[PM-6895] Add script to auto-populate crypto values in .env (#343)

* Add script to auto-populate crypto values in .env

* convert generate-crypto script to ts

* remove crypto values from .env.example

* update README

* add typechecking command

* resolve strict typing issues

Author: jprusik

.env.example

@@ -54,11 +54,3 @@ BW_DB_PORT=3306
 BW_ENABLE_SSL="true"
 BW_SSL_CERT="ssl.crt"
 BW_SSL_KEY="ssl.key"
-
-# Account creation
-# Pull the following values from https://bitwarden.com/crypto.html
-KDF_ITERATIONS=600000
-MASTER_PASSWORD_HASH=""
-PROTECTED_SYMMETRIC_KEY=""
-GENERATED_RSA_KEY_PAIR_PUBLIC_KEY=""
-GENERATED_RSA_KEY_PAIR_PROTECTED_PRIVATE_KEY=""

README.md

@@ -58,6 +58,8 @@ The aim of this project is to track and anticipate the compatibility of the Bitw
 - Create an `.env` file in the root directory with values pointing to the vault you want to test against (use `.env.example` as guidance) and populate it with your desired values
 - Run `npm run setup:install` to generate and add installation values to your dotfile
   - Alternatively, you can generate them at `https://bitwarden.com/host` and add them to your dotfile manually as `BW_INSTALLATION_ID` and `BW_INSTALLATION_KEY`
+- Run `npm run setup:crypto` to generate and add crypto values to your dotfile
+  - Alternatively, you can create the required values manually with guidance from `https://bitwarden.com/help/bitwarden-security-white-paper/#hashing-key-derivation-and-encryption` and add them to your dotfile as `KDF_ITERATIONS`, `MASTER_PASSWORD_HASH`, `PROTECTED_SYMMETRIC_KEY`, `GENERATED_RSA_KEY_PAIR_PUBLIC_KEY`, and `GENERATED_RSA_KEY_PAIR_PROTECTED_PRIVATE_KEY`
 - Install node (with `nvm install` if `nvm` is installed)
 - Install Bitwarden CLI (with npm: `npm install -g @bitwarden/cli`)
 - Do a clean-install with `npm ci` (this will also fetch and set up the Bitwarden clients repo)

package.json

@@ -49,6 +49,7 @@
     "setup:ssl": "./scripts/generate-certs.sh",
     "setup:test-site": "rimraf test-site && ./scripts/setup-test-site.sh",
     "setup:vault": "npm run seed:vault:account && npm run seed:vault:ciphers",
+    "setup:crypto": "ts-node ./scripts/generate-crypto.ts",
     "start:cli": "./scripts/cli-serve-helper.sh",
     "start:test-site": "./scripts/serve-test-site.sh",
     "stop:cli": "kill $(ps -e | grep 'bw serve' | grep -v 'vault-seeder' | awk '{print $1}')",
@@ -77,7 +78,8 @@
     "test:static:notification:ci": "npm run pretest && NODE_EXTRA_CA_CERTS=ssl.crt xvfb-run playwright test tests/static/notifications.spec.ts",
     "test:static:notification:headless": "npm run pretest && NODE_EXTRA_CA_CERTS=ssl.crt HEADLESS=true playwright test tests/static/notifications.spec.ts",
     "test:webserve": "cd clients/apps/web && npm run build:bit:watch",
-    "test:webserve:bitwarden": "cd clients/apps/web && ENV=cloud npm run build:oss:watch"
+    "test:webserve:bitwarden": "cd clients/apps/web && ENV=cloud npm run build:oss:watch",
+    "typecheck": "npx tsc -p ./scripts/tsconfig.json && npx tsc -p ./tests/tsconfig.json"
   },
   "engines": {
     "node": "23.11.x",

scripts/create-account.ts

@@ -62,7 +62,7 @@ async function createAccount() {
       typeof preCreationResponseData !== "string" &&
       preCreationResponseData.object === "error"
     ) {
-      const emailIsTaken = !!preCreationResponseData.message.match(
+      const emailIsTaken = !!preCreationResponseData.message?.match(
         /^Email .+@.+ is already taken$/g,
       )?.length;
 

scripts/first-time-setup.sh

@@ -9,6 +9,7 @@ npx playwright install --with-deps chromium
 npm run setup:extension
 npm run build:extension
 npm run setup:install
+npm run setup:crypto
 docker compose up -d --build --remove-orphans --wait --wait-timeout 60
 npm run seed:vault:account
 npm run start:cli