Added specific log for invalid cipher key.

2026-02-12 14:34:02 +00:00 · 2024-11-21 16:44:46 -05:00
parent 365c7dd65e
commit 6defb2d446
2 changed files with 50 additions and 2 deletions
--- a/libs/common/src/vault/models/domain/cipher.spec.ts
+++ b/libs/common/src/vault/models/domain/cipher.spec.ts
@@ -57,6 +57,47 @@ describe("Cipher DTO", () => {
    });
  });

+  describe("Cipher", () => {
+    it("Throws error with invalid cipher key", async () => {
+      const cipher = new Cipher();
+      cipher.id = "id";
+      cipher.organizationId = "orgId";
+      cipher.folderId = "folderId";
+      cipher.edit = true;
+      cipher.viewPassword = true;
+      cipher.organizationUseTotp = true;
+      cipher.favorite = false;
+      cipher.revisionDate = new Date("2022-01-31T12:00:00.000Z");
+      cipher.type = CipherType.Login;
+      cipher.name = mockEnc("EncryptedString");
+      cipher.notes = mockEnc("EncryptedString");
+      cipher.creationDate = new Date("2022-01-01T12:00:00.000Z");
+      cipher.deletedDate = null;
+      cipher.reprompt = CipherRepromptType.None;
+      cipher.key = mockEnc("EncKey");
+
+      const loginView = new LoginView();
+      loginView.username = "username";
+      loginView.password = "password";
+
+      const login = mock<Login>();
+      login.decrypt.mockResolvedValue(loginView);
+      cipher.login = login;
+
+      const keyService = mock<KeyService>();
+      const encryptService = mock<EncryptService>();
+      const cipherService = mock<CipherService>();
+
+      encryptService.decryptToBytes.mockResolvedValue(null);
+
+      (window as any).bitwardenContainerService = new ContainerService(keyService, encryptService);
+
+      await cipher.decrypt(await cipherService.getKeyForCipherKeyDecryption(cipher, mockUserId));
+
+      expect.toThrow("Failed to decrypt cipher key.");
+    });
+  });
+
  describe("LoginCipher", () => {
    let cipherData: CipherData;

--- a/libs/common/src/vault/models/domain/cipher.ts
+++ b/libs/common/src/vault/models/domain/cipher.ts
@@ -132,10 +132,17 @@ export class Cipher extends Domain implements Decryptable<CipherView> {
    const model = new CipherView(this);
    let bypassValidation = true;

+    // If the cipher has a key, we'll attempt to decrypt it with the user/org encryption key
+    // and use that as the key to decrypt the cipher data.
    if (this.key != null) {
      const encryptService = Utils.getContainerService().getEncryptService();
-      encKey = new SymmetricCryptoKey(await encryptService.decryptToBytes(this.key, encKey));
-      bypassValidation = false;
+      const cipherKey = await encryptService.decryptToBytes(this.key, encKey);
+      if (cipherKey !== null) {
+        encKey = new SymmetricCryptoKey(cipherKey);
+        bypassValidation = false;
+      } else {
+        throw new Error("Failed to decrypt cipher key.");
+      }
    }

    await this.decryptObj(