[PM-5963] Fix tde offboarding vault corruption (#9480)

* Fix tde offboarding * Add tde offboarding password request * Add event for tde offboarding * Update libs/auth/src/common/models/domain/user-decryption-options.ts Co-authored-by: Jake Fink <jfink@bitwarden.com> * Update libs/common/src/services/api.service.ts Co-authored-by: Jake Fink <jfink@bitwarden.com> * Make tde offboarding take priority * Update tde offboarding message * Fix unit tests * Fix unit tests * Fix typo * Fix unit tests --------- Co-authored-by: Jake Fink <jfink@bitwarden.com>
2025-12-14 07:13:32 +00:00 · 2024-08-02 01:48:09 +02:00
parent d26ea1be5f
commit c6229abd12
19 changed files with 94 additions and 17 deletions
--- a/libs/common/src/auth/models/domain/force-set-password-reason.ts
+++ b/libs/common/src/auth/models/domain/force-set-password-reason.ts
@@ -26,4 +26,9 @@ export enum ForceSetPasswordReason {
   * Set post login & decryption client side and by server in sync (to catch logged in users).
   */
  TdeUserWithoutPasswordHasPasswordResetPermission,
+
+  /**
+   * Occurs when TDE is disabled and master password has to be set.
+   */
+  TdeOffboarding,
 }
--- a/libs/common/src/auth/models/request/update-tde-offboarding-password.request.ts
+++ b/libs/common/src/auth/models/request/update-tde-offboarding-password.request.ts
@@ -0,0 +1,5 @@
+import { OrganizationUserResetPasswordRequest } from "../../../admin-console/abstractions/organization-user/requests";
+
+export class UpdateTdeOffboardingPasswordRequest extends OrganizationUserResetPasswordRequest {
+  masterPasswordHint: string;
+}
--- a/libs/common/src/auth/models/response/user-decryption-options/trusted-device-user-decryption-option.response.ts
+++ b/libs/common/src/auth/models/response/user-decryption-options/trusted-device-user-decryption-option.response.ts
@@ -5,6 +5,7 @@ export interface ITrustedDeviceUserDecryptionOptionServerResponse {
  HasAdminApproval: boolean;
  HasLoginApprovingDevice: boolean;
  HasManageResetPasswordPermission: boolean;
+  IsTdeOffboarding: boolean;
  EncryptedPrivateKey?: string;
  EncryptedUserKey?: string;
 }
@@ -13,6 +14,7 @@ export class TrustedDeviceUserDecryptionOptionResponse extends BaseResponse {
  hasAdminApproval: boolean;
  hasLoginApprovingDevice: boolean;
  hasManageResetPasswordPermission: boolean;
+  isTdeOffboarding: boolean;
  encryptedPrivateKey: EncString;
  encryptedUserKey: EncString;

@@ -25,6 +27,8 @@ export class TrustedDeviceUserDecryptionOptionResponse extends BaseResponse {
      "HasManageResetPasswordPermission",
    );

+    this.isTdeOffboarding = this.getResponseProperty("IsTdeOffboarding");
+
    if (response.EncryptedPrivateKey) {
      this.encryptedPrivateKey = new EncString(this.getResponseProperty("EncryptedPrivateKey"));
    }