[PM-32211] fix private key before key rotation

[mzieniukbw]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-32211

📔 Objective

A user may have a corrupt private key. It needs to be fixed before they can rotate their keys or upgrade to v2 encryption. For this, we need to invoke the private key regeneration function and handle status changes for emergency access/organizations.

On key regeneration:

• Update the status of any emergency access grants
  • Invited -> Invited
  • Accepted -> Accepted
  • Confirmed -> Accepted
  • RecoveryInitiated → Accepted
  • RecoveryApproved → Accepted
  • Re-send the email to the emergency access grantor reminding them to confirm the grantee so that emergency access can be re-established
• Update the status of any organization memberships
  • Invited -> Invited
  • Accepted -> Accepted
  • Confirmed -> Accepted
  • Revoked -> Removed
  • In case the user is removed, fire the “user left the organization” event log so the organization has some traceability for what happened.

Other changes:

• The DatabaseTransactionAction now explicitly provides connection and transactions for EF, since it was discovered in integration testing for Sqlite, that in fact the action run in separate connection - to be confirmed it is testing or production issue too. Migration to this new data structure and pattern for other KM operations is outside of scope https://bitwarden.atlassian.net/browse/PM-35901

📸 Screenshots

[mzieniukbw]

Moving to draft, since i have discovered that the DatabaseTransactionAction pattern KM have been using for a while is non transactional in EF. The new pattern will be part of this PR, but only contained to the private key regeneration scope work. Further PR's will be created later for UpdateUserData (master password, kdf change) and UpdateEncryptedDataForKeyRotation (user key rotation) .

[codecov]

Codecov Report

❌ Patch coverage is 92.01521% with 21 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.03%. Comparing base (28bd286) to head (d2f78d9).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...Console/Repositories/OrganizationUserRepository.cs	93.87%	4 Missing and 2 partials ⚠️
...Console/Repositories/OrganizationUserRepository.cs	89.74%	4 Missing ⚠️
...ement/Repositories/UserAsymmetricKeysRepository.cs	78.94%	4 Missing ⚠️
...nt/Commands/RegenerateUserAsymmetricKeysCommand.cs	93.75%	2 Missing and 1 partial ⚠️
...per/Auth/Repositories/EmergencyAccessRepository.cs	91.30%	2 Missing ⚠️
...ork/Auth/Repositories/EmergencyAccessRepository.cs	90.47%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7548      +/-   ##
==========================================
+ Coverage   59.50%   64.03%   +4.53%     
==========================================
  Files        2089     2089              
  Lines       92421    92617     +196     
  Branches     8214     8223       +9     
==========================================
+ Hits        54994    59309    +4315     
+ Misses      35484    31280    -4204     
- Partials     1943     2028      +85     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[mzieniukbw]

Ready to review. Note, Lint and Tests workflows fail due to separate issue.

[mkincaid-bw]

A few changes needed.

[sonarqubecloud]

Quality Gate passed

Issues
4 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[jrmccannon]

Interesting way of passing the transaction around. I am working on a different branch of making the transaction usable via DI.

I would appreciate any feedback you might have on it.
#7555