Skip to content

[PM-24467] Introduce cipher risk service #17009

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Oct 31, 2025
Merged

[PM-24467] Introduce cipher risk service #17009

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
3fd95d0
[PM-24467] Introduce CipherRiskService
shane-melton Oct 14, 2025
176ee34
[PM-24467] Introduce computeCipherRiskForUser() method
shane-melton Oct 14, 2025
de14ffc
[PM-24467] Refactor buildPasswordReuseMap to use user SDK client
shane-melton Oct 14, 2025
3109a46
[PM-24467] Use switchMap instead of map
shane-melton Oct 14, 2025
da89651
[PM-24467] Cleanup redundant tests
shane-melton Oct 14, 2025
d1a50bb
[PM-24467] Update SDK models
shane-melton Oct 22, 2025
3de30e4
Merge branch 'main' into vault/pm-24467/cipher-risk-service
shane-melton Oct 30, 2025
574490e
[PM-24467] Update @bitwarden/sdk-internal version
shane-melton Oct 30, 2025
34b2cac
[PM-24467] Update @bitwarden/commercial-sdk-internal version
shane-melton Oct 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 55 additions & 0 deletions libs/common/src/vault/abstractions/cipher-risk.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
import type {
CipherRiskResult,
CipherRiskOptions,
ExposedPasswordResult,
PasswordReuseMap,
CipherId,
} from "@bitwarden/sdk-internal";

import { UserId } from "../../types/guid";
import { CipherView } from "../models/view/cipher.view";

export abstract class CipherRiskService {
/**
* Compute password risks for multiple ciphers.
* Only processes Login ciphers with passwords.
*
* @param ciphers - The ciphers to evaluate for password risks
* @param userId - The user ID for SDK client context
* @param options - Optional configuration for risk computation (passwordMap, checkExposed)
* @returns Array of CipherRisk results from SDK containing password_strength, exposed_result, and reuse_count
*/
abstract computeRiskForCiphers(
ciphers: CipherView[],
userId: UserId,
options?: CipherRiskOptions,
): Promise<CipherRiskResult[]>;

/**
* Compute password risk for a single cipher by its ID. Will automatically build a password reuse map
* from all the user's ciphers via the CipherService.
* @param cipherId
* @param userId
* @param checkExposed - Whether to check if the password has been exposed in data breaches via HIBP
* @returns CipherRisk result from SDK containing password_strength, exposed_result, and reuse_count
*/
abstract computeCipherRiskForUser(
cipherId: CipherId,
userId: UserId,
checkExposed?: boolean,
): Promise<CipherRiskResult>;

/**
* Build a password reuse map for the given ciphers.
* Maps each password to the number of times it appears across ciphers.
* Only processes Login ciphers with passwords.
*
* @param ciphers - The ciphers to analyze for password reuse
* @param userId - The user ID for SDK client context
* @returns A map of password to count of occurrences
*/
abstract buildPasswordReuseMap(ciphers: CipherView[], userId: UserId): Promise<PasswordReuseMap>;
}

// Re-export SDK types for convenience
export type { CipherRiskResult, CipherRiskOptions, ExposedPasswordResult, PasswordReuseMap };
Loading
Loading