Specify clearOn options for platform services (#8584)

* Use UserKeys in biometric state * Remove global clear todo. Answer is never * User UserKeys in crypto state * Clear userkey on both lock and logout via User Key Definitions * Use UserKeyDefinitions in environment service * Rely on userKeyDefinition to clear org keys * Rely on userKeyDefinition to clear provider keys * Rely on userKeyDefinition to clear user keys * Rely on userKeyDefinitions to clear user asym key pair
2025-12-15 15:53:27 +00:00 · 2024-04-09 10:17:00 -05:00
parent aefea43fff
commit c02723d6a6
15 changed files with 169 additions and 365 deletions
--- a/libs/common/src/platform/abstractions/crypto.service.ts
+++ b/libs/common/src/platform/abstractions/crypto.service.ts
@@ -26,7 +26,7 @@ export abstract class CryptoService {
   * any other necessary versions (such as auto, biometrics,
   * or pin)
   *
-   * @throws when key is null. Use {@link clearUserKey} instead
+   * @throws when key is null. Lock the account to clear a key
   * @param key The user key to set
   * @param userId The desired user
   */
@@ -93,13 +93,6 @@ export abstract class CryptoService {
   * @returns A new user key and the master key protected version of it
   */
  abstract makeUserKey(key: MasterKey): Promise<[UserKey, EncString]>;
-  /**
-   * Clears the user key
-   * @param clearStoredKeys Clears all stored versions of the user keys as well,
-   * such as the biometrics key
-   * @param userId The desired user
-   */
-  abstract clearUserKey(clearSecretStorage?: boolean, userId?: string): Promise<void>;
  /**
   * Clears the user's stored version of the user key
   * @param keySuffix The desired version of the key to clear
@@ -238,12 +231,6 @@ export abstract class CryptoService {
  abstract makeDataEncKey<T extends UserKey | OrgKey>(
    key: T,
  ): Promise<[SymmetricCryptoKey, EncString]>;
-  /**
-   * Clears the user's stored organization keys
-   * @param memoryOnly Clear only the in-memory keys
-   * @param userId The desired user
-   */
-  abstract clearOrgKeys(memoryOnly?: boolean, userId?: string): Promise<void>;
  /**
   * Stores the encrypted provider keys and clears any decrypted
   * provider keys currently in memory
@@ -260,11 +247,6 @@ export abstract class CryptoService {
   * @returns A record of the provider Ids to their symmetric keys
   */
  abstract getProviderKeys(): Promise<Record<ProviderId, ProviderKey>>;
-  /**
-   * @param memoryOnly Clear only the in-memory keys
-   * @param userId The desired user
-   */
-  abstract clearProviderKeys(memoryOnly?: boolean, userId?: string): Promise<void>;
  /**
   * Returns the public key from memory. If not available, extracts it
   * from the private key and stores it in memory
@@ -304,12 +286,6 @@ export abstract class CryptoService {
   * @returns A new keypair: [publicKey in Base64, encrypted privateKey]
   */
  abstract makeKeyPair(key?: SymmetricCryptoKey): Promise<[string, EncString]>;
-  /**
-   * Clears the user's key pair
-   * @param memoryOnly Clear only the in-memory keys
-   * @param userId The desired user
-   */
-  abstract clearKeyPair(memoryOnly?: boolean, userId?: string): Promise<void[]>;
  /**
   * @param pin The user's pin
   * @param salt The user's salt