[PM-12700] Add private key regeneration process (#11829)

* add user asymmetric key api service * Add user asymmetric key regen service * add feature flag * Add LoginSuccessHandlerService * add loginSuccessHandlerService to BaseLoginViaWebAuthnComponent * Only run loginSuccessHandlerService if webAuthn is used for vault decryption. * Updates for TS strict * bump SDK version * swap to combineLatest * Update abstractions
2026-02-20 19:34:03 +00:00 · 2024-12-16 12:00:17 -06:00
parent c628f541d1
commit 971c157f56
20 changed files with 629 additions and 19 deletions
--- a/libs/angular/src/auth/components/base-login-via-webauthn.component.ts
+++ b/libs/angular/src/auth/components/base-login-via-webauthn.component.ts
@@ -2,7 +2,9 @@
 // @ts-strict-ignore
 import { Directive, OnInit } from "@angular/core";
 import { Router } from "@angular/router";
+import { firstValueFrom } from "rxjs";

+import { LoginSuccessHandlerService } from "@bitwarden/auth/common";
 import { WebAuthnLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/webauthn/webauthn-login.service.abstraction";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
 import { WebAuthnLoginCredentialAssertionView } from "@bitwarden/common/auth/models/view/webauthn-login/webauthn-login-credential-assertion.view";
@@ -10,6 +12,7 @@ import { ErrorResponse } from "@bitwarden/common/models/response/error.response"
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
+import { KeyService } from "@bitwarden/key-management";

 export type State = "assert" | "assertFailed";

@@ -26,6 +29,8 @@ export class BaseLoginViaWebAuthnComponent implements OnInit {
    private logService: LogService,
    private validationService: ValidationService,
    private i18nService: I18nService,
+    private loginSuccessHandlerService: LoginSuccessHandlerService,
+    private keyService: KeyService,
  ) {}

  ngOnInit(): void {
@@ -59,11 +64,21 @@ export class BaseLoginViaWebAuthnComponent implements OnInit {
          this.i18nService.t("twoFactorForPasskeysNotSupportedOnClientUpdateToLogIn"),
        );
        this.currentState = "assertFailed";
-      } else if (authResult.forcePasswordReset == ForceSetPasswordReason.AdminForcePasswordReset) {
-        await this.router.navigate([this.forcePasswordResetRoute]);
-      } else {
-        await this.router.navigate([this.successRoute]);
+        return;
      }
+
+      // Only run loginSuccessHandlerService if webAuthn is used for vault decryption.
+      const userKey = await firstValueFrom(this.keyService.userKey$(authResult.userId));
+      if (userKey) {
+        await this.loginSuccessHandlerService.run(authResult.userId);
+      }
+
+      if (authResult.forcePasswordReset == ForceSetPasswordReason.AdminForcePasswordReset) {
+        await this.router.navigate([this.forcePasswordResetRoute]);
+        return;
+      }
+
+      await this.router.navigate([this.successRoute]);
    } catch (error) {
      if (error instanceof ErrorResponse) {
        this.validationService.showError(this.i18nService.t("invalidPasskeyPleaseTryAgain"));
--- a/libs/angular/src/services/jslib-services.module.ts
+++ b/libs/angular/src/services/jslib-services.module.ts
@@ -37,6 +37,8 @@ import {
  RegisterRouteService,
  AuthRequestApiService,
  DefaultAuthRequestApiService,
+  DefaultLoginSuccessHandlerService,
+  LoginSuccessHandlerService,
 } from "@bitwarden/auth/common";
 import { ApiService as ApiServiceAbstraction } from "@bitwarden/common/abstractions/api.service";
 import { AuditService as AuditServiceAbstraction } from "@bitwarden/common/abstractions/audit.service";
@@ -281,6 +283,10 @@ import {
  DefaultBiometricStateService,
  KdfConfigService,
  DefaultKdfConfigService,
+  UserAsymmetricKeysRegenerationService,
+  DefaultUserAsymmetricKeysRegenerationService,
+  UserAsymmetricKeysRegenerationApiService,
+  DefaultUserAsymmetricKeysRegenerationApiService,
 } from "@bitwarden/key-management";
 import { PasswordRepromptService } from "@bitwarden/vault";
 import {
@@ -1395,6 +1401,29 @@ const safeProviders: SafeProvider[] = [
    useClass: DefaultLoginDecryptionOptionsService,
    deps: [MessagingServiceAbstraction],
  }),
+  safeProvider({
+    provide: UserAsymmetricKeysRegenerationApiService,
+    useClass: DefaultUserAsymmetricKeysRegenerationApiService,
+    deps: [ApiServiceAbstraction],
+  }),
+  safeProvider({
+    provide: UserAsymmetricKeysRegenerationService,
+    useClass: DefaultUserAsymmetricKeysRegenerationService,
+    deps: [
+      KeyServiceAbstraction,
+      CipherServiceAbstraction,
+      UserAsymmetricKeysRegenerationApiService,
+      LogService,
+      SdkService,
+      ApiServiceAbstraction,
+      ConfigService,
+    ],
+  }),
+  safeProvider({
+    provide: LoginSuccessHandlerService,
+    useClass: DefaultLoginSuccessHandlerService,
+    deps: [SyncService, UserAsymmetricKeysRegenerationService],
+  }),
 ];

@NgModule({