Add a route to ensure the vault is initialized (#4285)

docs/settings.md

@@ -539,6 +539,25 @@ Content-Type: application/json
 HTTP/1.1 204 No Content
 ```
 
+### POST /settings/vault
+
+This route can be used to ensure the vault is initialized. If it is not the
+case, it will migrate the accounts from the konnectors accounts to the vault
+and will set the `extension_installed` flag.
+
+#### Request
+
+```http
+POST /settings/vault HTTP/1.1
+Host: alice.example.com
+```
+
+#### Response
+
+```http
+HTTP/1.1 204 No Content
+```
+
 ## Instance
 
 ### GET /settings/capabilities

model/bitwarden/settings/settings.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/cozy/cozy-stack/model/account"
 	"github.com/cozy/cozy-stack/model/instance"
+	"github.com/cozy/cozy-stack/model/job"
 	"github.com/cozy/cozy-stack/pkg/consts"
 	"github.com/cozy/cozy-stack/pkg/couchdb"
 	"github.com/cozy/cozy-stack/pkg/crypto"
@@ -173,4 +174,20 @@ func UpdateRevisionDate(inst *instance.Instance, settings *Settings) error {
 	return err
 }
 
+// MigrateAccountsToCiphers creates a job to copy the konnectors accounts
+// inside the bitwarden vault (and set the extension_installed flag).
+func MigrateAccountsToCiphers(inst *instance.Instance) error {
+	msg, err := job.NewMessage(map[string]interface{}{
+		"type": "accounts-to-organization",
+	})
+	if err != nil {
+		return err
+	}
+	_, err = job.System().PushJob(inst, &job.JobRequest{
+		WorkerType: "migrations",
+		Message:    msg,
+	})
+	return err
+}
+
 var _ couchdb.Doc = &Settings{}

web/bitwarden/bitwarden.go

@@ -13,7 +13,6 @@ import (
 	"github.com/cozy/cozy-stack/model/bitwarden/settings"
 	"github.com/cozy/cozy-stack/model/instance"
 	"github.com/cozy/cozy-stack/model/instance/lifecycle"
-	"github.com/cozy/cozy-stack/model/job"
 	"github.com/cozy/cozy-stack/model/oauth"
 	"github.com/cozy/cozy-stack/model/permission"
 	"github.com/cozy/cozy-stack/model/session"
@@ -24,20 +23,6 @@ import (
 	"github.com/labstack/echo/v4"
 )
 
-func migrateAccountsToCiphers(inst *instance.Instance) error {
-	msg, err := job.NewMessage(map[string]interface{}{
-		"type": "accounts-to-organization",
-	})
-	if err != nil {
-		return err
-	}
-	_, err = job.System().PushJob(inst, &job.JobRequest{
-		WorkerType: "migrations",
-		Message:    msg,
-	})
-	return err
-}
-
 // Prelogin tells to the client how many KDF iterations it must apply when
 // hashing the master password.
 func Prelogin(c echo.Context) error {
@@ -318,7 +303,7 @@ func getInitialCredentials(c echo.Context) error {
 		// This is the first time the bitwarden extension is installed: make sure
 		// the user gets the existing accounts into the vault.
 		// ClientKind is "web" for web apps, e.g. Settings
-		if err := migrateAccountsToCiphers(inst); err != nil {
+		if err := settings.MigrateAccountsToCiphers(inst); err != nil {
 			log.Errorf("Cannot push job for ciphers migration: %s", err)
 		}
 	}

web/settings/passphrase.go

@@ -426,3 +426,23 @@ func (h *HTTPHandler) updateHint(c echo.Context) error {
 	}
 	return c.NoContent(http.StatusNoContent)
 }
+
+func (h *HTTPHandler) createVault(c echo.Context) error {
+	inst := middlewares.GetInstance(c)
+
+	if err := middlewares.AllowWholeType(c, permission.POST, consts.BitwardenProfiles); err != nil {
+		return err
+	}
+
+	setting, err := settings.Get(inst)
+	if err != nil {
+		return err
+	}
+
+	if !setting.ExtensionInstalled {
+		if err := settings.MigrateAccountsToCiphers(inst); err != nil {
+			return jsonapi.InternalServerError(err)
+		}
+	}
+	return c.NoContent(http.StatusNoContent)
+}

web/settings/settings.go

@@ -255,6 +255,7 @@ func (h *HTTPHandler) Register(router *echo.Group) {
 	router.POST("/passphrase/check", h.checkPassphrase)
 	router.GET("/hint", h.getHint)
 	router.PUT("/hint", h.updateHint)
+	router.POST("/vault", h.createVault)
 
 	router.GET("/capabilities", h.getCapabilities)
 	router.GET("/instance", h.getInstance)