Merge branch 'feature/347-Add-support-for-Device-Management' into beta

Author: stenya

cli/commands/account.go

@@ -32,6 +32,7 @@ import (
 	"time"
 
 	"github.com/ivpn/desktop-app/cli/flags"
+	"github.com/ivpn/desktop-app/cli/helpers"
 	"github.com/ivpn/desktop-app/daemon/api/types"
 	"github.com/ivpn/desktop-app/daemon/service/srverrors"
 	"github.com/ivpn/desktop-app/daemon/vpn"
@@ -92,9 +93,9 @@ func doLogin(accountID string, force bool) error {
 		accountID = string(data)
 	}
 
-	apiStatus, err := _proto.SessionNew(accountID, force, "")
+	resp, err := _proto.SessionNew(accountID, force, "")
 	if err != nil {
-		if apiStatus == types.The2FARequired {
+		if resp.APIStatus == types.The2FARequired {
 			fmt.Println("Account has two-factor authentication enabled.")
 			fmt.Print("Please enter TOTP token to login: ")
 			reader := bufio.NewReader(os.Stdin)
@@ -103,14 +104,19 @@ func doLogin(accountID string, force bool) error {
 			topt = strings.TrimSuffix(topt, "\n")
 			topt = strings.TrimSuffix(topt, "\r")
 
-			apiStatus, err = _proto.SessionNew(accountID, force, topt)
+			resp, err = _proto.SessionNew(accountID, force, topt)
 		}
 
-		if apiStatus == types.CodeSessionsLimitReached {
+		if resp.APIStatus == types.CodeSessionsLimitReached {
 			PrintTips([]TipType{TipForceLogin})
 
-			fmt.Println("Visit Device Management to manage your devices: 'https://www.ivpn.net/account/device-management'")
-			fmt.Println("")
+			if !helpers.IsLegacyAccount(accountID) && len(resp.Account.DeviceManagementURL) > 0 {
+				prefixText := "Visit Device Management"
+				if !resp.Account.DeviceManagement {
+					prefixText = "Enable Device Management"
+				}
+				fmt.Println(fmt.Sprintf("%s to manage your devices: '%s'", prefixText, resp.Account.DeviceManagementURL))
+			}
 		}
 
 		if err != nil {

cli/helpers/helpers.go

@@ -88,3 +88,7 @@ func TrimSpacesAndRemoveQuotes(s string) string {
 	}
 	return s
 }
+
+func IsLegacyAccount(accountID string) bool {
+	return len(accountID) <= 12 && strings.HasPrefix(accountID, "ivpn")
+}

cli/protocol/client.go

@@ -168,23 +168,22 @@ func (c *Client) GetHelloResponse() types.HelloResp {
 }
 
 // SessionNew creates new session
-func (c *Client) SessionNew(accountID string, forceLogin bool, the2FA string) (apiStatus int, err error) {
+func (c *Client) SessionNew(accountID string, forceLogin bool, the2FA string) (resp types.SessionNewResp, err error) {
 	if err := c.ensureConnected(); err != nil {
-		return 0, err
+		return resp, err
 	}
 
 	req := types.SessionNew{AccountID: accountID, ForceLogin: forceLogin, Confirmation2FA: the2FA}
-	var resp types.SessionNewResp
 
 	if err := c.sendRecv(&req, &resp); err != nil {
-		return 0, err
+		return resp, err
 	}
 
 	if len(resp.Session.Session) <= 0 {
-		return resp.APIStatus, fmt.Errorf("[%d] %s", resp.APIStatus, resp.APIErrorMessage)
+		return resp, fmt.Errorf("[%d] %s", resp.APIStatus, resp.APIErrorMessage)
 	}
 
-	return resp.APIStatus, nil
+	return resp, nil
 }
 
 // SessionDelete remove session

daemon/api/api.go

@@ -284,7 +284,8 @@ func (a *API) DoRequestByAlias(apiAlias string, ipTypeRequired protocolTypes.Req
 		}
 	}
 
-	return a.requestRaw(ipTypeRequired, alias.host, alias.path, "", "", nil, 0, 0)
+	responseData, _, err = a.requestRaw(ipTypeRequired, alias.host, alias.path, "", "", nil, 0, 0)
+	return responseData, err
 }
 
 // SessionNew - try to register new session
@@ -310,7 +311,7 @@ func (a *API) SessionNew(accountID string, wgPublicKey string, kemKeys types.Kem
 		Captcha:         captcha,
 		Confirmation2FA: confirmation2FA}
 
-	data, err := a.requestRaw(protocolTypes.IPvAny, "", _sessionNewPath, "POST", "application/json", request, 0, 0)
+	data, httpResp, err := a.requestRaw(protocolTypes.IPvAny, "", _sessionNewPath, "POST", "application/json", request, 0, 0)
 	if err != nil {
 		return nil, nil, nil, rawResponse, err
 	}
@@ -319,7 +320,7 @@ func (a *API) SessionNew(accountID string, wgPublicKey string, kemKeys types.Kem
 
 	// Check is it API error
 	if err := json.Unmarshal(data, &apiErr); err != nil {
-		return nil, nil, nil, rawResponse, fmt.Errorf("failed to deserialize API response: %w", err)
+		return nil, nil, nil, rawResponse, fmt.Errorf("[%d; status=%s] failed to deserialize API response: %w", httpResp.StatusCode, httpResp.Status, err)
 	}
 
 	// success
@@ -353,7 +354,7 @@ func (a *API) SessionStatus(session string) (
 
 	request := &types.SessionStatusRequest{Session: session}
 
-	data, err := a.requestRaw(protocolTypes.IPvAny, "", _sessionStatusPath, "POST", "application/json", request, 0, 0)
+	data, _, err := a.requestRaw(protocolTypes.IPvAny, "", _sessionStatusPath, "POST", "application/json", request, 0, 0)
 	if err != nil {
 		return nil, nil, err
 	}
@@ -442,7 +443,7 @@ func (a *API) GeoLookup(timeoutMs int, ipTypeRequired protocolTypes.RequiredIPPr
 					gl.isRunning = false
 					close(gl.done)
 				}()
-				gl.response, gl.err = a.requestRaw(ipType, "", _geoLookupPath, "GET", "", nil, timeoutMs, 0)
+				gl.response, _, gl.err = a.requestRaw(ipType, "", _geoLookupPath, "GET", "", nil, timeoutMs, 0)
 				if err := json.Unmarshal(gl.response, &gl.location); err != nil {
 					gl.err = fmt.Errorf("failed to deserialize API response: %w", err)
 				}

daemon/api/api_internal.go

@@ -330,26 +330,30 @@ func (a *API) doRequestAPIHost(ipTypeRequired types.RequiredIPProtocol, isCanUse
 	return nil, fmt.Errorf("unable to access IVPN API server: %w", firstErr)
 }
 
-func (a *API) requestRaw(ipTypeRequired types.RequiredIPProtocol, host string, urlPath string, method string, contentType string, requestObject interface{}, timeoutMs int, timeoutDialMs int) (responseData []byte, err error) {
+func (a *API) requestRaw(ipTypeRequired types.RequiredIPProtocol, host string, urlPath string, method string, contentType string, requestObject interface{}, timeoutMs int, timeoutDialMs int) (responseData []byte, httpResp *http.Response, err error) {
 	resp, err := a.doRequest(ipTypeRequired, host, urlPath, method, contentType, requestObject, timeoutMs, timeoutDialMs)
 	if err != nil {
-		return nil, fmt.Errorf("API request failed: %w", err)
+		return nil, nil, fmt.Errorf("API request failed: %w", err)
+	}
+
+	if resp.StatusCode != 200 {
+		log.Debug(fmt.Sprintf("API response: (HTTP status code %d); status=%s", resp.StatusCode, resp.Status))
 	}
 
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get API HTTP response body: %w", err)
+		return nil, nil, fmt.Errorf("failed to read API HTTP response body: %w", err)
 	}
 
-	return body, nil
+	return body, resp, nil
 }
 
 func (a *API) request(host string, urlPath string, method string, contentType string, requestObject interface{}, responseObject interface{}) error {
 	return a.requestEx(host, urlPath, method, contentType, requestObject, responseObject, 0, 0)
 }
 
 func (a *API) requestEx(host string, urlPath string, method string, contentType string, requestObject interface{}, responseObject interface{}, timeoutMs int, timeoutDialMs int) error {
-	body, err := a.requestRaw(types.IPvAny, host, urlPath, method, contentType, requestObject, timeoutMs, timeoutDialMs)
+	body, _, err := a.requestRaw(types.IPvAny, host, urlPath, method, contentType, requestObject, timeoutMs, timeoutDialMs)
 	if err != nil {
 		return err
 	}

daemon/api/types/responses.go

@@ -35,18 +35,20 @@ type APIErrorResponse struct {
 
 // ServiceStatusAPIResp account info
 type ServiceStatusAPIResp struct {
-	Active         bool     `json:"is_active"`
-	ActiveUntil    int64    `json:"active_until"`
-	CurrentPlan    string   `json:"current_plan"`
-	PaymentMethod  string   `json:"payment_method"`
-	IsRenewable    bool     `json:"is_renewable"`
-	WillAutoRebill bool     `json:"will_auto_rebill"`
-	IsFreeTrial    bool     `json:"is_on_free_trial"`
-	Capabilities   []string `json:"capabilities"`
-	Upgradable     bool     `json:"upgradable"`
-	UpgradeToPlan  string   `json:"upgrade_to_plan"`
-	UpgradeToURL   string   `json:"upgrade_to_url"`
-	Limit          int      `json:"limit"` // applicable for 'session limit' error
+	Active              bool     `json:"is_active"`
+	ActiveUntil         int64    `json:"active_until"`
+	CurrentPlan         string   `json:"current_plan"`
+	PaymentMethod       string   `json:"payment_method"`
+	IsRenewable         bool     `json:"is_renewable"`
+	WillAutoRebill      bool     `json:"will_auto_rebill"`
+	IsFreeTrial         bool     `json:"is_on_free_trial"`
+	Capabilities        []string `json:"capabilities"`
+	Upgradable          bool     `json:"upgradable"`
+	UpgradeToPlan       string   `json:"upgrade_to_plan"`
+	UpgradeToURL        string   `json:"upgrade_to_url"`
+	DeviceManagement    bool     `json:"device_management"`
+	DeviceManagementURL string   `json:"device_management_url"` // applicable for 'session limit' error
+	Limit               int      `json:"limit"`                 // applicable for 'session limit' error
 }
 
 // KemCiphers in use for KEM: to exchange WG PresharedKey

daemon/service/preferences/account.go

@@ -35,18 +35,20 @@ const (
 
 // AccountStatus contains information about current account
 type AccountStatus struct {
-	Active         bool
-	ActiveUntil    int64
-	CurrentPlan    string
-	PaymentMethod  string
-	IsRenewable    bool
-	WillAutoRebill bool
-	IsFreeTrial    bool
-	Capabilities   []string
-	Upgradable     bool
-	UpgradeToPlan  string
-	UpgradeToURL   string
-	Limit          int
+	Active              bool
+	ActiveUntil         int64
+	CurrentPlan         string
+	PaymentMethod       string
+	IsRenewable         bool
+	WillAutoRebill      bool
+	IsFreeTrial         bool
+	Capabilities        []string
+	Upgradable          bool
+	UpgradeToPlan       string
+	UpgradeToURL        string
+	DeviceManagement    bool
+	DeviceManagementURL string
+	Limit               int
 }
 
 func (a AccountStatus) IsInitialized() bool {

daemon/service/service.go

@@ -1860,18 +1860,20 @@ func (s *Service) RequestSessionStatus() (
 
 func (s *Service) createAccountStatus(apiResp api_types.ServiceStatusAPIResp) preferences.AccountStatus {
 	return preferences.AccountStatus{
-		Active:         apiResp.Active,
-		ActiveUntil:    apiResp.ActiveUntil,
-		CurrentPlan:    apiResp.CurrentPlan,
-		PaymentMethod:  apiResp.PaymentMethod,
-		IsRenewable:    apiResp.IsRenewable,
-		WillAutoRebill: apiResp.WillAutoRebill,
-		IsFreeTrial:    apiResp.IsFreeTrial,
-		Capabilities:   apiResp.Capabilities,
-		Upgradable:     apiResp.Upgradable,
-		UpgradeToPlan:  apiResp.UpgradeToPlan,
-		UpgradeToURL:   apiResp.UpgradeToURL,
-		Limit:          apiResp.Limit}
+		Active:              apiResp.Active,
+		ActiveUntil:         apiResp.ActiveUntil,
+		CurrentPlan:         apiResp.CurrentPlan,
+		PaymentMethod:       apiResp.PaymentMethod,
+		IsRenewable:         apiResp.IsRenewable,
+		WillAutoRebill:      apiResp.WillAutoRebill,
+		IsFreeTrial:         apiResp.IsFreeTrial,
+		Capabilities:        apiResp.Capabilities,
+		Upgradable:          apiResp.Upgradable,
+		UpgradeToPlan:       apiResp.UpgradeToPlan,
+		UpgradeToURL:        apiResp.UpgradeToURL,
+		DeviceManagement:    apiResp.DeviceManagement,
+		DeviceManagementURL: apiResp.DeviceManagementURL,
+		Limit:               apiResp.Limit}
 }
 
 func (s *Service) startSessionChecker() {

ui/.gitignore

@@ -33,3 +33,5 @@ libivpn.dylib
 References/macOS/_compiled
 References/macOS/HelperProjects/uninstaller/bin
 References/Windows/bin/
+out/*
+addons/wifi-info-macos/build/*

ui/src/components/Component-Login.vue

@@ -253,9 +253,12 @@ export default {
                   accountID: this.accountID,
                   devicesMaxLimit: resp.Account.Limit,
                   CurrentPlan: resp.Account.CurrentPlan,
+                  PaymentMethod: resp.Account.PaymentMethod,
                   Upgradable: resp.Account.Upgradable,
                   UpgradeToPlan: resp.Account.UpgradeToPlan,
                   UpgradeToURL: resp.Account.UpgradeToURL,
+                  DeviceManagement: resp.Account.DeviceManagement,
+                  DeviceManagementURL: resp.Account.DeviceManagementURL,
                   extraArgs: {
                     confirmation2FA: oldConfirmation2FA,
                   },

ui/src/ipc/main-listener.js

@@ -423,9 +423,18 @@ ipcMain.handle("renderer-request-shell-open-external", async (event, uri) => {
   }
 
   if (!isAllowedUrl) {
-    const errMsg = `Opening the link '${uri}' is blocked. Not allowed to open links which are not starting from: ${config.URLsAllowedPrefixes}`;
-    console.log(errMsg);
-    throw Error(errMsg);
+    const errMsgText = `The link cannot be opened`;
+    const errMsgTextLnk = `${uri}`;
+    const errMsgDetail = `Links must start with: "${config.URLsAllowedPrefixes}". Opening links that do not meet this criterion is not allowed.`;
+    console.log(errMsgText + " " + errMsgTextLnk+ " " + errMsgDetail);
+
+    dialog.showMessageBoxSync(event.sender.getOwnerBrowserWindow(), {
+      type: "error",
+      message: errMsgText,
+      detail: errMsgTextLnk+ "\n\n" + errMsgDetail,
+      buttons: ["OK"],
+    });
+    return;
   }
   return shell.openExternal(uri);
 });

ui/src/store/module-account.js

@@ -50,6 +50,8 @@ export default {
       Upgradable: false,
       UpgradeToPlan: "",
       UpgradeToURL: "",
+      DeviceManagement: false,
+      DeviceManagementURL: "", // applicable for 'session limit' error
       Limit: 0, // applicable for 'session limit' error
     },
   },

ui/src/views/AccountLimit.vue

@@ -29,13 +29,11 @@
         </button>
 
         <div style="height: 16px"></div>
-        <button
-          class="slave"
-          v-if="isCanForceLogout"
-          v-on:click="onVisitDeviceManagement"
-        >
-          Visit Device Management
-        </button>
+        <div v-if="isLegacyAccount == false && this.DeviceManagementURL">
+          <button class="slave" v-on:click="onVisitDeviceManagement">
+            {{ devManagementButtonText }}
+          </button>
+        </div>
 
         <div style="height: 16px"></div>
         <div class="centered">
@@ -71,9 +69,12 @@ export default {
       this.accountID = params.accountID;
       this.devicesMaxLimit = params.devicesMaxLimit;
       this.CurrentPlan = params.CurrentPlan;
+      this.PaymentMethod = params.PaymentMethod;
       this.Upgradable = params.Upgradable;
       this.UpgradeToPlan = params.UpgradeToPlan;
       this.UpgradeToURL = params.UpgradeToURL;
+      this.DeviceManagement = params.DeviceManagement;
+      this.DeviceManagementURL = params.DeviceManagementURL;
     } else {
       console.error("AccountLimit view: history params are not defined!");
     }
@@ -85,10 +86,12 @@ export default {
       accountID: null,
       devicesMaxLimit: 0,
       CurrentPlan: null,
+      PaymentMethod: null,
       Upgradable: null,
       UpgradeToPlan: null,
       UpgradeToURL: null,
-
+      DeviceManagement: false,
+      DeviceManagementURL: "",
       extraArgs: null,
     };
   },
@@ -100,6 +103,18 @@ export default {
       if (this.accountID == null || this.accountID === "") return false;
       return true;
     },
+    isLegacyAccount: function () {
+      return typeof this.accountID === "string" &&
+        this.accountID.startsWith("ivpn") &&
+        this.accountID.length <= 12
+        ? true
+        : false;
+    },
+    devManagementButtonText: function () {
+      return this.DeviceManagement
+        ? "Visit Device Management"
+        : "Enable Device Management";
+    },
   },
   methods: {
     onTryAgain: function () {
@@ -125,9 +140,7 @@ export default {
       sender.shellOpenExternal(`https://www.ivpn.net/contactus`);
     },
     onVisitDeviceManagement: function () {
-      sender.shellOpenExternal(
-        `https://www.ivpn.net/account/device-management`,
-      );
+      sender.shellOpenExternal(this.DeviceManagementURL);
     },
   },
 };