diff --git a/apps/cli/src/bw.ts b/apps/cli/src/bw.ts index 29c1443a71..b19f367ae4 100644 --- a/apps/cli/src/bw.ts +++ b/apps/cli/src/bw.ts @@ -334,7 +334,7 @@ export class Main { ); const lockedCallback = async () => - await this.cryptoService.clearStoredKey(KeySuffixOptions.Auto); + await this.cryptoService.clearStoredUserKey(KeySuffixOptions.Auto); this.vaultTimeoutSettingsService = new VaultTimeoutSettingsService( this.cryptoService, diff --git a/apps/cli/src/commands/serve.command.ts b/apps/cli/src/commands/serve.command.ts index 92e8747bc3..bb5ecd495e 100644 --- a/apps/cli/src/commands/serve.command.ts +++ b/apps/cli/src/commands/serve.command.ts @@ -421,11 +421,14 @@ export class ServeCommand { this.processResponse(res, Response.error("You are not logged in.")); return true; } - if (await this.main.cryptoService.hasKeyInMemory()) { + if (await this.main.cryptoService.hasUserKeyInMemory()) { return false; - } else if (await this.main.cryptoService.hasKeyStored(KeySuffixOptions.Auto)) { + } else if (await this.main.cryptoService.hasUserKeyStored(KeySuffixOptions.Auto)) { // load key into memory - await this.main.cryptoService.getKey(); + const userAutoKey = await this.main.cryptoService.getUserKeyFromStorage( + KeySuffixOptions.Auto + ); + await this.main.cryptoService.setUserKey(userAutoKey); return false; } this.processResponse(res, Response.error("Vault is locked.")); diff --git a/apps/cli/src/program.ts b/apps/cli/src/program.ts index 700a31b3c6..9ca99b937d 100644 --- a/apps/cli/src/program.ts +++ b/apps/cli/src/program.ts @@ -597,11 +597,14 @@ export class Program { protected async exitIfLocked() { await this.exitIfNotAuthed(); - if (await this.main.cryptoService.hasKeyInMemory()) { + if (await this.main.cryptoService.hasUserKeyInMemory()) { return; - } else if (await this.main.cryptoService.hasKeyStored(KeySuffixOptions.Auto)) { + } else if (await this.main.cryptoService.hasUserKeyStored(KeySuffixOptions.Auto)) { // load key into memory - await this.main.cryptoService.getKey(); + const userAutoKey = await this.main.cryptoService.getUserKeyFromStorage( + KeySuffixOptions.Auto + ); + await this.main.cryptoService.setUserKey(userAutoKey); } else if (process.env.BW_NOINTERACTION !== "true") { // must unlock if (await this.main.keyConnectorService.getUsesKeyConnector()) { diff --git a/libs/common/src/platform/abstractions/crypto.service.ts b/libs/common/src/platform/abstractions/crypto.service.ts index af468eea93..995f00f73e 100644 --- a/libs/common/src/platform/abstractions/crypto.service.ts +++ b/libs/common/src/platform/abstractions/crypto.service.ts @@ -82,6 +82,12 @@ export abstract class CryptoService { * @param userId The desired user */ clearUserKey: (clearSecretStorage?: boolean, userId?: string) => Promise; + /** + * Clears the user's stored version of the user symmetric key + * @param keySuffix The desired version of the key to clear + * @param userId The desired user + */ + clearStoredUserKey: (keySuffix: KeySuffixOptions, userId?: string) => Promise; /** * Stores the master key encrypted user symmetric key * @param userSymKeyMasterKey The master key encrypted user symmetric key to set diff --git a/libs/common/src/platform/services/crypto.service.ts b/libs/common/src/platform/services/crypto.service.ts index c5e66cba07..86ea2f71f9 100644 --- a/libs/common/src/platform/services/crypto.service.ts +++ b/libs/common/src/platform/services/crypto.service.ts @@ -76,7 +76,7 @@ export class CryptoService implements CryptoServiceAbstraction { if (userKey != null) { if (!(await this.validateUserKey(userKey))) { this.logService.warning("Wrong key, throwing away stored key"); - await this.clearStoredUserKeys(userId); + await this.clearAllStoredUserKeys(userId); return null; } @@ -121,7 +121,21 @@ export class CryptoService implements CryptoServiceAbstraction { async clearUserKey(clearStoredKeys = true, userId?: string): Promise { await this.stateService.setUserSymKey(null, { userId: userId }); if (clearStoredKeys) { - await this.clearStoredUserKeys(userId); + await this.clearAllStoredUserKeys(userId); + } + } + + async clearStoredUserKey(keySuffix: KeySuffixOptions, userId?: string): Promise { + switch (keySuffix) { + case KeySuffixOptions.Auto: + this.stateService.setUserSymKeyAuto(null, { userId: userId }); + break; + case KeySuffixOptions.Biometric: + this.stateService.setUserSymKeyBiometric(null, { userId: userId }); + break; + case KeySuffixOptions.Pin: + this.stateService.setUserSymKeyPinEphemeral(null, { userId: userId }); + break; } } @@ -813,7 +827,7 @@ export class CryptoService implements CryptoServiceAbstraction { return [new SymmetricCryptoKey(newSymKey) as T, protectedSymKey]; } - private async clearStoredUserKeys(userId?: string): Promise { + private async clearAllStoredUserKeys(userId?: string): Promise { await this.stateService.setUserSymKeyAuto(null, { userId: userId }); await this.stateService.setUserSymKeyBiometric(null, { userId: userId }); await this.stateService.setUserSymKeyPinEphemeral(null, { userId: userId });