[PM-27591] Remove orgid in vault decryption code

[quexten]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-27591

📔 Objective

This is part of a set of changes getting rid of decrypt on EncString which must be removed to get rid of active user state. This PR specifically forces the use of the passed in key, instead of relying on decrypt implementations to dynamically get a key based on userid / orgid.

The now unused parameters will be removed in a subsequent PR.

Vault will eventually drop the typescript implementation here, but until then this updates the code to no longer use orgid / userid as parameters, so that in a later PR we can get rid of it in platform code. All that is passed through is the decryption key.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 9a86ab18-7876-4298-82ee-18e936987029

Great job! No new security vulnerabilities introduced in this pull request

[codecov]

Codecov Report

❌ Patch coverage is 79.06977% with 9 lines in your changes missing coverage. Please review.
✅ Project coverage is 40.63%. Comparing base (275c6a9) to head (cfe2bc8).
⚠️ Report is 7 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
apps/cli/src/commands/edit.command.ts	0.00%	3 Missing ⚠️
apps/cli/src/commands/get.command.ts	0.00%	2 Missing ⚠️
apps/cli/src/vault/create.command.ts	0.00%	2 Missing ⚠️
libs/common/src/vault/models/domain/cipher.ts	90.90%	1 Missing ⚠️
...src/importers/bitwarden/bitwarden-json-importer.ts	80.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #17099      +/-   ##
==========================================
+ Coverage   40.53%   40.63%   +0.09%     
==========================================
  Files        3531     3531              
  Lines      101035   101073      +38     
  Branches    15127    15123       -4     
==========================================
+ Hits        40956    41068     +112     
+ Misses      58341    58272      -69     
+ Partials     1738     1733       -5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[djsmith85]

❓ I don't see any changes related to send models. Are the changes on the send-specs necessary

[quexten]

❓ I don't see any changes related to send models. Are the changes on the send-specs necessary

@djsmith85 Yes, one of the follow-up PR's that changes EncString would otherwise break the vault tests. If you prefer I can move the spec changes to there, but that just means one extra vault review.

[nick-livefront]

Much improved! I'm only requesting changes for moving the assertNonNullish within the respective try/catch. If I'm missing something there feel free to point it out!

[claude]

⚠️ This line is not covered by tests. Consider adding test coverage for the userKey retrieval and folder decryption with explicit key passing.

[claude]

⚠️ This line is not covered by tests. Consider adding test coverage for the userKey retrieval path.

[claude]

⚠️ This line is not covered by tests. Consider adding test coverage for the userKey retrieval using the Observable pattern.

[gbubemismith]

❓ should we also update the decryptObj method and remove the orgId parameter since we always pass null

[quexten]

Initially it was split this wait to try to have the changes limited to vault, but that failed and we had to drag in tools / platform anyways, so you're right. It can be removed. cfe2bc8