[SM-1927] Updating code so that if the machine acct name is corrupted data (#19898)

* Updating code so that if the machine acct name is corrupted data it doesn't lock users out of the list views

* Adding logging

* Fixing bugs with corrupted machine accounts preventing export

bitwarden_license/bit-web/src/app/secrets-manager/models/view/service-account.view.ts

@@ -6,6 +6,7 @@ export class ServiceAccountView {
   name: string;
   creationDate: string;
   revisionDate: string;
+  decryptionError: boolean = false;
 }
 
 export class ServiceAccountSecretsDetailsView extends ServiceAccountView {

bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-account.service.ts

@@ -7,8 +7,12 @@ import { ApiService } from "@bitwarden/common/abstractions/api.service";
 import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
 import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { EncryptService } from "@bitwarden/common/key-management/crypto/abstractions/encrypt.service";
-import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
+import {
+  DECRYPT_ERROR,
+  EncString,
+} from "@bitwarden/common/key-management/crypto/models/enc-string";
 import { ListResponse } from "@bitwarden/common/models/response/list.response";
+import { LogService } from "@bitwarden/common/platform/abstractions/log.service";
 import { SymmetricCryptoKey } from "@bitwarden/common/platform/models/domain/symmetric-crypto-key";
 import { OrganizationId } from "@bitwarden/common/types/guid";
 import { KeyService } from "@bitwarden/key-management";
@@ -38,6 +42,7 @@ export class ServiceAccountService {
     private apiService: ApiService,
     private encryptService: EncryptService,
     private accountService: AccountService,
+    private logService: LogService,
   ) {}
 
   private getOrganizationKey$(organizationId: string) {
@@ -167,12 +172,18 @@ export class ServiceAccountService {
     serviceAccountView.organizationId = serviceAccountResponse.organizationId;
     serviceAccountView.creationDate = serviceAccountResponse.creationDate;
     serviceAccountView.revisionDate = serviceAccountResponse.revisionDate;
-    serviceAccountView.name = serviceAccountResponse.name
-      ? await this.encryptService.decryptString(
-          new EncString(serviceAccountResponse.name),
-          organizationKey,
-        )
-      : null;
+
+    if (serviceAccountResponse.name) {
+      const name = await this.decryptField(
+        new EncString(serviceAccountResponse.name),
+        organizationKey,
+      );
+      serviceAccountView.name = name.value;
+      serviceAccountView.decryptionError = name.error;
+    } else {
+      serviceAccountView.name = null;
+    }
+
     return serviceAccountView;
   }
 
@@ -186,9 +197,15 @@ export class ServiceAccountService {
     view.creationDate = response.creationDate;
     view.revisionDate = response.revisionDate;
     view.accessToSecrets = response.accessToSecrets;
-    view.name = response.name
-      ? await this.encryptService.decryptString(new EncString(response.name), organizationKey)
-      : null;
+
+    if (response.name) {
+      const name = await this.decryptField(new EncString(response.name), organizationKey);
+      view.name = name.value;
+      view.decryptionError = name.error;
+    } else {
+      view.name = null;
+    }
+
     return view;
   }
 
@@ -203,4 +220,17 @@ export class ServiceAccountService {
       }),
     );
   }
+
+  private async decryptField(
+    encString: EncString,
+    organizationKey: SymmetricCryptoKey,
+  ): Promise<{ value: string; error: boolean }> {
+    try {
+      const decrypted = await this.encryptService.decryptString(encString, organizationKey);
+      return { value: decrypted, error: false };
+    } catch (error) {
+      this.logService.error("Error decrypting service account field", error);
+      return { value: DECRYPT_ERROR, error: true };
+    }
+  }
 }

bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-accounts-list.component.html

@@ -58,9 +58,31 @@
         <i class="bwi bwi-wrench tw-text-muted" aria-hidden="true"></i>
       </td>
       <td bitCell class="tw-break-all">
-        <a bitLink [routerLink]="serviceAccount.id">
-          {{ serviceAccount.name }}
-        </a>
+        @if (serviceAccount.decryptionError) {
+          <span
+            class="tw-cursor-pointer tw-text-warning tw-underline"
+            role="button"
+            tabindex="0"
+            [title]="'clickToRenameServiceAccount' | i18n"
+            [attr.aria-label]="'clickToRenameServiceAccount' | i18n"
+            (click)="editServiceAccountEvent.emit(serviceAccount.id); $event.stopPropagation()"
+            (keydown.enter)="
+              editServiceAccountEvent.emit(serviceAccount.id); $event.stopPropagation()
+            "
+            (keydown.space)="
+              editServiceAccountEvent.emit(serviceAccount.id);
+              $event.stopPropagation();
+              $event.preventDefault()
+            "
+          >
+            {{ serviceAccount.name }}
+            <i class="bwi bwi-pencil-square tw-ml-1" aria-hidden="true"></i>
+          </span>
+        } @else {
+          <a bitLink [routerLink]="serviceAccount.id">
+            {{ serviceAccount.name }}
+          </a>
+        }
       </td>
       <td bitCell>
         <span> {{ serviceAccount.accessToSecrets }} </span>

bitwarden_license/bit-web/src/app/secrets-manager/settings/services/sm-porting-api.service.ts

@@ -163,12 +163,18 @@ export class SecretsManagerPortingApiService {
       exportData.secrets.map(async (s) => {
         const secret = new SecretsManagerExportSecret();
 
-        [secret.key, secret.value, secret.note] = await Promise.all([
+        const decryptionResults = await Promise.allSettled([
           this.encryptService.decryptString(new EncString(s.key), orgKey),
           this.encryptService.decryptString(new EncString(s.value), orgKey),
           this.encryptService.decryptString(new EncString(s.note), orgKey),
         ]);
 
+        secret.key =
+          decryptionResults[0].status === "fulfilled" ? decryptionResults[0].value : DECRYPT_ERROR;
+        secret.value =
+          decryptionResults[1].status === "fulfilled" ? decryptionResults[1].value : DECRYPT_ERROR;
+        secret.note =
+          decryptionResults[2].status === "fulfilled" ? decryptionResults[2].value : DECRYPT_ERROR;
         secret.id = s.id;
         secret.projectIds = s.projectIds;
 

bitwarden_license/bit-web/src/app/secrets-manager/shared/access-policies/access-policy.service.ts

@@ -412,15 +412,21 @@ export class AccessPolicyService {
   ): Promise<ServiceAccountAccessPolicyView[]> {
     return await Promise.all(
       responses.map(async (response) => {
+        let serviceAccountName = null;
+        if (response.serviceAccountName) {
+          try {
+            serviceAccountName = await this.encryptService.decryptString(
+              new EncString(response.serviceAccountName),
+              orgKey,
+            );
+          } catch {
+            serviceAccountName = DECRYPT_ERROR;
+          }
+        }
         return {
           ...this.createBaseAccessPolicyView(response),
           serviceAccountId: response.serviceAccountId,
-          serviceAccountName: response.serviceAccountName
-            ? await this.encryptService.decryptString(
-                new EncString(response.serviceAccountName),
-                orgKey,
-              )
-            : null,
+          serviceAccountName,
         };
       }),
     );