[PM-12700] Add private key regeneration process (#11829)

* add user asymmetric key api service * Add user asymmetric key regen service * add feature flag * Add LoginSuccessHandlerService * add loginSuccessHandlerService to BaseLoginViaWebAuthnComponent * Only run loginSuccessHandlerService if webAuthn is used for vault decryption. * Updates for TS strict * bump SDK version * swap to combineLatest * Update abstractions
2025-12-16 00:03:56 +00:00 · 2024-12-16 12:00:17 -06:00
parent c628f541d1
commit 971c157f56
20 changed files with 629 additions and 19 deletions
--- a/libs/auth/src/angular/lock/lock.component.ts
+++ b/libs/auth/src/angular/lock/lock.component.ts
@@ -37,7 +37,11 @@ import {
  IconButtonModule,
  ToastService,
 } from "@bitwarden/components";
-import { KeyService, BiometricStateService } from "@bitwarden/key-management";
+import {
+  KeyService,
+  BiometricStateService,
+  UserAsymmetricKeysRegenerationService,
+} from "@bitwarden/key-management";

 import { PinServiceAbstraction } from "../../common/abstractions";
 import { AnonLayoutWrapperDataService } from "../anon-layout/anon-layout-wrapper-data.service";
@@ -139,6 +143,7 @@ export class LockV2Component implements OnInit, OnDestroy {
    private passwordStrengthService: PasswordStrengthServiceAbstraction,
    private formBuilder: FormBuilder,
    private toastService: ToastService,
+    private userAsymmetricKeysRegenerationService: UserAsymmetricKeysRegenerationService,

    private lockComponentService: LockComponentService,
    private anonLayoutWrapperDataService: AnonLayoutWrapperDataService,
@@ -532,6 +537,8 @@ export class LockV2Component implements OnInit, OnDestroy {
    // Vault can be de-synced since notifications get ignored while locked. Need to check whether sync is required using the sync service.
    await this.syncService.fullSync(false);

+    await this.userAsymmetricKeysRegenerationService.regenerateIfNeeded(this.activeAccount.id);
+
    if (this.clientType === "browser") {
      const previousUrl = this.lockComponentService.getPreviousUrl();
      /**
--- a/libs/auth/src/angular/login-via-auth-request/login-via-auth-request.component.ts
+++ b/libs/auth/src/angular/login-via-auth-request/login-via-auth-request.component.ts
@@ -12,6 +12,7 @@ import {
  AuthRequestServiceAbstraction,
  LoginEmailServiceAbstraction,
  LoginStrategyServiceAbstraction,
+  LoginSuccessHandlerService,
 } from "@bitwarden/auth/common";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { AnonymousHubService } from "@bitwarden/common/auth/abstractions/anonymous-hub.service";
@@ -34,7 +35,6 @@ import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/pl
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { UserId } from "@bitwarden/common/types/guid";
-import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { ButtonModule, LinkModule, ToastService } from "@bitwarden/components";
 import { PasswordGenerationServiceAbstraction } from "@bitwarden/generator-legacy";

@@ -88,9 +88,9 @@ export class LoginViaAuthRequestComponent implements OnInit, OnDestroy {
    private passwordGenerationService: PasswordGenerationServiceAbstraction,
    private platformUtilsService: PlatformUtilsService,
    private router: Router,
-    private syncService: SyncService,
    private toastService: ToastService,
    private validationService: ValidationService,
+    private loginSuccessHandlerService: LoginSuccessHandlerService,
  ) {
    this.clientType = this.platformUtilsService.getClientType();

@@ -485,7 +485,7 @@ export class LoginViaAuthRequestComponent implements OnInit, OnDestroy {
    const activeAccount = await firstValueFrom(this.accountService.activeAccount$);
    await this.deviceTrustService.trustDeviceIfRequired(activeAccount.id);

-    await this.handleSuccessfulLoginNavigation();
+    await this.handleSuccessfulLoginNavigation(userId);
  }

  /**
@@ -555,17 +555,17 @@ export class LoginViaAuthRequestComponent implements OnInit, OnDestroy {
    } else if (loginResponse.forcePasswordReset != ForceSetPasswordReason.None) {
      await this.router.navigate(["update-temp-password"]);
    } else {
-      await this.handleSuccessfulLoginNavigation();
+      await this.handleSuccessfulLoginNavigation(loginResponse.userId);
    }
  }

-  private async handleSuccessfulLoginNavigation() {
+  private async handleSuccessfulLoginNavigation(userId: UserId) {
    if (this.flow === Flow.StandardAuthRequest) {
      // Only need to set remembered email on standard login with auth req flow
      await this.loginEmailService.saveEmailSettings();
    }

-    await this.syncService.fullSync(true);
+    await this.loginSuccessHandlerService.run(userId);
    await this.router.navigate(["vault"]);
  }
 }
--- a/libs/auth/src/angular/login/login.component.ts
+++ b/libs/auth/src/angular/login/login.component.ts
@@ -10,6 +10,7 @@ import { JslibModule } from "@bitwarden/angular/jslib.module";
 import {
  LoginEmailServiceAbstraction,
  LoginStrategyServiceAbstraction,
+  LoginSuccessHandlerService,
  PasswordLoginCredentials,
  RegisterRouteService,
 } from "@bitwarden/auth/common";
@@ -31,7 +32,6 @@ import { MessagingService } from "@bitwarden/common/platform/abstractions/messag
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { ValidationService } from "@bitwarden/common/platform/abstractions/validation.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
-import { SyncService } from "@bitwarden/common/platform/sync";
 import { PasswordStrengthServiceAbstraction } from "@bitwarden/common/tools/password-strength";
 import {
  AsyncActionsModule,
@@ -127,11 +127,11 @@ export class LoginComponent implements OnInit, OnDestroy {
    private policyService: InternalPolicyService,
    private registerRouteService: RegisterRouteService,
    private router: Router,
-    private syncService: SyncService,
    private toastService: ToastService,
    private logService: LogService,
    private validationService: ValidationService,
    private configService: ConfigService,
+    private loginSuccessHandlerService: LoginSuccessHandlerService,
  ) {
    this.clientType = this.platformUtilsService.getClientType();
  }
@@ -280,7 +280,7 @@ export class LoginComponent implements OnInit, OnDestroy {
      return;
    }

-    await this.syncService.fullSync(true);
+    await this.loginSuccessHandlerService.run(authResult.userId);

    if (authResult.forcePasswordReset != ForceSetPasswordReason.None) {
      this.loginEmailService.clearValues();