[PM-21380] Bugfix - Update account creation script for new server versions (#341)

* update account creation script for new server versions

* bump self-host image version and add container name to docker-compose file

* simplify matching logic

Author: jprusik

docker-compose.yml

@@ -1,10 +1,11 @@
+name: v2025-05-02
 services:
   bitwarden:
     depends_on:
       - db
     env_file:
       - .env
-    image: ghcr.io/bitwarden/self-host:2025.4.1-beta # https://github.com/bitwarden/self-host/releases
+    image: ghcr.io/bitwarden/self-host:2025.5.2-beta # https://github.com/bitwarden/self-host/releases
     restart: always
     ports:
       - ${VAULT_HOST_PORT}:8443

scripts/create-account.ts

@@ -3,7 +3,7 @@ import { configDotenv } from "dotenv";
 
 configDotenv();
 
-type AccountCreationResponseData = {
+type ResponseData = {
   captchaBypassToken?: string;
   message?: string | "The model state is invalid.";
   validationErrors?: {
@@ -12,12 +12,20 @@ type AccountCreationResponseData = {
   exceptionMessage?: string | null;
   exceptionStackTrace?: string | null;
   innerExceptionMessage?: string | null;
-  object?: "register" | "error";
+  object?: "registerFinish" | "error";
 };
 
+type PreAccountCreateResponseData = ResponseData | string;
+
+type AccountCreationResponseData = ResponseData;
+
 let failedAttemptsCount = 0;
 
 async function createAccount() {
+  if (failedAttemptsCount > 60) {
+    throw new Error("The account was unable to be created.");
+  }
+
   const {
     GENERATED_RSA_KEY_PAIR_PROTECTED_PRIVATE_KEY,
     GENERATED_RSA_KEY_PAIR_PUBLIC_KEY,
@@ -31,30 +39,81 @@ async function createAccount() {
   const vaultHost = `${VAULT_HOST_URL}:${VAULT_HOST_PORT}`;
 
   try {
-    const response = await fetch(`${vaultHost}/identity/accounts/register`, {
+    const requestOptions = {
       headers: {
-        "Content-Type": "application/json",
+        accept: "application/json",
+        "content-type": "application/json; charset=utf-8",
       },
-      body: JSON.stringify({
-        email: `${VAULT_EMAIL}`,
-        name: null,
-        masterPasswordHash: `${MASTER_PASSWORD_HASH}`,
-        key: `${PROTECTED_SYMMETRIC_KEY}`,
-        kdf: 0,
-        kdfIterations: `${KDF_ITERATIONS}`,
-        referenceData: { id: null },
-        captchaResponse: null,
-        masterPasswordHint: null,
-        keys: {
-          publicKey: `${GENERATED_RSA_KEY_PAIR_PUBLIC_KEY}`,
-          encryptedPrivateKey: `${GENERATED_RSA_KEY_PAIR_PROTECTED_PRIVATE_KEY}`,
-        },
-      }),
       method: "POST",
-    });
+    };
+
+    const preCreationResponse = await fetch(
+      `${vaultHost}/identity/accounts/register/send-verification-email`,
+      {
+        ...requestOptions,
+        body: JSON.stringify({ email: `${VAULT_EMAIL}`, name: "" }),
+      },
+    );
+
+    const preCreationResponseData =
+      (await preCreationResponse.json()) as PreAccountCreateResponseData;
+
+    if (
+      typeof preCreationResponseData !== "string" &&
+      preCreationResponseData.object === "error"
+    ) {
+      const emailIsTaken = !!preCreationResponseData.message.match(
+        /^Email .+@.+ is already taken$/g,
+      )?.length;
+
+      if (emailIsTaken) {
+        emitSuccessMessage(vaultHost);
+        return;
+      }
+
+      console.log(`Retrying account creation at ${vaultHost}...`);
+      failedAttemptsCount++;
+      setTimeout(createAccount, 3000);
+      return;
+    } else if (
+      typeof preCreationResponseData !== "string" ||
+      !preCreationResponseData.startsWith(
+        "BwRegistrationEmailVerificationToken_",
+      )
+    ) {
+      console.log(
+        "Unexpected response: expected BwRegistrationEmailVerificationToken",
+      );
+      return;
+    }
+
+    const response = await fetch(
+      `${vaultHost}/identity/accounts/register/finish`,
+      {
+        ...requestOptions,
+        body: JSON.stringify({
+          email: `${VAULT_EMAIL}`,
+          emailVerificationToken: preCreationResponseData,
+          masterPasswordHash: `${MASTER_PASSWORD_HASH}`,
+          kdf: 0,
+          kdfIterations: KDF_ITERATIONS,
+          masterPasswordHint: "",
+          userSymmetricKey: `${PROTECTED_SYMMETRIC_KEY}`,
+          userAsymmetricKeys: {
+            publicKey: `${GENERATED_RSA_KEY_PAIR_PUBLIC_KEY}`,
+            encryptedPrivateKey: `${GENERATED_RSA_KEY_PAIR_PROTECTED_PRIVATE_KEY}`,
+          },
+        }),
+      },
+    );
 
     const responseData = (await response.json()) as AccountCreationResponseData;
 
+    if (responseData.object === "registerFinish") {
+      emitSuccessMessage(vaultHost);
+      return;
+    }
+
     let emailIsTaken = false;
 
     const responseErrors =
@@ -70,25 +129,24 @@ async function createAccount() {
     }
 
     if (emailIsTaken) {
-      console.log(
-        "\x1b[1m\x1b[32m%s\x1b[0m", // bold, light green foreground
-        `Account has been created successfully at ${vaultHost}!\n`,
-      );
+      emitSuccessMessage(vaultHost);
 
       return;
     }
   } catch (error) {
     // Server isn't ready yet
   }
 
-  if (failedAttemptsCount > 60) {
-    throw new Error("The account was unable to be created.");
-  }
-
   console.log(`Retrying account creation at ${vaultHost}...`);
-
   failedAttemptsCount++;
   setTimeout(createAccount, 3000);
 }
 
+function emitSuccessMessage(vaultHost: string) {
+  console.log(
+    "\x1b[1m\x1b[32m%s\x1b[0m", // bold, light green foreground
+    `Account has been created successfully at ${vaultHost}!\n`,
+  );
+}
+
 createAccount();