Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PM-6789] add legacy user key state #9274

Closed
wants to merge 2 commits into from
Closed

[PM-6789] add legacy user key state #9274

wants to merge 2 commits into from
+28 −8

Conversation

jlf0dev
Copy link
Member

@jlf0dev jlf0dev commented May 20, 2024

Type of change

- [x] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

When we migrated private keys to state providers, we didn't account for legacy user keys. Without being able to decrypt the private key using the legacy key (master key) we couldn't migrate the legacy users. This adds a activeUserKeyWithLegacySupport$ observable to pass in the derived state so it can correctly decrypt the private key.

Code changes

  • file.ext: Description of what was changed and why

Screenshots

Before you submit

  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team
  • Ensure that all UI additions follow WCAG AA requirements

@jlf0dev jlf0dev requested review from a team as code owners May 20, 2024 18:18
@github-actions github-actions bot added the needs-qa Marks a PR as requiring QA approval label May 20, 2024
@jlf0dev
Copy link
Member Author

jlf0dev commented May 20, 2024

@MGibson1 I know we discussed moving out all the legacy code from the crypto service, but that ended up being quite the overhaul. Considering this should be the final step before removing all the legacy code, I wanted to throw this up as an option.

@codecov Codecov
Copy link

codecov bot commented May 20, 2024
edited

Codecov Report

Attention: Patch coverage is 60.00000% with 4 lines in your changes are missing coverage. Please review.

Project coverage is 28.15%. Comparing base (97c7ef3) to head (7ab130a).
Report is 43 commits behind head on main.

Files Patch % Lines
...ibs/common/src/platform/services/crypto.service.ts 60.00% 4 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #9274      +/-   ##
==========================================
+ Coverage   27.91%   28.15%   +0.23%     
==========================================
  Files        2356     2369      +13     
  Lines       69622    70034     +412     
  Branches    13117    13161      +44     
==========================================
+ Hits        19435    19716     +281     
- Misses      48647    48759     +112     
- Partials     1540     1559      +19

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 20, 2024
edited

Logo
Checkmarx One – Scan Summary & Details357cd8e6-9269-4929-a2f1-9adcc48792c7

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.ts: 70 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.ts: 80 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.ts: 149 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.ts: 138 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.ts: 30 Attack Vector
MEDIUM Client_Privacy_Violation /apps/web/src/app/billing/shared/add-credit.component.html: 46 Attack Vector

Fixed Issues

Severity Issue Source File / Package
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: 473
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: 465
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: 481
MEDIUM Unpinned Actions Full Length Commit SHA /version-bump.yml: 457

ike-kottlowski
ike-kottlowski previously approved these changes May 20, 2024
View reviewed changes
Copy link
Contributor

@ike-kottlowski ike-kottlowski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auth changes are good.

MGibson1
MGibson1 requested changes May 21, 2024
View reviewed changes
libs/common/src/platform/services/crypto.service.ts Outdated
Comment on lines 113 to 115
if (await this.isLegacyUser(null, userId)) {
return await this.getUserKeyWithLegacySupport(userId);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue: please use master password service directly rather than this, which causes a weird cycle on activeUserKey$.

I would just switch map a few times from user id -> master key -> async is legacy user with a function that returns the master key again

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed!

MGibson1
MGibson1 requested changes May 23, 2024
View reviewed changes
libs/common/src/platform/services/crypto.service.ts
Comment on lines +117 to +119
if (await this.isLegacyUser(masterKey, userId)) {
return masterKey;
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not just call validate -- you have all the data

What is returned if neither pass?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Good point, sure why not.
  2. We could return userKey (really whatever the state provider should give us if there was no userKey). The userKey nullish check should happen before we check for legacy users. So we're not doing extra computation on every request.

@justindbaur
Copy link
Member

Heads up, I am working on some changes right now that are actually going to get rid of activeUserKey$ in favor of a method that requires a user id. If the main goal of this is that the encrypted private key needs to allow for the user of the master key for legacy reasons I can take care of that in my changes. I would need an answer to Matt's question before finishing it though.

@jlf0dev
Copy link
Member Author

jlf0dev commented May 23, 2024

@justindbaur That'd be awesome, can you add me on that PR? I can close this in favor of that one.

@jlf0dev
Copy link
Member Author

jlf0dev commented May 28, 2024

Closing in favor of #9364

@jlf0dev jlf0dev closed this May 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MGibson1 MGibson1 MGibson1 requested changes

@ike-kottlowski ike-kottlowski ike-kottlowski approved these changes

Assignees
No one assigned
Labels
needs-qa Marks a PR as requiring QA approval
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jlf0dev @justindbaur @MGibson1 @ike-kottlowski