From c8bf64884d760cdfa01f829e38fee3a51a9edfd1 Mon Sep 17 00:00:00 2001
From: Todd Martin <tmartin@bitwarden.com>
Date: Tue, 27 May 2025 12:14:48 -0400
Subject: [PATCH] Moved token state to disk to persist through application
 close.

---
 libs/common/src/auth/services/token.service.ts    | 6 +++---
 libs/common/src/auth/services/token.state.spec.ts | 4 ++--
 libs/common/src/auth/services/token.state.ts      | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/libs/common/src/auth/services/token.service.ts b/libs/common/src/auth/services/token.service.ts
index 2c6883272c3..cc53d0d5fe2 100644
--- a/libs/common/src/auth/services/token.service.ts
+++ b/libs/common/src/auth/services/token.service.ts
@@ -42,7 +42,7 @@ import {
   EMAIL_TWO_FACTOR_TOKEN_RECORD_DISK_LOCAL,
   REFRESH_TOKEN_DISK,
   REFRESH_TOKEN_MEMORY,
-  SECURITY_STAMP_MEMORY,
+  SECURITY_STAMP_DISK,
 } from "./token.state";
 
 // FIXME: update to use a const object instead of a typescript enum
@@ -1045,7 +1045,7 @@ export class TokenService implements TokenServiceAbstraction {
       throw new Error("User id not found. Cannot get security stamp.");
     }
 
-    const securityStamp = await this.getStateValueByUserIdAndKeyDef(userId, SECURITY_STAMP_MEMORY);
+    const securityStamp = await this.getStateValueByUserIdAndKeyDef(userId, SECURITY_STAMP_DISK);
 
     return securityStamp;
   }
@@ -1058,7 +1058,7 @@ export class TokenService implements TokenServiceAbstraction {
     }
 
     await this.singleUserStateProvider
-      .get(userId, SECURITY_STAMP_MEMORY)
+      .get(userId, SECURITY_STAMP_DISK)
       .update((_) => securityStamp);
   }
 
diff --git a/libs/common/src/auth/services/token.state.spec.ts b/libs/common/src/auth/services/token.state.spec.ts
index bb82410fac1..532920a96eb 100644
--- a/libs/common/src/auth/services/token.state.spec.ts
+++ b/libs/common/src/auth/services/token.state.spec.ts
@@ -10,7 +10,7 @@ import {
   EMAIL_TWO_FACTOR_TOKEN_RECORD_DISK_LOCAL,
   REFRESH_TOKEN_DISK,
   REFRESH_TOKEN_MEMORY,
-  SECURITY_STAMP_MEMORY,
+  SECURITY_STAMP_DISK,
 } from "./token.state";
 
 describe.each([
@@ -23,7 +23,7 @@ describe.each([
   [API_KEY_CLIENT_ID_MEMORY, "apiKeyClientIdMemory"],
   [API_KEY_CLIENT_SECRET_DISK, "apiKeyClientSecretDisk"],
   [API_KEY_CLIENT_SECRET_MEMORY, "apiKeyClientSecretMemory"],
-  [SECURITY_STAMP_MEMORY, "securityStamp"],
+  [SECURITY_STAMP_DISK, "securityStamp"],
 ])(
   "deserializes state key definitions",
   (
diff --git a/libs/common/src/auth/services/token.state.ts b/libs/common/src/auth/services/token.state.ts
index 57d85f2a559..3911d0ae971 100644
--- a/libs/common/src/auth/services/token.state.ts
+++ b/libs/common/src/auth/services/token.state.ts
@@ -70,7 +70,7 @@ export const API_KEY_CLIENT_SECRET_MEMORY = new UserKeyDefinition<string>(
   },
 );
 
-export const SECURITY_STAMP_MEMORY = new UserKeyDefinition<string>(TOKEN_MEMORY, "securityStamp", {
+export const SECURITY_STAMP_DISK = new UserKeyDefinition<string>(TOKEN_DISK, "securityStamp", {
   deserializer: (securityStamp) => securityStamp,
   clearOn: ["logout"],
 });