passbolt-browser-extension 5.2.0 → 5.3.2

package/src/all/background_page/controller/metadata/getOrFindMetadataKeysSettingsController.js

@@ -0,0 +1,53 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.4.0
+ */
+import GetOrFindMetadataSettingsService from "../../service/metadata/getOrFindMetadataSettingsService";
+
+class GetOrFindMetadataKeysController {
+  /**
+   * @constructor
+   * @param {Worker} worker
+   * @param {string} requestId
+   * @param {ApiClientOptions} apiClientOptions the api client options
+   * @param {AccountEntity} account the user account
+   */
+  constructor(worker, requestId, apiClientOptions, account) {
+    this.worker = worker;
+    this.requestId = requestId;
+    this.getOrFindMetadaSettingsService = new GetOrFindMetadataSettingsService(account, apiClientOptions);
+  }
+
+  /**
+   * Controller executor.
+   * @returns {Promise<void>}
+   */
+  async _exec() {
+    try {
+      const result = await this.exec();
+      this.worker.port.emit(this.requestId, 'SUCCESS', result);
+    } catch (error) {
+      console.error(error);
+      this.worker.port.emit(this.requestId, 'ERROR', error);
+    }
+  }
+
+  /**
+   * Get or find the metadata keys settings entity.
+   * @returns {Promise<MetadataKeysSettingsEntity>}
+   */
+  async exec() {
+    return this.getOrFindMetadaSettingsService.getOrFindKeysSettings();
+  }
+}
+
+export default GetOrFindMetadataKeysController;

package/src/all/background_page/controller/metadata/getOrFindMetadataKeysSettingsController.test.js

@@ -0,0 +1,106 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.4.0
+ */
+
+import AccountEntity from "../../model/entity/account/accountEntity";
+import {defaultAccountDto} from "../../model/entity/account/accountEntity.test.data";
+import {defaultApiClientOptions} from "passbolt-styleguide/src/shared/lib/apiClient/apiClientOptions.test.data";
+import GetOrFindMetadataKeysController from "./getOrFindMetadataKeysSettingsController";
+import {
+  defaultMetadataKeysSettingsDto,
+} from "passbolt-styleguide/src/shared/models/entity/metadata/metadataKeysSettingsEntity.test.data";
+import MetadataKeysSettingsEntity
+  from "passbolt-styleguide/src/shared/models/entity/metadata/metadataKeysSettingsEntity";
+import {enableFetchMocks} from "jest-fetch-mock";
+import {
+  defaultCeOrganizationSettings
+} from "../../model/entity/organizationSettings/organizationSettingsEntity.test.data";
+
+beforeEach(() => {
+  enableFetchMocks();
+});
+
+jest.mock("../../service/passphrase/getPassphraseService");
+
+describe("GetOrFindMetadataKeysSettingsController", () => {
+  let controller, account, apiClientOptions;
+
+  beforeEach(async() => {
+    account = new AccountEntity(defaultAccountDto());
+    apiClientOptions = defaultApiClientOptions();
+    controller = new GetOrFindMetadataKeysController(null, null, apiClientOptions, account);
+    // flush account related storage before each.
+    await controller.getOrFindMetadaSettingsService.metadataKeysSettingsLocalStorage.flush();
+  });
+
+  describe("::exec", () => {
+    it("get or find metadata keys settings for a v5.", async() => {
+      expect.assertions(3);
+
+      const metadataKeysSettingsDto = defaultMetadataKeysSettingsDto();
+      const siteSettingsDto = defaultCeOrganizationSettings();
+      jest.spyOn(controller.getOrFindMetadaSettingsService.findAndUpdateMetadataSettingsLocalStorageService.findMetadataSettingsService, "findKeysSettings")
+        .mockImplementationOnce(() => new MetadataKeysSettingsEntity(metadataKeysSettingsDto));
+      jest.spyOn(controller.getOrFindMetadaSettingsService.findAndUpdateMetadataSettingsLocalStorageService.organisationSettingsModel.organizationSettingsService, "find")
+        .mockImplementation(() => siteSettingsDto);
+
+      const metadataKeysSettings = await controller.exec();
+
+      expect(metadataKeysSettings).toBeInstanceOf(MetadataKeysSettingsEntity);
+      expect(metadataKeysSettings.toDto()).toEqual(metadataKeysSettingsDto);
+      const storageValue = await controller.getOrFindMetadaSettingsService.metadataKeysSettingsLocalStorage.get();
+      expect(storageValue).toEqual(metadataKeysSettingsDto);
+    });
+
+    it("get or find metadata keys settings with usage of the shared key for a v5.", async() => {
+      expect.assertions(3);
+
+      const metadataKeysSettingsDto = defaultMetadataKeysSettingsDto({
+        allow_usage_of_personal_keys: false,
+        zero_knowledge_key_share: true,
+      });
+      const siteSettingsDto = defaultCeOrganizationSettings();
+      jest.spyOn(controller.getOrFindMetadaSettingsService.findAndUpdateMetadataSettingsLocalStorageService.findMetadataSettingsService, "findKeysSettings")
+        .mockImplementationOnce(() => new MetadataKeysSettingsEntity(metadataKeysSettingsDto));
+      jest.spyOn(controller.getOrFindMetadaSettingsService.findAndUpdateMetadataSettingsLocalStorageService.organisationSettingsModel.organizationSettingsService, "find")
+        .mockImplementation(() => siteSettingsDto);
+
+      const metadataKeysSettings = await controller.exec();
+
+      expect(metadataKeysSettings).toBeInstanceOf(MetadataKeysSettingsEntity);
+      expect(metadataKeysSettings.toDto()).toEqual(metadataKeysSettingsDto);
+      const storageValue = await controller.getOrFindMetadaSettingsService.metadataKeysSettingsLocalStorage.get();
+      expect(storageValue).toEqual(metadataKeysSettingsDto);
+    });
+
+    it("get or find metadata keys settings for a v4 should have the default.", async() => {
+      expect.assertions(3);
+
+      const siteSettingsDto = defaultCeOrganizationSettings();
+      // disable the plugin metadata.
+      delete siteSettingsDto.passbolt.plugins.metadata;
+      jest.spyOn(controller.getOrFindMetadaSettingsService.findAndUpdateMetadataSettingsLocalStorageService.organisationSettingsModel.organizationSettingsService, "find")
+        .mockImplementation(() => siteSettingsDto);
+      jest.spyOn(controller.getOrFindMetadaSettingsService.findAndUpdateMetadataSettingsLocalStorageService.findMetadataSettingsService.metadataKeysSettingsApiService, "findSettings")
+        .mockImplementationOnce(() => {});
+
+      const metadataKeysSettings = await controller.exec();
+
+      const expectedMetadataKeysSettingsDto = MetadataKeysSettingsEntity.createFromDefault().toDto();
+      expect(metadataKeysSettings).toBeInstanceOf(MetadataKeysSettingsEntity);
+      expect(metadataKeysSettings.toDto()).toEqual(expectedMetadataKeysSettingsDto);
+      const storageValue = await controller.getOrFindMetadaSettingsService.metadataKeysSettingsLocalStorage.get();
+      expect(storageValue).toEqual(expectedMetadataKeysSettingsDto);
+    });
+  });
+});

package/src/all/background_page/controller/resource/updateResourceLocalStorageByFolderParentIdController.js

@@ -0,0 +1,70 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.3.0
+ */
+import {assertUuid} from "../../utils/assertions";
+import FindAndUpdateResourcesLocalStorage from "../../service/resource/findAndUpdateResourcesLocalStorageService";
+import UserPassphraseRequiredError from "passbolt-styleguide/src/shared/error/userPassphraseRequiredError";
+import GetPassphraseService from "../../service/passphrase/getPassphraseService";
+
+class UpdateResourceLocalStorageByFolderParentIdController {
+  /**
+   * Constructor.
+   * @param {Worker} worker The associated worker.
+   * @param {string} requestId The associated request id.
+   * @param {ApiClientOptions} apiClientOptions The api client options.
+   * @param {AccountEntity} account The user account
+   */
+  constructor(worker, requestId, apiClientOptions, account) {
+    this.worker = worker;
+    this.requestId = requestId;
+    this.findAndUpdateResourcesLocalStorage = new FindAndUpdateResourcesLocalStorage(account, apiClientOptions);
+    this.getPassphraseService = new GetPassphraseService(account);
+  }
+
+  /**
+   * Controller executor.
+   * @param {string} parentFolderId the resources parent folder id
+   * @returns {Promise<void>}
+   */
+  async _exec(parentFolderId) {
+    try {
+      await this.exec(parentFolderId);
+      this.worker.port.emit(this.requestId, 'SUCCESS');
+    } catch (error) {
+      console.error(error);
+      this.worker.port.emit(this.requestId, 'ERROR', error);
+    }
+  }
+
+  /**
+   * Update resource local storage resource for a given folder.
+   * @param {string} parentFolderId the resources parent folder id
+   * @returns {Promise<void>}
+   */
+  async exec(parentFolderId) {
+    assertUuid(parentFolderId);
+    try {
+      await this.findAndUpdateResourcesLocalStorage.findAndUpdateAllByParentFolderId(parentFolderId);
+      return;
+    } catch (error) {
+      if (!(error instanceof UserPassphraseRequiredError)) {
+        throw error;
+      }
+    }
+
+    const passphrase = await this.getPassphraseService.getPassphrase(this.worker, 60);
+    await this.findAndUpdateResourcesLocalStorage.findAndUpdateAllByParentFolderId(parentFolderId, passphrase);
+  }
+}
+
+export default UpdateResourceLocalStorageByFolderParentIdController;

package/src/all/background_page/controller/resource/updateResourceLocalStorageByFolderParentIdController.test.js

@@ -0,0 +1,78 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.3.0
+ */
+
+import {defaultApiClientOptions} from "passbolt-styleguide/src/shared/lib/apiClient/apiClientOptions.test.data";
+import AccountEntity from "../../model/entity/account/accountEntity";
+import {defaultAccountDto} from "../../model/entity/account/accountEntity.test.data";
+import {v4 as uuidv4} from "uuid";
+import UpdateResourceLocalStorageByFolderParentIdController from "./updateResourceLocalStorageByFolderParentIdController";
+import UserPassphraseRequiredError from "passbolt-styleguide/src/shared/error/userPassphraseRequiredError";
+
+describe("UpdateResourceLocalStorageByFolderParentIdController", () => {
+  let controller, worker;
+
+  beforeEach(() => {
+    worker = {
+      port: {
+        emit: jest.fn()
+      }
+    };
+    const account = new AccountEntity(defaultAccountDto());
+    const apiClientOptions = defaultApiClientOptions();
+    controller = new UpdateResourceLocalStorageByFolderParentIdController(worker, null, apiClientOptions, account);
+  });
+
+  describe("::exec", () => {
+    it("should call for update the local storage given a folder ID", async() => {
+      expect.assertions(2);
+
+      const parentFolderId = uuidv4();
+
+      jest.spyOn(controller.findAndUpdateResourcesLocalStorage, "findAndUpdateAllByParentFolderId").mockImplementation(() => {});
+
+      await controller.exec(parentFolderId);
+
+      expect(controller.findAndUpdateResourcesLocalStorage.findAndUpdateAllByParentFolderId).toHaveBeenCalledTimes(1);
+      expect(controller.findAndUpdateResourcesLocalStorage.findAndUpdateAllByParentFolderId).toHaveBeenCalledWith(parentFolderId);
+    });
+
+    it("should call for update the local storage given a folder ID a second time with a passphrase if the first time it failed", async() => {
+      expect.assertions(3);
+
+      const parentFolderId = uuidv4();
+      const passphrase = "passphrase";
+
+      jest.spyOn(controller.getPassphraseService, "getPassphrase").mockImplementation(async() => passphrase);
+      jest.spyOn(controller.findAndUpdateResourcesLocalStorage, "findAndUpdateAllByParentFolderId").mockImplementation(async(_, passphrase) => {
+        if (!passphrase) {
+          throw new UserPassphraseRequiredError("Missing passphrase");
+        }
+      });
+
+      await controller.exec(parentFolderId);
+
+      expect(controller.findAndUpdateResourcesLocalStorage.findAndUpdateAllByParentFolderId).toHaveBeenCalledTimes(2);
+      expect(controller.findAndUpdateResourcesLocalStorage.findAndUpdateAllByParentFolderId).toHaveBeenCalledWith(parentFolderId);
+      expect(controller.findAndUpdateResourcesLocalStorage.findAndUpdateAllByParentFolderId).toHaveBeenCalledWith(parentFolderId, passphrase);
+    });
+
+    it("should throw an error if the parent folder id is not a valid uuid", async() => {
+      expect.assertions(1);
+
+      const promise =  controller.exec(42);
+
+      await expect(promise).rejects.toThrowError("The given parameter is not a valid UUID");
+    });
+  });
+});

package/src/all/background_page/controller/share/shareOneFolderController.test.js

@@ -15,7 +15,7 @@ import {v4 as uuidv4} from "uuid";
 import AccountEntity from "../../model/entity/account/accountEntity";
 import {adminAccountDto} from "../../model/entity/account/accountEntity.test.data";
 import {defaultApiClientOptions} from "passbolt-styleguide/src/shared/lib/apiClient/apiClientOptions.test.data";
-import MockPort from "passbolt-styleguide/test/mocks/mockPort";
+import MockPort from "passbolt-styleguide/src/react-extension/test/mock/MockPort";
 import {
   defaultPermissionDto,
   minimumPermissionDto
@@ -26,6 +26,7 @@ import FoldersCollection from "../../model/entity/folder/foldersCollection";
 import {defaultFolderDto} from "passbolt-styleguide/src/shared/models/entity/folder/folderEntity.test.data";
 const {pgpKeys} = require("passbolt-styleguide/test/fixture/pgpKeys/keys");
 
+
 describe("ShareOneFolderController", () => {
   describe("::exec", () => {
     let account, controller;

package/src/all/background_page/controller/share/shareResourcesController.test.js

@@ -23,7 +23,7 @@ import {
 import ResourcesCollection from "../../model/entity/resource/resourcesCollection";
 import expect from "expect";
 import {defaultApiClientOptions} from "passbolt-styleguide/src/shared/lib/apiClient/apiClientOptions.test.data";
-import MockPort from "passbolt-styleguide/test/mocks/mockPort";
+import MockPort from "passbolt-styleguide/src/react-extension/test/mock/MockPort";
 import {v4 as uuidv4} from "uuid";
 import {minimumPermissionDto} from "passbolt-styleguide/src/shared/models/entity/permission/permissionEntity.test.data";
 import EncryptMessageService from "../../service/crypto/encryptMessageService";

package/src/all/background_page/controller/user/deleteDryRunUserController.js

@@ -0,0 +1,73 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.4.0
+ */
+
+import DeleteDryRunError from "../../error/deleteDryRunError";
+import GetPassphraseService from "../../service/passphrase/getPassphraseService";
+import DeleteUserService from "../../service/user/deleteUserService";
+import DecryptMetadataService from "../../service/metadata/decryptMetadataService";
+
+class DeleteDryRunUserController {
+  /**
+   * Constructor
+   * @param {Worker} worker
+   * @param {string} requestId uuid
+   * @param {ApiClientOptions} apiClientOptions The api client options
+   * @param {AccountEntity} account The account associated to the worker.
+   */
+  constructor(worker, requestId, apiClientOptions, account) {
+    this.worker = worker;
+    this.requestId = requestId;
+    this.deleteUserService = new DeleteUserService(account, apiClientOptions);
+    this.getPassphraseService = new GetPassphraseService(account);
+    this.decryptMetadataService = new DecryptMetadataService(apiClientOptions, account);
+  }
+
+  /**
+   * Controller executor.
+   * @returns {Promise<void>}
+   */
+  async _exec(userId) {
+    try {
+      await this.exec(userId);
+      this.worker.port.emit(this.requestId, 'SUCCESS');
+    } catch (error) {
+      console.error(error);
+      this.worker.port.emit(this.requestId, 'ERROR', error);
+    }
+  }
+
+  /**
+   * Delete dry run the user.
+   * @param {string} userId The user id.
+   * @return {Promise<void>}
+   * @throws {DeleteDryRunError} if the data should be transferred to someone.
+   * @throws {Error} if the data returned by the API is not a PassboltApiFetchError with error code 400.
+   */
+  async exec(userId) {
+    try {
+      await this.deleteUserService.deleteDryRun(userId);
+    } catch (error) {
+      if (error instanceof DeleteDryRunError) {
+        const resourcesCollection = error.errors.resources?.sole_owner;
+        if (resourcesCollection?.items.some(resourceEntity => !resourceEntity.isMetadataDecrypted())) {
+          const passphrase = await this.getPassphraseService.getPassphrase(this.worker);
+          await this.decryptMetadataService.decryptAllFromForeignModels(error.errors.resources.sole_owner, passphrase);
+        }
+      }
+      throw error;
+    }
+  }
+}
+
+export default DeleteDryRunUserController;

package/src/all/background_page/controller/user/deleteDryRunUserController.test.js

@@ -0,0 +1,129 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.4.0
+ */
+
+import {enableFetchMocks} from "jest-fetch-mock";
+import {mockApiResponse, mockApiResponseError} from "../../../../../test/mocks/mockApiResponse";
+import {defaultApiClientOptions} from "passbolt-styleguide/src/shared/lib/apiClient/apiClientOptions.test.data";
+import RoleEntity from "passbolt-styleguide/src/shared/models/entity/role/roleEntity";
+import AccountEntity from "../../model/entity/account/accountEntity";
+import {defaultAccountDto} from "../../model/entity/account/accountEntity.test.data";
+import {defaultSharedResourcesWithEncryptedMetadataDtos, defaultResourcesDtos} from "passbolt-styleguide/src/shared/models/entity/resource/resourcesCollection.test.data";
+import {defaultDecryptedSharedMetadataKeysDtos} from "passbolt-styleguide/src/shared/models/entity/metadata/metadataKeysCollection.test.data";
+import PassboltApiFetchError from "passbolt-styleguide/src/shared/lib/Error/PassboltApiFetchError";
+import DeleteDryRunUserController from "./deleteDryRunUserController";
+import {v4 as uuidv4} from "uuid";
+import DeleteDryRunError from "../../error/deleteDryRunError";
+import {pgpKeys} from 'passbolt-styleguide/test/fixture/pgpKeys/keys';
+import MetadataKeysCollection from "passbolt-styleguide/src/shared/models/entity/metadata/metadataKeysCollection";
+
+beforeEach(() => {
+  enableFetchMocks();
+});
+
+describe("DeleteDryRunUserController", () => {
+  describe("::exec", () => {
+    const accountDto = defaultAccountDto();
+    accountDto.role_name = RoleEntity.ROLE_ADMIN;
+    const account = new AccountEntity(accountDto);
+
+    it("Should delete dry run the user without transfer", async() => {
+      expect.assertions(1);
+
+      const userId = uuidv4();
+
+      fetch.doMockOnceIf(new RegExp(`/users/${userId}/dry-run.json`), () => mockApiResponse({}));
+
+      const controller = new DeleteDryRunUserController(null, null, defaultApiClientOptions(), account);
+      jest.spyOn(controller.deleteUserService, "deleteDryRun");
+
+      await controller.exec(userId);
+
+      expect(controller.deleteUserService.deleteDryRun).toHaveBeenCalledWith(userId);
+    });
+
+    it("Should throw an error if the user has transfer and decrypt", async() => {
+      expect.assertions(2);
+
+      const userId = uuidv4();
+      const metadataKeysDtos = defaultDecryptedSharedMetadataKeysDtos();
+      const metadataKeys = new MetadataKeysCollection(metadataKeysDtos);
+      const collectionDto = defaultSharedResourcesWithEncryptedMetadataDtos(10, {
+        metadata_key_id: metadataKeysDtos[0].id
+      });
+      const body = {
+        errors: {
+          resources: {
+            sole_owner: collectionDto
+          }
+        }
+      };
+
+      fetch.doMockOnceIf(new RegExp(`/users/${userId}/dry-run.json`), () => mockApiResponseError(400, "Need transfer", body));
+
+      const controller = new DeleteDryRunUserController(null, null, defaultApiClientOptions(), account);
+      jest.spyOn(controller.decryptMetadataService.getOrFindMetadataKeysService, "getOrFindAll").mockImplementation(() => metadataKeys);
+      jest.spyOn(controller.getPassphraseService, "getPassphrase").mockImplementationOnce(() => pgpKeys.ada.passphrase);
+
+      try {
+        await controller.exec(userId);
+      } catch (error) {
+        expect(error).toBeInstanceOf(DeleteDryRunError);
+        expect(error.errors.resources.sole_owner.items.every(resourceEntity => resourceEntity.isMetadataDecrypted())).toBeTruthy();
+      }
+    });
+
+    it("Should throw an error if the user has transfer without decryption", async() => {
+      expect.assertions(4);
+
+      const userId = uuidv4();
+      const collectionDto = defaultResourcesDtos();
+      const body = {
+        errors: {
+          resources: {
+            sole_owner: collectionDto
+          }
+        }
+      };
+
+      fetch.doMockOnceIf(new RegExp(`/users/${userId}/dry-run.json`), () => mockApiResponseError(400, "Need transfer", body));
+
+      const controller = new DeleteDryRunUserController(null, null, defaultApiClientOptions(), account);
+      jest.spyOn(controller.decryptMetadataService.getOrFindMetadataKeysService, "getOrFindAll");
+      jest.spyOn(controller.getPassphraseService, "getPassphrase");
+
+      try {
+        await controller.exec(userId);
+      } catch (error) {
+        expect(error).toBeInstanceOf(DeleteDryRunError);
+        expect(error.errors.resources.sole_owner.items.every(resourceEntity => resourceEntity.isMetadataDecrypted())).toBeTruthy();
+        expect(controller.decryptMetadataService.getOrFindMetadataKeysService.getOrFindAll).not.toHaveBeenCalled();
+        expect(controller.getPassphraseService.getPassphrase).not.toHaveBeenCalled();
+      }
+    });
+
+    it("Should throw an error if something wrong happens on the API", async() => {
+      expect.assertions(1);
+
+      const userId = uuidv4();
+      fetch.doMockOnceIf(new RegExp(`/users/${userId}/dry-run.json`), async() => mockApiResponseError(500, "Something went wrong"));
+
+      const controller = new DeleteDryRunUserController(null, null, defaultApiClientOptions(), account);
+      try {
+        await controller.exec(userId);
+      } catch (e) {
+        expect(e).toBeInstanceOf(PassboltApiFetchError);
+      }
+    });
+  });
+});

package/src/all/background_page/controller/user/deleteUserController.js

@@ -0,0 +1,76 @@
+/**
+ * Passbolt ~ Open source password manager for teams
+ * Copyright (c) Passbolt SA (https://www.passbolt.com)
+ *
+ * Licensed under GNU Affero General Public License version 3 of the or any later version.
+ * For full copyright and license information, please see the LICENSE.txt
+ * Redistributions of files must retain the above copyright notice.
+ *
+ * @copyright     Copyright (c) Passbolt SA (https://www.passbolt.com)
+ * @license       https://opensource.org/licenses/AGPL-3.0 AGPL License
+ * @link          https://www.passbolt.com Passbolt(tm)
+ * @since         5.4.0
+ */
+
+import DeleteDryRunError from "../../error/deleteDryRunError";
+import GetPassphraseService from "../../service/passphrase/getPassphraseService";
+import DeleteUserService from "../../service/user/deleteUserService";
+import DecryptMetadataService from "../../service/metadata/decryptMetadataService";
+import UserDeleteTransferEntity from "../../model/entity/user/transfer/userDeleteTransferEntity";
+
+class DeleteUserController {
+  /**
+   * Constructor
+   * @param {Worker} worker
+   * @param {string} requestId uuid
+   * @param {ApiClientOptions} apiClientOptions The api client options
+   * @param {AccountEntity} account The account associated to the worker.
+   */
+  constructor(worker, requestId, apiClientOptions, account) {
+    this.worker = worker;
+    this.requestId = requestId;
+    this.deleteUserService = new DeleteUserService(account, apiClientOptions);
+    this.getPassphraseService = new GetPassphraseService(account);
+    this.decryptMetadataService = new DecryptMetadataService(apiClientOptions, account);
+  }
+
+  /**
+   * Controller executor.
+   * @returns {Promise<void>}
+   */
+  async _exec(userId, transferDto) {
+    try {
+      await this.exec(userId, transferDto);
+      this.worker.port.emit(this.requestId, 'SUCCESS');
+    } catch (error) {
+      console.error(error);
+      this.worker.port.emit(this.requestId, 'ERROR', error);
+    }
+  }
+
+  /**
+   * Delete dry run the user.
+   * @param {string} userId The user id.
+   * @param {object} [transferDto = null] The transfer dto.
+   * @return {Promise<void>}
+   * @throws {DeleteDryRunError} if the data should be transferred to someone.
+   * @throws {Error} if the data returned by the API is not a PassboltApiFetchError with error code 400.
+   */
+  async exec(userId, transferDto = null) {
+    try {
+      const transferEntity = transferDto ? new UserDeleteTransferEntity(transferDto) : null;
+      await this.deleteUserService.delete(userId, transferEntity);
+    } catch (error) {
+      if (error instanceof DeleteDryRunError) {
+        const resourcesCollection = error.errors.resources?.sole_owner;
+        if (resourcesCollection?.items.some(resourceEntity => !resourceEntity.isMetadataDecrypted())) {
+          const passphrase = this.getPassphraseService.getPassphrase(this.worker);
+          await this.decryptMetadataService.decryptAllFromForeignModels(error.errors.resources.sole_owner, passphrase);
+        }
+      }
+      throw error;
+    }
+  }
+}
+
+export default DeleteUserController;