mirror of
https://github.com/bitwarden/browser
synced 2025-12-11 13:53:34 +00:00
avoid using the SDK to decrypt attachments for emergency access (#16293)
- The SDK does not have emergency access functionality built in at this point.
This commit is contained in:
Nick Krantz
GitHub
@@ -257,6 +257,10 @@ export abstract class CipherService implements UserKeyRotationDataProvider<Ciphe
|
|||||||
* @param attachment The attachment view object
|
* @param attachment The attachment view object
|
||||||
* @param response The response object containing the encrypted content
|
* @param response The response object containing the encrypted content
|
||||||
* @param userId The user ID whose key will be used for decryption
|
* @param userId The user ID whose key will be used for decryption
|
||||||
|
* @param useLegacyDecryption When true, forces the use of the legacy decryption method
|
||||||
|
* even when the SDK feature is enabled. This is helpful for domains of
|
||||||
|
* the application that have yet to be moved into the SDK, i.e. emergency access.
|
||||||
|
* TODO: PM-25469 - this should be obsolete once emergency access is moved to the SDK.
|
||||||
*
|
*
|
||||||
* @returns A promise that resolves to the decrypted content
|
* @returns A promise that resolves to the decrypted content
|
||||||
*/
|
*/
|
||||||
@@ -265,6 +269,7 @@ export abstract class CipherService implements UserKeyRotationDataProvider<Ciphe
|
|||||||
attachment: AttachmentView,
|
attachment: AttachmentView,
|
||||||
response: Response,
|
response: Response,
|
||||||
userId: UserId,
|
userId: UserId,
|
||||||
|
useLegacyDecryption?: boolean,
|
||||||
): Promise<Uint8Array | null>;
|
): Promise<Uint8Array | null>;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -1544,11 +1544,13 @@ export class CipherService implements CipherServiceAbstraction {
|
|||||||
return encryptedCiphers;
|
return encryptedCiphers;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** @inheritdoc */
|
||||||
async getDecryptedAttachmentBuffer(
|
async getDecryptedAttachmentBuffer(
|
||||||
cipherId: CipherId,
|
cipherId: CipherId,
|
||||||
attachment: AttachmentView,
|
attachment: AttachmentView,
|
||||||
response: Response,
|
response: Response,
|
||||||
userId: UserId,
|
userId: UserId,
|
||||||
|
useLegacyDecryption?: boolean,
|
||||||
): Promise<Uint8Array> {
|
): Promise<Uint8Array> {
|
||||||
const useSdkDecryption = await this.configService.getFeatureFlag(
|
const useSdkDecryption = await this.configService.getFeatureFlag(
|
||||||
FeatureFlag.PM19941MigrateCipherDomainToSdk,
|
FeatureFlag.PM19941MigrateCipherDomainToSdk,
|
||||||
@@ -1558,7 +1560,7 @@ export class CipherService implements CipherServiceAbstraction {
|
|||||||
this.ciphers$(userId).pipe(map((ciphersData) => new Cipher(ciphersData[cipherId]))),
|
this.ciphers$(userId).pipe(map((ciphersData) => new Cipher(ciphersData[cipherId]))),
|
||||||
);
|
);
|
||||||
|
|
||||||
if (useSdkDecryption) {
|
if (useSdkDecryption && !useLegacyDecryption) {
|
||||||
const encryptedContent = await response.arrayBuffer();
|
const encryptedContent = await response.arrayBuffer();
|
||||||
return this.cipherEncryptionService.decryptAttachmentContent(
|
return this.cipherEncryptionService.decryptAttachmentContent(
|
||||||
cipherDomain,
|
cipherDomain,
|
||||||
|
|||||||
@@ -92,6 +92,9 @@ export class DownloadAttachmentComponent {
|
|||||||
this.attachment,
|
this.attachment,
|
||||||
response,
|
response,
|
||||||
userId,
|
userId,
|
||||||
|
// When the emergency access ID is present, the cipher is being viewed via emergency access.
|
||||||
|
// Force legacy decryption in these cases.
|
||||||
|
this.emergencyAccessId ? true : false,
|
||||||
);
|
);
|
||||||
|
|
||||||
this.fileDownloadService.download({
|
this.fileDownloadService.download({
|
||||||
|
|||||||
Reference in New Issue
Block a user