PM-7745 - SSO Login Strategy - trySetUserKeyWithDeviceKey should use the user id from the IdTokenResponse and not StateService as I suspect it's not working as expected. Thinking there might be a race condition where the user id is null or maybe incorrect. (#8927)

2024-06-25 10:25:36 +02:00 · 2024-04-26 10:18:05 -04:00 · 2024-04-26 10:18:05 -04:00 · 7f5efcc18c
commit 7f5efcc18c
parent acea273f97
1 changed files with 5 additions and 4 deletions
--- a/libs/auth/src/common/login-strategies/sso-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/sso-login.strategy.ts
@ -244,7 +244,7 @@ export class SsoLoginStrategy extends LoginStrategy {

      // Only try to set user key with device key if admin approval request was not successful
      if (!hasUserKey) {
-        await this.trySetUserKeyWithDeviceKey(tokenResponse);
+        await this.trySetUserKeyWithDeviceKey(tokenResponse, userId);
      }
    } else if (
      masterKeyEncryptedUserKey != null &&
@ -312,11 +312,12 @@ export class SsoLoginStrategy extends LoginStrategy {
    }
  }

-  private async trySetUserKeyWithDeviceKey(tokenResponse: IdentityTokenResponse): Promise<void> {
+  private async trySetUserKeyWithDeviceKey(
+    tokenResponse: IdentityTokenResponse,
+    userId: UserId,
+  ): Promise<void> {
    const trustedDeviceOption = tokenResponse.userDecryptionOptions?.trustedDeviceOption;

-    const userId = (await this.stateService.getUserId()) as UserId;
-
    const deviceKey = await this.deviceTrustService.getDeviceKey(userId);
    const encDevicePrivateKey = trustedDeviceOption?.encryptedPrivateKey;
    const encUserKey = trustedDeviceOption?.encryptedUserKey;