[PM-22611] Require userid for masterKey methods on the key service (#15663)

* Require userId on targeted methods.

* update method consumers

* unit tests

apps/cli/src/auth/commands/login.command.ts

@@ -428,7 +428,8 @@ export class LoginCommand {
       );
 
       const request = new PasswordRequest();
-      request.masterPasswordHash = await this.keyService.hashMasterKey(currentPassword, null);
+      const masterKey = await this.keyService.getOrDeriveMasterKey(currentPassword, userId);
+      request.masterPasswordHash = await this.keyService.hashMasterKey(currentPassword, masterKey);
       request.masterPasswordHint = hint;
       request.newMasterPasswordHash = newPasswordHash;
       request.key = newUserKey[1].encryptedString;

apps/web/src/app/auth/settings/account/change-email.component.spec.ts

@@ -89,7 +89,7 @@ describe("ChangeEmailComponent", () => {
       });
 
       keyService.getOrDeriveMasterKey
-        .calledWith("password", "UserId")
+        .calledWith("password", "UserId" as UserId)
         .mockResolvedValue("getOrDeriveMasterKey" as any);
       keyService.hashMasterKey
         .calledWith("password", "getOrDeriveMasterKey" as any)

apps/web/src/app/auth/settings/security/change-kdf/change-kdf-confirmation.component.ts

@@ -2,14 +2,13 @@
 // @ts-strict-ignore
 import { Component, Inject } from "@angular/core";
 import { FormGroup, FormControl, Validators } from "@angular/forms";
-import { firstValueFrom, map } from "rxjs";
+import { firstValueFrom } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { KdfRequest } from "@bitwarden/common/models/request/kdf.request";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
-import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { DIALOG_DATA, ToastService } from "@bitwarden/components";
 import { KdfConfig, KdfType, KeyService } from "@bitwarden/key-management";
 
@@ -31,7 +30,6 @@ export class ChangeKdfConfirmationComponent {
   constructor(
     private apiService: ApiService,
     private i18nService: I18nService,
-    private platformUtilsService: PlatformUtilsService,
     private keyService: KeyService,
     private messagingService: MessagingService,
     @Inject(DIALOG_DATA) params: { kdf: KdfType; kdfConfig: KdfConfig },
@@ -58,6 +56,10 @@ export class ChangeKdfConfirmationComponent {
   };
 
   private async makeKeyAndSaveAsync() {
+    const activeAccount = await firstValueFrom(this.accountService.activeAccount$);
+    if (activeAccount == null) {
+      throw new Error("No active account found.");
+    }
     const masterPassword = this.form.value.masterPassword;
 
     // Ensure the KDF config is valid.
@@ -70,13 +72,14 @@ export class ChangeKdfConfirmationComponent {
       request.kdfMemory = this.kdfConfig.memory;
       request.kdfParallelism = this.kdfConfig.parallelism;
     }
-    const masterKey = await this.keyService.getOrDeriveMasterKey(masterPassword);
+    const masterKey = await this.keyService.getOrDeriveMasterKey(masterPassword, activeAccount.id);
     request.masterPasswordHash = await this.keyService.hashMasterKey(masterPassword, masterKey);
-    const email = await firstValueFrom(
-      this.accountService.activeAccount$.pipe(map((a) => a?.email)),
-    );
 
-    const newMasterKey = await this.keyService.makeMasterKey(masterPassword, email, this.kdfConfig);
+    const newMasterKey = await this.keyService.makeMasterKey(
+      masterPassword,
+      activeAccount.email,
+      this.kdfConfig,
+    );
     request.newMasterPasswordHash = await this.keyService.hashMasterKey(
       masterPassword,
       newMasterKey,