Add state for everHadUserKey (#7208)

* Migrate ever had user key * Add DI for state providers * Add state for everHadUserKey * Use ever had user key migrator Co-authored-by: SmithThe4th <gsmithwalter@gmail.com> Co-authored-by: Carlos Gonçalves <LRNcardozoWDF@users.noreply.github.com> Co-authored-by: Jason Ng <Jcory.ng@gmail.com> * Fix test from merge * Prefer stored observables to getters getters create a new observable every time they're called, whereas one set in the constructor is created only once. * Fix another merge issue * Fix cli background build --------- Co-authored-by: SmithThe4th <gsmithwalter@gmail.com> Co-authored-by: Carlos Gonçalves <LRNcardozoWDF@users.noreply.github.com> Co-authored-by: Jason Ng <Jcory.ng@gmail.com>
2025-12-12 22:33:35 +00:00 · 2024-01-10 11:51:45 -05:00
parent 211d7a2626
commit 46a3834f46
21 changed files with 404 additions and 100 deletions
--- a/libs/angular/src/auth/guards/lock.guard.ts
+++ b/libs/angular/src/auth/guards/lock.guard.ts
@@ -5,6 +5,7 @@ import {
  Router,
  RouterStateSnapshot,
 } from "@angular/router";
+import { firstValueFrom } from "rxjs";

 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
@@ -19,6 +20,8 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 * Only allow access to this route if the vault is locked.
 * If TDE is enabled then the user must also have had a user key at some point.
 * Otherwise redirect to root.
+ *
+ * TODO: This should return Observable<boolean | UrlTree> once we can remove all the promises
 */
 export function lockGuard(): CanActivateFn {
  return async (
@@ -64,7 +67,7 @@ export function lockGuard(): CanActivateFn {

    // If authN user with TDE directly navigates to lock, kick them upwards so redirect guard can
    // properly route them to the login decryption options component.
-    const everHadUserKey = await cryptoService.getEverHadUserKey();
+    const everHadUserKey = await firstValueFrom(cryptoService.everHadUserKey$);
    if (tdeEnabled && !everHadUserKey) {
      return router.createUrlTree(["/"]);
    }
--- a/libs/angular/src/auth/guards/redirect.guard.ts
+++ b/libs/angular/src/auth/guards/redirect.guard.ts
@@ -1,5 +1,6 @@
 import { inject } from "@angular/core";
 import { CanActivateFn, Router } from "@angular/router";
+import { firstValueFrom } from "rxjs";

 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
@@ -22,6 +23,8 @@ const defaultRoutes: RedirectRoutes = {

 /**
 * Guard that consolidates all redirection logic, should be applied to root route.
+ *
+ * TODO: This should return Observable<boolean | UrlTree> once we can get rid of all the promises
 */
 export function redirectGuard(overrides: Partial<RedirectRoutes> = {}): CanActivateFn {
  const routes = { ...defaultRoutes, ...overrides };
@@ -44,7 +47,7 @@ export function redirectGuard(overrides: Partial<RedirectRoutes> = {}): CanActiv
    // If locked, TDE is enabled, and the user hasn't decrypted yet, then redirect to the
    // login decryption options component.
    const tdeEnabled = await deviceTrustCryptoService.supportsDeviceTrust();
-    const everHadUserKey = await cryptoService.getEverHadUserKey();
+    const everHadUserKey = await firstValueFrom(cryptoService.everHadUserKey$);
    if (authStatus === AuthenticationStatus.Locked && tdeEnabled && !everHadUserKey) {
      return router.createUrlTree([routes.notDecrypted], { queryParams: route.queryParams });
    }
--- a/libs/angular/src/auth/guards/tde-decryption-required.guard.ts
+++ b/libs/angular/src/auth/guards/tde-decryption-required.guard.ts
@@ -5,6 +5,7 @@ import {
  RouterStateSnapshot,
  CanActivateFn,
 } from "@angular/router";
+import { firstValueFrom } from "rxjs";

 import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
 import { DeviceTrustCryptoServiceAbstraction } from "@bitwarden/common/auth/abstractions/device-trust-crypto.service.abstraction";
@@ -14,6 +15,8 @@ import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.se
 /**
 * Only allow access to this route if the vault is locked and has never been decrypted.
 * Otherwise redirect to root.
+ *
+ * TODO: This should return Observable<boolean | UrlTree> once we can get rid of all the promises
 */
 export function tdeDecryptionRequiredGuard(): CanActivateFn {
  return async (_: ActivatedRouteSnapshot, state: RouterStateSnapshot) => {
@@ -24,7 +27,7 @@ export function tdeDecryptionRequiredGuard(): CanActivateFn {

    const authStatus = await authService.getAuthStatus();
    const tdeEnabled = await deviceTrustCryptoService.supportsDeviceTrust();
-    const everHadUserKey = await cryptoService.getEverHadUserKey();
+    const everHadUserKey = await firstValueFrom(cryptoService.everHadUserKey$);
    if (authStatus !== AuthenticationStatus.Locked || !tdeEnabled || everHadUserKey) {
      return router.createUrlTree(["/"]);
    }
--- a/libs/angular/src/services/jslib-services.module.ts
+++ b/libs/angular/src/services/jslib-services.module.ts
@@ -396,8 +396,8 @@ import { ModalService } from "./modal.service";
        PlatformUtilsServiceAbstraction,
        LogService,
        StateServiceAbstraction,
-        AppIdServiceAbstraction,
-        DevicesApiServiceAbstraction,
+        AccountServiceAbstraction,
+        StateProvider,
      ],
    },
    {