[PM-29208] Remove individual cryptographic-key states & migrate key service (#18164)

* Remove inividual user key states and migrate to account cryptographic state * Fix browser * Fix tests * Clean up migration * Remove key-pair creation from login strategy * Add clearing for the account cryptographic state * Add migration * Cleanup * Fix linting
2026-02-10 13:40:06 +00:00 · 2026-02-09 12:39:55 +01:00
parent c21841a2df
commit f7a5ad712f
43 changed files with 562 additions and 597 deletions
--- a/libs/angular/src/auth/password-management/set-initial-password/default-set-initial-password.service.implementation.ts
+++ b/libs/angular/src/auth/password-management/set-initial-password/default-set-initial-password.service.implementation.ts
@@ -198,7 +198,6 @@ export class DefaultSetInitialPasswordService implements SetInitialPasswordServi
      if (!keyPair[1].encryptedString) {
        throw new Error("encrypted private key not found. Could not set private key in state.");
      }
-      await this.keyService.setPrivateKey(keyPair[1].encryptedString, userId);
      await this.accountCryptographicStateService.setAccountCryptographicState(
        {
          V1: {
--- a/libs/angular/src/auth/password-management/set-initial-password/default-set-initial-password.service.spec.ts
+++ b/libs/angular/src/auth/password-management/set-initial-password/default-set-initial-password.service.spec.ts
@@ -424,7 +424,6 @@ describe("DefaultSetInitialPasswordService", () => {

          // Assert
          expect(masterPasswordApiService.setPassword).toHaveBeenCalledWith(setPasswordRequest);
-          expect(keyService.setPrivateKey).toHaveBeenCalledWith(keyPair[1].encryptedString, userId);
          expect(
            accountCryptographicStateService.setAccountCryptographicState,
          ).toHaveBeenCalledWith(
@@ -667,7 +666,9 @@ describe("DefaultSetInitialPasswordService", () => {

          // Assert
          expect(masterPasswordApiService.setPassword).toHaveBeenCalledWith(setPasswordRequest);
-          expect(keyService.setPrivateKey).not.toHaveBeenCalled();
+          expect(
+            accountCryptographicStateService.setAccountCryptographicState,
+          ).not.toHaveBeenCalled();
        });

        it("should set the local master key hash to state", async () => {
--- a/libs/angular/src/services/jslib-services.module.ts
+++ b/libs/angular/src/services/jslib-services.module.ts
@@ -767,12 +767,13 @@ const safeProviders: SafeProvider[] = [
      AccountServiceAbstraction,
      StateProvider,
      KdfConfigService,
+      AccountCryptographicStateService,
    ],
  }),
  safeProvider({
    provide: SecurityStateService,
    useClass: DefaultSecurityStateService,
-    deps: [StateProvider],
+    deps: [AccountCryptographicStateService],
  }),
  safeProvider({
    provide: RestrictedItemTypesService,
@@ -1704,6 +1705,7 @@ const safeProviders: SafeProvider[] = [
      SdkService,
      ApiServiceAbstraction,
      ConfigService,
+      AccountCryptographicStateService,
    ],
  }),
  safeProvider({