[PM-33435] Add new user key rotation endpoint with MP support#7216
[PM-33435] Add new user key rotation endpoint with MP support#7216Thomas-Avery wants to merge 8 commits intokm/pm-33162from
Conversation
|
New Issues (2)Checkmarx found the following issues in this Pull Request
|
Thomas-Avery
changed the title
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## km/pm-33162 #7216 +/- ##
===============================================
+ Coverage 57.55% 57.59% +0.04%
===============================================
Files 2032 2037 +5
Lines 89504 89602 +98
Branches 7954 7963 +9
===============================================
+ Hits 51510 51604 +94
- Misses 36149 36151 +2
- Partials 1845 1847 +2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs
Outdated
Show resolved
Hide resolved
src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs
Outdated
Show resolved
Hide resolved
src/Api/KeyManagement/Models/Requests/UnlockMethodRequestModel.cs
Outdated
Show resolved
Hide resolved
|
|
||
| namespace Bit.Api.KeyManagement.Models.Requests; | ||
|
|
||
| public class WrappedAccountCryptographicStateRequestModel |
There was a problem hiding this comment.
❓ We already have AccountKeysRequestModel. Might be better to combine this with https://bitwarden.atlassian.net/browse/PM-22384 ?
If this is outside of scope, could we comment on the AccountKeysRequestModel that it's deprecated and will be superseded by WrappedAccountCryptographicStateRequestModel ?
There was a problem hiding this comment.
The problem is AccountsKeyRequestModel has been augmented to handle both v1 and v2 encryption payloads (plus has some leftover properties) . @quexten had requested to make a new model that only accepts v2 encryption payloads.
I don't mind adding a comment on AccountKeysRequestModel but we will have to make it clear we can only fully move over to WrappedAccountCryptographicStateRequestModel after we stop v1 encryption rotation support.
I'm not following on the ticket linked (PM-22384). That one is already done and where we added v2 encryption support to AccountsKeyRequestModel?
There was a problem hiding this comment.
I added a note on the new request model bc6bfe5.
I also created a ticket for tracking the tech debt for user key rotation https://bitwarden.atlassian.net/browse/PM-33860. I don't think now is the correct time to mark AccountKeysRequestModel as obsolete. It is used in many places that will still need to support v1 encryption payloads.
There was a problem hiding this comment.
I provided wrong link, i meant https://bitwarden.atlassian.net/browse/PM-23751
There was a problem hiding this comment.
Lets leave that out of scope for this PR. Since this is a new endpoint I was planning on doing the QA after merging and introducing usage on the client. For removing those properties I would want to do a regression test.
|
2 participants
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-33435
📔 Objective
Adds a new endpoint for user key rotation without a password change. This implements the rotation for master password users and setups things for future implementation of key connector and TDE users.
This builds off the refactor done in #7201.