[PM-12047] Remove usage of ActiveUserState from cipher.service

[gbubemismith]

🎟️ Tracking

📔 Objective

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 15a4d597-17b4-4dfc-b8df-17038151827e

New Issues (56)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2024-12381	Npm-electron-33.2.1	Vulnerable Package
	CVE-2024-11110	Npm-electron-33.2.1	Vulnerable Package
	CVE-2024-11117	Npm-electron-33.2.1	Vulnerable Package
	Client_Privacy_Violation	/apps/cli/src/vault.program.ts: 392	details Method Lambda at line 392 of /apps/cli/src/vault.program.ts sends user information outside the application. This may constitute a Privacy Violation. Attack Vector
	Client_Privacy_Violation	/apps/cli/src/oss-serve-configurator.ts: 132	details Method OssServeConfigurator at line 132 of /apps/cli/src/oss-serve-configurator.ts sends user information outside the application. This may constit... Attack Vector
	Client_Privacy_Violation	/apps/cli/src/admin-console/commands/share.command.ts: 14	details Method at line 14 of /apps/cli/src/admin-console/commands/share.command.ts sends user information outside the application. This may constitute a P... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/individual-vault/attachments-v2.component.html: 8	details Method at line 8 of /apps/web/src/app/vault/individual-vault/attachments-v2.component.html sends user information outside the application. This ma... Attack Vector
	Client_Privacy_Violation	/libs/common/src/services/event/event-collection.service.ts: 88	details Method collect at line 88 of /libs/common/src/services/event/event-collection.service.ts sends user information outside the application. This may c... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/org-vault/services/admin-console-cipher-form-config.service.ts: 64	details Method buildConfig at line 64 of /apps/web/src/app/vault/org-vault/services/admin-console-cipher-form-config.service.ts sends user information outs... Attack Vector
	Client_Privacy_Violation	/libs/vault/src/cipher-form/services/default-cipher-form-config.service.ts: 41	details Method buildConfig at line 41 of /libs/vault/src/cipher-form/services/default-cipher-form-config.service.ts sends user information outside the appl... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/individual-vault/attachments-v2.component.html: 8	details Method at line 8 of /apps/web/src/app/vault/individual-vault/attachments-v2.component.html sends user information outside the application. This ma... Attack Vector
	Client_Privacy_Violation	/apps/browser/src/autofill/background/notification.background.ts: 551	details Method saveOrUpdateCredentials at line 551 of /apps/browser/src/autofill/background/notification.background.ts sends user information outside the a... Attack Vector
	Client_Privacy_Violation	/apps/browser/src/autofill/popup/fido2/fido2.component.ts: 216	details Method Lambda at line 216 of /apps/browser/src/autofill/popup/fido2/fido2.component.ts sends user information outside the application. This may con... Attack Vector
	Client_Privacy_Violation	/libs/common/src/platform/services/fido2/fido2-authenticator.service.ts: 137	details Method makeCredential at line 137 of /libs/common/src/platform/services/fido2/fido2-authenticator.service.ts sends user information outside the app... Attack Vector
	Client_Privacy_Violation	/libs/vault/src/cipher-form/services/default-cipher-form-config.service.ts: 65	details Method buildConfig at line 65 of /libs/vault/src/cipher-form/services/default-cipher-form-config.service.ts sends user information outside the appl... Attack Vector
	Client_Privacy_Violation	/apps/cli/src/admin-console/commands/share.command.ts: 61	details Method run at line 61 of /apps/cli/src/admin-console/commands/share.command.ts sends user information outside the application. This may constitute ... Attack Vector
	Client_Privacy_Violation	/apps/browser/src/autofill/popup/fido2/fido2.component.ts: 237	details Method Lambda at line 237 of /apps/browser/src/autofill/popup/fido2/fido2.component.ts sends user information outside the application. This may con... Attack Vector
	Client_Privacy_Violation	/libs/vault/src/cipher-form/components/attachments/cipher-attachments.component.ts: 82	details Method at line 82 of /libs/vault/src/cipher-form/components/attachments/cipher-attachments.component.ts sends user information outside the applica... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/vault/components/attachments.component.ts: 27	details Method at line 27 of /libs/angular/src/vault/components/attachments.component.ts sends user information outside the application. This may constitu... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/admin-console/components/collections.component.ts: 21	details Method at line 21 of /libs/angular/src/admin-console/components/collections.component.ts sends user information outside the application. This may ... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/components/share.component.ts: 21	details Method at line 21 of /libs/angular/src/components/share.component.ts sends user information outside the application. This may constitute a Privacy... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/components/share.component.ts: 21	details Method at line 21 of /libs/angular/src/components/share.component.ts sends user information outside the application. This may constitute a Privacy... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/vault/components/password-history.component.ts: 14	details Method at line 14 of /libs/angular/src/vault/components/password-history.component.ts sends user information outside the application. This may con... Attack Vector
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 243	details Method Lambda at line 243 of /apps/cli/src/commands/get.command.ts sends user information outside the application. This may constitute a Privacy Vi... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/vault/components/add-edit.component.ts: 52	details Method at line 52 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application. This may constitute ... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/vault/components/view.component.ts: 51	details Method at line 51 of /libs/angular/src/vault/components/view.component.ts sends user information outside the application. This may constitute a Pr... Attack Vector
	Client_Privacy_Violation	/apps/browser/src/vault/popup/components/vault-v2/attachments/open-attachments/open-attachments.component.ts: 34	details Method app_open_attachments at line 34 of /apps/browser/src/vault/popup/components/vault-v2/attachments/open-attachments/open-attachments.component... Attack Vector
	Client_Privacy_Violation	/apps/browser/src/vault/popup/components/vault-v2/attachments/open-attachments/open-attachments.component.ts: 36	details Method at line 36 of /apps/browser/src/vault/popup/components/vault-v2/attachments/open-attachments/open-attachments.component.ts sends user infor... Attack Vector
	Client_Privacy_Violation	/apps/browser/src/vault/popup/components/vault-v2/vault-password-history-v2/vault-password-history-v2.component.ts: 50	details Method Lambda at line 50 of /apps/browser/src/vault/popup/components/vault-v2/vault-password-history-v2/vault-password-history-v2.component.ts send... Attack Vector
	Client_Privacy_Violation	/apps/browser/src/vault/popup/components/vault-v2/view-v2/view-v2.component.ts: 129	details Method Lambda at line 129 of /apps/browser/src/vault/popup/components/vault-v2/view-v2/view-v2.component.ts sends user information outside the appl... Attack Vector
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 145	details Method getCipher at line 145 of /apps/cli/src/commands/get.command.ts sends user information outside the application. This may constitute a Privacy... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/components/vault-item-dialog/vault-item-dialog.component.ts: 300	details Method onCipherSaved at line 300 of /apps/web/src/app/vault/components/vault-item-dialog/vault-item-dialog.component.ts sends user information outs... Attack Vector
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 333	details Method getAttachment at line 333 of /apps/cli/src/commands/get.command.ts sends user information outside the application. This may constitute a Pri... Attack Vector
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 121	details Method getCipherView at line 121 of /apps/cli/src/commands/get.command.ts sends user information outside the application. This may constitute a Pri... Attack Vector
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 125	details Method getCipherView at line 125 of /apps/cli/src/commands/get.command.ts sends user information outside the application. This may constitute a Pri... Attack Vector
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 147	details Method getCipher at line 147 of /apps/cli/src/commands/get.command.ts sends user information outside the application. This may constitute a Privacy... Attack Vector
	Client_Privacy_Violation	/apps/browser/src/autofill/background/overlay.background.ts: 419	details Method Lambda at line 419 of /apps/browser/src/autofill/background/overlay.background.ts sends user information outside the application. This may c... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/individual-vault/vault.component.ts: 1367	details Method Cxa8112d1b at line 1367 of /apps/web/src/app/vault/individual-vault/vault.component.ts sends user information outside the application. This ... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/individual-vault/vault.component.ts: 1367	details Method Cxa8112d1b at line 1367 of /apps/web/src/app/vault/individual-vault/vault.component.ts sends user information outside the application. This ... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/individual-vault/vault.component.ts: 1367	details Method Cxa8112d1b at line 1367 of /apps/web/src/app/vault/individual-vault/vault.component.ts sends user information outside the application. This ... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/vault/components/add-edit.component.ts: 769	details Method loadAddEditCipherInfo at line 769 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application... Attack Vector
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 115	details Method getCipherView at line 115 of /apps/cli/src/commands/get.command.ts sends user information outside the application. This may constitute a Pri... Attack Vector
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 115	details Method getCipherView at line 115 of /apps/cli/src/commands/get.command.ts sends user information outside the application. This may constitute a Pri... Attack Vector
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 57	details Method at line 57 of /apps/cli/src/commands/get.command.ts sends user information outside the application. This may constitute a Privacy Violation. Attack Vector
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 57	details Method at line 57 of /apps/cli/src/commands/get.command.ts sends user information outside the application. This may constitute a Privacy Violation. Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/individual-vault/vault.component.ts: 308	details Method Lambda at line 308 of /apps/web/src/app/vault/individual-vault/vault.component.ts sends user information outside the application. This may c... Attack Vector
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 131	details Method getCipherView at line 131 of /apps/cli/src/commands/get.command.ts sends user information outside the application. This may constitute a Pri... Attack Vector
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 131	details Method getCipherView at line 131 of /apps/cli/src/commands/get.command.ts sends user information outside the application. This may constitute a Pri... Attack Vector
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 125	details Method getCipherView at line 125 of /apps/cli/src/commands/get.command.ts sends user information outside the application. This may constitute a Pri... Attack Vector
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 125	details Method getCipherView at line 125 of /apps/cli/src/commands/get.command.ts sends user information outside the application. This may constitute a Pri... Attack Vector
	Client_Privacy_Violation	/libs/angular/src/vault/components/add-edit.component.ts: 773	details Method loadAddEditCipherInfo at line 773 of /libs/angular/src/vault/components/add-edit.component.ts sends user information outside the application... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/individual-vault/vault.component.ts: 301	details Method Lambda at line 301 of /apps/web/src/app/vault/individual-vault/vault.component.ts sends user information outside the application. This may c... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/individual-vault/vault.component.ts: 301	details Method Lambda at line 301 of /apps/web/src/app/vault/individual-vault/vault.component.ts sends user information outside the application. This may c... Attack Vector
	Client_JQuery_Deprecated_Symbols	/apps/web/src/app/tools/reports/pages/weak-passwords-report.component.ts: 94	details Method Lambda in /apps/web/src/app/tools/reports/pages/weak-passwords-report.component.ts, at line 94, calls an obsolete API, trim. This has been d... Attack Vector
	Client_JQuery_Deprecated_Symbols	/apps/web/src/app/tools/reports/pages/weak-passwords-report.component.ts: 87	details Method Lambda in /apps/web/src/app/tools/reports/pages/weak-passwords-report.component.ts, at line 87, calls an obsolete API, trim. This has been d... Attack Vector
	Client_JQuery_Deprecated_Symbols	/apps/browser/src/autofill/background/overlay.background.ts: 749	details Method getIdentityCipherData in /apps/browser/src/autofill/background/overlay.background.ts, at line 749, calls an obsolete API, trim. This has bee... Attack Vector

Fixed Issues (18)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Client_Privacy_Violation	/apps/browser/src/autofill/background/overlay.background.ts: 413
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 147
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 145
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 243
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 57
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 57
	Client_Privacy_Violation	/libs/angular/src/vault/components/add-edit.component.ts: 770
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 125
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 125
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 121
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 125
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 331
	Client_Privacy_Violation	/libs/angular/src/vault/components/add-edit.component.ts: 766
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 115
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 115
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 131
	Client_Privacy_Violation	/apps/cli/src/commands/get.command.ts: 131
	Client_JQuery_Deprecated_Symbols	/apps/cli/src/commands/download.command.ts: 43

[codecov]

Codecov Report

Attention: Patch coverage is 24.32990% with 367 lines in your changes missing coverage. Please review.

Project coverage is 34.27%. Comparing base (8a0ebd9) to head (41db3db).
Report is 1 commits behind head on main.

✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
libs/common/src/vault/services/cipher.service.ts	6.75%	67 Missing and 2 partials ⚠️
.../src/app/vault/individual-vault/vault.component.ts	0.00%	14 Missing ⚠️
apps/cli/src/vault/delete.command.ts	0.00%	13 Missing ⚠️
...angular/src/vault/components/add-edit.component.ts	0.00%	12 Missing ⚠️
.../src/autofill/services/desktop-autofill.service.ts	0.00%	11 Missing ⚠️
...ular/src/vault/components/attachments.component.ts	0.00%	10 Missing ⚠️
...assign-collections/assign-collections.component.ts	0.00%	9 Missing ⚠️
...-container/trash-list-items-container.component.ts	0.00%	9 Missing ⚠️
apps/cli/src/commands/restore.command.ts	0.00%	9 Missing ⚠️
apps/cli/src/commands/list.command.ts	0.00%	8 Missing ⚠️
... and 60 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #12814      +/-   ##
==========================================
- Coverage   34.29%   34.27%   -0.02%     
==========================================
  Files        2934     2934              
  Lines       90188    90380     +192     
  Branches    16939    16974      +35     
==========================================
+ Hits        30930    30981      +51     
- Misses      56794    56907     +113     
- Partials     2464     2492      +28     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.