From 7a24a538a4419fc822135d917edb73da09d97287 Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Wed, 23 Jul 2025 22:29:44 +0200 Subject: [PATCH] [PM-23072] Remove legacy key support in auth code (#15350) * Remove legacy key support in auth code * Fix tests --- .../src/auth/guards/lock.guard.spec.ts | 30 ------------------- libs/angular/src/auth/guards/lock.guard.ts | 7 ----- .../common/login-strategies/login.strategy.ts | 2 +- 3 files changed, 1 insertion(+), 38 deletions(-) diff --git a/libs/angular/src/auth/guards/lock.guard.spec.ts b/libs/angular/src/auth/guards/lock.guard.spec.ts index 2085e0f3486..53491bace00 100644 --- a/libs/angular/src/auth/guards/lock.guard.spec.ts +++ b/libs/angular/src/auth/guards/lock.guard.spec.ts @@ -26,7 +26,6 @@ import { lockGuard } from "./lock.guard"; interface SetupParams { authStatus: AuthenticationStatus; canLock?: boolean; - isLegacyUser?: boolean; clientType?: ClientType; everHadUserKey?: boolean; supportsDeviceTrust?: boolean; @@ -43,7 +42,6 @@ describe("lockGuard", () => { vaultTimeoutSettingsService.canLock.mockResolvedValue(setupParams.canLock); const keyService: MockProxy = mock(); - keyService.isLegacyUser.mockResolvedValue(setupParams.isLegacyUser); keyService.everHadUserKey$.mockReturnValue(of(setupParams.everHadUserKey)); const platformUtilService: MockProxy = mock(); @@ -155,37 +153,10 @@ describe("lockGuard", () => { expect(router.url).toBe("/"); }); - it("should log user out if they are a legacy user on a desktop client", async () => { - const { router, messagingService } = setup({ - authStatus: AuthenticationStatus.Locked, - canLock: true, - isLegacyUser: true, - clientType: ClientType.Desktop, - }); - - await router.navigate(["lock"]); - expect(router.url).toBe("/"); - expect(messagingService.send).toHaveBeenCalledWith("logout"); - }); - - it("should log user out if they are a legacy user on a browser extension client", async () => { - const { router, messagingService } = setup({ - authStatus: AuthenticationStatus.Locked, - canLock: true, - isLegacyUser: true, - clientType: ClientType.Browser, - }); - - await router.navigate(["lock"]); - expect(router.url).toBe("/"); - expect(messagingService.send).toHaveBeenCalledWith("logout"); - }); - it("should allow navigation to the lock route when device trust is supported, the user has a MP, and the user is coming from the login-initiated page", async () => { const { router } = setup({ authStatus: AuthenticationStatus.Locked, canLock: true, - isLegacyUser: false, clientType: ClientType.Web, everHadUserKey: false, supportsDeviceTrust: true, @@ -213,7 +184,6 @@ describe("lockGuard", () => { const { router } = setup({ authStatus: AuthenticationStatus.Locked, canLock: true, - isLegacyUser: false, clientType: ClientType.Web, everHadUserKey: false, supportsDeviceTrust: true, diff --git a/libs/angular/src/auth/guards/lock.guard.ts b/libs/angular/src/auth/guards/lock.guard.ts index 4b09ddeee18..8acdadeb87c 100644 --- a/libs/angular/src/auth/guards/lock.guard.ts +++ b/libs/angular/src/auth/guards/lock.guard.ts @@ -13,7 +13,6 @@ import { UserVerificationService } from "@bitwarden/common/auth/abstractions/use import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status"; import { DeviceTrustServiceAbstraction } from "@bitwarden/common/key-management/device-trust/abstractions/device-trust.service.abstraction"; import { VaultTimeoutSettingsService } from "@bitwarden/common/key-management/vault-timeout"; -import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service"; import { KeyService } from "@bitwarden/key-management"; /** @@ -31,7 +30,6 @@ export function lockGuard(): CanActivateFn { const authService = inject(AuthService); const keyService = inject(KeyService); const deviceTrustService = inject(DeviceTrustServiceAbstraction); - const messagingService = inject(MessagingService); const router = inject(Router); const userVerificationService = inject(UserVerificationService); const vaultTimeoutSettingsService = inject(VaultTimeoutSettingsService); @@ -56,11 +54,6 @@ export function lockGuard(): CanActivateFn { return false; } - if (await keyService.isLegacyUser()) { - messagingService.send("logout"); - return false; - } - // User is authN and in locked state. const tdeEnabled = await firstValueFrom(deviceTrustService.supportsDeviceTrust$); diff --git a/libs/auth/src/common/login-strategies/login.strategy.ts b/libs/auth/src/common/login-strategies/login.strategy.ts index 463ea676163..b8d5f64bfcc 100644 --- a/libs/auth/src/common/login-strategies/login.strategy.ts +++ b/libs/auth/src/common/login-strategies/login.strategy.ts @@ -325,7 +325,7 @@ export abstract class LoginStrategy { protected async createKeyPairForOldAccount(userId: UserId) { try { - const userKey = await this.keyService.getUserKeyWithLegacySupport(userId); + const userKey = await this.keyService.getUserKey(userId); const [publicKey, privateKey] = await this.keyService.makeKeyPair(userKey); if (!privateKey.encryptedString) { throw new Error("Failed to create encrypted private key");