[PM-22408] Remove setMasterKeyEncryptedUserKey from KeyService (#15087)

* Swap consumers to masterPasswordService.setMasterKeyEncryptedUserKey * Remove setMasterKeyEncryptedUserKey from keyService * unit tests
2025-12-17 16:53:34 +00:00 · 2025-06-11 15:48:18 -05:00
parent f30d6f0105
commit c52e6a3f2c
19 changed files with 195 additions and 42 deletions
--- a/libs/auth/src/common/login-strategies/auth-request-login.strategy.spec.ts
+++ b/libs/auth/src/common/login-strategies/auth-request-login.strategy.spec.ts
@@ -166,7 +166,7 @@ describe("AuthRequestLoginStrategy", () => {
      decMasterKeyHash,
      mockUserId,
    );
-    expect(keyService.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(
+    expect(masterPasswordService.mock.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(
      tokenResponse.key,
      mockUserId,
    );
@@ -194,7 +194,7 @@ describe("AuthRequestLoginStrategy", () => {
    expect(masterPasswordService.mock.setMasterKeyHash).not.toHaveBeenCalled();

    // setMasterKeyEncryptedUserKey, setUserKey, and setPrivateKey should still be called
-    expect(keyService.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(
+    expect(masterPasswordService.mock.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(
      tokenResponse.key,
      mockUserId,
    );
--- a/libs/auth/src/common/login-strategies/auth-request-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/auth-request-login.strategy.ts
@@ -95,7 +95,9 @@ export class AuthRequestLoginStrategy extends LoginStrategy {
    const authRequestCredentials = this.cache.value.authRequestCredentials;
    // User now may or may not have a master password
    // but set the master key encrypted user key if it exists regardless
-    await this.keyService.setMasterKeyEncryptedUserKey(response.key, userId);
+    if (response.key) {
+      await this.masterPasswordService.setMasterKeyEncryptedUserKey(response.key, userId);
+    }

    if (authRequestCredentials.decryptedUserKey) {
      await this.keyService.setUserKey(authRequestCredentials.decryptedUserKey, userId);
--- a/libs/auth/src/common/login-strategies/password-login.strategy.spec.ts
+++ b/libs/auth/src/common/login-strategies/password-login.strategy.spec.ts
@@ -202,7 +202,10 @@ describe("PasswordLoginStrategy", () => {
      localHashedPassword,
      userId,
    );
-    expect(keyService.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(tokenResponse.key, userId);
+    expect(masterPasswordService.mock.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(
+      tokenResponse.key,
+      userId,
+    );
    expect(keyService.setUserKey).toHaveBeenCalledWith(userKey, userId);
    expect(keyService.setPrivateKey).toHaveBeenCalledWith(tokenResponse.privateKey, userId);
  });
--- a/libs/auth/src/common/login-strategies/password-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/password-login.strategy.ts
@@ -126,7 +126,10 @@ export class PasswordLoginStrategy extends LoginStrategy {
    if (this.encryptionKeyMigrationRequired(response)) {
      return;
    }
-    await this.keyService.setMasterKeyEncryptedUserKey(response.key, userId);
+
+    if (response.key) {
+      await this.masterPasswordService.setMasterKeyEncryptedUserKey(response.key, userId);
+    }

    const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId));
    if (masterKey) {
--- a/libs/auth/src/common/login-strategies/sso-login.strategy.spec.ts
+++ b/libs/auth/src/common/login-strategies/sso-login.strategy.spec.ts
@@ -196,8 +196,11 @@ describe("SsoLoginStrategy", () => {
    await ssoLoginStrategy.logIn(credentials);

    // Assert
-    expect(keyService.setMasterKeyEncryptedUserKey).toHaveBeenCalledTimes(1);
-    expect(keyService.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(tokenResponse.key, userId);
+    expect(masterPasswordService.mock.setMasterKeyEncryptedUserKey).toHaveBeenCalledTimes(1);
+    expect(masterPasswordService.mock.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(
+      tokenResponse.key,
+      userId,
+    );
  });

  describe("Trusted Device Decryption", () => {
--- a/libs/auth/src/common/login-strategies/sso-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/sso-login.strategy.ts
@@ -185,7 +185,10 @@ export class SsoLoginStrategy extends LoginStrategy {

    if (masterKeyEncryptedUserKey) {
      // set the master key encrypted user key if it exists
-      await this.keyService.setMasterKeyEncryptedUserKey(masterKeyEncryptedUserKey, userId);
+      await this.masterPasswordService.setMasterKeyEncryptedUserKey(
+        masterKeyEncryptedUserKey,
+        userId,
+      );
    }

    const userDecryptionOptions = tokenResponse?.userDecryptionOptions;
--- a/libs/auth/src/common/login-strategies/user-api-login.strategy.spec.ts
+++ b/libs/auth/src/common/login-strategies/user-api-login.strategy.spec.ts
@@ -176,7 +176,10 @@ describe("UserApiLoginStrategy", () => {

    await apiLogInStrategy.logIn(credentials);

-    expect(keyService.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(tokenResponse.key, userId);
+    expect(masterPasswordService.mock.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(
+      tokenResponse.key,
+      userId,
+    );
    expect(keyService.setPrivateKey).toHaveBeenCalledWith(tokenResponse.privateKey, userId);
  });

--- a/libs/auth/src/common/login-strategies/user-api-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/user-api-login.strategy.ts
@@ -63,7 +63,9 @@ export class UserApiLoginStrategy extends LoginStrategy {
    response: IdentityTokenResponse,
    userId: UserId,
  ): Promise<void> {
-    await this.keyService.setMasterKeyEncryptedUserKey(response.key, userId);
+    if (response.key) {
+      await this.masterPasswordService.setMasterKeyEncryptedUserKey(response.key, userId);
+    }

    if (response.apiUseKeyConnector) {
      const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId));
--- a/libs/auth/src/common/login-strategies/webauthn-login.strategy.spec.ts
+++ b/libs/auth/src/common/login-strategies/webauthn-login.strategy.spec.ts
@@ -237,8 +237,8 @@ describe("WebAuthnLoginStrategy", () => {

    // Assert
    // Master key encrypted user key should be set
-    expect(keyService.setMasterKeyEncryptedUserKey).toHaveBeenCalledTimes(1);
-    expect(keyService.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(
+    expect(masterPasswordService.mock.setMasterKeyEncryptedUserKey).toHaveBeenCalledTimes(1);
+    expect(masterPasswordService.mock.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(
      idTokenResponse.key,
      userId,
    );
--- a/libs/auth/src/common/login-strategies/webauthn-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/webauthn-login.strategy.ts
@@ -66,7 +66,10 @@ export class WebAuthnLoginStrategy extends LoginStrategy {

    if (masterKeyEncryptedUserKey) {
      // set the master key encrypted user key if it exists
-      await this.keyService.setMasterKeyEncryptedUserKey(masterKeyEncryptedUserKey, userId);
+      await this.masterPasswordService.setMasterKeyEncryptedUserKey(
+        masterKeyEncryptedUserKey,
+        userId,
+      );
    }

    const userDecryptionOptions = idTokenResponse?.userDecryptionOptions;