[PM-6789] finish key rotation distribution and fix legacy user (#9498)

* finish key rotation distribution and fix legacy user * add ticket to TODO * PR feedback: docs and renaming * fix webauthn tests * add test for send service * add await to test
2025-12-17 16:53:34 +00:00 · 2024-06-20 11:36:24 -04:00
parent eadb1fa4ef
commit b306554675
23 changed files with 516 additions and 196 deletions
--- a/libs/auth/src/common/abstractions/index.ts
+++ b/libs/auth/src/common/abstractions/index.ts
@@ -3,3 +3,4 @@ export * from "./login-email.service";
 export * from "./login-strategy.service";
 export * from "./user-decryption-options.service.abstraction";
 export * from "./auth-request.service.abstraction";
+export * from "./user-key-rotation-data-provider.abstraction";
--- a/libs/auth/src/common/abstractions/user-key-rotation-data-provider.abstraction.ts
+++ b/libs/auth/src/common/abstractions/user-key-rotation-data-provider.abstraction.ts
@@ -0,0 +1,23 @@
+import { UserId } from "@bitwarden/common/types/guid";
+import { UserKey } from "@bitwarden/common/types/key";
+
+/**
+ * Constructs key rotation requests for data encryption by the user key.
+ * @typeparam TRequest A request model that contains re-encrypted data, must have an id property
+ */
+export interface UserKeyRotationDataProvider<
+  TRequest extends { id: string } | { organizationId: string },
+> {
+  /**
+   * Provides re-encrypted data for the user key rotation process
+   * @param originalUserKey The original user key, useful for decrypting data
+   * @param newUserKey The new user key to use for re-encryption
+   * @param userId The owner of the data, useful for fetching data
+   * @returns A list of data that has been re-encrypted with the new user key
+   */
+  getRotatedData(
+    originalUserKey: UserKey,
+    newUserKey: UserKey,
+    userId: UserId,
+  ): Promise<TRequest[]>;
+}