[PM-6727] Part 1: pass userId in login strategies (#9030)

* add validation to initAccount * pass userId to setMasterKey * fix key connector tests
2025-12-22 19:23:52 +00:00 · 2024-05-03 11:54:29 -04:00
parent debfe914c2
commit 69ed6ce1f5
16 changed files with 101 additions and 65 deletions
--- a/libs/auth/src/common/login-strategies/password-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/password-login.strategy.ts
@@ -147,6 +147,10 @@ export class PasswordLoginStrategy extends LoginStrategy {

    const [authResult, identityResponse] = await this.startLogIn();

+    if (identityResponse instanceof IdentityCaptchaResponse) {
+      return authResult;
+    }
+
    const masterPasswordPolicyOptions =
      this.getMasterPasswordPolicyOptionsFromResponse(identityResponse);

@@ -157,23 +161,23 @@ export class PasswordLoginStrategy extends LoginStrategy {
        credentials,
        masterPasswordPolicyOptions,
      );
+      if (meetsRequirements) {
+        return authResult;
+      }

-      if (!meetsRequirements) {
-        if (authResult.requiresCaptcha || authResult.requiresTwoFactor) {
-          // Save the flag to this strategy for later use as the master password is about to pass out of scope
-          this.cache.next({
-            ...this.cache.value,
-            forcePasswordResetReason: ForceSetPasswordReason.WeakMasterPassword,
-          });
-        } else {
-          // Authentication was successful, save the force update password options with the state service
-          const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
-          await this.masterPasswordService.setForceSetPasswordReason(
-            ForceSetPasswordReason.WeakMasterPassword,
-            userId,
-          );
-          authResult.forcePasswordReset = ForceSetPasswordReason.WeakMasterPassword;
-        }
+      if (identityResponse instanceof IdentityTwoFactorResponse) {
+        // Save the flag to this strategy for use in 2fa login as the master password is about to pass out of scope
+        this.cache.next({
+          ...this.cache.value,
+          forcePasswordResetReason: ForceSetPasswordReason.WeakMasterPassword,
+        });
+      } else {
+        // Authentication was successful, save the force update password options with the state service
+        await this.masterPasswordService.setForceSetPasswordReason(
+          ForceSetPasswordReason.WeakMasterPassword,
+          authResult.userId, // userId is only available on successful login
+        );
+        authResult.forcePasswordReset = ForceSetPasswordReason.WeakMasterPassword;
      }
    }
    return authResult;
@@ -196,17 +200,18 @@ export class PasswordLoginStrategy extends LoginStrategy {
      !result.requiresCaptcha &&
      forcePasswordResetReason != ForceSetPasswordReason.None
    ) {
-      const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
-      await this.masterPasswordService.setForceSetPasswordReason(forcePasswordResetReason, userId);
+      await this.masterPasswordService.setForceSetPasswordReason(
+        forcePasswordResetReason,
+        result.userId,
+      );
      result.forcePasswordReset = forcePasswordResetReason;
    }

    return result;
  }

-  protected override async setMasterKey(response: IdentityTokenResponse) {
+  protected override async setMasterKey(response: IdentityTokenResponse, userId: UserId) {
    const { masterKey, localMasterKeyHash } = this.cache.value;
-    const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
    await this.masterPasswordService.setMasterKey(masterKey, userId);
    await this.masterPasswordService.setMasterKeyHash(localMasterKeyHash, userId);
  }
@@ -219,12 +224,12 @@ export class PasswordLoginStrategy extends LoginStrategy {
    if (this.encryptionKeyMigrationRequired(response)) {
      return;
    }
-    await this.cryptoService.setMasterKeyEncryptedUserKey(response.key);
+    await this.cryptoService.setMasterKeyEncryptedUserKey(response.key, userId);

    const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId));
    if (masterKey) {
      const userKey = await this.cryptoService.decryptUserKeyWithMasterKey(masterKey);
-      await this.cryptoService.setUserKey(userKey);
+      await this.cryptoService.setUserKey(userKey, userId);
    }
  }

@@ -239,9 +244,9 @@ export class PasswordLoginStrategy extends LoginStrategy {
  }

  private getMasterPasswordPolicyOptionsFromResponse(
-    response: IdentityTokenResponse | IdentityTwoFactorResponse | IdentityCaptchaResponse,
+    response: IdentityTokenResponse | IdentityTwoFactorResponse,
  ): MasterPasswordPolicyOptions {
-    if (response == null || response instanceof IdentityCaptchaResponse) {
+    if (response == null) {
      return null;
    }
    return MasterPasswordPolicyOptions.fromResponse(response.masterPasswordPolicy);