[PM-29017] - improve logic for cipher SaveDetailsAsync validation (#6731)

* improve logic for cipher SaveDetailsAsync validation. fix tests * revert change * fix test * remove duplicate semicolon
2025-12-31 07:33:43 +00:00 · 2025-12-19 11:35:01 -08:00
parent e6c97bd850
commit 457e293fdc
2 changed files with 55 additions and 25 deletions
--- a/src/Core/Vault/Services/Implementations/CipherService.cs
+++ b/src/Core/Vault/Services/Implementations/CipherService.cs
@@ -1029,11 +1029,8 @@ public class CipherService : ICipherService
            var existingCipherData = DeserializeCipherData(existingCipher);
            var newCipherData = DeserializeCipherData(cipher);

-            // "hidden password" users may not add cipher key encryption
-            if (existingCipher.Key == null && cipher.Key != null)
-            {
-                throw new BadRequestException("You do not have permission to add cipher key encryption.");
-            }
+            // For hidden-password users, never allow Key to change at all.
+            cipher.Key = existingCipher.Key;
            // Keep only non-hidden fileds from the new cipher
            var nonHiddenFields = newCipherData.Fields?.Where(f => f.Type != FieldType.Hidden) ?? [];
            // Get hidden fields from the existing cipher