Allow migration only on vault

2026-02-11 22:13:32 +00:00 · 2025-11-03 11:53:14 +01:00
parent b6c0490c55
commit 0aaeafb951
2 changed files with 26 additions and 3 deletions
--- a/libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts
+++ b/libs/angular/src/key-management/encrypted-migration/encrypted-migrations-scheduler.service.ts
@@ -1,4 +1,14 @@
-import { combineLatest, switchMap, of, firstValueFrom, filter, delay, concatMap } from "rxjs";
+import { NavigationEnd, Router } from "@angular/router";
+import {
+  combineLatest,
+  switchMap,
+  of,
+  firstValueFrom,
+  filter,
+  concatMap,
+  Observable,
+  map,
+} from "rxjs";

 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
@@ -28,6 +38,7 @@ export const ENCRYPTED_MIGRATION_DISMISSED = new UserKeyDefinition<Date>(
  },
 );
 const DISMISS_TIME_HOURS = 24;
+const VAULT_ROUTE = "/vault";

 /**
 * This services schedules encrypted migrations for users on clients that are interactive (non-cli), and handles manual interaction,
@@ -38,6 +49,7 @@ export class DefaultEncryptedMigrationsSchedulerService
  implements EncryptedMigrationsSchedulerService
 {
  isMigrating = false;
+  url$: Observable<string>;

  constructor(
    private syncService: SyncService,
@@ -49,7 +61,13 @@ export class DefaultEncryptedMigrationsSchedulerService
    private dialogService: DialogService,
    private toastService: ToastService,
    private i18nService: I18nService,
+    private router: Router,
  ) {
+    this.url$ = this.router.events.pipe(
+      filter((event: any) => event instanceof NavigationEnd),
+      map((event: NavigationEnd) => event.url),
+    );
+
    // For all accounts, if the auth status changes to unlocked or a sync happens, prompt for migration
    this.accountService.accounts$
      .pipe(
@@ -65,9 +83,12 @@ export class DefaultEncryptedMigrationsSchedulerService
              combineLatest([
                this.authService.authStatusFor$(userId),
                this.syncService.lastSync$(userId).pipe(filter((lastSync) => lastSync != null)),
+                this.url$,
              ]).pipe(
-                filter(([authStatus]) => authStatus === AuthenticationStatus.Unlocked),
-                delay(5_000),
+                filter(
+                  ([authStatus, _date, url]) =>
+                    authStatus === AuthenticationStatus.Unlocked && url === VAULT_ROUTE,
+                ),
                concatMap(() => this.runMigrationsIfNeeded(userId)),
              ),
            ),
--- a/libs/angular/src/services/jslib-services.module.ts
+++ b/libs/angular/src/services/jslib-services.module.ts
@@ -1,6 +1,7 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
 import { APP_INITIALIZER, ErrorHandler, LOCALE_ID, NgModule } from "@angular/core";
+import { Router } from "@angular/router";
 import { Subject } from "rxjs";

 // This import has been flagged as unallowed for this class. It may be involved in a circular dependency loop.
@@ -1725,6 +1726,7 @@ const safeProviders: SafeProvider[] = [
      DialogService,
      ToastService,
      I18nServiceAbstraction,
+      Router,
    ],
  }),
  safeProvider({