[PM-3475] Remove deprecated keys (#13266)

* Remove deprecated keys * Fix cli build * Fix build
2025-12-16 00:03:56 +00:00 · 2025-03-31 16:58:02 +02:00
parent 0311681803
commit 22039d038d
14 changed files with 32 additions and 427 deletions
--- a/libs/key-management/src/abstractions/key.service.ts
+++ b/libs/key-management/src/abstractions/key.service.ts
@@ -390,14 +390,6 @@ export abstract class KeyService {
    publicKey: string;
    privateKey: EncString;
  }>;
-  /**
-   * Previously, the master key was used for any additional key like the biometrics or pin key.
-   * We have switched to using the user key for these purposes. This method is for clearing the state
-   * of the older keys on logout or post migration.
-   * @param keySuffix The desired type of key to clear
-   * @param userId The desired user
-   */
-  abstract clearDeprecatedKeys(keySuffix: KeySuffixOptions, userId?: string): Promise<void>;

  /**
   * Retrieves all the keys needed for decrypting Ciphers
--- a/libs/key-management/src/key.service.spec.ts
+++ b/libs/key-management/src/key.service.spec.ts
@@ -252,14 +252,6 @@ describe("keyService", () => {
          userId: mockUserId,
        });
      });
-
-      it("clears the old deprecated Auto key whenever a User Key is set", async () => {
-        await keyService.setUserKey(mockUserKey, mockUserId);
-
-        expect(stateService.setCryptoMasterKeyAuto).toHaveBeenCalledWith(null, {
-          userId: mockUserId,
-        });
-      });
    });

    it("throws if key is null", async () => {
--- a/libs/key-management/src/key.service.ts
+++ b/libs/key-management/src/key.service.ts
@@ -254,16 +254,10 @@ export class DefaultKeyService implements KeyServiceAbstraction {
      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
      // eslint-disable-next-line @typescript-eslint/no-floating-promises
      this.stateService.setUserKeyAutoUnlock(null, { userId: userId });
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-      // eslint-disable-next-line @typescript-eslint/no-floating-promises
-      this.clearDeprecatedKeys(KeySuffixOptions.Auto, userId);
    }
    if (keySuffix === KeySuffixOptions.Pin && userId != null) {
      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
      this.pinService.clearPinKeyEncryptedUserKeyEphemeral(userId);
-      // FIXME: Verify that this floating promise is intentional. If it is, add an explanatory comment and ensure there is proper error handling.
-      // eslint-disable-next-line @typescript-eslint/no-floating-promises
-      this.clearDeprecatedKeys(KeySuffixOptions.Pin, userId);
    }
  }

@@ -565,7 +559,6 @@ export class DefaultKeyService implements KeyServiceAbstraction {
    await this.pinService.clearPinKeyEncryptedUserKeyPersistent(userId);
    await this.pinService.clearPinKeyEncryptedUserKeyEphemeral(userId);
    await this.pinService.clearUserKeyEncryptedPin(userId);
-    await this.clearDeprecatedKeys(KeySuffixOptions.Pin, userId);
  }

  async makeSendKey(keyMaterial: CsprngArray): Promise<SymmetricCryptoKey> {
@@ -726,7 +719,6 @@ export class DefaultKeyService implements KeyServiceAbstraction {
    } else {
      await this.stateService.setUserKeyAutoUnlock(null, { userId: userId });
    }
-    await this.clearDeprecatedKeys(KeySuffixOptions.Auto, userId);

    const storePin = await this.shouldStoreKey(KeySuffixOptions.Pin, userId);
    if (storePin) {
@@ -749,9 +741,6 @@ export class DefaultKeyService implements KeyServiceAbstraction {
        noPreExistingPersistentKey,
        userId,
      );
-      // We can't always clear deprecated keys because the pin is only
-      // migrated once used to unlock
-      await this.clearDeprecatedKeys(KeySuffixOptions.Pin, userId);
    } else {
      await this.pinService.clearPinKeyEncryptedUserKeyPersistent(userId);
      await this.pinService.clearPinKeyEncryptedUserKeyEphemeral(userId);
@@ -835,19 +824,6 @@ export class DefaultKeyService implements KeyServiceAbstraction {
    return [new SymmetricCryptoKey(newSymKey) as T, protectedSymKey];
  }

-  // --LEGACY METHODS--
-  // We previously used the master key for additional keys, but now we use the user key.
-  // These methods support migrating the old keys to the new ones.
-  // TODO: Remove after 2023.10 release (https://bitwarden.atlassian.net/browse/PM-3475)
-
-  async clearDeprecatedKeys(keySuffix: KeySuffixOptions, userId?: UserId) {
-    if (keySuffix === KeySuffixOptions.Auto) {
-      await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId });
-    } else if (keySuffix === KeySuffixOptions.Pin && userId != null) {
-      await this.pinService.clearOldPinKeyEncryptedMasterKey(userId);
-    }
-  }
-
  userKey$(userId: UserId): Observable<UserKey | null> {
    return this.stateProvider.getUser(userId, USER_KEY).state$;
  }