From eeef7039b9b06dd3cf60c5e1b47fe901bb079b50 Mon Sep 17 00:00:00 2001
From: Riccardo Balbo <riccardo0blb@gmail.com>
Date: Wed, 16 Oct 2024 15:55:00 +0200
Subject: [PATCH] prevent stale me entry from causing vault configurator to
 delete the local vault key

---
 components/use-vault.js | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/components/use-vault.js b/components/use-vault.js
index 5ba47bcd..9211e7cf 100644
--- a/components/use-vault.js
+++ b/components/use-vault.js
@@ -18,6 +18,7 @@ export function useVaultConfigurator () {
 
   const [vaultKey, innerSetVaultKey] = useState(null)
   const [config, configError] = useConfig()
+  const [vaultKeyHash, setVaultKeyHashLocal] = useState(null)
 
   useEffect(() => {
     if (!me) return
@@ -27,11 +28,12 @@ export function useVaultConfigurator () {
     }
     (async () => {
       let localVaultKey = await config.get('key')
-      if (localVaultKey && (!me.privates.vaultKeyHash || localVaultKey?.hash !== me.privates.vaultKeyHash)) {
+      const keyHash = me?.privates?.vaultKeyHash || vaultKeyHash
+      if ((!keyHash && localVaultKey?.hash) || (localVaultKey?.hash !== keyHash)) {
         // If the hash stored in the server does not match the hash of the local key,
         // we can tell that the key is outdated (reset by another device or other reasons)
         // in this case we clear the local key and let the user re-enter the passphrase
-        console.log('vault key hash mismatch, clearing local key', localVaultKey, me.privates.vaultKeyHash)
+        console.log('vault key hash mismatch, clearing local key', localVaultKey?.hash, '!=', keyHash)
         localVaultKey = null
         await config.unset('key')
       }
@@ -61,6 +63,7 @@ export function useVaultConfigurator () {
       }
     })
     innerSetVaultKey(vaultKey)
+    setVaultKeyHashLocal(vaultKey.hash)
     await config.set('key', vaultKey)
   }, [setVaultKeyHash])
 
@@ -237,7 +240,7 @@ export function openVault (apollo, user, owner) {
       if ((!user.privates.vaultKeyHash && localVaultKey?.hash) || (localVaultKey?.hash !== user.privates.vaultKeyHash)) {
       // no or different vault setup on server: use unencrypted local storage
       // and clear local key if it exists
-        console.log('Vault key hash mismatch, clearing local key', localVaultKey, user.privates.vaultKeyHash)
+        console.log('Vault key hash mismatch, clearing local key', localVaultKey?.hash, user.privates.vaultKeyHash)
         await config.unset('key')
         return ((await localStore.get(key)) || defaultValue)
       }