[PM-12700] Add private key regeneration process (#11829)

* add user asymmetric key api service * Add user asymmetric key regen service * add feature flag * Add LoginSuccessHandlerService * add loginSuccessHandlerService to BaseLoginViaWebAuthnComponent * Only run loginSuccessHandlerService if webAuthn is used for vault decryption. * Updates for TS strict * bump SDK version * swap to combineLatest * Update abstractions
2025-12-15 15:53:27 +00:00 · 2024-12-16 12:00:17 -06:00
parent c628f541d1
commit 971c157f56
20 changed files with 629 additions and 19 deletions
--- a/libs/angular/src/auth/components/base-login-via-webauthn.component.ts
+++ b/libs/angular/src/auth/components/base-login-via-webauthn.component.ts
@@ -2,7 +2,9 @@
 // @ts-strict-ignore
 import { Directive, OnInit } from "@angular/core";
 import { Router } from "@angular/router";
+import { firstValueFrom } from "rxjs";

+import { LoginSuccessHandlerService } from "@bitwarden/auth/common";
 import { WebAuthnLoginServiceAbstraction } from "@bitwarden/common/auth/abstractions/webauthn/webauthn-login.service.abstraction";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
 import { WebAuthnLoginCredentialAssertionView } from "@bitwarden/common/auth/models/view/webauthn-login/webauthn-login-credential-assertion.view";
@@ -10,6 +12,7 @@ import { ErrorResponse } from "@bitwarden/common/models/response/error.response"
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
+import { KeyService } from "@bitwarden/key-management";

 export type State = "assert" | "assertFailed";

@@ -26,6 +29,8 @@ export class BaseLoginViaWebAuthnComponent implements OnInit {
    private logService: LogService,
    private validationService: ValidationService,
    private i18nService: I18nService,
+    private loginSuccessHandlerService: LoginSuccessHandlerService,
+    private keyService: KeyService,
  ) {}

  ngOnInit(): void {
@@ -59,11 +64,21 @@ export class BaseLoginViaWebAuthnComponent implements OnInit {
          this.i18nService.t("twoFactorForPasskeysNotSupportedOnClientUpdateToLogIn"),
        );
        this.currentState = "assertFailed";
-      } else if (authResult.forcePasswordReset == ForceSetPasswordReason.AdminForcePasswordReset) {
-        await this.router.navigate([this.forcePasswordResetRoute]);
-      } else {
-        await this.router.navigate([this.successRoute]);
+        return;
      }
+
+      // Only run loginSuccessHandlerService if webAuthn is used for vault decryption.
+      const userKey = await firstValueFrom(this.keyService.userKey$(authResult.userId));
+      if (userKey) {
+        await this.loginSuccessHandlerService.run(authResult.userId);
+      }
+
+      if (authResult.forcePasswordReset == ForceSetPasswordReason.AdminForcePasswordReset) {
+        await this.router.navigate([this.forcePasswordResetRoute]);
+        return;
+      }
+
+      await this.router.navigate([this.successRoute]);
    } catch (error) {
      if (error instanceof ErrorResponse) {
        this.validationService.showError(this.i18nService.t("invalidPasskeyPleaseTryAgain"));