[PM-16603] Implement userkey rotation v2

[quexten]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-16603
Server PR: bitwarden/server#5204

📔 Objective

Userkey rotation previously consisted of two steps: Update masterpassword first, then update the userkey. Between these two, the clients relied on the local state to track the updated masterkey, but also to track kdf settings. If any of these were wrong, the userkey rotation request could corrupt vault data.

This combines both into one request, such that the kdf parameters are also always sent together with the userkey rotation request so that the corruption cannot occur. Further, this makes it so that cancelling during key rotation, does not force logout the user (where previously it had to, since the masterpassword was changed, and thus the security stamp was changed).

The old key rotation is still kept around for migration of legacy users.

📸 Screenshots

Screen.Recording.2025-01-03.at.13.51.35.mov

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – fa1baa0b-1a4f-4dc6-bc40-4f4e9b05d489

New Issues (4)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Client_Privacy_Violation	/apps/web/src/app/auth/settings/change-password.component.html: 121	details Method change_password_component at line 121 of /apps/web/src/app/auth/settings/change-password.component.html sends user information outside the a... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/auth/settings/change-password.component.html: 68	details Method change_password_component at line 68 of /apps/web/src/app/auth/settings/change-password.component.html sends user information outside the ap... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/auth/settings/change-password.component.html: 26	details Method change_password_component at line 26 of /apps/web/src/app/auth/settings/change-password.component.html sends user information outside the ap... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/auth/settings/change-password.component.html: 42	details Method change_password_component at line 42 of /apps/web/src/app/auth/settings/change-password.component.html sends user information outside the ap... Attack Vector

[codecov]

Codecov Report

Attention: Patch coverage is 59.68992% with 52 lines in your changes missing coverage. Please review.

Project coverage is 35.33%. Comparing base (582beaf) to head (d4caf6f).

✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...src/app/auth/settings/change-password.component.ts	6.06%	30 Missing and 1 partial ⚠️
...nagement/key-rotation/user-key-rotation.service.ts	83.92%	3 Missing and 6 partials ⚠️
libs/key-management/src/key.service.ts	0.00%	6 Missing ⚠️
...ion/request/master-password-unlock-data.request.ts	75.00%	3 Missing ⚠️
...-encryption/migrate-legacy-encryption.component.ts	0.00%	2 Missing ⚠️
...ment/key-rotation/user-key-rotation-api.service.ts	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #12646      +/-   ##
==========================================
+ Coverage   35.29%   35.33%   +0.04%     
==========================================
  Files        2997     3002       +5     
  Lines       90882    90984     +102     
  Branches    16969    16982      +13     
==========================================
+ Hits        32080    32153      +73     
- Misses      56314    56335      +21     
- Partials     2488     2496       +8     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[JaredSnider-Bitwarden]

Nice work! After a quick pass through, I've got a few questions / comments below:

[JaredSnider-Bitwarden]

LGTM!

[mzieniukbw]

should we rename the feature flag to userkey-rotation-v2 ?

[quexten]

Yeah, makes sense, this is the flag we had in launchdarkly, but i'll get that changed, because it does not match the actual change that is not a refactor.

[quexten]

Cleaned up the userkey rotation v2 api in the server PR and subsequently adjusted this PR to match.

Added some more tests aswell.