Feature flag

2026-01-31 00:33:33 +00:00 · 2026-01-09 13:23:43 +01:00
parent 0fc53d6277
commit ae7282f706
4 changed files with 60 additions and 1 deletions
--- a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts
+++ b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts
@@ -21,7 +21,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { SdkClientFactory } from "@bitwarden/common/platform/abstractions/sdk/sdk-client-factory";
 import { SdkLoadService } from "@bitwarden/common/platform/abstractions/sdk/sdk-load.service";
-import { asUuid } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
+import { asUuid, SdkService } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
 import { EncryptionType, HashPurpose } from "@bitwarden/common/platform/enums";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction";
@@ -38,6 +38,10 @@ import {
  KeyRotationTrustInfoComponent,
 } from "@bitwarden/key-management-ui";
 import { PureCrypto, TokenProvider } from "@bitwarden/sdk-internal";
+import {
+  UserKeyRotationService as SdkUserKeyRotationService,
+  UserKeyRotationServiceAbstraction,
+} from "@bitwarden/user-crypto-management";

 import { OrganizationUserResetPasswordService } from "../../admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service";
 import { WebauthnLoginAdminService } from "../../auth/core";
@@ -99,6 +103,7 @@ export class UserKeyRotationService {
    private kdfConfigService: KdfConfigService,
    private sdkClientFactory: SdkClientFactory,
    private securityStateService: SecurityStateService,
+    private sdkService: SdkService,
  ) {}

  /**
@@ -114,6 +119,32 @@ export class UserKeyRotationService {
    user: Account,
    newMasterPasswordHint?: string,
  ): Promise<void> {
+    // Check if SDK-based key rotation is enabled
+    const useSdkKeyRotation = await this.configService.getFeatureFlag(FeatureFlag.SdkKeyRotation);
+
+    if (useSdkKeyRotation) {
+      this.logService.info(
+        "[UserKey Rotation] Using SDK-based key rotation service from user-crypto-management",
+      );
+      const sdkUserKeyRotationService: UserKeyRotationServiceAbstraction =
+        new SdkUserKeyRotationService(this.sdkService, this.logService, this.dialogService);
+      await sdkUserKeyRotationService.changePasswordAndRotateUserKey(
+        currentMasterPassword,
+        newMasterPassword,
+        newMasterPasswordHint,
+        user.id,
+      );
+      this.toastService.showToast({
+        variant: "success",
+        title: this.i18nService.t("rotationCompletedTitle"),
+        message: this.i18nService.t("rotationCompletedDesc"),
+        timeout: 15000,
+      });
+
+      await this.logoutService.logout(user.id);
+      return;
+    }
+
    // Key-rotation uses the SDK, so we need to ensure that the SDK is loaded / the WASM initialized.
    await SdkLoadService.Ready;

--- a/libs/common/src/enums/feature-flag.enum.ts
+++ b/libs/common/src/enums/feature-flag.enum.ts
@@ -38,6 +38,7 @@ export enum FeatureFlag {
  PrivateKeyRegeneration = "pm-12241-private-key-regeneration",
  EnrollAeadOnKeyRotation = "enroll-aead-on-key-rotation",
  ForceUpdateKDFSettings = "pm-18021-force-update-kdf-settings",
+  SdkKeyRotation = "sdk-key-rotation",
  PM25174_DisableType0Decryption = "pm-25174-disable-type-0-decryption",
  LinuxBiometricsV2 = "pm-26340-linux-biometrics-v2",
  UnlockWithMasterPasswordUnlockData = "pm-23246-unlock-with-master-password-unlock-data",
@@ -146,6 +147,7 @@ export const DefaultFeatureFlagValue = {
  [FeatureFlag.PrivateKeyRegeneration]: FALSE,
  [FeatureFlag.EnrollAeadOnKeyRotation]: FALSE,
  [FeatureFlag.ForceUpdateKDFSettings]: FALSE,
+  [FeatureFlag.SdkKeyRotation]: FALSE,
  [FeatureFlag.PM25174_DisableType0Decryption]: FALSE,
  [FeatureFlag.LinuxBiometricsV2]: FALSE,
  [FeatureFlag.UnlockWithMasterPasswordUnlockData]: FALSE,
--- a/libs/user-crypto-management/src/index.ts
+++ b/libs/user-crypto-management/src/index.ts
@@ -1,2 +1,3 @@
 export { DefaultUserKeyRotationService as UserKeyRotationService } from "./user-key-rotation.service";
 export { UserKeyRotationService as UserKeyRotationServiceAbstraction } from "./user-key-rotation.service.abstraction";
+export { UserCryptoManagementModule } from "./user-crypto-management.module";
--- a/libs/user-crypto-management/src/user-crypto-management.module.ts
+++ b/libs/user-crypto-management/src/user-crypto-management.module.ts
@@ -0,0 +1,25 @@
+import { NgModule } from "@angular/core";
+
+import { SdkService } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
+import { DialogService } from "@bitwarden/components";
+import { LogService } from "@bitwarden/logging";
+import { safeProvider } from "@bitwarden/ui-common";
+
+import { DefaultUserKeyRotationService } from "./user-key-rotation.service";
+import { UserKeyRotationService } from "./user-key-rotation.service.abstraction";
+
+/**
+ * Angular module that provides user crypto management services.
+ * This module handles key rotation and trust verification for organizations
+ * and emergency access users.
+ */
+@NgModule({
+  providers: [
+    safeProvider({
+      provide: UserKeyRotationService,
+      useClass: DefaultUserKeyRotationService,
+      deps: [SdkService, LogService, DialogService],
+    }),
+  ],
+})
+export class UserCryptoManagementModule {}