[PM-21912] Require userID for KeyService's hasUserKey (#14890)

* Update keyService hasUserKey to require userId and remove unused/duplicate methods

* Update lock component consumer

* Update send commands to pass in userId

* update SSO login to pass in userID

* Update bw serve to pass in userID

* remove unneeded method from electron-key.service

apps/browser/src/key-management/lock/services/extension-lock-component.service.spec.ts

@@ -12,7 +12,6 @@ import { VaultTimeoutSettingsService } from "@bitwarden/common/key-management/va
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { UserId } from "@bitwarden/common/types/guid";
 import {
-  KeyService,
   BiometricsService,
   BiometricsStatus,
   BiometricStateService,
@@ -35,7 +34,6 @@ describe("ExtensionLockComponentService", () => {
   let biometricsService: MockProxy<BiometricsService>;
   let pinService: MockProxy<PinServiceAbstraction>;
   let vaultTimeoutSettingsService: MockProxy<VaultTimeoutSettingsService>;
-  let keyService: MockProxy<KeyService>;
   let routerService: MockProxy<BrowserRouterService>;
   let biometricStateService: MockProxy<BiometricStateService>;
 
@@ -45,7 +43,6 @@ describe("ExtensionLockComponentService", () => {
     biometricsService = mock<BiometricsService>();
     pinService = mock<PinServiceAbstraction>();
     vaultTimeoutSettingsService = mock<VaultTimeoutSettingsService>();
-    keyService = mock<KeyService>();
     routerService = mock<BrowserRouterService>();
     biometricStateService = mock<BiometricStateService>();
 
@@ -72,10 +69,6 @@ describe("ExtensionLockComponentService", () => {
           provide: VaultTimeoutSettingsService,
           useValue: vaultTimeoutSettingsService,
         },
-        {
-          provide: KeyService,
-          useValue: keyService,
-        },
         {
           provide: BrowserRouterService,
           useValue: routerService,
@@ -375,7 +368,6 @@ describe("ExtensionLockComponentService", () => {
       vaultTimeoutSettingsService.isBiometricLockSet.mockResolvedValue(
         mockInputs.hasBiometricEncryptedUserKeyStored,
       );
-      keyService.hasUserKeyStored.mockResolvedValue(mockInputs.hasBiometricEncryptedUserKeyStored);
       platformUtilsService.supportsSecureStorage.mockReturnValue(
         mockInputs.platformSupportsSecureStorage,
       );

apps/cli/src/oss-serve-configurator.ts

@@ -3,6 +3,7 @@
 import * as koaMulter from "@koa/multer";
 import * as koaRouter from "@koa/router";
 import * as koa from "koa";
+import { firstValueFrom, map } from "rxjs";
 
 import { ConfirmCommand } from "./admin-console/commands/confirm.command";
 import { ShareCommand } from "./admin-console/commands/share.command";
@@ -170,6 +171,7 @@ export class OssServeConfigurator {
       this.serviceContainer.searchService,
       this.serviceContainer.encryptService,
       this.serviceContainer.apiService,
+      this.serviceContainer.accountService,
     );
     this.sendEditCommand = new SendEditCommand(
       this.serviceContainer.sendService,
@@ -182,6 +184,7 @@ export class OssServeConfigurator {
       this.serviceContainer.sendService,
       this.serviceContainer.environmentService,
       this.serviceContainer.searchService,
+      this.serviceContainer.accountService,
     );
     this.sendRemovePasswordCommand = new SendRemovePasswordCommand(
       this.serviceContainer.sendService,
@@ -414,7 +417,10 @@ export class OssServeConfigurator {
       this.processResponse(res, Response.error("You are not logged in."));
       return true;
     }
-    if (await this.serviceContainer.keyService.hasUserKey()) {
+    const userId = await firstValueFrom(
+      this.serviceContainer.accountService.activeAccount$.pipe(map((account) => account?.id)),
+    );
+    if (await this.serviceContainer.keyService.hasUserKey(userId)) {
       return false;
     }
     this.processResponse(res, Response.error("Vault is locked."));

apps/cli/src/tools/send/commands/get.command.ts

@@ -4,6 +4,8 @@ import { OptionValues } from "commander";
 import { firstValueFrom } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
@@ -22,6 +24,7 @@ export class SendGetCommand extends DownloadCommand {
     private searchService: SearchService,
     encryptService: EncryptService,
     apiService: ApiService,
+    private accountService: AccountService,
   ) {
     super(encryptService, apiService);
   }
@@ -77,7 +80,8 @@ export class SendGetCommand extends DownloadCommand {
         return await send.decrypt();
       }
     } else if (id.trim() !== "") {
-      let sends = await this.sendService.getAllDecryptedFromState();
+      const activeUserId = await firstValueFrom(this.accountService.activeAccount$.pipe(getUserId));
+      let sends = await this.sendService.getAllDecryptedFromState(activeUserId);
       sends = this.searchService.searchSends(sends, id);
       if (sends.length > 1) {
         return sends;

apps/cli/src/tools/send/commands/list.command.ts

@@ -1,5 +1,7 @@
 import { firstValueFrom } from "rxjs";
 
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
 import { SearchService } from "@bitwarden/common/vault/abstractions/search.service";
@@ -13,10 +15,12 @@ export class SendListCommand {
     private sendService: SendService,
     private environmentService: EnvironmentService,
     private searchService: SearchService,
+    private accountService: AccountService,
   ) {}
 
   async run(cmdOptions: Record<string, any>): Promise<Response> {
-    let sends = await this.sendService.getAllDecryptedFromState();
+    const activeUserId = await firstValueFrom(this.accountService.activeAccount$.pipe(getUserId));
+    let sends = await this.sendService.getAllDecryptedFromState(activeUserId);
 
     const normalizedOptions = new Options(cmdOptions);
     if (normalizedOptions.search != null && normalizedOptions.search.trim() !== "") {

apps/cli/src/tools/send/send.program.ts

@@ -128,6 +128,7 @@ export class SendProgram extends BaseProgram {
           this.serviceContainer.sendService,
           this.serviceContainer.environmentService,
           this.serviceContainer.searchService,
+          this.serviceContainer.accountService,
         );
         const response = await cmd.run(options);
         this.processResponse(response);
@@ -193,6 +194,7 @@ export class SendProgram extends BaseProgram {
           this.serviceContainer.searchService,
           this.serviceContainer.encryptService,
           this.serviceContainer.apiService,
+          this.serviceContainer.accountService,
         );
         const response = await cmd.run(id, options);
         this.processResponse(response);
@@ -253,6 +255,7 @@ export class SendProgram extends BaseProgram {
           this.serviceContainer.searchService,
           this.serviceContainer.encryptService,
           this.serviceContainer.apiService,
+          this.serviceContainer.accountService,
         );
         const cmd = new SendEditCommand(
           this.serviceContainer.sendService,

apps/desktop/src/key-management/electron-key.service.ts

@@ -51,10 +51,6 @@ export class ElectronKeyService extends DefaultKeyService {
     );
   }
 
-  override async hasUserKeyStored(keySuffix: KeySuffixOptions, userId?: UserId): Promise<boolean> {
-    return super.hasUserKeyStored(keySuffix, userId);
-  }
-
   override async clearStoredUserKey(keySuffix: KeySuffixOptions, userId: UserId): Promise<void> {
     await super.clearStoredUserKey(keySuffix, userId);
   }