Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PM-10607] Require userId for getKeyForCipherKeyDecryption #10509

Merged
merged 13 commits into from
Aug 20, 2024
Merged

[PM-10607] Require userId for getKeyForCipherKeyDecryption #10509

merged 13 commits into from
Aug 20, 2024

Conversation

gbubemismith
Copy link
Member

@gbubemismith gbubemismith commented Aug 14, 2024
edited
Loading

🎟️ Tracking

PM-10607

📔 Objective

Due to recent reports from some users getting "Error: Must provide key", a potential resolution for this is to stop using the deprecated version of getUserKeyWithLegacySupport in the getKeyForCipherKeyDecryption function and instead require userId to be passed down from components or services.

📸 Screenshots

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Aug 14, 2024
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailse6ad49fb-8d63-4f84-8226-51308cec7604

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.ts: 17 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.html: 8 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.html: 8 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.html: 8 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.ts: 47 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/reused-passwords-report.component.ts: 47 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/reused-passwords-report.component.html: 96 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/reused-passwords-report.component.ts: 19 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/weak-passwords-report.component.ts: 22 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.html: 8 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.html: 8 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.html: 8 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.html: 8 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.html: 8 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.html: 8 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.html: 8 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.html: 8 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.ts: 17 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.ts: 17 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.ts: 17 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.ts: 17 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.ts: 17 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.ts: 17 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.ts: 17 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/tools/reports/pages/breach-report.component.ts: 17 Attack Vector
LOW Client_DOM_Open_Redirect /apps/browser/src/tools/popup/send-v2/send-created/send-created.component.ts: 48 Attack Vector
LOW Client_JQuery_Deprecated_Symbols /apps/cli/src/models/response.ts: 36 Attack Vector
LOW Client_JQuery_Deprecated_Symbols /apps/cli/src/commands/get.command.ts: 149 Attack Vector
LOW Client_JQuery_Deprecated_Symbols /apps/cli/src/commands/get.command.ts: 142 Attack Vector
LOW Client_JQuery_Deprecated_Symbols /libs/importer/src/importers/base-importer.ts: 314 Attack Vector
LOW Client_JQuery_Deprecated_Symbols /apps/cli/src/commands/get.command.ts: 324 Attack Vector
LOW Client_JQuery_Deprecated_Symbols /libs/importer/src/services/import.service.ts: 455 Attack Vector
LOW Client_JQuery_Deprecated_Symbols /apps/cli/src/commands/download.command.ts: 22 Attack Vector

@gbubemismith gbubemismith marked this pull request as ready for review August 14, 2024 12:40
@gbubemismith gbubemismith requested review from a team as code owners August 14, 2024 12:40
@codecov Codecov
Copy link

codecov bot commented Aug 14, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 21.46119% with 172 lines in your changes missing coverage. Please review.

Project coverage is 32.79%. Comparing base (e5227c0) to head (05cbd23).
Report is 2 commits behind head on main.

✅ All tests successful. No failed tests found.

Files Patch % Lines
...ular/src/vault/components/attachments.component.ts 0.00% 11 Missing ⚠️
...rowser/src/autofill/popup/fido2/fido2.component.ts 0.00% 9 Missing ⚠️
...assign-collections/assign-collections.component.ts 0.00% 8 Missing ⚠️
apps/cli/src/commands/edit.command.ts 0.00% 7 Missing ⚠️
apps/cli/src/vault/create.command.ts 0.00% 7 Missing ⚠️
libs/common/src/vault/services/cipher.service.ts 30.00% 7 Missing ⚠️
...2/item-more-options/item-more-options.component.ts 0.00% 6 Missing ⚠️
...src/vault/popup/components/vault/view.component.ts 0.00% 6 Missing ⚠️
...ps/cli/src/admin-console/commands/share.command.ts 0.00% 6 Missing ⚠️
.../src/services/encrypted-message-handler.service.ts 0.00% 6 Missing ⚠️
... and 37 more
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #10509      +/-   ##
==========================================
- Coverage   32.83%   32.79%   -0.05%     
==========================================
  Files        2670     2670              
  Lines       81596    81769     +173     
  Branches    15381    15414      +33     
==========================================
+ Hits        26794    26816      +22     
- Misses      52745    52877     +132     
- Partials     2057     2076      +19

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

JaredSnider-Bitwarden
JaredSnider-Bitwarden previously approved these changes Aug 14, 2024
View reviewed changes
Copy link
Contributor

@JaredSnider-Bitwarden JaredSnider-Bitwarden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auth changes look good!

libs/common/src/platform/services/fido2/fido2-authenticator.service.spec.ts Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Non blocking informational: In case you didn't know, there is a nice helper function called mockAccountServiceWith(...) which makes it easy to mock AccountService context without having to stand up your own active account observable.

@JaredSnider-Bitwarden JaredSnider-Bitwarden removed the request for review from jlf0dev August 14, 2024 16:15
r-tome
r-tome previously approved these changes Aug 14, 2024
View reviewed changes
Copy link
Contributor

@r-tome r-tome left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AC changes look good!

cagonzalezcs
cagonzalezcs previously approved these changes Aug 14, 2024
View reviewed changes
justindbaur
justindbaur previously approved these changes Aug 14, 2024
View reviewed changes
r-tome
r-tome previously approved these changes Aug 20, 2024
View reviewed changes
cagonzalezcs
cagonzalezcs previously approved these changes Aug 20, 2024
View reviewed changes
justindbaur
justindbaur previously approved these changes Aug 20, 2024
View reviewed changes
audreyality
audreyality previously approved these changes Aug 20, 2024
View reviewed changes
@gbubemismith gbubemismith enabled auto-merge (squash) August 20, 2024 15:46
@gbubemismith gbubemismith merged commit dedd7f1 into main Aug 20, 2024
66 checks passed
@gbubemismith gbubemismith deleted the vault/PM-10607 branch August 20, 2024 16:00
cagonzalezcs pushed a commit that referenced this pull request Aug 22, 2024
@gbubemismith @cagonzalezcs
[PM-10607] Require userId for getKeyForCipherKeyDecryption (#10509)
d3137cb 
* updated cipher service to stop using the deprecated getUserKeyWithLegacySupport and use the version that requires a user id

* Added account service mock

* fixed cipher test

* Fixed test

* removed async from encryptCipher

* updated encryptSharedCipher to pass userId to the encrypt function

* Pass userId to getUserKeyWithLegacySupport on encryptSharedCipher

* pass in userid when setting masterKeyEncryptedUserKey

* Added activer usedId to new web refresh function
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@audreyality audreyality audreyality approved these changes

@shane-melton shane-melton shane-melton approved these changes

@cagonzalezcs cagonzalezcs cagonzalezcs approved these changes

@justindbaur justindbaur justindbaur approved these changes

@vincentsalucci vincentsalucci vincentsalucci approved these changes

@JaredSnider-Bitwarden JaredSnider-Bitwarden JaredSnider-Bitwarden approved these changes

@LRNcardozoWDF LRNcardozoWDF Awaiting requested review from LRNcardozoWDF LRNcardozoWDF is a code owner automatically assigned from bitwarden/team-vault-dev

@ttalty ttalty Awaiting requested review from ttalty

@eliykat eliykat Awaiting requested review from eliykat

@MGibson1 MGibson1 Awaiting requested review from MGibson1

@r-tome r-tome Awaiting requested review from r-tome

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.