[PM-20225] Prevent legacy users without userkey from logging in (#14267)

* Prevent legacy users without userkey from logging in * Remove further web-migration code for legacy users * Add i18n for legacy user error message * Update comment * Remove migrate legacy component * Remove i18n messages * Remove migrate legacy encryption reference
2025-12-17 00:33:44 +00:00 · 2025-06-02 23:56:29 +02:00
parent 26caeb3083
commit 23ec6bacc9
19 changed files with 27 additions and 265 deletions
--- a/apps/cli/src/auth/commands/login.command.ts
+++ b/apps/cli/src/auth/commands/login.command.ts
@@ -34,6 +34,7 @@ import { CryptoFunctionService } from "@bitwarden/common/key-management/crypto/a
 import { KeyConnectorService } from "@bitwarden/common/key-management/key-connector/abstractions/key-connector.service";
 import { MasterPasswordServiceAbstraction } from "@bitwarden/common/key-management/master-password/abstractions/master-password.service.abstraction";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
@@ -77,6 +78,7 @@ export class LoginCommand {
    protected logoutCallback: () => Promise<void>,
    protected kdfConfigService: KdfConfigService,
    protected ssoUrlService: SsoUrlService,
+    protected i18nService: I18nService,
    protected masterPasswordService: MasterPasswordServiceAbstraction,
  ) {}

@@ -227,9 +229,7 @@ export class LoginCommand {
        );
      }
      if (response.requiresEncryptionKeyMigration) {
-        return Response.error(
-          "Encryption key migration required. Please login through the web vault to update your encryption key.",
-        );
+        return Response.error(this.i18nService.t("legacyEncryptionUnsupported"));
      }
      if (response.requiresTwoFactor) {
        const twoFactorProviders = await this.twoFactorService.getSupportedProviders(null);
--- a/apps/cli/src/locales/en/messages.json
+++ b/apps/cli/src/locales/en/messages.json
@@ -185,6 +185,9 @@
      }
    }
  },
+  "legacyEncryptionUnsupported": {
+    "message": "Legacy encryption is no longer supported. Please contact support to recover your account."
+  },
  "organizationUsingKeyConnectorOptInLoggedOut": {
    "message": "An organization you are a member of is using Key Connector. In order to access the vault, you must opt-in to Key Connector now via the web vault. You have been logged out."
  },
--- a/apps/cli/src/program.ts
+++ b/apps/cli/src/program.ts
@@ -175,6 +175,7 @@ export class Program extends BaseProgram {
            async () => await this.serviceContainer.logout(),
            this.serviceContainer.kdfConfigService,
            this.serviceContainer.ssoUrlService,
+            this.serviceContainer.i18nService,
            this.serviceContainer.masterPasswordService,
          );
          const response = await command.run(email, password, options);