mirror of
https://github.com/bitwarden/server.git
synced 2026-06-08 14:33:23 -05:00
a2e4b8d8cc
* PM-32102 - Add PrepareClearMasterPassword to IMasterPasswordService Introduces an opinionated in-memory mutation that nulls MasterPassword and MasterPasswordSalt together, preserving the credential/salt invariant. Updates RevisionDate and AccountRevisionDate; intentionally leaves LastPasswordChangeDate untouched since this is credential removal rather than a password change. * PM-32102 - Add ConvertUserToKeyConnectorCommand Extracts the Key Connector conversion logic into a dedicated command in the Key Management domain, mirroring the SetKeyConnectorKeyCommand pattern. The command composes IMasterPasswordService.PrepareClearMasterPassword to clear the credential — including the salt — before flipping UsesKeyConnector, optionally writing the wrapped user key, persisting, and emitting the migration event. * PM-32102 - Wire AccountsKeyManagementController to ConvertUserToKeyConnectorCommand Injects IConvertUserToKeyConnectorCommand and switches both PostConvertToKeyConnectorAsync and PostEnrollToKeyConnectorAsync to use it instead of IUserService.ConvertToKeyConnectorAsync. Unit tests are retargeted to the new dependency. The integration tests now assert MasterPasswordSalt is nulled alongside MasterPassword, which is the behavior change the ticket exists to enforce. * PM-32102 - Remove ConvertToKeyConnectorAsync from UserService The method's only production callers were the two endpoints on AccountsKeyManagementController, which now depend on IConvertUserToKeyConnectorCommand directly. Deleting it continues the ongoing decomposition of UserService. CheckCanUseKeyConnector stays in place — it is still called by the legacy SetKeyConnectorKeyAsync, which is scheduled for removal in PM-27328. * PM-32102 - Rename CheckCanUseKeyConnector to ValidateCanUseKeyConnector Clarifies that a non-null return indicates a validation failure (null = success), per PR review feedback. Also renames the local variable from canUseResult to validationFailure so the conditional reads correctly without needing to inspect the helper. * PM-32102 - Add Constraints section to PrepareClearMasterPassword doc comment Brings the XML doc comment into parallel construction with the other Prepare methods on IMasterPasswordService by making the absence of caller preconditions explicit rather than a structural gap. * PM-32102 - Expand test coverage for Key Connector conversion path MasterPasswordService.PrepareClearMasterPassword: lock in that the method preserves Key/KDF/Hint, never rotates SecurityStamp, and is idempotent on an already-cleared user — invariants the conversion caller relies on. ConvertUserToKeyConnectorCommand: add cases for whitespace/empty wrapped-key passthrough, non-admin org membership succeeding, and multi-org membership where one role blocks; assert the specific IdentityError code on the already-converted failure path. * PM-32102 - Tighten Key Connector conversion test assertions Pin the second arg of ConvertAsync to null in the no-payload PostConvertToKeyConnectorAsync unit tests, and seed a non-null MasterPasswordSalt in the convert/enroll integration tests so the existing salt-clearing assertion meaningfully proves the new behavior. * PM-32102 - Clear MasterPasswordHint on Key Connector conversion The hint exists only to aid recall of the master password it points to. Once that password is removed (Key Connector conversion), the hint is meaningless and must not linger as orphaned PII tied to a credential that no longer exists. Extends IMasterPasswordService.PrepareClearMasterPassword to null MasterPasswordHint alongside MasterPassword and MasterPasswordSalt, updates the interface XML docs to advertise the new side effect, and propagates the assertion through MasterPasswordServiceTests, the ConvertUserToKeyConnectorCommand unit tests, and the AccountsKeyManagementController integration tests for both the convert-to-key-connector and key-connector/enroll success paths. Also extracts an ArrangeConvertibleUser test helper in the ConvertUserToKeyConnectorCommand suite to reduce the repeated baseline arrangement (UsesKeyConnector + credential + hint) across the four conversion-path tests. * PM-32102 - Delegate Key Connector eligibility check to IAuthorizationService Replace the private ValidateCanUseKeyConnector helper with a call to IAuthorizationService.AuthorizeAsync using KeyConnectorOperations.Use, matching the established pattern in SetKeyConnectorKeyCommand. ConvertAsync now returns Task instead of Task<IdentityResult> since all failure paths throw, allowing both controller endpoints to collapse to a single await. Unit tests are reshaped to the throw-only contract, parameterise the null/empty/whitespace wrapped-key cases, and stop faking PrepareClearMasterPassword — that contract is owned by MasterPasswordServiceTests.