[PM-13673] Require UserId In CompareHash Method (#11568)

* Require UserId In CompareHash Method * Throw on null-ish 'masterKey' * Update Test
2025-12-18 09:13:33 +00:00 · 2024-11-04 15:11:59 -05:00
parent 008e928d0a
commit f41365ce48
6 changed files with 117 additions and 33 deletions
--- a/libs/key-management/src/key.service.ts
+++ b/libs/key-management/src/key.service.ts
@@ -319,34 +319,43 @@ export class DefaultKeyService implements KeyServiceAbstraction {
  }

  // TODO: move to MasterPasswordService
-  async compareAndUpdateKeyHash(masterPassword: string, masterKey: MasterKey): Promise<boolean> {
-    const userId = await firstValueFrom(this.stateProvider.activeUserId$);
+  async compareKeyHash(
+    masterPassword: string,
+    masterKey: MasterKey,
+    userId: UserId,
+  ): Promise<boolean> {
+    if (masterKey == null) {
+      throw new Error("'masterKey' is required to be non-null.");
+    }
+
+    if (masterPassword == null) {
+      // If they don't give us a master password, we can't hash it, and therefore
+      // it will never match what we have stored.
+      return false;
+    }
+
+    // Retrieve the current password hash
    const storedPasswordHash = await firstValueFrom(
      this.masterPasswordService.masterKeyHash$(userId),
    );
-    if (masterPassword != null && storedPasswordHash != null) {
-      const localKeyHash = await this.hashMasterKey(
-        masterPassword,
-        masterKey,
-        HashPurpose.LocalAuthorization,
-      );
-      if (localKeyHash != null && storedPasswordHash === localKeyHash) {
-        return true;
-      }

-      // TODO: remove serverKeyHash check in 1-2 releases after everyone's keyHash has been updated
-      const serverKeyHash = await this.hashMasterKey(
-        masterPassword,
-        masterKey,
-        HashPurpose.ServerAuthorization,
-      );
-      if (serverKeyHash != null && storedPasswordHash === serverKeyHash) {
-        await this.masterPasswordService.setMasterKeyHash(localKeyHash, userId);
-        return true;
-      }
+    if (storedPasswordHash == null) {
+      return false;
    }

-    return false;
+    // Hash the key for local use
+    const localKeyHash = await this.hashMasterKey(
+      masterPassword,
+      masterKey,
+      HashPurpose.LocalAuthorization,
+    );
+
+    // Check if the stored hash is already equal to the hash we create locally
+    if (localKeyHash == null || storedPasswordHash !== localKeyHash) {
+      return false;
+    }
+
+    return true;
  }

  async setOrgKeys(