Auth/PM-38811 - KM - Update RotateUserAccountKeysCommand to use MasterPasswordService#7804
Conversation
…rite UpdateUserKeyAndEncryptedDataV2Async enumerated a fixed column list and omitted LastPasswordChangeDate, silently dropping the field on PostgreSQL/MySQL/SQLite even when callers set it. The MSSQL sproc User_Update already persists this column, so this aligns EF with the existing Dapper behavior.
Wires PasswordChangeAndRotateUserAccountKeysAsync to IMasterPasswordService.PrepareUpdateExistingMasterPasswordAsync (Prepare* tier from PM-35392), replacing the inline master password mutation block. RefreshStamp is false so the existing BaseRotateUserAccountKeysAsync SecurityStamp + V2UpgradeToken logic remains the sole owner of session-invalidation behavior. The hint is sourced from the request because a password change can update it. Closes the parity gap where LastPasswordChangeDate was not set on this path even though the master password is changing. Other rotation variants (master-password-only, TDE, Key Connector) are untouched. Unit tests cover delegation, OneOf failure mapping, and short-circuit on old-password mismatch.
Extends the existing happy-path integration test to verify the master-key-wrapped user key, master password hint, master password hash (rewritten and verifies against the new authentication hash), and LastPasswordChangeDate are persisted as expected after a password-change-and-rotate call.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #7804 +/- ##
==========================================
+ Coverage 61.28% 65.81% +4.52%
==========================================
Files 2226 2226
Lines 98296 98306 +10
Branches 8884 8885 +1
==========================================
+ Hits 60241 64700 +4459
+ Misses 35935 31389 -4546
- Partials 2120 2217 +97 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
…d-to-use-mp-service
…d-to-use-mp-service
🤖 Bitwarden Claude Code ReviewOverall Assessment: APPROVE Reviewed the refactor of Code Review DetailsNo findings. The change is a faithful refactor that preserves session-invalidation semantics, zero-knowledge handling of the master-key-wrapped user key, and password-hashing behavior, while closing the |
|



🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-38811
📔 Objective
To finish consolidating KM usages of the
MasterPasswordServicewhich centralizes MP change logic in one location as part of the ongoing separation of MP salt & email work.📸 Screenshots
Two flows - Change password without key rotation and then with key rotation
Screen.Recording.2026-06-30.at.4.00.37.PM.mov