[PM-5938] Prevent vault coruption on key-rotation on desycned vault (#9235)

* Prevent key-rotation when local vault is desynced

* Prevent key-rotation on non-decrypted vault

* Remove cipher check that is done on server side

apps/web/src/app/auth/key-rotation/user-key-rotation.service.spec.ts

@@ -17,6 +17,7 @@ import { UserId } from "@bitwarden/common/types/guid";
 import { UserKey } from "@bitwarden/common/types/key";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
+import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { CipherType } from "@bitwarden/common/vault/enums/cipher-type";
 import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
 import { Folder } from "@bitwarden/common/vault/models/domain/folder";
@@ -49,6 +50,7 @@ describe("KeyRotationService", () => {
   let mockStateService: MockProxy<StateService>;
   let mockConfigService: MockProxy<ConfigService>;
   let mockKdfConfigService: MockProxy<KdfConfigService>;
+  let mockSyncService: MockProxy<SyncService>;
 
   const mockUserId = Utils.newGuid() as UserId;
   const mockAccountService: FakeAccountService = mockAccountServiceWith(mockUserId);
@@ -68,6 +70,7 @@ describe("KeyRotationService", () => {
     mockStateService = mock<StateService>();
     mockConfigService = mock<ConfigService>();
     mockKdfConfigService = mock<KdfConfigService>();
+    mockSyncService = mock<SyncService>();
 
     keyRotationService = new UserKeyRotationService(
       mockMasterPasswordService,
@@ -83,6 +86,7 @@ describe("KeyRotationService", () => {
       mockStateService,
       mockAccountService,
       mockKdfConfigService,
+      mockSyncService,
     );
   });
 

apps/web/src/app/auth/key-rotation/user-key-rotation.service.ts

@@ -13,6 +13,7 @@ import { SendService } from "@bitwarden/common/tools/send/services/send.service.
 import { UserKey } from "@bitwarden/common/types/key";
 import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
 import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
+import { SyncService } from "@bitwarden/common/vault/abstractions/sync/sync.service.abstraction";
 import { CipherWithIdRequest } from "@bitwarden/common/vault/models/request/cipher-with-id.request";
 import { FolderWithIdRequest } from "@bitwarden/common/vault/models/request/folder-with-id.request";
 
@@ -38,6 +39,7 @@ export class UserKeyRotationService {
     private stateService: StateService,
     private accountService: AccountService,
     private kdfConfigService: KdfConfigService,
+    private syncService: SyncService,
   ) {}
 
   /**
@@ -49,6 +51,12 @@ export class UserKeyRotationService {
       throw new Error("Invalid master password");
     }
 
+    if ((await this.syncService.getLastSync()) === null) {
+      throw new Error(
+        "The local vault is de-synced and the keys cannot be rotated. Please log out and log back in to resolve this issue.",
+      );
+    }
+
     // Create master key to validate the master password
     const masterKey = await this.cryptoService.makeMasterKey(
       masterPassword,