[PM-13673] Require UserId In CompareHash Method (#11568)

* Require UserId In CompareHash Method * Throw on null-ish 'masterKey' * Update Test
2025-12-15 15:53:27 +00:00 · 2024-11-04 15:11:59 -05:00
parent 008e928d0a
commit f41365ce48
6 changed files with 117 additions and 33 deletions
--- a/libs/common/src/auth/services/user-verification/user-verification.service.spec.ts
+++ b/libs/common/src/auth/services/user-verification/user-verification.service.spec.ts
@@ -216,7 +216,7 @@ describe("UserVerificationService", () => {
      });

      it("returns if verification is successful", async () => {
-        keyService.compareAndUpdateKeyHash.mockResolvedValueOnce(true);
+        keyService.compareKeyHash.mockResolvedValueOnce(true);

        const result = await sut.verifyUserByMasterPassword(
          {
@@ -227,7 +227,7 @@ describe("UserVerificationService", () => {
          "email",
        );

-        expect(keyService.compareAndUpdateKeyHash).toHaveBeenCalled();
+        expect(keyService.compareKeyHash).toHaveBeenCalled();
        expect(masterPasswordService.setMasterKeyHash).toHaveBeenCalledWith(
          "localHash",
          mockUserId,
@@ -240,7 +240,7 @@ describe("UserVerificationService", () => {
      });

      it("throws if verification fails", async () => {
-        keyService.compareAndUpdateKeyHash.mockResolvedValueOnce(false);
+        keyService.compareKeyHash.mockResolvedValueOnce(false);

        await expect(
          sut.verifyUserByMasterPassword(
@@ -253,7 +253,7 @@ describe("UserVerificationService", () => {
          ),
        ).rejects.toThrow("Invalid master password");

-        expect(keyService.compareAndUpdateKeyHash).toHaveBeenCalled();
+        expect(keyService.compareKeyHash).toHaveBeenCalled();
        expect(masterPasswordService.setMasterKeyHash).not.toHaveBeenCalledWith();
        expect(masterPasswordService.setMasterKey).not.toHaveBeenCalledWith();
      });
@@ -285,7 +285,7 @@ describe("UserVerificationService", () => {
          "email",
        );

-        expect(keyService.compareAndUpdateKeyHash).not.toHaveBeenCalled();
+        expect(keyService.compareKeyHash).not.toHaveBeenCalled();
        expect(masterPasswordService.setMasterKeyHash).toHaveBeenCalledWith(
          "localHash",
          mockUserId,
@@ -318,7 +318,7 @@ describe("UserVerificationService", () => {
          ),
        ).rejects.toThrow("Invalid master password");

-        expect(keyService.compareAndUpdateKeyHash).not.toHaveBeenCalled();
+        expect(keyService.compareKeyHash).not.toHaveBeenCalled();
        expect(masterPasswordService.setMasterKeyHash).not.toHaveBeenCalledWith();
        expect(masterPasswordService.setMasterKey).not.toHaveBeenCalledWith();
      });
--- a/libs/common/src/auth/services/user-verification/user-verification.service.ts
+++ b/libs/common/src/auth/services/user-verification/user-verification.service.ts
@@ -206,9 +206,10 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
    let policyOptions: MasterPasswordPolicyResponse | null;
    // Client-side verification
    if (await this.hasMasterPasswordAndMasterKeyHash(userId)) {
-      const passwordValid = await this.keyService.compareAndUpdateKeyHash(
+      const passwordValid = await this.keyService.compareKeyHash(
        verification.secret,
        masterKey,
+        userId,
      );
      if (!passwordValid) {
        throw new Error(this.i18nService.t("invalidMasterPassword"));