diff --git a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts index b9bd23b12de..d776cd6ef07 100644 --- a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts +++ b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts @@ -21,7 +21,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; import { SdkClientFactory } from "@bitwarden/common/platform/abstractions/sdk/sdk-client-factory"; import { SdkLoadService } from "@bitwarden/common/platform/abstractions/sdk/sdk-load.service"; -import { asUuid } from "@bitwarden/common/platform/abstractions/sdk/sdk.service"; +import { asUuid, SdkService } from "@bitwarden/common/platform/abstractions/sdk/sdk.service"; import { EncryptionType, HashPurpose } from "@bitwarden/common/platform/enums"; import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key"; import { SendService } from "@bitwarden/common/tools/send/services/send.service.abstraction"; @@ -38,6 +38,10 @@ import { KeyRotationTrustInfoComponent, } from "@bitwarden/key-management-ui"; import { PureCrypto, TokenProvider } from "@bitwarden/sdk-internal"; +import { + UserKeyRotationService as SdkUserKeyRotationService, + UserKeyRotationServiceAbstraction, +} from "@bitwarden/user-crypto-management"; import { OrganizationUserResetPasswordService } from "../../admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service"; import { WebauthnLoginAdminService } from "../../auth/core"; @@ -99,6 +103,7 @@ export class UserKeyRotationService { private kdfConfigService: KdfConfigService, private sdkClientFactory: SdkClientFactory, private securityStateService: SecurityStateService, + private sdkService: SdkService, ) {} /** @@ -114,6 +119,32 @@ export class UserKeyRotationService { user: Account, newMasterPasswordHint?: string, ): Promise { + // Check if SDK-based key rotation is enabled + const useSdkKeyRotation = await this.configService.getFeatureFlag(FeatureFlag.SdkKeyRotation); + + if (useSdkKeyRotation) { + this.logService.info( + "[UserKey Rotation] Using SDK-based key rotation service from user-crypto-management", + ); + const sdkUserKeyRotationService: UserKeyRotationServiceAbstraction = + new SdkUserKeyRotationService(this.sdkService, this.logService, this.dialogService); + await sdkUserKeyRotationService.changePasswordAndRotateUserKey( + currentMasterPassword, + newMasterPassword, + newMasterPasswordHint, + user.id, + ); + this.toastService.showToast({ + variant: "success", + title: this.i18nService.t("rotationCompletedTitle"), + message: this.i18nService.t("rotationCompletedDesc"), + timeout: 15000, + }); + + await this.logoutService.logout(user.id); + return; + } + // Key-rotation uses the SDK, so we need to ensure that the SDK is loaded / the WASM initialized. await SdkLoadService.Ready; diff --git a/libs/common/src/enums/feature-flag.enum.ts b/libs/common/src/enums/feature-flag.enum.ts index e5c29636585..6db55e7334d 100644 --- a/libs/common/src/enums/feature-flag.enum.ts +++ b/libs/common/src/enums/feature-flag.enum.ts @@ -38,6 +38,7 @@ export enum FeatureFlag { PrivateKeyRegeneration = "pm-12241-private-key-regeneration", EnrollAeadOnKeyRotation = "enroll-aead-on-key-rotation", ForceUpdateKDFSettings = "pm-18021-force-update-kdf-settings", + SdkKeyRotation = "sdk-key-rotation", PM25174_DisableType0Decryption = "pm-25174-disable-type-0-decryption", LinuxBiometricsV2 = "pm-26340-linux-biometrics-v2", UnlockWithMasterPasswordUnlockData = "pm-23246-unlock-with-master-password-unlock-data", @@ -146,6 +147,7 @@ export const DefaultFeatureFlagValue = { [FeatureFlag.PrivateKeyRegeneration]: FALSE, [FeatureFlag.EnrollAeadOnKeyRotation]: FALSE, [FeatureFlag.ForceUpdateKDFSettings]: FALSE, + [FeatureFlag.SdkKeyRotation]: FALSE, [FeatureFlag.PM25174_DisableType0Decryption]: FALSE, [FeatureFlag.LinuxBiometricsV2]: FALSE, [FeatureFlag.UnlockWithMasterPasswordUnlockData]: FALSE, diff --git a/libs/user-crypto-management/src/index.ts b/libs/user-crypto-management/src/index.ts index 4d0b867579a..cc3cd58300b 100644 --- a/libs/user-crypto-management/src/index.ts +++ b/libs/user-crypto-management/src/index.ts @@ -1,2 +1,3 @@ export { DefaultUserKeyRotationService as UserKeyRotationService } from "./user-key-rotation.service"; export { UserKeyRotationService as UserKeyRotationServiceAbstraction } from "./user-key-rotation.service.abstraction"; +export { UserCryptoManagementModule } from "./user-crypto-management.module"; diff --git a/libs/user-crypto-management/src/user-crypto-management.module.ts b/libs/user-crypto-management/src/user-crypto-management.module.ts new file mode 100644 index 00000000000..8eb59ebd313 --- /dev/null +++ b/libs/user-crypto-management/src/user-crypto-management.module.ts @@ -0,0 +1,25 @@ +import { NgModule } from "@angular/core"; + +import { SdkService } from "@bitwarden/common/platform/abstractions/sdk/sdk.service"; +import { DialogService } from "@bitwarden/components"; +import { LogService } from "@bitwarden/logging"; +import { safeProvider } from "@bitwarden/ui-common"; + +import { DefaultUserKeyRotationService } from "./user-key-rotation.service"; +import { UserKeyRotationService } from "./user-key-rotation.service.abstraction"; + +/** + * Angular module that provides user crypto management services. + * This module handles key rotation and trust verification for organizations + * and emergency access users. + */ +@NgModule({ + providers: [ + safeProvider({ + provide: UserKeyRotationService, + useClass: DefaultUserKeyRotationService, + deps: [SdkService, LogService, DialogService], + }), + ], +}) +export class UserCryptoManagementModule {}