Add set-password function to auth repo (#1121)

2026-06-03 11:16:40 -05:00 · 2024-03-11 14:35:06 -05:00
parent 2237d58ed5
commit 53c241b4d7
4 changed files with 268 additions and 0 deletions
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepository.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepository.kt
@@ -17,6 +17,7 @@ import com.x8bit.bitwarden.data.auth.repository.model.PrevalidateSsoResult
 import com.x8bit.bitwarden.data.auth.repository.model.RegisterResult
 import com.x8bit.bitwarden.data.auth.repository.model.ResendEmailResult
 import com.x8bit.bitwarden.data.auth.repository.model.ResetPasswordResult
+import com.x8bit.bitwarden.data.auth.repository.model.SetPasswordResult
 import com.x8bit.bitwarden.data.auth.repository.model.SwitchAccountResult
 import com.x8bit.bitwarden.data.auth.repository.model.UserState
 import com.x8bit.bitwarden.data.auth.repository.model.ValidatePasswordResult
@@ -208,6 +209,16 @@ interface AuthRepository : AuthenticatorProvider, AuthRequestManager {
        passwordHint: String?,
    ): ResetPasswordResult

+    /**
+     * Sets the user's password to [password] for the user within the given [organizationId] with
+     * an optional [passwordHint].
+     */
+    suspend fun setPassword(
+        organizationId: String,
+        password: String,
+        passwordHint: String?,
+    ): SetPasswordResult
+
    /**
     * Set the value of [captchaTokenResultFlow].
     */
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt
@@ -20,6 +20,7 @@ import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterRequestJso
 import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendEmailRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.ResetPasswordRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.SetPasswordRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.TwoFactorAuthMethod
 import com.x8bit.bitwarden.data.auth.datasource.network.model.TwoFactorDataModel
 import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsService
@@ -45,6 +46,7 @@ import com.x8bit.bitwarden.data.auth.repository.model.PrevalidateSsoResult
 import com.x8bit.bitwarden.data.auth.repository.model.RegisterResult
 import com.x8bit.bitwarden.data.auth.repository.model.ResendEmailResult
 import com.x8bit.bitwarden.data.auth.repository.model.ResetPasswordResult
+import com.x8bit.bitwarden.data.auth.repository.model.SetPasswordResult
 import com.x8bit.bitwarden.data.auth.repository.model.SwitchAccountResult
 import com.x8bit.bitwarden.data.auth.repository.model.UserState
 import com.x8bit.bitwarden.data.auth.repository.model.ValidatePasswordResult
@@ -803,6 +805,62 @@ class AuthRepositoryImpl(
            )
    }

+    override suspend fun setPassword(
+        organizationId: String,
+        password: String,
+        passwordHint: String?,
+    ): SetPasswordResult {
+        val activeAccount = authDiskSource
+            .userState
+            ?.activeAccount
+            ?: return SetPasswordResult.Error
+
+        // Update the saved master password hash.
+        val passwordHash = authSdkSource
+            .hashPassword(
+                email = activeAccount.profile.email,
+                password = password,
+                kdf = activeAccount.profile.toSdkParams(),
+                purpose = HashPurpose.SERVER_AUTHORIZATION,
+            )
+            .getOrElse { return@setPassword SetPasswordResult.Error }
+
+        return authSdkSource
+            .makeRegisterKeys(
+                email = activeAccount.profile.email,
+                password = password,
+                kdf = activeAccount.profile.toSdkParams(),
+            )
+            .flatMap { keyResponse ->
+                accountsService.setPassword(
+                    body = SetPasswordRequestJson(
+                        passwordHash = passwordHash,
+                        passwordHint = passwordHint,
+                        organizationIdentifier = organizationId,
+                        kdfIterations = activeAccount.profile.kdfIterations,
+                        kdfMemory = activeAccount.profile.kdfMemory,
+                        kdfParallelism = activeAccount.profile.kdfParallelism,
+                        kdfType = activeAccount.profile.kdfType,
+                        key = keyResponse.encryptedUserKey,
+                        keys = RegisterRequestJson.Keys(
+                            publicKey = keyResponse.keys.public,
+                            encryptedPrivateKey = keyResponse.keys.private,
+                        ),
+                    ),
+                )
+            }
+            .onSuccess {
+                authDiskSource.storeMasterPasswordHash(
+                    userId = activeAccount.profile.userId,
+                    passwordHash = passwordHash,
+                )
+            }
+            .fold(
+                onFailure = { SetPasswordResult.Error },
+                onSuccess = { SetPasswordResult.Success },
+            )
+    }
+
    override fun setCaptchaCallbackTokenResult(tokenResult: CaptchaCallbackTokenResult) {
        captchaTokenChannel.trySend(tokenResult)
    }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/SetPasswordResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/SetPasswordResult.kt
@@ -0,0 +1,16 @@
+package com.x8bit.bitwarden.data.auth.repository.model
+
+/**
+ * Models result of setting a user's password.
+ */
+sealed class SetPasswordResult {
+    /**
+     * The password was set successfully.
+     */
+    data object Success : SetPasswordResult()
+
+    /**
+     * There was an error setting the password.
+     */
+    data object Error : SetPasswordResult()
+}