[PM-27280] Support v2 encryption on key-connector signups (#6712)

* account v2 registration for key connector * use new user repository functions * test coverage * integration test coverage * documentation * code review * missing test coverage * fix failing test * failing test * incorrect ticket number * moved back request model to Api, created dedicated data class in Core * sql stored procedure type mismatch, simplification * key connector authorization handler
2026-01-01 08:03:23 +00:00 · 2025-12-18 19:43:03 +01:00
parent 2b742b0343
commit a92d7ac129
22 changed files with 1283 additions and 50 deletions
--- a/src/Infrastructure.EntityFramework/Repositories/UserRepository.cs
+++ b/src/Infrastructure.EntityFramework/Repositories/UserRepository.cs
@@ -1,5 +1,7 @@
 using AutoMapper;
+using Bit.Core;
 using Bit.Core.Billing.Premium.Models;
+using Bit.Core.Enums;
 using Bit.Core.KeyManagement.Models.Data;
 using Bit.Core.KeyManagement.UserKey;
 using Bit.Core.Models.Data;
@@ -479,6 +481,35 @@ public class UserRepository : Repository<Core.Entities.User, User, Guid>, IUserR
        }
    }

+    public UpdateUserData SetKeyConnectorUserKey(Guid userId, string keyConnectorWrappedUserKey)
+    {
+        return async (_, _) =>
+        {
+            using var scope = ServiceScopeFactory.CreateScope();
+            var dbContext = GetDatabaseContext(scope);
+
+            var userEntity = await dbContext.Users.FindAsync(userId);
+            if (userEntity == null)
+            {
+                throw new ArgumentException("User not found", nameof(userId));
+            }
+
+            var timestamp = DateTime.UtcNow;
+
+            userEntity.Key = keyConnectorWrappedUserKey;
+            // Key Connector does not use KDF, so we set some defaults
+            userEntity.Kdf = KdfType.Argon2id;
+            userEntity.KdfIterations = AuthConstants.ARGON2_ITERATIONS.Default;
+            userEntity.KdfMemory = AuthConstants.ARGON2_MEMORY.Default;
+            userEntity.KdfParallelism = AuthConstants.ARGON2_PARALLELISM.Default;
+            userEntity.UsesKeyConnector = true;
+            userEntity.RevisionDate = timestamp;
+            userEntity.AccountRevisionDate = timestamp;
+
+            await dbContext.SaveChangesAsync();
+        };
+    }
+
    private static void MigrateDefaultUserCollectionsToShared(DatabaseContext dbContext, IEnumerable<Guid> userIds)
    {
        var defaultCollections = (from c in dbContext.Collections