rename to newMasterKey

2026-02-09 13:10:17 +00:00 · 2025-04-01 09:28:35 -07:00
parent 6e70d0f817
commit 38e1988f3e
11 changed files with 34 additions and 26 deletions
--- a/apps/web/src/app/auth/core/services/registration/web-registration-finish.service.spec.ts
+++ b/apps/web/src/app/auth/core/services/registration/web-registration-finish.service.spec.ts
@@ -186,7 +186,7 @@ describe("WebRegistrationFinishService", () => {
      emailVerificationToken = "emailVerificationToken";
      masterKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as MasterKey;
      passwordInputResult = {
-        masterKey: masterKey,
+        newMasterKey: masterKey,
        serverMasterKeyHash: "serverMasterKeyHash",
        localMasterKeyHash: "localMasterKeyHash",
        kdfConfig: DEFAULT_KDF_CONFIG,
--- a/apps/web/src/app/auth/settings/security/password-settings/password-settings.component.ts
+++ b/apps/web/src/app/auth/settings/security/password-settings/password-settings.component.ts
@@ -24,6 +24,7 @@ export class PasswordSettingsComponent implements OnInit {
  ) {}

  async ngOnInit() {
+    // TODO-rr-bw: test that no MP = get routed to settings/security/two-factor
    const userHasMasterPassword = await firstValueFrom(
      this.userDecryptionOptionsService.hasMasterPassword$,
    );
--- a/libs/auth/src/angular/change-existing-password/change-existing-password.component.ts
+++ b/libs/auth/src/angular/change-existing-password/change-existing-password.component.ts
@@ -61,7 +61,7 @@ export class ChangeExistingPasswordComponent implements OnInit {
      this.accountService.activeAccount$.pipe(map((a) => a?.email)),
    );

-    const userId = await firstValueFrom(this.accountService.activeAccount$.pipe(map((a) => a?.id)));
+    const userId = await firstValueFrom(getUserId(this.accountService.activeAccount$));

    this.masterPasswordPolicyOptions = await firstValueFrom(
      this.policyService.masterPasswordPolicyOptions$(userId),
@@ -77,23 +77,21 @@ export class ChangeExistingPasswordComponent implements OnInit {
  }

  async submitNew(passwordInputResult: PasswordInputResult) {
+    const { currentPassword, newPassword, hint, rotateUserKey } = passwordInputResult;
+
    try {
-      if (passwordInputResult.rotateUserKey) {
+      if (rotateUserKey) {
        await this.syncService.fullSync(true);
        const user = await firstValueFrom(this.accountService.activeAccount$);

        await this.changePasswordService.rotateUserKeyMasterPasswordAndEncryptedData(
-          passwordInputResult.currentPassword,
-          passwordInputResult.newPassword,
+          currentPassword,
+          newPassword,
          user,
-          passwordInputResult.hint,
+          hint,
        );
      } else {
-        await this.updatePassword(
-          passwordInputResult.currentPassword,
-          passwordInputResult.newPassword,
-          passwordInputResult.hint,
-        );
+        await this.updatePassword(currentPassword, newPassword, hint);
      }
    } catch (e) {
      this.toastService.showToast({
@@ -118,7 +116,7 @@ export class ChangeExistingPasswordComponent implements OnInit {
    const userId = await firstValueFrom(getUserId(this.accountService.activeAccount$));
    const newLocalKeyHash = await this.keyService.hashMasterKey(
      passwordInputResult.newPassword,
-      passwordInputResult.masterKey,
+      passwordInputResult.newMasterKey,
      HashPurpose.LocalAuthorization,
    );

@@ -147,7 +145,7 @@ export class ChangeExistingPasswordComponent implements OnInit {
          // we need to save this for local masterkey verification during rotation
          await this.masterPasswordService.setMasterKeyHash(newLocalKeyHash, userId as UserId);
          await this.masterPasswordService.setMasterKey(
-            passwordInputResult.masterKey,
+            passwordInputResult.newMasterKey,
            userId as UserId,
          );
          return this.updateKey(passwordInputResult.newPassword);
--- a/libs/auth/src/angular/input-password/input-password.component.html
+++ b/libs/auth/src/angular/input-password/input-password.component.html
@@ -90,7 +90,12 @@
  <bit-form-control
    *ngIf="inputPasswordFlow === InputPasswordFlow.ChangePasswordWithOptionalUserKeyRotation"
  >
-    <input type="checkbox" bitCheckbox formControlName="rotateUserKey" />
+    <input
+      type="checkbox"
+      bitCheckbox
+      formControlName="rotateUserKey"
+      (change)="rotateUserKeyClicked()"
+    />
    <bit-label>
      {{ "rotateAccountEncKey" | i18n }}
      <a
--- a/libs/auth/src/angular/input-password/input-password.component.ts
+++ b/libs/auth/src/angular/input-password/input-password.component.ts
@@ -259,17 +259,21 @@ export class InputPasswordComponent implements OnInit {

    const kdfConfig = (await this.kdfConfigService.getKdfConfig()) || DEFAULT_KDF_CONFIG; // TODO-rr-bw: confirm this

-    const masterKey = await this.keyService.makeMasterKey(
+    const newMasterKey = await this.keyService.makeMasterKey(
      this.newPassword,
      this.email.trim().toLowerCase(),
      kdfConfig,
    );

-    const masterKeyHash = await this.keyService.hashMasterKey(this.newPassword, masterKey);
+    const serverMasterKeyHash = await this.keyService.hashMasterKey(
+      this.newPassword,
+      newMasterKey,
+      HashPurpose.ServerAuthorization,
+    );

    const localMasterKeyHash = await this.keyService.hashMasterKey(
      this.newPassword,
-      masterKey,
+      newMasterKey,
      HashPurpose.LocalAuthorization,
    );

@@ -278,7 +282,7 @@ export class InputPasswordComponent implements OnInit {
      newPassword: this.newPassword,
      hint: this.hint,
      kdfConfig,
-      masterKey,
+      newMasterKey,
      serverMasterKeyHash,
      localMasterKeyHash,
    };
--- a/libs/auth/src/angular/input-password/password-input-result.ts
+++ b/libs/auth/src/angular/input-password/password-input-result.ts
@@ -5,7 +5,7 @@ export interface PasswordInputResult {
  newPassword: string;
  hint: string;
  kdfConfig: KdfConfig;
-  masterKey: MasterKey;
+  newMasterKey: MasterKey;
  serverMasterKeyHash: string;
  localMasterKeyHash: string;
  currentPassword?: string;
--- a/libs/auth/src/angular/registration/registration-finish/default-registration-finish.service.spec.ts
+++ b/libs/auth/src/angular/registration/registration-finish/default-registration-finish.service.spec.ts
@@ -59,7 +59,7 @@ describe("DefaultRegistrationFinishService", () => {
      emailVerificationToken = "emailVerificationToken";
      masterKey = new SymmetricCryptoKey(new Uint8Array(64).buffer as CsprngArray) as MasterKey;
      passwordInputResult = {
-        masterKey: masterKey,
+        newMasterKey: masterKey,
        serverMasterKeyHash: "serverMasterKeyHash",
        localMasterKeyHash: "localMasterKeyHash",
        kdfConfig: DEFAULT_KDF_CONFIG,
--- a/libs/auth/src/angular/registration/registration-finish/default-registration-finish.service.ts
+++ b/libs/auth/src/angular/registration/registration-finish/default-registration-finish.service.ts
@@ -36,7 +36,7 @@ export class DefaultRegistrationFinishService implements RegistrationFinishServi
    providerUserId?: string,
  ): Promise<string> {
    const [newUserKey, newEncUserKey] = await this.keyService.makeUserKey(
-      passwordInputResult.masterKey,
+      passwordInputResult.newMasterKey,
    );

    if (!newUserKey || !newEncUserKey) {
--- a/libs/auth/src/angular/set-password-jit/default-set-password-jit.service.spec.ts
+++ b/libs/auth/src/angular/set-password-jit/default-set-password-jit.service.spec.ts
@@ -111,7 +111,7 @@ describe("DefaultSetPasswordJitService", () => {
      userId = "userId" as UserId;

      passwordInputResult = {
-        masterKey: masterKey,
+        newMasterKey: masterKey,
        serverMasterKeyHash: "serverMasterKeyHash",
        localMasterKeyHash: "localMasterKeyHash",
        hint: "hint",
--- a/libs/auth/src/angular/set-password-jit/default-set-password-jit.service.ts
+++ b/libs/auth/src/angular/set-password-jit/default-set-password-jit.service.ts
@@ -43,7 +43,7 @@ export class DefaultSetPasswordJitService implements SetPasswordJitService {

  async setPassword(credentials: SetPasswordCredentials): Promise<void> {
    const {
-      masterKey,
+      newMasterKey,
      serverMasterKeyHash,
      localMasterKeyHash,
      hint,
@@ -60,7 +60,7 @@ export class DefaultSetPasswordJitService implements SetPasswordJitService {
      }
    }

-    const protectedUserKey = await this.makeProtectedUserKey(masterKey, userId);
+    const protectedUserKey = await this.makeProtectedUserKey(newMasterKey, userId);
    if (protectedUserKey == null) {
      throw new Error("protectedUserKey not found. Could not set password.");
    }
@@ -85,7 +85,7 @@ export class DefaultSetPasswordJitService implements SetPasswordJitService {
    await this.masterPasswordService.setForceSetPasswordReason(ForceSetPasswordReason.None, userId);

    // User now has a password so update account decryption options in state
-    await this.updateAccountDecryptionProperties(masterKey, kdfConfig, protectedUserKey, userId);
+    await this.updateAccountDecryptionProperties(newMasterKey, kdfConfig, protectedUserKey, userId);

    await this.keyService.setPrivateKey(keyPair[1].encryptedString, userId);

--- a/libs/auth/src/angular/set-password-jit/set-password-jit.service.abstraction.ts
+++ b/libs/auth/src/angular/set-password-jit/set-password-jit.service.abstraction.ts
@@ -5,7 +5,7 @@ import { MasterKey } from "@bitwarden/common/types/key";
 import { KdfConfig } from "@bitwarden/key-management";

 export interface SetPasswordCredentials {
-  masterKey: MasterKey;
+  newMasterKey: MasterKey;
  serverMasterKeyHash: string;
  localMasterKeyHash: string;
  kdfConfig: KdfConfig;