From 687ec0c4c011892410fca9e69f2baef827fb72c4 Mon Sep 17 00:00:00 2001
From: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com>
Date: Mon, 27 Nov 2023 13:33:15 -0500
Subject: [PATCH] PM-5001 - WebAuthn-Login.strategy - set user key should set
 the master key encrypted user key if it exists so that the passkey authN + MP
 decryption flow can work. (#6978)

---
 .../auth/login-strategies/webauthn-login.strategy.spec.ts  | 6 +++++-
 .../src/auth/login-strategies/webauthn-login.strategy.ts   | 7 +++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/libs/common/src/auth/login-strategies/webauthn-login.strategy.spec.ts b/libs/common/src/auth/login-strategies/webauthn-login.strategy.spec.ts
index 83de3b5d6a..5f7c8de025 100644
--- a/libs/common/src/auth/login-strategies/webauthn-login.strategy.spec.ts
+++ b/libs/common/src/auth/login-strategies/webauthn-login.strategy.spec.ts
@@ -179,7 +179,11 @@ describe("WebAuthnLoginStrategy", () => {
     // Act
     await webAuthnLoginStrategy.logIn(webAuthnCredentials);
 
-    // // Assert
+    // Assert
+    // Master key encrypted user key should be set
+    expect(cryptoService.setMasterKeyEncryptedUserKey).toHaveBeenCalledTimes(1);
+    expect(cryptoService.setMasterKeyEncryptedUserKey).toHaveBeenCalledWith(idTokenResponse.key);
+
     expect(cryptoService.decryptToBytes).toHaveBeenCalledTimes(1);
     expect(cryptoService.decryptToBytes).toHaveBeenCalledWith(
       idTokenResponse.userDecryptionOptions.webAuthnPrfOption.encryptedPrivateKey,
diff --git a/libs/common/src/auth/login-strategies/webauthn-login.strategy.ts b/libs/common/src/auth/login-strategies/webauthn-login.strategy.ts
index 8d47be0197..3c8a3cf73c 100644
--- a/libs/common/src/auth/login-strategies/webauthn-login.strategy.ts
+++ b/libs/common/src/auth/login-strategies/webauthn-login.strategy.ts
@@ -15,6 +15,13 @@ export class WebAuthnLoginStrategy extends LoginStrategy {
   }
 
   protected override async setUserKey(idTokenResponse: IdentityTokenResponse) {
+    const masterKeyEncryptedUserKey = idTokenResponse.key;
+
+    if (masterKeyEncryptedUserKey) {
+      // set the master key encrypted user key if it exists
+      await this.cryptoService.setMasterKeyEncryptedUserKey(masterKeyEncryptedUserKey);
+    }
+
     const userDecryptionOptions = idTokenResponse?.userDecryptionOptions;
 
     if (userDecryptionOptions?.webAuthnPrfOption) {