[EC-499] Add encryptService to domain model decryption (#3385)

Co-authored-by: Matt Gibson <mgibson@bitwarden.com>
2025-12-28 06:03:40 +00:00 · 2022-09-02 11:15:19 +10:00
parent 063acfef40
commit cff2422d7f
14 changed files with 231 additions and 106 deletions
--- a/libs/common/spec/models/domain/attachment.spec.ts
+++ b/libs/common/spec/models/domain/attachment.spec.ts
@@ -1,8 +1,10 @@
-import Substitute, { Arg } from "@fluffy-spoon/substitute";
+import { mock, MockProxy } from "jest-mock-extended";

+import { AbstractEncryptService } from "@bitwarden/common/abstractions/abstractEncrypt.service";
 import { CryptoService } from "@bitwarden/common/abstractions/crypto.service";
 import { AttachmentData } from "@bitwarden/common/models/data/attachmentData";
 import { Attachment } from "@bitwarden/common/models/domain/attachment";
+import { EncString } from "@bitwarden/common/models/domain/encString";
 import { SymmetricCryptoKey } from "@bitwarden/common/models/domain/symmetricCryptoKey";
 import { ContainerService } from "@bitwarden/common/services/container.service";

@@ -54,30 +56,79 @@ describe("Attachment", () => {
    expect(attachment.toAttachmentData()).toEqual(data);
  });

-  it("Decrypt", async () => {
-    const attachment = new Attachment();
-    attachment.id = "id";
-    attachment.url = "url";
-    attachment.size = "1100";
-    attachment.sizeName = "1.1 KB";
-    attachment.key = mockEnc("key");
-    attachment.fileName = mockEnc("fileName");
+  describe("decrypt", () => {
+    let cryptoService: MockProxy<CryptoService>;
+    let encryptService: MockProxy<AbstractEncryptService>;

-    const cryptoService = Substitute.for<CryptoService>();
-    cryptoService.getOrgKey(null).resolves(null);
-    cryptoService.decryptToBytes(Arg.any(), Arg.any()).resolves(makeStaticByteArray(32));
+    beforeEach(() => {
+      cryptoService = mock<CryptoService>();
+      encryptService = mock<AbstractEncryptService>();

-    (window as any).bitwardenContainerService = new ContainerService(cryptoService);
+      (window as any).bitwardenContainerService = new ContainerService(
+        cryptoService,
+        encryptService
+      );
+    });

-    const view = await attachment.decrypt(null);
+    it("expected output", async () => {
+      const attachment = new Attachment();
+      attachment.id = "id";
+      attachment.url = "url";
+      attachment.size = "1100";
+      attachment.sizeName = "1.1 KB";
+      attachment.key = mockEnc("key");
+      attachment.fileName = mockEnc("fileName");

-    expect(view).toEqual({
-      id: "id",
-      url: "url",
-      size: "1100",
-      sizeName: "1.1 KB",
-      fileName: "fileName",
-      key: expect.any(SymmetricCryptoKey),
+      encryptService.decryptToBytes.mockResolvedValue(makeStaticByteArray(32));
+
+      const view = await attachment.decrypt(null);
+
+      expect(view).toEqual({
+        id: "id",
+        url: "url",
+        size: "1100",
+        sizeName: "1.1 KB",
+        fileName: "fileName",
+        key: expect.any(SymmetricCryptoKey),
+      });
+    });
+
+    describe("decrypts attachment.key", () => {
+      let attachment: Attachment;
+
+      beforeEach(() => {
+        attachment = new Attachment();
+        attachment.key = mock<EncString>();
+      });
+
+      it("uses the provided key without depending on CryptoService", async () => {
+        const providedKey = mock<SymmetricCryptoKey>();
+
+        await attachment.decrypt(null, providedKey);
+
+        expect(cryptoService.getKeyForUserEncryption).not.toHaveBeenCalled();
+        expect(encryptService.decryptToBytes).toHaveBeenCalledWith(attachment.key, providedKey);
+      });
+
+      it("gets an organization key if required", async () => {
+        const orgKey = mock<SymmetricCryptoKey>();
+        cryptoService.getOrgKey.calledWith("orgId").mockResolvedValue(orgKey);
+
+        await attachment.decrypt("orgId", null);
+
+        expect(cryptoService.getOrgKey).toHaveBeenCalledWith("orgId");
+        expect(encryptService.decryptToBytes).toHaveBeenCalledWith(attachment.key, orgKey);
+      });
+
+      it("gets the user's decryption key if required", async () => {
+        const userKey = mock<SymmetricCryptoKey>();
+        cryptoService.getKeyForUserEncryption.mockResolvedValue(userKey);
+
+        await attachment.decrypt(null, null);
+
+        expect(cryptoService.getKeyForUserEncryption).toHaveBeenCalled();
+        expect(encryptService.decryptToBytes).toHaveBeenCalledWith(attachment.key, userKey);
+      });
    });
  });
 });