[PM-21912] Require userID for KeyService's hasUserKey (#14890)

* Update keyService hasUserKey to require userId and remove unused/duplicate methods * Update lock component consumer * Update send commands to pass in userId * update SSO login to pass in userID * Update bw serve to pass in userID * remove unneeded method from electron-key.service
2025-12-06 00:13:28 +00:00 · 2025-07-09 11:53:16 -05:00
parent 9f1531a1b2
commit 09fb74679d
14 changed files with 66 additions and 75 deletions
--- a/apps/cli/src/oss-serve-configurator.ts
+++ b/apps/cli/src/oss-serve-configurator.ts
@@ -3,6 +3,7 @@
 import * as koaMulter from "@koa/multer";
 import * as koaRouter from "@koa/router";
 import * as koa from "koa";
+import { firstValueFrom, map } from "rxjs";

 import { ConfirmCommand } from "./admin-console/commands/confirm.command";
 import { ShareCommand } from "./admin-console/commands/share.command";
@@ -170,6 +171,7 @@ export class OssServeConfigurator {
      this.serviceContainer.searchService,
      this.serviceContainer.encryptService,
      this.serviceContainer.apiService,
+      this.serviceContainer.accountService,
    );
    this.sendEditCommand = new SendEditCommand(
      this.serviceContainer.sendService,
@@ -182,6 +184,7 @@ export class OssServeConfigurator {
      this.serviceContainer.sendService,
      this.serviceContainer.environmentService,
      this.serviceContainer.searchService,
+      this.serviceContainer.accountService,
    );
    this.sendRemovePasswordCommand = new SendRemovePasswordCommand(
      this.serviceContainer.sendService,
@@ -414,7 +417,10 @@ export class OssServeConfigurator {
      this.processResponse(res, Response.error("You are not logged in."));
      return true;
    }
-    if (await this.serviceContainer.keyService.hasUserKey()) {
+    const userId = await firstValueFrom(
+      this.serviceContainer.accountService.activeAccount$.pipe(map((account) => account?.id)),
+    );
+    if (await this.serviceContainer.keyService.hasUserKey(userId)) {
      return false;
    }
    this.processResponse(res, Response.error("Vault is locked."));
--- a/apps/cli/src/tools/send/commands/get.command.ts
+++ b/apps/cli/src/tools/send/commands/get.command.ts
@@ -4,6 +4,8 @@ import { OptionValues } from "commander";
 import { firstValueFrom } from "rxjs";

 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
@@ -22,6 +24,7 @@ export class SendGetCommand extends DownloadCommand {
    private searchService: SearchService,
    encryptService: EncryptService,
    apiService: ApiService,
+    private accountService: AccountService,
  ) {
    super(encryptService, apiService);
  }
@@ -77,7 +80,8 @@ export class SendGetCommand extends DownloadCommand {
        return await send.decrypt();
      }
    } else if (id.trim() !== "") {
-      let sends = await this.sendService.getAllDecryptedFromState();
+      const activeUserId = await firstValueFrom(this.accountService.activeAccount$.pipe(getUserId));
+      let sends = await this.sendService.getAllDecryptedFromState(activeUserId);
      sends = this.searchService.searchSends(sends, id);
      if (sends.length > 1) {
        return sends;
--- a/apps/cli/src/tools/send/commands/list.command.ts
+++ b/apps/cli/src/tools/send/commands/list.command.ts
@@ -1,5 +1,7 @@
 import { firstValueFrom } from "rxjs";

+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
 import { SearchService } from "@bitwarden/common/vault/abstractions/search.service";
@@ -13,10 +15,12 @@ export class SendListCommand {
    private sendService: SendService,
    private environmentService: EnvironmentService,
    private searchService: SearchService,
+    private accountService: AccountService,
  ) {}

  async run(cmdOptions: Record<string, any>): Promise<Response> {
-    let sends = await this.sendService.getAllDecryptedFromState();
+    const activeUserId = await firstValueFrom(this.accountService.activeAccount$.pipe(getUserId));
+    let sends = await this.sendService.getAllDecryptedFromState(activeUserId);

    const normalizedOptions = new Options(cmdOptions);
    if (normalizedOptions.search != null && normalizedOptions.search.trim() !== "") {
--- a/apps/cli/src/tools/send/send.program.ts
+++ b/apps/cli/src/tools/send/send.program.ts
@@ -128,6 +128,7 @@ export class SendProgram extends BaseProgram {
          this.serviceContainer.sendService,
          this.serviceContainer.environmentService,
          this.serviceContainer.searchService,
+          this.serviceContainer.accountService,
        );
        const response = await cmd.run(options);
        this.processResponse(response);
@@ -193,6 +194,7 @@ export class SendProgram extends BaseProgram {
          this.serviceContainer.searchService,
          this.serviceContainer.encryptService,
          this.serviceContainer.apiService,
+          this.serviceContainer.accountService,
        );
        const response = await cmd.run(id, options);
        this.processResponse(response);
@@ -253,6 +255,7 @@ export class SendProgram extends BaseProgram {
          this.serviceContainer.searchService,
          this.serviceContainer.encryptService,
          this.serviceContainer.apiService,
+          this.serviceContainer.accountService,
        );
        const cmd = new SendEditCommand(
          this.serviceContainer.sendService,