diff --git a/libs/common/src/platform/abstractions/crypto.service.ts b/libs/common/src/platform/abstractions/crypto.service.ts index a532dda116..d0114c8101 100644 --- a/libs/common/src/platform/abstractions/crypto.service.ts +++ b/libs/common/src/platform/abstractions/crypto.service.ts @@ -34,6 +34,7 @@ export abstract class CryptoService { kdf: KdfType, KdfConfig: KdfConfig ) => Promise; + clearMasterKey: (userId?: string) => Promise; encryptUserSymKeyWithMasterKey: ( masterKey: MasterKey, userSymKey?: UserSymKey diff --git a/libs/common/src/platform/services/crypto.service.ts b/libs/common/src/platform/services/crypto.service.ts index 81dc054300..39206f263b 100644 --- a/libs/common/src/platform/services/crypto.service.ts +++ b/libs/common/src/platform/services/crypto.service.ts @@ -66,7 +66,7 @@ export class CryptoService implements CryptoServiceAbstraction { */ async setUserKey(key: UserSymKey, userId?: string): Promise { await this.stateService.setUserSymKey(key, { userId: userId }); - // TODO: Should we include additional keys here? When we set the memory key from storage, + // TODO(Jake): Should we include additional keys here? When we set the memory key from storage, // it will reset the keys in storage as well await this.storeAdditionalKeys(key, userId); } @@ -181,7 +181,7 @@ export class CryptoService implements CryptoServiceAbstraction { * @param userId The desired user */ async setUserSymKeyMasterKey(userSymKeyMasterKey: string, userId?: string): Promise { - // TODO: is this the best way to handle this from the identity token? + // TODO(Jake): is this the best way to handle this from the identity token? await this.stateService.setUserSymKeyMasterKey(userSymKeyMasterKey, { userId: userId }); } @@ -219,6 +219,14 @@ export class CryptoService implements CryptoServiceAbstraction { return (await this.makeKey(password, email, kdf, KdfConfig)) as MasterKey; } + /** + * Clears the user's master key + * @param userId The desired user + */ + async clearMasterKey(userId?: string): Promise { + await this.stateService.setMasterKey(null, { userId: userId }); + } + /** * Encrypts the existing (or provided) user symmetric key with the * provided master key @@ -246,7 +254,7 @@ export class CryptoService implements CryptoServiceAbstraction { throw new Error("No Master Key found."); } - // TODO: Do we need to let this be passed in as well? + // TODO(Jake): Do we need to let this be passed in as well? const userSymKeyMasterKey = await this.stateService.getUserSymKeyMasterKey({ userId: userId }); if (userSymKeyMasterKey == null) { throw new Error("No User Key found."); @@ -266,7 +274,7 @@ export class CryptoService implements CryptoServiceAbstraction { return null; } - // TODO: Do we want to set the user key here? + // TODO(Jake): Do we want to set the user key here? return new SymmetricCryptoKey(decUserKey) as UserSymKey; } diff --git a/libs/common/src/services/vaultTimeout/vaultTimeout.service.ts b/libs/common/src/services/vaultTimeout/vaultTimeout.service.ts index 169273bdfd..dbe53e027d 100644 --- a/libs/common/src/services/vaultTimeout/vaultTimeout.service.ts +++ b/libs/common/src/services/vaultTimeout/vaultTimeout.service.ts @@ -87,10 +87,10 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction { await this.stateService.setEverBeenUnlocked(true, { userId: userId }); await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId }); - await this.cryptoService.clearKey(false, userId); + await this.cryptoService.clearUserKey(false, userId); + await this.cryptoService.clearMasterKey(userId); await this.cryptoService.clearOrgKeys(true, userId); await this.cryptoService.clearKeyPair(true, userId); - await this.cryptoService.clearEncKey(true, userId); await this.cipherService.clearCache(userId); await this.collectionService.clearCache(userId);