[PM-35395] MasterPasswordService Key Management Integration#7637
Conversation
Master Password hash will be updated as a necessary side-effect of KDF configuration change, but should not be represented in the method naming to prevent confusion. This is for KDF-update flows only.
Mismatched salt should fail fast at the command level (existing). A defense-in-depth check also resides at ValidateDataForUser inside the MasterPasswordService.
🤖 Bitwarden Claude Code ReviewOverall Assessment: APPROVE Refactors Code Review DetailsNo new findings. |
| // LastPasswordChangeDate is intentionally not set: KDF rotation re-derives the authentication | ||
| // hash from the same password using new KDF parameters — the user's password has not changed. | ||
| var now = _timeProvider.GetUtcNow().UtcDateTime; | ||
| user.LastPasswordChangeDate = now; |
There was a problem hiding this comment.
This method incorrectly indexed on a change of hash to warrant an update to the LastPasswordChangeDate. KDF- and Master Password-change operations are separate, and LastPasswordChangeDate is intended to capture the user action/intent to change the Master Password.
LastKdfChangeDate is provided to separate these concerns.
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
| // Prevent a de-synced salt value from creating an un-decryptable unlock method | ||
| // Prevent a de-synced salt value from creating an un-decryptable unlock method. | ||
| // Also checked in the MasterPasswordService via UpdateExistingKdfConfigurationData.ValidateDataForUser. | ||
| authenticationData.ValidateSaltUnchangedForUser(user); |
There was a problem hiding this comment.
MasterPasswordService will perform salt-unchanged validation for authentication and unlock data requests consistently. That makes this check (now) an additional check of the same.
I have elected not to remove it from the command at this time, considering that up to Key Management's discretion.
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## auth/pm-35393/master-password-service-auth-integration #7637 +/- ##
==========================================================================================
- Coverage 59.87% 59.86% -0.02%
==========================================================================================
Files 2124 2124
Lines 93469 93463 -6
Branches 8307 8307
==========================================================================================
- Hits 55965 55950 -15
- Misses 35527 35534 +7
- Partials 1977 1979 +2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
enmande
requested review from
JaredSnider-Bitwarden,
ike-kottlowski and
mzieniukbw
and removed request for
a team and
JaredSnider-Bitwarden
1 participant
🎟️ Tracking
PM-35395
📔 Objective
Refactors the Change-KDF flow to use the new
MasterPasswordService, routing throughSaveUpdateKdfConfigurationAsync(source).📓 Note the name change from the base branch of invoked method to
SaveUpdateKdfConfigurationAsync.At implementation time, it was decided
SaveUpdateMasterPasswordAndKdfAsyncwas not an ideal name for this method. It is used for KDF-affecting flows (only); the fact that the hash of a master password will change as a result of key derivation is a side effect, and naming it in the method directly invites misunderstanding. Tests and comments were updated throughout to reflect this.Part of the PM-33011 story-of-stories to route all password set/change/rotate flows through MasterPasswordService. Depends on PM-35393.
📸 Screenshots
KDF Configuration change
zed is a user with a Master Password.
zed changes their KDF configuration:
PBKDF2->Argon2idwith default settings.LastKdfChangeDateis updated as expectedLastMasterPasswordChangeDateis not updated as expectedPM-39395_kdf-change.mov