From f3aff99db5ad9e6ca863094965a14ba446af807d Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Wed, 8 Apr 2026 00:07:13 +0900 Subject: [PATCH] [PM-33554] Don't log out when trust denied for sdk key rotation (#19961) * Don't log out when trust denied * Cleanup --- .../key-rotation/user-key-rotation.service.ts | 19 +++++++++++-------- .../user-key-rotation.service.abstraction.ts | 2 +- .../src/user-key-rotation.service.ts | 7 ++++--- 3 files changed, 16 insertions(+), 12 deletions(-) diff --git a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts index 26dcacd8f11..22b816a8632 100644 --- a/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts +++ b/apps/web/src/app/key-management/key-rotation/user-key-rotation.service.ts @@ -123,20 +123,23 @@ export class UserKeyRotationService { this.logService.info( "[UserKey Rotation] Using SDK-based key rotation service from user-crypto-management", ); - await this.sdkUserKeyRotationService.changePasswordAndRotateUserKey( + const success = await this.sdkUserKeyRotationService.changePasswordAndRotateUserKey( currentMasterPassword, newMasterPassword, newMasterPasswordHint, asUuid(user.id), ); - this.toastService.showToast({ - variant: "success", - title: this.i18nService.t("rotationCompletedTitle"), - message: this.i18nService.t("rotationCompletedDesc"), - timeout: 15000, - }); - await this.logoutService.logout(user.id); + if (success) { + this.toastService.showToast({ + variant: "success", + title: this.i18nService.t("rotationCompletedTitle"), + message: this.i18nService.t("rotationCompletedDesc"), + timeout: 15000, + }); + + await this.logoutService.logout(user.id); + } return; } diff --git a/libs/user-crypto-management/src/user-key-rotation.service.abstraction.ts b/libs/user-crypto-management/src/user-key-rotation.service.abstraction.ts index 796af456526..d48e8f431dd 100644 --- a/libs/user-crypto-management/src/user-key-rotation.service.abstraction.ts +++ b/libs/user-crypto-management/src/user-key-rotation.service.abstraction.ts @@ -28,7 +28,7 @@ export abstract class UserKeyRotationService { newMasterPassword: string, hint: string | undefined, userId: UserId, - ): Promise; + ): Promise; /** * Verifies the trust of organizations and emergency access users by prompting the user. diff --git a/libs/user-crypto-management/src/user-key-rotation.service.ts b/libs/user-crypto-management/src/user-key-rotation.service.ts index a1af0f7f80e..98d0c59b9b9 100644 --- a/libs/user-crypto-management/src/user-key-rotation.service.ts +++ b/libs/user-crypto-management/src/user-key-rotation.service.ts @@ -33,17 +33,17 @@ export class DefaultUserKeyRotationService implements UserKeyRotationService { newMasterPassword: string, hint: string | undefined, userId: UserId, - ): Promise { + ): Promise { // First, the provided organizations and emergency access users need to be verified; // this is currently done by providing the user a manual confirmation dialog. const { wasTrustDenied, trustedOrganizationPublicKeys, trustedEmergencyAccessUserPublicKeys } = await this.verifyTrust(userId); if (wasTrustDenied) { this.logService.info("[Userkey rotation] Trust was denied by user. Aborting!"); - return; + return false; } - return firstValueFrom( + return await firstValueFrom( this.sdkService.userClient$(userId).pipe( map(async (sdk) => { if (!sdk) { @@ -63,6 +63,7 @@ export class DefaultUserKeyRotationService implements UserKeyRotationService { trusted_emergency_access_public_keys: trustedEmergencyAccessUserPublicKeys, trusted_organization_public_keys: trustedOrganizationPublicKeys, } as RotateUserKeysRequest); + return true; }), catchError((error: unknown) => { this.logService.error(`Failed to rotate user keys: ${error}`);