diff --git a/apps/web/src/app/auth/settings/change-password.component.ts b/apps/web/src/app/auth/settings/change-password.component.ts index 2cc7c101d0..536a323451 100644 --- a/apps/web/src/app/auth/settings/change-password.component.ts +++ b/apps/web/src/app/auth/settings/change-password.component.ts @@ -194,7 +194,7 @@ export class ChangePasswordComponent HashPurpose.LocalAuthorization, ); - const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey); + const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey, userId); if (userKey == null) { this.toastService.showToast({ variant: "error", diff --git a/libs/angular/src/auth/components/lock.component.ts b/libs/angular/src/auth/components/lock.component.ts index 5fc8f51d57..2f34e926e5 100644 --- a/libs/angular/src/auth/components/lock.component.ts +++ b/libs/angular/src/auth/components/lock.component.ts @@ -268,6 +268,7 @@ export class LockComponent implements OnInit, OnDestroy { const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey( response.masterKey, + userId, ); await this.setUserKeyAndContinue(userKey, userId, true); } diff --git a/libs/angular/src/auth/guards/auth.guard.ts b/libs/angular/src/auth/guards/auth.guard.ts index 1486b9b57d..facfbff6cf 100644 --- a/libs/angular/src/auth/guards/auth.guard.ts +++ b/libs/angular/src/auth/guards/auth.guard.ts @@ -28,6 +28,7 @@ export const authGuard: CanActivateFn = async ( const masterPasswordService = inject(MasterPasswordServiceAbstraction); const authStatus = await authService.getAuthStatus(); + x; if (authStatus === AuthenticationStatus.LoggedOut) { messagingService.send("authBlocked", { url: routerState.url }); diff --git a/libs/auth/src/angular/lock/lock.component.ts b/libs/auth/src/angular/lock/lock.component.ts index 33d318ac05..49474c5459 100644 --- a/libs/auth/src/angular/lock/lock.component.ts +++ b/libs/auth/src/angular/lock/lock.component.ts @@ -481,6 +481,7 @@ export class LockV2Component implements OnInit, OnDestroy { const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey( masterPasswordVerificationResponse.masterKey, + this.activeAccount.id, ); await this.setUserKeyAndContinue(userKey, true); } diff --git a/libs/auth/src/common/login-strategies/auth-request-login.strategy.ts b/libs/auth/src/common/login-strategies/auth-request-login.strategy.ts index ae0024d218..32d0a4ec11 100644 --- a/libs/auth/src/common/login-strategies/auth-request-login.strategy.ts +++ b/libs/auth/src/common/login-strategies/auth-request-login.strategy.ts @@ -114,7 +114,10 @@ export class AuthRequestLoginStrategy extends LoginStrategy { private async trySetUserKeyWithMasterKey(userId: UserId): Promise { const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId)); if (masterKey) { - const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey); + const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey( + masterKey, + userId, + ); await this.cryptoService.setUserKey(userKey, userId); } } diff --git a/libs/auth/src/common/login-strategies/password-login.strategy.ts b/libs/auth/src/common/login-strategies/password-login.strategy.ts index 7f73898ff6..3858d00b1c 100644 --- a/libs/auth/src/common/login-strategies/password-login.strategy.ts +++ b/libs/auth/src/common/login-strategies/password-login.strategy.ts @@ -186,7 +186,10 @@ export class PasswordLoginStrategy extends LoginStrategy { const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId)); if (masterKey) { - const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey); + const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey( + masterKey, + userId, + ); await this.cryptoService.setUserKey(userKey, userId); } } diff --git a/libs/auth/src/common/login-strategies/sso-login.strategy.spec.ts b/libs/auth/src/common/login-strategies/sso-login.strategy.spec.ts index f5de10766c..94bbebf52c 100644 --- a/libs/auth/src/common/login-strategies/sso-login.strategy.spec.ts +++ b/libs/auth/src/common/login-strategies/sso-login.strategy.spec.ts @@ -499,7 +499,7 @@ describe("SsoLoginStrategy", () => { expect(masterPasswordService.mock.decryptUserKeyWithMasterKey).toHaveBeenCalledWith( masterKey, - undefined, + userId, undefined, ); expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey, userId); @@ -555,7 +555,7 @@ describe("SsoLoginStrategy", () => { expect(masterPasswordService.mock.decryptUserKeyWithMasterKey).toHaveBeenCalledWith( masterKey, - undefined, + userId, undefined, ); expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey, userId); diff --git a/libs/auth/src/common/login-strategies/sso-login.strategy.ts b/libs/auth/src/common/login-strategies/sso-login.strategy.ts index 5ddf7428d2..22d2a7b93a 100644 --- a/libs/auth/src/common/login-strategies/sso-login.strategy.ts +++ b/libs/auth/src/common/login-strategies/sso-login.strategy.ts @@ -338,7 +338,7 @@ export class SsoLoginStrategy extends LoginStrategy { return; } - const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey); + const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey, userId); await this.cryptoService.setUserKey(userKey, userId); } diff --git a/libs/auth/src/common/login-strategies/user-api-login.strategy.spec.ts b/libs/auth/src/common/login-strategies/user-api-login.strategy.spec.ts index d299a8e0ce..d71e842cbb 100644 --- a/libs/auth/src/common/login-strategies/user-api-login.strategy.spec.ts +++ b/libs/auth/src/common/login-strategies/user-api-login.strategy.spec.ts @@ -216,7 +216,7 @@ describe("UserApiLoginStrategy", () => { expect(masterPasswordService.mock.decryptUserKeyWithMasterKey).toHaveBeenCalledWith( masterKey, - undefined, + userId, undefined, ); expect(cryptoService.setUserKey).toHaveBeenCalledWith(userKey, userId); diff --git a/libs/auth/src/common/login-strategies/user-api-login.strategy.ts b/libs/auth/src/common/login-strategies/user-api-login.strategy.ts index 3b112c79a0..90127e66ec 100644 --- a/libs/auth/src/common/login-strategies/user-api-login.strategy.ts +++ b/libs/auth/src/common/login-strategies/user-api-login.strategy.ts @@ -69,7 +69,10 @@ export class UserApiLoginStrategy extends LoginStrategy { if (response.apiUseKeyConnector) { const masterKey = await firstValueFrom(this.masterPasswordService.masterKey$(userId)); if (masterKey) { - const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey); + const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey( + masterKey, + userId, + ); await this.cryptoService.setUserKey(userKey, userId); } } diff --git a/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts b/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts index 58dbae6d78..1c22fec0f2 100644 --- a/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts +++ b/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts @@ -200,7 +200,7 @@ describe("AuthRequestService", () => { ); expect(masterPasswordService.mock.decryptUserKeyWithMasterKey).toHaveBeenCalledWith( mockDecryptedMasterKey, - undefined, + mockUserId, undefined, ); expect(cryptoService.setUserKey).toHaveBeenCalledWith(mockDecryptedUserKey, mockUserId); diff --git a/libs/auth/src/common/services/auth-request/auth-request.service.ts b/libs/auth/src/common/services/auth-request/auth-request.service.ts index 51926d6598..0aae7a7753 100644 --- a/libs/auth/src/common/services/auth-request/auth-request.service.ts +++ b/libs/auth/src/common/services/auth-request/auth-request.service.ts @@ -150,7 +150,7 @@ export class AuthRequestService implements AuthRequestServiceAbstraction { ); // Decrypt and set user key in state - const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey); + const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey(masterKey, userId); // Set masterKey + masterKeyHash in state after decryption (in case decryption fails) await this.masterPasswordService.setMasterKey(masterKey, userId); diff --git a/libs/auth/src/common/services/pin/pin.service.implementation.ts b/libs/auth/src/common/services/pin/pin.service.implementation.ts index 39bb80e0b7..2a01802fa5 100644 --- a/libs/auth/src/common/services/pin/pin.service.implementation.ts +++ b/libs/auth/src/common/services/pin/pin.service.implementation.ts @@ -418,6 +418,7 @@ export class PinService implements PinServiceAbstraction { const userKey = await this.masterPasswordService.decryptUserKeyWithMasterKey( masterKey, + userId, encUserKey ? new EncString(encUserKey) : undefined, ); diff --git a/libs/common/src/auth/abstractions/master-password.service.abstraction.ts b/libs/common/src/auth/abstractions/master-password.service.abstraction.ts index bd4d73a0f2..c3a0f135a0 100644 --- a/libs/common/src/auth/abstractions/master-password.service.abstraction.ts +++ b/libs/common/src/auth/abstractions/master-password.service.abstraction.ts @@ -33,16 +33,16 @@ export abstract class MasterPasswordServiceAbstraction { /** * Decrypts the user key with the provided master key * @param masterKey The user's master key + * * @param userId The desired user * @param userKey The user's encrypted symmetric key - * @param userId The desired user * @throws If either the MasterKey or UserKey are not resolved, or if the UserKey encryption type * is neither AesCbc256_B64 nor AesCbc256_HmacSha256_B64 * @returns The user key */ abstract decryptUserKeyWithMasterKey: ( masterKey: MasterKey, + userId: string, userKey?: EncString, - userId?: string, ) => Promise; } diff --git a/libs/common/src/auth/services/master-password/fake-master-password.service.ts b/libs/common/src/auth/services/master-password/fake-master-password.service.ts index f57614f5d5..0357018e61 100644 --- a/libs/common/src/auth/services/master-password/fake-master-password.service.ts +++ b/libs/common/src/auth/services/master-password/fake-master-password.service.ts @@ -64,9 +64,9 @@ export class FakeMasterPasswordService implements InternalMasterPasswordServiceA decryptUserKeyWithMasterKey( masterKey: MasterKey, + userId: string, userKey?: EncString, - userId?: string, ): Promise { - return this.mock.decryptUserKeyWithMasterKey(masterKey, userKey, userId); + return this.mock.decryptUserKeyWithMasterKey(masterKey, userId, userKey); } } diff --git a/libs/common/src/auth/services/master-password/master-password.service.ts b/libs/common/src/auth/services/master-password/master-password.service.ts index e20c8c00e6..3a565e1c78 100644 --- a/libs/common/src/auth/services/master-password/master-password.service.ts +++ b/libs/common/src/auth/services/master-password/master-password.service.ts @@ -1,5 +1,7 @@ import { firstValueFrom, map, Observable } from "rxjs"; +import { LogService } from "@bitwarden/common/platform/abstractions/log.service"; + import { EncryptService } from "../../../platform/abstractions/encrypt.service"; import { KeyGenerationService } from "../../../platform/abstractions/key-generation.service"; import { StateService } from "../../../platform/abstractions/state.service"; @@ -55,6 +57,7 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr private stateService: StateService, private keyGenerationService: KeyGenerationService, private encryptService: EncryptService, + private logService: LogService, ) {} masterKey$(userId: UserId): Observable { @@ -149,10 +152,9 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr async decryptUserKeyWithMasterKey( masterKey: MasterKey, + userId: UserId, userKey?: EncString, - userId?: UserId, ): Promise { - userId ??= await firstValueFrom(this.stateProvider.activeUserId$); userKey ??= await this.getMasterKeyEncryptedUserKey(userId); masterKey ??= await firstValueFrom(this.masterKey$(userId)); @@ -185,6 +187,7 @@ export class MasterPasswordService implements InternalMasterPasswordServiceAbstr } if (decUserKey == null) { + this.logService.warning("Failed to decrypt user key with master key."); return null; }