From 7f5efcc18cea94af4998f18afaecdc5aae9de580 Mon Sep 17 00:00:00 2001 From: Jared Snider <116684653+JaredSnider-Bitwarden@users.noreply.github.com> Date: Fri, 26 Apr 2024 10:18:05 -0400 Subject: [PATCH] PM-7745 - SSO Login Strategy - trySetUserKeyWithDeviceKey should use the user id from the IdTokenResponse and not StateService as I suspect it's not working as expected. Thinking there might be a race condition where the user id is null or maybe incorrect. (#8927) --- .../src/common/login-strategies/sso-login.strategy.ts | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/libs/auth/src/common/login-strategies/sso-login.strategy.ts b/libs/auth/src/common/login-strategies/sso-login.strategy.ts index c7cd9052f8..ad56d1ae51 100644 --- a/libs/auth/src/common/login-strategies/sso-login.strategy.ts +++ b/libs/auth/src/common/login-strategies/sso-login.strategy.ts @@ -244,7 +244,7 @@ export class SsoLoginStrategy extends LoginStrategy { // Only try to set user key with device key if admin approval request was not successful if (!hasUserKey) { - await this.trySetUserKeyWithDeviceKey(tokenResponse); + await this.trySetUserKeyWithDeviceKey(tokenResponse, userId); } } else if ( masterKeyEncryptedUserKey != null && @@ -312,11 +312,12 @@ export class SsoLoginStrategy extends LoginStrategy { } } - private async trySetUserKeyWithDeviceKey(tokenResponse: IdentityTokenResponse): Promise { + private async trySetUserKeyWithDeviceKey( + tokenResponse: IdentityTokenResponse, + userId: UserId, + ): Promise { const trustedDeviceOption = tokenResponse.userDecryptionOptions?.trustedDeviceOption; - const userId = (await this.stateService.getUserId()) as UserId; - const deviceKey = await this.deviceTrustService.getDeviceKey(userId); const encDevicePrivateKey = trustedDeviceOption?.encryptedPrivateKey; const encUserKey = trustedDeviceOption?.encryptedUserKey;