diff --git a/docs/schema/CreateFamilyByMailTokenRequest.schema.json b/docs/schema/CreateFamilyByMailTokenRequest.schema.json
index b7a2ac8..8860532 100644
--- a/docs/schema/CreateFamilyByMailTokenRequest.schema.json
+++ b/docs/schema/CreateFamilyByMailTokenRequest.schema.json
@@ -5,7 +5,7 @@
"type": "string"
},
"parentPassword": {
- "$ref": "#/definitions/ParentPassword"
+ "$ref": "#/definitions/PlaintextParentPassword"
},
"parentDevice": {
"$ref": "#/definitions/NewDeviceInfo"
@@ -30,7 +30,7 @@
"timeZone"
],
"definitions": {
- "ParentPassword": {
+ "PlaintextParentPassword": {
"type": "object",
"properties": {
"hash": {
@@ -49,7 +49,7 @@
"secondHash",
"secondSalt"
],
- "title": "ParentPassword"
+ "title": "PlaintextParentPassword"
},
"NewDeviceInfo": {
"type": "object",
diff --git a/docs/schema/README.md b/docs/schema/README.md
index fdadbc4..54684c1 100644
--- a/docs/schema/README.md
+++ b/docs/schema/README.md
@@ -56,19 +56,19 @@
* [DeviceDataStatus](./clientpullchangesrequest-definitions-devicedatastatus.md) – `https://timelimit.io/ClientPullChangesRequest#/definitions/DeviceDataStatus`
+* [EncryptableParentPassword](./serializedchildaction-definitions-encryptableparentpassword.md) – `https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword`
+
+* [EncryptableParentPassword](./serializedparentaction-definitions-encryptableparentpassword.md) – `https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword`
+
* [NewDeviceInfo](./createfamilybymailtokenrequest-definitions-newdeviceinfo.md) – `https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/NewDeviceInfo`
* [NewDeviceInfo](./registerchilddevicerequest-definitions-newdeviceinfo.md) – `https://timelimit.io/RegisterChildDeviceRequest#/definitions/NewDeviceInfo`
* [NewDeviceInfo](./signintofamilyrequest-definitions-newdeviceinfo.md) – `https://timelimit.io/SignIntoFamilyRequest#/definitions/NewDeviceInfo`
-* [ParentPassword](./createfamilybymailtokenrequest-definitions-parentpassword.md) – `https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword`
+* [PlaintextParentPassword](./createfamilybymailtokenrequest-definitions-plaintextparentpassword.md) – `https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword`
-* [ParentPassword](./recoverparentpasswordrequest-definitions-parentpassword.md) – `https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword`
-
-* [ParentPassword](./serializedchildaction-definitions-parentpassword.md) – `https://timelimit.io/SerializedChildAction#/definitions/ParentPassword`
-
-* [ParentPassword](./serializedparentaction-definitions-parentpassword.md) – `https://timelimit.io/SerializedParentAction#/definitions/ParentPassword`
+* [PlaintextParentPassword](./recoverparentpasswordrequest-definitions-plaintextparentpassword.md) – `https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword`
* [SerialiezdTriedDisablingDeviceAdminAction](./serializedapplogicaction-definitions-serialiezdtrieddisablingdeviceadminaction.md) – `https://timelimit.io/SerializedAppLogicAction#/definitions/SerialiezdTriedDisablingDeviceAdminAction`
diff --git a/docs/schema/RecoverParentPasswordRequest.schema.json b/docs/schema/RecoverParentPasswordRequest.schema.json
index 74b59ea..d0fc529 100644
--- a/docs/schema/RecoverParentPasswordRequest.schema.json
+++ b/docs/schema/RecoverParentPasswordRequest.schema.json
@@ -5,7 +5,7 @@
"type": "string"
},
"password": {
- "$ref": "#/definitions/ParentPassword"
+ "$ref": "#/definitions/PlaintextParentPassword"
}
},
"additionalProperties": false,
@@ -14,7 +14,7 @@
"password"
],
"definitions": {
- "ParentPassword": {
+ "PlaintextParentPassword": {
"type": "object",
"properties": {
"hash": {
@@ -33,7 +33,7 @@
"secondHash",
"secondSalt"
],
- "title": "ParentPassword"
+ "title": "PlaintextParentPassword"
}
},
"$schema": "http://json-schema.org/draft-07/schema#",
diff --git a/docs/schema/SerializedChildAction.schema.json b/docs/schema/SerializedChildAction.schema.json
index 351ad12..511f0aa 100644
--- a/docs/schema/SerializedChildAction.schema.json
+++ b/docs/schema/SerializedChildAction.schema.json
@@ -18,7 +18,7 @@
]
},
"password": {
- "$ref": "#/definitions/ParentPassword"
+ "$ref": "#/definitions/EncryptableParentPassword"
}
},
"additionalProperties": false,
@@ -28,7 +28,7 @@
],
"title": "SerializedChildChangePasswordAction"
},
- "ParentPassword": {
+ "EncryptableParentPassword": {
"type": "object",
"properties": {
"hash": {
@@ -39,6 +39,9 @@
},
"secondSalt": {
"type": "string"
+ },
+ "encrypted": {
+ "type": "boolean"
}
},
"additionalProperties": false,
@@ -47,7 +50,7 @@
"secondHash",
"secondSalt"
],
- "title": "ParentPassword"
+ "title": "EncryptableParentPassword"
},
"SerializedChildSignInAction": {
"type": "object",
diff --git a/docs/schema/SerializedParentAction.schema.json b/docs/schema/SerializedParentAction.schema.json
index 30bd16e..b9c1478 100644
--- a/docs/schema/SerializedParentAction.schema.json
+++ b/docs/schema/SerializedParentAction.schema.json
@@ -221,7 +221,7 @@
"type": "string"
},
"password": {
- "$ref": "#/definitions/ParentPassword"
+ "$ref": "#/definitions/EncryptableParentPassword"
},
"timeZone": {
"type": "string"
@@ -237,7 +237,7 @@
],
"title": "SerializedAddUserAction"
},
- "ParentPassword": {
+ "EncryptableParentPassword": {
"type": "object",
"properties": {
"hash": {
@@ -248,6 +248,9 @@
},
"secondSalt": {
"type": "string"
+ },
+ "encrypted": {
+ "type": "boolean"
}
},
"additionalProperties": false,
@@ -256,7 +259,7 @@
"secondHash",
"secondSalt"
],
- "title": "ParentPassword"
+ "title": "EncryptableParentPassword"
},
"SerializedChangeParentPasswordAction": {
"type": "object",
@@ -721,7 +724,7 @@
"type": "string"
},
"newPassword": {
- "$ref": "#/definitions/ParentPassword"
+ "$ref": "#/definitions/EncryptableParentPassword"
}
},
"additionalProperties": false,
diff --git a/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-hash.md b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-hash.md
new file mode 100644
index 0000000..2866447
--- /dev/null
+++ b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-hash.md
@@ -0,0 +1,15 @@
+# Untitled string in CreateFamilyByMailTokenRequest Schema
+
+```txt
+https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/hash
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------------------------- |
+| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [CreateFamilyByMailTokenRequest.schema.json\*](CreateFamilyByMailTokenRequest.schema.json "open original schema") |
+
+## hash Type
+
+`string`
diff --git a/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondhash.md b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondhash.md
new file mode 100644
index 0000000..92836fa
--- /dev/null
+++ b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondhash.md
@@ -0,0 +1,15 @@
+# Untitled string in CreateFamilyByMailTokenRequest Schema
+
+```txt
+https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondHash
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------------------------- |
+| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [CreateFamilyByMailTokenRequest.schema.json\*](CreateFamilyByMailTokenRequest.schema.json "open original schema") |
+
+## secondHash Type
+
+`string`
diff --git a/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondsalt.md b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondsalt.md
new file mode 100644
index 0000000..b35a9b8
--- /dev/null
+++ b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondsalt.md
@@ -0,0 +1,15 @@
+# Untitled string in CreateFamilyByMailTokenRequest Schema
+
+```txt
+https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondSalt
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------------------------- |
+| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [CreateFamilyByMailTokenRequest.schema.json\*](CreateFamilyByMailTokenRequest.schema.json "open original schema") |
+
+## secondSalt Type
+
+`string`
diff --git a/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword.md b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword.md
new file mode 100644
index 0000000..607b43e
--- /dev/null
+++ b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword.md
@@ -0,0 +1,77 @@
+# PlaintextParentPassword Schema
+
+```txt
+https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :----------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------------------------- |
+| Can be instantiated | No | Unknown status | No | Forbidden | Forbidden | none | [CreateFamilyByMailTokenRequest.schema.json\*](CreateFamilyByMailTokenRequest.schema.json "open original schema") |
+
+## PlaintextParentPassword Type
+
+`object` ([PlaintextParentPassword](createfamilybymailtokenrequest-definitions-plaintextparentpassword.md))
+
+# PlaintextParentPassword Properties
+
+| Property | Type | Required | Nullable | Defined by |
+| :------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [hash](#hash) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/hash") |
+| [secondHash](#secondhash) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondHash") |
+| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondSalt") |
+
+## hash
+
+
+
+`hash`
+
+* is required
+
+* Type: `string`
+
+* cannot be null
+
+* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/hash")
+
+### hash Type
+
+`string`
+
+## secondHash
+
+
+
+`secondHash`
+
+* is required
+
+* Type: `string`
+
+* cannot be null
+
+* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondHash")
+
+### secondHash Type
+
+`string`
+
+## secondSalt
+
+
+
+`secondSalt`
+
+* is required
+
+* Type: `string`
+
+* cannot be null
+
+* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondSalt")
+
+### secondSalt Type
+
+`string`
diff --git a/docs/schema/createfamilybymailtokenrequest.md b/docs/schema/createfamilybymailtokenrequest.md
index f2c6ed2..e99bf02 100644
--- a/docs/schema/createfamilybymailtokenrequest.md
+++ b/docs/schema/createfamilybymailtokenrequest.md
@@ -16,14 +16,14 @@ https://timelimit.io/CreateFamilyByMailTokenRequest
# CreateFamilyByMailTokenRequest Properties
-| Property | Type | Required | Nullable | Defined by |
-| :-------------------------------- | :------- | :------- | :------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| [mailAuthToken](#mailauthtoken) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-mailauthtoken.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/mailAuthToken") |
-| [parentPassword](#parentpassword) | `object` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentPassword") |
-| [parentDevice](#parentdevice) | `object` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-newdeviceinfo.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentDevice") |
-| [deviceName](#devicename) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-devicename.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/deviceName") |
-| [timeZone](#timezone) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-timezone.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/timeZone") |
-| [parentName](#parentname) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-parentname.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentName") |
+| Property | Type | Required | Nullable | Defined by |
+| :-------------------------------- | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [mailAuthToken](#mailauthtoken) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-mailauthtoken.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/mailAuthToken") |
+| [parentPassword](#parentpassword) | `object` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentPassword") |
+| [parentDevice](#parentdevice) | `object` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-newdeviceinfo.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentDevice") |
+| [deviceName](#devicename) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-devicename.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/deviceName") |
+| [timeZone](#timezone) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-timezone.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/timeZone") |
+| [parentName](#parentname) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-parentname.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentName") |
## mailAuthToken
@@ -51,15 +51,15 @@ https://timelimit.io/CreateFamilyByMailTokenRequest
* is required
-* Type: `object` ([ParentPassword](createfamilybymailtokenrequest-definitions-parentpassword.md))
+* Type: `object` ([PlaintextParentPassword](createfamilybymailtokenrequest-definitions-plaintextparentpassword.md))
* cannot be null
-* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentPassword")
+* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentPassword")
### parentPassword Type
-`object` ([ParentPassword](createfamilybymailtokenrequest-definitions-parentpassword.md))
+`object` ([PlaintextParentPassword](createfamilybymailtokenrequest-definitions-plaintextparentpassword.md))
## parentDevice
@@ -135,19 +135,19 @@ https://timelimit.io/CreateFamilyByMailTokenRequest
# CreateFamilyByMailTokenRequest Definitions
-## Definitions group ParentPassword
+## Definitions group PlaintextParentPassword
Reference this group by using
```json
-{"$ref":"https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword"}
+{"$ref":"https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword"}
```
-| Property | Type | Required | Nullable | Defined by |
-| :------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| [hash](#hash) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword-properties-hash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword/properties/hash") |
-| [secondHash](#secondhash) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword/properties/secondHash") |
-| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword/properties/secondSalt") |
+| Property | Type | Required | Nullable | Defined by |
+| :------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [hash](#hash) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/hash") |
+| [secondHash](#secondhash) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondHash") |
+| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondSalt") |
### hash
@@ -161,7 +161,7 @@ Reference this group by using
* cannot be null
-* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword-properties-hash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword/properties/hash")
+* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/hash")
#### hash Type
@@ -179,7 +179,7 @@ Reference this group by using
* cannot be null
-* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword/properties/secondHash")
+* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondHash")
#### secondHash Type
@@ -197,7 +197,7 @@ Reference this group by using
* cannot be null
-* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword/properties/secondSalt")
+* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondSalt")
#### secondSalt Type
diff --git a/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-hash.md b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-hash.md
new file mode 100644
index 0000000..f6e9d80
--- /dev/null
+++ b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-hash.md
@@ -0,0 +1,15 @@
+# Untitled string in RecoverParentPasswordRequest Schema
+
+```txt
+https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/hash
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------------------ |
+| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [RecoverParentPasswordRequest.schema.json\*](RecoverParentPasswordRequest.schema.json "open original schema") |
+
+## hash Type
+
+`string`
diff --git a/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondhash.md b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondhash.md
new file mode 100644
index 0000000..baa6bd3
--- /dev/null
+++ b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondhash.md
@@ -0,0 +1,15 @@
+# Untitled string in RecoverParentPasswordRequest Schema
+
+```txt
+https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondHash
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------------------ |
+| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [RecoverParentPasswordRequest.schema.json\*](RecoverParentPasswordRequest.schema.json "open original schema") |
+
+## secondHash Type
+
+`string`
diff --git a/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondsalt.md b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondsalt.md
new file mode 100644
index 0000000..2e143f6
--- /dev/null
+++ b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondsalt.md
@@ -0,0 +1,15 @@
+# Untitled string in RecoverParentPasswordRequest Schema
+
+```txt
+https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondSalt
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------------------ |
+| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [RecoverParentPasswordRequest.schema.json\*](RecoverParentPasswordRequest.schema.json "open original schema") |
+
+## secondSalt Type
+
+`string`
diff --git a/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword.md b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword.md
new file mode 100644
index 0000000..ec4614d
--- /dev/null
+++ b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword.md
@@ -0,0 +1,77 @@
+# PlaintextParentPassword Schema
+
+```txt
+https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :----------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------------------ |
+| Can be instantiated | No | Unknown status | No | Forbidden | Forbidden | none | [RecoverParentPasswordRequest.schema.json\*](RecoverParentPasswordRequest.schema.json "open original schema") |
+
+## PlaintextParentPassword Type
+
+`object` ([PlaintextParentPassword](recoverparentpasswordrequest-definitions-plaintextparentpassword.md))
+
+# PlaintextParentPassword Properties
+
+| Property | Type | Required | Nullable | Defined by |
+| :------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [hash](#hash) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/hash") |
+| [secondHash](#secondhash) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondHash") |
+| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondSalt") |
+
+## hash
+
+
+
+`hash`
+
+* is required
+
+* Type: `string`
+
+* cannot be null
+
+* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/hash")
+
+### hash Type
+
+`string`
+
+## secondHash
+
+
+
+`secondHash`
+
+* is required
+
+* Type: `string`
+
+* cannot be null
+
+* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondHash")
+
+### secondHash Type
+
+`string`
+
+## secondSalt
+
+
+
+`secondSalt`
+
+* is required
+
+* Type: `string`
+
+* cannot be null
+
+* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondSalt")
+
+### secondSalt Type
+
+`string`
diff --git a/docs/schema/recoverparentpasswordrequest.md b/docs/schema/recoverparentpasswordrequest.md
index 9de64b8..2ed5fa6 100644
--- a/docs/schema/recoverparentpasswordrequest.md
+++ b/docs/schema/recoverparentpasswordrequest.md
@@ -16,10 +16,10 @@ https://timelimit.io/RecoverParentPasswordRequest
# RecoverParentPasswordRequest Properties
-| Property | Type | Required | Nullable | Defined by |
-| :------------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| [mailAuthToken](#mailauthtoken) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-properties-mailauthtoken.md "https://timelimit.io/RecoverParentPasswordRequest#/properties/mailAuthToken") |
-| [password](#password) | `object` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword.md "https://timelimit.io/RecoverParentPasswordRequest#/properties/password") |
+| Property | Type | Required | Nullable | Defined by |
+| :------------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [mailAuthToken](#mailauthtoken) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-properties-mailauthtoken.md "https://timelimit.io/RecoverParentPasswordRequest#/properties/mailAuthToken") |
+| [password](#password) | `object` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword.md "https://timelimit.io/RecoverParentPasswordRequest#/properties/password") |
## mailAuthToken
@@ -47,31 +47,31 @@ https://timelimit.io/RecoverParentPasswordRequest
* is required
-* Type: `object` ([ParentPassword](recoverparentpasswordrequest-definitions-parentpassword.md))
+* Type: `object` ([PlaintextParentPassword](recoverparentpasswordrequest-definitions-plaintextparentpassword.md))
* cannot be null
-* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword.md "https://timelimit.io/RecoverParentPasswordRequest#/properties/password")
+* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword.md "https://timelimit.io/RecoverParentPasswordRequest#/properties/password")
### password Type
-`object` ([ParentPassword](recoverparentpasswordrequest-definitions-parentpassword.md))
+`object` ([PlaintextParentPassword](recoverparentpasswordrequest-definitions-plaintextparentpassword.md))
# RecoverParentPasswordRequest Definitions
-## Definitions group ParentPassword
+## Definitions group PlaintextParentPassword
Reference this group by using
```json
-{"$ref":"https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword"}
+{"$ref":"https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword"}
```
-| Property | Type | Required | Nullable | Defined by |
-| :------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| [hash](#hash) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword-properties-hash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword/properties/hash") |
-| [secondHash](#secondhash) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword/properties/secondHash") |
-| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword/properties/secondSalt") |
+| Property | Type | Required | Nullable | Defined by |
+| :------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [hash](#hash) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/hash") |
+| [secondHash](#secondhash) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondHash") |
+| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondSalt") |
### hash
@@ -85,7 +85,7 @@ Reference this group by using
* cannot be null
-* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword-properties-hash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword/properties/hash")
+* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/hash")
#### hash Type
@@ -103,7 +103,7 @@ Reference this group by using
* cannot be null
-* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword/properties/secondHash")
+* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondHash")
#### secondHash Type
@@ -121,7 +121,7 @@ Reference this group by using
* cannot be null
-* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword/properties/secondSalt")
+* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondSalt")
#### secondSalt Type
diff --git a/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-encrypted.md b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-encrypted.md
new file mode 100644
index 0000000..5efe5fb
--- /dev/null
+++ b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-encrypted.md
@@ -0,0 +1,15 @@
+# Untitled boolean in SerializedChildAction Schema
+
+```txt
+https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/encrypted
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------- |
+| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedChildAction.schema.json\*](SerializedChildAction.schema.json "open original schema") |
+
+## encrypted Type
+
+`boolean`
diff --git a/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-hash.md b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-hash.md
new file mode 100644
index 0000000..c91fd20
--- /dev/null
+++ b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-hash.md
@@ -0,0 +1,15 @@
+# Untitled string in SerializedChildAction Schema
+
+```txt
+https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/hash
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------- |
+| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedChildAction.schema.json\*](SerializedChildAction.schema.json "open original schema") |
+
+## hash Type
+
+`string`
diff --git a/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-secondhash.md b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-secondhash.md
new file mode 100644
index 0000000..9badc8e
--- /dev/null
+++ b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-secondhash.md
@@ -0,0 +1,15 @@
+# Untitled string in SerializedChildAction Schema
+
+```txt
+https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondHash
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------- |
+| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedChildAction.schema.json\*](SerializedChildAction.schema.json "open original schema") |
+
+## secondHash Type
+
+`string`
diff --git a/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-secondsalt.md b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-secondsalt.md
new file mode 100644
index 0000000..4f4423d
--- /dev/null
+++ b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-secondsalt.md
@@ -0,0 +1,15 @@
+# Untitled string in SerializedChildAction Schema
+
+```txt
+https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondSalt
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------- |
+| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedChildAction.schema.json\*](SerializedChildAction.schema.json "open original schema") |
+
+## secondSalt Type
+
+`string`
diff --git a/docs/schema/serializedchildaction-definitions-encryptableparentpassword.md b/docs/schema/serializedchildaction-definitions-encryptableparentpassword.md
new file mode 100644
index 0000000..4e77603
--- /dev/null
+++ b/docs/schema/serializedchildaction-definitions-encryptableparentpassword.md
@@ -0,0 +1,96 @@
+# EncryptableParentPassword Schema
+
+```txt
+https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :----------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------- |
+| Can be instantiated | No | Unknown status | No | Forbidden | Forbidden | none | [SerializedChildAction.schema.json\*](SerializedChildAction.schema.json "open original schema") |
+
+## EncryptableParentPassword Type
+
+`object` ([EncryptableParentPassword](serializedchildaction-definitions-encryptableparentpassword.md))
+
+# EncryptableParentPassword Properties
+
+| Property | Type | Required | Nullable | Defined by |
+| :------------------------ | :-------- | :------- | :------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [hash](#hash) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/hash") |
+| [secondHash](#secondhash) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondHash") |
+| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondSalt") |
+| [encrypted](#encrypted) | `boolean` | Optional | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/encrypted") |
+
+## hash
+
+
+
+`hash`
+
+* is required
+
+* Type: `string`
+
+* cannot be null
+
+* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/hash")
+
+### hash Type
+
+`string`
+
+## secondHash
+
+
+
+`secondHash`
+
+* is required
+
+* Type: `string`
+
+* cannot be null
+
+* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondHash")
+
+### secondHash Type
+
+`string`
+
+## secondSalt
+
+
+
+`secondSalt`
+
+* is required
+
+* Type: `string`
+
+* cannot be null
+
+* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondSalt")
+
+### secondSalt Type
+
+`string`
+
+## encrypted
+
+
+
+`encrypted`
+
+* is optional
+
+* Type: `boolean`
+
+* cannot be null
+
+* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/encrypted")
+
+### encrypted Type
+
+`boolean`
diff --git a/docs/schema/serializedchildaction-definitions-serializedchildchangepasswordaction.md b/docs/schema/serializedchildaction-definitions-serializedchildchangepasswordaction.md
index 0e35566..489240d 100644
--- a/docs/schema/serializedchildaction-definitions-serializedchildchangepasswordaction.md
+++ b/docs/schema/serializedchildaction-definitions-serializedchildchangepasswordaction.md
@@ -19,7 +19,7 @@ https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePas
| Property | Type | Required | Nullable | Defined by |
| :-------------------- | :------- | :------- | :------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| [type](#type) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-serializedchildchangepasswordaction-properties-type.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/type") |
-| [password](#password) | `object` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-parentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password") |
+| [password](#password) | `object` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password") |
## type
@@ -55,12 +55,12 @@ https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePas
* is required
-* Type: `object` ([ParentPassword](serializedchildaction-definitions-parentpassword.md))
+* Type: `object` ([EncryptableParentPassword](serializedchildaction-definitions-encryptableparentpassword.md))
* cannot be null
-* defined in: [SerializedChildAction](serializedchildaction-definitions-parentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password")
+* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password")
### password Type
-`object` ([ParentPassword](serializedchildaction-definitions-parentpassword.md))
+`object` ([EncryptableParentPassword](serializedchildaction-definitions-encryptableparentpassword.md))
diff --git a/docs/schema/serializedchildaction.md b/docs/schema/serializedchildaction.md
index 159f21a..577a1ff 100644
--- a/docs/schema/serializedchildaction.md
+++ b/docs/schema/serializedchildaction.md
@@ -33,7 +33,7 @@ Reference this group by using
| Property | Type | Required | Nullable | Defined by |
| :-------------------- | :------- | :------- | :------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| [type](#type) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-serializedchildchangepasswordaction-properties-type.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/type") |
-| [password](#password) | `object` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-parentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password") |
+| [password](#password) | `object` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password") |
### type
@@ -69,29 +69,30 @@ Reference this group by using
* is required
-* Type: `object` ([ParentPassword](serializedchildaction-definitions-parentpassword.md))
+* Type: `object` ([EncryptableParentPassword](serializedchildaction-definitions-encryptableparentpassword.md))
* cannot be null
-* defined in: [SerializedChildAction](serializedchildaction-definitions-parentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password")
+* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password")
#### password Type
-`object` ([ParentPassword](serializedchildaction-definitions-parentpassword.md))
+`object` ([EncryptableParentPassword](serializedchildaction-definitions-encryptableparentpassword.md))
-## Definitions group ParentPassword
+## Definitions group EncryptableParentPassword
Reference this group by using
```json
-{"$ref":"https://timelimit.io/SerializedChildAction#/definitions/ParentPassword"}
+{"$ref":"https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword"}
```
-| Property | Type | Required | Nullable | Defined by |
-| :------------------------ | :------- | :------- | :------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| [hash](#hash) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-parentpassword-properties-hash.md "https://timelimit.io/SerializedChildAction#/definitions/ParentPassword/properties/hash") |
-| [secondHash](#secondhash) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/SerializedChildAction#/definitions/ParentPassword/properties/secondHash") |
-| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/SerializedChildAction#/definitions/ParentPassword/properties/secondSalt") |
+| Property | Type | Required | Nullable | Defined by |
+| :------------------------ | :-------- | :------- | :------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [hash](#hash) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/hash") |
+| [secondHash](#secondhash) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondHash") |
+| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondSalt") |
+| [encrypted](#encrypted) | `boolean` | Optional | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/encrypted") |
### hash
@@ -105,7 +106,7 @@ Reference this group by using
* cannot be null
-* defined in: [SerializedChildAction](serializedchildaction-definitions-parentpassword-properties-hash.md "https://timelimit.io/SerializedChildAction#/definitions/ParentPassword/properties/hash")
+* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/hash")
#### hash Type
@@ -123,7 +124,7 @@ Reference this group by using
* cannot be null
-* defined in: [SerializedChildAction](serializedchildaction-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/SerializedChildAction#/definitions/ParentPassword/properties/secondHash")
+* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondHash")
#### secondHash Type
@@ -141,12 +142,30 @@ Reference this group by using
* cannot be null
-* defined in: [SerializedChildAction](serializedchildaction-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/SerializedChildAction#/definitions/ParentPassword/properties/secondSalt")
+* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondSalt")
#### secondSalt Type
`string`
+### encrypted
+
+
+
+`encrypted`
+
+* is optional
+
+* Type: `boolean`
+
+* cannot be null
+
+* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/encrypted")
+
+#### encrypted Type
+
+`boolean`
+
## Definitions group SerializedChildSignInAction
Reference this group by using
diff --git a/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-encrypted.md b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-encrypted.md
new file mode 100644
index 0000000..486b4e8
--- /dev/null
+++ b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-encrypted.md
@@ -0,0 +1,15 @@
+# Untitled boolean in SerializedParentAction Schema
+
+```txt
+https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/encrypted
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------ |
+| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedParentAction.schema.json\*](SerializedParentAction.schema.json "open original schema") |
+
+## encrypted Type
+
+`boolean`
diff --git a/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-hash.md b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-hash.md
new file mode 100644
index 0000000..2793e2a
--- /dev/null
+++ b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-hash.md
@@ -0,0 +1,15 @@
+# Untitled string in SerializedParentAction Schema
+
+```txt
+https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/hash
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------ |
+| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedParentAction.schema.json\*](SerializedParentAction.schema.json "open original schema") |
+
+## hash Type
+
+`string`
diff --git a/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-secondhash.md b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-secondhash.md
new file mode 100644
index 0000000..561c402
--- /dev/null
+++ b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-secondhash.md
@@ -0,0 +1,15 @@
+# Untitled string in SerializedParentAction Schema
+
+```txt
+https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondHash
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------ |
+| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedParentAction.schema.json\*](SerializedParentAction.schema.json "open original schema") |
+
+## secondHash Type
+
+`string`
diff --git a/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-secondsalt.md b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-secondsalt.md
new file mode 100644
index 0000000..7fafbf3
--- /dev/null
+++ b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-secondsalt.md
@@ -0,0 +1,15 @@
+# Untitled string in SerializedParentAction Schema
+
+```txt
+https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondSalt
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------ |
+| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedParentAction.schema.json\*](SerializedParentAction.schema.json "open original schema") |
+
+## secondSalt Type
+
+`string`
diff --git a/docs/schema/serializedparentaction-definitions-encryptableparentpassword.md b/docs/schema/serializedparentaction-definitions-encryptableparentpassword.md
new file mode 100644
index 0000000..9d7c7b0
--- /dev/null
+++ b/docs/schema/serializedparentaction-definitions-encryptableparentpassword.md
@@ -0,0 +1,96 @@
+# EncryptableParentPassword Schema
+
+```txt
+https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword
+```
+
+
+
+| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
+| :------------------ | :--------- | :------------- | :----------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------ |
+| Can be instantiated | No | Unknown status | No | Forbidden | Forbidden | none | [SerializedParentAction.schema.json\*](SerializedParentAction.schema.json "open original schema") |
+
+## newPassword Type
+
+`object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md))
+
+# newPassword Properties
+
+| Property | Type | Required | Nullable | Defined by |
+| :------------------------ | :-------- | :------- | :------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [hash](#hash) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/hash") |
+| [secondHash](#secondhash) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondHash") |
+| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondSalt") |
+| [encrypted](#encrypted) | `boolean` | Optional | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/encrypted") |
+
+## hash
+
+
+
+`hash`
+
+* is required
+
+* Type: `string`
+
+* cannot be null
+
+* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/hash")
+
+### hash Type
+
+`string`
+
+## secondHash
+
+
+
+`secondHash`
+
+* is required
+
+* Type: `string`
+
+* cannot be null
+
+* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondHash")
+
+### secondHash Type
+
+`string`
+
+## secondSalt
+
+
+
+`secondSalt`
+
+* is required
+
+* Type: `string`
+
+* cannot be null
+
+* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondSalt")
+
+### secondSalt Type
+
+`string`
+
+## encrypted
+
+
+
+`encrypted`
+
+* is optional
+
+* Type: `boolean`
+
+* cannot be null
+
+* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/encrypted")
+
+### encrypted Type
+
+`boolean`
diff --git a/docs/schema/serializedparentaction-definitions-serializedadduseraction.md b/docs/schema/serializedparentaction-definitions-serializedadduseraction.md
index 4d35ad3..e20b24a 100644
--- a/docs/schema/serializedparentaction-definitions-serializedadduseraction.md
+++ b/docs/schema/serializedparentaction-definitions-serializedadduseraction.md
@@ -22,7 +22,7 @@ https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction
| [name](#name) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-name.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/name") |
| [userType](#usertype) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-usertype.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/userType") |
| [userId](#userid) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-userid.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/userId") |
-| [password](#password) | `object` | Optional | cannot be null | [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password") |
+| [password](#password) | `object` | Optional | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password") |
| [timeZone](#timezone) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-timezone.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/timeZone") |
## type
@@ -122,15 +122,15 @@ https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction
* is optional
-* Type: `object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md))
+* Type: `object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md))
* cannot be null
-* defined in: [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password")
+* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password")
### password Type
-`object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md))
+`object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md))
## timeZone
diff --git a/docs/schema/serializedparentaction-definitions-serializedsetchildpasswordaction.md b/docs/schema/serializedparentaction-definitions-serializedsetchildpasswordaction.md
index 8735eec..8439200 100644
--- a/docs/schema/serializedparentaction-definitions-serializedsetchildpasswordaction.md
+++ b/docs/schema/serializedparentaction-definitions-serializedsetchildpasswordaction.md
@@ -20,7 +20,7 @@ https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPassw
| :-------------------------- | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [type](#type) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedsetchildpasswordaction-properties-type.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/type") |
| [childId](#childid) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedsetchildpasswordaction-properties-childid.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/childId") |
-| [newPassword](#newpassword) | `object` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword") |
+| [newPassword](#newpassword) | `object` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword") |
## type
@@ -74,12 +74,12 @@ https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPassw
* is required
-* Type: `object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md))
+* Type: `object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md))
* cannot be null
-* defined in: [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword")
+* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword")
### newPassword Type
-`object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md))
+`object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md))
diff --git a/docs/schema/serializedparentaction.md b/docs/schema/serializedparentaction.md
index 853e758..0e218f1 100644
--- a/docs/schema/serializedparentaction.md
+++ b/docs/schema/serializedparentaction.md
@@ -297,7 +297,7 @@ Reference this group by using
| [name](#name) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-name.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/name") |
| [userType](#usertype) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-usertype.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/userType") |
| [userId](#userid) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-userid.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/userId") |
-| [password](#password) | `object` | Optional | cannot be null | [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password") |
+| [password](#password) | `object` | Optional | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password") |
| [timeZone](#timezone) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-timezone.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/timeZone") |
### type
@@ -397,15 +397,15 @@ Reference this group by using
* is optional
-* Type: `object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md))
+* Type: `object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md))
* cannot be null
-* defined in: [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password")
+* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password")
#### password Type
-`object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md))
+`object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md))
### timeZone
@@ -425,19 +425,20 @@ Reference this group by using
`string`
-## Definitions group ParentPassword
+## Definitions group EncryptableParentPassword
Reference this group by using
```json
-{"$ref":"https://timelimit.io/SerializedParentAction#/definitions/ParentPassword"}
+{"$ref":"https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword"}
```
-| Property | Type | Required | Nullable | Defined by |
-| :------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| [hash](#hash) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-parentpassword-properties-hash.md "https://timelimit.io/SerializedParentAction#/definitions/ParentPassword/properties/hash") |
-| [secondHash](#secondhash) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/SerializedParentAction#/definitions/ParentPassword/properties/secondHash") |
-| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/SerializedParentAction#/definitions/ParentPassword/properties/secondSalt") |
+| Property | Type | Required | Nullable | Defined by |
+| :------------------------ | :-------- | :------- | :------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [hash](#hash) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/hash") |
+| [secondHash](#secondhash) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondHash") |
+| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondSalt") |
+| [encrypted](#encrypted) | `boolean` | Optional | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/encrypted") |
### hash
@@ -451,7 +452,7 @@ Reference this group by using
* cannot be null
-* defined in: [SerializedParentAction](serializedparentaction-definitions-parentpassword-properties-hash.md "https://timelimit.io/SerializedParentAction#/definitions/ParentPassword/properties/hash")
+* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/hash")
#### hash Type
@@ -469,7 +470,7 @@ Reference this group by using
* cannot be null
-* defined in: [SerializedParentAction](serializedparentaction-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/SerializedParentAction#/definitions/ParentPassword/properties/secondHash")
+* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondHash")
#### secondHash Type
@@ -487,12 +488,30 @@ Reference this group by using
* cannot be null
-* defined in: [SerializedParentAction](serializedparentaction-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/SerializedParentAction#/definitions/ParentPassword/properties/secondSalt")
+* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondSalt")
#### secondSalt Type
`string`
+### encrypted
+
+
+
+`encrypted`
+
+* is optional
+
+* Type: `boolean`
+
+* cannot be null
+
+* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/encrypted")
+
+#### encrypted Type
+
+`boolean`
+
## Definitions group SerializedChangeParentPasswordAction
Reference this group by using
@@ -2093,7 +2112,7 @@ Reference this group by using
| :-------------------------- | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [type](#type-18) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedsetchildpasswordaction-properties-type.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/type") |
| [childId](#childid-3) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedsetchildpasswordaction-properties-childid.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/childId") |
-| [newPassword](#newpassword) | `object` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword") |
+| [newPassword](#newpassword) | `object` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword") |
### type
@@ -2147,15 +2166,15 @@ Reference this group by using
* is required
-* Type: `object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md))
+* Type: `object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md))
* cannot be null
-* defined in: [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword")
+* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword")
#### newPassword Type
-`object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md))
+`object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md))
## Definitions group SerializedSetConsiderRebootManipulationAction
diff --git a/package-lock.json b/package-lock.json
index 89ee56d..f695bbf 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -35,7 +35,7 @@
"@types/express": "^4.17.9",
"@types/http-errors": "^1.8.0",
"@types/lodash": "^4.14.166",
- "@types/node": "^14.14.16",
+ "@types/node": "^16.11.59",
"@types/nodemailer": "^6.4.4",
"@types/umzug": "^2.3.0",
"@typescript-eslint/eslint-plugin": "^5.10.0",
@@ -407,9 +407,9 @@
"integrity": "sha512-iiUgKzV9AuaEkZqkOLDIvlQiL6ltuZd9tGcW3gwpnX8JbuiuhFlEGmmFXEXkN50Cvq7Os88IY2v0dkDqXYWVgA=="
},
"node_modules/@types/node": {
- "version": "14.18.9",
- "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.9.tgz",
- "integrity": "sha512-j11XSuRuAlft6vLDEX4RvhqC0KxNxx6QIyMXNb0vHHSNPXTPeiy3algESWmOOIzEtiEL0qiowPU3ewW9hHVa7Q=="
+ "version": "16.11.59",
+ "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.59.tgz",
+ "integrity": "sha512-6u+36Dj3aDzhfBVUf/mfmc92OEdzQ2kx2jcXGdigfl70E/neV21ZHE6UCz4MDzTRcVqGAM27fk+DLXvyDsn3Jw=="
},
"node_modules/@types/nodemailer": {
"version": "6.4.4",
@@ -2463,6 +2463,11 @@
"node": ">= 10.13"
}
},
+ "node_modules/mariadb/node_modules/@types/node": {
+ "version": "14.18.29",
+ "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.29.tgz",
+ "integrity": "sha512-LhF+9fbIX4iPzhsRLpK5H7iPdvW8L4IwGciXQIOEcuF62+9nw/VQVsOViAOOGxY3OlOKGLFv0sWwJXdwQeTn6A=="
+ },
"node_modules/mariadb/node_modules/iconv-lite": {
"version": "0.6.3",
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
@@ -4831,12 +4836,6 @@
"typescript-json-schema": "bin/typescript-json-schema"
}
},
- "node_modules/typescript-json-schema/node_modules/@types/node": {
- "version": "16.11.21",
- "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.21.tgz",
- "integrity": "sha512-Pf8M1XD9i1ksZEcCP8vuSNwooJ/bZapNmIzpmsMaL+jMI+8mEYU3PKvs+xDNuQcJWF/x24WzY4qxLtB0zNow9A==",
- "dev": true
- },
"node_modules/typescript-json-schema/node_modules/typescript": {
"version": "4.4.4",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.4.4.tgz",
@@ -5641,9 +5640,9 @@
"integrity": "sha512-iiUgKzV9AuaEkZqkOLDIvlQiL6ltuZd9tGcW3gwpnX8JbuiuhFlEGmmFXEXkN50Cvq7Os88IY2v0dkDqXYWVgA=="
},
"@types/node": {
- "version": "14.18.9",
- "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.9.tgz",
- "integrity": "sha512-j11XSuRuAlft6vLDEX4RvhqC0KxNxx6QIyMXNb0vHHSNPXTPeiy3algESWmOOIzEtiEL0qiowPU3ewW9hHVa7Q=="
+ "version": "16.11.59",
+ "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.59.tgz",
+ "integrity": "sha512-6u+36Dj3aDzhfBVUf/mfmc92OEdzQ2kx2jcXGdigfl70E/neV21ZHE6UCz4MDzTRcVqGAM27fk+DLXvyDsn3Jw=="
},
"@types/nodemailer": {
"version": "6.4.4",
@@ -7180,6 +7179,11 @@
"please-upgrade-node": "^3.2.0"
},
"dependencies": {
+ "@types/node": {
+ "version": "14.18.29",
+ "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.29.tgz",
+ "integrity": "sha512-LhF+9fbIX4iPzhsRLpK5H7iPdvW8L4IwGciXQIOEcuF62+9nw/VQVsOViAOOGxY3OlOKGLFv0sWwJXdwQeTn6A=="
+ },
"iconv-lite": {
"version": "0.6.3",
"resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz",
@@ -8841,12 +8845,6 @@
"yargs": "^17.1.1"
},
"dependencies": {
- "@types/node": {
- "version": "16.11.21",
- "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.21.tgz",
- "integrity": "sha512-Pf8M1XD9i1ksZEcCP8vuSNwooJ/bZapNmIzpmsMaL+jMI+8mEYU3PKvs+xDNuQcJWF/x24WzY4qxLtB0zNow9A==",
- "dev": true
- },
"typescript": {
"version": "4.4.4",
"resolved": "https://registry.npmjs.org/typescript/-/typescript-4.4.4.tgz",
diff --git a/package.json b/package.json
index da306b5..44b5c85 100644
--- a/package.json
+++ b/package.json
@@ -36,7 +36,7 @@
"@types/express": "^4.17.9",
"@types/http-errors": "^1.8.0",
"@types/lodash": "^4.14.166",
- "@types/node": "^14.14.16",
+ "@types/node": "^16.11.59",
"@types/nodemailer": "^6.4.4",
"@types/umzug": "^2.3.0",
"@typescript-eslint/eslint-plugin": "^5.10.0",
diff --git a/src/action/adduser.ts b/src/action/adduser.ts
index 2339b1b..abf4e26 100644
--- a/src/action/adduser.ts
+++ b/src/action/adduser.ts
@@ -1,6 +1,6 @@
/*
* server component for the TimeLimit App
- * Copyright (C) 2019 - 2020 Jonas Lochmann
+ * Copyright (C) 2019 - 2022 Jonas Lochmann
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -15,7 +15,7 @@
* along with this program. If not, see .
*/
-import { assertParentPasswordValid, ParentPassword, ParentPasswordValidationException } from '../api/schema'
+import { assertParentPasswordValid, EncryptableParentPassword, ParentPasswordValidationException } from '../api/schema'
import { ParentAction } from './basetypes'
import { InvalidActionParameterException } from './meta/exception'
import { assertIdWithinFamily } from './meta/util'
@@ -26,14 +26,14 @@ export class AddUserAction extends ParentAction {
readonly userId: string
readonly name: string
readonly userType: 'parent' | 'child'
- readonly password?: ParentPassword
+ readonly password?: EncryptableParentPassword
readonly timeZone: string
constructor ({ userId, name, userType, password, timeZone }: {
userId: string
name: string
userType: 'parent' | 'child'
- password?: ParentPassword
+ password?: EncryptableParentPassword
timeZone: string
}) {
super()
@@ -85,6 +85,6 @@ export interface SerializedAddUserAction {
name: string
userType: 'parent' | 'child'
userId: string
- password?: ParentPassword
+ password?: EncryptableParentPassword
timeZone: string
}
diff --git a/src/action/childchangepassword.ts b/src/action/childchangepassword.ts
index cb36999..ca30aaf 100644
--- a/src/action/childchangepassword.ts
+++ b/src/action/childchangepassword.ts
@@ -1,6 +1,6 @@
/*
* server component for the TimeLimit App
- * Copyright (C) 2019 - 2020 Jonas Lochmann
+ * Copyright (C) 2019 - 2022 Jonas Lochmann
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -15,17 +15,17 @@
* along with this program. If not, see .
*/
-import { assertParentPasswordValid, ParentPassword, ParentPasswordValidationException } from '../api/schema'
+import { assertParentPasswordValid, EncryptableParentPassword, ParentPasswordValidationException } from '../api/schema'
import { ChildAction } from './basetypes'
import { InvalidActionParameterException } from './meta/exception'
const actionType = 'ChildChangePasswordAction'
export class ChildChangePasswordAction extends ChildAction {
- readonly password: ParentPassword
+ readonly password: EncryptableParentPassword
constructor ({ password }: {
- password: ParentPassword
+ password: EncryptableParentPassword
}) {
super()
@@ -50,5 +50,5 @@ export class ChildChangePasswordAction extends ChildAction {
export interface SerializedChildChangePasswordAction {
type: 'CHILD_CHANGE_PASSWORD'
- password: ParentPassword
+ password: EncryptableParentPassword
}
diff --git a/src/action/setchildpassword.ts b/src/action/setchildpassword.ts
index 34fcb8b..7dc7b4e 100644
--- a/src/action/setchildpassword.ts
+++ b/src/action/setchildpassword.ts
@@ -1,6 +1,6 @@
/*
* server component for the TimeLimit App
- * Copyright (C) 2019 - 2020 Jonas Lochmann
+ * Copyright (C) 2019 - 2022 Jonas Lochmann
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -15,7 +15,7 @@
* along with this program. If not, see .
*/
-import { assertParentPasswordValid, ParentPassword, ParentPasswordValidationException } from '../api/schema'
+import { assertParentPasswordValid, EncryptableParentPassword, ParentPasswordValidationException } from '../api/schema'
import { ParentAction } from './basetypes'
import { InvalidActionParameterException } from './meta/exception'
import { assertIdWithinFamily } from './meta/util'
@@ -24,11 +24,11 @@ const actionType = 'SetChildPasswordAction'
export class SetChildPasswordAction extends ParentAction {
readonly childUserId: string
- readonly newPassword: ParentPassword
+ readonly newPassword: EncryptableParentPassword
constructor ({ childUserId, newPassword }: {
childUserId: string
- newPassword: ParentPassword
+ newPassword: EncryptableParentPassword
}) {
super()
@@ -60,5 +60,5 @@ export class SetChildPasswordAction extends ParentAction {
export interface SerializedSetChildPasswordAction {
type: 'SET_CHILD_PASSWORD'
childId: string
- newPassword: ParentPassword
+ newPassword: EncryptableParentPassword
}
diff --git a/src/api/schema.ts b/src/api/schema.ts
index 7704cf3..9012f9f 100644
--- a/src/api/schema.ts
+++ b/src/api/schema.ts
@@ -1,6 +1,6 @@
/*
* server component for the TimeLimit App
- * Copyright (C) 2019 - 2021 Jonas Lochmann
+ * Copyright (C) 2019 - 2022 Jonas Lochmann
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -44,18 +44,33 @@ export interface NewDeviceInfo {
model: string
}
-export interface ParentPassword {
+export interface PlaintextParentPassword {
hash: string
secondHash: string
secondSalt: string
}
-export const assertParentPasswordValid = (password: ParentPassword) => {
+export interface EncryptableParentPassword {
+ hash: string
+ secondHash: string
+ secondSalt: string
+ encrypted?: boolean
+}
+
+export const assertPlaintextParentPasswordValid = (password: PlaintextParentPassword) => {
+ assertParentPasswordValid({ ...password, encrypted: false })
+}
+
+export const assertParentPasswordValid = (password: EncryptableParentPassword) => {
if (password.hash === '' || password.secondHash === '' || password.secondSalt === '') {
throw new ParentPasswordValidationException('missing fields at parent password')
}
- if (!(optionalPasswordRegex.test(password.hash) && optionalPasswordRegex.test(password.secondHash) && optionalSaltRegex.test(password.secondSalt))) {
+ if (!(optionalPasswordRegex.test(password.hash) && optionalSaltRegex.test(password.secondSalt))) {
+ throw new ParentPasswordValidationException('invalid parent password')
+ }
+
+ if (!password.encrypted && !optionalPasswordRegex.test(password.secondHash)) {
throw new ParentPasswordValidationException('invalid parent password')
}
}
@@ -64,7 +79,7 @@ export class ParentPasswordValidationException extends Error {}
export interface CreateFamilyByMailTokenRequest {
mailAuthToken: string
- parentPassword: ParentPassword
+ parentPassword: PlaintextParentPassword
parentDevice: NewDeviceInfo
deviceName: string
timeZone: string
@@ -79,7 +94,7 @@ export interface SignIntoFamilyRequest {
export interface RecoverParentPasswordRequest {
mailAuthToken: string
- password: ParentPassword
+ password: PlaintextParentPassword
}
export interface RegisterChildDeviceRequest {
diff --git a/src/api/validator.ts b/src/api/validator.ts
index 4698c35..5666631 100644
--- a/src/api/validator.ts
+++ b/src/api/validator.ts
@@ -124,7 +124,7 @@ const definitions = {
},
"additionalProperties": false
},
- "ParentPassword": {
+ "PlaintextParentPassword": {
"type": "object",
"properties": {
"hash": {
@@ -232,7 +232,7 @@ const definitions = {
"type": "string"
},
"password": {
- "$ref": "#/definitions/ParentPassword"
+ "$ref": "#/definitions/EncryptableParentPassword"
},
"timeZone": {
"type": "string"
@@ -247,6 +247,29 @@ const definitions = {
"userType"
]
},
+ "EncryptableParentPassword": {
+ "type": "object",
+ "properties": {
+ "hash": {
+ "type": "string"
+ },
+ "secondHash": {
+ "type": "string"
+ },
+ "secondSalt": {
+ "type": "string"
+ },
+ "encrypted": {
+ "type": "boolean"
+ }
+ },
+ "additionalProperties": false,
+ "required": [
+ "hash",
+ "secondHash",
+ "secondSalt"
+ ]
+ },
"SerializedChangeParentPasswordAction": {
"type": "object",
"properties": {
@@ -694,7 +717,7 @@ const definitions = {
"type": "string"
},
"newPassword": {
- "$ref": "#/definitions/ParentPassword"
+ "$ref": "#/definitions/EncryptableParentPassword"
}
},
"additionalProperties": false,
@@ -1931,7 +1954,7 @@ const definitions = {
]
},
"password": {
- "$ref": "#/definitions/ParentPassword"
+ "$ref": "#/definitions/EncryptableParentPassword"
}
},
"additionalProperties": false,
@@ -2787,7 +2810,7 @@ export const isCreateFamilyByMailTokenRequest: (value: unknown) => value is Crea
"type": "string"
},
"parentPassword": {
- "$ref": "#/definitions/ParentPassword"
+ "$ref": "#/definitions/PlaintextParentPassword"
},
"parentDevice": {
"$ref": "#/definitions/NewDeviceInfo"
@@ -2843,7 +2866,7 @@ export const isRecoverParentPasswordRequest: (value: unknown) => value is Recove
"type": "string"
},
"password": {
- "$ref": "#/definitions/ParentPassword"
+ "$ref": "#/definitions/PlaintextParentPassword"
}
},
"additionalProperties": false,
diff --git a/src/function/dh/decrypt.ts b/src/function/dh/decrypt.ts
new file mode 100644
index 0000000..e664c73
--- /dev/null
+++ b/src/function/dh/decrypt.ts
@@ -0,0 +1,125 @@
+/*
+ * server component for the TimeLimit App
+ * Copyright (C) 2019 - 2022 Jonas Lochmann
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ */
+
+import * as Sequelize from 'sequelize'
+import { createDecipheriv, createPrivateKey, createPublicKey, diffieHellman } from 'crypto'
+import { Database } from '../../database'
+import { calculateExpireTime } from '../../database/devicedhkey'
+import { isVersionId } from '../../util/token'
+
+export async function decrypt({
+ database, transaction, familyId, deviceId, encryptedData, authData
+}: {
+ database: Database
+ transaction: Sequelize.Transaction
+ familyId: string
+ deviceId: string
+ encryptedData: string
+ authData: Buffer
+}) {
+ const parts = encryptedData.split('.')
+
+ if (parts.length !== 3) throw new MalformedDataDecryptException('expected three parts')
+
+ const ivAndEncrypted = Buffer.from(parts[0], 'base64')
+ const otherPublicKey = Buffer.from(parts[1], 'base64')
+ const keyId = parts[2]
+
+ if (ivAndEncrypted.length < 12 + 16) throw new MalformedDataDecryptException('too short for iv and auth tag')
+
+ if (!isVersionId(keyId)) throw new KeyNotFoundDecryptException('invalid key id')
+
+ const databaseKeyEntry = await database.deviceDhKey.findOne({
+ where: {
+ familyId,
+ deviceId,
+ version: keyId
+ },
+ transaction
+ })
+
+ if (!databaseKeyEntry) throw new KeyNotFoundDecryptException('private key not found')
+
+ if (databaseKeyEntry.expireAt === null) {
+ databaseKeyEntry.expireAt = calculateExpireTime(BigInt(Date.now())).toString(10)
+ await databaseKeyEntry.save({ transaction })
+ } else {
+ if (BigInt(databaseKeyEntry.expireAt) < BigInt(Date.now())) throw new KeyExpiredDecryptException()
+ }
+
+ const privateKey = (() => {
+ try {
+ return createPrivateKey({
+ key: databaseKeyEntry.privateKey,
+ format: 'der',
+ type: 'pkcs8'
+ })
+ } catch (ex) {
+ throw new MalformedPrivateKeyException()
+ }
+ })()
+
+ const decodedOtherPublicKey = (() => {
+ try {
+ return createPublicKey({
+ key: otherPublicKey,
+ format: 'der',
+ type: 'spki'
+ })
+ } catch (ex) {
+ throw new MalformedPublicKeyException()
+ }
+ })()
+
+ const sharedSecret = (() => {
+ try {
+ return diffieHellman({
+ privateKey,
+ publicKey: decodedOtherPublicKey
+ })
+ } catch (ex) {
+ throw new MalformedNoMatchingKeysException()
+ }
+ })()
+
+ try {
+ const decipher = createDecipheriv('aes-128-gcm', sharedSecret.slice(0, 16), ivAndEncrypted.slice(0, 12), {
+ authTagLength: 16
+ })
+
+ decipher.setAuthTag(ivAndEncrypted.slice(ivAndEncrypted.length - 16, ivAndEncrypted.length))
+ decipher.setAAD(authData)
+
+ const decryptedData = Buffer.concat([
+ decipher.update(ivAndEncrypted.slice(12, ivAndEncrypted.length - 16)),
+ decipher.final()
+ ])
+
+ return decryptedData
+ } catch (ex) {
+ throw new MalformedAuthenticationException()
+ }
+}
+
+export class DecryptException extends Error {}
+class MalformedDataDecryptException extends DecryptException { constructor(message: string) { super('malformed data: ' + message) } }
+class MalformedPrivateKeyException extends DecryptException { constructor() { super('private key') } }
+class MalformedPublicKeyException extends DecryptException { constructor() { super('public key') } }
+class MalformedNoMatchingKeysException extends DecryptException { constructor() { super('no matching keys') } }
+class MalformedAuthenticationException extends DecryptException { constructor() { super('authentication data') } }
+class KeyExpiredDecryptException extends DecryptException { constructor() { super('key expired') } }
+class KeyNotFoundDecryptException extends DecryptException { constructor(message: string) { super('key not found: ' + message) } }
diff --git a/src/function/dh/genkey.ts b/src/function/dh/genkey.ts
new file mode 100644
index 0000000..df4b3ec
--- /dev/null
+++ b/src/function/dh/genkey.ts
@@ -0,0 +1,38 @@
+/*
+ * server component for the TimeLimit App
+ * Copyright (C) 2019 - 2022 Jonas Lochmann
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ */
+
+import { generateKeyPair } from 'crypto'
+import { promisify } from 'util'
+
+const generateKeyPairAsync = promisify(generateKeyPair)
+
+export async function generateDhKeypair() {
+ return await generateKeyPairAsync(
+ 'ec',
+ {
+ namedCurve: 'prime256v1',
+ publicKeyEncoding: {
+ type: 'spki',
+ format: 'der'
+ },
+ privateKeyEncoding: {
+ type: 'pkcs8',
+ format: 'der'
+ }
+ }
+ )
+}
diff --git a/src/function/dh/index.ts b/src/function/dh/index.ts
new file mode 100644
index 0000000..d974161
--- /dev/null
+++ b/src/function/dh/index.ts
@@ -0,0 +1,20 @@
+/*
+ * server component for the TimeLimit App
+ * Copyright (C) 2019 - 2022 Jonas Lochmann
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ */
+
+export { decrypt } from './decrypt'
+export { generateDhKeypair } from './genkey'
+export { decryptParentPassword } from './parentpassword'
diff --git a/src/function/dh/parentpassword.ts b/src/function/dh/parentpassword.ts
new file mode 100644
index 0000000..322cee7
--- /dev/null
+++ b/src/function/dh/parentpassword.ts
@@ -0,0 +1,56 @@
+/*
+ * server component for the TimeLimit App
+ * Copyright (C) 2019 - 2022 Jonas Lochmann
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, version 3 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see .
+ */
+
+import { Cache } from '../sync/apply-actions/cache'
+import { ApplyActionException } from '../sync/apply-actions/exception'
+import {
+ EncryptableParentPassword, assertParentPasswordValid,
+ PlaintextParentPassword, ParentPasswordValidationException
+} from '../../api/schema'
+import { decrypt, DecryptException } from './decrypt'
+
+export async function decryptParentPassword({ cache, password } : {
+ cache: Cache
+ password: EncryptableParentPassword
+}): Promise {
+ if (!password.encrypted) return password
+
+ try {
+ const secondHash = (await decrypt({
+ database: cache.database,
+ transaction: cache.transaction,
+ familyId: cache.familyId,
+ deviceId: cache.deviceId,
+ encryptedData: password.secondHash,
+ authData: Buffer.from(`ParentPassword:${password.hash}:${password.secondSalt}`, 'ascii')
+ })).toString('ascii')
+
+ const result: PlaintextParentPassword = {
+ hash: password.hash,
+ secondSalt: password.secondSalt,
+ secondHash
+ }
+
+ assertParentPasswordValid(result)
+
+ return result
+ } catch (ex) {
+ if (ex instanceof DecryptException) throw new ApplyActionException({ staticMessage: ex.message })
+ else if (ex instanceof ParentPasswordValidationException) throw new ApplyActionException({ staticMessage: 'invalid encrypted parent password' })
+ else throw ex
+ }
+}
diff --git a/src/function/parent/create-family.ts b/src/function/parent/create-family.ts
index 9bf20f4..c05676d 100644
--- a/src/function/parent/create-family.ts
+++ b/src/function/parent/create-family.ts
@@ -16,7 +16,7 @@
*/
import { Conflict } from 'http-errors'
-import { NewDeviceInfo, ParentPassword } from '../../api/schema'
+import { NewDeviceInfo, PlaintextParentPassword, assertPlaintextParentPasswordValid } from '../../api/schema'
import { Database } from '../../database'
import { maxMailNotificationFlags } from '../../database/user'
import {
@@ -29,12 +29,14 @@ export const createFamily = async ({ database, mailAuthToken, firstParentDevice,
database: Database,
mailAuthToken: string,
firstParentDevice: NewDeviceInfo,
- password: ParentPassword,
+ password: PlaintextParentPassword,
timeZone: string,
parentName: string,
deviceName: string
// no transaction here because this is directly called from an API endpoint
}) => {
+ assertPlaintextParentPasswordValid(password)
+
return database.transaction(async (transaction) => {
const now = Date.now().toString(10)
const mailInfo = await requireMailAndLocaleByAuthToken({ database, mailAuthToken, transaction, invalidate: true })
diff --git a/src/function/parent/recover-parent-password.ts b/src/function/parent/recover-parent-password.ts
index 6a17f99..240f613 100644
--- a/src/function/parent/recover-parent-password.ts
+++ b/src/function/parent/recover-parent-password.ts
@@ -16,7 +16,7 @@
*/
import { Conflict } from 'http-errors'
-import { ParentPassword } from '../../api/schema'
+import { PlaintextParentPassword, assertPlaintextParentPasswordValid } from '../../api/schema'
import { Database } from '../../database'
import { sendPasswordRecoveryUsedMail } from '../../util/mail'
import { generateVersionId } from '../../util/token'
@@ -27,10 +27,12 @@ import { notifyClientsAboutChangesDelayed } from '../websocket'
export const recoverParentPassword = async ({ database, websocket, password, mailAuthToken }: {
database: Database
websocket: WebsocketApi
- password: ParentPassword
+ password: PlaintextParentPassword
mailAuthToken: string
// no transaction here because this is directly called from an API endpoint
}) => {
+ assertPlaintextParentPasswordValid(password)
+
await database.transaction(async (transaction) => {
const mailInfo = await requireMailAndLocaleByAuthToken({ mailAuthToken, database, transaction, invalidate: true })
diff --git a/src/function/sync/apply-actions/cache.ts b/src/function/sync/apply-actions/cache.ts
index 8d47299..c184252 100644
--- a/src/function/sync/apply-actions/cache.ts
+++ b/src/function/sync/apply-actions/cache.ts
@@ -1,6 +1,6 @@
/*
* server component for the TimeLimit App
- * Copyright (C) 2019 - 2020 Jonas Lochmann
+ * Copyright (C) 2019 - 2022 Jonas Lochmann
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -27,6 +27,7 @@ import { InvalidChildActionIntegrityValue } from './exception/integrity'
export class Cache {
readonly familyId: string
+ readonly deviceId: string
readonly hasFullVersion: boolean
transaction: Sequelize.Transaction
readonly database: Database
@@ -46,14 +47,16 @@ export class Cache {
invalidiateDeviceList = false
areChangesImportant = false
- constructor ({ familyId, hasFullVersion, database, transaction, connectedDevicesManager }: {
+ constructor ({ familyId, deviceId, hasFullVersion, database, transaction, connectedDevicesManager }: {
familyId: string
+ deviceId: string
hasFullVersion: boolean
database: Database
transaction: Sequelize.Transaction
connectedDevicesManager: VisibleConnectedDevicesManager
}) {
this.familyId = familyId
+ this.deviceId = deviceId
this.hasFullVersion = hasFullVersion || config.alwaysPro
this.database = database
this.transaction = transaction
diff --git a/src/function/sync/apply-actions/dispatch-child-action/childchangepassword.ts b/src/function/sync/apply-actions/dispatch-child-action/childchangepassword.ts
index 0011bf5..6946a98 100644
--- a/src/function/sync/apply-actions/dispatch-child-action/childchangepassword.ts
+++ b/src/function/sync/apply-actions/dispatch-child-action/childchangepassword.ts
@@ -1,6 +1,6 @@
/*
* server component for the TimeLimit App
- * Copyright (C) 2019 - 2021 Jonas Lochmann
+ * Copyright (C) 2019 - 2022 Jonas Lochmann
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -18,6 +18,7 @@
import { ChildChangePasswordAction } from '../../../../action'
import { Cache } from '../cache'
import { SourceUserNotFoundException } from '../exception/illegal-state'
+import { decryptParentPassword } from '../../../dh'
export const dispatchChildChangePassword = async ({ action, childUserId, cache }: {
action: ChildChangePasswordAction
@@ -37,9 +38,11 @@ export const dispatchChildChangePassword = async ({ action, childUserId, cache }
throw new SourceUserNotFoundException()
}
- childEntry.passwordHash = action.password.hash
- childEntry.secondPasswordSalt = action.password.secondSalt
- childEntry.secondPasswordHash = action.password.secondHash
+ const newPassword = await decryptParentPassword({ cache, password: action.password })
+
+ childEntry.passwordHash = newPassword.hash
+ childEntry.secondPasswordSalt = newPassword.secondSalt
+ childEntry.secondPasswordHash = newPassword.secondHash
await childEntry.save({ transaction: cache.transaction })
diff --git a/src/function/sync/apply-actions/dispatch-parent-action/adduser.ts b/src/function/sync/apply-actions/dispatch-parent-action/adduser.ts
index 761a4a4..be70581 100644
--- a/src/function/sync/apply-actions/dispatch-parent-action/adduser.ts
+++ b/src/function/sync/apply-actions/dispatch-parent-action/adduser.ts
@@ -1,6 +1,6 @@
/*
* server component for the TimeLimit App
- * Copyright (C) 2019 - 2020 Jonas Lochmann
+ * Copyright (C) 2019 - 2022 Jonas Lochmann
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -16,21 +16,27 @@
*/
import { AddUserAction } from '../../../../action'
+import { decryptParentPassword } from '../../../dh'
import { Cache } from '../cache'
export async function dispatchAddUser ({ action, cache }: {
action: AddUserAction
cache: Cache
}) {
+ const password =
+ action.password ?
+ await decryptParentPassword({ cache, password: action.password }) :
+ null
+
await cache.database.user.create({
familyId: cache.familyId,
userId: action.userId,
type: action.userType,
name: action.name,
timeZone: action.timeZone,
- passwordHash: action.password ? action.password.hash : '',
- secondPasswordHash: action.password ? action.password.secondHash : '',
- secondPasswordSalt: action.password ? action.password.secondSalt : '',
+ passwordHash: password ? password.hash : '',
+ secondPasswordHash: password ? password.secondHash : '',
+ secondPasswordSalt: password ? password.secondSalt : '',
mail: '',
disableTimelimitsUntil: '0',
currentDevice: '',
diff --git a/src/function/sync/apply-actions/dispatch-parent-action/setchildpassword.ts b/src/function/sync/apply-actions/dispatch-parent-action/setchildpassword.ts
index 8ecada5..f7fba42 100644
--- a/src/function/sync/apply-actions/dispatch-parent-action/setchildpassword.ts
+++ b/src/function/sync/apply-actions/dispatch-parent-action/setchildpassword.ts
@@ -1,6 +1,6 @@
/*
* server component for the TimeLimit App
- * Copyright (C) 2019 - 2021 Jonas Lochmann
+ * Copyright (C) 2019 - 2022 Jonas Lochmann
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -18,6 +18,7 @@
import { SetChildPasswordAction } from '../../../../action'
import { Cache } from '../cache'
import { MissingUserException } from '../exception/missing-item'
+import { decryptParentPassword } from '../../../dh'
export async function dispatchSetChildPassword ({ action, cache }: {
action: SetChildPasswordAction
@@ -36,9 +37,11 @@ export async function dispatchSetChildPassword ({ action, cache }: {
throw new MissingUserException()
}
- childEntry.passwordHash = action.newPassword.hash
- childEntry.secondPasswordSalt = action.newPassword.secondSalt
- childEntry.secondPasswordHash = action.newPassword.secondHash
+ const newPassword = await decryptParentPassword({ cache, password: action.newPassword })
+
+ childEntry.passwordHash = newPassword.hash
+ childEntry.secondPasswordSalt = newPassword.secondSalt
+ childEntry.secondPasswordHash = newPassword.secondHash
await childEntry.save({ transaction: cache.transaction })
diff --git a/src/function/sync/apply-actions/index.ts b/src/function/sync/apply-actions/index.ts
index 17255bf..c857530 100644
--- a/src/function/sync/apply-actions/index.ts
+++ b/src/function/sync/apply-actions/index.ts
@@ -1,6 +1,6 @@
/*
* server component for the TimeLimit App
- * Copyright (C) 2019 - 2020 Jonas Lochmann
+ * Copyright (C) 2019 - 2022 Jonas Lochmann
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -54,6 +54,7 @@ export const applyActionsFromDevice = async ({ database, request, websocket, con
hasFullVersion: baseInfo.hasFullVersion,
transaction,
familyId: baseInfo.familyId,
+ deviceId: baseInfo.deviceId,
connectedDevicesManager
})
diff --git a/src/function/sync/get-server-data-status/dh-keys.ts b/src/function/sync/get-server-data-status/dh-keys.ts
index b1a87dd..71cd16c 100644
--- a/src/function/sync/get-server-data-status/dh-keys.ts
+++ b/src/function/sync/get-server-data-status/dh-keys.ts
@@ -21,11 +21,8 @@ import { config, calculateExpireTime } from '../../../database/devicedhkey'
import { ServerDhKey } from '../../../object/serverdatastatus'
import { generateVersionId } from '../../../util/token'
import { EventHandler } from '../../../monitoring/eventhandler'
+import { generateDhKeypair } from '../../../function/dh'
import { FamilyEntry } from './family-entry'
-import { generateKeyPair } from 'crypto'
-import { promisify } from 'util'
-
-const generateKeyPairAsync = promisify(generateKeyPair)
export async function getDeviceDhKeys ({
database, transaction, familyEntry, deviceId, lastVersionId, eventHandler
@@ -56,20 +53,7 @@ export async function getDeviceDhKeys ({
eventHandler.countEvent('getDeviceDhKeys:needsNewKey')
const newVersion = generateVersionId()
- const newKeypair = await generateKeyPairAsync(
- 'ec',
- {
- namedCurve: 'prime256v1',
- publicKeyEncoding: {
- type: 'spki',
- format: 'der'
- },
- privateKeyEncoding: {
- type: 'pkcs8',
- format: 'der'
- }
- }
- )
+ const newKeypair = await generateDhKeypair()
if (savedData.length >= 8) {
eventHandler.countEvent('getDeviceDhKeys:gc')
diff --git a/src/util/token.ts b/src/util/token.ts
index 67cdcfc..14fea1e 100644
--- a/src/util/token.ts
+++ b/src/util/token.ts
@@ -46,5 +46,8 @@ export const assertIdWithinFamily = (id: string) => {
}
export const generateVersionId = randomString.bind(null, defaultAlphabet, 4)
+
+export const isVersionId = (id: string) => id.length === 4 && /^[a-zA-Z0-9]+$/.test(id)
+
export const generateFamilyId = randomString.bind(null, defaultAlphabet, 10)
export const generatePurchaseId = randomString.bind(null, defaultAlphabet, 10)