInfo, ) -> Result<(), Error> { + let mut client_login = Login::new(); + let opaque_login_request = client_login + .start(&update_password_info.old_password) + .map_err(crate::handle_error)?; + let mut client_registration = Registration::new(); let opaque_registration_request = client_registration - .start(&update_password_info.password) + .start(&update_password_info.new_password) .map_err(crate::handle_error)?; + let update_password_start_request = UpdateUserPasswordStartRequest { + opaque_login_request, opaque_registration_request, }; let mut identity_client = get_auth_client( @@ -136,15 +146,20 @@ let update_password_start_response = response.into_inner(); + let opaque_login_upload = client_login + .finish(&update_password_start_response.opaque_login_response) + .map_err(crate::handle_error)?; + let opaque_registration_upload = client_registration .finish( - &update_password_info.password, + &update_password_info.new_password, &update_password_start_response.opaque_registration_response, ) .map_err(crate::handle_error)?; let update_password_finish_request = UpdateUserPasswordFinishRequest { session_id: update_password_start_response.session_id, + opaque_login_upload, opaque_registration_upload, }; diff --git a/native/native_rust_library/src/lib.rs b/native/native_rust_library/src/lib.rs --- a/native/native_rust_library/src/lib.rs +++ b/native/native_rust_library/src/lib.rs @@ -148,7 +148,8 @@ user_id: String, device_id: String, access_token: String, - password: String, + old_password: String, + new_password: String, promise_id: u32, ); diff --git a/native/schema/CommRustModuleSchema.js b/native/schema/CommRustModuleSchema.js --- a/native/schema/CommRustModuleSchema.js +++ b/native/schema/CommRustModuleSchema.js @@ -89,7 +89,8 @@ userID: string, deviceID: string, accessToken: string, - password: string, + oldPassword: string, + newPassword: string, ) => Promise; +deletePasswordUser: ( userID: string, diff --git a/services/identity/src/client_service.rs b/services/identity/src/client_service.rs --- a/services/identity/src/client_service.rs +++ b/services/identity/src/client_service.rs @@ -19,7 +19,7 @@ }; use crate::device_list::SignedDeviceList; use crate::error::{DeviceListError, Error as DBError}; -use crate::grpc_services::authenticated::DeletePasswordUserInfo; +use crate::grpc_services::authenticated::{DeletePasswordUserInfo, UpdatePasswordInfo}; use crate::grpc_services::protos::unauth::{ find_user_id_request, AddReservedUsernamesRequest, AuthResponse, Empty, ExistingDeviceLoginRequest, FindUserIdRequest, FindUserIdResponse, @@ -54,7 +54,7 @@ pub enum WorkflowInProgress { Registration(Box), Login(Box), - Update(UpdateState), + Update(Box), PasswordUserDeletion(Box), } @@ -76,11 +76,6 @@ pub device_to_remove: Option, } -#[derive(Clone, Serialize, Deserialize)] -pub struct UpdateState { - pub user_id: String, -} - #[derive(Clone, Serialize, Deserialize)] pub struct FlattenedDeviceKeyUpload { pub device_id_key: String, @@ -400,65 +395,65 @@ let platform_metadata = get_platform_metadata(&request)?; let message = request.into_inner(); - if let Some(WorkflowInProgress::Login(state)) = self + let Some(WorkflowInProgress::Login(state)) = self .client .get_workflow(message.session_id) .await .map_err(handle_db_error)? - { - let mut server_login = state.opaque_server_login.clone(); - server_login - .finish(&message.opaque_login_upload) - .map_err(protocol_error_to_grpc_status)?; + else { + return Err(tonic::Status::not_found( + tonic_status_messages::SESSION_NOT_FOUND, + )); + }; - if let Some(device_to_remove) = state.device_to_remove { - self - .client - .remove_device(state.user_id.clone(), device_to_remove) - .await - .map_err(handle_db_error)?; - } + let mut server_login = state.opaque_server_login; + server_login + .finish(&message.opaque_login_upload) + .map_err(protocol_error_to_grpc_status)?; - let login_time = chrono::Utc::now(); + if let Some(device_to_remove) = state.device_to_remove { self .client - .add_user_device( - state.user_id.clone(), - state.flattened_device_key_upload.clone(), - platform_metadata, - login_time, - ) + .remove_device(state.user_id.clone(), device_to_remove) .await .map_err(handle_db_error)?; + } - // Create access token - let token = AccessTokenData::with_created_time( + let login_time = chrono::Utc::now(); + self + .client + .add_user_device( state.user_id.clone(), - state.flattened_device_key_upload.device_id_key, + state.flattened_device_key_upload.clone(), + platform_metadata, login_time, - crate::token::AuthType::Password, - &mut OsRng, - ); + ) + .await + .map_err(handle_db_error)?; - let access_token = token.access_token.clone(); + // Create access token + let token = AccessTokenData::with_created_time( + state.user_id.clone(), + state.flattened_device_key_upload.device_id_key, + login_time, + crate::token::AuthType::Password, + &mut OsRng, + ); - self - .client - .put_access_token_data(token) - .await - .map_err(handle_db_error)?; + let access_token = token.access_token.clone(); - let response = AuthResponse { - user_id: state.user_id, - access_token, - username: state.username, - }; - Ok(Response::new(response)) - } else { - Err(tonic::Status::not_found( - tonic_status_messages::SESSION_NOT_FOUND, - )) - } + self + .client + .put_access_token_data(token) + .await + .map_err(handle_db_error)?; + + let response = AuthResponse { + user_id: state.user_id, + access_token, + username: state.username, + }; + Ok(Response::new(response)) } #[tracing::instrument(skip_all)] diff --git a/services/identity/src/constants.rs b/services/identity/src/constants.rs --- a/services/identity/src/constants.rs +++ b/services/identity/src/constants.rs @@ -259,6 +259,7 @@ pub const MISSING_NOTIF_KEYS: &str = "missing_notif_keys"; pub const KEYSERVER_NOT_FOUND: &str = "keyserver_not_found"; pub const PASSWORD_USER: &str = "password_user"; + pub const WALLET_USER: &str = "wallet_user"; pub const INVALID_MESSAGE: &str = "invalid_message"; pub const INVALID_MESSAGE_FORMAT: &str = "invalid_message_format"; pub const MISSING_PLATFORM_OR_CODE_VERSION_METADATA: &str = diff --git a/services/identity/src/grpc_services/authenticated.rs b/services/identity/src/grpc_services/authenticated.rs --- a/services/identity/src/grpc_services/authenticated.rs +++ b/services/identity/src/grpc_services/authenticated.rs @@ -5,7 +5,7 @@ use crate::device_list::SignedDeviceList; use crate::error::consume_error; use crate::{ - client_service::{handle_db_error, UpdateState, WorkflowInProgress}, + client_service::{handle_db_error, WorkflowInProgress}, constants::{error_types, request_metadata, tonic_status_messages}, database::DatabaseClient, grpc_services::shared::{get_platform_metadata, get_value}, @@ -264,27 +264,50 @@ ) -> Result, tonic::Status> { let (user_id, _) = get_user_and_device_id(&request)?; + + let Some((username, password_file)) = self + .db_client + .get_username_and_password_file(&user_id) + .await + .map_err(handle_db_error)? + else { + return Err(tonic::Status::permission_denied( + tonic_status_messages::WALLET_USER, + )); + }; + let message = request.into_inner(); + let mut server_login = comm_opaque2::server::Login::new(); + let login_response = server_login + .start( + &CONFIG.server_setup, + &password_file, + &message.opaque_login_request, + username.as_bytes(), + ) + .map_err(protocol_error_to_grpc_status)?; + let server_registration = comm_opaque2::server::Registration::new(); - let server_message = server_registration + let registration_response = server_registration .start( &CONFIG.server_setup, &message.opaque_registration_request, - user_id.as_bytes(), + username.as_bytes(), ) .map_err(protocol_error_to_grpc_status)?; - let update_state = UpdateState { user_id }; + let update_state = UpdatePasswordInfo::new(server_login); let session_id = self .db_client - .insert_workflow(WorkflowInProgress::Update(update_state)) + .insert_workflow(WorkflowInProgress::Update(Box::new(update_state))) .await .map_err(handle_db_error)?; let response = UpdateUserPasswordStartResponse { session_id, - opaque_registration_response: server_message, + opaque_registration_response: registration_response, + opaque_login_response: login_response, }; Ok(Response::new(response)) } @@ -294,6 +317,8 @@ &self, request: tonic::Request, ) -> Result, tonic::Status> { + let (user_id, _) = get_user_and_device_id(&request)?; + let message = request.into_inner(); let Some(WorkflowInProgress::Update(state)) = self @@ -307,6 +332,11 @@ )); }; + let mut server_login = state.opaque_server_login; + server_login + .finish(&message.opaque_login_upload) + .map_err(protocol_error_to_grpc_status)?; + let server_registration = comm_opaque2::server::Registration::new(); let password_file = server_registration .finish(&message.opaque_registration_upload) @@ -314,7 +344,7 @@ self .db_client - .update_user_password(state.user_id, password_file) + .update_user_password(user_id, password_file) .await .map_err(handle_db_error)?; @@ -485,7 +515,7 @@ ) .map_err(protocol_error_to_grpc_status)?; - let delete_state = construct_delete_password_user_info(server_login); + let delete_state = DeletePasswordUserInfo::new(server_login); let session_id = self .db_client @@ -855,15 +885,16 @@ } } -#[derive(Clone, serde::Serialize, serde::Deserialize)] +#[derive( + Clone, serde::Serialize, serde::Deserialize, derive_more::Constructor, +)] pub struct DeletePasswordUserInfo { pub opaque_server_login: comm_opaque2::server::Login, } -fn construct_delete_password_user_info( - opaque_server_login: comm_opaque2::server::Login, -) -> DeletePasswordUserInfo { - DeletePasswordUserInfo { - opaque_server_login, - } +#[derive( + Clone, serde::Serialize, serde::Deserialize, derive_more::Constructor, +)] +pub struct UpdatePasswordInfo { + pub opaque_server_login: comm_opaque2::server::Login, } diff --git a/shared/protos/identity_auth.proto b/shared/protos/identity_auth.proto --- a/shared/protos/identity_auth.proto +++ b/shared/protos/identity_auth.proto @@ -42,7 +42,7 @@ /* Account actions */ - // Called by user to update password and receive new access token + // Called by user to update password rpc UpdateUserPasswordStart(UpdateUserPasswordStartRequest) returns (UpdateUserPasswordStartResponse) {} rpc UpdateUserPasswordFinish(UpdateUserPasswordFinishRequest) returns @@ -172,26 +172,29 @@ // UpdateUserPassword -// Request for updating a user, similar to registration but need a -// access token to validate user before updating password message UpdateUserPasswordStartRequest { - // Message sent to initiate PAKE registration (step 1) + // Initiate PAKE registration with new password bytes opaque_registration_request = 1; + // Initiate PAKE login with old password + bytes opaque_login_request = 2; } -// Do a user registration, but overwrite the existing credentials -// after validation of user message UpdateUserPasswordFinishRequest { // Identifier used to correlate start and finish request string session_id = 1; - // Opaque client registration upload (step 3) + // Complete PAKE registration with new password bytes opaque_registration_upload = 2; + // Complete PAKE login with old password + bytes opaque_login_upload = 3; } message UpdateUserPasswordStartResponse { // Identifier used to correlate start request with finish request string session_id = 1; + // Continue PAKE registration on server with new password bytes opaque_registration_response = 2; + // Continue PAKE login on server with old password + bytes opaque_login_response = 3; } // DeletePasswordUser diff --git a/web/protobufs/identity-auth-structs.cjs b/web/protobufs/identity-auth-structs.cjs --- a/web/protobufs/identity-auth-structs.cjs +++ b/web/protobufs/identity-auth-structs.cjs @@ -2910,7 +2910,8 @@ */ proto.identity.auth.UpdateUserPasswordStartRequest.toObject = function(includeInstance, msg) { var f, obj = { - opaqueRegistrationRequest: msg.getOpaqueRegistrationRequest_asB64() + opaqueRegistrationRequest: msg.getOpaqueRegistrationRequest_asB64(), + opaqueLoginRequest: msg.getOpaqueLoginRequest_asB64() }; if (includeInstance) { @@ -2951,6 +2952,10 @@ var value = /** @type {!Uint8Array} */ (reader.readBytes()); msg.setOpaqueRegistrationRequest(value); break; + case 2: + var value = /** @type {!Uint8Array} */ (reader.readBytes()); + msg.setOpaqueLoginRequest(value); + break; default: reader.skipField(); break; @@ -2987,6 +2992,13 @@ f ); } + f = message.getOpaqueLoginRequest_asU8(); + if (f.length > 0) { + writer.writeBytes( + 2, + f + ); + } }; @@ -3032,6 +3044,48 @@ }; +/** + * optional bytes opaque_login_request = 2; + * @return {string} + */ +proto.identity.auth.UpdateUserPasswordStartRequest.prototype.getOpaqueLoginRequest = function() { + return /** @type {string} */ (jspb.Message.getFieldWithDefault(this, 2, "")); +}; + + +/** + * optional bytes opaque_login_request = 2; + * This is a type-conversion wrapper around `getOpaqueLoginRequest()` + * @return {string} + */ +proto.identity.auth.UpdateUserPasswordStartRequest.prototype.getOpaqueLoginRequest_asB64 = function() { + return /** @type {string} */ (jspb.Message.bytesAsB64( + this.getOpaqueLoginRequest())); +}; + + +/** + * optional bytes opaque_login_request = 2; + * Note that Uint8Array is not supported on all browsers. + * @see http://caniuse.com/Uint8Array + * This is a type-conversion wrapper around `getOpaqueLoginRequest()` + * @return {!Uint8Array} + */ +proto.identity.auth.UpdateUserPasswordStartRequest.prototype.getOpaqueLoginRequest_asU8 = function() { + return /** @type {!Uint8Array} */ (jspb.Message.bytesAsU8( + this.getOpaqueLoginRequest())); +}; + + +/** + * @param {!(string|Uint8Array)} value + * @return {!proto.identity.auth.UpdateUserPasswordStartRequest} returns this + */ +proto.identity.auth.UpdateUserPasswordStartRequest.prototype.setOpaqueLoginRequest = function(value) { + return jspb.Message.setProto3BytesField(this, 2, value); +}; + + @@ -3065,7 +3119,8 @@ proto.identity.auth.UpdateUserPasswordFinishRequest.toObject = function(includeInstance, msg) { var f, obj = { sessionId: jspb.Message.getFieldWithDefault(msg, 1, ""), - opaqueRegistrationUpload: msg.getOpaqueRegistrationUpload_asB64() + opaqueRegistrationUpload: msg.getOpaqueRegistrationUpload_asB64(), + opaqueLoginUpload: msg.getOpaqueLoginUpload_asB64() }; if (includeInstance) { @@ -3110,6 +3165,10 @@ var value = /** @type {!Uint8Array} */ (reader.readBytes()); msg.setOpaqueRegistrationUpload(value); break; + case 3: + var value = /** @type {!Uint8Array} */ (reader.readBytes()); + msg.setOpaqueLoginUpload(value); + break; default: reader.skipField(); break; @@ -3153,6 +3212,13 @@ f ); } + f = message.getOpaqueLoginUpload_asU8(); + if (f.length > 0) { + writer.writeBytes( + 3, + f + ); + } }; @@ -3216,6 +3282,48 @@ }; +/** + * optional bytes opaque_login_upload = 3; + * @return {string} + */ +proto.identity.auth.UpdateUserPasswordFinishRequest.prototype.getOpaqueLoginUpload = function() { + return /** @type {string} */ (jspb.Message.getFieldWithDefault(this, 3, "")); +}; + + +/** + * optional bytes opaque_login_upload = 3; + * This is a type-conversion wrapper around `getOpaqueLoginUpload()` + * @return {string} + */ +proto.identity.auth.UpdateUserPasswordFinishRequest.prototype.getOpaqueLoginUpload_asB64 = function() { + return /** @type {string} */ (jspb.Message.bytesAsB64( + this.getOpaqueLoginUpload())); +}; + + +/** + * optional bytes opaque_login_upload = 3; + * Note that Uint8Array is not supported on all browsers. + * @see http://caniuse.com/Uint8Array + * This is a type-conversion wrapper around `getOpaqueLoginUpload()` + * @return {!Uint8Array} + */ +proto.identity.auth.UpdateUserPasswordFinishRequest.prototype.getOpaqueLoginUpload_asU8 = function() { + return /** @type {!Uint8Array} */ (jspb.Message.bytesAsU8( + this.getOpaqueLoginUpload())); +}; + + +/** + * @param {!(string|Uint8Array)} value + * @return {!proto.identity.auth.UpdateUserPasswordFinishRequest} returns this + */ +proto.identity.auth.UpdateUserPasswordFinishRequest.prototype.setOpaqueLoginUpload = function(value) { + return jspb.Message.setProto3BytesField(this, 3, value); +}; + + @@ -3249,7 +3357,8 @@ proto.identity.auth.UpdateUserPasswordStartResponse.toObject = function(includeInstance, msg) { var f, obj = { sessionId: jspb.Message.getFieldWithDefault(msg, 1, ""), - opaqueRegistrationResponse: msg.getOpaqueRegistrationResponse_asB64() + opaqueRegistrationResponse: msg.getOpaqueRegistrationResponse_asB64(), + opaqueLoginResponse: msg.getOpaqueLoginResponse_asB64() }; if (includeInstance) { @@ -3294,6 +3403,10 @@ var value = /** @type {!Uint8Array} */ (reader.readBytes()); msg.setOpaqueRegistrationResponse(value); break; + case 3: + var value = /** @type {!Uint8Array} */ (reader.readBytes()); + msg.setOpaqueLoginResponse(value); + break; default: reader.skipField(); break; @@ -3337,6 +3450,13 @@ f ); } + f = message.getOpaqueLoginResponse_asU8(); + if (f.length > 0) { + writer.writeBytes( + 3, + f + ); + } }; @@ -3400,6 +3520,48 @@ }; +/** + * optional bytes opaque_login_response = 3; + * @return {string} + */ +proto.identity.auth.UpdateUserPasswordStartResponse.prototype.getOpaqueLoginResponse = function() { + return /** @type {string} */ (jspb.Message.getFieldWithDefault(this, 3, "")); +}; + + +/** + * optional bytes opaque_login_response = 3; + * This is a type-conversion wrapper around `getOpaqueLoginResponse()` + * @return {string} + */ +proto.identity.auth.UpdateUserPasswordStartResponse.prototype.getOpaqueLoginResponse_asB64 = function() { + return /** @type {string} */ (jspb.Message.bytesAsB64( + this.getOpaqueLoginResponse())); +}; + + +/** + * optional bytes opaque_login_response = 3; + * Note that Uint8Array is not supported on all browsers. + * @see http://caniuse.com/Uint8Array + * This is a type-conversion wrapper around `getOpaqueLoginResponse()` + * @return {!Uint8Array} + */ +proto.identity.auth.UpdateUserPasswordStartResponse.prototype.getOpaqueLoginResponse_asU8 = function() { + return /** @type {!Uint8Array} */ (jspb.Message.bytesAsU8( + this.getOpaqueLoginResponse())); +}; + + +/** + * @param {!(string|Uint8Array)} value + * @return {!proto.identity.auth.UpdateUserPasswordStartResponse} returns this + */ +proto.identity.auth.UpdateUserPasswordStartResponse.prototype.setOpaqueLoginResponse = function(value) { + return jspb.Message.setProto3BytesField(this, 3, value); +}; + + diff --git a/web/protobufs/identity-auth-structs.cjs.flow b/web/protobufs/identity-auth-structs.cjs.flow --- a/web/protobufs/identity-auth-structs.cjs.flow +++ b/web/protobufs/identity-auth-structs.cjs.flow @@ -287,6 +287,11 @@ getOpaqueRegistrationRequest_asB64(): string; setOpaqueRegistrationRequest(value: Uint8Array | string): UpdateUserPasswordStartRequest; + getOpaqueLoginRequest(): Uint8Array | string; + getOpaqueLoginRequest_asU8(): Uint8Array; + getOpaqueLoginRequest_asB64(): string; + setOpaqueLoginRequest(value: Uint8Array | string): UpdateUserPasswordStartRequest; + serializeBinary(): Uint8Array; toObject(includeInstance?: boolean): UpdateUserPasswordStartRequestObject; static toObject(includeInstance: boolean, msg: UpdateUserPasswordStartRequest): UpdateUserPasswordStartRequestObject; @@ -297,6 +302,7 @@ export type UpdateUserPasswordStartRequestObject = { opaqueRegistrationRequest: Uint8Array | string, + opaqueLoginRequest: Uint8Array | string, }; declare export class UpdateUserPasswordFinishRequest extends Message { @@ -308,6 +314,11 @@ getOpaqueRegistrationUpload_asB64(): string; setOpaqueRegistrationUpload(value: Uint8Array | string): UpdateUserPasswordFinishRequest; + getOpaqueLoginUpload(): Uint8Array | string; + getOpaqueLoginUpload_asU8(): Uint8Array; + getOpaqueLoginUpload_asB64(): string; + setOpaqueLoginUpload(value: Uint8Array | string): UpdateUserPasswordFinishRequest; + serializeBinary(): Uint8Array; toObject(includeInstance?: boolean): UpdateUserPasswordFinishRequestObject; static toObject(includeInstance: boolean, msg: UpdateUserPasswordFinishRequest): UpdateUserPasswordFinishRequestObject; @@ -319,6 +330,7 @@ export type UpdateUserPasswordFinishRequestObject = { sessionId: string, opaqueRegistrationUpload: Uint8Array | string, + opaqueLoginUpload: Uint8Array | string, }; declare export class UpdateUserPasswordStartResponse extends Message { @@ -330,6 +342,11 @@ getOpaqueRegistrationResponse_asB64(): string; setOpaqueRegistrationResponse(value: Uint8Array | string): UpdateUserPasswordStartResponse; + getOpaqueLoginResponse(): Uint8Array | string; + getOpaqueLoginResponse_asU8(): Uint8Array; + getOpaqueLoginResponse_asB64(): string; + setOpaqueLoginResponse(value: Uint8Array | string): UpdateUserPasswordStartResponse; + serializeBinary(): Uint8Array; toObject(includeInstance?: boolean): UpdateUserPasswordStartResponseObject; static toObject(includeInstance: boolean, msg: UpdateUserPasswordStartResponse): UpdateUserPasswordStartResponseObject; @@ -341,6 +358,7 @@ export type UpdateUserPasswordStartResponseObject = { sessionId: string, opaqueRegistrationResponse: Uint8Array | string, + opaqueLoginResponse: Uint8Array | string, }; declare export class DeletePasswordUserStartRequest extends Message {