[PM-5938] Prevent vault coruption on key-rotation on desycned vault (#9235)

* Prevent key-rotation when local vault is desynced * Prevent key-rotation on non-decrypted vault * Remove cipher check that is done on server side
2025-12-16 08:13:42 +00:00 · 2024-05-30 11:08:47 +02:00
parent fb7273beb8
commit 6d0ef65094
2 changed files with 12 additions and 0 deletions
--- a/apps/web/src/app/auth/key-rotation/user-key-rotation.service.ts
+++ b/apps/web/src/app/auth/key-rotation/user-key-rotation.service.ts
@@ -13,6 +13,7 @@ import { SendService } from "@bitwarden/common/tools/send/services/send.service.
 import { UserKey } from "@bitwarden/common/types/key";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
+import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { CipherWithIdRequest } from "@bitwarden/common/vault/models/request/cipher-with-id.request";
 import { FolderWithIdRequest } from "@bitwarden/common/vault/models/request/folder-with-id.request";

@@ -38,6 +39,7 @@ export class UserKeyRotationService {
    private stateService: StateService,
    private accountService: AccountService,
    private kdfConfigService: KdfConfigService,
+    private syncService: SyncService,
  ) {}

  /**
@@ -49,6 +51,12 @@ export class UserKeyRotationService {
      throw new Error("Invalid master password");
    }

+    if ((await this.syncService.getLastSync()) === null) {
+      throw new Error(
+        "The local vault is de-synced and the keys cannot be rotated. Please log out and log back in to resolve this issue.",
+      );
+    }
+
    // Create master key to validate the master password
    const masterKey = await this.cryptoService.makeMasterKey(
      masterPassword,