[PM-13673] Require UserId In CompareHash Method (#11568)

* Require UserId In CompareHash Method * Throw on null-ish 'masterKey' * Update Test
2025-12-16 16:23:44 +00:00 · 2024-11-04 15:11:59 -05:00
parent 008e928d0a
commit f41365ce48
6 changed files with 117 additions and 33 deletions
--- a/libs/common/src/auth/services/user-verification/user-verification.service.ts
+++ b/libs/common/src/auth/services/user-verification/user-verification.service.ts
@@ -206,9 +206,10 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
    let policyOptions: MasterPasswordPolicyResponse | null;
    // Client-side verification
    if (await this.hasMasterPasswordAndMasterKeyHash(userId)) {
-      const passwordValid = await this.keyService.compareAndUpdateKeyHash(
+      const passwordValid = await this.keyService.compareKeyHash(
        verification.secret,
        masterKey,
+        userId,
      );
      if (!passwordValid) {
        throw new Error(this.i18nService.t("invalidMasterPassword"));