[PM-27280] Support v2 encryption on key-connector signups (#6712)

* account v2 registration for key connector * use new user repository functions * test coverage * integration test coverage * documentation * code review * missing test coverage * fix failing test * failing test * incorrect ticket number * moved back request model to Api, created dedicated data class in Core * sql stored procedure type mismatch, simplification * key connector authorization handler
2026-02-16 08:34:15 +00:00 · 2025-12-18 19:43:03 +01:00
parent 2b742b0343
commit a92d7ac129
22 changed files with 1283 additions and 50 deletions
--- a/src/Infrastructure.Dapper/Repositories/UserRepository.cs
+++ b/src/Infrastructure.Dapper/Repositories/UserRepository.cs
@@ -3,6 +3,7 @@ using System.Text.Json;
 using Bit.Core;
 using Bit.Core.Billing.Premium.Models;
 using Bit.Core.Entities;
+using Bit.Core.Enums;
 using Bit.Core.KeyManagement.Models.Data;
 using Bit.Core.KeyManagement.UserKey;
 using Bit.Core.Models.Data;
@@ -401,6 +402,32 @@ public class UserRepository : Repository<User, Guid>, IUserRepository
        return result.SingleOrDefault();
    }

+    public UpdateUserData SetKeyConnectorUserKey(Guid userId, string keyConnectorWrappedUserKey)
+    {
+        return async (connection, transaction) =>
+        {
+            var timestamp = DateTime.UtcNow;
+
+            await connection!.ExecuteAsync(
+                "[dbo].[User_UpdateKeyConnectorUserKey]",
+                new
+                {
+                    Id = userId,
+                    Key = keyConnectorWrappedUserKey,
+                    // Key Connector does not use KDF, so we set some defaults
+                    Kdf = KdfType.Argon2id,
+                    KdfIterations = AuthConstants.ARGON2_ITERATIONS.Default,
+                    KdfMemory = AuthConstants.ARGON2_MEMORY.Default,
+                    KdfParallelism = AuthConstants.ARGON2_PARALLELISM.Default,
+                    UsesKeyConnector = true,
+                    RevisionDate = timestamp,
+                    AccountRevisionDate = timestamp
+                },
+                transaction: transaction,
+                commandType: CommandType.StoredProcedure);
+        };
+    }
+
    private async Task ProtectDataAndSaveAsync(User user, Func<Task> saveTask)
    {
        if (user == null)