Upon trusting device, update decryption options (#1211)

2026-06-04 03:36:32 -05:00 · 2024-04-02 17:21:50 -05:00
parent 663c9785cf
commit e17176f934
4 changed files with 308 additions and 18 deletions
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/TrustedDeviceManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/TrustedDeviceManagerImpl.kt
@@ -2,6 +2,7 @@ package com.x8bit.bitwarden.data.auth.manager

 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesService
+import com.x8bit.bitwarden.data.auth.manager.util.toUserStateJson
 import com.x8bit.bitwarden.data.platform.util.flatMap
 import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource

@@ -44,6 +45,10 @@ class TrustedDeviceManagerImpl(
                                userId = userId,
                                deviceKey = trustedDevice.deviceKey,
                            )
+                            authDiskSource.userState = trustedDevice.toUserStateJson(
+                                userId = userId,
+                                previousUserState = requireNotNull(authDiskSource.userState),
+                            )
                        }
                }
                .also { authDiskSource.shouldTrustDevice = false }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/util/TrustDeviceResponseExtensions.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/util/TrustDeviceResponseExtensions.kt
@@ -0,0 +1,58 @@
+package com.x8bit.bitwarden.data.auth.manager.util
+
+import com.bitwarden.crypto.TrustDeviceResponse
+import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceUserDecryptionOptionsJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.UserDecryptionOptionsJson
+
+/**
+ * Converts the given [TrustDeviceResponse] to an updated [UserStateJson], given the following
+ * additional information:
+ *
+ * - the [userId]
+ * - the [previousUserState]
+ */
+fun TrustDeviceResponse.toUserStateJson(
+    userId: String,
+    previousUserState: UserStateJson,
+): UserStateJson {
+    val trustedAccount = requireNotNull(previousUserState.accounts[userId])
+    val profile = trustedAccount.profile
+    // The UserDecryptionOptionsJson and TrustedDeviceUserDecryptionOptionsJson
+    // should be present at this time, but we have fallbacks just in case.
+    val decryptionOptions = profile
+        .userDecryptionOptions
+        ?: UserDecryptionOptionsJson(
+            hasMasterPassword = false,
+            trustedDeviceUserDecryptionOptions = null,
+            keyConnectorUserDecryptionOptions = null,
+        )
+    val deviceOptions = decryptionOptions
+        .trustedDeviceUserDecryptionOptions
+        ?.copy(
+            encryptedPrivateKey = this.protectedDevicePrivateKey,
+            encryptedUserKey = this.protectedUserKey,
+        )
+        ?: TrustedDeviceUserDecryptionOptionsJson(
+            encryptedPrivateKey = this.protectedDevicePrivateKey,
+            encryptedUserKey = this.protectedUserKey,
+            hasAdminApproval = false,
+            hasLoginApprovingDevice = false,
+            hasManageResetPasswordPermission = false,
+        )
+    val account = trustedAccount.copy(
+        profile = profile.copy(
+            userDecryptionOptions = decryptionOptions.copy(
+                trustedDeviceUserDecryptionOptions = deviceOptions,
+            ),
+        ),
+    )
+
+    // Update the existing UserState.
+    return previousUserState.copy(
+        accounts = previousUserState
+            .accounts
+            .toMutableMap()
+            .apply { put(userId, account) },
+    )
+}