From a86a0abb050f8988967dda038a8fd7d15a0adf07 Mon Sep 17 00:00:00 2001 From: Jonas Lochmann Date: Mon, 12 Sep 2022 02:00:00 +0200 Subject: [PATCH] Add support for encrypted second password hashes --- ...CreateFamilyByMailTokenRequest.schema.json | 6 +- docs/schema/README.md | 12 +- .../RecoverParentPasswordRequest.schema.json | 6 +- docs/schema/SerializedChildAction.schema.json | 9 +- .../schema/SerializedParentAction.schema.json | 11 +- ...plaintextparentpassword-properties-hash.md | 15 +++ ...extparentpassword-properties-secondhash.md | 15 +++ ...extparentpassword-properties-secondsalt.md | 15 +++ ...est-definitions-plaintextparentpassword.md | 77 +++++++++++ docs/schema/createfamilybymailtokenrequest.md | 42 +++--- ...plaintextparentpassword-properties-hash.md | 15 +++ ...extparentpassword-properties-secondhash.md | 15 +++ ...extparentpassword-properties-secondsalt.md | 15 +++ ...est-definitions-plaintextparentpassword.md | 77 +++++++++++ docs/schema/recoverparentpasswordrequest.md | 34 ++--- ...ableparentpassword-properties-encrypted.md | 15 +++ ...cryptableparentpassword-properties-hash.md | 15 +++ ...bleparentpassword-properties-secondhash.md | 15 +++ ...bleparentpassword-properties-secondsalt.md | 15 +++ ...n-definitions-encryptableparentpassword.md | 96 ++++++++++++++ ...ons-serializedchildchangepasswordaction.md | 8 +- docs/schema/serializedchildaction.md | 47 +++++-- ...ableparentpassword-properties-encrypted.md | 15 +++ ...cryptableparentpassword-properties-hash.md | 15 +++ ...bleparentpassword-properties-secondhash.md | 15 +++ ...bleparentpassword-properties-secondsalt.md | 15 +++ ...n-definitions-encryptableparentpassword.md | 96 ++++++++++++++ ...ion-definitions-serializedadduseraction.md | 8 +- ...itions-serializedsetchildpasswordaction.md | 8 +- docs/schema/serializedparentaction.md | 55 +++++--- package-lock.json | 36 +++-- package.json | 2 +- src/action/adduser.ts | 10 +- src/action/childchangepassword.ts | 10 +- src/action/setchildpassword.ts | 10 +- src/api/schema.ts | 27 +++- src/api/validator.ts | 35 ++++- src/function/dh/decrypt.ts | 125 ++++++++++++++++++ src/function/dh/genkey.ts | 38 ++++++ src/function/dh/index.ts | 20 +++ src/function/dh/parentpassword.ts | 56 ++++++++ src/function/parent/create-family.ts | 6 +- .../parent/recover-parent-password.ts | 6 +- src/function/sync/apply-actions/cache.ts | 7 +- .../childchangepassword.ts | 11 +- .../dispatch-parent-action/adduser.ts | 14 +- .../setchildpassword.ts | 11 +- src/function/sync/apply-actions/index.ts | 3 +- .../sync/get-server-data-status/dh-keys.ts | 20 +-- src/util/token.ts | 3 + 50 files changed, 1067 insertions(+), 185 deletions(-) create mode 100644 docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-hash.md create mode 100644 docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondhash.md create mode 100644 docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondsalt.md create mode 100644 docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword.md create mode 100644 docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-hash.md create mode 100644 docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondhash.md create mode 100644 docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondsalt.md create mode 100644 docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword.md create mode 100644 docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-encrypted.md create mode 100644 docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-hash.md create mode 100644 docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-secondhash.md create mode 100644 docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-secondsalt.md create mode 100644 docs/schema/serializedchildaction-definitions-encryptableparentpassword.md create mode 100644 docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-encrypted.md create mode 100644 docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-hash.md create mode 100644 docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-secondhash.md create mode 100644 docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-secondsalt.md create mode 100644 docs/schema/serializedparentaction-definitions-encryptableparentpassword.md create mode 100644 src/function/dh/decrypt.ts create mode 100644 src/function/dh/genkey.ts create mode 100644 src/function/dh/index.ts create mode 100644 src/function/dh/parentpassword.ts diff --git a/docs/schema/CreateFamilyByMailTokenRequest.schema.json b/docs/schema/CreateFamilyByMailTokenRequest.schema.json index b7a2ac8..8860532 100644 --- a/docs/schema/CreateFamilyByMailTokenRequest.schema.json +++ b/docs/schema/CreateFamilyByMailTokenRequest.schema.json @@ -5,7 +5,7 @@ "type": "string" }, "parentPassword": { - "$ref": "#/definitions/ParentPassword" + "$ref": "#/definitions/PlaintextParentPassword" }, "parentDevice": { "$ref": "#/definitions/NewDeviceInfo" @@ -30,7 +30,7 @@ "timeZone" ], "definitions": { - "ParentPassword": { + "PlaintextParentPassword": { "type": "object", "properties": { "hash": { @@ -49,7 +49,7 @@ "secondHash", "secondSalt" ], - "title": "ParentPassword" + "title": "PlaintextParentPassword" }, "NewDeviceInfo": { "type": "object", diff --git a/docs/schema/README.md b/docs/schema/README.md index fdadbc4..54684c1 100644 --- a/docs/schema/README.md +++ b/docs/schema/README.md @@ -56,19 +56,19 @@ * [DeviceDataStatus](./clientpullchangesrequest-definitions-devicedatastatus.md) – `https://timelimit.io/ClientPullChangesRequest#/definitions/DeviceDataStatus` +* [EncryptableParentPassword](./serializedchildaction-definitions-encryptableparentpassword.md) – `https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword` + +* [EncryptableParentPassword](./serializedparentaction-definitions-encryptableparentpassword.md) – `https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword` + * [NewDeviceInfo](./createfamilybymailtokenrequest-definitions-newdeviceinfo.md) – `https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/NewDeviceInfo` * [NewDeviceInfo](./registerchilddevicerequest-definitions-newdeviceinfo.md) – `https://timelimit.io/RegisterChildDeviceRequest#/definitions/NewDeviceInfo` * [NewDeviceInfo](./signintofamilyrequest-definitions-newdeviceinfo.md) – `https://timelimit.io/SignIntoFamilyRequest#/definitions/NewDeviceInfo` -* [ParentPassword](./createfamilybymailtokenrequest-definitions-parentpassword.md) – `https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword` +* [PlaintextParentPassword](./createfamilybymailtokenrequest-definitions-plaintextparentpassword.md) – `https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword` -* [ParentPassword](./recoverparentpasswordrequest-definitions-parentpassword.md) – `https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword` - -* [ParentPassword](./serializedchildaction-definitions-parentpassword.md) – `https://timelimit.io/SerializedChildAction#/definitions/ParentPassword` - -* [ParentPassword](./serializedparentaction-definitions-parentpassword.md) – `https://timelimit.io/SerializedParentAction#/definitions/ParentPassword` +* [PlaintextParentPassword](./recoverparentpasswordrequest-definitions-plaintextparentpassword.md) – `https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword` * [SerialiezdTriedDisablingDeviceAdminAction](./serializedapplogicaction-definitions-serialiezdtrieddisablingdeviceadminaction.md) – `https://timelimit.io/SerializedAppLogicAction#/definitions/SerialiezdTriedDisablingDeviceAdminAction` diff --git a/docs/schema/RecoverParentPasswordRequest.schema.json b/docs/schema/RecoverParentPasswordRequest.schema.json index 74b59ea..d0fc529 100644 --- a/docs/schema/RecoverParentPasswordRequest.schema.json +++ b/docs/schema/RecoverParentPasswordRequest.schema.json @@ -5,7 +5,7 @@ "type": "string" }, "password": { - "$ref": "#/definitions/ParentPassword" + "$ref": "#/definitions/PlaintextParentPassword" } }, "additionalProperties": false, @@ -14,7 +14,7 @@ "password" ], "definitions": { - "ParentPassword": { + "PlaintextParentPassword": { "type": "object", "properties": { "hash": { @@ -33,7 +33,7 @@ "secondHash", "secondSalt" ], - "title": "ParentPassword" + "title": "PlaintextParentPassword" } }, "$schema": "http://json-schema.org/draft-07/schema#", diff --git a/docs/schema/SerializedChildAction.schema.json b/docs/schema/SerializedChildAction.schema.json index 351ad12..511f0aa 100644 --- a/docs/schema/SerializedChildAction.schema.json +++ b/docs/schema/SerializedChildAction.schema.json @@ -18,7 +18,7 @@ ] }, "password": { - "$ref": "#/definitions/ParentPassword" + "$ref": "#/definitions/EncryptableParentPassword" } }, "additionalProperties": false, @@ -28,7 +28,7 @@ ], "title": "SerializedChildChangePasswordAction" }, - "ParentPassword": { + "EncryptableParentPassword": { "type": "object", "properties": { "hash": { @@ -39,6 +39,9 @@ }, "secondSalt": { "type": "string" + }, + "encrypted": { + "type": "boolean" } }, "additionalProperties": false, @@ -47,7 +50,7 @@ "secondHash", "secondSalt" ], - "title": "ParentPassword" + "title": "EncryptableParentPassword" }, "SerializedChildSignInAction": { "type": "object", diff --git a/docs/schema/SerializedParentAction.schema.json b/docs/schema/SerializedParentAction.schema.json index 30bd16e..b9c1478 100644 --- a/docs/schema/SerializedParentAction.schema.json +++ b/docs/schema/SerializedParentAction.schema.json @@ -221,7 +221,7 @@ "type": "string" }, "password": { - "$ref": "#/definitions/ParentPassword" + "$ref": "#/definitions/EncryptableParentPassword" }, "timeZone": { "type": "string" @@ -237,7 +237,7 @@ ], "title": "SerializedAddUserAction" }, - "ParentPassword": { + "EncryptableParentPassword": { "type": "object", "properties": { "hash": { @@ -248,6 +248,9 @@ }, "secondSalt": { "type": "string" + }, + "encrypted": { + "type": "boolean" } }, "additionalProperties": false, @@ -256,7 +259,7 @@ "secondHash", "secondSalt" ], - "title": "ParentPassword" + "title": "EncryptableParentPassword" }, "SerializedChangeParentPasswordAction": { "type": "object", @@ -721,7 +724,7 @@ "type": "string" }, "newPassword": { - "$ref": "#/definitions/ParentPassword" + "$ref": "#/definitions/EncryptableParentPassword" } }, "additionalProperties": false, diff --git a/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-hash.md b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-hash.md new file mode 100644 index 0000000..2866447 --- /dev/null +++ b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-hash.md @@ -0,0 +1,15 @@ +# Untitled string in CreateFamilyByMailTokenRequest Schema + +```txt +https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/hash +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------------------------- | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [CreateFamilyByMailTokenRequest.schema.json\*](CreateFamilyByMailTokenRequest.schema.json "open original schema") | + +## hash Type + +`string` diff --git a/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondhash.md b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondhash.md new file mode 100644 index 0000000..92836fa --- /dev/null +++ b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondhash.md @@ -0,0 +1,15 @@ +# Untitled string in CreateFamilyByMailTokenRequest Schema + +```txt +https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondHash +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------------------------- | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [CreateFamilyByMailTokenRequest.schema.json\*](CreateFamilyByMailTokenRequest.schema.json "open original schema") | + +## secondHash Type + +`string` diff --git a/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondsalt.md b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondsalt.md new file mode 100644 index 0000000..b35a9b8 --- /dev/null +++ b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondsalt.md @@ -0,0 +1,15 @@ +# Untitled string in CreateFamilyByMailTokenRequest Schema + +```txt +https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondSalt +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------------------------- | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [CreateFamilyByMailTokenRequest.schema.json\*](CreateFamilyByMailTokenRequest.schema.json "open original schema") | + +## secondSalt Type + +`string` diff --git a/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword.md b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword.md new file mode 100644 index 0000000..607b43e --- /dev/null +++ b/docs/schema/createfamilybymailtokenrequest-definitions-plaintextparentpassword.md @@ -0,0 +1,77 @@ +# PlaintextParentPassword Schema + +```txt +https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :----------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------------------------- | +| Can be instantiated | No | Unknown status | No | Forbidden | Forbidden | none | [CreateFamilyByMailTokenRequest.schema.json\*](CreateFamilyByMailTokenRequest.schema.json "open original schema") | + +## PlaintextParentPassword Type + +`object` ([PlaintextParentPassword](createfamilybymailtokenrequest-definitions-plaintextparentpassword.md)) + +# PlaintextParentPassword Properties + +| Property | Type | Required | Nullable | Defined by | +| :------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [hash](#hash) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/hash") | +| [secondHash](#secondhash) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondHash") | +| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondSalt") | + +## hash + + + +`hash` + +* is required + +* Type: `string` + +* cannot be null + +* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/hash") + +### hash Type + +`string` + +## secondHash + + + +`secondHash` + +* is required + +* Type: `string` + +* cannot be null + +* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondHash") + +### secondHash Type + +`string` + +## secondSalt + + + +`secondSalt` + +* is required + +* Type: `string` + +* cannot be null + +* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondSalt") + +### secondSalt Type + +`string` diff --git a/docs/schema/createfamilybymailtokenrequest.md b/docs/schema/createfamilybymailtokenrequest.md index f2c6ed2..e99bf02 100644 --- a/docs/schema/createfamilybymailtokenrequest.md +++ b/docs/schema/createfamilybymailtokenrequest.md @@ -16,14 +16,14 @@ https://timelimit.io/CreateFamilyByMailTokenRequest # CreateFamilyByMailTokenRequest Properties -| Property | Type | Required | Nullable | Defined by | -| :-------------------------------- | :------- | :------- | :------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| [mailAuthToken](#mailauthtoken) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-mailauthtoken.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/mailAuthToken") | -| [parentPassword](#parentpassword) | `object` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentPassword") | -| [parentDevice](#parentdevice) | `object` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-newdeviceinfo.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentDevice") | -| [deviceName](#devicename) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-devicename.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/deviceName") | -| [timeZone](#timezone) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-timezone.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/timeZone") | -| [parentName](#parentname) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-parentname.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentName") | +| Property | Type | Required | Nullable | Defined by | +| :-------------------------------- | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [mailAuthToken](#mailauthtoken) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-mailauthtoken.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/mailAuthToken") | +| [parentPassword](#parentpassword) | `object` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentPassword") | +| [parentDevice](#parentdevice) | `object` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-newdeviceinfo.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentDevice") | +| [deviceName](#devicename) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-devicename.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/deviceName") | +| [timeZone](#timezone) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-timezone.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/timeZone") | +| [parentName](#parentname) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-properties-parentname.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentName") | ## mailAuthToken @@ -51,15 +51,15 @@ https://timelimit.io/CreateFamilyByMailTokenRequest * is required -* Type: `object` ([ParentPassword](createfamilybymailtokenrequest-definitions-parentpassword.md)) +* Type: `object` ([PlaintextParentPassword](createfamilybymailtokenrequest-definitions-plaintextparentpassword.md)) * cannot be null -* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentPassword") +* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/properties/parentPassword") ### parentPassword Type -`object` ([ParentPassword](createfamilybymailtokenrequest-definitions-parentpassword.md)) +`object` ([PlaintextParentPassword](createfamilybymailtokenrequest-definitions-plaintextparentpassword.md)) ## parentDevice @@ -135,19 +135,19 @@ https://timelimit.io/CreateFamilyByMailTokenRequest # CreateFamilyByMailTokenRequest Definitions -## Definitions group ParentPassword +## Definitions group PlaintextParentPassword Reference this group by using ```json -{"$ref":"https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword"} +{"$ref":"https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword"} ``` -| Property | Type | Required | Nullable | Defined by | -| :------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [hash](#hash) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword-properties-hash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword/properties/hash") | -| [secondHash](#secondhash) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword/properties/secondHash") | -| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword/properties/secondSalt") | +| Property | Type | Required | Nullable | Defined by | +| :------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [hash](#hash) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/hash") | +| [secondHash](#secondhash) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondHash") | +| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondSalt") | ### hash @@ -161,7 +161,7 @@ Reference this group by using * cannot be null -* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword-properties-hash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword/properties/hash") +* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/hash") #### hash Type @@ -179,7 +179,7 @@ Reference this group by using * cannot be null -* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword/properties/secondHash") +* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondHash") #### secondHash Type @@ -197,7 +197,7 @@ Reference this group by using * cannot be null -* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/ParentPassword/properties/secondSalt") +* defined in: [CreateFamilyByMailTokenRequest](createfamilybymailtokenrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/CreateFamilyByMailTokenRequest#/definitions/PlaintextParentPassword/properties/secondSalt") #### secondSalt Type diff --git a/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-hash.md b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-hash.md new file mode 100644 index 0000000..f6e9d80 --- /dev/null +++ b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-hash.md @@ -0,0 +1,15 @@ +# Untitled string in RecoverParentPasswordRequest Schema + +```txt +https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/hash +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------------------ | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [RecoverParentPasswordRequest.schema.json\*](RecoverParentPasswordRequest.schema.json "open original schema") | + +## hash Type + +`string` diff --git a/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondhash.md b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondhash.md new file mode 100644 index 0000000..baa6bd3 --- /dev/null +++ b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondhash.md @@ -0,0 +1,15 @@ +# Untitled string in RecoverParentPasswordRequest Schema + +```txt +https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondHash +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------------------ | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [RecoverParentPasswordRequest.schema.json\*](RecoverParentPasswordRequest.schema.json "open original schema") | + +## secondHash Type + +`string` diff --git a/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondsalt.md b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondsalt.md new file mode 100644 index 0000000..2e143f6 --- /dev/null +++ b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondsalt.md @@ -0,0 +1,15 @@ +# Untitled string in RecoverParentPasswordRequest Schema + +```txt +https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondSalt +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------------------ | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [RecoverParentPasswordRequest.schema.json\*](RecoverParentPasswordRequest.schema.json "open original schema") | + +## secondSalt Type + +`string` diff --git a/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword.md b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword.md new file mode 100644 index 0000000..ec4614d --- /dev/null +++ b/docs/schema/recoverparentpasswordrequest-definitions-plaintextparentpassword.md @@ -0,0 +1,77 @@ +# PlaintextParentPassword Schema + +```txt +https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :----------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------------------ | +| Can be instantiated | No | Unknown status | No | Forbidden | Forbidden | none | [RecoverParentPasswordRequest.schema.json\*](RecoverParentPasswordRequest.schema.json "open original schema") | + +## PlaintextParentPassword Type + +`object` ([PlaintextParentPassword](recoverparentpasswordrequest-definitions-plaintextparentpassword.md)) + +# PlaintextParentPassword Properties + +| Property | Type | Required | Nullable | Defined by | +| :------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [hash](#hash) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/hash") | +| [secondHash](#secondhash) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondHash") | +| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondSalt") | + +## hash + + + +`hash` + +* is required + +* Type: `string` + +* cannot be null + +* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/hash") + +### hash Type + +`string` + +## secondHash + + + +`secondHash` + +* is required + +* Type: `string` + +* cannot be null + +* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondHash") + +### secondHash Type + +`string` + +## secondSalt + + + +`secondSalt` + +* is required + +* Type: `string` + +* cannot be null + +* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondSalt") + +### secondSalt Type + +`string` diff --git a/docs/schema/recoverparentpasswordrequest.md b/docs/schema/recoverparentpasswordrequest.md index 9de64b8..2ed5fa6 100644 --- a/docs/schema/recoverparentpasswordrequest.md +++ b/docs/schema/recoverparentpasswordrequest.md @@ -16,10 +16,10 @@ https://timelimit.io/RecoverParentPasswordRequest # RecoverParentPasswordRequest Properties -| Property | Type | Required | Nullable | Defined by | -| :------------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [mailAuthToken](#mailauthtoken) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-properties-mailauthtoken.md "https://timelimit.io/RecoverParentPasswordRequest#/properties/mailAuthToken") | -| [password](#password) | `object` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword.md "https://timelimit.io/RecoverParentPasswordRequest#/properties/password") | +| Property | Type | Required | Nullable | Defined by | +| :------------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [mailAuthToken](#mailauthtoken) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-properties-mailauthtoken.md "https://timelimit.io/RecoverParentPasswordRequest#/properties/mailAuthToken") | +| [password](#password) | `object` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword.md "https://timelimit.io/RecoverParentPasswordRequest#/properties/password") | ## mailAuthToken @@ -47,31 +47,31 @@ https://timelimit.io/RecoverParentPasswordRequest * is required -* Type: `object` ([ParentPassword](recoverparentpasswordrequest-definitions-parentpassword.md)) +* Type: `object` ([PlaintextParentPassword](recoverparentpasswordrequest-definitions-plaintextparentpassword.md)) * cannot be null -* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword.md "https://timelimit.io/RecoverParentPasswordRequest#/properties/password") +* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword.md "https://timelimit.io/RecoverParentPasswordRequest#/properties/password") ### password Type -`object` ([ParentPassword](recoverparentpasswordrequest-definitions-parentpassword.md)) +`object` ([PlaintextParentPassword](recoverparentpasswordrequest-definitions-plaintextparentpassword.md)) # RecoverParentPasswordRequest Definitions -## Definitions group ParentPassword +## Definitions group PlaintextParentPassword Reference this group by using ```json -{"$ref":"https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword"} +{"$ref":"https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword"} ``` -| Property | Type | Required | Nullable | Defined by | -| :------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [hash](#hash) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword-properties-hash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword/properties/hash") | -| [secondHash](#secondhash) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword/properties/secondHash") | -| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword/properties/secondSalt") | +| Property | Type | Required | Nullable | Defined by | +| :------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [hash](#hash) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/hash") | +| [secondHash](#secondhash) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondHash") | +| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondSalt") | ### hash @@ -85,7 +85,7 @@ Reference this group by using * cannot be null -* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword-properties-hash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword/properties/hash") +* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-hash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/hash") #### hash Type @@ -103,7 +103,7 @@ Reference this group by using * cannot be null -* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword/properties/secondHash") +* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondhash.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondHash") #### secondHash Type @@ -121,7 +121,7 @@ Reference this group by using * cannot be null -* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/ParentPassword/properties/secondSalt") +* defined in: [RecoverParentPasswordRequest](recoverparentpasswordrequest-definitions-plaintextparentpassword-properties-secondsalt.md "https://timelimit.io/RecoverParentPasswordRequest#/definitions/PlaintextParentPassword/properties/secondSalt") #### secondSalt Type diff --git a/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-encrypted.md b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-encrypted.md new file mode 100644 index 0000000..5efe5fb --- /dev/null +++ b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-encrypted.md @@ -0,0 +1,15 @@ +# Untitled boolean in SerializedChildAction Schema + +```txt +https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/encrypted +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------- | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedChildAction.schema.json\*](SerializedChildAction.schema.json "open original schema") | + +## encrypted Type + +`boolean` diff --git a/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-hash.md b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-hash.md new file mode 100644 index 0000000..c91fd20 --- /dev/null +++ b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-hash.md @@ -0,0 +1,15 @@ +# Untitled string in SerializedChildAction Schema + +```txt +https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/hash +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------- | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedChildAction.schema.json\*](SerializedChildAction.schema.json "open original schema") | + +## hash Type + +`string` diff --git a/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-secondhash.md b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-secondhash.md new file mode 100644 index 0000000..9badc8e --- /dev/null +++ b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-secondhash.md @@ -0,0 +1,15 @@ +# Untitled string in SerializedChildAction Schema + +```txt +https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondHash +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------- | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedChildAction.schema.json\*](SerializedChildAction.schema.json "open original schema") | + +## secondHash Type + +`string` diff --git a/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-secondsalt.md b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-secondsalt.md new file mode 100644 index 0000000..4f4423d --- /dev/null +++ b/docs/schema/serializedchildaction-definitions-encryptableparentpassword-properties-secondsalt.md @@ -0,0 +1,15 @@ +# Untitled string in SerializedChildAction Schema + +```txt +https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondSalt +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------- | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedChildAction.schema.json\*](SerializedChildAction.schema.json "open original schema") | + +## secondSalt Type + +`string` diff --git a/docs/schema/serializedchildaction-definitions-encryptableparentpassword.md b/docs/schema/serializedchildaction-definitions-encryptableparentpassword.md new file mode 100644 index 0000000..4e77603 --- /dev/null +++ b/docs/schema/serializedchildaction-definitions-encryptableparentpassword.md @@ -0,0 +1,96 @@ +# EncryptableParentPassword Schema + +```txt +https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :----------- | :---------------- | :-------------------- | :------------------ | :---------------------------------------------------------------------------------------------- | +| Can be instantiated | No | Unknown status | No | Forbidden | Forbidden | none | [SerializedChildAction.schema.json\*](SerializedChildAction.schema.json "open original schema") | + +## EncryptableParentPassword Type + +`object` ([EncryptableParentPassword](serializedchildaction-definitions-encryptableparentpassword.md)) + +# EncryptableParentPassword Properties + +| Property | Type | Required | Nullable | Defined by | +| :------------------------ | :-------- | :------- | :------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [hash](#hash) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/hash") | +| [secondHash](#secondhash) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondHash") | +| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondSalt") | +| [encrypted](#encrypted) | `boolean` | Optional | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/encrypted") | + +## hash + + + +`hash` + +* is required + +* Type: `string` + +* cannot be null + +* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/hash") + +### hash Type + +`string` + +## secondHash + + + +`secondHash` + +* is required + +* Type: `string` + +* cannot be null + +* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondHash") + +### secondHash Type + +`string` + +## secondSalt + + + +`secondSalt` + +* is required + +* Type: `string` + +* cannot be null + +* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondSalt") + +### secondSalt Type + +`string` + +## encrypted + + + +`encrypted` + +* is optional + +* Type: `boolean` + +* cannot be null + +* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/encrypted") + +### encrypted Type + +`boolean` diff --git a/docs/schema/serializedchildaction-definitions-serializedchildchangepasswordaction.md b/docs/schema/serializedchildaction-definitions-serializedchildchangepasswordaction.md index 0e35566..489240d 100644 --- a/docs/schema/serializedchildaction-definitions-serializedchildchangepasswordaction.md +++ b/docs/schema/serializedchildaction-definitions-serializedchildchangepasswordaction.md @@ -19,7 +19,7 @@ https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePas | Property | Type | Required | Nullable | Defined by | | :-------------------- | :------- | :------- | :------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | [type](#type) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-serializedchildchangepasswordaction-properties-type.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/type") | -| [password](#password) | `object` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-parentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password") | +| [password](#password) | `object` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password") | ## type @@ -55,12 +55,12 @@ https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePas * is required -* Type: `object` ([ParentPassword](serializedchildaction-definitions-parentpassword.md)) +* Type: `object` ([EncryptableParentPassword](serializedchildaction-definitions-encryptableparentpassword.md)) * cannot be null -* defined in: [SerializedChildAction](serializedchildaction-definitions-parentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password") +* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password") ### password Type -`object` ([ParentPassword](serializedchildaction-definitions-parentpassword.md)) +`object` ([EncryptableParentPassword](serializedchildaction-definitions-encryptableparentpassword.md)) diff --git a/docs/schema/serializedchildaction.md b/docs/schema/serializedchildaction.md index 159f21a..577a1ff 100644 --- a/docs/schema/serializedchildaction.md +++ b/docs/schema/serializedchildaction.md @@ -33,7 +33,7 @@ Reference this group by using | Property | Type | Required | Nullable | Defined by | | :-------------------- | :------- | :------- | :------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | [type](#type) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-serializedchildchangepasswordaction-properties-type.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/type") | -| [password](#password) | `object` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-parentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password") | +| [password](#password) | `object` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password") | ### type @@ -69,29 +69,30 @@ Reference this group by using * is required -* Type: `object` ([ParentPassword](serializedchildaction-definitions-parentpassword.md)) +* Type: `object` ([EncryptableParentPassword](serializedchildaction-definitions-encryptableparentpassword.md)) * cannot be null -* defined in: [SerializedChildAction](serializedchildaction-definitions-parentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password") +* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedChildAction#/definitions/SerializedChildChangePasswordAction/properties/password") #### password Type -`object` ([ParentPassword](serializedchildaction-definitions-parentpassword.md)) +`object` ([EncryptableParentPassword](serializedchildaction-definitions-encryptableparentpassword.md)) -## Definitions group ParentPassword +## Definitions group EncryptableParentPassword Reference this group by using ```json -{"$ref":"https://timelimit.io/SerializedChildAction#/definitions/ParentPassword"} +{"$ref":"https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword"} ``` -| Property | Type | Required | Nullable | Defined by | -| :------------------------ | :------- | :------- | :------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -| [hash](#hash) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-parentpassword-properties-hash.md "https://timelimit.io/SerializedChildAction#/definitions/ParentPassword/properties/hash") | -| [secondHash](#secondhash) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/SerializedChildAction#/definitions/ParentPassword/properties/secondHash") | -| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/SerializedChildAction#/definitions/ParentPassword/properties/secondSalt") | +| Property | Type | Required | Nullable | Defined by | +| :------------------------ | :-------- | :------- | :------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [hash](#hash) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/hash") | +| [secondHash](#secondhash) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondHash") | +| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondSalt") | +| [encrypted](#encrypted) | `boolean` | Optional | cannot be null | [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/encrypted") | ### hash @@ -105,7 +106,7 @@ Reference this group by using * cannot be null -* defined in: [SerializedChildAction](serializedchildaction-definitions-parentpassword-properties-hash.md "https://timelimit.io/SerializedChildAction#/definitions/ParentPassword/properties/hash") +* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/hash") #### hash Type @@ -123,7 +124,7 @@ Reference this group by using * cannot be null -* defined in: [SerializedChildAction](serializedchildaction-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/SerializedChildAction#/definitions/ParentPassword/properties/secondHash") +* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondHash") #### secondHash Type @@ -141,12 +142,30 @@ Reference this group by using * cannot be null -* defined in: [SerializedChildAction](serializedchildaction-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/SerializedChildAction#/definitions/ParentPassword/properties/secondSalt") +* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/secondSalt") #### secondSalt Type `string` +### encrypted + + + +`encrypted` + +* is optional + +* Type: `boolean` + +* cannot be null + +* defined in: [SerializedChildAction](serializedchildaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedChildAction#/definitions/EncryptableParentPassword/properties/encrypted") + +#### encrypted Type + +`boolean` + ## Definitions group SerializedChildSignInAction Reference this group by using diff --git a/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-encrypted.md b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-encrypted.md new file mode 100644 index 0000000..486b4e8 --- /dev/null +++ b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-encrypted.md @@ -0,0 +1,15 @@ +# Untitled boolean in SerializedParentAction Schema + +```txt +https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/encrypted +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------ | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedParentAction.schema.json\*](SerializedParentAction.schema.json "open original schema") | + +## encrypted Type + +`boolean` diff --git a/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-hash.md b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-hash.md new file mode 100644 index 0000000..2793e2a --- /dev/null +++ b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-hash.md @@ -0,0 +1,15 @@ +# Untitled string in SerializedParentAction Schema + +```txt +https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/hash +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------ | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedParentAction.schema.json\*](SerializedParentAction.schema.json "open original schema") | + +## hash Type + +`string` diff --git a/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-secondhash.md b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-secondhash.md new file mode 100644 index 0000000..561c402 --- /dev/null +++ b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-secondhash.md @@ -0,0 +1,15 @@ +# Untitled string in SerializedParentAction Schema + +```txt +https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondHash +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------ | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedParentAction.schema.json\*](SerializedParentAction.schema.json "open original schema") | + +## secondHash Type + +`string` diff --git a/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-secondsalt.md b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-secondsalt.md new file mode 100644 index 0000000..7fafbf3 --- /dev/null +++ b/docs/schema/serializedparentaction-definitions-encryptableparentpassword-properties-secondsalt.md @@ -0,0 +1,15 @@ +# Untitled string in SerializedParentAction Schema + +```txt +https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondSalt +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :---------------------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------ | +| Can be instantiated | No | Unknown status | Unknown identifiability | Forbidden | Allowed | none | [SerializedParentAction.schema.json\*](SerializedParentAction.schema.json "open original schema") | + +## secondSalt Type + +`string` diff --git a/docs/schema/serializedparentaction-definitions-encryptableparentpassword.md b/docs/schema/serializedparentaction-definitions-encryptableparentpassword.md new file mode 100644 index 0000000..9d7c7b0 --- /dev/null +++ b/docs/schema/serializedparentaction-definitions-encryptableparentpassword.md @@ -0,0 +1,96 @@ +# EncryptableParentPassword Schema + +```txt +https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword +``` + + + +| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In | +| :------------------ | :--------- | :------------- | :----------- | :---------------- | :-------------------- | :------------------ | :------------------------------------------------------------------------------------------------ | +| Can be instantiated | No | Unknown status | No | Forbidden | Forbidden | none | [SerializedParentAction.schema.json\*](SerializedParentAction.schema.json "open original schema") | + +## newPassword Type + +`object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md)) + +# newPassword Properties + +| Property | Type | Required | Nullable | Defined by | +| :------------------------ | :-------- | :------- | :------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [hash](#hash) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/hash") | +| [secondHash](#secondhash) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondHash") | +| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondSalt") | +| [encrypted](#encrypted) | `boolean` | Optional | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/encrypted") | + +## hash + + + +`hash` + +* is required + +* Type: `string` + +* cannot be null + +* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/hash") + +### hash Type + +`string` + +## secondHash + + + +`secondHash` + +* is required + +* Type: `string` + +* cannot be null + +* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondHash") + +### secondHash Type + +`string` + +## secondSalt + + + +`secondSalt` + +* is required + +* Type: `string` + +* cannot be null + +* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondSalt") + +### secondSalt Type + +`string` + +## encrypted + + + +`encrypted` + +* is optional + +* Type: `boolean` + +* cannot be null + +* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/encrypted") + +### encrypted Type + +`boolean` diff --git a/docs/schema/serializedparentaction-definitions-serializedadduseraction.md b/docs/schema/serializedparentaction-definitions-serializedadduseraction.md index 4d35ad3..e20b24a 100644 --- a/docs/schema/serializedparentaction-definitions-serializedadduseraction.md +++ b/docs/schema/serializedparentaction-definitions-serializedadduseraction.md @@ -22,7 +22,7 @@ https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction | [name](#name) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-name.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/name") | | [userType](#usertype) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-usertype.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/userType") | | [userId](#userid) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-userid.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/userId") | -| [password](#password) | `object` | Optional | cannot be null | [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password") | +| [password](#password) | `object` | Optional | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password") | | [timeZone](#timezone) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-timezone.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/timeZone") | ## type @@ -122,15 +122,15 @@ https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction * is optional -* Type: `object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md)) +* Type: `object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md)) * cannot be null -* defined in: [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password") +* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password") ### password Type -`object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md)) +`object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md)) ## timeZone diff --git a/docs/schema/serializedparentaction-definitions-serializedsetchildpasswordaction.md b/docs/schema/serializedparentaction-definitions-serializedsetchildpasswordaction.md index 8735eec..8439200 100644 --- a/docs/schema/serializedparentaction-definitions-serializedsetchildpasswordaction.md +++ b/docs/schema/serializedparentaction-definitions-serializedsetchildpasswordaction.md @@ -20,7 +20,7 @@ https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPassw | :-------------------------- | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [type](#type) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedsetchildpasswordaction-properties-type.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/type") | | [childId](#childid) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedsetchildpasswordaction-properties-childid.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/childId") | -| [newPassword](#newpassword) | `object` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword") | +| [newPassword](#newpassword) | `object` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword") | ## type @@ -74,12 +74,12 @@ https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPassw * is required -* Type: `object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md)) +* Type: `object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md)) * cannot be null -* defined in: [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword") +* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword") ### newPassword Type -`object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md)) +`object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md)) diff --git a/docs/schema/serializedparentaction.md b/docs/schema/serializedparentaction.md index 853e758..0e218f1 100644 --- a/docs/schema/serializedparentaction.md +++ b/docs/schema/serializedparentaction.md @@ -297,7 +297,7 @@ Reference this group by using | [name](#name) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-name.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/name") | | [userType](#usertype) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-usertype.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/userType") | | [userId](#userid) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-userid.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/userId") | -| [password](#password) | `object` | Optional | cannot be null | [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password") | +| [password](#password) | `object` | Optional | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password") | | [timeZone](#timezone) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedadduseraction-properties-timezone.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/timeZone") | ### type @@ -397,15 +397,15 @@ Reference this group by using * is optional -* Type: `object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md)) +* Type: `object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md)) * cannot be null -* defined in: [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password") +* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedAddUserAction/properties/password") #### password Type -`object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md)) +`object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md)) ### timeZone @@ -425,19 +425,20 @@ Reference this group by using `string` -## Definitions group ParentPassword +## Definitions group EncryptableParentPassword Reference this group by using ```json -{"$ref":"https://timelimit.io/SerializedParentAction#/definitions/ParentPassword"} +{"$ref":"https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword"} ``` -| Property | Type | Required | Nullable | Defined by | -| :------------------------ | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [hash](#hash) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-parentpassword-properties-hash.md "https://timelimit.io/SerializedParentAction#/definitions/ParentPassword/properties/hash") | -| [secondHash](#secondhash) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/SerializedParentAction#/definitions/ParentPassword/properties/secondHash") | -| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/SerializedParentAction#/definitions/ParentPassword/properties/secondSalt") | +| Property | Type | Required | Nullable | Defined by | +| :------------------------ | :-------- | :------- | :------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [hash](#hash) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/hash") | +| [secondHash](#secondhash) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondHash") | +| [secondSalt](#secondsalt) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondSalt") | +| [encrypted](#encrypted) | `boolean` | Optional | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/encrypted") | ### hash @@ -451,7 +452,7 @@ Reference this group by using * cannot be null -* defined in: [SerializedParentAction](serializedparentaction-definitions-parentpassword-properties-hash.md "https://timelimit.io/SerializedParentAction#/definitions/ParentPassword/properties/hash") +* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-hash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/hash") #### hash Type @@ -469,7 +470,7 @@ Reference this group by using * cannot be null -* defined in: [SerializedParentAction](serializedparentaction-definitions-parentpassword-properties-secondhash.md "https://timelimit.io/SerializedParentAction#/definitions/ParentPassword/properties/secondHash") +* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondhash.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondHash") #### secondHash Type @@ -487,12 +488,30 @@ Reference this group by using * cannot be null -* defined in: [SerializedParentAction](serializedparentaction-definitions-parentpassword-properties-secondsalt.md "https://timelimit.io/SerializedParentAction#/definitions/ParentPassword/properties/secondSalt") +* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-secondsalt.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/secondSalt") #### secondSalt Type `string` +### encrypted + + + +`encrypted` + +* is optional + +* Type: `boolean` + +* cannot be null + +* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword-properties-encrypted.md "https://timelimit.io/SerializedParentAction#/definitions/EncryptableParentPassword/properties/encrypted") + +#### encrypted Type + +`boolean` + ## Definitions group SerializedChangeParentPasswordAction Reference this group by using @@ -2093,7 +2112,7 @@ Reference this group by using | :-------------------------- | :------- | :------- | :------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [type](#type-18) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedsetchildpasswordaction-properties-type.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/type") | | [childId](#childid-3) | `string` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-serializedsetchildpasswordaction-properties-childid.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/childId") | -| [newPassword](#newpassword) | `object` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword") | +| [newPassword](#newpassword) | `object` | Required | cannot be null | [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword") | ### type @@ -2147,15 +2166,15 @@ Reference this group by using * is required -* Type: `object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md)) +* Type: `object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md)) * cannot be null -* defined in: [SerializedParentAction](serializedparentaction-definitions-parentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword") +* defined in: [SerializedParentAction](serializedparentaction-definitions-encryptableparentpassword.md "https://timelimit.io/SerializedParentAction#/definitions/SerializedSetChildPasswordAction/properties/newPassword") #### newPassword Type -`object` ([ParentPassword](serializedparentaction-definitions-parentpassword.md)) +`object` ([EncryptableParentPassword](serializedparentaction-definitions-encryptableparentpassword.md)) ## Definitions group SerializedSetConsiderRebootManipulationAction diff --git a/package-lock.json b/package-lock.json index 89ee56d..f695bbf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -35,7 +35,7 @@ "@types/express": "^4.17.9", "@types/http-errors": "^1.8.0", "@types/lodash": "^4.14.166", - "@types/node": "^14.14.16", + "@types/node": "^16.11.59", "@types/nodemailer": "^6.4.4", "@types/umzug": "^2.3.0", "@typescript-eslint/eslint-plugin": "^5.10.0", @@ -407,9 +407,9 @@ "integrity": "sha512-iiUgKzV9AuaEkZqkOLDIvlQiL6ltuZd9tGcW3gwpnX8JbuiuhFlEGmmFXEXkN50Cvq7Os88IY2v0dkDqXYWVgA==" }, "node_modules/@types/node": { - "version": "14.18.9", - "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.9.tgz", - "integrity": "sha512-j11XSuRuAlft6vLDEX4RvhqC0KxNxx6QIyMXNb0vHHSNPXTPeiy3algESWmOOIzEtiEL0qiowPU3ewW9hHVa7Q==" + "version": "16.11.59", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.59.tgz", + "integrity": "sha512-6u+36Dj3aDzhfBVUf/mfmc92OEdzQ2kx2jcXGdigfl70E/neV21ZHE6UCz4MDzTRcVqGAM27fk+DLXvyDsn3Jw==" }, "node_modules/@types/nodemailer": { "version": "6.4.4", @@ -2463,6 +2463,11 @@ "node": ">= 10.13" } }, + "node_modules/mariadb/node_modules/@types/node": { + "version": "14.18.29", + "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.29.tgz", + "integrity": "sha512-LhF+9fbIX4iPzhsRLpK5H7iPdvW8L4IwGciXQIOEcuF62+9nw/VQVsOViAOOGxY3OlOKGLFv0sWwJXdwQeTn6A==" + }, "node_modules/mariadb/node_modules/iconv-lite": { "version": "0.6.3", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", @@ -4831,12 +4836,6 @@ "typescript-json-schema": "bin/typescript-json-schema" } }, - "node_modules/typescript-json-schema/node_modules/@types/node": { - "version": "16.11.21", - "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.21.tgz", - "integrity": "sha512-Pf8M1XD9i1ksZEcCP8vuSNwooJ/bZapNmIzpmsMaL+jMI+8mEYU3PKvs+xDNuQcJWF/x24WzY4qxLtB0zNow9A==", - "dev": true - }, "node_modules/typescript-json-schema/node_modules/typescript": { "version": "4.4.4", "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.4.4.tgz", @@ -5641,9 +5640,9 @@ "integrity": "sha512-iiUgKzV9AuaEkZqkOLDIvlQiL6ltuZd9tGcW3gwpnX8JbuiuhFlEGmmFXEXkN50Cvq7Os88IY2v0dkDqXYWVgA==" }, "@types/node": { - "version": "14.18.9", - "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.9.tgz", - "integrity": "sha512-j11XSuRuAlft6vLDEX4RvhqC0KxNxx6QIyMXNb0vHHSNPXTPeiy3algESWmOOIzEtiEL0qiowPU3ewW9hHVa7Q==" + "version": "16.11.59", + "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.59.tgz", + "integrity": "sha512-6u+36Dj3aDzhfBVUf/mfmc92OEdzQ2kx2jcXGdigfl70E/neV21ZHE6UCz4MDzTRcVqGAM27fk+DLXvyDsn3Jw==" }, "@types/nodemailer": { "version": "6.4.4", @@ -7180,6 +7179,11 @@ "please-upgrade-node": "^3.2.0" }, "dependencies": { + "@types/node": { + "version": "14.18.29", + "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.29.tgz", + "integrity": "sha512-LhF+9fbIX4iPzhsRLpK5H7iPdvW8L4IwGciXQIOEcuF62+9nw/VQVsOViAOOGxY3OlOKGLFv0sWwJXdwQeTn6A==" + }, "iconv-lite": { "version": "0.6.3", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", @@ -8841,12 +8845,6 @@ "yargs": "^17.1.1" }, "dependencies": { - "@types/node": { - "version": "16.11.21", - "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.21.tgz", - "integrity": "sha512-Pf8M1XD9i1ksZEcCP8vuSNwooJ/bZapNmIzpmsMaL+jMI+8mEYU3PKvs+xDNuQcJWF/x24WzY4qxLtB0zNow9A==", - "dev": true - }, "typescript": { "version": "4.4.4", "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.4.4.tgz", diff --git a/package.json b/package.json index da306b5..44b5c85 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ "@types/express": "^4.17.9", "@types/http-errors": "^1.8.0", "@types/lodash": "^4.14.166", - "@types/node": "^14.14.16", + "@types/node": "^16.11.59", "@types/nodemailer": "^6.4.4", "@types/umzug": "^2.3.0", "@typescript-eslint/eslint-plugin": "^5.10.0", diff --git a/src/action/adduser.ts b/src/action/adduser.ts index 2339b1b..abf4e26 100644 --- a/src/action/adduser.ts +++ b/src/action/adduser.ts @@ -1,6 +1,6 @@ /* * server component for the TimeLimit App - * Copyright (C) 2019 - 2020 Jonas Lochmann + * Copyright (C) 2019 - 2022 Jonas Lochmann * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -15,7 +15,7 @@ * along with this program. If not, see . */ -import { assertParentPasswordValid, ParentPassword, ParentPasswordValidationException } from '../api/schema' +import { assertParentPasswordValid, EncryptableParentPassword, ParentPasswordValidationException } from '../api/schema' import { ParentAction } from './basetypes' import { InvalidActionParameterException } from './meta/exception' import { assertIdWithinFamily } from './meta/util' @@ -26,14 +26,14 @@ export class AddUserAction extends ParentAction { readonly userId: string readonly name: string readonly userType: 'parent' | 'child' - readonly password?: ParentPassword + readonly password?: EncryptableParentPassword readonly timeZone: string constructor ({ userId, name, userType, password, timeZone }: { userId: string name: string userType: 'parent' | 'child' - password?: ParentPassword + password?: EncryptableParentPassword timeZone: string }) { super() @@ -85,6 +85,6 @@ export interface SerializedAddUserAction { name: string userType: 'parent' | 'child' userId: string - password?: ParentPassword + password?: EncryptableParentPassword timeZone: string } diff --git a/src/action/childchangepassword.ts b/src/action/childchangepassword.ts index cb36999..ca30aaf 100644 --- a/src/action/childchangepassword.ts +++ b/src/action/childchangepassword.ts @@ -1,6 +1,6 @@ /* * server component for the TimeLimit App - * Copyright (C) 2019 - 2020 Jonas Lochmann + * Copyright (C) 2019 - 2022 Jonas Lochmann * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -15,17 +15,17 @@ * along with this program. If not, see . */ -import { assertParentPasswordValid, ParentPassword, ParentPasswordValidationException } from '../api/schema' +import { assertParentPasswordValid, EncryptableParentPassword, ParentPasswordValidationException } from '../api/schema' import { ChildAction } from './basetypes' import { InvalidActionParameterException } from './meta/exception' const actionType = 'ChildChangePasswordAction' export class ChildChangePasswordAction extends ChildAction { - readonly password: ParentPassword + readonly password: EncryptableParentPassword constructor ({ password }: { - password: ParentPassword + password: EncryptableParentPassword }) { super() @@ -50,5 +50,5 @@ export class ChildChangePasswordAction extends ChildAction { export interface SerializedChildChangePasswordAction { type: 'CHILD_CHANGE_PASSWORD' - password: ParentPassword + password: EncryptableParentPassword } diff --git a/src/action/setchildpassword.ts b/src/action/setchildpassword.ts index 34fcb8b..7dc7b4e 100644 --- a/src/action/setchildpassword.ts +++ b/src/action/setchildpassword.ts @@ -1,6 +1,6 @@ /* * server component for the TimeLimit App - * Copyright (C) 2019 - 2020 Jonas Lochmann + * Copyright (C) 2019 - 2022 Jonas Lochmann * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -15,7 +15,7 @@ * along with this program. If not, see . */ -import { assertParentPasswordValid, ParentPassword, ParentPasswordValidationException } from '../api/schema' +import { assertParentPasswordValid, EncryptableParentPassword, ParentPasswordValidationException } from '../api/schema' import { ParentAction } from './basetypes' import { InvalidActionParameterException } from './meta/exception' import { assertIdWithinFamily } from './meta/util' @@ -24,11 +24,11 @@ const actionType = 'SetChildPasswordAction' export class SetChildPasswordAction extends ParentAction { readonly childUserId: string - readonly newPassword: ParentPassword + readonly newPassword: EncryptableParentPassword constructor ({ childUserId, newPassword }: { childUserId: string - newPassword: ParentPassword + newPassword: EncryptableParentPassword }) { super() @@ -60,5 +60,5 @@ export class SetChildPasswordAction extends ParentAction { export interface SerializedSetChildPasswordAction { type: 'SET_CHILD_PASSWORD' childId: string - newPassword: ParentPassword + newPassword: EncryptableParentPassword } diff --git a/src/api/schema.ts b/src/api/schema.ts index 7704cf3..9012f9f 100644 --- a/src/api/schema.ts +++ b/src/api/schema.ts @@ -1,6 +1,6 @@ /* * server component for the TimeLimit App - * Copyright (C) 2019 - 2021 Jonas Lochmann + * Copyright (C) 2019 - 2022 Jonas Lochmann * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -44,18 +44,33 @@ export interface NewDeviceInfo { model: string } -export interface ParentPassword { +export interface PlaintextParentPassword { hash: string secondHash: string secondSalt: string } -export const assertParentPasswordValid = (password: ParentPassword) => { +export interface EncryptableParentPassword { + hash: string + secondHash: string + secondSalt: string + encrypted?: boolean +} + +export const assertPlaintextParentPasswordValid = (password: PlaintextParentPassword) => { + assertParentPasswordValid({ ...password, encrypted: false }) +} + +export const assertParentPasswordValid = (password: EncryptableParentPassword) => { if (password.hash === '' || password.secondHash === '' || password.secondSalt === '') { throw new ParentPasswordValidationException('missing fields at parent password') } - if (!(optionalPasswordRegex.test(password.hash) && optionalPasswordRegex.test(password.secondHash) && optionalSaltRegex.test(password.secondSalt))) { + if (!(optionalPasswordRegex.test(password.hash) && optionalSaltRegex.test(password.secondSalt))) { + throw new ParentPasswordValidationException('invalid parent password') + } + + if (!password.encrypted && !optionalPasswordRegex.test(password.secondHash)) { throw new ParentPasswordValidationException('invalid parent password') } } @@ -64,7 +79,7 @@ export class ParentPasswordValidationException extends Error {} export interface CreateFamilyByMailTokenRequest { mailAuthToken: string - parentPassword: ParentPassword + parentPassword: PlaintextParentPassword parentDevice: NewDeviceInfo deviceName: string timeZone: string @@ -79,7 +94,7 @@ export interface SignIntoFamilyRequest { export interface RecoverParentPasswordRequest { mailAuthToken: string - password: ParentPassword + password: PlaintextParentPassword } export interface RegisterChildDeviceRequest { diff --git a/src/api/validator.ts b/src/api/validator.ts index 4698c35..5666631 100644 --- a/src/api/validator.ts +++ b/src/api/validator.ts @@ -124,7 +124,7 @@ const definitions = { }, "additionalProperties": false }, - "ParentPassword": { + "PlaintextParentPassword": { "type": "object", "properties": { "hash": { @@ -232,7 +232,7 @@ const definitions = { "type": "string" }, "password": { - "$ref": "#/definitions/ParentPassword" + "$ref": "#/definitions/EncryptableParentPassword" }, "timeZone": { "type": "string" @@ -247,6 +247,29 @@ const definitions = { "userType" ] }, + "EncryptableParentPassword": { + "type": "object", + "properties": { + "hash": { + "type": "string" + }, + "secondHash": { + "type": "string" + }, + "secondSalt": { + "type": "string" + }, + "encrypted": { + "type": "boolean" + } + }, + "additionalProperties": false, + "required": [ + "hash", + "secondHash", + "secondSalt" + ] + }, "SerializedChangeParentPasswordAction": { "type": "object", "properties": { @@ -694,7 +717,7 @@ const definitions = { "type": "string" }, "newPassword": { - "$ref": "#/definitions/ParentPassword" + "$ref": "#/definitions/EncryptableParentPassword" } }, "additionalProperties": false, @@ -1931,7 +1954,7 @@ const definitions = { ] }, "password": { - "$ref": "#/definitions/ParentPassword" + "$ref": "#/definitions/EncryptableParentPassword" } }, "additionalProperties": false, @@ -2787,7 +2810,7 @@ export const isCreateFamilyByMailTokenRequest: (value: unknown) => value is Crea "type": "string" }, "parentPassword": { - "$ref": "#/definitions/ParentPassword" + "$ref": "#/definitions/PlaintextParentPassword" }, "parentDevice": { "$ref": "#/definitions/NewDeviceInfo" @@ -2843,7 +2866,7 @@ export const isRecoverParentPasswordRequest: (value: unknown) => value is Recove "type": "string" }, "password": { - "$ref": "#/definitions/ParentPassword" + "$ref": "#/definitions/PlaintextParentPassword" } }, "additionalProperties": false, diff --git a/src/function/dh/decrypt.ts b/src/function/dh/decrypt.ts new file mode 100644 index 0000000..e664c73 --- /dev/null +++ b/src/function/dh/decrypt.ts @@ -0,0 +1,125 @@ +/* + * server component for the TimeLimit App + * Copyright (C) 2019 - 2022 Jonas Lochmann + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, version 3 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +import * as Sequelize from 'sequelize' +import { createDecipheriv, createPrivateKey, createPublicKey, diffieHellman } from 'crypto' +import { Database } from '../../database' +import { calculateExpireTime } from '../../database/devicedhkey' +import { isVersionId } from '../../util/token' + +export async function decrypt({ + database, transaction, familyId, deviceId, encryptedData, authData +}: { + database: Database + transaction: Sequelize.Transaction + familyId: string + deviceId: string + encryptedData: string + authData: Buffer +}) { + const parts = encryptedData.split('.') + + if (parts.length !== 3) throw new MalformedDataDecryptException('expected three parts') + + const ivAndEncrypted = Buffer.from(parts[0], 'base64') + const otherPublicKey = Buffer.from(parts[1], 'base64') + const keyId = parts[2] + + if (ivAndEncrypted.length < 12 + 16) throw new MalformedDataDecryptException('too short for iv and auth tag') + + if (!isVersionId(keyId)) throw new KeyNotFoundDecryptException('invalid key id') + + const databaseKeyEntry = await database.deviceDhKey.findOne({ + where: { + familyId, + deviceId, + version: keyId + }, + transaction + }) + + if (!databaseKeyEntry) throw new KeyNotFoundDecryptException('private key not found') + + if (databaseKeyEntry.expireAt === null) { + databaseKeyEntry.expireAt = calculateExpireTime(BigInt(Date.now())).toString(10) + await databaseKeyEntry.save({ transaction }) + } else { + if (BigInt(databaseKeyEntry.expireAt) < BigInt(Date.now())) throw new KeyExpiredDecryptException() + } + + const privateKey = (() => { + try { + return createPrivateKey({ + key: databaseKeyEntry.privateKey, + format: 'der', + type: 'pkcs8' + }) + } catch (ex) { + throw new MalformedPrivateKeyException() + } + })() + + const decodedOtherPublicKey = (() => { + try { + return createPublicKey({ + key: otherPublicKey, + format: 'der', + type: 'spki' + }) + } catch (ex) { + throw new MalformedPublicKeyException() + } + })() + + const sharedSecret = (() => { + try { + return diffieHellman({ + privateKey, + publicKey: decodedOtherPublicKey + }) + } catch (ex) { + throw new MalformedNoMatchingKeysException() + } + })() + + try { + const decipher = createDecipheriv('aes-128-gcm', sharedSecret.slice(0, 16), ivAndEncrypted.slice(0, 12), { + authTagLength: 16 + }) + + decipher.setAuthTag(ivAndEncrypted.slice(ivAndEncrypted.length - 16, ivAndEncrypted.length)) + decipher.setAAD(authData) + + const decryptedData = Buffer.concat([ + decipher.update(ivAndEncrypted.slice(12, ivAndEncrypted.length - 16)), + decipher.final() + ]) + + return decryptedData + } catch (ex) { + throw new MalformedAuthenticationException() + } +} + +export class DecryptException extends Error {} +class MalformedDataDecryptException extends DecryptException { constructor(message: string) { super('malformed data: ' + message) } } +class MalformedPrivateKeyException extends DecryptException { constructor() { super('private key') } } +class MalformedPublicKeyException extends DecryptException { constructor() { super('public key') } } +class MalformedNoMatchingKeysException extends DecryptException { constructor() { super('no matching keys') } } +class MalformedAuthenticationException extends DecryptException { constructor() { super('authentication data') } } +class KeyExpiredDecryptException extends DecryptException { constructor() { super('key expired') } } +class KeyNotFoundDecryptException extends DecryptException { constructor(message: string) { super('key not found: ' + message) } } diff --git a/src/function/dh/genkey.ts b/src/function/dh/genkey.ts new file mode 100644 index 0000000..df4b3ec --- /dev/null +++ b/src/function/dh/genkey.ts @@ -0,0 +1,38 @@ +/* + * server component for the TimeLimit App + * Copyright (C) 2019 - 2022 Jonas Lochmann + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, version 3 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +import { generateKeyPair } from 'crypto' +import { promisify } from 'util' + +const generateKeyPairAsync = promisify(generateKeyPair) + +export async function generateDhKeypair() { + return await generateKeyPairAsync( + 'ec', + { + namedCurve: 'prime256v1', + publicKeyEncoding: { + type: 'spki', + format: 'der' + }, + privateKeyEncoding: { + type: 'pkcs8', + format: 'der' + } + } + ) +} diff --git a/src/function/dh/index.ts b/src/function/dh/index.ts new file mode 100644 index 0000000..d974161 --- /dev/null +++ b/src/function/dh/index.ts @@ -0,0 +1,20 @@ +/* + * server component for the TimeLimit App + * Copyright (C) 2019 - 2022 Jonas Lochmann + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, version 3 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +export { decrypt } from './decrypt' +export { generateDhKeypair } from './genkey' +export { decryptParentPassword } from './parentpassword' diff --git a/src/function/dh/parentpassword.ts b/src/function/dh/parentpassword.ts new file mode 100644 index 0000000..322cee7 --- /dev/null +++ b/src/function/dh/parentpassword.ts @@ -0,0 +1,56 @@ +/* + * server component for the TimeLimit App + * Copyright (C) 2019 - 2022 Jonas Lochmann + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, version 3 of the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +import { Cache } from '../sync/apply-actions/cache' +import { ApplyActionException } from '../sync/apply-actions/exception' +import { + EncryptableParentPassword, assertParentPasswordValid, + PlaintextParentPassword, ParentPasswordValidationException +} from '../../api/schema' +import { decrypt, DecryptException } from './decrypt' + +export async function decryptParentPassword({ cache, password } : { + cache: Cache + password: EncryptableParentPassword +}): Promise { + if (!password.encrypted) return password + + try { + const secondHash = (await decrypt({ + database: cache.database, + transaction: cache.transaction, + familyId: cache.familyId, + deviceId: cache.deviceId, + encryptedData: password.secondHash, + authData: Buffer.from(`ParentPassword:${password.hash}:${password.secondSalt}`, 'ascii') + })).toString('ascii') + + const result: PlaintextParentPassword = { + hash: password.hash, + secondSalt: password.secondSalt, + secondHash + } + + assertParentPasswordValid(result) + + return result + } catch (ex) { + if (ex instanceof DecryptException) throw new ApplyActionException({ staticMessage: ex.message }) + else if (ex instanceof ParentPasswordValidationException) throw new ApplyActionException({ staticMessage: 'invalid encrypted parent password' }) + else throw ex + } +} diff --git a/src/function/parent/create-family.ts b/src/function/parent/create-family.ts index 9bf20f4..c05676d 100644 --- a/src/function/parent/create-family.ts +++ b/src/function/parent/create-family.ts @@ -16,7 +16,7 @@ */ import { Conflict } from 'http-errors' -import { NewDeviceInfo, ParentPassword } from '../../api/schema' +import { NewDeviceInfo, PlaintextParentPassword, assertPlaintextParentPasswordValid } from '../../api/schema' import { Database } from '../../database' import { maxMailNotificationFlags } from '../../database/user' import { @@ -29,12 +29,14 @@ export const createFamily = async ({ database, mailAuthToken, firstParentDevice, database: Database, mailAuthToken: string, firstParentDevice: NewDeviceInfo, - password: ParentPassword, + password: PlaintextParentPassword, timeZone: string, parentName: string, deviceName: string // no transaction here because this is directly called from an API endpoint }) => { + assertPlaintextParentPasswordValid(password) + return database.transaction(async (transaction) => { const now = Date.now().toString(10) const mailInfo = await requireMailAndLocaleByAuthToken({ database, mailAuthToken, transaction, invalidate: true }) diff --git a/src/function/parent/recover-parent-password.ts b/src/function/parent/recover-parent-password.ts index 6a17f99..240f613 100644 --- a/src/function/parent/recover-parent-password.ts +++ b/src/function/parent/recover-parent-password.ts @@ -16,7 +16,7 @@ */ import { Conflict } from 'http-errors' -import { ParentPassword } from '../../api/schema' +import { PlaintextParentPassword, assertPlaintextParentPasswordValid } from '../../api/schema' import { Database } from '../../database' import { sendPasswordRecoveryUsedMail } from '../../util/mail' import { generateVersionId } from '../../util/token' @@ -27,10 +27,12 @@ import { notifyClientsAboutChangesDelayed } from '../websocket' export const recoverParentPassword = async ({ database, websocket, password, mailAuthToken }: { database: Database websocket: WebsocketApi - password: ParentPassword + password: PlaintextParentPassword mailAuthToken: string // no transaction here because this is directly called from an API endpoint }) => { + assertPlaintextParentPasswordValid(password) + await database.transaction(async (transaction) => { const mailInfo = await requireMailAndLocaleByAuthToken({ mailAuthToken, database, transaction, invalidate: true }) diff --git a/src/function/sync/apply-actions/cache.ts b/src/function/sync/apply-actions/cache.ts index 8d47299..c184252 100644 --- a/src/function/sync/apply-actions/cache.ts +++ b/src/function/sync/apply-actions/cache.ts @@ -1,6 +1,6 @@ /* * server component for the TimeLimit App - * Copyright (C) 2019 - 2020 Jonas Lochmann + * Copyright (C) 2019 - 2022 Jonas Lochmann * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -27,6 +27,7 @@ import { InvalidChildActionIntegrityValue } from './exception/integrity' export class Cache { readonly familyId: string + readonly deviceId: string readonly hasFullVersion: boolean transaction: Sequelize.Transaction readonly database: Database @@ -46,14 +47,16 @@ export class Cache { invalidiateDeviceList = false areChangesImportant = false - constructor ({ familyId, hasFullVersion, database, transaction, connectedDevicesManager }: { + constructor ({ familyId, deviceId, hasFullVersion, database, transaction, connectedDevicesManager }: { familyId: string + deviceId: string hasFullVersion: boolean database: Database transaction: Sequelize.Transaction connectedDevicesManager: VisibleConnectedDevicesManager }) { this.familyId = familyId + this.deviceId = deviceId this.hasFullVersion = hasFullVersion || config.alwaysPro this.database = database this.transaction = transaction diff --git a/src/function/sync/apply-actions/dispatch-child-action/childchangepassword.ts b/src/function/sync/apply-actions/dispatch-child-action/childchangepassword.ts index 0011bf5..6946a98 100644 --- a/src/function/sync/apply-actions/dispatch-child-action/childchangepassword.ts +++ b/src/function/sync/apply-actions/dispatch-child-action/childchangepassword.ts @@ -1,6 +1,6 @@ /* * server component for the TimeLimit App - * Copyright (C) 2019 - 2021 Jonas Lochmann + * Copyright (C) 2019 - 2022 Jonas Lochmann * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -18,6 +18,7 @@ import { ChildChangePasswordAction } from '../../../../action' import { Cache } from '../cache' import { SourceUserNotFoundException } from '../exception/illegal-state' +import { decryptParentPassword } from '../../../dh' export const dispatchChildChangePassword = async ({ action, childUserId, cache }: { action: ChildChangePasswordAction @@ -37,9 +38,11 @@ export const dispatchChildChangePassword = async ({ action, childUserId, cache } throw new SourceUserNotFoundException() } - childEntry.passwordHash = action.password.hash - childEntry.secondPasswordSalt = action.password.secondSalt - childEntry.secondPasswordHash = action.password.secondHash + const newPassword = await decryptParentPassword({ cache, password: action.password }) + + childEntry.passwordHash = newPassword.hash + childEntry.secondPasswordSalt = newPassword.secondSalt + childEntry.secondPasswordHash = newPassword.secondHash await childEntry.save({ transaction: cache.transaction }) diff --git a/src/function/sync/apply-actions/dispatch-parent-action/adduser.ts b/src/function/sync/apply-actions/dispatch-parent-action/adduser.ts index 761a4a4..be70581 100644 --- a/src/function/sync/apply-actions/dispatch-parent-action/adduser.ts +++ b/src/function/sync/apply-actions/dispatch-parent-action/adduser.ts @@ -1,6 +1,6 @@ /* * server component for the TimeLimit App - * Copyright (C) 2019 - 2020 Jonas Lochmann + * Copyright (C) 2019 - 2022 Jonas Lochmann * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -16,21 +16,27 @@ */ import { AddUserAction } from '../../../../action' +import { decryptParentPassword } from '../../../dh' import { Cache } from '../cache' export async function dispatchAddUser ({ action, cache }: { action: AddUserAction cache: Cache }) { + const password = + action.password ? + await decryptParentPassword({ cache, password: action.password }) : + null + await cache.database.user.create({ familyId: cache.familyId, userId: action.userId, type: action.userType, name: action.name, timeZone: action.timeZone, - passwordHash: action.password ? action.password.hash : '', - secondPasswordHash: action.password ? action.password.secondHash : '', - secondPasswordSalt: action.password ? action.password.secondSalt : '', + passwordHash: password ? password.hash : '', + secondPasswordHash: password ? password.secondHash : '', + secondPasswordSalt: password ? password.secondSalt : '', mail: '', disableTimelimitsUntil: '0', currentDevice: '', diff --git a/src/function/sync/apply-actions/dispatch-parent-action/setchildpassword.ts b/src/function/sync/apply-actions/dispatch-parent-action/setchildpassword.ts index 8ecada5..f7fba42 100644 --- a/src/function/sync/apply-actions/dispatch-parent-action/setchildpassword.ts +++ b/src/function/sync/apply-actions/dispatch-parent-action/setchildpassword.ts @@ -1,6 +1,6 @@ /* * server component for the TimeLimit App - * Copyright (C) 2019 - 2021 Jonas Lochmann + * Copyright (C) 2019 - 2022 Jonas Lochmann * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -18,6 +18,7 @@ import { SetChildPasswordAction } from '../../../../action' import { Cache } from '../cache' import { MissingUserException } from '../exception/missing-item' +import { decryptParentPassword } from '../../../dh' export async function dispatchSetChildPassword ({ action, cache }: { action: SetChildPasswordAction @@ -36,9 +37,11 @@ export async function dispatchSetChildPassword ({ action, cache }: { throw new MissingUserException() } - childEntry.passwordHash = action.newPassword.hash - childEntry.secondPasswordSalt = action.newPassword.secondSalt - childEntry.secondPasswordHash = action.newPassword.secondHash + const newPassword = await decryptParentPassword({ cache, password: action.newPassword }) + + childEntry.passwordHash = newPassword.hash + childEntry.secondPasswordSalt = newPassword.secondSalt + childEntry.secondPasswordHash = newPassword.secondHash await childEntry.save({ transaction: cache.transaction }) diff --git a/src/function/sync/apply-actions/index.ts b/src/function/sync/apply-actions/index.ts index 17255bf..c857530 100644 --- a/src/function/sync/apply-actions/index.ts +++ b/src/function/sync/apply-actions/index.ts @@ -1,6 +1,6 @@ /* * server component for the TimeLimit App - * Copyright (C) 2019 - 2020 Jonas Lochmann + * Copyright (C) 2019 - 2022 Jonas Lochmann * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as @@ -54,6 +54,7 @@ export const applyActionsFromDevice = async ({ database, request, websocket, con hasFullVersion: baseInfo.hasFullVersion, transaction, familyId: baseInfo.familyId, + deviceId: baseInfo.deviceId, connectedDevicesManager }) diff --git a/src/function/sync/get-server-data-status/dh-keys.ts b/src/function/sync/get-server-data-status/dh-keys.ts index b1a87dd..71cd16c 100644 --- a/src/function/sync/get-server-data-status/dh-keys.ts +++ b/src/function/sync/get-server-data-status/dh-keys.ts @@ -21,11 +21,8 @@ import { config, calculateExpireTime } from '../../../database/devicedhkey' import { ServerDhKey } from '../../../object/serverdatastatus' import { generateVersionId } from '../../../util/token' import { EventHandler } from '../../../monitoring/eventhandler' +import { generateDhKeypair } from '../../../function/dh' import { FamilyEntry } from './family-entry' -import { generateKeyPair } from 'crypto' -import { promisify } from 'util' - -const generateKeyPairAsync = promisify(generateKeyPair) export async function getDeviceDhKeys ({ database, transaction, familyEntry, deviceId, lastVersionId, eventHandler @@ -56,20 +53,7 @@ export async function getDeviceDhKeys ({ eventHandler.countEvent('getDeviceDhKeys:needsNewKey') const newVersion = generateVersionId() - const newKeypair = await generateKeyPairAsync( - 'ec', - { - namedCurve: 'prime256v1', - publicKeyEncoding: { - type: 'spki', - format: 'der' - }, - privateKeyEncoding: { - type: 'pkcs8', - format: 'der' - } - } - ) + const newKeypair = await generateDhKeypair() if (savedData.length >= 8) { eventHandler.countEvent('getDeviceDhKeys:gc') diff --git a/src/util/token.ts b/src/util/token.ts index 67cdcfc..14fea1e 100644 --- a/src/util/token.ts +++ b/src/util/token.ts @@ -46,5 +46,8 @@ export const assertIdWithinFamily = (id: string) => { } export const generateVersionId = randomString.bind(null, defaultAlphabet, 4) + +export const isVersionId = (id: string) => id.length === 4 && /^[a-zA-Z0-9]+$/.test(id) + export const generateFamilyId = randomString.bind(null, defaultAlphabet, 10) export const generatePurchaseId = randomString.bind(null, defaultAlphabet, 10)