[PM-8933] Require userId on setUserKey (#9675)

* Updated all sets of user key to pass in userId * Added userId on auth request login. * Fixed tests. * Fixed tests to pass in UserId * Added parameter to tests. * Addressed PR feedback. * Merged main
2025-12-11 13:53:34 +00:00 · 2024-08-13 08:07:36 -04:00
parent cdc82f13b0
commit 7b508b1ad7
15 changed files with 65 additions and 39 deletions
--- a/libs/angular/src/auth/components/lock.component.ts
+++ b/libs/angular/src/auth/components/lock.component.ts
@@ -134,10 +134,13 @@ export class LockComponent implements OnInit, OnDestroy {
    }

    await this.biometricStateService.setUserPromptCancelled();
-    const userKey = await this.cryptoService.getUserKeyFromStorage(KeySuffixOptions.Biometric);
+    const userKey = await this.cryptoService.getUserKeyFromStorage(
+      KeySuffixOptions.Biometric,
+      this.activeUserId,
+    );

    if (userKey) {
-      await this.setUserKeyAndContinue(userKey, false);
+      await this.setUserKeyAndContinue(userKey, this.activeUserId, false);
    }

    return !!userKey;
@@ -174,7 +177,7 @@ export class LockComponent implements OnInit, OnDestroy {
      const userKey = await this.pinService.decryptUserKeyWithPin(this.pin, userId);

      if (userKey) {
-        await this.setUserKeyAndContinue(userKey);
+        await this.setUserKeyAndContinue(userKey, userId);
        return; // successfully unlocked
      }

@@ -257,11 +260,15 @@ export class LockComponent implements OnInit, OnDestroy {
    const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(
      response.masterKey,
    );
-    await this.setUserKeyAndContinue(userKey, true);
+    await this.setUserKeyAndContinue(userKey, userId, true);
  }

-  private async setUserKeyAndContinue(key: UserKey, evaluatePasswordAfterUnlock = false) {
-    await this.cryptoService.setUserKey(key);
+  private async setUserKeyAndContinue(
+    key: UserKey,
+    userId: UserId,
+    evaluatePasswordAfterUnlock = false,
+  ) {
+    await this.cryptoService.setUserKey(key, userId);

    // Now that we have a decrypted user key in memory, we can check if we
    // need to establish trust on the current device
--- a/libs/angular/src/auth/components/login-via-auth-request.component.ts
+++ b/libs/angular/src/auth/components/login-via-auth-request.component.ts
@@ -386,6 +386,7 @@ export class LoginViaAuthRequestComponent
      await this.authRequestService.setKeysAfterDecryptingSharedMasterKeyAndHash(
        adminAuthReqResponse,
        privateKey,
+        userId,
      );
    } else {
      // Flow 3: masterPasswordHash is null
@@ -393,6 +394,7 @@ export class LoginViaAuthRequestComponent
      await this.authRequestService.setUserKeyAfterDecryptingSharedUserKey(
        adminAuthReqResponse,
        privateKey,
+        userId,
      );
    }