bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-06 00:13:28 +00:00
Code Issues Releases Wiki Activity

Remove legacy key support in vault code (#15348)

Browse Source
This commit is contained in:
Bernd Schoolmann
2025-08-04 17:15:26 +02:00
committed by GitHub
parent 6bd8638ad8
commit 2e9a47721e
7 changed files with 15 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libs/common/src/vault/models/domain/attachment.spec.ts
View File

@@ -110,7 +110,7 @@ describe("Attachment", () => {
await attachment.decrypt(null, "", providedKey);
expect(keyService.getUserKeyWithLegacySupport).not.toHaveBeenCalled();
expect(keyService.getUserKey).not.toHaveBeenCalled();
expect(encryptService.unwrapSymmetricKey).toHaveBeenCalledWith(attachment.key, providedKey);
});
@@ -126,11 +126,11 @@ describe("Attachment", () => {
it("gets the user's decryption key if required", async () => {
const userKey = mock<UserKey>();
keyService.getUserKeyWithLegacySupport.mockResolvedValue(userKey);
keyService.getUserKey.mockResolvedValue(userKey);
await attachment.decrypt(null, "", null);
expect(keyService.getUserKeyWithLegacySupport).toHaveBeenCalled();
expect(keyService.getUserKey).toHaveBeenCalled();
expect(encryptService.unwrapSymmetricKey).toHaveBeenCalledWith(attachment.key, userKey);
});
});

4
libs/common/src/vault/models/domain/attachment.ts
View File

@@ -80,9 +80,7 @@ export class Attachment extends Domain {
private async getKeyForDecryption(orgId: string) {
const keyService = Utils.getContainerService().getKeyService();
return orgId != null
? await keyService.getOrgKey(orgId)
: await keyService.getUserKeyWithLegacySupport();
return orgId != null ? await keyService.getOrgKey(orgId) : await keyService.getUserKey();
}
toAttachmentData(): AttachmentData {

12
libs/common/src/vault/services/cipher.service.ts
View File

@@ -170,7 +170,7 @@ export class CipherService implements CipherServiceAbstraction {
return combineLatest([
this.encryptedCiphersState(userId).state$,
this.localData$(userId),
this.keyService.cipherDecryptionKeys$(userId, true),
this.keyService.cipherDecryptionKeys$(userId),
]).pipe(
filter(([ciphers, _, keys]) => ciphers != null && keys != null), // Skip if ciphers haven't been loaded yor synced yet
switchMap(() => this.getAllDecrypted(userId)),
@@ -486,7 +486,7 @@ export class CipherService implements CipherServiceAbstraction {
return [decrypted, []];
}
const keys = await firstValueFrom(this.keyService.cipherDecryptionKeys$(userId, true));
const keys = await firstValueFrom(this.keyService.cipherDecryptionKeys$(userId));
if (keys == null || (keys.userKey == null && Object.keys(keys.orgKeys).length === 0)) {
// return early if there are no keys to decrypt with
return null;
@@ -1466,7 +1466,7 @@ export class CipherService implements CipherServiceAbstraction {
async getKeyForCipherKeyDecryption(cipher: Cipher, userId: UserId): Promise<UserKey | OrgKey> {
return (
(await this.keyService.getOrgKey(cipher.organizationId)) ||
((await this.keyService.getUserKeyWithLegacySupport(userId)) as UserKey)
((await this.keyService.getUserKey(userId)) as UserKey)
);
}
@@ -1598,7 +1598,7 @@ export class CipherService implements CipherServiceAbstraction {
// In the case of a cipher that is being shared with an organization, we want to decrypt the
// cipher key with the user's key and then re-encrypt it with the organization's key.
private async encryptSharedCipher(model: CipherView, userId: UserId): Promise<EncryptionContext> {
const keyForCipherKeyDecryption = await this.keyService.getUserKeyWithLegacySupport(userId);
const keyForCipherKeyDecryption = await this.keyService.getUserKey(userId);
return await this.encrypt(model, userId, null, keyForCipherKeyDecryption);
}
@@ -1673,12 +1673,12 @@ export class CipherService implements CipherServiceAbstraction {
const encBuf = await EncArrayBuffer.fromResponse(attachmentResponse);
const activeUserId = await firstValueFrom(this.accountService.activeAccount$);
const userKey = await this.keyService.getUserKeyWithLegacySupport(activeUserId.id);
const userKey = await this.keyService.getUserKey(activeUserId.id);
const decBuf = await this.encryptService.decryptFileData(encBuf, userKey);
let encKey: UserKey | OrgKey;
encKey = await this.keyService.getOrgKey(organizationId);
encKey ||= (await this.keyService.getUserKeyWithLegacySupport()) as UserKey;
encKey ||= (await this.keyService.getUserKey()) as UserKey;
const dataEncKey = await this.keyService.makeDataEncKey(encKey);