[PM-10607] Require userId for getKeyForCipherKeyDecryption (#10509)

* updated cipher service to stop using the deprecated getUserKeyWithLegacySupport and use the version that requires a user id * Added account service mock * fixed cipher test * Fixed test * removed async from encryptCipher * updated encryptSharedCipher to pass userId to the encrypt function * Pass userId to getUserKeyWithLegacySupport on encryptSharedCipher * pass in userid when setting masterKeyEncryptedUserKey * Added activer usedId to new web refresh function
2025-12-16 08:13:42 +00:00 · 2024-08-20 12:00:48 -04:00
parent ed719f835a
commit dedd7f1b5c
67 changed files with 534 additions and 118 deletions
--- a/libs/angular/src/vault/components/attachments.component.ts
+++ b/libs/angular/src/vault/components/attachments.component.ts
@@ -1,7 +1,8 @@
 import { Directive, EventEmitter, Input, OnInit, Output } from "@angular/core";
-import { firstValueFrom } from "rxjs";
+import { firstValueFrom, map } from "rxjs";

 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { BillingAccountProfileStateService } from "@bitwarden/common/billing/abstractions/account/billing-account-profile-state.service";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -11,6 +12,7 @@ import { LogService } from "@bitwarden/common/platform/abstractions/log.service"
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
 import { EncArrayBuffer } from "@bitwarden/common/platform/models/domain/enc-array-buffer";
+import { UserId } from "@bitwarden/common/types/guid";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
 import { AttachmentView } from "@bitwarden/common/vault/models/view/attachment.view";
@@ -46,6 +48,7 @@ export class AttachmentsComponent implements OnInit {
    protected fileDownloadService: FileDownloadService,
    protected dialogService: DialogService,
    protected billingAccountProfileStateService: BillingAccountProfileStateService,
+    protected accountService: AccountService,
  ) {}

  async ngOnInit() {
@@ -75,10 +78,13 @@ export class AttachmentsComponent implements OnInit {
    }

    try {
-      this.formPromise = this.saveCipherAttachment(files[0]);
+      const activeUserId = await firstValueFrom(
+        this.accountService.activeAccount$.pipe(map((a) => a?.id)),
+      );
+      this.formPromise = this.saveCipherAttachment(files[0], activeUserId);
      this.cipherDomain = await this.formPromise;
      this.cipher = await this.cipherDomain.decrypt(
-        await this.cipherService.getKeyForCipherKeyDecryption(this.cipherDomain),
+        await this.cipherService.getKeyForCipherKeyDecryption(this.cipherDomain, activeUserId),
      );
      this.platformUtilsService.showToast("success", null, this.i18nService.t("attachmentSaved"));
      this.onUploadedAttachment.emit();
@@ -185,8 +191,11 @@ export class AttachmentsComponent implements OnInit {

  protected async init() {
    this.cipherDomain = await this.loadCipher();
+    const activeUserId = await firstValueFrom(
+      this.accountService.activeAccount$.pipe(map((a) => a?.id)),
+    );
    this.cipher = await this.cipherDomain.decrypt(
-      await this.cipherService.getKeyForCipherKeyDecryption(this.cipherDomain),
+      await this.cipherService.getKeyForCipherKeyDecryption(this.cipherDomain, activeUserId),
    );

    const canAccessPremium = await firstValueFrom(
@@ -235,14 +244,18 @@ export class AttachmentsComponent implements OnInit {
              ? attachment.key
              : await this.cryptoService.getOrgKey(this.cipher.organizationId);
          const decBuf = await this.cryptoService.decryptFromBytes(encBuf, key);
+          const activeUserId = await firstValueFrom(
+            this.accountService.activeAccount$.pipe(map((a) => a?.id)),
+          );
          this.cipherDomain = await this.cipherService.saveAttachmentRawWithServer(
            this.cipherDomain,
            attachment.fileName,
            decBuf,
+            activeUserId,
            admin,
          );
          this.cipher = await this.cipherDomain.decrypt(
-            await this.cipherService.getKeyForCipherKeyDecryption(this.cipherDomain),
+            await this.cipherService.getKeyForCipherKeyDecryption(this.cipherDomain, activeUserId),
          );

          // 3. Delete old
@@ -278,8 +291,8 @@ export class AttachmentsComponent implements OnInit {
    return this.cipherService.get(this.cipherId);
  }

-  protected saveCipherAttachment(file: File) {
-    return this.cipherService.saveAttachmentWithServer(this.cipherDomain, file);
+  protected saveCipherAttachment(file: File, userId: UserId) {
+    return this.cipherService.saveAttachmentWithServer(this.cipherDomain, file, userId);
  }

  protected deleteCipherAttachment(attachmentId: string) {