bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-16 08:13:42 +00:00
Code Issues Releases Wiki Activity

[PM-4370] Implement PRF key rotation (#9517)

Browse Source 
* Add prf key rotation

* Fix tests

* Re-add comment

* Remove encrypted private key from webauthnlogincredentialresponse

* Refactor to use rotateablekeyset

* Move key rotation logic to webauthn-login-admin service

* Fix type error

* Add parameter validation

* Add documentation

* Add input validation

* Add tests
This commit is contained in:
Bernd Schoolmann
2024-06-17 20:47:06 +02:00
committed by GitHub
parent 06410a0633
commit 1970abf723
10 changed files with 219 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
apps/web/src/app/auth/key-rotation/user-key-rotation.service.ts
View File

@@ -18,6 +18,7 @@ import { CipherWithIdRequest } from "@bitwarden/common/vault/models/request/ciph
import { FolderWithIdRequest } from "@bitwarden/common/vault/models/request/folder-with-id.request";
import { OrganizationUserResetPasswordService } from "../../admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service";
import { WebauthnLoginAdminService } from "../core";
import { EmergencyAccessService } from "../emergency-access";
import { UpdateKeyRequest } from "./request/update-key.request";
@@ -40,6 +41,7 @@ export class UserKeyRotationService {
private accountService: AccountService,
private kdfConfigService: KdfConfigService,
private syncService: SyncService,
private webauthnLoginAdminService: WebauthnLoginAdminService,
) {}
/**
@@ -70,6 +72,7 @@ export class UserKeyRotationService {
// Set master key again in case it was lost (could be lost on refresh)
const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
const oldUserKey = await firstValueFrom(this.cryptoService.userKey$(userId));
await this.masterPasswordService.setMasterKey(masterKey, userId);
const [newUserKey, newEncUserKey] = await this.cryptoService.makeUserKey(masterKey);
@@ -94,6 +97,10 @@ export class UserKeyRotationService {
request.sends = await this.sendService.getRotatedKeys(newUserKey);
request.emergencyAccessKeys = await this.emergencyAccessService.getRotatedKeys(newUserKey);
request.resetPasswordKeys = await this.resetPasswordService.getRotatedKeys(newUserKey);
request.webauthnKeys = await this.webauthnLoginAdminService.rotateWebAuthnKeys(
oldUserKey,
newUserKey,
);
await this.apiService.postUserKeyUpdate(request);