@protontech/drive-sdk 0.0.10 → 0.0.12

package/src/internal/nodes/cache.test.ts

@@ -1,8 +1,8 @@
 import { MemoryCache } from "../../cache";
-import { NodeType, MemberRole } from "../../interface";
+import { NodeType, MemberRole, RevisionState, resultOk, Result } from "../../interface";
 import { getMockLogger } from "../../tests/logger";
 import { CACHE_TAG_KEYS, NodesCache } from "./cache";
-import { DecryptedNode } from "./interface";
+import { DecryptedNode, DecryptedRevision } from "./interface";
 
 function generateNode(uid: string, parentUid='root', params: Partial<DecryptedNode> & { volumeId?: string } = {}): DecryptedNode {
     return {
@@ -16,6 +16,8 @@ function generateNode(uid: string, parentUid='root', params: Partial<DecryptedNo
         trashTime: undefined,
         volumeId: "volumeId",
         isStale: false,
+        activeRevision: undefined,
+        folder: undefined,
         ...params,
     } as DecryptedNode;
 }
@@ -81,6 +83,43 @@ describe('nodesCache', () => {
         expect(result).toStrictEqual(node);
     });
 
+    it('should store and retrieve folder node', async () => {
+        const node = generateNode('node1', '', {
+            folder: {
+                claimedModificationTime: new Date('2021-01-01'),
+            },
+        });
+
+        await cache.setNode(node);
+        const result = await cache.getNode(node.uid);
+
+        expect(result).toStrictEqual({
+            ...node,
+            folder: {
+                claimedModificationTime: new Date('2021-01-01'),
+            },
+        });
+    });
+
+    it('should store and retrieve node with active revision', async () => {
+        const activeRevision: Result<DecryptedRevision, Error> = resultOk({
+            uid: 'revision1',
+            state: RevisionState.Active,
+            creationTime: new Date('2021-01-01'),
+            storageSize: 100,
+            contentAuthor: resultOk('test@test.com'),
+        });
+        const node = generateNode('node1', '', { activeRevision });
+
+        await cache.setNode(node);
+        const result = await cache.getNode(node.uid);
+
+        expect(result).toStrictEqual({
+            ...node,
+            activeRevision,
+        });
+    });
+
     it('should throw an error when retrieving a non-existing entity', async () => {
         try {
             await cache.getNode('nonExistingNodeUid');

package/src/internal/nodes/cache.ts

@@ -1,7 +1,7 @@
 import { EntityResult } from "../../cache";
-import { ProtonDriveEntitiesCache, Logger } from "../../interface";
+import { ProtonDriveEntitiesCache, Logger, resultOk, Result } from "../../interface";
 import { splitNodeUid } from "../uids";
-import { DecryptedNode } from "./interface";
+import { DecryptedNode, DecryptedRevision } from "./interface";
 
 export enum CACHE_TAG_KEYS {
     ParentUid = 'nodeParentUid',
@@ -228,7 +228,9 @@ function deserialiseNode(nodeData: string): DecryptedNode {
        (typeof node.mediaType !== 'string' && node.mediaType !== undefined) ||
        typeof node.isShared !== 'boolean' ||
        !node.creationTime || typeof node.creationTime !== 'string' ||
-       (typeof node.trashTime !== 'string' && node.trashTime !== undefined)
+       (typeof node.trashTime !== 'string' && node.trashTime !== undefined) ||
+       (typeof node.folder !== 'object' && node.folder !== undefined) ||
+       (typeof node.folder?.claimedModificationTime !== 'string' && node.folder?.claimedModificationTime !== undefined)
    ) {
        throw new Error(`Invalid node data: ${nodeData}`);
    }
@@ -236,5 +238,31 @@ function deserialiseNode(nodeData: string): DecryptedNode {
        ...node,
        creationTime: new Date(node.creationTime),
        trashTime: node.trashTime ? new Date(node.trashTime) : undefined,
+       activeRevision: node.activeRevision ? deserialiseRevision(node.activeRevision) : undefined,
+       folder: node.folder
+            ? {
+                ...node.folder,
+                claimedModificationTime: node.folder.claimedModificationTime ? new Date(node.folder.claimedModificationTime) : undefined,
+            }
+            : undefined,
    };
 }
+
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+function deserialiseRevision(revision: any): Result<DecryptedRevision, Error> {
+    if (
+        (typeof revision !== 'object' && revision !== undefined) ||
+        (typeof revision?.creationTime !== 'string' && revision?.creationTime !== undefined)
+    ) {
+        throw new Error(`Invalid revision data: ${revision}`);
+    }
+
+    if (revision.ok) {
+        return resultOk({
+            ...revision.value,
+            creationTime: new Date(revision.value.creationTime),
+        });
+    }
+
+    return revision;
+}

package/src/internal/nodes/cryptoService.test.ts

@@ -1,5 +1,5 @@
 import { DriveCrypto, PrivateKey, SessionKey, VERIFICATION_STATUS } from "../../crypto";
-import { DegradedNode, MaybeNode, ProtonDriveAccount, ProtonDriveTelemetry, RevisionState } from "../../interface";
+import { ProtonDriveAccount, ProtonDriveTelemetry, RevisionState } from "../../interface";
 import { getMockTelemetry } from "../../tests/telemetry";
 import { DecryptedNode, DecryptedNodeKeys, DecryptedUnparsedNode, EncryptedNode, SharesService } from "./interface";
 import { NodesCryptoService } from "./cryptoService";
@@ -66,7 +66,7 @@ describe("nodesCryptoService", () => {
         expect(telemetry.logEvent).toHaveBeenCalledTimes(1);
         expect(telemetry.logEvent).toHaveBeenCalledWith({
             eventName: "verificationError",
-            context: "own_volume",
+            volumeType: "own_volume",
             fromBefore2024: false,
             addressMatchingDefaultShare: false,
             ...options,
@@ -77,7 +77,7 @@ describe("nodesCryptoService", () => {
         expect(telemetry.logEvent).toHaveBeenCalledTimes(1);
         expect(telemetry.logEvent).toHaveBeenCalledWith({
             eventName: "decryptionError",
-            context: "own_volume",
+            volumeType: "own_volume",
             fromBefore2024: false,
             ...options,
         });

package/src/internal/nodes/cryptoService.ts

@@ -268,7 +268,7 @@ export class NodesCryptoService {
         }
     };
 
-    async getNameSessionKey(node: DecryptedNode, parentKey: PrivateKey): Promise<SessionKey> {
+    async getNameSessionKey(node: { encryptedName: string }, parentKey: PrivateKey): Promise<SessionKey> {
         return this.driveCrypto.decryptSessionKey(node.encryptedName, parentKey);
     }
 
@@ -364,7 +364,6 @@ export class NodesCryptoService {
             hash,
         ] = await Promise.all([
             this.driveCrypto.generateKey([parentKeys.key], addressKey),
-
             this.driveCrypto.encryptNodeName(name, undefined, parentKeys.key, addressKey),
             this.driveCrypto.generateLookupHash(name, parentKeys.hashKey),
         ]);
@@ -399,9 +398,9 @@ export class NodesCryptoService {
     }
 
     async encryptNewName(
+        parentKeys: { key: PrivateKey, hashKey?: Uint8Array },
         nodeNameSessionKey: SessionKey,
         address: { email: string, addressKey: PrivateKey },
-        parentHashKey: Uint8Array | undefined,
         newName: string,
     ): Promise<{
         signatureEmail: string,
@@ -409,9 +408,11 @@ export class NodesCryptoService {
         hash?: string,
     }> {
         const { email, addressKey } = address;
-        const { armoredNodeName } = await this.driveCrypto.encryptNodeName(newName, nodeNameSessionKey, undefined, addressKey);
-        const hash = parentHashKey
-            ? await this.driveCrypto.generateLookupHash(newName, parentHashKey)
+
+        const { armoredNodeName } = await this.driveCrypto.encryptNodeName(newName, nodeNameSessionKey, parentKeys.key, addressKey);
+
+        const hash = parentKeys.hashKey
+            ? await this.driveCrypto.generateLookupHash(newName, parentKeys.hashKey)
             : undefined;
         return {
             signatureEmail: email,
@@ -481,21 +482,21 @@ export class NodesCryptoService {
 
         const fromBefore2024 = node.creationTime < new Date('2024-01-01');
 
-        let addressMatchingDefaultShare, context;
+        let addressMatchingDefaultShare, volumeType;
         try {
             const { volumeId } = splitNodeUid(node.uid);
             const { email } = await this.shareService.getMyFilesShareMemberEmailKey();
             addressMatchingDefaultShare = claimedAuthor ? claimedAuthor === email : undefined;
-            context = await this.shareService.getVolumeMetricContext(volumeId);
+            volumeType = await this.shareService.getVolumeMetricContext(volumeId);
         } catch (error: unknown) {
             this.logger.error('Failed to check if claimed author matches default share', error);
         }
 
-        this.logger.error(`Failed to verify ${field} for node ${node.uid} (from before 2024: ${fromBefore2024}, matching address: ${addressMatchingDefaultShare})`);
+        this.logger.warn(`Failed to verify ${field} for node ${node.uid} (from before 2024: ${fromBefore2024}, matching address: ${addressMatchingDefaultShare})`);
 
         this.telemetry.logEvent({
             eventName: 'verificationError',
-            context,
+            volumeType,
             field,
             addressMatchingDefaultShare,
             fromBefore2024,
@@ -510,10 +511,10 @@ export class NodesCryptoService {
 
         const fromBefore2024 = node.creationTime < new Date('2024-01-01');
 
-        let context;
+        let volumeType;
         try {
             const { volumeId } = splitNodeUid(node.uid);
-            context = await this.shareService.getVolumeMetricContext(volumeId);
+            volumeType = await this.shareService.getVolumeMetricContext(volumeId);
         } catch (error: unknown) {
             this.logger.error('Failed to get metric context', error);
         }
@@ -522,7 +523,7 @@ export class NodesCryptoService {
 
         this.telemetry.logEvent({
             eventName: 'decryptionError',
-            context,
+            volumeType,
             field,
             fromBefore2024,
             error,

package/src/internal/nodes/index.ts

@@ -12,7 +12,7 @@ import { NodesAccess } from "./nodesAccess";
 import { NodesManagement } from "./nodesManagement";
 import { NodesRevisons } from "./nodesRevisions";
 
-export type { DecryptedNode } from "./interface";
+export type { DecryptedNode, DecryptedRevision } from "./interface";
 export { generateFileExtendedAttributes } from "./extendedAttributes";
 
 /**

package/src/internal/nodes/interface.ts

@@ -1,5 +1,5 @@
 import { PrivateKey, SessionKey } from "../../crypto";
-import { NodeEntity, Result, InvalidNameError, Author, MemberRole, NodeType, ThumbnailType, MetricContext, Revision, RevisionState } from "../../interface";
+import { NodeEntity, Result, InvalidNameError, Author, MemberRole, NodeType, ThumbnailType, MetricVolumeType, Revision, RevisionState } from "../../interface";
 
 /**
  * Internal common node interface for both encrypted or decrypted node.
@@ -148,5 +148,5 @@ export interface SharesService {
         addressKey: PrivateKey,
         addressKeyId: string,
     }>,
-    getVolumeMetricContext(volumeId: string): Promise<MetricContext>,
+    getVolumeMetricContext(volumeId: string): Promise<MetricVolumeType>,
 }

package/src/internal/nodes/nodesManagement.test.ts

@@ -113,9 +113,9 @@ describe('NodesManagement', () => {
         });
         expect(nodesAccess.getRootNodeEmailKey).toHaveBeenCalledWith('nodeUid');
         expect(cryptoService.encryptNewName).toHaveBeenCalledWith(
+            { key: 'parentUid-key', hashKey: 'parentUid-hashKey' },
             'nodeUid-nameSessionKey',
             { email: "root-email", addressKey: "root-key" },
-            'parentUid-hashKey',
             'new name',
         );
         expect(apiService.renameNode).toHaveBeenCalledWith(
@@ -149,9 +149,9 @@ describe('NodesManagement', () => {
         expect(nodesAccess.getRootNodeEmailKey).toHaveBeenCalledWith('newParentNodeUid');
         expect(cryptoService.moveNode).toHaveBeenCalledWith(
             nodes.nodeUid,
-            expect.objectContaining({ 
+            expect.objectContaining({
                 key: 'nodeUid-key',
-                passphrase: 'nodeUid-passphrase', 
+                passphrase: 'nodeUid-passphrase',
                 passphraseSessionKey: 'nodeUid-passphraseSessionKey',
                 contentKeyPacketSessionKey: 'nodeUid-contentKeyPacketSessionKey',
                 nameSessionKey: 'nodeUid-nameSessionKey'
@@ -186,12 +186,12 @@ describe('NodesManagement', () => {
         cryptoService.moveNode = jest.fn().mockResolvedValue(encryptedCrypto);
 
         const newNode = await management.moveNode('anonymousNodeUid', 'newParentNodeUid');
-        
+
         expect(cryptoService.moveNode).toHaveBeenCalledWith(
             nodes.anonymousNodeUid,
-            expect.objectContaining({ 
+            expect.objectContaining({
                 key: 'anonymousNodeUid-key',
-                passphrase: 'anonymousNodeUid-passphrase', 
+                passphrase: 'anonymousNodeUid-passphrase',
                 passphraseSessionKey: 'anonymousNodeUid-passphraseSessionKey',
                 contentKeyPacketSessionKey: 'anonymousNodeUid-contentKeyPacketSessionKey',
                 nameSessionKey: 'anonymousNodeUid-nameSessionKey'

package/src/internal/nodes/nodesManagement.ts

@@ -52,7 +52,7 @@ export class NodesManagement {
             signatureEmail,
             armoredNodeName,
             hash,
-        } = await this.cryptoService.encryptNewName(nodeNameSessionKey, address, parentKeys.hashKey, newName);
+        } = await this.cryptoService.encryptNewName(parentKeys, nodeNameSessionKey, address, newName);
 
         // Because hash is optional, lets ensure we have it unless explicitely
         // allowed to rename root node.
@@ -141,7 +141,7 @@ export class NodesManagement {
             nodeUid,
             {
                 hash: node.hash,
-            }, 
+            },
             {
                 ...keySignatureProperties,
                 parentUid: newParentUid,

package/src/internal/shares/cryptoService.test.ts

@@ -99,7 +99,7 @@ describe("SharesCryptoService", () => {
         expect(account.getPublicKeys).toHaveBeenCalledWith("signatureEmail");
         expect(telemetry.logEvent).toHaveBeenCalledWith({
             eventName: 'verificationError',
-            context: 'own_volume',
+            volumeType: 'own_volume',
             field: 'shareKey',
             addressMatchingDefaultShare: undefined,
             fromBefore2024: undefined,
@@ -128,7 +128,7 @@ describe("SharesCryptoService", () => {
 
         expect(telemetry.logEvent).toHaveBeenCalledWith({
             eventName: 'decryptionError',
-            context: 'own_volume',
+            volumeType: 'own_volume',
             field: 'shareKey',
             fromBefore2024: undefined,
             error,

package/src/internal/shares/cryptoService.ts

@@ -1,4 +1,4 @@
-import { ProtonDriveAccount, resultOk, resultError, Result, UnverifiedAuthorError, ProtonDriveTelemetry, Logger, MetricContext } from "../../interface";
+import { ProtonDriveAccount, resultOk, resultError, Result, UnverifiedAuthorError, ProtonDriveTelemetry, Logger, MetricVolumeType } from "../../interface";
 import { DriveCrypto, PrivateKey, VERIFICATION_STATUS } from "../../crypto";
 import { getVerificationMessage } from "../errors";
 import { EncryptedRootShare, DecryptedRootShare, EncryptedShareCrypto, DecryptedShareKey, ShareType } from "./interface";
@@ -91,7 +91,7 @@ export class SharesCryptoService {
             },
         }
     }
-    
+
     private reportDecryptionError(share: EncryptedRootShare, error?: unknown) {
         if (this.reportedDecryptionErrors.has(share.shareId)) {
             return;
@@ -102,7 +102,7 @@ export class SharesCryptoService {
 
         this.telemetry.logEvent({
             eventName: 'decryptionError',
-            context: shareTypeToMetricContext(share.type),
+            volumeType: shareTypeToMetricContext(share.type),
             field: 'shareKey',
             fromBefore2024,
             error,
@@ -120,7 +120,7 @@ export class SharesCryptoService {
 
         this.telemetry.logEvent({
             eventName: 'verificationError',
-            context: shareTypeToMetricContext(share.type),
+            volumeType: shareTypeToMetricContext(share.type),
             field: 'shareKey',
             fromBefore2024,
         });
@@ -128,7 +128,7 @@ export class SharesCryptoService {
     }
 }
 
-function shareTypeToMetricContext(shareType: ShareType): MetricContext {
+function shareTypeToMetricContext(shareType: ShareType): MetricVolumeType {
     // SDK doesn't support public sharing yet, also public sharing
     // doesn't use a share but shareURL, thus we can simplify and
     // ignore this case for now.
@@ -136,8 +136,8 @@ function shareTypeToMetricContext(shareType: ShareType): MetricContext {
         case ShareType.Main:
         case ShareType.Device:
         case ShareType.Photo:
-            return MetricContext.OwnVolume;
+            return MetricVolumeType.OwnVolume;
         case ShareType.Standard:
-            return MetricContext.Shared;
+            return MetricVolumeType.Shared;
     }
 }

package/src/internal/shares/manager.ts

@@ -1,4 +1,4 @@
-import { Logger, MetricContext, ProtonDriveAccount } from "../../interface";
+import { Logger, MetricVolumeType, ProtonDriveAccount } from "../../interface";
 import { PrivateKey } from "../../crypto";
 import { NotFoundAPIError } from "../apiService";
 import { SharesAPIService } from "./apiService";
@@ -195,16 +195,16 @@ export class SharesManager {
         };
     }
 
-    async getVolumeMetricContext(volumeId: string): Promise<MetricContext> {
+    async getVolumeMetricContext(volumeId: string): Promise<MetricVolumeType> {
         const { volumeId: myVolumeId } = await this.getMyFilesIDs();
 
         // SDK doesn't support public sharing yet, also public sharing
         // doesn't use a volume but shareURL, thus we can simplify and
         // ignore this case for now.
         if (volumeId === myVolumeId) {
-            return MetricContext.OwnVolume;
+            return MetricVolumeType.OwnVolume;
         }
-        return MetricContext.Shared;
+        return MetricVolumeType.Shared;
     }
 
     async loadEncryptedShare(shareId: string): Promise<EncryptedShare> {

package/src/internal/sharing/apiService.ts

@@ -51,7 +51,7 @@ type PutShareUrlResponse = drivePaths['/drive/shares/{shareID}/urls/{urlID}']['p
 
 /**
  * Provides API communication for fetching and managing sharing.
- * 
+ *
  * The service is responsible for transforming local objects to API payloads
  * and vice versa. It should not contain any business logic.
  */
@@ -380,7 +380,7 @@ export class SharingAPIService {
         creatorEmail: string,
         role: MemberRole,
         includesCustomPassword: boolean,
-        expirationDuration?: number,
+        expirationTime?: number,
         crypto: EncryptedPublicLinkCrypto,
         srp: SRPVerifier,
     }): Promise<{
@@ -392,8 +392,8 @@ export class SharingAPIService {
         }
 
         const result = await this.apiService.post<
-            // TODO: Backend type wrongly requires ExpirationTime and Name.
-            Omit<PostShareUrlRequest, 'ExpirationTime' | 'Name'>,
+            // TODO: Backend type wrongly requires ExpirationDuration (it should be optional) and Name (it is not used).
+            Omit<PostShareUrlRequest, 'ExpirationDuration' | 'Name'>,
             PostShareUrlResponse
         >(`drive/shares/${shareId}/urls`, {
             CreatorEmail: publicLink.creatorEmail,
@@ -408,7 +408,7 @@ export class SharingAPIService {
     async updatePublicLink(publicLinkUid: string, publicLink: {
         role: MemberRole,
         includesCustomPassword: boolean,
-        expirationDuration?: number,
+        expirationTime?: number,
         crypto: EncryptedPublicLinkCrypto,
         srp: SRPVerifier,
     }): Promise<void> {
@@ -419,8 +419,8 @@ export class SharingAPIService {
         const { shareId, publicLinkId } = splitPublicLinkUid(publicLinkUid);
 
         await this.apiService.put<
-            // TODO: Backend type wrongly requires ExpirationTime and Name.
-            Omit<PutShareUrlRequest, 'ExpirationTime' | 'Name'>,
+            // TODO: Backend type wrongly requires ExpirationTime (it should be optional) and Name (it is not used).
+            Omit<PutShareUrlRequest, 'ExpirationTime' | 'Name'> & { ExpirationTime: number | null },
             PutShareUrlResponse
         >(`drive/shares/${shareId}/urls/${publicLinkId}`, this.generatePublicLinkRequestPayload(publicLink));
     }
@@ -428,16 +428,16 @@ export class SharingAPIService {
     private generatePublicLinkRequestPayload(publicLink: {
         role: MemberRole,
         includesCustomPassword: boolean,
-        expirationDuration?: number,
+        expirationTime?: number,
         crypto: EncryptedPublicLinkCrypto,
         srp: SRPVerifier,
-    }): Pick<PostShareUrlRequest, 'Permissions' | 'Flags' | 'ExpirationDuration' | 'SharePasswordSalt' | 'SharePassphraseKeyPacket' | 'Password' | 'UrlPasswordSalt' | 'SRPVerifier' | 'SRPModulusID' | 'MaxAccesses'> {
+    }): Pick<PostShareUrlRequest, 'Permissions' | 'Flags' | 'ExpirationTime' | 'SharePasswordSalt' | 'SharePassphraseKeyPacket' | 'Password' | 'UrlPasswordSalt' | 'SRPVerifier' | 'SRPModulusID' | 'MaxAccesses'> {
         return {
             Permissions: memberRoleToPermission(publicLink.role) as 4 | 6,
             Flags: publicLink.includesCustomPassword
                 ? 3 // Random + custom password set.
                 : 2, // Random password set.
-            ExpirationDuration: publicLink.expirationDuration || null,
+            ExpirationTime: publicLink.expirationTime || null,
 
             SharePasswordSalt: publicLink.crypto.base64SharePasswordSalt,
             SharePassphraseKeyPacket: publicLink.crypto.base64SharePassphraseKeyPacket,

package/src/internal/sharing/cryptoService.test.ts

@@ -0,0 +1,148 @@
+import { DriveCrypto, PrivateKey } from "../../crypto";
+import { MetricVolumeType, NodeType, ProtonDriveAccount, ProtonDriveTelemetry, resultError, resultOk } from "../../interface";
+import { getMockTelemetry } from "../../tests/telemetry";
+import { SharesService } from "./interface";
+import { SharingCryptoService } from "./cryptoService";
+
+describe("SharingCryptoService", () => {
+    let telemetry: ProtonDriveTelemetry;
+    let driveCrypto: DriveCrypto;
+    let account: ProtonDriveAccount;
+    let sharesService: SharesService;
+    let cryptoService: SharingCryptoService;
+
+    beforeEach(() => {
+        telemetry = getMockTelemetry();
+        // @ts-expect-error No need to implement all methods for mocking
+        driveCrypto = {
+            decryptShareUrlPassword: jest.fn().mockResolvedValue("urlPassword"),
+            decryptKeyWithSrpPassword: jest.fn().mockResolvedValue({
+                key: "decryptedKey" as unknown as PrivateKey,
+            }),
+            decryptNodeName: jest.fn().mockResolvedValue({
+                name: "nodeName",
+            }),
+        };
+        account = {
+            // @ts-expect-error No need to implement full response for mocking
+            getOwnAddress: jest.fn(async () => ({
+                keys: [{ key: "addressKey" as unknown as PrivateKey }],
+            })),
+        };
+        // @ts-expect-error No need to implement all methods for mocking
+        sharesService = {
+            getMyFilesShareMemberEmailKey: jest.fn().mockResolvedValue({
+                addressId: "addressId",
+            }),
+        };
+        cryptoService = new SharingCryptoService(telemetry, driveCrypto, account, sharesService);
+    });
+
+    describe("decryptBookmark", () => {
+        const encryptedBookmark = {
+            tokenId: "tokenId",
+            creationTime: new Date(),
+            url: {
+                encryptedUrlPassword: "encryptedUrlPassword",
+                base64SharePasswordSalt: "base64SharePasswordSalt",
+            },
+            share: {
+                armoredKey: "armoredKey",
+                armoredPassphrase: "armoredPassphrase",
+            },
+            node: {
+                type: NodeType.File,
+                mediaType: "mediaType",
+                encryptedName: "encryptedName",
+                armoredKey: "armoredKey",
+                armoredNodePassphrase: "armoredNodePassphrase",
+                file: {
+                    base64ContentKeyPacket: "base64ContentKeyPacket",
+                },
+            },
+        }
+
+        it("should decrypt bookmark", async () => {
+            const result = await cryptoService.decryptBookmark(encryptedBookmark);
+
+            expect(result).toMatchObject({
+                url: resultOk("https://drive.proton.me/urls/tokenId#urlPassword"),
+                nodeName: resultOk("nodeName"),
+            });
+            expect(driveCrypto.decryptShareUrlPassword).toHaveBeenCalledWith("encryptedUrlPassword", ["addressKey"]);
+            expect(driveCrypto.decryptKeyWithSrpPassword).toHaveBeenCalledWith("urlPassword", "base64SharePasswordSalt", "armoredKey", "armoredPassphrase");
+            expect(driveCrypto.decryptNodeName).toHaveBeenCalledWith("encryptedName", "decryptedKey", []);
+            expect(telemetry.logEvent).not.toHaveBeenCalled();
+        });
+
+        it("should handle undecryptable URL password", async () => {
+            const error = new Error("Failed to decrypt URL password");
+            driveCrypto.decryptShareUrlPassword = jest.fn().mockRejectedValue(error);
+
+            const result = await cryptoService.decryptBookmark(encryptedBookmark);
+
+            expect(result).toMatchObject({
+                url: resultError(new Error("Failed to decrypt bookmark password: Failed to decrypt URL password")),
+                nodeName: resultError(new Error("Failed to decrypt bookmark password: Failed to decrypt URL password")),
+            });
+            expect(telemetry.logEvent).toHaveBeenCalledWith({
+                eventName: 'decryptionError',
+                volumeType: MetricVolumeType.SharedPublic,
+                field: 'shareUrlPassword',
+                error,
+            });
+        });
+
+        it("should handle undecryptable share key", async () => {
+            const error = new Error("Failed to decrypt share key");
+            driveCrypto.decryptKeyWithSrpPassword = jest.fn().mockRejectedValue(error);
+
+            const result = await cryptoService.decryptBookmark(encryptedBookmark);
+
+            expect(result).toMatchObject({
+                url: resultOk("https://drive.proton.me/urls/tokenId#urlPassword"),
+                nodeName: resultError(new Error("Failed to decrypt bookmark key: Failed to decrypt share key")),
+            });
+            expect(telemetry.logEvent).toHaveBeenCalledWith({
+                eventName: 'decryptionError',
+                volumeType: MetricVolumeType.SharedPublic,
+                field: 'shareKey',
+                error,
+            });
+        });
+
+        it("should handle undecryptable node name", async () => {
+            const error = new Error("Failed to decrypt node name");
+            driveCrypto.decryptNodeName = jest.fn().mockRejectedValue(error);
+
+            const result = await cryptoService.decryptBookmark(encryptedBookmark);
+
+            expect(result).toMatchObject({
+                url: resultOk("https://drive.proton.me/urls/tokenId#urlPassword"),
+                nodeName: resultError(new Error("Failed to decrypt bookmark name: Failed to decrypt node name")),
+            });
+            expect(telemetry.logEvent).toHaveBeenCalledWith({
+                eventName: 'decryptionError',
+                volumeType: MetricVolumeType.SharedPublic,
+                field: 'nodeName',
+                error,
+            });
+        });
+
+        it("should handle invalid node name", async () => {
+            driveCrypto.decryptNodeName = jest.fn().mockResolvedValue({
+                name: "invalid/name",
+            });
+
+            const result = await cryptoService.decryptBookmark(encryptedBookmark);
+
+            expect(result).toMatchObject({
+                url: resultOk("https://drive.proton.me/urls/tokenId#urlPassword"),
+                nodeName: resultError({
+                    name: "invalid/name",
+                    error: "Name must not contain the character '/'",
+                }),
+            });
+        });
+    });
+});