Remove legacy key support in vault code (#15348)

2025-12-06 00:13:28 +00:00 · 2025-08-04 17:15:26 +02:00
parent 6bd8638ad8
commit 2e9a47721e
7 changed files with 15 additions and 17 deletions
--- a/apps/cli/src/vault/create.command.ts
+++ b/apps/cli/src/vault/create.command.ts
@@ -180,7 +180,7 @@ export class CreateCommand {

  private async createFolder(req: FolderExport) {
    const activeUserId = await firstValueFrom(this.accountService.activeAccount$.pipe(getUserId));
-    const userKey = await this.keyService.getUserKeyWithLegacySupport(activeUserId);
+    const userKey = await this.keyService.getUserKey(activeUserId);
    const folder = await this.folderService.encrypt(FolderExport.toView(req), userKey);
    try {
      await this.folderApiService.save(folder, activeUserId);
--- a/libs/angular/src/vault/components/folder-add-edit.component.ts
+++ b/libs/angular/src/vault/components/folder-add-edit.component.ts
@@ -63,7 +63,7 @@ export class FolderAddEditComponent implements OnInit {

    try {
      const activeUserId = await firstValueFrom(this.activeUserId$);
-      const userKey = await this.keyService.getUserKeyWithLegacySupport(activeUserId);
+      const userKey = await this.keyService.getUserKey(activeUserId);
      const folder = await this.folderService.encrypt(this.folder, userKey);
      this.formPromise = this.folderApiService.save(folder, activeUserId);
      await this.formPromise;
--- a/libs/common/src/vault/models/domain/attachment.spec.ts
+++ b/libs/common/src/vault/models/domain/attachment.spec.ts
@@ -110,7 +110,7 @@ describe("Attachment", () => {

        await attachment.decrypt(null, "", providedKey);

-        expect(keyService.getUserKeyWithLegacySupport).not.toHaveBeenCalled();
+        expect(keyService.getUserKey).not.toHaveBeenCalled();
        expect(encryptService.unwrapSymmetricKey).toHaveBeenCalledWith(attachment.key, providedKey);
      });

@@ -126,11 +126,11 @@ describe("Attachment", () => {

      it("gets the user's decryption key if required", async () => {
        const userKey = mock<UserKey>();
-        keyService.getUserKeyWithLegacySupport.mockResolvedValue(userKey);
+        keyService.getUserKey.mockResolvedValue(userKey);

        await attachment.decrypt(null, "", null);

-        expect(keyService.getUserKeyWithLegacySupport).toHaveBeenCalled();
+        expect(keyService.getUserKey).toHaveBeenCalled();
        expect(encryptService.unwrapSymmetricKey).toHaveBeenCalledWith(attachment.key, userKey);
      });
    });
--- a/libs/common/src/vault/models/domain/attachment.ts
+++ b/libs/common/src/vault/models/domain/attachment.ts
@@ -80,9 +80,7 @@ export class Attachment extends Domain {

  private async getKeyForDecryption(orgId: string) {
    const keyService = Utils.getContainerService().getKeyService();
-    return orgId != null
-      ? await keyService.getOrgKey(orgId)
-      : await keyService.getUserKeyWithLegacySupport();
+    return orgId != null ? await keyService.getOrgKey(orgId) : await keyService.getUserKey();
  }

  toAttachmentData(): AttachmentData {
--- a/libs/common/src/vault/services/cipher.service.ts
+++ b/libs/common/src/vault/services/cipher.service.ts
@@ -170,7 +170,7 @@ export class CipherService implements CipherServiceAbstraction {
    return combineLatest([
      this.encryptedCiphersState(userId).state$,
      this.localData$(userId),
-      this.keyService.cipherDecryptionKeys$(userId, true),
+      this.keyService.cipherDecryptionKeys$(userId),
    ]).pipe(
      filter(([ciphers, _, keys]) => ciphers != null && keys != null), // Skip if ciphers haven't been loaded yor synced yet
      switchMap(() => this.getAllDecrypted(userId)),
@@ -486,7 +486,7 @@ export class CipherService implements CipherServiceAbstraction {
      return [decrypted, []];
    }

-    const keys = await firstValueFrom(this.keyService.cipherDecryptionKeys$(userId, true));
+    const keys = await firstValueFrom(this.keyService.cipherDecryptionKeys$(userId));
    if (keys == null || (keys.userKey == null && Object.keys(keys.orgKeys).length === 0)) {
      // return early if there are no keys to decrypt with
      return null;
@@ -1466,7 +1466,7 @@ export class CipherService implements CipherServiceAbstraction {
  async getKeyForCipherKeyDecryption(cipher: Cipher, userId: UserId): Promise<UserKey | OrgKey> {
    return (
      (await this.keyService.getOrgKey(cipher.organizationId)) ||
-      ((await this.keyService.getUserKeyWithLegacySupport(userId)) as UserKey)
+      ((await this.keyService.getUserKey(userId)) as UserKey)
    );
  }

@@ -1598,7 +1598,7 @@ export class CipherService implements CipherServiceAbstraction {
  // In the case of a cipher that is being shared with an organization, we want to decrypt the
  // cipher key with the user's key and then re-encrypt it with the organization's key.
  private async encryptSharedCipher(model: CipherView, userId: UserId): Promise<EncryptionContext> {
-    const keyForCipherKeyDecryption = await this.keyService.getUserKeyWithLegacySupport(userId);
+    const keyForCipherKeyDecryption = await this.keyService.getUserKey(userId);
    return await this.encrypt(model, userId, null, keyForCipherKeyDecryption);
  }

@@ -1673,12 +1673,12 @@ export class CipherService implements CipherServiceAbstraction {

    const encBuf = await EncArrayBuffer.fromResponse(attachmentResponse);
    const activeUserId = await firstValueFrom(this.accountService.activeAccount$);
-    const userKey = await this.keyService.getUserKeyWithLegacySupport(activeUserId.id);
+    const userKey = await this.keyService.getUserKey(activeUserId.id);
    const decBuf = await this.encryptService.decryptFileData(encBuf, userKey);

    let encKey: UserKey | OrgKey;
    encKey = await this.keyService.getOrgKey(organizationId);
-    encKey ||= (await this.keyService.getUserKeyWithLegacySupport()) as UserKey;
+    encKey ||= (await this.keyService.getUserKey()) as UserKey;

    const dataEncKey = await this.keyService.makeDataEncKey(encKey);

--- a/libs/vault/src/components/add-edit-folder-dialog/add-edit-folder-dialog.component.spec.ts
+++ b/libs/vault/src/components/add-edit-folder-dialog/add-edit-folder-dialog.component.spec.ts
@@ -29,7 +29,7 @@ describe("AddEditFolderDialogComponent", () => {
  const save = jest.fn().mockResolvedValue(null);
  const deleteFolder = jest.fn().mockResolvedValue(null);
  const openSimpleDialog = jest.fn().mockResolvedValue(true);
-  const getUserKeyWithLegacySupport = jest.fn().mockResolvedValue("");
+  const getUserKey = jest.fn().mockResolvedValue("");
  const error = jest.fn();
  const close = jest.fn();
  const showToast = jest.fn();
@@ -66,7 +66,7 @@ describe("AddEditFolderDialogComponent", () => {
        {
          provide: KeyService,
          useValue: {
-            getUserKeyWithLegacySupport,
+            getUserKey,
          },
        },
        { provide: LogService, useValue: { error } },
--- a/libs/vault/src/components/add-edit-folder-dialog/add-edit-folder-dialog.component.ts
+++ b/libs/vault/src/components/add-edit-folder-dialog/add-edit-folder-dialog.component.ts
@@ -121,7 +121,7 @@ export class AddEditFolderDialogComponent implements AfterViewInit, OnInit {

    try {
      const activeUserId = await firstValueFrom(this.activeUserId$);
-      const userKey = await this.keyService.getUserKeyWithLegacySupport(activeUserId!);
+      const userKey = await this.keyService.getUserKey(activeUserId!);
      const folder = await this.folderService.encrypt(this.folder, userKey);
      await this.folderApiService.save(folder, activeUserId!);