[PM-22611] Require userid for masterKey methods on the key service (#15663)

* Require userId on targeted methods. * update method consumers * unit tests
2025-12-15 15:53:27 +00:00 · 2025-07-25 09:37:04 -05:00
parent b358d5663d
commit 2db31d1228
6 changed files with 233 additions and 88 deletions
--- a/apps/web/src/app/auth/settings/account/change-email.component.spec.ts
+++ b/apps/web/src/app/auth/settings/account/change-email.component.spec.ts
@@ -89,7 +89,7 @@ describe("ChangeEmailComponent", () => {
      });

      keyService.getOrDeriveMasterKey
-        .calledWith("password", "UserId")
+        .calledWith("password", "UserId" as UserId)
        .mockResolvedValue("getOrDeriveMasterKey" as any);
      keyService.hashMasterKey
        .calledWith("password", "getOrDeriveMasterKey" as any)
--- a/apps/web/src/app/auth/settings/security/change-kdf/change-kdf-confirmation.component.ts
+++ b/apps/web/src/app/auth/settings/security/change-kdf/change-kdf-confirmation.component.ts
@@ -2,14 +2,13 @@
 // @ts-strict-ignore
 import { Component, Inject } from "@angular/core";
 import { FormGroup, FormControl, Validators } from "@angular/forms";
-import { firstValueFrom, map } from "rxjs";
+import { firstValueFrom } from "rxjs";

 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { KdfRequest } from "@bitwarden/common/models/request/kdf.request";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
-import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { DIALOG_DATA, ToastService } from "@bitwarden/components";
 import { KdfConfig, KdfType, KeyService } from "@bitwarden/key-management";

@@ -31,7 +30,6 @@ export class ChangeKdfConfirmationComponent {
  constructor(
    private apiService: ApiService,
    private i18nService: I18nService,
-    private platformUtilsService: PlatformUtilsService,
    private keyService: KeyService,
    private messagingService: MessagingService,
    @Inject(DIALOG_DATA) params: { kdf: KdfType; kdfConfig: KdfConfig },
@@ -58,6 +56,10 @@ export class ChangeKdfConfirmationComponent {
  };

  private async makeKeyAndSaveAsync() {
+    const activeAccount = await firstValueFrom(this.accountService.activeAccount$);
+    if (activeAccount == null) {
+      throw new Error("No active account found.");
+    }
    const masterPassword = this.form.value.masterPassword;

    // Ensure the KDF config is valid.
@@ -70,13 +72,14 @@ export class ChangeKdfConfirmationComponent {
      request.kdfMemory = this.kdfConfig.memory;
      request.kdfParallelism = this.kdfConfig.parallelism;
    }
-    const masterKey = await this.keyService.getOrDeriveMasterKey(masterPassword);
+    const masterKey = await this.keyService.getOrDeriveMasterKey(masterPassword, activeAccount.id);
    request.masterPasswordHash = await this.keyService.hashMasterKey(masterPassword, masterKey);
-    const email = await firstValueFrom(
-      this.accountService.activeAccount$.pipe(map((a) => a?.email)),
-    );

-    const newMasterKey = await this.keyService.makeMasterKey(masterPassword, email, this.kdfConfig);
+    const newMasterKey = await this.keyService.makeMasterKey(
+      masterPassword,
+      activeAccount.email,
+      this.kdfConfig,
+    );
    request.newMasterPasswordHash = await this.keyService.hashMasterKey(
      masterPassword,
      newMasterKey,