Cleanup and deprecate more functions

libs/common/src/key-management/master-password/services/master-password.service.spec.ts

@@ -2,6 +2,7 @@ import { mock, MockProxy } from "jest-mock-extended";
 import { of } from "rxjs";
 import * as rxjs from "rxjs";
 
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { SdkLoadService } from "@bitwarden/common/platform/abstractions/sdk/sdk-load.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 // eslint-disable-next-line no-restricted-imports
@@ -32,6 +33,7 @@ describe("MasterPasswordService", () => {
   let encryptService: MockProxy<EncryptService>;
   let logService: MockProxy<LogService>;
   let cryptoFunctionService: MockProxy<CryptoFunctionService>;
+  let accountService: MockProxy<AccountService>;
 
   const userId = "user-id" as UserId;
   const mockUserState = {
@@ -54,6 +56,7 @@ describe("MasterPasswordService", () => {
     encryptService = mock<EncryptService>();
     logService = mock<LogService>();
     cryptoFunctionService = mock<CryptoFunctionService>();
+    accountService = mock<AccountService>();
 
     stateProvider.getUser.mockReturnValue(mockUserState as any);
 
@@ -66,6 +69,7 @@ describe("MasterPasswordService", () => {
       encryptService,
       logService,
       cryptoFunctionService,
+      accountService,
     );
 
     encryptService.unwrapSymmetricKey.mockResolvedValue(makeSymmetricCryptoKey(64, 1));

libs/common/src/key-management/master-password/services/master-password.service.ts

@@ -2,6 +2,8 @@
 // @ts-strict-ignore
 import { firstValueFrom, map, Observable } from "rxjs";
 
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { assertNonNullish } from "@bitwarden/common/auth/utils";
 import { SdkLoadService } from "@bitwarden/common/platform/abstractions/sdk/sdk-load.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 // eslint-disable-next-line no-restricted-imports
@@ -74,8 +76,17 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr
     private encryptService: EncryptService,
     private logService: LogService,
     private cryptoFunctionService: CryptoFunctionService,
+    private accountService: AccountService,
   ) {}
 
+  saltForUser$(userId: UserId): Observable<MasterPasswordSalt> {
+    assertNonNullish(userId, "userId");
+    return this.accountService.accounts$.pipe(
+      map((accounts) => accounts[userId].email),
+      map((email) => this.emailToSalt(email)),
+    );
+  }
+
   masterKey$(userId: UserId): Observable<MasterKey> {
     if (userId == null) {
       throw new Error("User ID is required.");
@@ -227,15 +238,12 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr
     kdf: KdfConfig,
     salt: MasterPasswordSalt,
   ): Promise<MasterPasswordAuthenticationData> {
-    if (password == null) {
-      throw new Error("Password is required.");
-    }
-    if (kdf == null) {
-      throw new Error("KDF configuration is required.");
-    }
-    if (salt == null) {
-      throw new Error("Salt is required.");
-    }
+    assertNonNullish(password, "password");
+    assertNonNullish(kdf, "kdf");
+    assertNonNullish(salt, "salt");
+
+    // We don't trust callers to use masterpasswordsalt correctly. They may type assert incorrectly.
+    salt = salt.toLowerCase().trim() as MasterPasswordSalt;
 
     const SERVER_AUTHENTICATION_HASH_ITERATIONS = 1;
 
@@ -267,18 +275,13 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr
     salt: MasterPasswordSalt,
     userKey: UserKey,
   ): Promise<MasterPasswordUnlockData> {
-    if (password == null) {
-      throw new Error("Password is required.");
-    }
-    if (kdf == null) {
-      throw new Error("KDF configuration is required.");
-    }
-    if (salt == null) {
-      throw new Error("Salt is required.");
-    }
-    if (userKey == null) {
-      throw new Error("User key is required.");
-    }
+    assertNonNullish(password, "password");
+    assertNonNullish(kdf, "kdf");
+    assertNonNullish(salt, "salt");
+    assertNonNullish(userKey, "userKey");
+
+    // We don't trust callers to use masterpasswordsalt correctly. They may type assert incorrectly.
+    salt = salt.toLowerCase().trim() as MasterPasswordSalt;
 
     await SdkLoadService.Ready;
     const masterKeyWrappedUserKey = new EncString(
@@ -300,12 +303,8 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr
     password: string,
     masterPasswordUnlockData: MasterPasswordUnlockData,
   ): Promise<UserKey> {
-    if (password == null) {
-      throw new Error("Password is required.");
-    }
-    if (masterPasswordUnlockData == null) {
-      throw new Error("Master password unlock data is required.");
-    }
+    assertNonNullish(password, "password");
+    assertNonNullish(masterPasswordUnlockData, "masterPasswordUnlockData");
 
     await SdkLoadService.Ready;
     const userKey = new SymmetricCryptoKey(

libs/common/src/types/key.ts

@@ -6,6 +6,7 @@ import { SymmetricCryptoKey } from "../platform/models/domain/symmetric-crypto-k
 export type DeviceKey = Opaque<SymmetricCryptoKey, "DeviceKey">;
 export type PrfKey = Opaque<SymmetricCryptoKey, "PrfKey">;
 export type UserKey = Opaque<SymmetricCryptoKey, "UserKey">;
+/** @deprecated Interacting with the master key directly is prohibited. Use a high level function from MasterPasswordService instead. */
 export type MasterKey = Opaque<SymmetricCryptoKey, "MasterKey">;
 export type PinKey = Opaque<SymmetricCryptoKey, "PinKey">;
 export type OrgKey = Opaque<SymmetricCryptoKey, "OrgKey">;