[PM-11477] Remove deprecated cryptoservice functions (#10854)

* Remove deprecated cryptoservice functions * Use getUserkeyWithLegacySupport to get userkey * Fix tests * Fix tests * Fix tests * Remove unused cryptoservice instances * Fix build * Remove unused apiService in constructor * Fix encryption * Ensure passed in key is used if present * Fix sends and folders * Fix tests * Remove logged key * Fix import for account restricted keys
2026-02-11 14:04:03 +00:00 · 2024-09-24 11:28:33 +02:00
parent 6d9223fac7
commit d92b2cbea2
69 changed files with 404 additions and 197 deletions
--- a/apps/cli/src/commands/download.command.ts
+++ b/apps/cli/src/commands/download.command.ts
@@ -1,6 +1,6 @@
 import * as fet from "node-fetch";

-import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { EncArrayBuffer } from "@bitwarden/common/platform/models/domain/enc-array-buffer";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";

@@ -9,7 +9,7 @@ import { FileResponse } from "../models/response/file.response";
 import { CliUtils } from "../utils";

 export abstract class DownloadCommand {
-  constructor(protected cryptoService: CryptoService) {}
+  constructor(protected encryptService: EncryptService) {}

  protected async saveAttachmentToFile(
    url: string,
@@ -26,7 +26,7 @@ export abstract class DownloadCommand {

    try {
      const encBuf = await EncArrayBuffer.fromResponse(response);
-      const decBuf = await this.cryptoService.decryptFromBytes(encBuf, key);
+      const decBuf = await this.encryptService.decryptToBytes(encBuf, key);
      if (process.env.BW_SERVE === "true") {
        const res = new FileResponse(Buffer.from(decBuf), fileName);
        return Response.success(res);
--- a/apps/cli/src/commands/edit.command.ts
+++ b/apps/cli/src/commands/edit.command.ts
@@ -7,6 +7,7 @@ import { CipherExport } from "@bitwarden/common/models/export/cipher.export";
 import { CollectionExport } from "@bitwarden/common/models/export/collection.export";
 import { FolderExport } from "@bitwarden/common/models/export/folder.export";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderApiServiceAbstraction } from "@bitwarden/common/vault/abstractions/folder/folder-api.service.abstraction";
@@ -25,6 +26,7 @@ export class EditCommand {
    private cipherService: CipherService,
    private folderService: FolderService,
    private cryptoService: CryptoService,
+    private encryptService: EncryptService,
    private apiService: ApiService,
    private folderApiService: FolderApiServiceAbstraction,
    private accountService: AccountService,
@@ -139,7 +141,10 @@ export class EditCommand {

    let folderView = await folder.decrypt();
    folderView = FolderExport.toView(req, folderView);
-    const encFolder = await this.folderService.encrypt(folderView);
+
+    const activeUserId = await firstValueFrom(this.accountService.activeAccount$);
+    const userKey = await this.cryptoService.getUserKeyWithLegacySupport(activeUserId.id);
+    const encFolder = await this.folderService.encrypt(folderView, userKey);
    try {
      await this.folderApiService.save(encFolder);
      const updatedFolder = await this.folderService.get(folder.id);
@@ -187,7 +192,7 @@ export class EditCommand {
              (u) => new SelectionReadOnlyRequest(u.id, u.readOnly, u.hidePasswords, u.manage),
            );
      const request = new CollectionRequest();
-      request.name = (await this.cryptoService.encrypt(req.name, orgKey)).encryptedString;
+      request.name = (await this.encryptService.encrypt(req.name, orgKey)).encryptedString;
      request.externalId = req.externalId;
      request.groups = groups;
      request.users = users;
--- a/apps/cli/src/commands/get.command.ts
+++ b/apps/cli/src/commands/get.command.ts
@@ -20,6 +20,7 @@ import { LoginExport } from "@bitwarden/common/models/export/login.export";
 import { SecureNoteExport } from "@bitwarden/common/models/export/secure-note.export";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
@@ -56,7 +57,8 @@ export class GetCommand extends DownloadCommand {
    private collectionService: CollectionService,
    private totpService: TotpService,
    private auditService: AuditService,
-    cryptoService: CryptoService,
+    private cryptoService: CryptoService,
+    encryptService: EncryptService,
    private stateService: StateService,
    private searchService: SearchService,
    private apiService: ApiService,
@@ -65,7 +67,7 @@ export class GetCommand extends DownloadCommand {
    private accountProfileService: BillingAccountProfileStateService,
    private accountService: AccountService,
  ) {
-    super(cryptoService);
+    super(encryptService);
  }

  async run(object: string, id: string, cmdOptions: Record<string, any>): Promise<Response> {
@@ -451,7 +453,7 @@ export class GetCommand extends DownloadCommand {

      const response = await this.apiService.getCollectionAccessDetails(options.organizationId, id);
      const decCollection = new CollectionView(response);
-      decCollection.name = await this.cryptoService.decryptToUtf8(
+      decCollection.name = await this.encryptService.decryptToUtf8(
        new EncString(response.name),
        orgKey,
      );
--- a/apps/cli/src/oss-serve-configurator.ts
+++ b/apps/cli/src/oss-serve-configurator.ts
@@ -57,6 +57,7 @@ export class OssServeConfigurator {
      this.serviceContainer.totpService,
      this.serviceContainer.auditService,
      this.serviceContainer.cryptoService,
+      this.serviceContainer.encryptService,
      this.serviceContainer.stateService,
      this.serviceContainer.searchService,
      this.serviceContainer.apiService,
@@ -79,6 +80,7 @@ export class OssServeConfigurator {
      this.serviceContainer.cipherService,
      this.serviceContainer.folderService,
      this.serviceContainer.cryptoService,
+      this.serviceContainer.encryptService,
      this.serviceContainer.apiService,
      this.serviceContainer.folderApiService,
      this.serviceContainer.billingAccountProfileStateService,
@@ -89,6 +91,7 @@ export class OssServeConfigurator {
      this.serviceContainer.cipherService,
      this.serviceContainer.folderService,
      this.serviceContainer.cryptoService,
+      this.serviceContainer.encryptService,
      this.serviceContainer.apiService,
      this.serviceContainer.folderApiService,
      this.serviceContainer.accountService,
@@ -150,7 +153,7 @@ export class OssServeConfigurator {
      this.serviceContainer.sendService,
      this.serviceContainer.environmentService,
      this.serviceContainer.searchService,
-      this.serviceContainer.cryptoService,
+      this.serviceContainer.encryptService,
    );
    this.sendEditCommand = new SendEditCommand(
      this.serviceContainer.sendService,
--- a/apps/cli/src/service-container/service-container.ts
+++ b/apps/cli/src/service-container/service-container.ts
@@ -494,6 +494,7 @@ export class ServiceContainer {

    this.collectionService = new CollectionService(
      this.cryptoService,
+      this.encryptService,
      this.i18nService,
      this.stateProvider,
    );
@@ -631,10 +632,12 @@ export class ServiceContainer {
      this.cipherFileUploadService,
      this.configService,
      this.stateProvider,
+      this.accountService,
    );

    this.folderService = new FolderService(
      this.cryptoService,
+      this.encryptService,
      this.i18nService,
      this.cipherService,
      this.stateProvider,
@@ -721,6 +724,7 @@ export class ServiceContainer {
      this.i18nService,
      this.collectionService,
      this.cryptoService,
+      this.encryptService,
      this.pinService,
      this.accountService,
    );
@@ -730,8 +734,10 @@ export class ServiceContainer {
      this.cipherService,
      this.pinService,
      this.cryptoService,
+      this.encryptService,
      this.cryptoFunctionService,
      this.kdfConfigService,
+      this.accountService,
    );

    this.organizationExportService = new OrganizationVaultExportService(
@@ -739,6 +745,7 @@ export class ServiceContainer {
      this.apiService,
      this.pinService,
      this.cryptoService,
+      this.encryptService,
      this.cryptoFunctionService,
      this.collectionService,
      this.kdfConfigService,
--- a/apps/cli/src/tools/send/commands/get.command.ts
+++ b/apps/cli/src/tools/send/commands/get.command.ts
@@ -2,7 +2,7 @@ import { OptionValues } from "commander";
 import { firstValueFrom } from "rxjs";

 import { SearchService } from "@bitwarden/common/abstractions/search.service";
-import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { SendView } from "@bitwarden/common/tools/send/models/view/send.view";
@@ -17,9 +17,9 @@ export class SendGetCommand extends DownloadCommand {
    private sendService: SendService,
    private environmentService: EnvironmentService,
    private searchService: SearchService,
-    cryptoService: CryptoService,
+    encryptService: EncryptService,
  ) {
-    super(cryptoService);
+    super(encryptService);
  }

  async run(id: string, options: OptionValues) {
--- a/apps/cli/src/tools/send/commands/receive.command.ts
+++ b/apps/cli/src/tools/send/commands/receive.command.ts
@@ -2,10 +2,10 @@ import { OptionValues } from "commander";
 import * as inquirer from "inquirer";
 import { firstValueFrom } from "rxjs";

-import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
 import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { EnvironmentService } from "@bitwarden/common/platform/abstractions/environment.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
@@ -27,14 +27,14 @@ export class SendReceiveCommand extends DownloadCommand {
  private sendAccessRequest: SendAccessRequest;

  constructor(
-    private apiService: ApiService,
-    cryptoService: CryptoService,
+    private cryptoService: CryptoService,
+    encryptService: EncryptService,
    private cryptoFunctionService: CryptoFunctionService,
    private platformUtilsService: PlatformUtilsService,
    private environmentService: EnvironmentService,
    private sendApiService: SendApiService,
  ) {
-    super(cryptoService);
+    super(encryptService);
  }

  async run(url: string, options: OptionValues): Promise<Response> {
--- a/apps/cli/src/tools/send/send.program.ts
+++ b/apps/cli/src/tools/send/send.program.ts
@@ -100,8 +100,8 @@ export class SendProgram extends BaseProgram {
      })
      .action(async (url: string, options: OptionValues) => {
        const cmd = new SendReceiveCommand(
-          this.serviceContainer.apiService,
          this.serviceContainer.cryptoService,
+          this.serviceContainer.encryptService,
          this.serviceContainer.cryptoFunctionService,
          this.serviceContainer.platformUtilsService,
          this.serviceContainer.environmentService,
@@ -143,6 +143,7 @@ export class SendProgram extends BaseProgram {
          this.serviceContainer.totpService,
          this.serviceContainer.auditService,
          this.serviceContainer.cryptoService,
+          this.serviceContainer.encryptService,
          this.serviceContainer.stateService,
          this.serviceContainer.searchService,
          this.serviceContainer.apiService,
@@ -187,7 +188,7 @@ export class SendProgram extends BaseProgram {
          this.serviceContainer.sendService,
          this.serviceContainer.environmentService,
          this.serviceContainer.searchService,
-          this.serviceContainer.cryptoService,
+          this.serviceContainer.encryptService,
        );
        const response = await cmd.run(id, options);
        this.processResponse(response);
@@ -246,7 +247,7 @@ export class SendProgram extends BaseProgram {
          this.serviceContainer.sendService,
          this.serviceContainer.environmentService,
          this.serviceContainer.searchService,
-          this.serviceContainer.cryptoService,
+          this.serviceContainer.encryptService,
        );
        const cmd = new SendEditCommand(
          this.serviceContainer.sendService,
--- a/apps/cli/src/vault.program.ts
+++ b/apps/cli/src/vault.program.ts
@@ -178,6 +178,7 @@ export class VaultProgram extends BaseProgram {
          this.serviceContainer.totpService,
          this.serviceContainer.auditService,
          this.serviceContainer.cryptoService,
+          this.serviceContainer.encryptService,
          this.serviceContainer.stateService,
          this.serviceContainer.searchService,
          this.serviceContainer.apiService,
@@ -224,6 +225,7 @@ export class VaultProgram extends BaseProgram {
          this.serviceContainer.cipherService,
          this.serviceContainer.folderService,
          this.serviceContainer.cryptoService,
+          this.serviceContainer.encryptService,
          this.serviceContainer.apiService,
          this.serviceContainer.folderApiService,
          this.serviceContainer.billingAccountProfileStateService,
@@ -272,6 +274,7 @@ export class VaultProgram extends BaseProgram {
          this.serviceContainer.cipherService,
          this.serviceContainer.folderService,
          this.serviceContainer.cryptoService,
+          this.serviceContainer.encryptService,
          this.serviceContainer.apiService,
          this.serviceContainer.folderApiService,
          this.serviceContainer.accountService,
--- a/apps/cli/src/vault/create.command.ts
+++ b/apps/cli/src/vault/create.command.ts
@@ -12,6 +12,7 @@ import { CipherExport } from "@bitwarden/common/models/export/cipher.export";
 import { CollectionExport } from "@bitwarden/common/models/export/collection.export";
 import { FolderExport } from "@bitwarden/common/models/export/folder.export";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { EncryptService } from "@bitwarden/common/platform/abstractions/encrypt.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderApiServiceAbstraction } from "@bitwarden/common/vault/abstractions/folder/folder-api.service.abstraction";
@@ -31,6 +32,7 @@ export class CreateCommand {
    private cipherService: CipherService,
    private folderService: FolderService,
    private cryptoService: CryptoService,
+    private encryptService: EncryptService,
    private apiService: ApiService,
    private folderApiService: FolderApiServiceAbstraction,
    private accountProfileService: BillingAccountProfileStateService,
@@ -167,7 +169,9 @@ export class CreateCommand {
  }

  private async createFolder(req: FolderExport) {
-    const folder = await this.folderService.encrypt(FolderExport.toView(req));
+    const activeAccountId = await firstValueFrom(this.accountService.activeAccount$);
+    const userKey = await this.cryptoService.getUserKeyWithLegacySupport(activeAccountId.id);
+    const folder = await this.folderService.encrypt(FolderExport.toView(req), userKey);
    try {
      await this.folderApiService.save(folder);
      const newFolder = await this.folderService.get(folder.id);
@@ -210,7 +214,7 @@ export class CreateCommand {
              (u) => new SelectionReadOnlyRequest(u.id, u.readOnly, u.hidePasswords, u.manage),
            );
      const request = new CollectionRequest();
-      request.name = (await this.cryptoService.encrypt(req.name, orgKey)).encryptedString;
+      request.name = (await this.encryptService.encrypt(req.name, orgKey)).encryptedString;
      request.externalId = req.externalId;
      request.groups = groups;
      request.users = users;