[PM-23072] Remove legacy key support in auth code (#15350)

* Remove legacy key support in auth code * Fix tests
2025-12-11 05:43:41 +00:00 · 2025-07-23 22:29:44 +02:00
parent 4458a7306b
commit 7a24a538a4
3 changed files with 1 additions and 38 deletions
--- a/libs/angular/src/auth/guards/lock.guard.spec.ts
+++ b/libs/angular/src/auth/guards/lock.guard.spec.ts
@@ -26,7 +26,6 @@ import { lockGuard } from "./lock.guard";
 interface SetupParams {
  authStatus: AuthenticationStatus;
  canLock?: boolean;
-  isLegacyUser?: boolean;
  clientType?: ClientType;
  everHadUserKey?: boolean;
  supportsDeviceTrust?: boolean;
@@ -43,7 +42,6 @@ describe("lockGuard", () => {
    vaultTimeoutSettingsService.canLock.mockResolvedValue(setupParams.canLock);

    const keyService: MockProxy<KeyService> = mock<KeyService>();
-    keyService.isLegacyUser.mockResolvedValue(setupParams.isLegacyUser);
    keyService.everHadUserKey$.mockReturnValue(of(setupParams.everHadUserKey));

    const platformUtilService: MockProxy<PlatformUtilsService> = mock<PlatformUtilsService>();
@@ -155,37 +153,10 @@ describe("lockGuard", () => {
    expect(router.url).toBe("/");
  });

-  it("should log user out if they are a legacy user on a desktop client", async () => {
-    const { router, messagingService } = setup({
-      authStatus: AuthenticationStatus.Locked,
-      canLock: true,
-      isLegacyUser: true,
-      clientType: ClientType.Desktop,
-    });
-
-    await router.navigate(["lock"]);
-    expect(router.url).toBe("/");
-    expect(messagingService.send).toHaveBeenCalledWith("logout");
-  });
-
-  it("should log user out if they are a legacy user on a browser extension client", async () => {
-    const { router, messagingService } = setup({
-      authStatus: AuthenticationStatus.Locked,
-      canLock: true,
-      isLegacyUser: true,
-      clientType: ClientType.Browser,
-    });
-
-    await router.navigate(["lock"]);
-    expect(router.url).toBe("/");
-    expect(messagingService.send).toHaveBeenCalledWith("logout");
-  });
-
  it("should allow navigation to the lock route when device trust is supported, the user has a MP, and the user is coming from the login-initiated page", async () => {
    const { router } = setup({
      authStatus: AuthenticationStatus.Locked,
      canLock: true,
-      isLegacyUser: false,
      clientType: ClientType.Web,
      everHadUserKey: false,
      supportsDeviceTrust: true,
@@ -213,7 +184,6 @@ describe("lockGuard", () => {
    const { router } = setup({
      authStatus: AuthenticationStatus.Locked,
      canLock: true,
-      isLegacyUser: false,
      clientType: ClientType.Web,
      everHadUserKey: false,
      supportsDeviceTrust: true,
--- a/libs/angular/src/auth/guards/lock.guard.ts
+++ b/libs/angular/src/auth/guards/lock.guard.ts
@@ -13,7 +13,6 @@ import { UserVerificationService } from "@bitwarden/common/auth/abstractions/use
 import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
 import { DeviceTrustServiceAbstraction } from "@bitwarden/common/key-management/device-trust/abstractions/device-trust.service.abstraction";
 import { VaultTimeoutSettingsService } from "@bitwarden/common/key-management/vault-timeout";
-import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { KeyService } from "@bitwarden/key-management";

 /**
@@ -31,7 +30,6 @@ export function lockGuard(): CanActivateFn {
    const authService = inject(AuthService);
    const keyService = inject(KeyService);
    const deviceTrustService = inject(DeviceTrustServiceAbstraction);
-    const messagingService = inject(MessagingService);
    const router = inject(Router);
    const userVerificationService = inject(UserVerificationService);
    const vaultTimeoutSettingsService = inject(VaultTimeoutSettingsService);
@@ -56,11 +54,6 @@ export function lockGuard(): CanActivateFn {
      return false;
    }

-    if (await keyService.isLegacyUser()) {
-      messagingService.send("logout");
-      return false;
-    }
-
    // User is authN and in locked state.

    const tdeEnabled = await firstValueFrom(deviceTrustService.supportsDeviceTrust$);
--- a/libs/auth/src/common/login-strategies/login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/login.strategy.ts
@@ -325,7 +325,7 @@ export abstract class LoginStrategy {

  protected async createKeyPairForOldAccount(userId: UserId) {
    try {
-      const userKey = await this.keyService.getUserKeyWithLegacySupport(userId);
+      const userKey = await this.keyService.getUserKey(userId);
      const [publicKey, privateKey] = await this.keyService.makeKeyPair(userKey);
      if (!privateKey.encryptedString) {
        throw new Error("Failed to create encrypted private key");