[PM-5963] Fix tde offboarding vault corruption (#9480)

* Fix tde offboarding * Add tde offboarding password request * Add event for tde offboarding * Update libs/auth/src/common/models/domain/user-decryption-options.ts Co-authored-by: Jake Fink <jfink@bitwarden.com> * Update libs/common/src/services/api.service.ts Co-authored-by: Jake Fink <jfink@bitwarden.com> * Make tde offboarding take priority * Update tde offboarding message * Fix unit tests * Fix unit tests * Fix typo * Fix unit tests --------- Co-authored-by: Jake Fink <jfink@bitwarden.com>
2026-02-12 20:05:14 +08:00 · 2024-08-02 01:48:09 +02:00
parent d26ea1be5f
commit c6229abd12
19 changed files with 94 additions and 17 deletions
--- a/libs/angular/src/auth/components/update-temp-password.component.ts
+++ b/libs/angular/src/auth/components/update-temp-password.component.ts
@@ -12,6 +12,7 @@ import { UserVerificationService } from "@bitwarden/common/auth/abstractions/use
 import { VerificationType } from "@bitwarden/common/auth/enums/verification-type";
 import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
 import { PasswordRequest } from "@bitwarden/common/auth/models/request/password.request";
+import { UpdateTdeOffboardingPasswordRequest } from "@bitwarden/common/auth/models/request/update-tde-offboarding-password.request";
 import { UpdateTempPasswordRequest } from "@bitwarden/common/auth/models/request/update-temp-password.request";
 import { MasterPasswordVerification } from "@bitwarden/common/auth/types/verification";
 import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
@@ -97,9 +98,13 @@ export class UpdateTempPasswordComponent extends BaseChangePasswordComponent {
  }

  get masterPasswordWarningText(): string {
-    return this.reason == ForceSetPasswordReason.WeakMasterPassword
-      ? this.i18nService.t("updateWeakMasterPasswordWarning")
-      : this.i18nService.t("updateMasterPasswordWarning");
+    if (this.reason == ForceSetPasswordReason.WeakMasterPassword) {
+      return this.i18nService.t("weakMasterPasswordWarning");
+    } else if (this.reason == ForceSetPasswordReason.TdeOffboarding) {
+      return this.i18nService.t("tdeDisabledMasterPasswordRequired");
+    } else {
+      return this.i18nService.t("masterPasswordWarning");
+    }
  }

  togglePassword(confirmField: boolean) {
@@ -165,6 +170,9 @@ export class UpdateTempPasswordComponent extends BaseChangePasswordComponent {
        case ForceSetPasswordReason.WeakMasterPassword:
          this.formPromise = this.updatePassword(masterPasswordHash, userKey);
          break;
+        case ForceSetPasswordReason.TdeOffboarding:
+          this.formPromise = this.updateTdeOffboardingPassword(masterPasswordHash, userKey);
+          break;
      }

      await this.formPromise;
@@ -211,4 +219,16 @@ export class UpdateTempPasswordComponent extends BaseChangePasswordComponent {

    return this.apiService.postPassword(request);
  }
+
+  private async updateTdeOffboardingPassword(
+    masterPasswordHash: string,
+    userKey: [UserKey, EncString],
+  ) {
+    const request = new UpdateTdeOffboardingPasswordRequest();
+    request.key = userKey[1].encryptedString;
+    request.newMasterPasswordHash = masterPasswordHash;
+    request.masterPasswordHint = this.hint;
+
+    return this.apiService.putUpdateTdeOffboardingPassword(request);
+  }
 }