Lift in user_id into login method

crates/bitwarden-core/src/auth/auth_client.rs

@@ -2,6 +2,8 @@
 use bitwarden_crypto::{
     CryptoError, DeviceKey, EncString, Kdf, TrustDeviceResponse, UnsignedSharedKey,
 };
+#[cfg(feature = "internal")]
+use uuid::Uuid;
 
 #[cfg(feature = "secrets")]
 use crate::auth::login::{login_access_token, AccessTokenLoginRequest, AccessTokenLoginResponse};
@@ -91,8 +93,15 @@
         email: String,
         org_public_key: String,
         remember_device: bool,
+        user_id: Uuid,
     ) -> Result<RegisterTdeKeyResponse, EncryptionSettingsError> {
-        make_register_tde_keys(&self.client, email, org_public_key, remember_device)
+        make_register_tde_keys(
+            &self.client,
+            email,
+            org_public_key,
+            remember_device,
+            user_id,
+        )
     }
 
     #[allow(missing_docs)]

crates/bitwarden-core/src/auth/auth_request.rs

@@ -241,7 +241,7 @@ mod tests {
         new_device
             .crypto()
             .initialize_user_crypto(InitUserCryptoRequest {
-                user_id: Some(uuid::Uuid::new_v4()),
+                user_id: uuid::Uuid::new_v4(),
                 kdf_params: kdf,
                 email: email.to_owned(),
                 private_key,

crates/bitwarden-core/src/auth/login/api_key.rs

@@ -39,14 +39,15 @@
 
         let master_key = MasterKey::derive(&input.password, &email, &kdf)?;
 
-        client
-            .internal
-            .set_login_method(LoginMethod::User(UserLoginMethod::ApiKey {
+        client.internal.set_login_method(LoginMethod::User {
+            method: UserLoginMethod::ApiKey {
                 client_id: input.client_id.to_owned(),
                 client_secret: input.client_secret.to_owned(),
                 email,
                 kdf,
-            }));
+            },
+            user_id: access_token_obj.sub.parse()?,
+        });
 
         let user_key: EncString = require!(r.key.as_deref()).parse()?;
         let private_key: EncString = require!(r.private_key.as_deref()).parse()?;

crates/bitwarden-core/src/auth/login/auth_request.rs

@@ -10,6 +10,7 @@
     auth::{
         api::{request::AuthRequestTokenRequest, response::IdentityTokenResponse},
         auth_request::new_auth_request,
+        JwtToken,
     },
     client::{LoginMethod, UserLoginMethod},
     key_management::crypto::{AuthRequestMethod, InitUserCryptoMethod, InitUserCryptoRequest},
@@ -88,20 +89,23 @@
     .await?;
 
     if let IdentityTokenResponse::Authenticated(r) = response {
+        let access_token_obj: JwtToken = r.access_token.parse()?;
+
         let kdf = Kdf::default();
 
         client.internal.set_tokens(
             r.access_token.clone(),
             r.refresh_token.clone(),
             r.expires_in,
         );
-        client
-            .internal
-            .set_login_method(LoginMethod::User(UserLoginMethod::Username {
+        client.internal.set_login_method(LoginMethod::User {
+            method: UserLoginMethod::Username {
                 client_id: "web".to_owned(),
                 email: auth_req.email.to_owned(),
                 kdf: kdf.clone(),
-            }));
+            },
+            user_id: access_token_obj.sub.parse()?,
+        });
 
         let method = match res.master_password_hash {
             Some(_) => AuthRequestMethod::MasterKey {
@@ -116,7 +120,7 @@
         client
             .crypto()
             .initialize_user_crypto(InitUserCryptoRequest {
-                user_id: None,
+                user_id: access_token_obj.sub.parse()?,
                 kdf_params: kdf,
                 email: auth_req.email,
                 private_key: require!(r.private_key).parse()?,

crates/bitwarden-core/src/auth/login/mod.rs

@@ -42,6 +42,8 @@ pub enum LoginError {
     Serde(#[from] serde_json::Error),
     #[error(transparent)]
     InvalidBase64(#[from] base64::DecodeError),
+    #[error(transparent)]
+    Uuid(#[from] uuid::Error),
 
     #[error(transparent)]
     MissingField(#[from] crate::MissingFieldError),

crates/bitwarden-core/src/auth/login/password.rs

@@ -34,18 +34,23 @@
     let response = request_identity_tokens(client, input, &password_hash).await?;
 
     if let IdentityTokenResponse::Authenticated(r) = &response {
+        use crate::auth::JwtToken;
+
+        let access_token_obj: JwtToken = r.access_token.parse()?;
+
         client.internal.set_tokens(
             r.access_token.clone(),
             r.refresh_token.clone(),
             r.expires_in,
         );
-        client
-            .internal
-            .set_login_method(LoginMethod::User(UserLoginMethod::Username {
+        client.internal.set_login_method(LoginMethod::User {
+            method: UserLoginMethod::Username {
                 client_id: "web".to_owned(),
                 email: input.email.to_owned(),
                 kdf: input.kdf.to_owned(),
-            }));
+            },
+            user_id: access_token_obj.sub.parse()?,
+        });
 
         let user_key: EncString = require!(r.key.as_deref()).parse()?;
         let private_key: EncString = require!(r.private_key.as_deref()).parse()?;

crates/bitwarden-core/src/auth/password/validate.rs

@@ -18,7 +18,11 @@ pub(crate) fn validate_password(
         .ok_or(NotAuthenticatedError)?;
 
     #[allow(irrefutable_let_patterns)]
-    if let LoginMethod::User(login_method) = login_method.as_ref() {
+    if let LoginMethod::User {
+        method: login_method,
+        ..
+    } = login_method.as_ref()
+    {
         match login_method {
             UserLoginMethod::Username { email, kdf, .. }
             | UserLoginMethod::ApiKey { email, kdf, .. } => {
@@ -50,7 +54,11 @@ pub(crate) fn validate_password_user_key(
         .ok_or(NotAuthenticatedError)?;
 
     #[allow(irrefutable_let_patterns)]
-    if let LoginMethod::User(login_method) = login_method.as_ref() {
+    if let LoginMethod::User {
+        method: login_method,
+        ..
+    } = login_method.as_ref()
+    {
         match login_method {
             UserLoginMethod::Username { email, kdf, .. }
             | UserLoginMethod::ApiKey { email, kdf, .. } => {
@@ -91,15 +99,16 @@ mod tests {
         use crate::client::{Client, LoginMethod, UserLoginMethod};
 
         let client = Client::new(None);
-        client
-            .internal
-            .set_login_method(LoginMethod::User(UserLoginMethod::Username {
+        client.internal.set_login_method(LoginMethod::User {
+            method: UserLoginMethod::Username {
                 email: "[email protected]".to_string(),
                 kdf: Kdf::PBKDF2 {
                     iterations: NonZeroU32::new(100_000).unwrap(),
                 },
                 client_id: "1".to_string(),
-            }));
+            },
+            user_id: uuid::Uuid::new_v4(),
+        });
 
         let password = "password123".to_string();
         let password_hash = "7kTqkF1pY/3JeOu73N9kR99fDDe9O1JOZaVc7KH3lsU=".to_string();
@@ -125,13 +134,14 @@ mod tests {
             iterations: NonZeroU32::new(600_000).unwrap(),
         };
 
-        client
-            .internal
-            .set_login_method(LoginMethod::User(UserLoginMethod::Username {
+        client.internal.set_login_method(LoginMethod::User {
+            method: UserLoginMethod::Username {
                 email: email.to_string(),
                 kdf: kdf.clone(),
                 client_id: "1".to_string(),
-            }));
+            },
+            user_id: uuid::Uuid::new_v4(),
+        });
 
         let master_key = MasterKey::derive(password, email, &kdf).unwrap();
 
@@ -173,13 +183,14 @@ mod tests {
             iterations: NonZeroU32::new(600_000).unwrap(),
         };
 
-        client
-            .internal
-            .set_login_method(LoginMethod::User(UserLoginMethod::Username {
+        client.internal.set_login_method(LoginMethod::User {
+            method: UserLoginMethod::Username {
                 email: email.to_string(),
                 kdf: kdf.clone(),
                 client_id: "1".to_string(),
-            }));
+            },
+            user_id: uuid::Uuid::new_v4(),
+        });
 
         let master_key = MasterKey::derive(password, email, &kdf).unwrap();
 

crates/bitwarden-core/src/auth/pin.rs

@@ -18,7 +18,11 @@ pub(crate) fn validate_pin(
         .ok_or(NotAuthenticatedError)?;
 
     #[allow(irrefutable_let_patterns)]
-    let LoginMethod::User(login_method) = login_method.as_ref() else {
+    let LoginMethod::User {
+        method: login_method,
+        ..
+    } = login_method.as_ref()
+    else {
         return Err(NotAuthenticatedError)?;
     };
 
@@ -47,6 +51,7 @@ mod tests {
     use std::num::NonZeroU32;
 
     use bitwarden_crypto::{Kdf, MasterKey};
+    use uuid::Uuid;
 
     use super::*;
     use crate::client::{Client, LoginMethod, UserLoginMethod};
@@ -60,13 +65,14 @@ mod tests {
             iterations: NonZeroU32::new(600_000).unwrap(),
         };
 
-        client
-            .internal
-            .set_login_method(LoginMethod::User(UserLoginMethod::Username {
+        client.internal.set_login_method(LoginMethod::User {
+            method: UserLoginMethod::Username {
                 email: email.to_string(),
                 kdf: kdf.clone(),
                 client_id: "1".to_string(),
-            }));
+            },
+            user_id: Uuid::new_v4(),
+        });
 
         let master_key = MasterKey::derive(password, email, &kdf).unwrap();
 

crates/bitwarden-core/src/auth/renew.rs

@@ -40,7 +40,7 @@
             .clone();
 
         let res = match login_method.as_ref() {
-            LoginMethod::User(u) => match u {
+            LoginMethod::User { method: u, .. } => match u {
                 UserLoginMethod::Username { client_id, .. } => {
                     let refresh = tokens.refresh_token.ok_or(NotAuthenticatedError)?;
 

crates/bitwarden-core/src/auth/tde.rs

@@ -3,6 +3,7 @@
     AsymmetricPublicCryptoKey, DeviceKey, EncString, Kdf, SymmetricCryptoKey, TrustDeviceResponse,
     UnsignedSharedKey, UserKey,
 };
+use uuid::Uuid;
 
 use crate::{client::encryption_settings::EncryptionSettingsError, Client};
 
@@ -14,6 +15,7 @@
     email: String,
     org_public_key: String,
     remember_device: bool,
+    user_id: Uuid,
 ) -> Result<RegisterTdeKeyResponse, EncryptionSettingsError> {
     let public_key = AsymmetricPublicCryptoKey::from_der(&STANDARD.decode(org_public_key)?)?;
 
@@ -30,13 +32,14 @@
 
     client
         .internal
-        .set_login_method(crate::client::LoginMethod::User(
-            crate::client::UserLoginMethod::Username {
+        .set_login_method(crate::client::LoginMethod::User {
+            user_id,
+            method: crate::client::UserLoginMethod::Username {
                 client_id: "".to_owned(),
                 email,
                 kdf: Kdf::default(),
             },
-        ));
+        });
     client.internal.initialize_user_crypto_decrypted_key(
         user_key.0,
         key_pair.private.clone(),

crates/bitwarden-core/src/client/client.rs

@@ -1,4 +1,4 @@
-use std::sync::{Arc, OnceLock, RwLock};
+use std::sync::{Arc, RwLock};
 
 use bitwarden_crypto::KeyStore;
 use reqwest::header::{self, HeaderValue};
@@ -76,7 +76,6 @@ impl Client {
 
         Self {
             internal: Arc::new(InternalClient {
-                user_id: OnceLock::new(),
                 tokens: RwLock::new(Tokens::default()),
                 login_method: RwLock::new(None),
                 #[cfg(feature = "internal")]

crates/bitwarden-core/src/client/encryption_settings.rs

@@ -9,7 +9,7 @@ use uuid::Uuid;
 
 #[cfg(any(feature = "internal", feature = "secrets"))]
 use crate::key_management::{KeyIds, SymmetricKeyId};
-use crate::{error::UserIdAlreadySetError, MissingPrivateKeyError, VaultLockedError};
+use crate::{MissingPrivateKeyError, VaultLockedError};
 
 #[allow(missing_docs)]
 #[bitwarden_error(flat)]
@@ -29,9 +29,6 @@ pub enum EncryptionSettingsError {
 
     #[error(transparent)]
     MissingPrivateKey(#[from] MissingPrivateKeyError),
-
-    #[error(transparent)]
-    UserIdAlreadySetError(#[from] UserIdAlreadySetError),
 }
 
 #[allow(missing_docs)]