[PM-2572] Add new cipher encryption on attachments without key when moving cipher to an org

[LRNcardozoWDF]

Type of change

• Bug fix
• New feature development
• Tech debt (refactoring, code cleanup, dependency upgrades, etc)
• Build/deploy pipeline (DevOps)
• Other

Objective

When an attachment file gets reencrypted and reuploaded, the new key is ignored by the server. This PR prepares the fix for the mobile side by adding the cipher.key in the attachment's metadata.

Code changes

• Attachment.cs AttachmentView.cs: Added property CipherKey to store the cipher.Key
• src/Core/Models/Domain/Cipher.cs: Added logic to use attachment.CipherKey for decryption if necessary
• src/Core/Services/CipherService.cs: Update the cipher to use cipher.Key and save that value in the attachment object and metadata.

Before you submit

• Please check for formatting errors (dotnet format --verify-no-changes) (required)
• Please add unit tests where it makes sense to do so (encouraged but not required)
• If this change requires a documentation update - notify the documentation team
• If this change has particular deployment requirements - notify the DevOps team

[fedemkr]

💡 Nice idea to update the cipher key here if it doesn't have one before updating the attachments.
🤔 I think that doing this you don't need the CipherKey in the Attachment neither the cipherKey added in the StringContent for the MultipartFormDataContent. Because I don't see a situation where the cipher doesn't have an item level encryption key and the attachment is migrated with it. Did you find one and that's why you left the CipherKey in the attachment?
🎨 Could you extract the common parts into a method (can be local function as you want)? So it's shared with lines 604...609

[LRNcardozoWDF]

Well, that was my interpretation of the steps in the task. I honestly thought we were just being extra careful.

[fedemkr]

🎨 I think we could improve this checking if we should use cipher key encryption by calling ShouldUseCipherKeyEncryptionAsync, so we save a sever call if that's not the case.

[fedemkr]

⛏️ You can omit the async and await inside the lambda.

[fedemkr]

🎨 You can move encrypting into UpdateAndUpsertAsync as well.

[LRNcardozoWDF]

I didn't do that because I need the cipher to create two different requests, CipherRequest and CipherShareRequest. I could add in the api call but I think there's already too much happening in one line of code.
await UpdateAndUpsertAsync(async () => await _apiService.PutShareCipherAsync(cipherView.Id, new CipherShareRequest(await EncryptAsync(cipherView))), collectionIds);

[fedemkr]

Oh I see, I think it's fine to pass the CipherView as a parameter to the func to construct such requests.

[fedemkr]

⛏️ I'd rename the func parameter to callPutCipherApi or something that indicates the purpose of such func.

[fedemkr]

Great just one small thing and it's done 😄 🎉

[fedemkr]

⛏️ Invert the order so it doesn't waste time firing the task when Key != null

Suggested change

	if(await ShouldUseCipherKeyEncryptionAsync() && cipherView.Key == null)
	if (cipherView.Key == null && await ShouldUseCipherKeyEncryptionAsync())

[fedemkr]

LGTM 🎉