From 7963d3c99642f2690941b29b707a3d59a793f815 Mon Sep 17 00:00:00 2001 From: Jacob Fink Date: Thu, 8 Jun 2023 12:25:43 -0400 Subject: [PATCH] clean up the old pin keys in more flows - in the case that the app is updated while logged in and the user changes their pin, this will clear the old pin keys --- libs/angular/src/components/set-pin.component.ts | 1 + libs/common/src/platform/abstractions/crypto.service.ts | 3 ++- libs/common/src/platform/services/crypto.service.ts | 7 +++++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/libs/angular/src/components/set-pin.component.ts b/libs/angular/src/components/set-pin.component.ts index bb74c12240..687ad41b1a 100644 --- a/libs/angular/src/components/set-pin.component.ts +++ b/libs/angular/src/components/set-pin.component.ts @@ -50,6 +50,7 @@ export class SetPinComponent implements OnInit { } else { await this.stateService.setUserSymKeyPin(pinProtectedKey); } + await this.cryptoService.clearOldPinKeys(); this.modalRef.close(true); } diff --git a/libs/common/src/platform/abstractions/crypto.service.ts b/libs/common/src/platform/abstractions/crypto.service.ts index 9798defb0a..d2afdccc76 100644 --- a/libs/common/src/platform/abstractions/crypto.service.ts +++ b/libs/common/src/platform/abstractions/crypto.service.ts @@ -73,7 +73,8 @@ export abstract class CryptoService { makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, EncString]>; clearKeyPair: (memoryOnly?: boolean, userId?: string) => Promise; makePinKey: (pin: string, salt: string, kdf: KdfType, kdfConfig: KdfConfig) => Promise; - clearPinProtectedKey: () => Promise; + clearPinProtectedKey: (userId?: string) => Promise; + clearOldPinKeys: (userId?: string) => Promise; /** * Decrypts the user's symmetric key with their pin * @param pin The user's PIN diff --git a/libs/common/src/platform/services/crypto.service.ts b/libs/common/src/platform/services/crypto.service.ts index 06f5b75d6b..e27d28ee52 100644 --- a/libs/common/src/platform/services/crypto.service.ts +++ b/libs/common/src/platform/services/crypto.service.ts @@ -676,7 +676,12 @@ export class CryptoService implements CryptoServiceAbstraction { */ async clearPinProtectedKey(userId?: string): Promise { await this.stateService.setUserSymKeyPin(null, { userId: userId }); + await this.clearOldPinKeys(userId); + } + + async clearOldPinKeys(userId?: string): Promise { await this.stateService.setEncryptedPinProtected(null, { userId: userId }); + await this.stateService.setDecryptedPinProtected(null, { userId: userId }); } async decryptUserSymKeyWithPin( @@ -889,7 +894,6 @@ export class CryptoService implements CryptoServiceAbstraction { await this.stateService.setUserSymKeyAuto(key.keyB64, { userId: userId }); } else { await this.stateService.setUserSymKeyAuto(null, { userId: userId }); - await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId }); } const storePin = await this.shouldStoreKey(KeySuffixOptions.Pin, userId); @@ -897,7 +901,6 @@ export class CryptoService implements CryptoServiceAbstraction { await this.storePinKey(key); } else { await this.stateService.setUserSymKeyPin(null, { userId: userId }); - await this.stateService.setEncryptedPinProtected(null, { userId: userId }); } }