[PM-10607] Require userId for getKeyForCipherKeyDecryption (#10509)

* updated cipher service to stop using the deprecated getUserKeyWithLegacySupport and use the version that requires a user id * Added account service mock * fixed cipher test * Fixed test * removed async from encryptCipher * updated encryptSharedCipher to pass userId to the encrypt function * Pass userId to getUserKeyWithLegacySupport on encryptSharedCipher * pass in userid when setting masterKeyEncryptedUserKey * Added activer usedId to new web refresh function
2025-12-19 09:43:23 +00:00 · 2024-08-20 12:00:48 -04:00
parent ed719f835a
commit dedd7f1b5c
67 changed files with 534 additions and 118 deletions
--- a/libs/vault/src/cipher-form/services/default-cipher-form.service.ts
+++ b/libs/vault/src/cipher-form/services/default-cipher-form.service.ts
@@ -1,5 +1,7 @@
 import { inject, Injectable } from "@angular/core";
+import { firstValueFrom, map } from "rxjs";

+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
 import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
@@ -14,15 +16,25 @@ function isSetEqual(a: Set<string>, b: Set<string>) {
@Injectable()
 export class DefaultCipherFormService implements CipherFormService {
  private cipherService: CipherService = inject(CipherService);
+  private accountService: AccountService = inject(AccountService);

  async decryptCipher(cipher: Cipher): Promise<CipherView> {
-    return await cipher.decrypt(await this.cipherService.getKeyForCipherKeyDecryption(cipher));
+    const activeUserId = await firstValueFrom(
+      this.accountService.activeAccount$.pipe(map((a) => a?.id)),
+    );
+    return await cipher.decrypt(
+      await this.cipherService.getKeyForCipherKeyDecryption(cipher, activeUserId),
+    );
  }

  async saveCipher(cipher: CipherView, config: CipherFormConfig): Promise<CipherView> {
    // Passing the original cipher is important here as it is responsible for appending to password history
+    const activeUserId = await firstValueFrom(
+      this.accountService.activeAccount$.pipe(map((a) => a?.id)),
+    );
    const encryptedCipher = await this.cipherService.encrypt(
      cipher,
+      activeUserId,
      null,
      null,
      config.originalCipher ?? null,
@@ -34,7 +46,7 @@ export class DefaultCipherFormService implements CipherFormService {
    if (cipher.id == null) {
      savedCipher = await this.cipherService.createWithServer(encryptedCipher, config.admin);
      return await savedCipher.decrypt(
-        await this.cipherService.getKeyForCipherKeyDecryption(savedCipher),
+        await this.cipherService.getKeyForCipherKeyDecryption(savedCipher, activeUserId),
      );
    }

@@ -68,7 +80,7 @@ export class DefaultCipherFormService implements CipherFormService {
    }

    return await savedCipher.decrypt(
-      await this.cipherService.getKeyForCipherKeyDecryption(savedCipher),
+      await this.cipherService.getKeyForCipherKeyDecryption(savedCipher, activeUserId),
    );
  }
 }