From 329753d9dcf9bf4a974f3eb1e5b6c87b98fbb58e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andre=CC=81=20Bispo?= Date: Wed, 26 Feb 2025 09:44:25 +0000 Subject: [PATCH] [PM-18451] Elevated privileges do not exempt from remove pin unlock policy --- .../platform/manager/PolicyManagerImpl.kt | 2 + .../AccountSecurityViewModelTest.kt | 106 +++++++++++++++++- 2 files changed, 107 insertions(+), 1 deletion(-) diff --git a/app/src/main/java/com/x8bit/bitwarden/data/platform/manager/PolicyManagerImpl.kt b/app/src/main/java/com/x8bit/bitwarden/data/platform/manager/PolicyManagerImpl.kt index 55c658e000..7e9572bc17 100644 --- a/app/src/main/java/com/x8bit/bitwarden/data/platform/manager/PolicyManagerImpl.kt +++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/manager/PolicyManagerImpl.kt @@ -97,6 +97,8 @@ class PolicyManagerImpl( organization.type == OrganizationType.OWNER } else if (policyType == PolicyTypeJson.PASSWORD_GENERATOR) { false + } else if (policyType == PolicyTypeJson.REMOVE_UNLOCK_WITH_PIN) { + false } else { (organization.type == OrganizationType.OWNER || organization.type == OrganizationType.ADMIN) || diff --git a/app/src/test/java/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/AccountSecurityViewModelTest.kt b/app/src/test/java/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/AccountSecurityViewModelTest.kt index 91cedef445..a9c963c4db 100644 --- a/app/src/test/java/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/AccountSecurityViewModelTest.kt +++ b/app/src/test/java/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/AccountSecurityViewModelTest.kt @@ -6,6 +6,7 @@ import app.cash.turbine.test import com.x8bit.bitwarden.R import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus import com.x8bit.bitwarden.data.auth.repository.AuthRepository +import com.x8bit.bitwarden.data.auth.repository.model.Organization import com.x8bit.bitwarden.data.auth.repository.model.PolicyInformation import com.x8bit.bitwarden.data.auth.repository.model.UserFingerprintResult import com.x8bit.bitwarden.data.auth.repository.model.UserState @@ -24,6 +25,7 @@ import com.x8bit.bitwarden.data.platform.repository.model.VaultTimeoutAction import com.x8bit.bitwarden.data.platform.repository.util.FakeEnvironmentRepository import com.x8bit.bitwarden.data.platform.repository.util.bufferedMutableSharedFlow import com.x8bit.bitwarden.data.platform.util.isBuildVersionBelow +import com.x8bit.bitwarden.data.vault.datasource.network.model.OrganizationType import com.x8bit.bitwarden.data.vault.datasource.network.model.PolicyTypeJson import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson.Policy import com.x8bit.bitwarden.data.vault.datasource.network.model.createMockPolicy @@ -177,6 +179,79 @@ class AccountSecurityViewModelTest : BaseViewModelTest() { createMockPolicy( isEnabled = true, type = PolicyTypeJson.REMOVE_UNLOCK_WITH_PIN, + organizationId = "organizationUser", + ), + ), + ) + + viewModel.stateFlow.test { + assertEquals( + DEFAULT_STATE.copy( + removeUnlockWithPinPolicyEnabled = true, + ), + awaitItem(), + ) + } + } + + @Test + fun `remove pin policy is true when user role is ADMIN`() = runTest { + val viewModel = createViewModel() + + mutableRemovePinPolicyFlow.emit( + listOf( + createMockPolicy( + organizationId = "organizationAdmin", + isEnabled = true, + type = PolicyTypeJson.REMOVE_UNLOCK_WITH_PIN, + ), + ), + ) + + viewModel.stateFlow.test { + assertEquals( + DEFAULT_STATE.copy( + removeUnlockWithPinPolicyEnabled = true, + ), + awaitItem(), + ) + } + } + + @Test + fun `remove pin policy is true when user role is OWNER`() = runTest { + val viewModel = createViewModel() + + mutableRemovePinPolicyFlow.emit( + listOf( + createMockPolicy( + organizationId = "organizationOwner", + isEnabled = true, + type = PolicyTypeJson.REMOVE_UNLOCK_WITH_PIN, + ), + ), + ) + + viewModel.stateFlow.test { + assertEquals( + DEFAULT_STATE.copy( + removeUnlockWithPinPolicyEnabled = true, + ), + awaitItem(), + ) + } + } + + @Test + fun `remove pin policy is true when user role is CUSTOM with manage policies`() = runTest { + val viewModel = createViewModel() + + mutableRemovePinPolicyFlow.emit( + listOf( + createMockPolicy( + organizationId = "organizationCustom", + isEnabled = true, + type = PolicyTypeJson.REMOVE_UNLOCK_WITH_PIN, ), ), ) @@ -909,7 +984,36 @@ private val DEFAULT_USER_STATE = UserState( isVaultUnlocked = true, needsPasswordReset = false, isBiometricsEnabled = false, - organizations = emptyList(), + organizations = listOf( + Organization( + id = "organizationUser", + name = "Organization User", + shouldUseKeyConnector = false, + shouldManageResetPassword = false, + role = OrganizationType.USER, + ), + Organization( + id = "organizationAdmin", + name = "Organization Admin", + shouldUseKeyConnector = false, + shouldManageResetPassword = false, + role = OrganizationType.ADMIN, + ), + Organization( + id = "organizationOwner", + name = "Organization Owner", + shouldUseKeyConnector = false, + shouldManageResetPassword = false, + role = OrganizationType.OWNER, + ), + Organization( + id = "organizationCustom", + name = "Organization Owner", + shouldUseKeyConnector = false, + shouldManageResetPassword = false, + role = OrganizationType.CUSTOM, + ), + ), needsMasterPassword = false, trustedDevice = null, hasMasterPassword = true,