[PM-10607] Require userId for getKeyForCipherKeyDecryption (#10509)

* updated cipher service to stop using the deprecated getUserKeyWithLegacySupport and use the version that requires a user id * Added account service mock * fixed cipher test * Fixed test * removed async from encryptCipher * updated encryptSharedCipher to pass userId to the encrypt function * Pass userId to getUserKeyWithLegacySupport on encryptSharedCipher * pass in userid when setting masterKeyEncryptedUserKey * Added activer usedId to new web refresh function
2025-12-20 02:03:39 +00:00 · 2024-08-20 12:00:48 -04:00
parent ed719f835a
commit dedd7f1b5c
67 changed files with 534 additions and 118 deletions
--- a/apps/web/src/app/auth/settings/emergency-access/attachments/emergency-access-attachments.component.ts
+++ b/apps/web/src/app/auth/settings/emergency-access/attachments/emergency-access-attachments.component.ts
@@ -2,6 +2,7 @@ import { Component } from "@angular/core";

 import { AttachmentsComponent as BaseAttachmentsComponent } from "@bitwarden/angular/vault/components/attachments.component";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { FileDownloadService } from "@bitwarden/common/platform/abstractions/file-download/file-download.service";
@@ -32,6 +33,7 @@ export class EmergencyAccessAttachmentsComponent extends BaseAttachmentsComponen
    fileDownloadService: FileDownloadService,
    dialogService: DialogService,
    billingAccountProfileStateService: BillingAccountProfileStateService,
+    accountService: AccountService,
  ) {
    super(
      cipherService,
@@ -45,6 +47,7 @@ export class EmergencyAccessAttachmentsComponent extends BaseAttachmentsComponen
      fileDownloadService,
      dialogService,
      billingAccountProfileStateService,
+      accountService,
    );
  }

--- a/apps/web/src/app/vault/individual-vault/attachments.component.ts
+++ b/apps/web/src/app/vault/individual-vault/attachments.component.ts
@@ -2,6 +2,7 @@ import { Component } from "@angular/core";

 import { AttachmentsComponent as BaseAttachmentsComponent } from "@bitwarden/angular/vault/components/attachments.component";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { FileDownloadService } from "@bitwarden/common/platform/abstractions/file-download/file-download.service";
@@ -31,6 +32,7 @@ export class AttachmentsComponent extends BaseAttachmentsComponent {
    fileDownloadService: FileDownloadService,
    dialogService: DialogService,
    billingAccountProfileStateService: BillingAccountProfileStateService,
+    accountService: AccountService,
  ) {
    super(
      cipherService,
@@ -44,6 +46,7 @@ export class AttachmentsComponent extends BaseAttachmentsComponent {
      fileDownloadService,
      dialogService,
      billingAccountProfileStateService,
+      accountService,
    );
  }

--- a/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-share-dialog/bulk-share-dialog.component.ts
+++ b/apps/web/src/app/vault/individual-vault/bulk-action-dialogs/bulk-share-dialog/bulk-share-dialog.component.ts
@@ -1,8 +1,10 @@
 import { DialogConfig, DialogRef, DIALOG_DATA } from "@angular/cdk/dialog";
 import { Component, Inject, OnDestroy, OnInit } from "@angular/core";
+import { firstValueFrom, map } from "rxjs";

 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -61,6 +63,7 @@ export class BulkShareDialogComponent implements OnInit, OnDestroy {
    private collectionService: CollectionService,
    private organizationService: OrganizationService,
    private logService: LogService,
+    private accountService: AccountService,
  ) {
    this.ciphers = params.ciphers ?? [];
    this.organizationId = params.organizationId;
@@ -98,10 +101,14 @@ export class BulkShareDialogComponent implements OnInit, OnDestroy {
  submit = async () => {
    const checkedCollectionIds = this.collections.filter(isChecked).map((c) => c.id);
    try {
+      const activeUserId = await firstValueFrom(
+        this.accountService.activeAccount$.pipe(map((a) => a?.id)),
+      );
      await this.cipherService.shareManyWithServer(
        this.shareableCiphers,
        this.organizationId,
        checkedCollectionIds,
+        activeUserId,
      );
      const orgName =
        this.organizations.find((o) => o.id === this.organizationId)?.name ??
--- a/apps/web/src/app/vault/individual-vault/collections.component.ts
+++ b/apps/web/src/app/vault/individual-vault/collections.component.ts
@@ -3,6 +3,7 @@ import { Component, Inject, OnDestroy } from "@angular/core";

 import { CollectionsComponent as BaseCollectionsComponent } from "@bitwarden/angular/admin-console/components/collections.component";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -25,6 +26,7 @@ export class CollectionsComponent extends BaseCollectionsComponent implements On
    organizationSerivce: OrganizationService,
    logService: LogService,
    configService: ConfigService,
+    accountService: AccountService,
    protected dialogRef: DialogRef,
    @Inject(DIALOG_DATA) params: CollectionsDialogParams,
  ) {
@@ -36,6 +38,7 @@ export class CollectionsComponent extends BaseCollectionsComponent implements On
      organizationSerivce,
      logService,
      configService,
+      accountService,
    );
    this.cipherId = params?.cipherId;
  }
--- a/apps/web/src/app/vault/individual-vault/share.component.ts
+++ b/apps/web/src/app/vault/individual-vault/share.component.ts
@@ -2,6 +2,7 @@ import { Component, OnDestroy } from "@angular/core";

 import { ShareComponent as BaseShareComponent } from "@bitwarden/angular/components/share.component";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
@@ -21,6 +22,7 @@ export class ShareComponent extends BaseShareComponent implements OnDestroy {
    cipherService: CipherService,
    organizationService: OrganizationService,
    logService: LogService,
+    accountService: AccountService,
  ) {
    super(
      collectionService,
@@ -29,6 +31,7 @@ export class ShareComponent extends BaseShareComponent implements OnDestroy {
      cipherService,
      logService,
      organizationService,
+      accountService,
    );
  }

--- a/apps/web/src/app/vault/individual-vault/vault.component.ts
+++ b/apps/web/src/app/vault/individual-vault/vault.component.ts
@@ -35,6 +35,7 @@ import { EventCollectionService } from "@bitwarden/common/abstractions/event/eve
 import { SearchService } from "@bitwarden/common/abstractions/search.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { EventType } from "@bitwarden/common/enums";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
@@ -198,6 +199,7 @@ export class VaultComponent implements OnInit, OnDestroy {
    private apiService: ApiService,
    private billingAccountProfileStateService: BillingAccountProfileStateService,
    private toastService: ToastService,
+    private accountService: AccountService,
  ) {}

  async ngOnInit() {
@@ -699,9 +701,12 @@ export class VaultComponent implements OnInit, OnDestroy {
      return;
    }

+    const activeUserId = await firstValueFrom(
+      this.accountService.activeAccount$.pipe(map((a) => a?.id)),
+    );
    // Decrypt the cipher.
    const cipherView = await cipher.decrypt(
-      await this.cipherService.getKeyForCipherKeyDecryption(cipher),
+      await this.cipherService.getKeyForCipherKeyDecryption(cipher, activeUserId),
    );

    // Open the dialog.
--- a/apps/web/src/app/vault/org-vault/add-edit.component.ts
+++ b/apps/web/src/app/vault/org-vault/add-edit.component.ts
@@ -14,6 +14,7 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { SendApiService } from "@bitwarden/common/tools/send/services/send-api.service.abstraction";
+import { UserId } from "@bitwarden/common/types/guid";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
@@ -107,11 +108,12 @@ export class AddEditComponent extends BaseAddEditComponent {
    return cipher;
  }

-  protected encryptCipher() {
+  protected encryptCipher(userId: UserId) {
    if (!this.organization.canEditAllCiphers(this.restrictProviderAccess)) {
-      return super.encryptCipher();
+      return super.encryptCipher(userId);
    }
-    return this.cipherService.encrypt(this.cipher, null, null, this.originalCipher);
+
+    return this.cipherService.encrypt(this.cipher, userId, null, null, this.originalCipher);
  }

  protected async deleteCipher() {
--- a/apps/web/src/app/vault/org-vault/attachments.component.ts
+++ b/apps/web/src/app/vault/org-vault/attachments.component.ts
@@ -3,6 +3,7 @@ import { firstValueFrom } from "rxjs";

 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
@@ -12,6 +13,7 @@ import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.servic
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { UserId } from "@bitwarden/common/types/guid";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { CipherData } from "@bitwarden/common/vault/models/data/cipher.data";
 import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
@@ -41,6 +43,7 @@ export class AttachmentsComponent extends BaseAttachmentsComponent implements On
    fileDownloadService: FileDownloadService,
    dialogService: DialogService,
    billingAccountProfileStateService: BillingAccountProfileStateService,
+    accountService: AccountService,
    private configService: ConfigService,
  ) {
    super(
@@ -54,6 +57,7 @@ export class AttachmentsComponent extends BaseAttachmentsComponent implements On
      fileDownloadService,
      dialogService,
      billingAccountProfileStateService,
+      accountService,
    );
  }

@@ -81,10 +85,11 @@ export class AttachmentsComponent extends BaseAttachmentsComponent implements On
    return new Cipher(new CipherData(response));
  }

-  protected saveCipherAttachment(file: File) {
+  protected saveCipherAttachment(file: File, userId: UserId) {
    return this.cipherService.saveAttachmentWithServer(
      this.cipherDomain,
      file,
+      userId,
      this.organization.canEditAllCiphers(this.restrictProviderAccess),
    );
  }
--- a/apps/web/src/app/vault/org-vault/collections.component.ts
+++ b/apps/web/src/app/vault/org-vault/collections.component.ts
@@ -4,6 +4,7 @@ import { Component, Inject } from "@angular/core";
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { OrganizationService } from "@bitwarden/common/admin-console/abstractions/organization/organization.service.abstraction";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { ConfigService } from "@bitwarden/common/platform/abstractions/config/config.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
@@ -37,6 +38,7 @@ export class CollectionsComponent extends BaseCollectionsComponent {
    private apiService: ApiService,
    logService: LogService,
    configService: ConfigService,
+    accountService: AccountService,
    protected dialogRef: DialogRef,
    @Inject(DIALOG_DATA) params: OrgVaultCollectionsDialogParams,
  ) {
@@ -48,6 +50,7 @@ export class CollectionsComponent extends BaseCollectionsComponent {
      organizationService,
      logService,
      configService,
+      accountService,
      dialogRef,
      params,
    );
--- a/apps/web/src/app/vault/org-vault/vault.component.ts
+++ b/apps/web/src/app/vault/org-vault/vault.component.ts
@@ -39,6 +39,7 @@ import { OrganizationService } from "@bitwarden/common/admin-console/abstraction
 import { OrganizationUserService } from "@bitwarden/common/admin-console/abstractions/organization-user/organization-user.service";
 import { OrganizationUserUserDetailsResponse } from "@bitwarden/common/admin-console/abstractions/organization-user/responses";
 import { Organization } from "@bitwarden/common/admin-console/models/domain/organization";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { EventType } from "@bitwarden/common/enums";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";
 import { BroadcasterService } from "@bitwarden/common/platform/abstractions/broadcaster.service";
@@ -216,6 +217,7 @@ export class VaultComponent implements OnInit, OnDestroy {
    private organizationUserService: OrganizationUserService,
    protected configService: ConfigService,
    private toastService: ToastService,
+    private accountService: AccountService,
  ) {}

  async ngOnInit() {
@@ -893,9 +895,12 @@ export class VaultComponent implements OnInit, OnDestroy {
      return;
    }

+    const activeUserId = await firstValueFrom(
+      this.accountService.activeAccount$.pipe(map((a) => a?.id)),
+    );
    // Decrypt the cipher.
    const cipherView = await cipher.decrypt(
-      await this.cipherService.getKeyForCipherKeyDecryption(cipher),
+      await this.cipherService.getKeyForCipherKeyDecryption(cipher, activeUserId),
    );

    // Open the dialog.