[PM-33554] Don't log out when trust denied for sdk key rotation (#19961)

* Don't log out when trust denied

* Cleanup
This commit is contained in:
Bernd Schoolmann 2026-04-08 00:07:13 +09:00 committed by GitHub
parent 26cb88bd8c
commit f3aff99db5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 16 additions and 12 deletions

View File

@ -123,20 +123,23 @@ export class UserKeyRotationService {
this.logService.info(
"[UserKey Rotation] Using SDK-based key rotation service from user-crypto-management",
);
await this.sdkUserKeyRotationService.changePasswordAndRotateUserKey(
const success = await this.sdkUserKeyRotationService.changePasswordAndRotateUserKey(
currentMasterPassword,
newMasterPassword,
newMasterPasswordHint,
asUuid(user.id),
);
this.toastService.showToast({
variant: "success",
title: this.i18nService.t("rotationCompletedTitle"),
message: this.i18nService.t("rotationCompletedDesc"),
timeout: 15000,
});
await this.logoutService.logout(user.id);
if (success) {
this.toastService.showToast({
variant: "success",
title: this.i18nService.t("rotationCompletedTitle"),
message: this.i18nService.t("rotationCompletedDesc"),
timeout: 15000,
});
await this.logoutService.logout(user.id);
}
return;
}

View File

@ -28,7 +28,7 @@ export abstract class UserKeyRotationService {
newMasterPassword: string,
hint: string | undefined,
userId: UserId,
): Promise<void>;
): Promise<boolean>;
/**
* Verifies the trust of organizations and emergency access users by prompting the user.

View File

@ -33,17 +33,17 @@ export class DefaultUserKeyRotationService implements UserKeyRotationService {
newMasterPassword: string,
hint: string | undefined,
userId: UserId,
): Promise<void> {
): Promise<boolean> {
// First, the provided organizations and emergency access users need to be verified;
// this is currently done by providing the user a manual confirmation dialog.
const { wasTrustDenied, trustedOrganizationPublicKeys, trustedEmergencyAccessUserPublicKeys } =
await this.verifyTrust(userId);
if (wasTrustDenied) {
this.logService.info("[Userkey rotation] Trust was denied by user. Aborting!");
return;
return false;
}
return firstValueFrom(
return await firstValueFrom(
this.sdkService.userClient$(userId).pipe(
map(async (sdk) => {
if (!sdk) {
@ -63,6 +63,7 @@ export class DefaultUserKeyRotationService implements UserKeyRotationService {
trusted_emergency_access_public_keys: trustedEmergencyAccessUserPublicKeys,
trusted_organization_public_keys: trustedOrganizationPublicKeys,
} as RotateUserKeysRequest);
return true;
}),
catchError((error: unknown) => {
this.logService.error(`Failed to rotate user keys: ${error}`);