Bug 2007416 - wipe individual logins on DecryptionErrors (#7343)

bendk · web-flow · commit 6b2684e631df · 2026-05-14T16:11:32.000Z
Also:
  * Set sync_status in `LoginsDb::touch()`
  * Handle missing row for LAST_SYNC_META_KEY in `get_last_sync()`
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,7 +1,12 @@
 # v152.0 (In progress)
 
+## ✨ What's New ✨
+
 ### Breach Alerts
-- New component: `breach-alerts` for storing and retrieving breach alert dismissals by breach ID.
+* New component: `breach-alerts` for storing and retrieving breach alert dismissals by breach ID.
+
+### Logins
+* `run_maintenance()` now optionally deletes undecryptable logins (https://bugzilla.mozilla.org/show_bug.cgi?id=2007416)
 
 [Full Changelog](In progress)
 
diff --git a/components/logins/src/logins.udl b/components/logins/src/logins.udl
@@ -302,11 +302,16 @@ interface LoginStore {
     /// This is intended to be run during idle time and will take steps / to clean up / shrink the
     /// database.
     [Throws=LoginsApiError]
-    void run_maintenance();
+    void run_maintenance(optional RunMaintenanceOptions? options=null);
 
     [Self=ByArc]
     void register_with_sync_manager();
 
     [Self=ByArc]
     void shutdown();
 };
+
+dictionary RunMaintenanceOptions {
+    // Wipe un-decryptable logins.  These will hopefully come back on the next sync.
+    boolean delete_undecryptable_records_for_remote_replacement=true;
+};
diff --git a/components/logins/src/store.rs b/components/logins/src/store.rs
@@ -330,9 +330,13 @@ impl LoginStore {
     }
 
     #[handle_error(Error)]
-    pub fn run_maintenance(&self) -> ApiResult<()> {
+    pub fn run_maintenance(&self, options: Option<RunMaintenanceOptions>) -> ApiResult<()> {
         let conn = self.lock_db()?;
+        let options = options.unwrap_or_default();
         run_maintenance(&conn)?;
+        if options.delete_undecryptable_records_for_remote_replacement {
+            conn.delete_undecryptable_records_for_remote_replacement(conn.encdec.as_ref())?;
+        }
         Ok(())
     }
 
@@ -364,6 +368,18 @@ impl LoginStore {
     }
 }
 
+pub struct RunMaintenanceOptions {
+    pub delete_undecryptable_records_for_remote_replacement: bool,
+}
+
+impl Default for RunMaintenanceOptions {
+    fn default() -> Self {
+        Self {
+            delete_undecryptable_records_for_remote_replacement: true,
+        }
+    }
+}
+
 #[cfg(not(feature = "keydb"))]
 #[cfg(test)]
 mod tests {
