[PM-24100] Remove GetOrgKey from key Service (#15823)

* Remove GetOrgKey from key Service

* adding back accidentally removed line

* Fixing spec

* fixing spec

* specs

* spec fixes

* spec changes omg

* lint fixes

* fixing test?

* test fixes..maybe

bitwarden_license/bit-web/src/app/secrets-manager/projects/project.service.ts

@@ -1,13 +1,16 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
 import { Injectable } from "@angular/core";
-import { Subject } from "rxjs";
+import { filter, firstValueFrom, map, Subject, switchMap } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
 import { ListResponse } from "@bitwarden/common/models/response/list.response";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { OrganizationId } from "@bitwarden/common/types/guid";
 import { KeyService } from "@bitwarden/key-management";
 
 import { ProjectListView } from "../models/view/project-list.view";
@@ -29,8 +32,22 @@ export class ProjectService {
     private keyService: KeyService,
     private apiService: ApiService,
     private encryptService: EncryptService,
+    private accountService: AccountService,
   ) {}
 
+  private getOrganizationKey$(organizationId: string) {
+    return this.accountService.activeAccount$.pipe(
+      getUserId,
+      switchMap((userId) => this.keyService.orgKeys$(userId)),
+      filter((orgKeys) => !!orgKeys),
+      map((organizationKeysById) => organizationKeysById[organizationId as OrganizationId]),
+    );
+  }
+
+  private async getOrganizationKey(organizationId: string): Promise<SymmetricCryptoKey> {
+    return await firstValueFrom(this.getOrganizationKey$(organizationId));
+  }
+
   async getByProjectId(projectId: string): Promise<ProjectView> {
     const r = await this.apiService.send("GET", "/projects/" + projectId, null, true, true);
     const projectResponse = new ProjectResponse(r);
@@ -83,10 +100,6 @@ export class ProjectService {
     });
   }
 
-  private async getOrganizationKey(organizationId: string): Promise<SymmetricCryptoKey> {
-    return await this.keyService.getOrgKey(organizationId);
-  }
-
   private async getProjectRequest(
     organizationId: string,
     projectView: ProjectView,

bitwarden_license/bit-web/src/app/secrets-manager/secrets/secret.service.spec.ts

@@ -1,8 +1,14 @@
-import { mock } from "jest-mock-extended";
+import { mock, MockProxy } from "jest-mock-extended";
+import { BehaviorSubject } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountInfo, AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
+import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { CsprngArray } from "@bitwarden/common/types/csprng";
+import { OrganizationId, UserId } from "@bitwarden/common/types/guid";
+import { OrgKey } from "@bitwarden/common/types/key";
 import { KeyService } from "@bitwarden/key-management";
 
 import { SecretAccessPoliciesView } from "../models/view/access-policies/secret-access-policies.view";
@@ -11,6 +17,16 @@ import { AccessPolicyService } from "../shared/access-policies/access-policy.ser
 
 import { SecretService } from "./secret.service";
 
+const SomeCsprngArray = new Uint8Array(64) as CsprngArray;
+const SomeOrganization = "some organization" as OrganizationId;
+const AnotherOrganization = "another organization" as OrganizationId;
+const SomeOrgKey = new SymmetricCryptoKey(SomeCsprngArray) as OrgKey;
+const AnotherOrgKey = new SymmetricCryptoKey(SomeCsprngArray) as OrgKey;
+const OrgRecords: Record<OrganizationId, OrgKey> = {
+  [SomeOrganization]: SomeOrgKey,
+  [AnotherOrganization]: AnotherOrgKey,
+};
+
 describe("SecretService", () => {
   let sut: SecretService;
 
@@ -18,11 +34,30 @@ describe("SecretService", () => {
   const apiService = mock<ApiService>();
   const encryptService = mock<EncryptService>();
   const accessPolicyService = mock<AccessPolicyService>();
+  let accountService: MockProxy<AccountService> = mock<AccountService>();
+  const activeAccountSubject = new BehaviorSubject<{ id: UserId } & AccountInfo>({
+    id: "testId" as UserId,
+    email: "test@example.com",
+    emailVerified: true,
+    name: "Test User",
+  });
 
   beforeEach(() => {
     jest.resetAllMocks();
 
-    sut = new SecretService(keyService, apiService, encryptService, accessPolicyService);
+    const orgKey$ = new BehaviorSubject(OrgRecords);
+    keyService.orgKeys$.mockReturnValue(orgKey$);
+
+    accountService = mock<AccountService>();
+    accountService.activeAccount$ = activeAccountSubject;
+
+    sut = new SecretService(
+      keyService,
+      apiService,
+      encryptService,
+      accessPolicyService,
+      accountService,
+    );
 
     encryptService.encryptString.mockResolvedValue({
       encryptedString: "mockEncryptedString",

bitwarden_license/bit-web/src/app/secrets-manager/secrets/secret.service.ts

@@ -1,12 +1,15 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
 import { Injectable } from "@angular/core";
-import { Subject } from "rxjs";
+import { Subject, firstValueFrom, switchMap, map, filter } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { OrganizationId } from "@bitwarden/common/types/guid";
 import { KeyService } from "@bitwarden/key-management";
 
 import { SecretAccessPoliciesView } from "../models/view/access-policies/secret-access-policies.view";
@@ -27,7 +30,6 @@ import { SecretResponse } from "./responses/secret.response";
 })
 export class SecretService {
   protected _secret: Subject<SecretView> = new Subject();
-
   secret$ = this._secret.asObservable();
 
   constructor(
@@ -35,8 +37,22 @@ export class SecretService {
     private apiService: ApiService,
     private encryptService: EncryptService,
     private accessPolicyService: AccessPolicyService,
+    private accountService: AccountService,
   ) {}
 
+  private getOrganizationKey$(organizationId: string) {
+    return this.accountService.activeAccount$.pipe(
+      getUserId,
+      switchMap((userId) => this.keyService.orgKeys$(userId)),
+      filter((orgKeys) => !!orgKeys),
+      map((organizationKeysById) => organizationKeysById[organizationId as OrganizationId]),
+    );
+  }
+
+  private async getOrganizationKey(organizationId: string): Promise<SymmetricCryptoKey> {
+    return await firstValueFrom(this.getOrganizationKey$(organizationId));
+  }
+
   async getBySecretId(secretId: string): Promise<SecretView> {
     const r = await this.apiService.send("GET", "/secrets/" + secretId, null, true, true);
     const secretResponse = new SecretResponse(r);
@@ -154,10 +170,6 @@ export class SecretService {
     this._secret.next(null);
   }
 
-  private async getOrganizationKey(organizationId: string): Promise<SymmetricCryptoKey> {
-    return await this.keyService.getOrgKey(organizationId);
-  }
-
   private async getSecretRequest(
     organizationId: string,
     secretView: SecretView,

bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access.service.ts

@@ -1,15 +1,18 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
 import { Injectable } from "@angular/core";
-import { Subject } from "rxjs";
+import { filter, firstValueFrom, map, Subject, switchMap } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
 import { ListResponse } from "@bitwarden/common/models/response/list.response";
 import { KeyGenerationService } from "@bitwarden/common/platform/abstractions/key-generation.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { OrganizationId } from "@bitwarden/common/types/guid";
 import { KeyService } from "@bitwarden/key-management";
 
 import { AccessTokenRequest } from "../models/requests/access-token.request";
@@ -32,6 +35,7 @@ export class AccessService {
     private apiService: ApiService,
     private keyGenerationService: KeyGenerationService,
     private encryptService: EncryptService,
+    private accountService: AccountService,
   ) {}
 
   async getAccessTokens(
@@ -50,6 +54,19 @@ export class AccessService {
     return await this.createAccessTokenViews(organizationId, results.data);
   }
 
+  private getOrganizationKey$(organizationId: string) {
+    return this.accountService.activeAccount$.pipe(
+      getUserId,
+      switchMap((userId) => this.keyService.orgKeys$(userId)),
+      filter((orgKeys) => !!orgKeys),
+      map((organizationKeysById) => organizationKeysById[organizationId as OrganizationId]),
+    );
+  }
+
+  private async getOrganizationKey(organizationId: string): Promise<SymmetricCryptoKey> {
+    return await firstValueFrom(this.getOrganizationKey$(organizationId));
+  }
+
   async createAccessToken(
     organizationId: string,
     serviceAccountId: string,
@@ -117,10 +134,6 @@ export class AccessService {
     return accessTokenRequest;
   }
 
-  private async getOrganizationKey(organizationId: string): Promise<SymmetricCryptoKey> {
-    return await this.keyService.getOrgKey(organizationId);
-  }
-
   private async createAccessTokenViews(
     organizationId: string,
     accessTokenResponses: AccessTokenResponse[],

bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-account.service.ts

@@ -1,13 +1,16 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
 import { Injectable } from "@angular/core";
-import { Subject } from "rxjs";
+import { filter, firstValueFrom, map, Subject, switchMap } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
 import { ListResponse } from "@bitwarden/common/models/response/list.response";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { OrganizationId } from "@bitwarden/common/types/guid";
 import { KeyService } from "@bitwarden/key-management";
 
 import {
@@ -34,8 +37,22 @@ export class ServiceAccountService {
     private keyService: KeyService,
     private apiService: ApiService,
     private encryptService: EncryptService,
+    private accountService: AccountService,
   ) {}
 
+  private getOrganizationKey$(organizationId: string) {
+    return this.accountService.activeAccount$.pipe(
+      getUserId,
+      switchMap((userId) => this.keyService.orgKeys$(userId)),
+      filter((orgKeys) => !!orgKeys),
+      map((organizationKeysById) => organizationKeysById[organizationId as OrganizationId]),
+    );
+  }
+
+  private async getOrganizationKey(organizationId: string): Promise<SymmetricCryptoKey> {
+    return await firstValueFrom(this.getOrganizationKey$(organizationId));
+  }
+
   async getServiceAccounts(
     organizationId: string,
     includeAccessToSecrets?: boolean,
@@ -129,10 +146,6 @@ export class ServiceAccountService {
     });
   }
 
-  private async getOrganizationKey(organizationId: string): Promise<SymmetricCryptoKey> {
-    return await this.keyService.getOrgKey(organizationId);
-  }
-
   private async getServiceAccountRequest(
     organizationKey: SymmetricCryptoKey,
     serviceAccountView: ServiceAccountView,

bitwarden_license/bit-web/src/app/secrets-manager/settings/services/sm-porting-api.service.spec.ts

@@ -1,11 +1,14 @@
-import { mock } from "jest-mock-extended";
+import { mock, MockProxy } from "jest-mock-extended";
+import { BehaviorSubject } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountInfo, AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { CsprngArray } from "@bitwarden/common/types/csprng";
+import { OrganizationId, UserId } from "@bitwarden/common/types/guid";
 import { OrgKey } from "@bitwarden/common/types/key";
 import { KeyService } from "@bitwarden/key-management";
 
@@ -16,17 +19,43 @@ import { SecretsManagerImportedSecretRequest } from "../models/requests/sm-impor
 
 import { SecretsManagerPortingApiService } from "./sm-porting-api.service";
 
+const SomeCsprngArray = new Uint8Array(64) as CsprngArray;
+const SomeOrganization = "some organization" as OrganizationId;
+const AnotherOrganization = "another organization" as OrganizationId;
+const SomeOrgKey = new SymmetricCryptoKey(SomeCsprngArray) as OrgKey;
+const AnotherOrgKey = new SymmetricCryptoKey(SomeCsprngArray) as OrgKey;
+const OrgRecords: Record<OrganizationId, OrgKey> = {
+  [SomeOrganization]: SomeOrgKey,
+  [AnotherOrganization]: AnotherOrgKey,
+};
+
 describe("SecretsManagerPortingApiService", () => {
   let sut: SecretsManagerPortingApiService;
 
   const apiService = mock<ApiService>();
   const encryptService = mock<EncryptService>();
   const keyService = mock<KeyService>();
+  let accountService: MockProxy<AccountService>;
+  const activeAccountSubject = new BehaviorSubject<{ id: UserId } & AccountInfo>({
+    id: "testId" as UserId,
+    email: "test@example.com",
+    emailVerified: true,
+    name: "Test User",
+  });
 
   beforeEach(() => {
     jest.resetAllMocks();
 
-    sut = new SecretsManagerPortingApiService(apiService, encryptService, keyService);
+    const orgKey$ = new BehaviorSubject(OrgRecords);
+    keyService.orgKeys$.mockReturnValue(orgKey$);
+    accountService = mock<AccountService>();
+    accountService.activeAccount$ = activeAccountSubject;
+    sut = new SecretsManagerPortingApiService(
+      apiService,
+      encryptService,
+      keyService,
+      accountService,
+    );
 
     encryptService.encryptString.mockResolvedValue(mockEncryptedString);
     encryptService.decryptString.mockResolvedValue(mockUnencryptedString);
@@ -51,7 +80,6 @@ describe("SecretsManagerPortingApiService", () => {
 
     it("emits the import successful", async () => {
       const expectedRequest = toRequest([project1, project2], [secret1, secret2]);
-
       let subscriptionCount = 0;
       sut.imports$.subscribe((request) => {
         expect(request).toBeDefined();

bitwarden_license/bit-web/src/app/secrets-manager/settings/services/sm-porting-api.service.ts

@@ -1,12 +1,16 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
 import { Injectable } from "@angular/core";
-import { Subject } from "rxjs";
+import { filter, firstValueFrom, map, Subject, switchMap } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
 import { ErrorResponse } from "@bitwarden/common/models/response/error.response";
+import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { OrganizationId } from "@bitwarden/common/types/guid";
 import { KeyService } from "@bitwarden/key-management";
 
 import { SecretsManagerImportError } from "../models/error/sm-import-error";
@@ -31,8 +35,22 @@ export class SecretsManagerPortingApiService {
     private apiService: ApiService,
     private encryptService: EncryptService,
     private keyService: KeyService,
+    private accountService: AccountService,
   ) {}
 
+  private getOrganizationKey$(organizationId: string) {
+    return this.accountService.activeAccount$.pipe(
+      getUserId,
+      switchMap((userId) => this.keyService.orgKeys$(userId)),
+      filter((orgKeys) => !!orgKeys),
+      map((organizationKeysById) => organizationKeysById[organizationId as OrganizationId]),
+    );
+  }
+
+  private async getOrganizationKey(organizationId: string): Promise<SymmetricCryptoKey> {
+    return await firstValueFrom(this.getOrganizationKey$(organizationId));
+  }
+
   async export(organizationId: string): Promise<string> {
     const response = await this.apiService.send(
       "GET",
@@ -78,7 +96,7 @@ export class SecretsManagerPortingApiService {
     const encryptedImport = new SecretsManagerImportRequest();
 
     try {
-      const orgKey = await this.keyService.getOrgKey(organizationId);
+      const orgKey = await this.getOrganizationKey(organizationId);
       encryptedImport.projects = [];
       encryptedImport.secrets = [];
 
@@ -120,7 +138,7 @@ export class SecretsManagerPortingApiService {
     organizationId: string,
     exportData: SecretsManagerExportResponse,
   ): Promise<SecretsManagerExport> {
-    const orgKey = await this.keyService.getOrgKey(organizationId);
+    const orgKey = await this.getOrganizationKey(organizationId);
     const decryptedExport = new SecretsManagerExport();
     decryptedExport.projects = [];
     decryptedExport.secrets = [];

bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy.service.spec.ts

@@ -1,12 +1,15 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
-import { mock } from "jest-mock-extended";
+import { mock, MockProxy } from "jest-mock-extended";
+import { BehaviorSubject } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountInfo, AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { CsprngArray } from "@bitwarden/common/types/csprng";
+import { OrganizationId, UserId } from "@bitwarden/common/types/guid";
 import { OrgKey } from "@bitwarden/common/types/key";
 import { KeyService } from "@bitwarden/key-management";
 
@@ -30,17 +33,39 @@ import { ServiceAccountGrantedPoliciesRequest } from "./models/requests/service-
 
 import { trackEmissions } from "@bitwarden/common/../spec";
 
+const SomeCsprngArray = new Uint8Array(64) as CsprngArray;
+const SomeOrganization = "some organization" as OrganizationId;
+const AnotherOrganization = "another organization" as OrganizationId;
+const SomeOrgKey = new SymmetricCryptoKey(SomeCsprngArray) as OrgKey;
+const AnotherOrgKey = new SymmetricCryptoKey(SomeCsprngArray) as OrgKey;
+const OrgRecords: Record<OrganizationId, OrgKey> = {
+  [SomeOrganization]: SomeOrgKey,
+  [AnotherOrganization]: AnotherOrgKey,
+};
+
 describe("AccessPolicyService", () => {
   let sut: AccessPolicyService;
 
   const keyService = mock<KeyService>();
   const apiService = mock<ApiService>();
   const encryptService = mock<EncryptService>();
+  let accountService: MockProxy<AccountService>;
+  const activeAccountSubject = new BehaviorSubject<{ id: UserId } & AccountInfo>({
+    id: "testId" as UserId,
+    email: "test@example.com",
+    emailVerified: true,
+    name: "Test User",
+  });
 
   beforeEach(() => {
     jest.resetAllMocks();
 
-    sut = new AccessPolicyService(keyService, apiService, encryptService);
+    const orgKey$ = new BehaviorSubject(OrgRecords);
+    keyService.orgKeys$.mockReturnValue(orgKey$);
+
+    accountService = mock<AccountService>();
+    accountService.activeAccount$ = activeAccountSubject;
+    sut = new AccessPolicyService(keyService, apiService, encryptService, accountService);
   });
 
   it("instantiates", () => {

bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy.service.ts

@@ -1,13 +1,16 @@
 // FIXME: Update this file to be type safe and remove this and next line
 // @ts-strict-ignore
 import { Injectable } from "@angular/core";
-import { Subject } from "rxjs";
+import { filter, firstValueFrom, map, Subject, switchMap } from "rxjs";
 
 import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
 import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
 import { ListResponse } from "@bitwarden/common/models/response/list.response";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
+import { OrganizationId } from "@bitwarden/common/types/guid";
 import { KeyService } from "@bitwarden/key-management";
 
 import {
@@ -62,8 +65,22 @@ export class AccessPolicyService {
     private keyService: KeyService,
     protected apiService: ApiService,
     protected encryptService: EncryptService,
+    private accountService: AccountService,
   ) {}
 
+  private getOrganizationKey$(organizationId: string) {
+    return this.accountService.activeAccount$.pipe(
+      getUserId,
+      switchMap((userId) => this.keyService.orgKeys$(userId)),
+      filter((orgKeys) => !!orgKeys),
+      map((organizationKeysById) => organizationKeysById[organizationId as OrganizationId]),
+    );
+  }
+
+  private async getOrganizationKey(organizationId: string): Promise<SymmetricCryptoKey> {
+    return await firstValueFrom(this.getOrganizationKey$(organizationId));
+  }
+
   async getProjectPeopleAccessPolicies(
     projectId: string,
   ): Promise<ProjectPeopleAccessPoliciesView> {
@@ -268,10 +285,6 @@ export class AccessPolicyService {
     };
   }
 
-  private async getOrganizationKey(organizationId: string): Promise<SymmetricCryptoKey> {
-    return await this.keyService.getOrgKey(organizationId);
-  }
-
   private getAccessPolicyRequest(
     granteeId: string,
     view: UserAccessPolicyView | GroupAccessPolicyView | ServiceAccountAccessPolicyView,