Add trusted device logic (#1224)

2026-06-02 11:12:00 -05:00 · 2024-04-04 11:13:18 -05:00
parent 5d40d68b3f
commit 9685c6057a
23 changed files with 180 additions and 1 deletions
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt
@@ -211,6 +211,7 @@ class AuthRepositoryImpl(
                isBiometricsEnabledProvider = ::isBiometricsEnabled,
                vaultUnlockTypeProvider = ::getVaultUnlockType,
                isLoggedInProvider = ::isUserLoggedIn,
+                isDeviceTrustedProvider = ::isDeviceTrusted,
            )
    }
        .filter {
@@ -230,6 +231,7 @@ class AuthRepositoryImpl(
                    isBiometricsEnabledProvider = ::isBiometricsEnabled,
                    vaultUnlockTypeProvider = ::getVaultUnlockType,
                    isLoggedInProvider = ::isUserLoggedIn,
+                    isDeviceTrustedProvider = ::isDeviceTrusted,
                ),
        )

@@ -1154,6 +1156,10 @@ class AuthRepositoryImpl(
        userId: String,
    ): Boolean = authDiskSource.getUserBiometricUnlockKey(userId = userId) != null

+    private fun isDeviceTrusted(
+        userId: String,
+    ): Boolean = authDiskSource.getDeviceKey(userId = userId) != null
+
    private fun isUserLoggedIn(
        userId: String,
    ): Boolean = authDiskSource.getAccountTokens(userId = userId)?.isLoggedIn == true
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/UserState.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/UserState.kt
@@ -59,8 +59,20 @@ data class UserState(
        val isVaultUnlocked: Boolean,
        val needsPasswordReset: Boolean,
        val needsMasterPassword: Boolean,
+        val trustedDevice: TrustedDevice?,
        val organizations: List<Organization>,
        val isBiometricsEnabled: Boolean,
        val vaultUnlockType: VaultUnlockType = VaultUnlockType.MASTER_PASSWORD,
    )
+
+    /**
+     * Models the data related to trusted device encryption (TDE).
+     */
+    data class TrustedDevice(
+        val isDeviceTrusted: Boolean,
+        val hasMasterPassword: Boolean,
+        val hasAdminApproval: Boolean,
+        val hasLoginApprovingDevice: Boolean,
+        val hasResetPasswordPermission: Boolean,
+    )
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/UserStateJsonExtensions.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/UserStateJsonExtensions.kt
@@ -81,6 +81,7 @@ fun UserStateJson.toUserState(
    isBiometricsEnabledProvider: (userId: String) -> Boolean,
    vaultUnlockTypeProvider: (userId: String) -> VaultUnlockType,
    isLoggedInProvider: (userId: String) -> Boolean,
+    isDeviceTrustedProvider: (userId: String) -> Boolean,
 ): UserState =
    UserState(
        activeUserId = this.activeUserId,
@@ -92,7 +93,21 @@ fun UserStateJson.toUserState(
                val userId = profile.userId
                val vaultUnlocked = vaultState.statusFor(userId) == VaultUnlockData.Status.UNLOCKED
                val needsPasswordReset = profile.forcePasswordResetReason != null
-                val needsMasterPassword = profile.userDecryptionOptions?.hasMasterPassword == false
+                val decryptionOptions = profile.userDecryptionOptions
+                val trustedDeviceOptions = decryptionOptions?.trustedDeviceUserDecryptionOptions
+                val keyConnectorOptions = decryptionOptions?.keyConnectorUserDecryptionOptions
+                val needsMasterPassword = decryptionOptions?.hasMasterPassword == false &&
+                    trustedDeviceOptions?.hasManageResetPasswordPermission != false &&
+                    keyConnectorOptions == null
+                val trustedDevice = trustedDeviceOptions?.let {
+                    UserState.TrustedDevice(
+                        isDeviceTrusted = isDeviceTrustedProvider(userId),
+                        hasMasterPassword = decryptionOptions.hasMasterPassword,
+                        hasAdminApproval = it.hasAdminApproval,
+                        hasLoginApprovingDevice = it.hasLoginApprovingDevice,
+                        hasResetPasswordPermission = it.hasManageResetPasswordPermission,
+                    )
+                }

                UserState.Account(
                    userId = userId,
@@ -114,6 +129,7 @@ fun UserStateJson.toUserState(
                    isBiometricsEnabled = isBiometricsEnabledProvider(userId),
                    vaultUnlockType = vaultUnlockTypeProvider(userId),
                    needsMasterPassword = needsMasterPassword,
+                    trustedDevice = trustedDevice,
                )
            },
        hasPendingAccountAddition = hasPendingAccountAddition,