Pm-10953/add-user-context-to-sync-replaces (#10627)

* Require userId for setting masterKeyEncryptedUserKey * Replace folders for specified user * Require userId for collection replace * Cipher Replace requires userId * Require UserId to update equivalent domains * Require userId for policy replace * sync state updates between fake state for better testing * Revert to public observable tests Since they now sync, we can test single-user updates impacting active user observables * Do not init fake states through sync Do not sync initial null values, that might wipe out already existing data. * Require userId for Send replace * Include userId for organization replace * Require userId for billing sync data * Require user Id for key connector sync data * Allow decode of token by userId * Require userId for synced key connector updates * Add userId to policy setting during organization invite accept * Fix cli * Handle null userId --------- Co-authored-by: bnagawiecki <107435978+bnagawiecki@users.noreply.github.com>
2025-12-11 13:53:34 +00:00 · 2024-08-26 17:44:08 -07:00
parent 866a624e44
commit 9459cda304
46 changed files with 666 additions and 484 deletions
--- a/apps/cli/src/auth/commands/login.command.ts
+++ b/apps/cli/src/auth/commands/login.command.ts
@@ -342,7 +342,7 @@ export class LoginCommand {
        }
      }

-      return await this.handleSuccessResponse();
+      return await this.handleSuccessResponse(response);
    } catch (e) {
      return Response.error(e);
    }
@@ -353,8 +353,8 @@ export class LoginCommand {
    process.env.BW_SESSION = Utils.fromBufferToB64(key);
  }

-  private async handleSuccessResponse(): Promise<Response> {
-    const usesKeyConnector = await this.keyConnectorService.getUsesKeyConnector();
+  private async handleSuccessResponse(response: AuthResult): Promise<Response> {
+    const usesKeyConnector = await this.keyConnectorService.getUsesKeyConnector(response.userId);

    if (
      (this.options.sso != null || this.options.apikey != null) &&
--- a/apps/cli/src/auth/commands/unlock.command.ts
+++ b/apps/cli/src/auth/commands/unlock.command.ts
@@ -73,6 +73,7 @@ export class UnlockCommand {

    if (await this.keyConnectorService.getConvertAccountRequired()) {
      const convertToKeyConnectorCommand = new ConvertToKeyConnectorCommand(
+        userId,
        this.keyConnectorService,
        this.environmentService,
        this.syncService,
--- a/apps/cli/src/base-program.ts
+++ b/apps/cli/src/base-program.ts
@@ -116,20 +116,30 @@ export abstract class BaseProgram {
    }
  }

+  /**
+   * Exist if no user is authenticated
+   * @returns the userId of the active account
+   */
  protected async exitIfNotAuthed() {
-    const authed = await this.serviceContainer.stateService.getIsAuthenticated();
-    if (!authed) {
-      this.processResponse(Response.error("You are not logged in."), true);
+    const fail = () => this.processResponse(Response.error("You are not logged in."), true);
+    const userId = (await firstValueFrom(this.serviceContainer.accountService.activeAccount$))?.id;
+    if (!userId) {
+      fail();
    }
+    const authed = await this.serviceContainer.stateService.getIsAuthenticated({ userId });
+    if (!authed) {
+      fail();
+    }
+    return userId;
  }

  protected async exitIfLocked() {
-    await this.exitIfNotAuthed();
+    const userId = await this.exitIfNotAuthed();
    if (await this.serviceContainer.cryptoService.hasUserKey()) {
      return;
    } else if (process.env.BW_NOINTERACTION !== "true") {
      // must unlock
-      if (await this.serviceContainer.keyConnectorService.getUsesKeyConnector()) {
+      if (await this.serviceContainer.keyConnectorService.getUsesKeyConnector(userId)) {
        const response = Response.error(
          "Your vault is locked. You must unlock your vault using your session key.\n" +
            "If you do not have your session key, you can get a new one by logging out and logging in again.",
--- a/apps/cli/src/commands/convert-to-key-connector.command.ts
+++ b/apps/cli/src/commands/convert-to-key-connector.command.ts
@@ -7,6 +7,7 @@ import {
  EnvironmentService,
  Region,
 } from "@bitwarden/common/platform/abstractions/environment.service";
+import { UserId } from "@bitwarden/common/types/guid";
 import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";

 import { Response } from "../models/response";
@@ -14,6 +15,7 @@ import { MessageResponse } from "../models/response/message.response";

 export class ConvertToKeyConnectorCommand {
  constructor(
+    private readonly userId: UserId,
    private keyConnectorService: KeyConnectorService,
    private environmentService: EnvironmentService,
    private syncService: SyncService,
@@ -68,7 +70,7 @@ export class ConvertToKeyConnectorCommand {
      }

      await this.keyConnectorService.removeConvertAccountRequired();
-      await this.keyConnectorService.setUsesKeyConnector(true);
+      await this.keyConnectorService.setUsesKeyConnector(true, this.userId);

      // Update environment URL - required for api key login
      const env = await firstValueFrom(this.environmentService.environment$);
--- a/apps/cli/src/program.ts
+++ b/apps/cli/src/program.ts
@@ -206,9 +206,9 @@ export class Program extends BaseProgram {
        writeLn("", true);
      })
      .action(async (cmd) => {
-        await this.exitIfNotAuthed();
+        const userId = await this.exitIfNotAuthed();

-        if (await this.serviceContainer.keyConnectorService.getUsesKeyConnector()) {
+        if (await this.serviceContainer.keyConnectorService.getUsesKeyConnector(userId)) {
          const logoutCommand = new LogoutCommand(
            this.serviceContainer.authService,
            this.serviceContainer.i18nService,