From 3489d41ca174a48e6e988e20d409acb68c4f5f68 Mon Sep 17 00:00:00 2001 From: Nik Gilmore Date: Wed, 3 Sep 2025 16:47:59 -0700 Subject: [PATCH] Fail decryption if any part of the decrypt fails --- crates/bitwarden-send/src/send.rs | 8 ++--- crates/bitwarden-vault/src/cipher/card.rs | 14 ++++---- crates/bitwarden-vault/src/cipher/cipher.rs | 22 ++++++------ crates/bitwarden-vault/src/cipher/field.rs | 4 +-- crates/bitwarden-vault/src/cipher/identity.rs | 36 +++++++++---------- crates/bitwarden-vault/src/cipher/login.rs | 12 +++---- .../src/folder/folder_models.rs | 2 +- .../bitwarden-vault/src/password_history.rs | 2 +- 8 files changed, 50 insertions(+), 50 deletions(-) diff --git a/crates/bitwarden-send/src/send.rs b/crates/bitwarden-send/src/send.rs index f00632136..fecdbc14d 100644 --- a/crates/bitwarden-send/src/send.rs +++ b/crates/bitwarden-send/src/send.rs @@ -252,15 +252,15 @@ impl Decryptable for Send { id: self.id, access_id: self.access_id.clone(), - name: self.name.decrypt(ctx, key).ok().unwrap_or_default(), - notes: self.notes.decrypt(ctx, key).ok().flatten(), + name: self.name.decrypt(ctx, key)?, + notes: self.notes.decrypt(ctx, key)?, key: Some(URL_SAFE_NO_PAD.encode(k)), new_password: None, has_password: self.password.is_some(), r#type: self.r#type, - file: self.file.decrypt(ctx, key).ok().flatten(), - text: self.text.decrypt(ctx, key).ok().flatten(), + file: self.file.decrypt(ctx, key)?, + text: self.text.decrypt(ctx, key)?, max_access_count: self.max_access_count, access_count: self.access_count, diff --git a/crates/bitwarden-vault/src/cipher/card.rs b/crates/bitwarden-vault/src/cipher/card.rs index 4b622a80f..db47a2a40 100644 --- a/crates/bitwarden-vault/src/cipher/card.rs +++ b/crates/bitwarden-vault/src/cipher/card.rs @@ -90,7 +90,7 @@ impl Decryptable for Card { key: SymmetricKeyId, ) -> Result { Ok(CardListView { - brand: self.brand.decrypt(ctx, key).ok().flatten(), + brand: self.brand.decrypt(ctx, key)?, }) } } @@ -102,12 +102,12 @@ impl Decryptable for Card { key: SymmetricKeyId, ) -> Result { Ok(CardView { - cardholder_name: self.cardholder_name.decrypt(ctx, key).ok().flatten(), - exp_month: self.exp_month.decrypt(ctx, key).ok().flatten(), - exp_year: self.exp_year.decrypt(ctx, key).ok().flatten(), - code: self.code.decrypt(ctx, key).ok().flatten(), - brand: self.brand.decrypt(ctx, key).ok().flatten(), - number: self.number.decrypt(ctx, key).ok().flatten(), + cardholder_name: self.cardholder_name.decrypt(ctx, key)?, + exp_month: self.exp_month.decrypt(ctx, key)?, + exp_year: self.exp_year.decrypt(ctx, key)?, + code: self.code.decrypt(ctx, key)?, + brand: self.brand.decrypt(ctx, key)?, + number: self.number.decrypt(ctx, key)?, }) } } diff --git a/crates/bitwarden-vault/src/cipher/cipher.rs b/crates/bitwarden-vault/src/cipher/cipher.rs index cc96a028e..bd4a344f8 100644 --- a/crates/bitwarden-vault/src/cipher/cipher.rs +++ b/crates/bitwarden-vault/src/cipher/cipher.rs @@ -354,23 +354,23 @@ impl Decryptable for Cipher { folder_id: self.folder_id, collection_ids: self.collection_ids.clone(), key: self.key.clone(), - name: self.name.decrypt(ctx, ciphers_key).ok().unwrap_or_default(), - notes: self.notes.decrypt(ctx, ciphers_key).ok().flatten(), + name: self.name.decrypt(ctx, ciphers_key)?, + notes: self.notes.decrypt(ctx, ciphers_key)?, r#type: self.r#type, - login: self.login.decrypt(ctx, ciphers_key).ok().flatten(), - identity: self.identity.decrypt(ctx, ciphers_key).ok().flatten(), - card: self.card.decrypt(ctx, ciphers_key).ok().flatten(), - secure_note: self.secure_note.decrypt(ctx, ciphers_key).ok().flatten(), - ssh_key: self.ssh_key.decrypt(ctx, ciphers_key).ok().flatten(), + login: self.login.decrypt(ctx, ciphers_key)?, + identity: self.identity.decrypt(ctx, ciphers_key)?, + card: self.card.decrypt(ctx, ciphers_key)?, + secure_note: self.secure_note.decrypt(ctx, ciphers_key)?, + ssh_key: self.ssh_key.decrypt(ctx, ciphers_key)?, favorite: self.favorite, reprompt: self.reprompt, organization_use_totp: self.organization_use_totp, edit: self.edit, permissions: self.permissions, view_password: self.view_password, - local_data: self.local_data.decrypt(ctx, ciphers_key).ok().flatten(), - attachments: self.attachments.decrypt(ctx, ciphers_key).ok().flatten(), - fields: self.fields.decrypt(ctx, ciphers_key).ok().flatten(), + local_data: self.local_data.decrypt(ctx, ciphers_key)?, + attachments: self.attachments.decrypt(ctx, ciphers_key)?, + fields: self.fields.decrypt(ctx, ciphers_key)?, password_history: self .password_history .decrypt(ctx, ciphers_key) @@ -639,7 +639,7 @@ impl Decryptable for Cipher { folder_id: self.folder_id, collection_ids: self.collection_ids.clone(), key: self.key.clone(), - name: self.name.decrypt(ctx, ciphers_key).ok().unwrap_or_default(), + name: self.name.decrypt(ctx, ciphers_key)?, subtitle: self .decrypt_subtitle(ctx, ciphers_key) .ok() diff --git a/crates/bitwarden-vault/src/cipher/field.rs b/crates/bitwarden-vault/src/cipher/field.rs index 732989485..7378832f5 100644 --- a/crates/bitwarden-vault/src/cipher/field.rs +++ b/crates/bitwarden-vault/src/cipher/field.rs @@ -80,8 +80,8 @@ impl Decryptable for Field { key: SymmetricKeyId, ) -> Result { Ok(FieldView { - name: self.name.decrypt(ctx, key).ok().flatten(), - value: self.value.decrypt(ctx, key).ok().flatten(), + name: self.name.decrypt(ctx, key)?, + value: self.value.decrypt(ctx, key)?, r#type: self.r#type, linked_id: self.linked_id, }) diff --git a/crates/bitwarden-vault/src/cipher/identity.rs b/crates/bitwarden-vault/src/cipher/identity.rs index 1484b3f44..262871fb1 100644 --- a/crates/bitwarden-vault/src/cipher/identity.rs +++ b/crates/bitwarden-vault/src/cipher/identity.rs @@ -98,24 +98,24 @@ impl Decryptable for Identity { key: SymmetricKeyId, ) -> Result { Ok(IdentityView { - title: self.title.decrypt(ctx, key).ok().flatten(), - first_name: self.first_name.decrypt(ctx, key).ok().flatten(), - middle_name: self.middle_name.decrypt(ctx, key).ok().flatten(), - last_name: self.last_name.decrypt(ctx, key).ok().flatten(), - address1: self.address1.decrypt(ctx, key).ok().flatten(), - address2: self.address2.decrypt(ctx, key).ok().flatten(), - address3: self.address3.decrypt(ctx, key).ok().flatten(), - city: self.city.decrypt(ctx, key).ok().flatten(), - state: self.state.decrypt(ctx, key).ok().flatten(), - postal_code: self.postal_code.decrypt(ctx, key).ok().flatten(), - country: self.country.decrypt(ctx, key).ok().flatten(), - company: self.company.decrypt(ctx, key).ok().flatten(), - email: self.email.decrypt(ctx, key).ok().flatten(), - phone: self.phone.decrypt(ctx, key).ok().flatten(), - ssn: self.ssn.decrypt(ctx, key).ok().flatten(), - username: self.username.decrypt(ctx, key).ok().flatten(), - passport_number: self.passport_number.decrypt(ctx, key).ok().flatten(), - license_number: self.license_number.decrypt(ctx, key).ok().flatten(), + title: self.title.decrypt(ctx, key)?, + first_name: self.first_name.decrypt(ctx, key)?, + middle_name: self.middle_name.decrypt(ctx, key)?, + last_name: self.last_name.decrypt(ctx, key)?, + address1: self.address1.decrypt(ctx, key)?, + address2: self.address2.decrypt(ctx, key)?, + address3: self.address3.decrypt(ctx, key)?, + city: self.city.decrypt(ctx, key)?, + state: self.state.decrypt(ctx, key)?, + postal_code: self.postal_code.decrypt(ctx, key)?, + country: self.country.decrypt(ctx, key)?, + company: self.company.decrypt(ctx, key)?, + email: self.email.decrypt(ctx, key)?, + phone: self.phone.decrypt(ctx, key)?, + ssn: self.ssn.decrypt(ctx, key)?, + username: self.username.decrypt(ctx, key)?, + passport_number: self.passport_number.decrypt(ctx, key)?, + license_number: self.license_number.decrypt(ctx, key)?, }) } } diff --git a/crates/bitwarden-vault/src/cipher/login.rs b/crates/bitwarden-vault/src/cipher/login.rs index 5e6d952ea..cbb473ca3 100644 --- a/crates/bitwarden-vault/src/cipher/login.rs +++ b/crates/bitwarden-vault/src/cipher/login.rs @@ -379,11 +379,11 @@ impl Decryptable for Login { key: SymmetricKeyId, ) -> Result { Ok(LoginView { - username: self.username.decrypt(ctx, key).ok().flatten(), - password: self.password.decrypt(ctx, key).ok().flatten(), + username: self.username.decrypt(ctx, key)?, + password: self.password.decrypt(ctx, key)?, password_revision_date: self.password_revision_date, - uris: self.uris.decrypt(ctx, key).ok().flatten(), - totp: self.totp.decrypt(ctx, key).ok().flatten(), + uris: self.uris.decrypt(ctx, key)?, + totp: self.totp.decrypt(ctx, key)?, autofill_on_page_load: self.autofill_on_page_load, fido2_credentials: self.fido2_credentials.clone(), }) @@ -403,9 +403,9 @@ impl Decryptable for Login { .map(|fido2_credentials| fido2_credentials.decrypt(ctx, key)) .transpose()?, has_fido2: self.fido2_credentials.is_some(), - username: self.username.decrypt(ctx, key).ok().flatten(), + username: self.username.decrypt(ctx, key)?, totp: self.totp.clone(), - uris: self.uris.decrypt(ctx, key).ok().flatten(), + uris: self.uris.decrypt(ctx, key)?, }) } } diff --git a/crates/bitwarden-vault/src/folder/folder_models.rs b/crates/bitwarden-vault/src/folder/folder_models.rs index d82dcde4c..2b6a4c5e5 100644 --- a/crates/bitwarden-vault/src/folder/folder_models.rs +++ b/crates/bitwarden-vault/src/folder/folder_models.rs @@ -83,7 +83,7 @@ impl Decryptable for Folder { ) -> Result { Ok(FolderView { id: self.id, - name: self.name.decrypt(ctx, key).ok().unwrap_or_default(), + name: self.name.decrypt(ctx, key)?, revision_date: self.revision_date, }) } diff --git a/crates/bitwarden-vault/src/password_history.rs b/crates/bitwarden-vault/src/password_history.rs index 23df58daf..eae4ad5b5 100644 --- a/crates/bitwarden-vault/src/password_history.rs +++ b/crates/bitwarden-vault/src/password_history.rs @@ -62,7 +62,7 @@ impl Decryptable for PasswordHistor key: SymmetricKeyId, ) -> Result { Ok(PasswordHistoryView { - password: self.password.decrypt(ctx, key).ok().unwrap_or_default(), + password: self.password.decrypt(ctx, key)?, last_used_date: self.last_used_date, }) }