[PM-24099] Tools - Remove getOrgKey from the key service (#16351)

* replace deprecated getOrgKey() method • obtain account using `accountService.activeAccount$` and then use id property to guarentee validity of UserId
2025-12-15 15:53:27 +00:00 · 2025-10-01 13:26:30 -07:00
parent 688647b2c6
commit 75253c7709
3 changed files with 75 additions and 14 deletions
--- a/libs/importer/src/importers/bitwarden/bitwarden-json-importer.ts
+++ b/libs/importer/src/importers/bitwarden/bitwarden-json-importer.ts
@@ -64,12 +64,13 @@ export class BitwardenJsonImporter extends BaseImporter implements Importer {
  private async parseEncrypted(
    results: BitwardenEncryptedIndividualJsonExport | BitwardenEncryptedOrgJsonExport,
  ) {
+    const account = await firstValueFrom(this.accountService.activeAccount$);
+
    if (results.encKeyValidation_DO_NOT_EDIT != null) {
-      let keyForDecryption: SymmetricCryptoKey = await this.keyService.getOrgKey(
-        this.organizationId,
-      );
+      const orgKeys = await firstValueFrom(this.keyService.orgKeys$(account.id));
+      let keyForDecryption: SymmetricCryptoKey = orgKeys?.[this.organizationId];
      if (keyForDecryption == null) {
-        keyForDecryption = await this.keyService.getUserKey();
+        keyForDecryption = await firstValueFrom(this.keyService.userKey$(account.id));
      }
      const encKeyValidation = new EncString(results.encKeyValidation_DO_NOT_EDIT);
      try {
@@ -113,10 +114,7 @@ export class BitwardenJsonImporter extends BaseImporter implements Importer {
        });
      }

-      const activeUserId = await firstValueFrom(
-        this.accountService.activeAccount$.pipe(map((a) => a?.id)),
-      );
-      const view = await this.cipherService.decrypt(cipher, activeUserId);
+      const view = await this.cipherService.decrypt(cipher, account.id);
      this.cleanupCipher(view);
      this.result.ciphers.push(view);
    }
--- a/libs/importer/src/importers/bitwarden/bitwarden-password-protected-importer.spec.ts
+++ b/libs/importer/src/importers/bitwarden/bitwarden-password-protected-importer.spec.ts
@@ -1,12 +1,17 @@
 import { mock, MockProxy } from "jest-mock-extended";
+import { of } from "rxjs";

 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import { PinServiceAbstraction } from "@bitwarden/common/key-management/pin/pin.service.abstraction";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { emptyGuid, OrganizationId } from "@bitwarden/common/types/guid";
+import { OrgKey, UserKey } from "@bitwarden/common/types/key";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { newGuid } from "@bitwarden/guid";
 import { KdfType, KeyService } from "@bitwarden/key-management";
+import { UserId } from "@bitwarden/user-core";

 import { emptyAccountEncrypted } from "../spec-data/bitwarden-json/account-encrypted.json";
 import { emptyUnencryptedExport } from "../spec-data/bitwarden-json/unencrypted.json";
@@ -35,6 +40,36 @@ describe("BitwardenPasswordProtectedImporter", () => {
    pinService = mock<PinServiceAbstraction>();
    accountService = mock<AccountService>();

+    accountService.activeAccount$ = of({
+      id: newGuid() as UserId,
+      email: "test@example.com",
+      emailVerified: true,
+      name: "Test User",
+    });
+
+    const mockOrgId = emptyGuid as OrganizationId;
+    /* 
+      The key values below are never read, empty objects are cast as types for compilation type checking only.
+      Tests specific to key contents are in key-service.spec.ts
+    */
+    const mockOrgKey = {} as unknown as OrgKey;
+    const mockUserKey = {} as unknown as UserKey;
+
+    keyService.orgKeys$.mockImplementation(() =>
+      of({ [mockOrgId]: mockOrgKey } as Record<OrganizationId, OrgKey>),
+    );
+    keyService.userKey$.mockImplementation(() => of(mockUserKey));
+    (keyService as any).activeUserOrgKeys$ = of({
+      [mockOrgId]: mockOrgKey,
+    } as Record<OrganizationId, OrgKey>);
+
+    /*
+      Crypto isn’t under test here; keys are just placeholders.
+      Decryption methods are stubbed to always return empty CipherView or string allowing OK import flow.
+    */
+    cipherService.decrypt.mockResolvedValue({} as any);
+    encryptService.decryptString.mockResolvedValue("ok");
+
    importer = new BitwardenPasswordProtectedImporter(
      keyService,
      encryptService,
@@ -62,6 +97,24 @@ describe("BitwardenPasswordProtectedImporter", () => {
      jest.spyOn(BitwardenJsonImporter.prototype, "parse");
    });

+    beforeEach(() => {
+      accountService.activeAccount$ = of({
+        id: newGuid() as UserId,
+        email: "test@example.com",
+        emailVerified: true,
+        name: "Test User",
+      });
+      importer = new BitwardenPasswordProtectedImporter(
+        keyService,
+        encryptService,
+        i18nService,
+        cipherService,
+        pinService,
+        accountService,
+        promptForPassword_callback,
+      );
+    });
+
    it("Should call BitwardenJsonImporter", async () => {
      expect((await importer.parse(emptyAccountEncrypted)).success).toEqual(true);
      expect(BitwardenJsonImporter.prototype.parse).toHaveBeenCalledWith(emptyAccountEncrypted);