[PM-8210] Discourage Active User in CryptoService (#9364)

* Add Helper For Preparing a Record For Use in `forkJoin` * Update & Test CryptoService Changes * Delete Unused Code * Update DeviceTrustService * Update CipherService * Make `userPublicKey$` Public * Rename convertValues File * Update libs/common/src/platform/abstractions/crypto.service.ts Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> * Add `convertValues` Tests * Add Doc Comments * Convert to `function`'s Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> * Fix Test Typos * Add param doc * Update Test Name * Add `@throws` Docs --------- Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
2025-12-16 00:03:56 +00:00 · 2024-05-31 12:10:23 -04:00
parent b784fe7593
commit 0e7ed8dd7f
14 changed files with 799 additions and 500 deletions
--- a/libs/common/src/vault/services/cipher.service.ts
+++ b/libs/common/src/vault/services/cipher.service.ts
@@ -135,8 +135,7 @@ export class CipherService implements CipherServiceAbstraction {
    this.addEditCipherInfo$ = this.addEditCipherInfoState.state$;
  }

-  async setDecryptedCipherCache(value: CipherView[]) {
-    const userId = await firstValueFrom(this.stateProvider.activeUserId$);
+  async setDecryptedCipherCache(value: CipherView[], userId: UserId) {
    // Sometimes we might prematurely decrypt the vault and that will result in no ciphers
    // if we cache it then we may accidentally return it when it's not right, we'd rather try decryption again.
    // We still want to set null though, that is the indicator that the cache isn't valid and we should do decryption.
@@ -367,9 +366,15 @@ export class CipherService implements CipherServiceAbstraction {
      return await this.getDecryptedCiphers();
    }

-    decCiphers = await this.decryptCiphers(await this.getAll());
+    const activeUserId = await firstValueFrom(this.stateProvider.activeUserId$);

-    await this.setDecryptedCipherCache(decCiphers);
+    if (activeUserId == null) {
+      return [];
+    }
+
+    decCiphers = await this.decryptCiphers(await this.getAll(), activeUserId);
+
+    await this.setDecryptedCipherCache(decCiphers, activeUserId);
    return decCiphers;
  }

@@ -377,10 +382,10 @@ export class CipherService implements CipherServiceAbstraction {
    return Object.values(await firstValueFrom(this.cipherViews$));
  }

-  private async decryptCiphers(ciphers: Cipher[]) {
-    const orgKeys = await this.cryptoService.getOrgKeys();
-    const userKey = await this.cryptoService.getUserKeyWithLegacySupport();
-    if (Object.keys(orgKeys).length === 0 && userKey == null) {
+  private async decryptCiphers(ciphers: Cipher[], userId: UserId) {
+    const keys = await firstValueFrom(this.cryptoService.cipherDecryptionKeys$(userId, true));
+
+    if (keys == null || (keys.userKey == null && Object.keys(keys.orgKeys).length === 0)) {
      // return early if there are no keys to decrypt with
      return;
    }
@@ -398,7 +403,10 @@ export class CipherService implements CipherServiceAbstraction {
    const decCiphers = (
      await Promise.all(
        Object.entries(grouped).map(([orgId, groupedCiphers]) =>
-          this.encryptService.decryptItems(groupedCiphers, orgKeys[orgId] ?? userKey),
+          this.encryptService.decryptItems(
+            groupedCiphers,
+            keys.orgKeys[orgId as OrganizationId] ?? keys.userKey,
+          ),
        ),
      )
    )