[PM-18936] Show key connector domain (#5034)

Co-authored-by: GitHub Actions Bot <actions@github.com>
Co-authored-by: Patrick Honkonen <phonkonen@bitwarden.com>

.github/CODEOWNERS

@@ -5,7 +5,7 @@
 # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
 
 # Default file owners.
-* @bitwarden/team-android @brian-livefront @david-livefront @dseverns-livefront @ahaisting-livefront @phil-livefront
+* @bitwarden/team-android @brian-livefront @david-livefront
 
 # Actions and workflow changes.
 .github/ @bitwarden/dept-development-mobile

.github/scripts/validate-json/.python-version

@@ -0,0 +1 @@
+3.13

.github/scripts/validate-json/README.md

@@ -0,0 +1,39 @@
+# JSON Validation Scripts
+
+Utility scripts for validating JSON files and checking for duplicate package names between Google and Community privileged browser lists.
+
+## Usage
+
+### Validate a JSON file
+
+```bash
+python validate_json.py validate <json_file>
+```
+
+### Check for duplicates between two JSON files
+
+```bash
+python validate_json.py duplicates <json_file1> <json_file2> [output_file]
+```
+
+If `output_file` is not specified, duplicates will be saved to `duplicates.txt`.
+
+## Running Tests
+
+```bash
+# Run all tests
+python -m unittest test_validate_json.py
+
+# Run the invalid JSON test individually
+python -m unittest test_validate_json.TestValidateJson.test_validate_json_invalid
+```
+
+## Examples
+
+```bash
+# Validate Google privileged browsers list
+python validate_json.py validate ../../app/src/main/assets/fido2_privileged_google.json
+
+# Check for duplicates between Google and Community lists
+python validate_json.py duplicates ../../app/src/main/assets/fido2_privileged_google.json ../../app/src/main/assets/fido2_privileged_community.json duplicates.txt
+```

.github/scripts/validate-json/fixtures/sample-invalid.json

@@ -0,0 +1,20 @@
+{
+  "apps": [
+
+      "type": "android",
+      "info": {
+        "package_name": "com.android.chrome",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+          }
+        ]
+      }
+    }
+  ]
+}

.github/scripts/validate-json/fixtures/sample-valid1.json

@@ -0,0 +1,48 @@
+{
+  "apps": [
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.android.chrome",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.chrome.dev",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "90:44:EE:5F:EE:4B:BC:5E:21:DD:44:66:54:31:C4:EB:1F:1F:71:A3:27:16:A0:BC:92:7B:CB:B3:92:33:CA:BF"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "3D:7A:12:23:01:9A:A3:9D:9E:A0:E3:43:6A:B7:C0:89:6B:FB:4F:B6:79:F4:DE:5F:E7:C2:3F:32:6C:8F:99:4A"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.chrome.canary",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "DF:A1:FB:23:EF:BF:70:C5:BC:D1:44:3C:5B:EA:B0:4F:3F:2F:F4:36:6E:9A:C1:E3:45:76:39:A2:4C:FC"
+          }
+        ]
+      }
+    }
+  ]
+}

.github/scripts/validate-json/fixtures/sample-valid2.json

@@ -0,0 +1,20 @@
+{
+  "apps": [
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.chromium.chrome",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C6:AD:B8:B8:3C:6D:4C:17:D2:92:AF:DE:56:FD:48:8A:51:D3:16:FF:8F:2C:11:C5:41:02:23:BF:F8:A7:DB:B3"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
+          }
+        ]
+      }
+    }
+  ]
+}

.github/scripts/validate-json/test_validate_json.py

@@ -0,0 +1,48 @@
+#!/usr/bin/env python3
+import unittest
+import os
+import json
+from validate_json import validate_json, find_duplicates, get_package_names
+from unittest.mock import patch
+import io
+
+
+class TestValidateJson(unittest.TestCase):
+    def setUp(self):
+        self.valid_file = os.path.join(os.path.dirname(__file__), "fixtures/sample-valid1.json")
+        self.valid_file2 = os.path.join(os.path.dirname(__file__), "fixtures/sample-valid2.json")
+        self.invalid_file = os.path.join(os.path.dirname(__file__), "fixtures/sample-invalid.json")
+
+        # Suppress stdout
+        self.stdout_patcher = patch('sys.stdout', new=io.StringIO())
+        self.stdout_patcher.start()
+
+    def tearDown(self):
+        self.stdout_patcher.stop()
+
+    def test_validate_json_valid(self):
+        """Test validation of valid JSON file"""
+        self.assertTrue(validate_json(self.valid_file))
+
+    def test_validate_json_invalid(self):
+        """Test validation of invalid JSON file"""
+        self.assertFalse(validate_json(self.invalid_file))
+
+    def test_find_duplicates(self):
+        """Test when using the same file (should find duplicates)"""
+        expected_package_names = get_package_names(self.valid_file)
+
+        duplicates = find_duplicates(self.valid_file, self.valid_file)
+
+        self.assertEqual(len(duplicates), len(expected_package_names))
+        for package_name in expected_package_names:
+            self.assertIn(package_name, duplicates)
+
+    def test_find_duplicates_returns_empty_list_when_no_duplicates(self):
+        """Test when using different files (should not find duplicates)"""
+        duplicates = find_duplicates(self.valid_file, self.valid_file2)
+        self.assertEqual(len(duplicates), 0)
+
+
+if __name__ == "__main__":
+    unittest.main()

.github/scripts/validate-json/validate_json.py

@@ -0,0 +1,145 @@
+#!/usr/bin/env python3
+import json
+import sys
+import os
+from typing import List, Dict, Any, Set
+
+
+def get_package_names(file_path: str) -> Set[str]:
+    """
+    Extracts package names from a JSON file.
+
+    Args:
+        file_path: Path to the JSON file
+
+    Returns:
+        Set of package names
+    """
+    with open(file_path, 'r') as f:
+        data = json.load(f)
+
+    package_names = set()
+    for app in data["apps"]:
+        package_names.add(app["info"]["package_name"])
+
+    return package_names
+
+
+def validate_json(file_path: str) -> bool:
+    """
+    Validates if a JSON file is correctly formatted by attempting to deserialize it.
+
+    Args:
+        file_path: Path to the JSON file to validate
+
+    Returns:
+        True if valid, False otherwise
+    """
+    try:
+        if not os.path.exists(file_path):
+            print(f"Error: File {file_path} does not exist")
+            return False
+
+        with open(file_path, 'r') as f:
+            json.load(f)
+        print(f"✅ JSON file {file_path} is valid")
+        return True
+    except json.JSONDecodeError as e:
+        print(f"❌ Invalid JSON in {file_path}: {str(e)}")
+        return False
+    except Exception as e:
+        print(f"❌ Error validating {file_path}: {str(e)}")
+        return False
+
+
+def find_duplicates(file1_path: str, file2_path: str) -> List[str]:
+    """
+    Checks for duplicate package_name entries between two JSON files.
+
+    Args:
+        file1_path: Path to the first JSON file
+        file2_path: Path to the second JSON file
+
+    Returns:
+        List of duplicate package names, empty list if none found
+    """
+    try:
+        # Get package names from both files
+        packages1 = get_package_names(file1_path)
+        packages2 = get_package_names(file2_path)
+
+        # Find duplicates
+        duplicates = list(packages1.intersection(packages2))
+
+        if duplicates:
+            print(f"❌ Found {len(duplicates)} duplicate package names between {file1_path} and {file2_path}:")
+            for dup in duplicates:
+                print(f"  - {dup}")
+            return duplicates
+        else:
+            print(f"✅ No duplicate package names found between {file1_path} and {file2_path}")
+            return []
+
+    except Exception as e:
+        print(f"❌ Error checking duplicates: {str(e)}")
+        return []
+
+
+def save_duplicates_to_file(duplicates: List[str], output_file: str) -> None:
+    """
+    Saves the list of duplicates to a file.
+
+    Args:
+        duplicates: List of duplicate package names
+        output_file: Path to save the list of duplicates
+    """
+    try:
+        with open(output_file, 'w') as f:
+            for dup in duplicates:
+                f.write(f"{dup}\n")
+        print(f"Duplicates saved to {output_file}")
+    except Exception as e:
+        print(f"❌ Error saving duplicates to file: {str(e)}")
+
+
+def main():
+    if len(sys.argv) < 2:
+        print("Usage:")
+        print("  Validate JSON: python validate_json.py validate <json_file>")
+        print("  Check duplicates: python validate_json.py duplicates <json_file1> <json_file2> [output_file]")
+        sys.exit(1)
+
+    command = sys.argv[1]
+
+    match command:
+        case "validate":
+            if len(sys.argv) < 3:
+                print("Error: Missing JSON file path")
+                sys.exit(1)
+
+            file_path = sys.argv[2]
+            success = validate_json(file_path)
+            sys.exit(0 if success else 1)
+
+        case "duplicates":
+            if len(sys.argv) < 4:
+                print("Error: Missing JSON file paths")
+                sys.exit(1)
+
+            file1_path = sys.argv[2]
+            file2_path = sys.argv[3]
+            output_file = sys.argv[4] if len(sys.argv) > 4 else "duplicates.txt"
+
+            duplicates = find_duplicates(file1_path, file2_path)
+            if duplicates:
+                save_duplicates_to_file(duplicates, output_file)
+
+            sys.exit(0)
+
+        case _:
+            print(f"Unknown command: {command}")
+            sys.exit(1)
+
+
+if __name__ == "__main__":
+    main()

.github/workflows/build-authenticator.yml

@@ -78,7 +78,7 @@ jobs:
           bundle install --jobs 4 --retry 3
 
       - name: Check Authenticator
-        run: bundle exec fastlane checkAuthenticator
+        run: bundle exec fastlane check
 
       - name: Build Authenticator
         run: bundle exec fastlane buildAuthenticatorDebug

.github/workflows/cron-sync-google-priviledged-browsers.yml

@@ -0,0 +1,98 @@
+name: Cron / Sync Google Privileged Browsers List
+
+on:
+  schedule:
+    # Run weekly on Monday at 00:00 UTC
+    - cron: '0 0 * * 1'
+  workflow_dispatch:
+
+env:
+  SOURCE_URL: https://www.gstatic.com/gpm-passkeys-privileged-apps/apps.json
+  GOOGLE_FILE: app/src/main/assets/fido2_privileged_google.json
+  COMMUNITY_FILE: app/src/main/assets/fido2_privileged_community.json
+
+jobs:
+  sync-privileged-browsers:
+    name: Sync Google Privileged Browsers List
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
+
+      - name: Download Google Privileged Browsers List
+        run: curl -s $SOURCE_URL -o $GOOGLE_FILE
+
+      - name: Check for changes
+        id: check-changes
+        run: |
+          if git diff --quiet -- $GOOGLE_FILE; then
+            echo "👀 No changes detected, skipping..."
+            echo "has_changes=false" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+
+          echo "has_changes=true" >> $GITHUB_OUTPUT
+          echo "👀 Changes detected, validating fido2_privileged_google.json..."
+
+          python .github/scripts/validate-json/validate_json.py validate $GOOGLE_FILE
+          if [ $? -ne 0 ]; then
+            echo "::error::JSON validation failed for $GOOGLE_FILE"
+            exit 1
+          fi
+
+          echo "👀 fido2_privileged_google.json is valid, checking for duplicates..."
+
+          # Check for duplicates between Google and Community files
+          python .github/scripts/validate-json/validate_json.py duplicates $GOOGLE_FILE $COMMUNITY_FILE duplicates.txt
+
+          if [ -f duplicates.txt ]; then
+            echo "::warning::Duplicate package names found between Google and Community files."
+            echo "duplicates_found=true" >> $GITHUB_OUTPUT
+          else
+            echo "✅ No duplicate package names found between Google and Community files"
+            echo "duplicates_found=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Create branch and commit
+        if: steps.check-changes.outputs.has_changes == 'true'
+        run: |
+          echo "👀 Committing fido2_privileged_google.json..."
+
+          BRANCH_NAME="cron-sync-privileged-browsers/$GITHUB_RUN_NUMBER-sync"
+          git config user.name "GitHub Actions Bot"
+          git config user.email "actions@github.com"
+          git checkout -b $BRANCH_NAME
+          git add $GOOGLE_FILE
+          git commit -m "Update Google privileged browsers list"
+          git push origin $BRANCH_NAME
+          echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
+          echo "🌱 Branch created: $BRANCH_NAME"
+
+      - name: Create Pull Request
+        if: steps.check-changes.outputs.has_changes == 'true'
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DUPLICATES_FOUND: ${{ steps.check-changes.outputs.duplicates_found }}
+          BASE_PR_URL: ${{ github.server_url }}/${{ github.repository }}/pull/
+        run: |
+          PR_BODY="Updates the Google privileged browsers list with the latest data from $SOURCE_URL"
+
+          if [ "$DUPLICATES_FOUND" = "true" ]; then
+            PR_BODY="$PR_BODY\n\n> [!WARNING]\n> :suspect: The following package(s) appear in both Google and Community files:"
+            while IFS= read -r line; do
+              PR_BODY="$PR_BODY\n> - $line"
+            done < duplicates.txt
+          fi
+
+          # Use echo -e to interpret escape sequences and pipe to gh pr create
+          PR_URL=$(echo -e "$PR_BODY" | gh pr create \
+            --title "Update Google privileged browsers list" \
+            --body-file - \
+            --base main \
+            --head $BRANCH_NAME \
+            --label "automated-pr" \
+            --label "t:ci")

.github/workflows/scan-authenticator.yml

@@ -1,76 +0,0 @@
-name: Scan Authenticator
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - "main"
-      - "rc"
-      - "hotfix-rc"
-  pull_request_target:
-    types: [opened, synchronize]
-
-jobs:
-  check-run:
-    name: Check PR run
-    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
-
-  sast:
-    name: SAST scan
-    runs-on: ubuntu-24.04
-    needs: check-run
-    permissions:
-      contents: read
-      pull-requests: write
-      security-events: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{  github.event.pull_request.head.sha }}
-
-      - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
-        env:
-          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
-        with:
-          project_name: ${{ github.repository }}
-          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
-          base_uri: https://ast.checkmarx.net/
-          cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
-          cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
-          additional_params: |
-            --report-format sarif \
-            --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
-            --output-path . ${{ env.INCREMENTAL }}
-
-      - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2
-        with:
-          sarif_file: cx_result.sarif
-
-  quality:
-    name: Quality scan
-    runs-on: ubuntu-24.04
-    needs: check-run
-    permissions:
-      contents: read
-      pull-requests: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-          ref: ${{  github.event.pull_request.head.sha }}
-
-      - name: Scan with SonarCloud
-        uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        with:
-          args: >
-            -Dsonar.organization=${{ github.repository_owner }}
-            -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
-            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}

.github/workflows/scan-ci.yml

@@ -58,4 +58,3 @@ jobs:
           args: >
             -Dsonar.organization=${{ github.repository_owner }}
             -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
-            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}

.github/workflows/scan.yml

@@ -44,6 +44,8 @@ jobs:
         uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
         with:
           sarif_file: cx_result.sarif
+          sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
+          ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }}
 
   quality:
     name: Quality scan

.github/workflows/test-authenticator.yml

@@ -1,82 +0,0 @@
-name: Test Authenticator
-
-on:
-  push:
-    branches:
-      - "main"
-      - "rc"
-      - "hotfix-rc"
-  pull_request_target:
-    types: [opened, synchronize]
-
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  JAVA_VERSION: 17
-
-jobs:
-  check-run:
-    name: Check PR run
-    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
-
-  test:
-    name: Test
-    runs-on: ubuntu-24.04
-    needs: check-run
-    permissions:
-      contents: read
-      packages: read
-      pull-requests: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{  github.event.pull_request.head.sha }}
-
-      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
-
-      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-v2-
-
-      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
-        with:
-          path: |
-            ${{ github.workspace }}/build-cache
-          key: ${{ runner.os }}-build-cache-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-build-
-
-      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
-        with:
-          bundler-cache: true
-
-      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
-        with:
-          distribution: "temurin"
-          java-version: ${{ env.JAVA_VERSION }}
-
-      - name: Install Fastlane
-        run: |
-          gem install bundler:2.2.27
-          bundle config path vendor/bundle
-          bundle install --jobs 4 --retry 3
-
-      - name: Build and test Authenticator
-        run: |
-          bundle exec fastlane checkAuthenticator
-
-      - name: Upload to codecov.io
-        uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
-        with:
-          files: authenticator/build/reports/kover/reportDebug.xml

.github/workflows/test.yml

@@ -23,6 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     permissions:
       packages: read
+      pull-requests: write
 
     steps:
       - name: Check out repo
@@ -79,25 +80,14 @@ jobs:
         with:
           name: test-reports
           path: |
+            build/reports/kover/reportMergedCoverage.xml
             app/build/reports/tests/
-            app/build/reports/kover/reportStandardDebug.xml
-
-  report:
-    name: Process Test Reports
-    needs: test
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      issues: write
-      pull-requests: write
-    if: success()
-
-    steps:
-      - name: Download test artifacts
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        with:
-          name: test-reports
+            authenticator/build/reports/tests/
+            authenticatorbridge/build/reports/tests/
+            core/build/reports/tests/
+            data/build/reports/tests/
+            network/build/reports/tests/
+            ui/build/reports/tests/
 
       - name: Upload to codecov.io
         id: upload-to-codecov
@@ -106,8 +96,9 @@ jobs:
         continue-on-error: true
         with:
           os: linux
-          files: kover/reportStandardDebug.xml
+          files: build/reports/kover/reportMergedCoverage.xml
           fail_ci_if_error: true
+          disable_search: true
 
       - name: Comment PR if tests failed
         if: steps.upload-to-codecov.outcome == 'failure' && (github.event_name == 'push' || github.event_name == 'pull_request')

.gitignore

@@ -28,3 +28,10 @@ user.properties
 /app/src/standardBeta/google-services.json
 /app/src/standardRelease/google-services.json
 /authenticator/src/google-services.json
+
+# Python
+.python-version
+__pycache__/
+
+# Generated by .github/scripts/validate-json/validate-json.py
+duplicates.txt

Gemfile.lock

@@ -10,17 +10,18 @@ GEM
     artifactory (3.0.17)
     atomos (0.1.3)
     aws-eventstream (1.3.2)
-    aws-partitions (1.1067.0)
-    aws-sdk-core (3.220.1)
+    aws-partitions (1.1084.0)
+    aws-sdk-core (3.222.1)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
       base64
       jmespath (~> 1, >= 1.6.1)
+      logger
     aws-sdk-kms (1.99.0)
       aws-sdk-core (~> 3, >= 3.216.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.182.0)
+    aws-sdk-s3 (1.183.0)
       aws-sdk-core (~> 3, >= 3.216.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
@@ -70,7 +71,7 @@ GEM
     faraday_middleware (1.2.1)
       faraday (~> 1.0)
     fastimage (2.4.0)
-    fastlane (2.227.0)
+    fastlane (2.227.1)
       CFPropertyList (>= 2.3, < 4.0.0)
       addressable (>= 2.8, < 3.0.0)
       artifactory (~> 3.0)
@@ -110,7 +111,7 @@ GEM
       tty-spinner (>= 0.8.0, < 1.0.0)
       word_wrap (~> 1.0.0)
       xcodeproj (>= 1.13.0, < 2.0.0)
-      xcpretty (~> 0.4.0)
+      xcpretty (~> 0.4.1)
       xcpretty-travis-formatter (>= 0.0.3, < 2.0.0)
     fastlane-plugin-firebase_app_distribution (0.10.0)
       google-apis-firebaseappdistribution_v1 (~> 0.3.0)
@@ -167,6 +168,7 @@ GEM
     json (2.10.2)
     jwt (2.10.1)
       base64
+    logger (1.7.0)
     mini_magick (4.13.2)
     mini_mime (1.1.5)
     multi_json (1.15.0)
@@ -219,7 +221,7 @@ GEM
       colored2 (~> 3.1)
       nanaimo (~> 0.4.0)
       rexml (>= 3.3.6, < 4.0)
-    xcpretty (0.4.0)
+    xcpretty (0.4.1)
       rouge (~> 3.28.0)
     xcpretty-travis-formatter (1.0.1)
       xcpretty (~> 0.2, >= 0.0.7)
@@ -236,4 +238,4 @@ RUBY VERSION
    ruby 3.3.1p55
 
 BUNDLED WITH
-   2.5.9
+   2.6.6

README.md

@@ -58,6 +58,11 @@
 
 The following is a list of all third-party dependencies included as part of the application beyond the standard Android SDK.
 
+- **AndroidX Activity**
+    - https://developer.android.com/jetpack/androidx/releases/activity
+    - Purpose: Allows access composable APIs built on top of Activity.
+    - License: Apache 2.0
+
 - **AndroidX Appcompat**
     - https://developer.android.com/jetpack/androidx/releases/appcompat
     - Purpose: Allows access to new APIs on older API versions.
@@ -78,7 +83,7 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: Displays webpages with the user's default browser.
     - License: Apache 2.0
 
-- **AndroidX CameraX Camera2**
+- **AndroidX Camera**
     - https://developer.android.com/jetpack/androidx/releases/camera
     - Purpose: Display and capture images for barcode scanning.
     - License: Apache 2.0
@@ -88,9 +93,9 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: A Kotlin-based declarative UI framework.
     - License: Apache 2.0
 
-- **AndroidX Core SplashScreen**
+- **AndroidX Core**
     - https://developer.android.com/jetpack/androidx/releases/core
-    - Purpose: Backwards compatible SplashScreen API implementation.
+    - Purpose: Backwards compatible platform features and APIs.
     - License: Apache 2.0
 
 - **AndroidX Credentials**
@@ -103,6 +108,11 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: Lifecycle aware components and tooling.
     - License: Apache 2.0
 
+- **AndroidX Navigation**
+    - https://developer.android.com/jetpack/androidx/releases/navigation
+    - Purpose: Provides a consistent API for navigating between Android components.
+    - License: Apache 2.0
+
 - **AndroidX Room**
     - https://developer.android.com/jetpack/androidx/releases/room
     - Purpose: A convenient SQLite-based persistence layer for Android.
@@ -123,21 +133,6 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: Dependency injection framework.
     - License: Apache 2.0
 
-- **Firebase Cloud Messaging**
-    - https://github.com/firebase/firebase-android-sdk
-    - Purpose: Allows for push notification support. (**NOTE:** This dependency is not included in builds distributed via F-Droid.)
-    - License: Apache 2.0
-
-- **Firebase Crashlytics**
-    - https://github.com/firebase/firebase-android-sdk
-    - Purpose: SDK for crash and non-fatal error reporting. (**NOTE:** This dependency is not included in builds distributed via F-Droid.)
-    - License: Apache 2.0
-  
-- **Google Play Reviews**
-  - https://developer.android.com/reference/com/google/android/play/core/release-notes
-  - Purpose: On standard builds provide an interface to add a review for the password manager application in Google Play.
-  - License: Apache 2.0
-
 - **Glide**
     - https://github.com/bumptech/glide
     - Purpose: Image loading and caching.
@@ -158,11 +153,6 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: JSON serialization library for Kotlin.
     - License: Apache 2.0
 
-- **kotlinx.serialization converter**
-    - https://github.com/square/retrofit/tree/trunk/retrofit-converters/kotlinx-serialization
-    - Purpose: Converter for Retrofit 2 and kotlinx.serialization.
-    - License: Apache 2.0
-
 - **OkHttp 3**
     - https://github.com/square/okhttp
     - Purpose: An HTTP client used by the library to intercept and log traffic.
@@ -178,16 +168,28 @@ The following is a list of all third-party dependencies included as part of the
     - Purpose: Extensible logging library for Android.
     - License: Apache 2.0
 
-- **zxcvbn4j**
-    - https://github.com/nulab/zxcvbn4j
-    - Purpose: Password strength estimation.
-    - License: MIT
-
 - **ZXing**
     - https://github.com/zxing/zxing
     - Purpose: Barcode scanning and generation.
     - License: Apache 2.0
 
+The following is an additional list of third-party dependencies that are only included in the non-F-Droid build variants of the application.
+
+- **Firebase Cloud Messaging**
+    - https://github.com/firebase/firebase-android-sdk
+    - Purpose: Allows for push notification support.
+    - License: Apache 2.0
+
+- **Firebase Crashlytics**
+    - https://github.com/firebase/firebase-android-sdk
+    - Purpose: SDK for crash and non-fatal error reporting.
+    - License: Apache 2.0
+
+- **Google Play Reviews**
+    - https://developer.android.com/reference/com/google/android/play/core/release-notes
+    - Purpose: On standard builds provide an interface to add a review for the password manager application in Google Play.
+    - License: Apache 2.0
+
 ### Development Environment Dependencies
 
 The following is a list of additional third-party dependencies used as part of the local development environment. This includes test-related artifacts as well as tools related to code quality and linting. These are not present in the final packaged application.

app/build.gradle.kts

@@ -13,16 +13,13 @@ plugins {
     // Crashlytics is enabled for all builds initially but removed for FDroid builds in gradle and
     // standardDebug builds in the merged manifest.
     alias(libs.plugins.crashlytics)
-    alias(libs.plugins.detekt)
     alias(libs.plugins.hilt)
     alias(libs.plugins.kotlin.android)
     alias(libs.plugins.kotlin.compose.compiler)
     alias(libs.plugins.kotlin.parcelize)
     alias(libs.plugins.kotlin.serialization)
-    alias(libs.plugins.kotlinx.kover)
     alias(libs.plugins.ksp)
     alias(libs.plugins.google.services)
-    alias(libs.plugins.sonarqube)
 }
 
 /**
@@ -54,7 +51,7 @@ android {
         minSdk = libs.versions.minSdk.get().toInt()
         targetSdk = libs.versions.targetSdk.get().toInt()
         versionCode = 1
-        versionName = "2024.9.0"
+        versionName = "2025.4.0"
 
         setProperty("archivesBaseName", "com.x8bit.bitwarden")
 
@@ -102,6 +99,7 @@ android {
             applicationIdSuffix = ".beta"
             isDebuggable = false
             isMinifyEnabled = true
+            matchingFallbacks += listOf("release")
             proguardFiles(
                 getDefaultProguardFile("proguard-android-optimize.txt"),
                 "proguard-rules.pro",
@@ -215,6 +213,11 @@ dependencies {
 
     implementation(files("libs/authenticatorbridge-1.0.0-release.aar"))
 
+    implementation(project(":core"))
+    implementation(project(":data"))
+    implementation(project(":network"))
+    implementation(project(":ui"))
+
     implementation(libs.androidx.activity.compose)
     implementation(libs.androidx.appcompat)
     implementation(libs.androidx.autofill)
@@ -226,6 +229,7 @@ dependencies {
     implementation(platform(libs.androidx.compose.bom))
     implementation(libs.androidx.compose.animation)
     implementation(libs.androidx.compose.material3)
+    implementation(libs.androidx.compose.material3.adaptive)
     implementation(libs.androidx.compose.runtime)
     implementation(libs.androidx.compose.ui)
     implementation(libs.androidx.compose.ui.graphics)
@@ -250,7 +254,6 @@ dependencies {
     implementation(libs.kotlinx.collections.immutable)
     implementation(libs.kotlinx.coroutines.android)
     implementation(libs.kotlinx.serialization)
-    implementation(libs.nulab.zxcvbn4j)
     implementation(libs.square.okhttp)
     implementation(libs.square.okhttp.logging)
     implementation(platform(libs.square.retrofit.bom))
@@ -269,8 +272,14 @@ dependencies {
     standardImplementation(libs.google.firebase.crashlytics)
     standardImplementation(libs.google.play.review)
 
+    // Pull in test fixtures from other modules
+    testImplementation(testFixtures(project(":data")))
+    testImplementation(testFixtures(project(":network")))
+
     testImplementation(libs.androidx.compose.ui.test)
     testImplementation(libs.google.hilt.android.testing)
+    testImplementation(platform(libs.junit.bom))
+    testRuntimeOnly(libs.junit.platform.launcher)
     testImplementation(libs.junit.junit5)
     testImplementation(libs.junit.vintage)
     testImplementation(libs.kotlinx.coroutines.test)
@@ -278,90 +287,9 @@ dependencies {
     testImplementation(libs.robolectric.robolectric)
     testImplementation(libs.square.okhttp.mockwebserver)
     testImplementation(libs.square.turbine)
-
-    detektPlugins(libs.detekt.detekt.formatting)
-    detektPlugins(libs.detekt.detekt.rules)
-}
-
-detekt {
-    autoCorrect = true
-    config.from(files("$rootDir/detekt-config.yml"))
-}
-
-kover {
-    currentProject {
-        sources {
-            excludeJava = true
-        }
-    }
-    reports {
-        filters {
-            excludes {
-                androidGeneratedClasses()
-                annotatedBy(
-                    // Compose previews
-                    "androidx.compose.ui.tooling.preview.Preview",
-                    "androidx.compose.ui.tooling.preview.PreviewScreenSizes",
-                    // Manually excluded classes/files/etc.
-                    "com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage",
-                )
-                classes(
-                    // Navigation helpers
-                    "*.*NavigationKt*",
-                    // Composable singletons
-                    "*.*ComposableSingletons*",
-                    // Generated classes related to interfaces with default values
-                    "*.*DefaultImpls*",
-                    // Databases
-                    "*.database.*Database*",
-                    "*.dao.*Dao*",
-                    // Dagger Hilt
-                    "dagger.hilt.*",
-                    "hilt_aggregated_deps.*",
-                    "*_Factory",
-                    "*_Factory\$*",
-                    "*_*Factory",
-                    "*_*Factory\$*",
-                    "*.Hilt_*",
-                    "*_HiltModules",
-                    "*_HiltModules*",
-                    "*_HiltModules\$*",
-                    "*_Impl",
-                    "*_Impl\$*",
-                    "*_MembersInjector",
-                )
-                packages(
-                    // Dependency injection
-                    "*.di",
-                    // Models
-                    "*.model",
-                    // Custom UI components
-                    "com.x8bit.bitwarden.ui.platform.components",
-                    // Theme-related code
-                    "com.x8bit.bitwarden.ui.platform.theme",
-                )
-            }
-        }
-    }
 }
 
 tasks {
-    getByName("check") {
-        // Add detekt with type resolution to check
-        dependsOn("detekt")
-    }
-
-    getByName("sonar") {
-        dependsOn("check")
-    }
-
-    withType<io.gitlab.arturbosch.detekt.Detekt>().configureEach {
-        jvmTarget = libs.versions.jvmTarget.get()
-    }
-    withType<io.gitlab.arturbosch.detekt.DetektCreateBaselineTask>().configureEach {
-        jvmTarget = libs.versions.jvmTarget.get()
-    }
-
     withType<Test> {
         useJUnitPlatform()
         maxHeapSize = "2g"
@@ -381,18 +309,6 @@ afterEvaluate {
         .forEach { it.enabled = false }
 }
 
-sonar {
-    properties {
-        property("sonar.projectKey", "bitwarden_android")
-        property("sonar.organization", "bitwarden")
-        property("sonar.host.url", "https://sonarcloud.io")
-        property("sonar.sources", "app/src/")
-        property("sonar.tests", "app/src/")
-        property("sonar.test.inclusions", "app/src/test/")
-        property("sonar.exclusions", "app/src/test/")
-    }
-}
-
 private fun renameFile(path: String, newName: String) {
     val originalFile = File(path)
     if (!originalFile.exists()) {

app/src/fdroid/java/com/x8bit/bitwarden/data/platform/manager/LogsManagerImpl.kt

@@ -1,9 +1,9 @@
 package com.x8bit.bitwarden.data.platform.manager
 
+import com.bitwarden.data.repository.model.Environment
 import com.x8bit.bitwarden.BuildConfig
 import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacyAppCenterMigrator
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
-import com.x8bit.bitwarden.data.platform.repository.model.Environment
 import timber.log.Timber
 
 /**

app/src/main/assets/fido2_privileged_community.json

@@ -12,20 +12,6 @@
         ]
       }
     },
-
-    {
-      "type": "android",
-      "info": {
-        "package_name": "net.quetta.browser",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "BE:FE:E7:31:12:6A:A5:6E:7E:FD:AE:AF:5E:F3:FA:EA:44:1C:19:CC:E0:CA:EC:42:6B:65:BB:F8:2C:59:46:80"
-          }
-        ]
-      }
-    },
-
     {
       "type": "android",
       "info": {
@@ -62,18 +48,6 @@
         ]
       }
     },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.mozilla.fenix",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "50:04:77:90:88:E7:F9:88:D5:BC:5C:C5:F8:79:8F:EB:F4:F8:CD:08:4A:1B:2A:46:EF:D4:C8:EE:4A:EA:F2:11"
-          }
-        ]
-      }
-    },
     {
       "type": "android",
       "info": {

app/src/main/assets/fido2_privileged_google.json

@@ -160,6 +160,78 @@
         ]
       }
     },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.fenix",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "50:04:77:90:88:E7:F9:88:D5:BC:5C:C5:F8:79:8F:EB:F4:F8:CD:08:4A:1B:2A:46:EF:D4:C8:EE:4A:EA:F2:11"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.fenix.debug",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "BD:AE:82:02:80:D2:AF:B7:74:94:EF:22:58:AA:78:A9:AE:A1:36:41:7E:8B:C2:3D:C9:87:75:2E:6F:48:E8:48"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.focus.beta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.focus.nightly",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.klar",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "62:03:A4:73:BE:36:D6:4E:E3:7F:87:FA:50:0E:DB:C7:9E:AB:93:06:10:AB:9B:9F:A4:CA:7D:5C:1F:1B:4F:FC"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.reference.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "B0:09:90:E3:0F:9D:81:5D:2E:BC:7B:9B:B2:21:CE:47:E5:C9:D5:17:AA:C7:0E:7F:D5:95:B1:E5:3E:9A:4B:14"
+          }
+        ]
+      }
+    },
     {
       "type": "android",
       "info": {
@@ -571,6 +643,142 @@
           }
         ]
       }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.Island",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "D9:C3:39:AC:9C:3A:EE:E1:75:1D:85:8C:35:D9:BA:C5:CC:87:B3:CE:76:30:93:F0:F5:10:64:F5:A2:F6:9B:04"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.IslandCanary",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "90:17:13:23:45:6E:6F:39:CB:FD:CF:B2:56:BE:1D:CF:F3:BC:1C:59:8A:15:93:30:E4:97:73:D0:4C:B9:C9:05"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.IslandBeta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "35:31:83:1A:9E:2B:21:1D:E6:AA:C3:69:4B:45:83:6E:56:09:B9:D7:D0:04:C3:1B:21:87:40:FB:77:17:38:D1"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.IslandDev",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.intune",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C2:38:24:15:41:20:A0:8F:C3:95:42:AC:D8:2A:E9:24:94:78:80:1E:47:FD:6C:66:2B:18:1C:28:CA:7E:59:4E"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.canary.intune",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "1E:16:74:BB:79:EA:09:FB:37:CF:9F:1B:07:1B:1D:51:8D:46:03:0E:D3:EE:F2:C1:4E:AD:93:9E:C6:EE:3A:4C"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.beta.intune",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "D2:5E:AD:F6:1C:E6:36:6C:A4:23:A4:7F:C4:DB:9B:8C:9C:8A:35:B4:B0:19:E8:D9:82:FB:D0:8A:D9:DB:49:5A"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.island.island.dev.intune",
+        "signatures": [
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "6C:65:BD:B0:33:F5:CE:B1:74:09:EF:F9:99:48:D5:58:9F:55:63:9A:63:78:D5:A5:00:EB:95:FC:01:BC:6D:44"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "net.quetta.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "BE:FE:E7:31:12:6A:A5:6E:7E:FD:AE:AF:5E:F3:FA:EA:44:1C:19:CC:E0:CA:EC:42:6B:65:BB:F8:2C:59:46:80"
+          },
+          {
+            "build": "userdebug",
+            "cert_fingerprint_sha256": "F1:38:00:4F:38:04:51:D4:8A:05:2B:B3:A3:EF:17:24:23:D4:B0:D0:C8:A3:AA:DD:FB:DB:66:30:31:48:EC:A4"
+          }
+        ]
+      }
     }
   ]
-}
+}

app/src/main/java/com/x8bit/bitwarden/AccessibilityActivity.kt

@@ -2,7 +2,7 @@ package com.x8bit.bitwarden
 
 import android.os.Bundle
 import androidx.appcompat.app.AppCompatActivity
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
+import com.bitwarden.core.annotation.OmitFromCoverage
 
 /**
  * An activity to be launched and then immediately closed so that the OS Shade can be collapsed

app/src/main/java/com/x8bit/bitwarden/AuthCallbackActivity.kt

@@ -4,7 +4,7 @@ import android.content.Intent
 import android.os.Bundle
 import androidx.activity.viewModels
 import androidx.appcompat.app.AppCompatActivity
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
+import com.bitwarden.core.annotation.OmitFromCoverage
 import dagger.hilt.android.AndroidEntryPoint
 
 /**

app/src/main/java/com/x8bit/bitwarden/AutofillTotpCopyActivity.kt

@@ -4,8 +4,8 @@ import android.os.Bundle
 import androidx.activity.viewModels
 import androidx.appcompat.app.AppCompatActivity
 import androidx.lifecycle.lifecycleScope
+import com.bitwarden.core.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.autofill.manager.AutofillCompletionManager
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import dagger.hilt.android.AndroidEntryPoint
 import kotlinx.coroutines.flow.launchIn
 import kotlinx.coroutines.flow.onEach

app/src/main/java/com/x8bit/bitwarden/BitwardenAppComponentFactory.kt

@@ -5,10 +5,10 @@ import android.content.Intent
 import android.os.Build
 import androidx.annotation.Keep
 import androidx.core.app.AppComponentFactory
+import com.bitwarden.core.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.autofill.BitwardenAutofillService
 import com.x8bit.bitwarden.data.autofill.accessibility.BitwardenAccessibilityService
 import com.x8bit.bitwarden.data.autofill.fido2.BitwardenFido2ProviderService
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.tiles.BitwardenAutofillTileService
 import com.x8bit.bitwarden.data.tiles.BitwardenGeneratorTileService
 import com.x8bit.bitwarden.data.tiles.BitwardenVaultTileService

app/src/main/java/com/x8bit/bitwarden/BitwardenApplication.kt

@@ -1,8 +1,8 @@
 package com.x8bit.bitwarden
 
 import android.app.Application
+import com.bitwarden.core.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestNotificationManager
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.platform.manager.LogsManager
 import com.x8bit.bitwarden.data.platform.manager.event.OrganizationEventManager
 import com.x8bit.bitwarden.data.platform.manager.network.NetworkConfigManager

app/src/main/java/com/x8bit/bitwarden/MainActivity.kt

@@ -18,10 +18,10 @@ import androidx.core.splashscreen.SplashScreen.Companion.installSplashScreen
 import androidx.lifecycle.compose.collectAsStateWithLifecycle
 import androidx.navigation.compose.NavHost
 import androidx.navigation.compose.rememberNavController
+import com.bitwarden.core.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityCompletionManager
 import com.x8bit.bitwarden.data.autofill.manager.AutofillActivityManager
 import com.x8bit.bitwarden.data.autofill.manager.AutofillCompletionManager
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.platform.manager.util.ObserveScreenDataEffect
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
 import com.x8bit.bitwarden.ui.platform.base.util.EventsEffect
@@ -31,6 +31,7 @@ import com.x8bit.bitwarden.ui.platform.feature.debugmenu.manager.DebugMenuLaunch
 import com.x8bit.bitwarden.ui.platform.feature.debugmenu.navigateToDebugMenuScreen
 import com.x8bit.bitwarden.ui.platform.feature.rootnav.ROOT_ROUTE
 import com.x8bit.bitwarden.ui.platform.feature.rootnav.rootNavDestination
+import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.model.AppLanguage
 import com.x8bit.bitwarden.ui.platform.theme.BitwardenTheme
 import com.x8bit.bitwarden.ui.platform.util.appLanguage
 import dagger.hilt.android.AndroidEntryPoint
@@ -171,9 +172,11 @@ class MainActivity : AppCompatActivity() {
             settingsRepository.appLanguage
         }
 
-        appSpecificLanguage?.let {
-            mainViewModel.trySendAction(MainAction.AppSpecificLanguageUpdate(it))
-        }
+        mainViewModel.trySendAction(
+            action = MainAction.AppSpecificLanguageUpdate(
+                appLanguage = appSpecificLanguage ?: AppLanguage.DEFAULT,
+            ),
+        )
     }
 
     override fun onStop() {

app/src/main/java/com/x8bit/bitwarden/MainViewModel.kt

@@ -4,6 +4,8 @@ import android.content.Intent
 import android.os.Parcelable
 import androidx.lifecycle.SavedStateHandle
 import androidx.lifecycle.viewModelScope
+import com.bitwarden.ui.util.Text
+import com.bitwarden.ui.util.asText
 import com.bitwarden.vault.CipherView
 import com.x8bit.bitwarden.data.auth.manager.AddTotpItemFromAuthenticatorManager
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
@@ -32,8 +34,6 @@ import com.x8bit.bitwarden.data.platform.util.isAddTotpLoginItemFromAuthenticato
 import com.x8bit.bitwarden.data.vault.manager.model.VaultStateEvent
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository
 import com.x8bit.bitwarden.ui.platform.base.BaseViewModel
-import com.x8bit.bitwarden.ui.platform.base.util.Text
-import com.x8bit.bitwarden.ui.platform.base.util.asText
 import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.model.AppLanguage
 import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.model.AppTheme
 import com.x8bit.bitwarden.ui.platform.manager.intent.IntentManager
@@ -309,10 +309,10 @@ class MainViewModel @Inject constructor(
         val hasGeneratorShortcut = intent.isPasswordGeneratorShortcut
         val hasVaultShortcut = intent.isMyVaultShortcut
         val hasAccountSecurityShortcut = intent.isAccountSecurityShortcut
-        val fido2CreateCredentialRequestData = intent.getFido2CreateCredentialRequestOrNull()
         val completeRegistrationData = intent.getCompleteRegistrationDataIntentOrNull()
-        val fido2CredentialAssertionRequest = intent.getFido2AssertionRequestOrNull()
+        val fido2CreateCredentialRequest = intent.getFido2CreateCredentialRequestOrNull()
         val fido2GetCredentialsRequest = intent.getFido2GetCredentialsRequestOrNull()
+        val fido2AssertCredentialRequest = intent.getFido2AssertionRequestOrNull()
         when {
             passwordlessRequestData != null -> {
                 authRepository.activeUserId?.let {
@@ -370,34 +370,36 @@ class MainViewModel @Inject constructor(
                     )
             }
 
-            fido2CreateCredentialRequestData != null -> {
+            fido2CreateCredentialRequest != null -> {
                 // Set the user's verification status when a new FIDO 2 request is received to force
                 // explicit verification if the user's vault is unlocked when the request is
                 // received.
-                fido2CreateCredentialRequestData.isUserVerified
-                    ?.let { isVerified -> fido2CredentialManager.isUserVerified = isVerified }
+                fido2CredentialManager.isUserVerified =
+                    fido2CreateCredentialRequest.isUserPreVerified
+
                 specialCircumstanceManager.specialCircumstance =
                     SpecialCircumstance.Fido2Save(
-                        fido2CreateCredentialRequest = fido2CreateCredentialRequestData,
+                        fido2CreateCredentialRequest = fido2CreateCredentialRequest,
                     )
 
                 // Switch accounts if the selected user is not the active user.
                 if (authRepository.activeUserId != null &&
-                    authRepository.activeUserId != fido2CreateCredentialRequestData.userId
+                    authRepository.activeUserId != fido2CreateCredentialRequest.userId
                 ) {
-                    authRepository.switchAccount(fido2CreateCredentialRequestData.userId)
+                    authRepository.switchAccount(fido2CreateCredentialRequest.userId)
                 }
             }
 
-            fido2CredentialAssertionRequest != null -> {
-                // If device biometric verification was performed as part of single-tap
-                // authentication, set the user's verification state to the device result.
-                // Otherwise, retain the verification state as-is.
-                fido2CredentialAssertionRequest.isUserVerified
-                    ?.let { isVerified -> fido2CredentialManager.isUserVerified = isVerified }
+            fido2AssertCredentialRequest != null -> {
+                // Set the user's verification status when a new FIDO 2 request is received to force
+                // explicit verification if the user's vault is unlocked when the request is
+                // received.
+                fido2CredentialManager.isUserVerified =
+                    fido2AssertCredentialRequest.isUserPreVerified
+
                 specialCircumstanceManager.specialCircumstance =
                     SpecialCircumstance.Fido2Assertion(
-                        fido2AssertionRequest = fido2CredentialAssertionRequest,
+                        fido2AssertionRequest = fido2AssertCredentialRequest,
                     )
             }
 

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSource.kt

@@ -1,11 +1,10 @@
 package com.x8bit.bitwarden.data.auth.datasource.disk
 
+import com.bitwarden.network.model.SyncResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountTokensJson
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.NewDeviceNoticeState
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.PendingAuthRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
-import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
 import kotlinx.coroutines.flow.Flow
 import java.time.Instant
 
@@ -344,16 +343,6 @@ interface AuthDiskSource {
      */
     fun getShowImportLoginsFlow(userId: String): Flow<Boolean?>
 
-    /**
-     * Gets the new device notice state for the given [userId].
-     */
-    fun getNewDeviceNoticeState(userId: String): NewDeviceNoticeState
-
-    /**
-     * Stores the new device notice state for the given [userId].
-     */
-    fun storeNewDeviceNoticeState(userId: String, newState: NewDeviceNoticeState?)
-
     /**
      * Gets the last lock timestamp for the given [userId].
      */

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSourceImpl.kt

@@ -1,17 +1,15 @@
 package com.x8bit.bitwarden.data.auth.datasource.disk
 
 import android.content.SharedPreferences
+import com.bitwarden.core.data.repository.util.bufferedMutableSharedFlow
+import com.bitwarden.core.data.util.decodeFromStringOrNull
+import com.bitwarden.data.datasource.disk.BaseEncryptedDiskSource
+import com.bitwarden.network.model.SyncResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountTokensJson
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.NewDeviceNoticeDisplayStatus
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.NewDeviceNoticeState
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.PendingAuthRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
-import com.x8bit.bitwarden.data.platform.datasource.disk.BaseEncryptedDiskSource
 import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacySecureStorageMigrator
-import com.x8bit.bitwarden.data.platform.repository.util.bufferedMutableSharedFlow
-import com.x8bit.bitwarden.data.platform.util.decodeFromStringOrNull
-import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.flow.MutableSharedFlow
 import kotlinx.coroutines.flow.onSubscription
@@ -49,7 +47,6 @@ private const val TDE_LOGIN_COMPLETE = "tdeLoginComplete"
 private const val USES_KEY_CONNECTOR = "usesKeyConnector"
 private const val ONBOARDING_STATUS_KEY = "onboardingStatus"
 private const val SHOW_IMPORT_LOGINS_KEY = "showImportLogins"
-private const val NEW_DEVICE_NOTICE_STATE = "newDeviceNoticeState"
 private const val LAST_LOCK_TIMESTAMP = "lastLockTimestamp"
 
 /**
@@ -489,22 +486,6 @@ class AuthDiskSourceImpl(
         getMutableShowImportLoginsFlow(userId)
             .onSubscription { emit(getShowImportLogins(userId)) }
 
-    override fun getNewDeviceNoticeState(userId: String): NewDeviceNoticeState {
-        return getString(key = NEW_DEVICE_NOTICE_STATE.appendIdentifier(userId))?.let {
-            json.decodeFromStringOrNull(it)
-        } ?: NewDeviceNoticeState(
-            displayStatus = NewDeviceNoticeDisplayStatus.HAS_NOT_SEEN,
-            lastSeenDate = null,
-        )
-    }
-
-    override fun storeNewDeviceNoticeState(userId: String, newState: NewDeviceNoticeState?) {
-        putString(
-            key = NEW_DEVICE_NOTICE_STATE.appendIdentifier(userId),
-            value = newState?.let { json.encodeToString(it) },
-        )
-    }
-
     override fun getLastLockTimestamp(userId: String): Instant? {
         return getLong(key = LAST_LOCK_TIMESTAMP.appendIdentifier(userId))?.let {
             Instant.ofEpochMilli(it)

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/di/AuthDiskModule.kt

@@ -1,10 +1,10 @@
 package com.x8bit.bitwarden.data.auth.datasource.disk.di
 
 import android.content.SharedPreferences
+import com.bitwarden.data.datasource.disk.di.EncryptedPreferences
+import com.bitwarden.data.datasource.disk.di.UnencryptedPreferences
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSourceImpl
-import com.x8bit.bitwarden.data.platform.datasource.di.EncryptedPreferences
-import com.x8bit.bitwarden.data.platform.datasource.di.UnencryptedPreferences
 import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacySecureStorageMigrator
 import dagger.Module
 import dagger.Provides

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/AccountJson.kt

@@ -1,7 +1,8 @@
 package com.x8bit.bitwarden.data.auth.datasource.disk.model
 
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.UserDecryptionOptionsJson
+import com.bitwarden.data.datasource.disk.model.EnvironmentUrlDataJson
+import com.bitwarden.network.model.KdfTypeJson
+import com.bitwarden.network.model.UserDecryptionOptionsJson
 import kotlinx.serialization.Contextual
 import kotlinx.serialization.ExperimentalSerializationApi
 import kotlinx.serialization.SerialName

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/NewDeviceNoticeDisplayStatus.kt

@@ -1,60 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.disk.model
-
-import kotlinx.serialization.Contextual
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-import java.time.ZonedDateTime
-
-/**
- * Describes the current display status of the new device notice screen.
- */
-@Serializable
-enum class NewDeviceNoticeDisplayStatus {
-    /**
-     * The user has seen the screen and indicated they can access their email.
-     */
-    @SerialName("canAccessEmail")
-    CAN_ACCESS_EMAIL,
-
-    /**
-     * The user has indicated they can access their email
-     * as specified by the Permanent mode of the notice.
-     */
-    @SerialName("canAccessEmailPermanent")
-    CAN_ACCESS_EMAIL_PERMANENT,
-
-    /**
-     * The user has not seen the screen.
-     */
-    @SerialName("hasNotSeen")
-    HAS_NOT_SEEN,
-
-    /**
-     * The user has seen the screen and selected "remind me later".
-     */
-    @SerialName("hasSeen")
-    HAS_SEEN,
-}
-
-/**
- * The state of the new device notice screen.
- */
-@Suppress("MagicNumber")
-@Serializable
-data class NewDeviceNoticeState(
-    @SerialName("displayStatus")
-    val displayStatus: NewDeviceNoticeDisplayStatus,
-
-    @SerialName("lastSeenDate")
-    @Contextual
-    val lastSeenDate: ZonedDateTime?,
-) {
-    /**
-     * Whether the [lastSeenDate] is at least 7 days old.
-     */
-    val shouldDisplayNoticeIfSeen = lastSeenDate
-        ?.isBefore(
-            ZonedDateTime.now().minusDays(7),
-        )
-        ?: false
-}

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/di/AuthNetworkModule.kt

@@ -1,19 +1,19 @@
 package com.x8bit.bitwarden.data.auth.datasource.network.di
 
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AuthRequestsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AuthRequestsServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.HaveIBeenPwnedService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.HaveIBeenPwnedServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.IdentityService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.IdentityServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.NewAuthRequestService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.NewAuthRequestServiceImpl
-import com.x8bit.bitwarden.data.auth.datasource.network.service.OrganizationService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.OrganizationServiceImpl
+import com.bitwarden.network.service.AccountsService
+import com.bitwarden.network.service.AccountsServiceImpl
+import com.bitwarden.network.service.AuthRequestsService
+import com.bitwarden.network.service.AuthRequestsServiceImpl
+import com.bitwarden.network.service.DevicesService
+import com.bitwarden.network.service.DevicesServiceImpl
+import com.bitwarden.network.service.HaveIBeenPwnedService
+import com.bitwarden.network.service.HaveIBeenPwnedServiceImpl
+import com.bitwarden.network.service.IdentityService
+import com.bitwarden.network.service.IdentityServiceImpl
+import com.bitwarden.network.service.NewAuthRequestService
+import com.bitwarden.network.service.NewAuthRequestServiceImpl
+import com.bitwarden.network.service.OrganizationService
+import com.bitwarden.network.service.OrganizationServiceImpl
 import com.x8bit.bitwarden.data.platform.datasource.network.retrofit.Retrofits
 import dagger.Module
 import dagger.Provides

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/sdk/util/KdfExtensions.kt

@@ -1,9 +1,9 @@
 package com.x8bit.bitwarden.data.auth.datasource.sdk.util
 
 import com.bitwarden.crypto.Kdf
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson.ARGON2_ID
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson.PBKDF2_SHA256
+import com.bitwarden.network.model.KdfTypeJson
+import com.bitwarden.network.model.KdfTypeJson.ARGON2_ID
+import com.bitwarden.network.model.KdfTypeJson.PBKDF2_SHA256
 
 /**
  * Convert a [Kdf] to a [KdfTypeJson].

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AuthRequestManagerImpl.kt

@@ -1,11 +1,14 @@
 package com.x8bit.bitwarden.data.auth.manager
 
 import com.bitwarden.core.AuthRequestResponse
+import com.bitwarden.core.data.util.asFailure
+import com.bitwarden.core.data.util.asSuccess
+import com.bitwarden.core.data.util.flatMap
+import com.bitwarden.network.model.AuthRequestTypeJson
+import com.bitwarden.network.service.AuthRequestsService
+import com.bitwarden.network.service.NewAuthRequestService
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.PendingAuthRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestTypeJson
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AuthRequestsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.NewAuthRequestService
 import com.x8bit.bitwarden.data.auth.datasource.sdk.AuthSdkSource
 import com.x8bit.bitwarden.data.auth.manager.model.AuthRequest
 import com.x8bit.bitwarden.data.auth.manager.model.AuthRequestResult
@@ -17,9 +20,6 @@ import com.x8bit.bitwarden.data.auth.manager.model.CreateAuthRequestResult
 import com.x8bit.bitwarden.data.auth.manager.util.isSso
 import com.x8bit.bitwarden.data.auth.manager.util.toAuthRequestTypeJson
 import com.x8bit.bitwarden.data.platform.error.NoActiveUserException
-import com.x8bit.bitwarden.data.platform.util.asFailure
-import com.x8bit.bitwarden.data.platform.util.asSuccess
-import com.x8bit.bitwarden.data.platform.util.flatMap
 import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
 import kotlinx.coroutines.currentCoroutineContext
 import kotlinx.coroutines.delay

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AuthRequestNotificationManagerImpl.kt

@@ -7,13 +7,13 @@ import androidx.compose.ui.graphics.Color
 import androidx.core.app.NotificationChannelCompat
 import androidx.core.app.NotificationCompat
 import androidx.core.app.NotificationManagerCompat
+import com.bitwarden.core.annotation.OmitFromCoverage
+import com.bitwarden.data.manager.DispatcherManager
 import com.x8bit.bitwarden.R
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.util.createPasswordlessRequestDataIntent
 import com.x8bit.bitwarden.data.autofill.util.toPendingIntentMutabilityFlag
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.platform.manager.PushManager
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.platform.manager.model.PasswordlessRequestData
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.flow.launchIn

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AuthTokenManager.kt

@@ -0,0 +1,8 @@
+package com.x8bit.bitwarden.data.auth.manager
+
+import com.bitwarden.network.interceptor.AuthTokenProvider
+
+/**
+ * A manager class for handling authentication tokens.
+ */
+interface AuthTokenManager : AuthTokenProvider

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AuthTokenManagerImpl.kt

@@ -0,0 +1,17 @@
+package com.x8bit.bitwarden.data.auth.manager
+
+import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
+
+/**
+ * Default implementation of [AuthTokenManager].
+ */
+class AuthTokenManagerImpl(
+    private val authDiskSource: AuthDiskSource,
+) : AuthTokenManager {
+
+    override fun getActiveAccessTokenOrNull(): String? = authDiskSource
+        .userState
+        ?.activeUserId
+        ?.let { authDiskSource.getAccountTokens(it) }
+        ?.accessToken
+}

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/KeyConnectorManager.kt

@@ -2,8 +2,8 @@ package com.x8bit.bitwarden.data.auth.manager
 
 import com.bitwarden.core.KeyConnectorResponse
 import com.bitwarden.crypto.Kdf
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyResponseJson
+import com.bitwarden.network.model.KdfTypeJson
+import com.bitwarden.network.model.KeyConnectorMasterKeyResponseJson
 
 /**
  * Manager used to interface with a key connector.

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/KeyConnectorManagerImpl.kt

@@ -1,13 +1,13 @@
 package com.x8bit.bitwarden.data.auth.manager
 
 import com.bitwarden.core.KeyConnectorResponse
+import com.bitwarden.core.data.util.flatMap
 import com.bitwarden.crypto.Kdf
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorKeyRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsService
+import com.bitwarden.network.model.KdfTypeJson
+import com.bitwarden.network.model.KeyConnectorKeyRequestJson
+import com.bitwarden.network.model.KeyConnectorMasterKeyResponseJson
+import com.bitwarden.network.service.AccountsService
 import com.x8bit.bitwarden.data.auth.datasource.sdk.AuthSdkSource
-import com.x8bit.bitwarden.data.platform.util.flatMap
 import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
 
 /**

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/TrustedDeviceManagerImpl.kt

@@ -1,11 +1,11 @@
 package com.x8bit.bitwarden.data.auth.manager
 
+import com.bitwarden.core.data.util.asSuccess
+import com.bitwarden.core.data.util.flatMap
 import com.bitwarden.crypto.TrustDeviceResponse
+import com.bitwarden.network.service.DevicesService
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
-import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesService
 import com.x8bit.bitwarden.data.auth.manager.util.toUserStateJson
-import com.x8bit.bitwarden.data.platform.util.asSuccess
-import com.x8bit.bitwarden.data.platform.util.flatMap
 import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
 
 /**

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/UserLogoutManager.kt

@@ -1,6 +1,7 @@
 package com.x8bit.bitwarden.data.auth.manager
 
 import com.x8bit.bitwarden.data.auth.manager.model.LogoutEvent
+import com.x8bit.bitwarden.data.auth.repository.model.LogoutReason
 import kotlinx.coroutines.flow.SharedFlow
 
 /**
@@ -14,15 +15,14 @@ interface UserLogoutManager {
     val logoutEventFlow: SharedFlow<LogoutEvent>
 
     /**
-     * Completely logs out the given [userId], removing all data. If [isExpired] is true, a toast
-     * will be displayed letting the user know the session has expired.
+     * Completely logs out the given [userId], removing all data. The [reason] indicates why the
+     * user is being logged out.
      */
-    fun logout(userId: String, isExpired: Boolean = false)
+    fun logout(userId: String, reason: LogoutReason)
 
     /**
      * Partially logs out the given [userId]. All data for the given [userId] will be removed with
-     * the exception of basic account data. If [isExpired] is true, a toast will be displayed
-     * letting the user know the session has expired.
+     * the exception of basic account data. The [reason] indicates why the user is being logged out.
      */
-    fun softLogout(userId: String, isExpired: Boolean = false)
+    fun softLogout(userId: String, reason: LogoutReason)
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/UserLogoutManagerImpl.kt

@@ -3,13 +3,14 @@ package com.x8bit.bitwarden.data.auth.manager
 import android.content.Context
 import android.widget.Toast
 import androidx.annotation.StringRes
+import com.bitwarden.core.data.repository.util.bufferedMutableSharedFlow
+import com.bitwarden.data.manager.DispatcherManager
 import com.x8bit.bitwarden.R
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.manager.model.LogoutEvent
+import com.x8bit.bitwarden.data.auth.repository.model.LogoutReason
 import com.x8bit.bitwarden.data.platform.datasource.disk.PushDiskSource
 import com.x8bit.bitwarden.data.platform.datasource.disk.SettingsDiskSource
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
-import com.x8bit.bitwarden.data.platform.repository.util.bufferedMutableSharedFlow
 import com.x8bit.bitwarden.data.tools.generator.datasource.disk.GeneratorDiskSource
 import com.x8bit.bitwarden.data.tools.generator.datasource.disk.PasswordHistoryDiskSource
 import com.x8bit.bitwarden.data.vault.datasource.disk.VaultDiskSource
@@ -19,6 +20,7 @@ import kotlinx.coroutines.flow.MutableSharedFlow
 import kotlinx.coroutines.flow.SharedFlow
 import kotlinx.coroutines.flow.asSharedFlow
 import kotlinx.coroutines.launch
+import timber.log.Timber
 
 /**
  * Primary implementation of [UserLogoutManager].
@@ -42,9 +44,10 @@ class UserLogoutManagerImpl(
         bufferedMutableSharedFlow()
     override val logoutEventFlow: SharedFlow<LogoutEvent> = mutableLogoutEventFlow.asSharedFlow()
 
-    override fun logout(userId: String, isExpired: Boolean) {
+    override fun logout(userId: String, reason: LogoutReason) {
         authDiskSource.userState ?: return
-
+        Timber.i("logout reason=$reason")
+        val isExpired = reason == LogoutReason.SecurityStamp
         if (isExpired) {
             showToast(message = R.string.login_expired)
         }
@@ -64,7 +67,9 @@ class UserLogoutManagerImpl(
         mutableLogoutEventFlow.tryEmit(LogoutEvent(loggedOutUserId = userId))
     }
 
-    override fun softLogout(userId: String, isExpired: Boolean) {
+    override fun softLogout(userId: String, reason: LogoutReason) {
+        Timber.i("softLogout reason=$reason")
+        val isExpired = reason == LogoutReason.SecurityStamp
         if (isExpired) {
             showToast(message = R.string.login_expired)
         }

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/di/AuthManagerModule.kt

@@ -1,11 +1,12 @@
 package com.x8bit.bitwarden.data.auth.manager.di
 
 import android.content.Context
+import com.bitwarden.data.manager.DispatcherManager
+import com.bitwarden.network.service.AccountsService
+import com.bitwarden.network.service.AuthRequestsService
+import com.bitwarden.network.service.DevicesService
+import com.bitwarden.network.service.NewAuthRequestService
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AuthRequestsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.NewAuthRequestService
 import com.x8bit.bitwarden.data.auth.datasource.sdk.AuthSdkSource
 import com.x8bit.bitwarden.data.auth.manager.AddTotpItemFromAuthenticatorManager
 import com.x8bit.bitwarden.data.auth.manager.AddTotpItemFromAuthenticatorManagerImpl
@@ -13,6 +14,8 @@ import com.x8bit.bitwarden.data.auth.manager.AuthRequestManager
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestManagerImpl
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestNotificationManager
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestNotificationManagerImpl
+import com.x8bit.bitwarden.data.auth.manager.AuthTokenManager
+import com.x8bit.bitwarden.data.auth.manager.AuthTokenManagerImpl
 import com.x8bit.bitwarden.data.auth.manager.KeyConnectorManager
 import com.x8bit.bitwarden.data.auth.manager.KeyConnectorManagerImpl
 import com.x8bit.bitwarden.data.auth.manager.TrustedDeviceManager
@@ -22,7 +25,6 @@ import com.x8bit.bitwarden.data.auth.manager.UserLogoutManagerImpl
 import com.x8bit.bitwarden.data.platform.datasource.disk.PushDiskSource
 import com.x8bit.bitwarden.data.platform.datasource.disk.SettingsDiskSource
 import com.x8bit.bitwarden.data.platform.manager.PushManager
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.tools.generator.datasource.disk.GeneratorDiskSource
 import com.x8bit.bitwarden.data.tools.generator.datasource.disk.PasswordHistoryDiskSource
 import com.x8bit.bitwarden.data.vault.datasource.disk.VaultDiskSource
@@ -131,4 +133,10 @@ object AuthManagerModule {
     @Singleton
     fun providesAddTotpItemFromAuthenticatorManager(): AddTotpItemFromAuthenticatorManager =
         AddTotpItemFromAuthenticatorManagerImpl()
+
+    @Provides
+    @Singleton
+    fun providesAuthTokenManager(
+        authDiskSource: AuthDiskSource,
+    ): AuthTokenManager = AuthTokenManagerImpl(authDiskSource = authDiskSource)
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/util/AuthRequestTypeExtensions.kt

@@ -1,6 +1,6 @@
 package com.x8bit.bitwarden.data.auth.manager.util
 
-import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestTypeJson
+import com.bitwarden.network.model.AuthRequestTypeJson
 import com.x8bit.bitwarden.data.auth.manager.model.AuthRequestType
 
 /**

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/util/TrustDeviceResponseExtensions.kt

@@ -1,9 +1,9 @@
 package com.x8bit.bitwarden.data.auth.manager.util
 
 import com.bitwarden.crypto.TrustDeviceResponse
+import com.bitwarden.network.model.TrustedDeviceUserDecryptionOptionsJson
+import com.bitwarden.network.model.UserDecryptionOptionsJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceUserDecryptionOptionsJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.UserDecryptionOptionsJson
 
 /**
  * Converts the given [TrustDeviceResponse] to an updated [UserStateJson], given the following

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepository.kt

@@ -1,17 +1,19 @@
 package com.x8bit.bitwarden.data.auth.repository
 
+import com.bitwarden.network.model.GetTokenResponseJson
+import com.bitwarden.network.model.SyncResponseJson
+import com.bitwarden.network.model.TwoFactorDataModel
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.ForcePasswordResetReason
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.NewDeviceNoticeState
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
-import com.x8bit.bitwarden.data.auth.datasource.network.model.GetTokenResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TwoFactorDataModel
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestManager
 import com.x8bit.bitwarden.data.auth.repository.model.AuthState
 import com.x8bit.bitwarden.data.auth.repository.model.BreachCountResult
 import com.x8bit.bitwarden.data.auth.repository.model.DeleteAccountResult
 import com.x8bit.bitwarden.data.auth.repository.model.EmailTokenResult
 import com.x8bit.bitwarden.data.auth.repository.model.KnownDeviceResult
+import com.x8bit.bitwarden.data.auth.repository.model.LeaveOrganizationResult
 import com.x8bit.bitwarden.data.auth.repository.model.LoginResult
+import com.x8bit.bitwarden.data.auth.repository.model.LogoutReason
 import com.x8bit.bitwarden.data.auth.repository.model.NewSsoUserResult
 import com.x8bit.bitwarden.data.auth.repository.model.OrganizationDomainSsoDetailsResult
 import com.x8bit.bitwarden.data.auth.repository.model.PasswordHintResult
@@ -37,7 +39,6 @@ import com.x8bit.bitwarden.data.auth.repository.util.SsoCallbackResult
 import com.x8bit.bitwarden.data.auth.repository.util.WebAuthResult
 import com.x8bit.bitwarden.data.auth.util.YubiKeyResult
 import com.x8bit.bitwarden.data.platform.datasource.network.authenticator.AuthenticatorProvider
-import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.flow.StateFlow
 
@@ -243,10 +244,20 @@ interface AuthRepository : AuthenticatorProvider, AuthRequestManager {
         orgIdentifier: String?,
     ): LoginResult
 
+    /**
+     * Continue the previously halted login attempt.
+     */
+    suspend fun continueKeyConnectorLogin(): LoginResult
+
+    /**
+     * Cancel the previously halted login attempt.
+     */
+    fun cancelKeyConnectorLogin()
+
     /**
      * Log out the current user.
      */
-    fun logout()
+    fun logout(reason: LogoutReason)
 
     /**
      * Requests that a one-time passcode be sent to the user's email.
@@ -424,17 +435,9 @@ interface AuthRepository : AuthenticatorProvider, AuthRequestManager {
     fun setOnboardingStatus(status: OnboardingStatus)
 
     /**
-     * Checks if a new device notice should be displayed.
+     * Leaves the organization that matches the given [organizationId]
      */
-    fun checkUserNeedsNewDeviceTwoFactorNotice(): Boolean
-
-    /**
-     * Gets the new device notice state of active user.
-     */
-    fun getNewDeviceNoticeState(): NewDeviceNoticeState?
-
-    /**
-     * Stores the new device notice state for active user.
-     */
-    fun setNewDeviceNoticeState(newState: NewDeviceNoticeState?)
+    suspend fun leaveOrganization(
+        organizationId: String,
+    ): LeaveOrganizationResult
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt

@@ -2,42 +2,51 @@ package com.x8bit.bitwarden.data.auth.repository
 
 import com.bitwarden.core.AuthRequestMethod
 import com.bitwarden.core.InitUserCryptoMethod
+import com.bitwarden.core.data.repository.util.bufferedMutableSharedFlow
+import com.bitwarden.core.data.util.asFailure
+import com.bitwarden.core.data.util.asSuccess
+import com.bitwarden.core.data.util.flatMap
 import com.bitwarden.crypto.HashPurpose
 import com.bitwarden.crypto.Kdf
+import com.bitwarden.data.datasource.disk.ConfigDiskSource
+import com.bitwarden.data.manager.DispatcherManager
+import com.bitwarden.data.repository.util.toEnvironmentUrls
+import com.bitwarden.network.model.DeleteAccountResponseJson
+import com.bitwarden.network.model.GetTokenResponseJson
+import com.bitwarden.network.model.IdentityTokenAuthModel
+import com.bitwarden.network.model.OrganizationType
+import com.bitwarden.network.model.PasswordHintResponseJson
+import com.bitwarden.network.model.PolicyTypeJson
+import com.bitwarden.network.model.PrevalidateSsoResponseJson
+import com.bitwarden.network.model.RefreshTokenResponseJson
+import com.bitwarden.network.model.RegisterFinishRequestJson
+import com.bitwarden.network.model.RegisterRequestJson
+import com.bitwarden.network.model.RegisterResponseJson
+import com.bitwarden.network.model.ResendEmailRequestJson
+import com.bitwarden.network.model.ResendNewDeviceOtpRequestJson
+import com.bitwarden.network.model.ResetPasswordRequestJson
+import com.bitwarden.network.model.SendVerificationEmailRequestJson
+import com.bitwarden.network.model.SendVerificationEmailResponseJson
+import com.bitwarden.network.model.SetPasswordRequestJson
+import com.bitwarden.network.model.SyncResponseJson
+import com.bitwarden.network.model.TrustedDeviceUserDecryptionOptionsJson
+import com.bitwarden.network.model.TwoFactorAuthMethod
+import com.bitwarden.network.model.TwoFactorDataModel
+import com.bitwarden.network.model.VerifyEmailTokenRequestJson
+import com.bitwarden.network.model.VerifyEmailTokenResponseJson
+import com.bitwarden.network.service.AccountsService
+import com.bitwarden.network.service.DevicesService
+import com.bitwarden.network.service.HaveIBeenPwnedService
+import com.bitwarden.network.service.IdentityService
+import com.bitwarden.network.service.OrganizationService
+import com.bitwarden.network.util.isSslHandShakeError
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountTokensJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.ForcePasswordResetReason
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.NewDeviceNoticeDisplayStatus
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.NewDeviceNoticeState
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.DeleteAccountResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.DeviceDataModel
-import com.x8bit.bitwarden.data.auth.datasource.network.model.GetTokenResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.IdentityTokenAuthModel
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PasswordHintResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PrevalidateSsoResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RefreshTokenResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterFinishRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendEmailRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendNewDeviceOtpRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResetPasswordRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.SendVerificationEmailRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.SendVerificationEmailResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.SetPasswordRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceUserDecryptionOptionsJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TwoFactorAuthMethod
-import com.x8bit.bitwarden.data.auth.datasource.network.model.TwoFactorDataModel
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyEmailTokenRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyEmailTokenResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.HaveIBeenPwnedService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.IdentityService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.OrganizationService
 import com.x8bit.bitwarden.data.auth.datasource.sdk.AuthSdkSource
 import com.x8bit.bitwarden.data.auth.datasource.sdk.util.toInt
 import com.x8bit.bitwarden.data.auth.datasource.sdk.util.toKdfTypeJson
@@ -50,7 +59,9 @@ import com.x8bit.bitwarden.data.auth.repository.model.BreachCountResult
 import com.x8bit.bitwarden.data.auth.repository.model.DeleteAccountResult
 import com.x8bit.bitwarden.data.auth.repository.model.EmailTokenResult
 import com.x8bit.bitwarden.data.auth.repository.model.KnownDeviceResult
+import com.x8bit.bitwarden.data.auth.repository.model.LeaveOrganizationResult
 import com.x8bit.bitwarden.data.auth.repository.model.LoginResult
+import com.x8bit.bitwarden.data.auth.repository.model.LogoutReason
 import com.x8bit.bitwarden.data.auth.repository.model.NewSsoUserResult
 import com.x8bit.bitwarden.data.auth.repository.model.OrganizationDomainSsoDetailsResult
 import com.x8bit.bitwarden.data.auth.repository.model.PasswordHintResult
@@ -97,8 +108,6 @@ import com.x8bit.bitwarden.data.auth.repository.util.userSwitchingChangesFlow
 import com.x8bit.bitwarden.data.auth.util.KdfParamsConstants.DEFAULT_PBKDF2_ITERATIONS
 import com.x8bit.bitwarden.data.auth.util.YubiKeyResult
 import com.x8bit.bitwarden.data.auth.util.toSdkParams
-import com.x8bit.bitwarden.data.platform.datasource.disk.ConfigDiskSource
-import com.x8bit.bitwarden.data.platform.datasource.network.util.isSslHandShakeError
 import com.x8bit.bitwarden.data.platform.error.MissingPropertyException
 import com.x8bit.bitwarden.data.platform.error.NoActiveUserException
 import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
@@ -106,21 +115,11 @@ import com.x8bit.bitwarden.data.platform.manager.FirstTimeActionManager
 import com.x8bit.bitwarden.data.platform.manager.LogsManager
 import com.x8bit.bitwarden.data.platform.manager.PolicyManager
 import com.x8bit.bitwarden.data.platform.manager.PushManager
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.platform.manager.model.FirstTimeState
 import com.x8bit.bitwarden.data.platform.manager.model.FlagKey
 import com.x8bit.bitwarden.data.platform.manager.util.getActivePolicies
 import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepository
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
-import com.x8bit.bitwarden.data.platform.repository.model.Environment
-import com.x8bit.bitwarden.data.platform.repository.util.bufferedMutableSharedFlow
-import com.x8bit.bitwarden.data.platform.repository.util.toEnvironmentUrls
-import com.x8bit.bitwarden.data.platform.util.asFailure
-import com.x8bit.bitwarden.data.platform.util.asSuccess
-import com.x8bit.bitwarden.data.platform.util.flatMap
-import com.x8bit.bitwarden.data.vault.datasource.network.model.OrganizationType
-import com.x8bit.bitwarden.data.vault.datasource.network.model.PolicyTypeJson
-import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
 import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository
 import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockData
@@ -148,7 +147,6 @@ import kotlinx.coroutines.flow.onEach
 import kotlinx.coroutines.flow.receiveAsFlow
 import kotlinx.coroutines.flow.stateIn
 import kotlinx.coroutines.flow.update
-import java.time.ZonedDateTime
 import javax.inject.Singleton
 
 /**
@@ -241,6 +239,8 @@ class AuthRepositoryImpl(
      */
     private var passwordsToCheckMap = mutableMapOf<String, String>()
 
+    private var keyConnectorResponse: GetTokenResponseJson.Success? = null
+
     override var twoFactorResponse: GetTokenResponseJson.TwoFactorRequired? = null
 
     override val ssoOrganizationIdentifier: String? get() = organizationIdentifier
@@ -411,7 +411,7 @@ class AuthRepositoryImpl(
 
         pushManager
             .logoutFlow
-            .onEach { logout(userId = it.userId) }
+            .onEach { logout(userId = it.userId, reason = LogoutReason.Notification) }
             .launchIn(unconfinedScope)
 
         // When the policies for the user have been set, complete the login process.
@@ -513,7 +513,7 @@ class AuthRepositoryImpl(
                     }
 
                     DeleteAccountResponseJson.Success -> {
-                        logout()
+                        logout(reason = LogoutReason.AccountDelete)
                         DeleteAccountResult.Success
                     }
                 }
@@ -718,6 +718,25 @@ class AuthRepositoryImpl(
             error = MissingPropertyException("Identity Token Auth Model"),
         )
 
+    override suspend fun continueKeyConnectorLogin(): LoginResult {
+        val response = keyConnectorResponse ?: return LoginResult.Error(
+            errorMessage = null,
+            error = MissingPropertyException("Key Connector Response"),
+        )
+        return handleLoginCommonSuccess(
+            loginResponse = response,
+            email = rememberedEmailAddress.orEmpty(),
+            orgIdentifier = rememberedOrgIdentifier,
+            password = null,
+            deviceData = null,
+            userConfirmedKeyConnector = true,
+        )
+    }
+
+    override fun cancelKeyConnectorLogin() {
+        keyConnectorResponse = null
+    }
+
     override suspend fun login(
         email: String,
         ssoCode: String,
@@ -764,12 +783,12 @@ class AuthRepositoryImpl(
             }
     }
 
-    override fun logout() {
-        activeUserId?.let { userId -> logout(userId) }
+    override fun logout(reason: LogoutReason) {
+        activeUserId?.let { userId -> logout(userId = userId, reason = reason) }
     }
 
-    override fun logout(userId: String) {
-        userLogoutManager.logout(userId = userId)
+    override fun logout(userId: String, reason: LogoutReason) {
+        userLogoutManager.logout(userId = userId, reason = reason)
     }
 
     override suspend fun requestOneTimePasscode(): RequestOtpResult =
@@ -1212,18 +1231,19 @@ class AuthRepositoryImpl(
             organizationIdentifier = organizationIdentifier,
         )
         .fold(
-            onSuccess = {
-                when (it) {
+            onSuccess = { response ->
+                when (response) {
                     is PrevalidateSsoResponseJson.Error -> {
-                        PrevalidateSsoResult.Failure(message = it.message, error = null)
+                        PrevalidateSsoResult.Failure(message = response.message, error = null)
                     }
 
                     is PrevalidateSsoResponseJson.Success -> {
-                        if (it.token.isNullOrBlank()) {
-                            PrevalidateSsoResult.Failure(error = MissingPropertyException("Token"))
-                        } else {
-                            PrevalidateSsoResult.Success(token = it.token)
-                        }
+                        response.token
+                            ?.takeUnless { it.isBlank() }
+                            ?.let { PrevalidateSsoResult.Success(token = it) }
+                            ?: PrevalidateSsoResult.Failure(
+                                error = MissingPropertyException("Token"),
+                            )
                     }
                 }
             },
@@ -1407,91 +1427,11 @@ class AuthRepositoryImpl(
         }
     }
 
-    override fun getNewDeviceNoticeState(): NewDeviceNoticeState? {
-        return activeUserId?.let { userId ->
-            authDiskSource.getNewDeviceNoticeState(userId = userId)
-        }
-    }
-
-    override fun setNewDeviceNoticeState(newState: NewDeviceNoticeState?) {
-        activeUserId?.let { userId ->
-            authDiskSource.storeNewDeviceNoticeState(userId = userId, newState = newState)
-        }
-    }
-
-    override fun checkUserNeedsNewDeviceTwoFactorNotice(): Boolean {
-        return activeUserId?.let { userId ->
-            val temporaryFlag = featureFlagManager.getFeatureFlag(FlagKey.NewDeviceTemporaryDismiss)
-            val permanentFlag = featureFlagManager.getFeatureFlag(FlagKey.NewDevicePermanentDismiss)
-
-            // check if feature flags are disabled
-            if (!temporaryFlag && !permanentFlag) {
-                return false
-            }
-
-            if (!newDeviceNoticePreConditionsValid()) {
-                return false
-            }
-
-            val newDeviceNoticeState = authDiskSource.getNewDeviceNoticeState(userId = userId)
-            return when (newDeviceNoticeState.displayStatus) {
-                // if the user has already attested email access but permanent flag is enabled,
-                // the notice needs to appear again
-                NewDeviceNoticeDisplayStatus.CAN_ACCESS_EMAIL -> permanentFlag
-                // if the user has already seen but 7 days have already passed,
-                // the notice needs to appear again
-                NewDeviceNoticeDisplayStatus.HAS_SEEN ->
-                    newDeviceNoticeState.shouldDisplayNoticeIfSeen
-
-                NewDeviceNoticeDisplayStatus.HAS_NOT_SEEN -> true
-                // the user never needs to see the notice again
-                NewDeviceNoticeDisplayStatus.CAN_ACCESS_EMAIL_PERMANENT -> false
-            }
-        }
-            ?: false
-    }
-
-    /**
-     * Checks if the preconditions are met for a user to see a new device notice:
-     * - Must be a Bitwarden cloud user.
-     * - The account must be at least one week old.
-     * - Cannot have an active policy requiring SSO to be enabled.
-     * - Cannot have two-factor authentication enabled.
-     */
-    private fun newDeviceNoticePreConditionsValid(): Boolean {
-        val checkEnvironment = !featureFlagManager.getFeatureFlag(FlagKey.IgnoreEnvironmentCheck)
-        val isSelfHosted = environmentRepository.environment.type == Environment.Type.SELF_HOSTED
-        if (checkEnvironment && isSelfHosted) {
-            return false
-        }
-
-        val userProfile = authDiskSource.userState?.activeAccount?.profile
-        val isProfileAtLeastWeekOld = userProfile
-            ?.let {
-                it.creationDate
-                    ?.plusWeeks(1)
-                    ?.isBefore(
-                        ZonedDateTime.now(),
-                    )
-            }
-            ?: false
-        if (!isProfileAtLeastWeekOld) {
-            return false
-        }
-
-        val hasTwoFactorEnabled = userProfile
-            ?.isTwoFactorEnabled
-            ?: false
-        if (hasTwoFactorEnabled) {
-            return false
-        }
-
-        val hasSSOPolicy =
-            policyManager.getActivePolicies(type = PolicyTypeJson.REQUIRE_SSO)
-                .any { p -> p.isEnabled }
-
-        return !hasSSOPolicy
-    }
+    override suspend fun leaveOrganization(organizationId: String): LeaveOrganizationResult =
+        organizationService.leaveOrganization(organizationId).fold(
+            onSuccess = { LeaveOrganizationResult.Success },
+            onFailure = { LeaveOrganizationResult.Error(error = it) },
+        )
 
     @Suppress("CyclomaticComplexMethod")
     private suspend fun validatePasswordAgainstPolicy(
@@ -1640,6 +1580,7 @@ class AuthRepositoryImpl(
      * A helper function to extract the common logic of logging in through
      * any of the available methods.
      */
+    @Suppress("LongMethod")
     private suspend fun loginCommon(
         email: String,
         password: String? = null,
@@ -1691,6 +1632,7 @@ class AuthRepositoryImpl(
                         password = password,
                         deviceData = deviceData,
                         orgIdentifier = orgIdentifier,
+                        userConfirmedKeyConnector = false,
                     )
 
                     is GetTokenResponseJson.Invalid -> {
@@ -1724,6 +1666,7 @@ class AuthRepositoryImpl(
         password: String?,
         deviceData: DeviceDataModel?,
         orgIdentifier: String?,
+        userConfirmedKeyConnector: Boolean,
     ): LoginResult = userStateTransaction {
         val userStateJson = loginResponse.toUserState(
             previousUserState = authDiskSource.userState,
@@ -1753,6 +1696,21 @@ class AuthRepositoryImpl(
                     deviceData = deviceData,
                 )
             } else if (keyConnectorUrl != null && orgIdentifier != null) {
+                val isNewKeyConnectorUser =
+                    loginResponse.userDecryptionOptions?.hasMasterPassword == false &&
+                        loginResponse.key == null &&
+                        loginResponse.privateKey == null
+                val isNotConfirmed = !userConfirmedKeyConnector
+
+                // If a new KeyConnector user is logging in for the first time,
+                // we should ask him to confirm the domain
+                if (isNewKeyConnectorUser && isNotConfirmed) {
+                    keyConnectorResponse = loginResponse
+                    return LoginResult.ConfirmKeyConnectorDomain(
+                        domain = keyConnectorUrl,
+                    )
+                }
+
                 unlockVaultWithKeyConnectorOnLoginSuccess(
                     profile = profile,
                     keyConnectorUrl = keyConnectorUrl,
@@ -1826,6 +1784,7 @@ class AuthRepositoryImpl(
         resendEmailRequestJson = null
         twoFactorDeviceData = null
         resendNewDeviceOtpRequestJson = null
+        keyConnectorResponse = null
         settingsRepository.setDefaultsIfNecessary(userId = userId)
         settingsRepository.storeUserHasLoggedInValue(userId)
         vaultRepository.syncIfNecessary()
@@ -1879,17 +1838,20 @@ class AuthRepositoryImpl(
     /**
      * Attempt to unlock the current user's vault with key connector data.
      */
+    @Suppress("LongMethod")
     private suspend fun unlockVaultWithKeyConnectorOnLoginSuccess(
         profile: AccountJson.Profile,
         keyConnectorUrl: String,
         orgIdentifier: String,
         loginResponse: GetTokenResponseJson.Success,
-    ): VaultUnlockResult? =
-        if (loginResponse.userDecryptionOptions?.hasMasterPassword != false) {
+    ): VaultUnlockResult? {
+        val key = loginResponse.key
+        val privateKey = loginResponse.privateKey
+        return if (loginResponse.userDecryptionOptions?.hasMasterPassword != false) {
             // This user has a master password, so we skip the key-connector logic as it is not
             // setup yet. The user can still unlock the vault with their master password.
             null
-        } else if (loginResponse.key != null && loginResponse.privateKey != null) {
+        } else if (key != null && privateKey != null) {
             // This is a returning user who should already have the key connector setup
             keyConnectorManager
                 .getMasterKeyFromKeyConnector(
@@ -1899,10 +1861,10 @@ class AuthRepositoryImpl(
                 .map {
                     unlockVault(
                         accountProfile = profile,
-                        privateKey = loginResponse.privateKey,
+                        privateKey = privateKey,
                         initUserCryptoMethod = InitUserCryptoMethod.KeyConnector(
                             masterKey = it.masterKey,
-                            userKey = loginResponse.key,
+                            userKey = key,
                         ),
                     )
                 }
@@ -1952,6 +1914,7 @@ class AuthRepositoryImpl(
                     onSuccess = { it },
                 )
         }
+    }
 
     /**
      * Attempt to unlock the current user's vault with password data.
@@ -1985,11 +1948,13 @@ class AuthRepositoryImpl(
     ): VaultUnlockResult? {
         // Attempt to unlock the vault with auth request if possible.
         // These values will only be null during the Just-in-Time provisioning flow.
-        if (loginResponse.privateKey != null && loginResponse.key != null) {
+        val privateKey = loginResponse.privateKey
+        val key = loginResponse.key
+        if (privateKey != null && key != null) {
             deviceData?.let { model ->
                 return unlockVault(
                     accountProfile = profile,
-                    privateKey = loginResponse.privateKey,
+                    privateKey = privateKey,
                     initUserCryptoMethod = InitUserCryptoMethod.AuthRequest(
                         requestPrivateKey = model.privateKey,
                         method = model
@@ -1997,7 +1962,7 @@ class AuthRepositoryImpl(
                             ?.let {
                                 AuthRequestMethod.MasterKey(
                                     protectedMasterKey = model.asymmetricalKey,
-                                    authRequestKey = loginResponse.key,
+                                    authRequestKey = key,
                                 )
                             }
                             ?: AuthRequestMethod.UserKey(protectedUserKey = model.asymmetricalKey),

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/di/AuthRepositoryModule.kt

@@ -1,11 +1,13 @@
 package com.x8bit.bitwarden.data.auth.repository.di
 
+import com.bitwarden.data.datasource.disk.ConfigDiskSource
+import com.bitwarden.data.manager.DispatcherManager
+import com.bitwarden.network.service.AccountsService
+import com.bitwarden.network.service.DevicesService
+import com.bitwarden.network.service.HaveIBeenPwnedService
+import com.bitwarden.network.service.IdentityService
+import com.bitwarden.network.service.OrganizationService
 import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
-import com.x8bit.bitwarden.data.auth.datasource.network.service.AccountsService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.HaveIBeenPwnedService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.IdentityService
-import com.x8bit.bitwarden.data.auth.datasource.network.service.OrganizationService
 import com.x8bit.bitwarden.data.auth.datasource.sdk.AuthSdkSource
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestManager
 import com.x8bit.bitwarden.data.auth.manager.KeyConnectorManager
@@ -13,13 +15,11 @@ import com.x8bit.bitwarden.data.auth.manager.TrustedDeviceManager
 import com.x8bit.bitwarden.data.auth.manager.UserLogoutManager
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.auth.repository.AuthRepositoryImpl
-import com.x8bit.bitwarden.data.platform.datasource.disk.ConfigDiskSource
 import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
 import com.x8bit.bitwarden.data.platform.manager.FirstTimeActionManager
 import com.x8bit.bitwarden.data.platform.manager.LogsManager
 import com.x8bit.bitwarden.data.platform.manager.PolicyManager
 import com.x8bit.bitwarden.data.platform.manager.PushManager
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepository
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
 import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LeaveOrganizationResult.kt

@@ -0,0 +1,18 @@
+package com.x8bit.bitwarden.data.auth.repository.model
+
+/**
+ * Models result of deleting an account.
+ */
+sealed class LeaveOrganizationResult {
+    /**
+     * Leave organization succeeded.
+     */
+    data object Success : LeaveOrganizationResult()
+
+    /**
+     * There was an error leaving the organization.
+     */
+    data class Error(
+        val error: Throwable?,
+    ) : LeaveOrganizationResult()
+}

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LoginResult.kt

@@ -19,6 +19,13 @@ sealed class LoginResult {
      */
     data object TwoFactorRequired : LoginResult()
 
+    /**
+     * User should confirm KeyConnector domain
+     */
+    data class ConfirmKeyConnectorDomain(
+        val domain: String,
+    ) : LoginResult()
+
     /**
      * There was an error logging in.
      */

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LogoutReason.kt

@@ -0,0 +1,76 @@
+package com.x8bit.bitwarden.data.auth.repository.model
+
+/**
+ * Indicates the reason that the user is being logged out.
+ */
+sealed class LogoutReason {
+    /**
+     * An optional additional tag for an event.
+     */
+    open val source: String? = null
+
+    /**
+     * Indicates that the logout is happening because the account was deleted.
+     */
+    data object AccountDelete : LogoutReason()
+
+    /**
+     * Indicates that the logout is related to biometrics.
+     */
+    sealed class Biometrics : LogoutReason() {
+        /**
+         * Indicates that the logout is caused by a biometrics lockout.
+         */
+        data object Lockout : Biometrics()
+
+        /**
+         * Indicates that the logout is happening because biometrics is no longer supported.
+         */
+        data object NoLongerSupported : Biometrics()
+    }
+
+    /**
+     * Indicates that the logout is happening because of an invalid state.
+     */
+    data class InvalidState(
+        override val source: String,
+    ) : LogoutReason()
+
+    /**
+     * Indicates that the logout is happening because the user opted to logout via a button.
+     */
+    data class Click(
+        override val source: String,
+    ) : LogoutReason()
+
+    /**
+     * Indicates that the logout is happening because the a logout notification was received.
+     */
+    data object Notification : LogoutReason()
+
+    /**
+     * Indicates that the logout is happening because the sync security stamp was invalidated.
+     */
+    data object SecurityStamp : LogoutReason()
+
+    /**
+     * Indicates that the logout is happening because of a timeout action.
+     */
+    data object Timeout : LogoutReason()
+
+    /**
+     * Indicates that the logout is happening because the access token could not be refreshed.
+     */
+    data object TokenRefreshFail : LogoutReason()
+
+    /**
+     * Indicates that the logout is happening because the user tried to unlock the vault
+     * unsuccessfully too many times.
+     */
+    data object TooManyUnlockAttempts : LogoutReason()
+
+    /**
+     * Indicates that the logout is happening because the left the organization.
+     */
+    data object LeftOrganization : LogoutReason()
+}

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/Organization.kt

@@ -1,6 +1,6 @@
 package com.x8bit.bitwarden.data.auth.repository.model
 
-import com.x8bit.bitwarden.data.vault.datasource.network.model.OrganizationType
+import com.bitwarden.network.model.OrganizationType
 
 /**
  * Represents an organization a user may be a member of.
@@ -11,6 +11,7 @@ import com.x8bit.bitwarden.data.vault.datasource.network.model.OrganizationType
  * own password.
  * @property shouldUseKeyConnector Indicates that the organization uses a key connector.
  * @property role The user's role in the organization.
+ * @property keyConnectorUrl The key connector domain (if applicable).
  */
 data class Organization(
     val id: String,
@@ -18,4 +19,5 @@ data class Organization(
     val shouldManageResetPassword: Boolean,
     val shouldUseKeyConnector: Boolean,
     val role: OrganizationType,
+    val keyConnectorUrl: String?,
 )

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/UserState.kt

@@ -1,9 +1,8 @@
 package com.x8bit.bitwarden.data.auth.repository.model
 
+import com.bitwarden.data.repository.model.Environment
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
-import com.x8bit.bitwarden.data.auth.repository.model.UserState.Account
 import com.x8bit.bitwarden.data.platform.manager.model.FirstTimeState
-import com.x8bit.bitwarden.data.platform.repository.model.Environment
 
 /**
  * Represents the overall "user state" of the current active user as well as any users that may be

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/VerifiedOrganizationDomainSsoDetailsResult.kt

@@ -1,6 +1,6 @@
 package com.x8bit.bitwarden.data.auth.repository.model
 
-import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifiedOrganizationDomainSsoDetailsResponse.VerifiedOrganizationDomainSsoDetail
+import com.bitwarden.network.model.VerifiedOrganizationDomainSsoDetailsResponse.VerifiedOrganizationDomainSsoDetail
 
 /**
  * Response types when checking for an email's claimed domain organization.

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/AccountJsonExtensions.kt

@@ -1,8 +1,8 @@
 package com.x8bit.bitwarden.data.auth.repository.util
 
 import com.bitwarden.crypto.Kdf
+import com.bitwarden.network.model.KdfTypeJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.KdfTypeJson
 import com.x8bit.bitwarden.data.auth.util.KdfParamsConstants
 
 /**

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/GetTokenResponseExtensions.kt

@@ -1,10 +1,10 @@
 package com.x8bit.bitwarden.data.auth.repository.util
 
+import com.bitwarden.data.datasource.disk.model.EnvironmentUrlDataJson
+import com.bitwarden.network.model.GetTokenResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountJson
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.EnvironmentUrlDataJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.ForcePasswordResetReason
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.GetTokenResponseJson
 
 /**
  * Converts the given [GetTokenResponseJson.Success] to a [UserStateJson], given the following
@@ -67,13 +67,16 @@ fun GetTokenResponseJson.Success.toUserState(
 private fun GetTokenResponseJson.Success.toForcePasswordResetReason(): ForcePasswordResetReason? =
     this
         .userDecryptionOptions
-        ?.trustedDeviceUserDecryptionOptions
-        ?.let { options ->
-            ForcePasswordResetReason.TDE_USER_WITHOUT_PASSWORD_HAS_PASSWORD_RESET_PERMISSION
-                .takeIf {
-                    !this.userDecryptionOptions.hasMasterPassword &&
-                        options.hasManageResetPasswordPermission
+        ?.let { decryptionOptionsJson ->
+            decryptionOptionsJson
+                .trustedDeviceUserDecryptionOptions
+                ?.let { options ->
+                    ForcePasswordResetReason.TDE_USER_WITHOUT_PASSWORD_HAS_PASSWORD_RESET_PERMISSION
+                        .takeIf {
+                            !decryptionOptionsJson.hasMasterPassword &&
+                                options.hasManageResetPasswordPermission
+                        }
                 }
+                ?: ForcePasswordResetReason.ADMIN_FORCE_PASSWORD_RESET
+                    .takeIf { this.shouldForcePasswordReset }
         }
-        ?: ForcePasswordResetReason.ADMIN_FORCE_PASSWORD_RESET
-            .takeIf { this.shouldForcePasswordReset }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/JwtTokenUtils.kt

@@ -1,7 +1,7 @@
 package com.x8bit.bitwarden.data.auth.repository.util
 
+import com.bitwarden.network.util.base64UrlDecodeOrNull
 import com.x8bit.bitwarden.data.auth.repository.model.JwtTokenDataJson
-import com.x8bit.bitwarden.data.platform.datasource.network.util.base64UrlDecodeOrNull
 import kotlinx.serialization.json.Json
 import timber.log.Timber
 

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/SyncResponseJsonExtensions.kt

@@ -1,10 +1,10 @@
 package com.x8bit.bitwarden.data.auth.repository.util
 
+import com.bitwarden.core.data.util.decodeFromStringOrNull
+import com.bitwarden.network.model.PolicyTypeJson
+import com.bitwarden.network.model.SyncResponseJson
 import com.x8bit.bitwarden.data.auth.repository.model.Organization
 import com.x8bit.bitwarden.data.auth.repository.model.PolicyInformation
-import com.x8bit.bitwarden.data.platform.util.decodeFromStringOrNull
-import com.x8bit.bitwarden.data.vault.datasource.network.model.PolicyTypeJson
-import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
 import kotlinx.serialization.json.Json
 
 private val JSON = Json {
@@ -22,6 +22,7 @@ fun SyncResponseJson.Profile.Organization.toOrganization(): Organization =
         shouldUseKeyConnector = this.shouldUseKeyConnector,
         role = this.type,
         shouldManageResetPassword = this.permissions.shouldManageResetPassword,
+        keyConnectorUrl = this.keyConnectorUrl,
     )
 
 /**

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/UserStateJsonExtensions.kt

@@ -1,17 +1,17 @@
 package com.x8bit.bitwarden.data.auth.repository.util
 
+import com.bitwarden.data.repository.util.toEnvironmentUrlsOrDefault
+import com.bitwarden.network.model.OrganizationType
+import com.bitwarden.network.model.SyncResponseJson
+import com.bitwarden.network.model.UserDecryptionOptionsJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.UserDecryptionOptionsJson
 import com.x8bit.bitwarden.data.auth.repository.model.UserAccountTokens
 import com.x8bit.bitwarden.data.auth.repository.model.UserKeyConnectorState
 import com.x8bit.bitwarden.data.auth.repository.model.UserOrganizations
 import com.x8bit.bitwarden.data.auth.repository.model.UserState
 import com.x8bit.bitwarden.data.auth.repository.model.VaultUnlockType
 import com.x8bit.bitwarden.data.platform.manager.model.FirstTimeState
-import com.x8bit.bitwarden.data.platform.repository.util.toEnvironmentUrlsOrDefault
-import com.x8bit.bitwarden.data.vault.datasource.network.model.OrganizationType
-import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
 import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockData
 import com.x8bit.bitwarden.data.vault.repository.util.statusFor
 import com.x8bit.bitwarden.ui.platform.base.util.toHexColorRepresentation

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/WebAuthUtils.kt

@@ -27,7 +27,7 @@ fun Intent.getWebAuthResultOrNull(): WebAuthResult? {
         localData
             .getQueryParameter("data")
             ?.let { WebAuthResult.Success(token = it) }
-            ?: WebAuthResult.Failure
+            ?: WebAuthResult.Failure(message = localData.getQueryParameter("error"))
     } else {
         null
     }
@@ -74,5 +74,5 @@ sealed class WebAuthResult {
     /**
      * Represents a failure in the web auth callback.
      */
-    data object Failure : WebAuthResult()
+    data class Failure(val message: String?) : WebAuthResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/util/KdfParamsConstants.kt

@@ -1,7 +1,7 @@
 package com.x8bit.bitwarden.data.auth.util
 
+import com.bitwarden.core.annotation.OmitFromCoverage
 import com.bitwarden.crypto.Kdf
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 
 /**
  * Constants relating to [Kdf] initialization defaults.

app/src/main/java/com/x8bit/bitwarden/data/auth/util/KdfParamsExtensions.kt

@@ -1,7 +1,7 @@
 package com.x8bit.bitwarden.data.auth.util
 
 import com.bitwarden.crypto.Kdf
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PreLoginResponseJson
+import com.bitwarden.network.model.PreLoginResponseJson
 
 /**
  * Convert [PreLoginResponseJson.KdfParams] to [Kdf] params for use with Bitwarden SDK.

app/src/main/java/com/x8bit/bitwarden/data/autofill/BitwardenAutofillService.kt

@@ -8,9 +8,9 @@ import android.service.autofill.FillRequest
 import android.service.autofill.SaveCallback
 import android.service.autofill.SaveRequest
 import androidx.annotation.Keep
+import com.bitwarden.core.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.autofill.model.AutofillAppInfo
 import com.x8bit.bitwarden.data.autofill.processor.AutofillProcessor
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import dagger.hilt.android.AndroidEntryPoint
 import javax.inject.Inject
 

app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/BitwardenAccessibilityService.kt

@@ -4,9 +4,9 @@ import android.accessibilityservice.AccessibilityService
 import android.content.Intent
 import android.view.accessibility.AccessibilityEvent
 import androidx.annotation.Keep
+import com.bitwarden.core.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityEnabledManager
 import com.x8bit.bitwarden.data.autofill.accessibility.processor.BitwardenAccessibilityProcessor
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.tiles.BitwardenAutofillTileService
 import dagger.hilt.android.AndroidEntryPoint
 import javax.inject.Inject

app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/di/AccessibilityModule.kt

@@ -4,6 +4,7 @@ import android.content.Context
 import android.content.pm.PackageManager
 import android.os.PowerManager
 import android.view.accessibility.AccessibilityManager
+import com.bitwarden.data.manager.DispatcherManager
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityAutofillManager
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityAutofillManagerImpl
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityCompletionManager
@@ -21,7 +22,6 @@ import com.x8bit.bitwarden.data.autofill.accessibility.parser.AccessibilityParse
 import com.x8bit.bitwarden.data.autofill.accessibility.processor.BitwardenAccessibilityProcessor
 import com.x8bit.bitwarden.data.autofill.accessibility.processor.BitwardenAccessibilityProcessorImpl
 import com.x8bit.bitwarden.data.autofill.manager.AutofillTotpManager
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import dagger.Module
 import dagger.Provides
 import dagger.hilt.InstallIn

app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/manager/AccessibilityCompletionManagerImpl.kt

@@ -1,13 +1,13 @@
 package com.x8bit.bitwarden.data.autofill.accessibility.manager
 
 import android.app.Activity
+import com.bitwarden.data.manager.DispatcherManager
 import com.bitwarden.vault.CipherView
 import com.x8bit.bitwarden.data.autofill.accessibility.model.AccessibilityAction
 import com.x8bit.bitwarden.data.autofill.accessibility.util.toUriOrNull
 import com.x8bit.bitwarden.data.autofill.manager.AutofillTotpManager
 import com.x8bit.bitwarden.data.autofill.model.AutofillSelectionData
 import com.x8bit.bitwarden.data.autofill.util.getAutofillSelectionDataOrNull
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.launch
 

app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/util/AccessibilityNodeInfoExtensions.kt

@@ -3,8 +3,8 @@ package com.x8bit.bitwarden.data.autofill.accessibility.util
 import android.view.accessibility.AccessibilityNodeInfo
 import android.widget.EditText
 import androidx.core.os.bundleOf
+import com.bitwarden.core.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.autofill.accessibility.model.KnownUsernameField
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 
 private const val PACKAGE_NAME_BITWARDEN_PREFIX: String = "com.x8bit.bitwarden"
 private const val PACKAGE_NAME_SYSTEM_UI: String = "com.android.systemui"

app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/util/BrowserUtil.kt

@@ -47,6 +47,7 @@ private val ACCESSIBILITY_SUPPORTED_BROWSERS = listOf(
     Browser(packageName = "com.jamal2367.styx", urlFieldId = "search"),
     Browser(packageName = "com.kiwibrowser.browser", urlFieldId = "url_bar"),
     Browser(packageName = "com.kiwibrowser.browser.dev", urlFieldId = "url_bar"),
+    Browser(packageName = "com.ktllq.play", urlFieldId = "url_bar"),
     Browser(packageName = "com.microsoft.emmx", urlFieldId = "url_bar"),
     Browser(packageName = "com.microsoft.emmx.beta", urlFieldId = "url_bar"),
     Browser(packageName = "com.microsoft.emmx.canary", urlFieldId = "url_bar"),
@@ -90,8 +91,10 @@ private val ACCESSIBILITY_SUPPORTED_BROWSERS = listOf(
             it.split(' ', ' ').firstOrNull()
         },
     ),
+    Browser(packageName = "com.yjllq.chrome.beta", urlFieldId = "search_box"),
     Browser(packageName = "com.yjllq.internet", urlFieldId = "search_box"),
     Browser(packageName = "com.yjllq.kito", urlFieldId = "search_box"),
+    Browser(packageName = "com.yjllqint.kito", urlFieldId = "search_box"),
     Browser(packageName = "com.yujian.ResideMenuDemo", urlFieldId = "search_box"),
     Browser(packageName = "com.z28j.feel", urlFieldId = "g2"),
     Browser(packageName = "idm.internet.download.manager", urlFieldId = "search"),

app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/util/UriExtensions.kt

@@ -1,7 +1,7 @@
 package com.x8bit.bitwarden.data.autofill.accessibility.util
 
 import android.net.Uri
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
+import com.bitwarden.core.annotation.OmitFromCoverage
 import java.net.URISyntaxException
 
 /**

app/src/main/java/com/x8bit/bitwarden/data/autofill/di/AutofillModule.kt

@@ -2,6 +2,7 @@ package com.x8bit.bitwarden.data.autofill.di
 
 import android.content.Context
 import android.view.autofill.AutofillManager
+import com.bitwarden.data.manager.DispatcherManager
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.autofill.builder.FillResponseBuilder
 import com.x8bit.bitwarden.data.autofill.builder.FillResponseBuilderImpl
@@ -27,7 +28,6 @@ import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
 import com.x8bit.bitwarden.data.platform.manager.PolicyManager
 import com.x8bit.bitwarden.data.platform.manager.ciphermatching.CipherMatchingManager
 import com.x8bit.bitwarden.data.platform.manager.clipboard.BitwardenClipboardManager
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.platform.manager.event.OrganizationEventManager
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/BitwardenFido2ProviderService.kt

@@ -14,8 +14,8 @@ import androidx.credentials.provider.BeginGetCredentialRequest
 import androidx.credentials.provider.BeginGetCredentialResponse
 import androidx.credentials.provider.CredentialProviderService
 import androidx.credentials.provider.ProviderClearCredentialStateRequest
+import com.bitwarden.core.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.autofill.fido2.processor.Fido2ProviderProcessor
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import dagger.hilt.android.AndroidEntryPoint
 import javax.inject.Inject
 

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/datasource/network/di/Fido2NetworkModule.kt

@@ -1,7 +1,7 @@
 package com.x8bit.bitwarden.data.autofill.fido2.datasource.network.di
 
-import com.x8bit.bitwarden.data.autofill.fido2.datasource.network.service.DigitalAssetLinkService
-import com.x8bit.bitwarden.data.autofill.fido2.datasource.network.service.DigitalAssetLinkServiceImpl
+import com.bitwarden.network.service.DigitalAssetLinkService
+import com.bitwarden.network.service.DigitalAssetLinkServiceImpl
 import com.x8bit.bitwarden.data.platform.datasource.network.retrofit.Retrofits
 import dagger.Module
 import dagger.Provides

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/di/Fido2ProviderModule.kt

@@ -3,9 +3,10 @@ package com.x8bit.bitwarden.data.autofill.fido2.di
 import android.content.Context
 import android.os.Build
 import androidx.annotation.RequiresApi
+import com.bitwarden.data.manager.DispatcherManager
+import com.bitwarden.network.service.DigitalAssetLinkService
 import com.bitwarden.sdk.Fido2CredentialStore
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
-import com.x8bit.bitwarden.data.autofill.fido2.datasource.network.service.DigitalAssetLinkService
 import com.x8bit.bitwarden.data.autofill.fido2.manager.Fido2CredentialManager
 import com.x8bit.bitwarden.data.autofill.fido2.manager.Fido2CredentialManagerImpl
 import com.x8bit.bitwarden.data.autofill.fido2.manager.Fido2OriginManager
@@ -15,7 +16,6 @@ import com.x8bit.bitwarden.data.autofill.fido2.processor.Fido2ProviderProcessorI
 import com.x8bit.bitwarden.data.platform.manager.AssetManager
 import com.x8bit.bitwarden.data.platform.manager.BiometricsEncryptionManager
 import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository
 import com.x8bit.bitwarden.ui.platform.manager.intent.IntentManager
@@ -68,13 +68,11 @@ object Fido2ProviderModule {
     fun provideFido2CredentialManager(
         vaultSdkSource: VaultSdkSource,
         fido2CredentialStore: Fido2CredentialStore,
-        fido2OriginManager: Fido2OriginManager,
         json: Json,
     ): Fido2CredentialManager =
         Fido2CredentialManagerImpl(
             vaultSdkSource = vaultSdkSource,
             fido2CredentialStore = fido2CredentialStore,
-            fido2OriginManager = fido2OriginManager,
             json = json,
         )
 

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/manager/Fido2CredentialManager.kt

@@ -1,12 +1,15 @@
 package com.x8bit.bitwarden.data.autofill.fido2.manager
 
+import androidx.credentials.CreatePublicKeyCredentialRequest
+import androidx.credentials.GetPublicKeyCredentialOption
+import androidx.credentials.provider.CallingAppInfo
+import androidx.credentials.provider.ProviderGetCredentialRequest
 import com.bitwarden.vault.CipherView
-import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2CreateCredentialRequest
-import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2CredentialAssertionRequest
 import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2CredentialAssertionResult
 import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2RegisterCredentialResult
 import com.x8bit.bitwarden.data.autofill.fido2.model.PasskeyAssertionOptions
 import com.x8bit.bitwarden.data.autofill.fido2.model.PasskeyAttestationOptions
+import com.x8bit.bitwarden.data.autofill.fido2.model.UserVerificationRequirement
 
 /**
  * Responsible for managing FIDO 2 credential registration and authentication.
@@ -43,7 +46,8 @@ interface Fido2CredentialManager {
      */
     suspend fun registerFido2Credential(
         userId: String,
-        fido2CreateCredentialRequest: Fido2CreateCredentialRequest,
+        callingAppInfo: CallingAppInfo,
+        createPublicKeyCredentialRequest: CreatePublicKeyCredentialRequest,
         selectedCipherView: CipherView,
     ): Fido2RegisterCredentialResult
 
@@ -52,12 +56,42 @@ interface Fido2CredentialManager {
      */
     suspend fun authenticateFido2Credential(
         userId: String,
-        request: Fido2CredentialAssertionRequest,
+        callingAppInfo: CallingAppInfo,
+        request: GetPublicKeyCredentialOption,
         selectedCipherView: CipherView,
+        origin: String?,
     ): Fido2CredentialAssertionResult
 
     /**
      * Whether or not the user has authentication attempts remaining.
      */
     fun hasAuthenticationAttemptsRemaining(): Boolean
+
+    /**
+     * Determines the user verification requirement for a given FIDO2 assertion request.
+     *
+     * @param request The FIDO2 credential assertion request.
+     * @param fallbackRequirement The fallback requirement to use if the request doesn't specify
+     * one.
+     * Defaults to [UserVerificationRequirement.REQUIRED].
+     * @return The user verification requirement for the request.
+     */
+    fun getUserVerificationRequirement(
+        request: ProviderGetCredentialRequest,
+        fallbackRequirement: UserVerificationRequirement = UserVerificationRequirement.REQUIRED,
+    ): UserVerificationRequirement
+
+    /**
+     * Determines the user verification requirement for a given FIDO2 registration request.
+     *
+     * @param request The FIDO2 credential request.
+     * @param fallbackRequirement The fallback requirement to use if the request doesn't specify
+     * one.
+     * Defaults to [UserVerificationRequirement.REQUIRED].
+     * @return The user verification requirement for the request.
+     */
+    fun getUserVerificationRequirement(
+        request: CreatePublicKeyCredentialRequest,
+        fallbackRequirement: UserVerificationRequirement = UserVerificationRequirement.REQUIRED,
+    ): UserVerificationRequirement
 }

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/manager/Fido2CredentialManagerImpl.kt

@@ -1,20 +1,19 @@
 package com.x8bit.bitwarden.data.autofill.fido2.manager
 
+import androidx.credentials.CreatePublicKeyCredentialRequest
+import androidx.credentials.GetPublicKeyCredentialOption
 import androidx.credentials.provider.CallingAppInfo
+import androidx.credentials.provider.ProviderGetCredentialRequest
 import com.bitwarden.fido.ClientData
 import com.bitwarden.fido.Origin
 import com.bitwarden.fido.UnverifiedAssetLink
 import com.bitwarden.sdk.Fido2CredentialStore
 import com.bitwarden.vault.CipherView
-import com.x8bit.bitwarden.R
-import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2CreateCredentialRequest
-import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2CredentialAssertionRequest
 import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2CredentialAssertionResult
 import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2RegisterCredentialResult
-import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2ValidateOriginResult
 import com.x8bit.bitwarden.data.autofill.fido2.model.PasskeyAssertionOptions
 import com.x8bit.bitwarden.data.autofill.fido2.model.PasskeyAttestationOptions
-import com.x8bit.bitwarden.data.platform.util.decodeFromStringOrNull
+import com.x8bit.bitwarden.data.autofill.fido2.model.UserVerificationRequirement
 import com.x8bit.bitwarden.data.platform.util.getAppOrigin
 import com.x8bit.bitwarden.data.platform.util.getAppSigningSignatureFingerprint
 import com.x8bit.bitwarden.data.platform.util.getSignatureFingerprintAsHexString
@@ -23,7 +22,6 @@ import com.x8bit.bitwarden.data.vault.datasource.sdk.model.AuthenticateFido2Cred
 import com.x8bit.bitwarden.data.vault.datasource.sdk.model.RegisterFido2CredentialRequest
 import com.x8bit.bitwarden.data.vault.datasource.sdk.util.toAndroidAttestationResponse
 import com.x8bit.bitwarden.data.vault.datasource.sdk.util.toAndroidFido2PublicKeyCredential
-import com.x8bit.bitwarden.ui.platform.base.util.asText
 import com.x8bit.bitwarden.ui.platform.base.util.prefixHttpsIfNecessaryOrNull
 import kotlinx.serialization.SerializationException
 import kotlinx.serialization.json.Json
@@ -36,7 +34,6 @@ import timber.log.Timber
 class Fido2CredentialManagerImpl(
     private val vaultSdkSource: VaultSdkSource,
     private val fido2CredentialStore: Fido2CredentialStore,
-    private val fido2OriginManager: Fido2OriginManager,
     private val json: Json,
 ) : Fido2CredentialManager,
     Fido2CredentialStore by fido2CredentialStore {
@@ -47,78 +44,27 @@ class Fido2CredentialManagerImpl(
 
     override suspend fun registerFido2Credential(
         userId: String,
-        fido2CreateCredentialRequest: Fido2CreateCredentialRequest,
+        callingAppInfo: CallingAppInfo,
+        createPublicKeyCredentialRequest: CreatePublicKeyCredentialRequest,
         selectedCipherView: CipherView,
     ): Fido2RegisterCredentialResult {
-        val callingAppInfo = fido2CreateCredentialRequest.callingAppInfo
-        val clientData = if (fido2CreateCredentialRequest.origin.isNullOrEmpty()) {
-            ClientData.DefaultWithExtraData(androidPackageName = callingAppInfo.packageName)
-        } else {
-            callingAppInfo
-                .getAppSigningSignatureFingerprint()
-                ?.let { ClientData.DefaultWithCustomHash(hash = it) }
-                ?: return Fido2RegisterCredentialResult.Error(
-                    R.string.passkey_operation_failed_because_app_is_signed_incorrectly.asText(),
-                )
-        }
-        val sdkOrigin = if (fido2CreateCredentialRequest.origin.isNullOrEmpty()) {
-            val host = getOriginUrlFromAttestationOptionsOrNull(
-                requestJson = fido2CreateCredentialRequest.requestJson,
-            )
-                ?: return Fido2RegisterCredentialResult.Error(
-                    R.string.passkey_operation_failed_because_host_url_is_not_present_in_request
-                        .asText(),
-                )
-            Origin.Android(
-                UnverifiedAssetLink(
-                    packageName = callingAppInfo.packageName,
-                    sha256CertFingerprint = callingAppInfo.getSignatureFingerprintAsHexString()
-                        ?: return Fido2RegisterCredentialResult.Error(
-                            R.string.passkey_operation_failed_because_app_signature_is_invalid
-                                .asText(),
-                        ),
-                    host = host,
-                    assetLinkUrl = host,
-                ),
+        return if (callingAppInfo.isOriginPopulated()) {
+            registerFido2CredentialForPrivilegedApp(
+                userId = userId,
+                callingAppInfo = callingAppInfo,
+                createPublicKeyCredentialRequest = createPublicKeyCredentialRequest,
+                selectedCipherView = selectedCipherView,
             )
         } else {
-            Origin.Web(fido2CreateCredentialRequest.origin)
+            registerFido2CredentialForUnprivilegedApp(
+                userId = userId,
+                callingAppInfo = callingAppInfo,
+                createPublicKeyCredentialRequest = createPublicKeyCredentialRequest,
+                selectedCipherView = selectedCipherView,
+            )
         }
-        return vaultSdkSource
-            .registerFido2Credential(
-                request = RegisterFido2CredentialRequest(
-                    userId = userId,
-                    origin = sdkOrigin,
-                    requestJson = """{"publicKey": ${fido2CreateCredentialRequest.requestJson}}""",
-                    clientData = clientData,
-                    selectedCipherView = selectedCipherView,
-                    // User verification is handled prior to engaging the SDK. We always respond
-                    // `true` so that the SDK does not fail if the relying party requests UV.
-                    isUserVerificationSupported = true,
-                ),
-                fido2CredentialStore = this,
-            )
-            .map { it.toAndroidAttestationResponse() }
-            .mapCatching { json.encodeToString(it) }
-            .fold(
-                onSuccess = { Fido2RegisterCredentialResult.Success(it) },
-                onFailure = {
-                    Fido2RegisterCredentialResult.Error(
-                        R.string.passkey_registration_failed_due_to_an_internal_error.asText(),
-                    )
-                },
-            )
     }
 
-    private suspend fun validateOrigin(
-        callingAppInfo: CallingAppInfo,
-        relyingPartyId: String,
-    ): Fido2ValidateOriginResult = fido2OriginManager
-        .validateOrigin(
-            callingAppInfo = callingAppInfo,
-            relyingPartyId = relyingPartyId,
-        )
-
     override fun getPasskeyAttestationOptionsOrNull(
         requestJson: String,
     ): PasskeyAttestationOptions? =
@@ -148,85 +94,169 @@ class Fido2CredentialManagerImpl(
     @Suppress("LongMethod")
     override suspend fun authenticateFido2Credential(
         userId: String,
-        request: Fido2CredentialAssertionRequest,
+        callingAppInfo: CallingAppInfo,
+        request: GetPublicKeyCredentialOption,
         selectedCipherView: CipherView,
+        origin: String?,
     ): Fido2CredentialAssertionResult {
-        val callingAppInfo = request.callingAppInfo
         val clientData = request.clientDataHash
             ?.let { ClientData.DefaultWithCustomHash(hash = it) }
             ?: ClientData.DefaultWithExtraData(androidPackageName = callingAppInfo.getAppOrigin())
-        val relyingPartyId = json
-            .decodeFromStringOrNull<PasskeyAssertionOptions>(request.requestJson)
-            ?.relyingPartyId
-            ?: return Fido2CredentialAssertionResult.Error(
-                R.string.passkey_operation_failed_because_relying_party_cannot_be_identified
-                    .asText(),
-            )
 
-        val validateOriginResult = validateOrigin(
-            callingAppInfo = callingAppInfo,
-            relyingPartyId = relyingPartyId,
-        )
-
-        val sdkOrigin = if (!request.origin.isNullOrEmpty()) {
-            Origin.Web(request.origin)
+        val sdkOrigin = if (!origin.isNullOrEmpty()) {
+            Origin.Web(origin)
         } else {
             val hostUrl = getOriginUrlFromAssertionOptionsOrNull(request.requestJson)
-                ?: return Fido2CredentialAssertionResult.Error(
-                    R.string.passkey_operation_failed_because_host_url_is_not_present_in_request
-                        .asText(),
-                )
+                ?: return Fido2CredentialAssertionResult.Error.MissingHostUrl
             Origin.Android(
                 UnverifiedAssetLink(
                     packageName = callingAppInfo.packageName,
-                    sha256CertFingerprint = callingAppInfo.getSignatureFingerprintAsHexString()
-                        ?: return Fido2CredentialAssertionResult.Error(
-                            R.string.passkey_operation_failed_because_app_signature_is_invalid
-                                .asText(),
-                        ),
+                    sha256CertFingerprint = callingAppInfo
+                        .getSignatureFingerprintAsHexString()
+                        ?: return Fido2CredentialAssertionResult
+                            .Error
+                            .InvalidAppSignature,
                     host = hostUrl,
                     assetLinkUrl = hostUrl,
                 ),
             )
         }
-
-        return when (validateOriginResult) {
-            is Fido2ValidateOriginResult.Error -> {
-                Fido2CredentialAssertionResult.Error(validateOriginResult.messageResId.asText())
-            }
-
-            is Fido2ValidateOriginResult.Success -> {
-                vaultSdkSource
-                    .authenticateFido2Credential(
-                        request = AuthenticateFido2CredentialRequest(
-                            userId = userId,
-                            origin = sdkOrigin,
-                            requestJson = """{"publicKey": ${request.requestJson}}""",
-                            clientData = clientData,
-                            selectedCipherView = selectedCipherView,
-                            isUserVerificationSupported = true,
-                        ),
-                        fido2CredentialStore = this,
-                    )
-                    .map { it.toAndroidFido2PublicKeyCredential() }
-                    .mapCatching { json.encodeToString(it) }
-                    .fold(
-                        onSuccess = { Fido2CredentialAssertionResult.Success(it) },
-                        onFailure = {
-                            Timber.e(it, "Failed to authenticate FIDO2 credential.")
-                            Fido2CredentialAssertionResult.Error(
-                                R.string.passkey_authentication_failed_due_to_an_internal_error
-                                    .asText(),
-                            )
-                        },
-                    )
-            }
-        }
+        return vaultSdkSource
+            .authenticateFido2Credential(
+                request = AuthenticateFido2CredentialRequest(
+                    userId = userId,
+                    origin = sdkOrigin,
+                    requestJson = """{"publicKey": ${request.requestJson}}""",
+                    clientData = clientData,
+                    selectedCipherView = selectedCipherView,
+                    isUserVerificationSupported = true,
+                ),
+                fido2CredentialStore = this,
+            )
+            .map { it.toAndroidFido2PublicKeyCredential() }
+            .mapCatching { json.encodeToString(it) }
+            .fold(
+                onSuccess = { Fido2CredentialAssertionResult.Success(it) },
+                onFailure = {
+                    Timber.e(it, "Failed to authenticate FIDO2 credential.")
+                    Fido2CredentialAssertionResult.Error.InternalError
+                },
+            )
     }
 
     override fun hasAuthenticationAttemptsRemaining(): Boolean =
         authenticationAttempts < MAX_AUTHENTICATION_ATTEMPTS
 
+    override fun getUserVerificationRequirement(
+        request: ProviderGetCredentialRequest,
+        fallbackRequirement: UserVerificationRequirement,
+    ): UserVerificationRequirement = request
+        .credentialOptions
+        .filterIsInstance<GetPublicKeyCredentialOption>()
+        .firstOrNull()
+        ?.let { option ->
+            getPasskeyAssertionOptionsOrNull(option.requestJson)
+                ?.userVerification
+        }
+        ?: fallbackRequirement
+
+    override fun getUserVerificationRequirement(
+        request: CreatePublicKeyCredentialRequest,
+        fallbackRequirement: UserVerificationRequirement,
+    ): UserVerificationRequirement = getPasskeyAttestationOptionsOrNull(request.requestJson)
+        ?.authenticatorSelection
+        ?.userVerification
+        ?: fallbackRequirement
+
+    private suspend fun registerFido2CredentialForUnprivilegedApp(
+        userId: String,
+        callingAppInfo: CallingAppInfo,
+        createPublicKeyCredentialRequest: CreatePublicKeyCredentialRequest,
+        selectedCipherView: CipherView,
+    ): Fido2RegisterCredentialResult {
+        val clientData = ClientData.DefaultWithExtraData(callingAppInfo.packageName)
+
+        val host = getOriginUrlFromAttestationOptionsOrNull(
+            requestJson = createPublicKeyCredentialRequest.requestJson,
+        )
+            ?: return Fido2RegisterCredentialResult.Error.MissingHostUrl
+
+        val signatureFingerprint = callingAppInfo
+            .getSignatureFingerprintAsHexString()
+            ?: return Fido2RegisterCredentialResult.Error.InvalidAppSignature
+
+        val sdkOrigin = Origin.Android(
+            UnverifiedAssetLink(
+                packageName = callingAppInfo.packageName,
+                sha256CertFingerprint = signatureFingerprint,
+                host = host,
+                assetLinkUrl = host,
+            ),
+        )
+
+        return registerFido2CredentialInternal(
+            userId = userId,
+            sdkOrigin = sdkOrigin,
+            createPublicKeyCredentialRequest = createPublicKeyCredentialRequest,
+            selectedCipherView = selectedCipherView,
+            clientData = clientData,
+        )
+    }
+
+    private suspend fun registerFido2CredentialForPrivilegedApp(
+        userId: String,
+        callingAppInfo: CallingAppInfo,
+        createPublicKeyCredentialRequest: CreatePublicKeyCredentialRequest,
+        selectedCipherView: CipherView,
+    ): Fido2RegisterCredentialResult {
+        val clientData = callingAppInfo
+            .getAppSigningSignatureFingerprint()
+            ?.let { ClientData.DefaultWithCustomHash(hash = it) }
+            ?: return Fido2RegisterCredentialResult.Error.InvalidAppSignature
+
+        val sdkOrigin = createPublicKeyCredentialRequest.origin
+            ?.let { Origin.Web(it) }
+            ?: return Fido2RegisterCredentialResult.Error.MissingHostUrl
+
+        return registerFido2CredentialInternal(
+            userId = userId,
+            sdkOrigin = sdkOrigin,
+            createPublicKeyCredentialRequest = createPublicKeyCredentialRequest,
+            selectedCipherView = selectedCipherView,
+            clientData = clientData,
+        )
+    }
+
+    private suspend fun registerFido2CredentialInternal(
+        userId: String,
+        sdkOrigin: Origin,
+        createPublicKeyCredentialRequest: CreatePublicKeyCredentialRequest,
+        selectedCipherView: CipherView,
+        clientData: ClientData,
+    ): Fido2RegisterCredentialResult = vaultSdkSource
+        .registerFido2Credential(
+            request = RegisterFido2CredentialRequest(
+                userId = userId,
+                origin = sdkOrigin,
+                requestJson = """{"publicKey": ${createPublicKeyCredentialRequest.requestJson}}""",
+                clientData = clientData,
+                selectedCipherView = selectedCipherView,
+                // User verification is handled prior to engaging the SDK. We always respond
+                // `true` so that the SDK does not fail if the relying party requests UV.
+                isUserVerificationSupported = true,
+            ),
+            fido2CredentialStore = this,
+        )
+        .map { it.toAndroidAttestationResponse() }
+        .mapCatching { json.encodeToString(it) }
+        .fold(
+            onSuccess = { Fido2RegisterCredentialResult.Success(it) },
+            onFailure = {
+                Timber.e(it, "Failed to register FIDO2 credential.")
+                Fido2RegisterCredentialResult.Error.InternalError
+            },
+        )
+
     private fun getOriginUrlFromAssertionOptionsOrNull(requestJson: String) =
         getPasskeyAssertionOptionsOrNull(requestJson)
             ?.relyingPartyId
@@ -240,4 +270,3 @@ class Fido2CredentialManagerImpl(
 }
 
 private const val MAX_AUTHENTICATION_ATTEMPTS = 5
-private const val HTTPS = "https://"

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/manager/Fido2OriginManagerImpl.kt

@@ -1,8 +1,8 @@
 package com.x8bit.bitwarden.data.autofill.fido2.manager
 
 import androidx.credentials.provider.CallingAppInfo
-import com.x8bit.bitwarden.data.autofill.fido2.datasource.network.model.DigitalAssetLinkResponseJson
-import com.x8bit.bitwarden.data.autofill.fido2.datasource.network.service.DigitalAssetLinkService
+import com.bitwarden.network.model.DigitalAssetLinkResponseJson
+import com.bitwarden.network.service.DigitalAssetLinkService
 import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2ValidateOriginResult
 import com.x8bit.bitwarden.data.platform.manager.AssetManager
 import com.x8bit.bitwarden.data.platform.util.getSignatureFingerprintAsHexString

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2CreateCredentialRequest.kt

@@ -1,31 +1,69 @@
 package com.x8bit.bitwarden.data.autofill.fido2.model
 
-import android.content.pm.SigningInfo
+import android.os.Bundle
 import android.os.Parcelable
+import androidx.credentials.CreatePublicKeyCredentialRequest
 import androidx.credentials.provider.CallingAppInfo
+import androidx.credentials.provider.ProviderCreateCredentialRequest
+import com.x8bit.bitwarden.ui.platform.base.util.toHostOrPathOrNull
+import kotlinx.parcelize.IgnoredOnParcel
 import kotlinx.parcelize.Parcelize
 
 /**
  * Represents raw data from the a user deciding to create a passkey in their vault via the
  * credential manager framework.
  *
- * @property userId The user under which the passkey should be saved.
- * @property requestJson JSON payload containing the RP request.
- * @property callingAppInfo Information about the application that initiated the request.
+ * @property userId The ID of the user creating the passkey.
+ * @property isUserPreVerified Whether the user has already been verified by the OS biometric
+ * prompt.
+ * @property requestData Provider request data in the form of a [Bundle].
  */
 @Parcelize
 data class Fido2CreateCredentialRequest(
     val userId: String,
-    val requestJson: String,
-    val packageName: String,
-    val signingInfo: SigningInfo,
-    val origin: String?,
-    val isUserVerified: Boolean?,
+    val requestData: Bundle,
+    val isUserPreVerified: Boolean,
 ) : Parcelable {
-    val callingAppInfo: CallingAppInfo
-        get() = CallingAppInfo(
-            packageName = packageName,
-            signingInfo = signingInfo,
-            origin = origin,
-        )
+
+    /**
+     * The [ProviderCreateCredentialRequest] from the [requestData].
+     */
+    @IgnoredOnParcel
+    val providerRequest: ProviderCreateCredentialRequest by lazy {
+        ProviderCreateCredentialRequest.fromBundle(requestData)
+    }
+
+    /**
+     * The [CallingAppInfo] of the [providerRequest].
+     */
+    @IgnoredOnParcel
+    val callingAppInfo: CallingAppInfo by lazy { providerRequest.callingAppInfo }
+
+    /**
+     * The [CreatePublicKeyCredentialRequest] of the [providerRequest], or null if the calling
+     * request is not a [CreatePublicKeyCredentialRequest].
+     */
+    @IgnoredOnParcel
+    val createPublicKeyCredentialRequest: CreatePublicKeyCredentialRequest? by lazy {
+        providerRequest.callingRequest as? CreatePublicKeyCredentialRequest
+    }
+
+    /**
+     * The [requestJson] of the [createPublicKeyCredentialRequest], or null if the calling request
+     * is not a [CreatePublicKeyCredentialRequest].
+     */
+    @IgnoredOnParcel
+    val requestJson: String? by lazy { createPublicKeyCredentialRequest?.requestJson }
+
+    /**
+     * Returns the ID of the relying party, or null if the relying party cannot be identified.
+     */
+    @IgnoredOnParcel
+    val relyingPartyIdOrNull: String? by lazy {
+        if (callingAppInfo.isOriginPopulated()) {
+            providerRequest.callingRequest.origin?.toHostOrPathOrNull()
+        } else {
+            callingAppInfo.packageName
+        }
+    }
 }

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2CredentialAssertionRequest.kt

@@ -1,38 +1,53 @@
 package com.x8bit.bitwarden.data.autofill.fido2.model
 
-import android.content.pm.SigningInfo
+import android.os.Bundle
 import android.os.Parcelable
+import androidx.credentials.GetPublicKeyCredentialOption
 import androidx.credentials.provider.CallingAppInfo
+import androidx.credentials.provider.ProviderGetCredentialRequest
+import kotlinx.parcelize.IgnoredOnParcel
 import kotlinx.parcelize.Parcelize
 
 /**
  * Models a FIDO 2 credential authentication request parsed from the launching intent.
  *
- * @param userId The ID of the Bitwarden user to authenticate.
- * @param cipherId The ID of the cipher that contains the passkey to authenticate.
- * @param credentialId The ID of the credential to authenticate.
- * @param requestJson The JSON representation of the FIDO 2 request.
- * @param clientDataHash The hash of the client data.
- * @param packageName The package name of the calling app.
- * @param signingInfo The signing info of the calling app.
- * @param origin The origin of the calling app. Only populated if the calling application is a
- * privileged application. I.e., a web browser.
- * @param isUserVerified Whether the user has been verified prior to receiving this request. Only
- * populated if device biometric verification was performed. If null, the application is responsible
- * for prompting user verification when it is deemed necessary.
+ * @property userId ID of the user requesting credential authentication.
+ * @property cipherId ID of the cipher to be authenticated against.
+ * @property credentialId ID of the credential to authenticate.
+ * @property isUserPreVerified Whether the user has already been verified by the OS biometric
+ * prompt.
+ * @property requestData Provider request data in the form of a [Bundle].
  */
 @Parcelize
 data class Fido2CredentialAssertionRequest(
     val userId: String,
-    val cipherId: String?,
-    val credentialId: String?,
-    val requestJson: String,
-    val clientDataHash: ByteArray?,
-    val packageName: String,
-    val signingInfo: SigningInfo,
-    val origin: String?,
-    val isUserVerified: Boolean?,
+    val cipherId: String,
+    val credentialId: String,
+    val isUserPreVerified: Boolean,
+    private val requestData: Bundle,
 ) : Parcelable {
-    val callingAppInfo: CallingAppInfo
-        get() = CallingAppInfo(packageName, signingInfo, origin)
+
+    /**
+     * The [ProviderGetCredentialRequest] from the [requestData].
+     */
+    @IgnoredOnParcel
+    val providerRequest: ProviderGetCredentialRequest by lazy {
+        ProviderGetCredentialRequest.fromBundle(requestData)
+    }
+
+    /**
+     * The [CallingAppInfo] from the [providerRequest].
+     */
+    @IgnoredOnParcel
+    val callingAppInfo: CallingAppInfo by lazy { providerRequest.callingAppInfo }
+
+    /**
+     * The [GetPublicKeyCredentialOption] from the [providerRequest], or null if one is not found
+     * in the request options list.
+     */
+    @IgnoredOnParcel
+    val option: GetPublicKeyCredentialOption? by lazy {
+        providerRequest.credentialOptions
+            .firstNotNullOfOrNull { it as? GetPublicKeyCredentialOption }
+    }
 }

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2CredentialAssertionResult.kt

@@ -1,7 +1,5 @@
 package com.x8bit.bitwarden.data.autofill.fido2.model
 
-import com.x8bit.bitwarden.ui.platform.base.util.Text
-
 /**
  * Represents possible outcomes of a FIDO 2 credential assertion request.
  */
@@ -15,5 +13,35 @@ sealed class Fido2CredentialAssertionResult {
     /**
      * Indicates there was an error and the assertion was not successful.
      */
-    data class Error(val message: Text) : Fido2CredentialAssertionResult()
+    sealed class Error : Fido2CredentialAssertionResult() {
+        /**
+         * Indicates the relying party ID was missing from the request.
+         */
+        data object MissingRpId : Error()
+
+        /**
+         * Indicates the host URL was missing from the request.
+         */
+        data object MissingHostUrl : Error()
+
+        /**
+         * Indicates the calling application signature was invalid.
+         */
+        data object InvalidAppSignature : Error()
+
+        /**
+         * Indicates origin validation failed.
+         *
+         * @property originValidationError The specific error that caused the origin validation to
+         * fail.
+         */
+        data class OriginValidationFailed(
+            val originValidationError: Fido2ValidateOriginResult.Error,
+        ) : Error()
+
+        /**
+         * Indicates an internal error occurred.
+         */
+        data object InternalError : Error()
+    }
 }

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2GetCredentialsRequest.kt

@@ -1,34 +1,62 @@
 package com.x8bit.bitwarden.data.autofill.fido2.model
 
-import android.content.pm.SigningInfo
 import android.os.Bundle
 import android.os.Parcelable
+import androidx.credentials.provider.BeginGetCredentialRequest
 import androidx.credentials.provider.BeginGetPublicKeyCredentialOption
 import androidx.credentials.provider.CallingAppInfo
+import kotlinx.parcelize.IgnoredOnParcel
 import kotlinx.parcelize.Parcelize
 
 /**
  * Models a FIDO 2 request to retrieve FIDO credentials parsed from the launching intent.
+ *
+ * @param userId The ID of the user's vault to search.
+ * @param requestData Provider request data in the form of a [Bundle].
  */
 @Parcelize
 data class Fido2GetCredentialsRequest(
-    val candidateQueryData: Bundle,
-    val id: String,
     val userId: String,
-    val requestJson: String,
-    val clientDataHash: ByteArray? = null,
-    val packageName: String,
-    val signingInfo: SigningInfo,
-    val origin: String?,
+    private val requestData: Bundle,
 ) : Parcelable {
-    val callingAppInfo: CallingAppInfo
-        get() = CallingAppInfo(packageName, signingInfo, origin)
+    /**
+     * The [BeginGetCredentialRequest] from the [requestData], or null if the [requestData] does not
+     * contain a [BeginGetCredentialRequest].
+     */
+    @IgnoredOnParcel
+    val providerRequest: BeginGetCredentialRequest? by lazy {
+        BeginGetCredentialRequest.fromBundle(requestData)
+    }
 
-    val option: BeginGetPublicKeyCredentialOption
-        get() = BeginGetPublicKeyCredentialOption(
-            candidateQueryData,
-            id,
-            requestJson,
-            clientDataHash,
-        )
+    /**
+     * The first [BeginGetPublicKeyCredentialOption] of the [providerRequest], or null if the
+     * [providerRequest] is not a [BeginGetCredentialRequest] or does not contain a
+     * [BeginGetPublicKeyCredentialOption].
+     */
+    @IgnoredOnParcel
+    val beginGetPublicKeyCredentialOption: BeginGetPublicKeyCredentialOption? by lazy {
+        providerRequest
+            ?.beginGetCredentialOptions
+            ?.filterIsInstance<BeginGetPublicKeyCredentialOption>()
+            ?.firstOrNull()
+    }
+
+    /**
+     * The [CallingAppInfo] of the [providerRequest], or null if the [providerRequest] is not a
+     * [BeginGetCredentialRequest].
+     */
+    @IgnoredOnParcel
+    val callingAppInfo: CallingAppInfo? by lazy { providerRequest?.callingAppInfo }
+
+    /**
+     * The first [BeginGetPublicKeyCredentialOption] of the [providerRequest], or null if the
+     * [providerRequest] does not contain a [BeginGetPublicKeyCredentialOption].
+     */
+    @IgnoredOnParcel
+    val option: BeginGetPublicKeyCredentialOption? by lazy {
+        providerRequest?.beginGetCredentialOptions
+            ?.firstNotNullOfOrNull {
+                it as? BeginGetPublicKeyCredentialOption
+            }
+    }
 }

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2GetCredentialsResult.kt

@@ -2,7 +2,7 @@ package com.x8bit.bitwarden.data.autofill.fido2.model
 
 import androidx.credentials.provider.BeginGetPublicKeyCredentialOption
 import com.bitwarden.fido.Fido2CredentialAutofillView
-import com.x8bit.bitwarden.ui.platform.base.util.Text
+import com.bitwarden.ui.util.Text
 
 /**
  * Represents the result of a FIDO 2 Get Credentials request.

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2RegisterCredentialResult.kt

@@ -1,7 +1,5 @@
 package com.x8bit.bitwarden.data.autofill.fido2.model
 
-import com.x8bit.bitwarden.ui.platform.base.util.Text
-
 /**
  * Models the data returned from creating a FIDO 2 credential.
  */
@@ -17,10 +15,21 @@ sealed class Fido2RegisterCredentialResult {
     /**
      * Indicates there was an error and the credential was not registered.
      */
-    data class Error(val message: Text) : Fido2RegisterCredentialResult()
+    sealed class Error : Fido2RegisterCredentialResult() {
 
-    /**
-     * Indicates the user cancelled the request.
-     */
-    data object Cancelled : Fido2RegisterCredentialResult()
+        /**
+         * Indicates the host URL was missing from the request.
+         */
+        data object MissingHostUrl : Error()
+
+        /**
+         * Indicates the app signature was invalid.
+         */
+        data object InvalidAppSignature : Error()
+
+        /**
+         * Indicates an internal error occurred.
+         */
+        data object InternalError : Error()
+    }
 }

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2ValidateOriginResult.kt

@@ -1,8 +1,5 @@
 package com.x8bit.bitwarden.data.autofill.fido2.model
 
-import androidx.annotation.StringRes
-import com.x8bit.bitwarden.R
-
 /**
  * Models the result of validating the origin of a FIDO2 request.
  */
@@ -19,66 +16,42 @@ sealed class Fido2ValidateOriginResult {
      * Represents a validation error.
      */
     sealed class Error : Fido2ValidateOriginResult() {
-        /**
-         * The string resource ID of the error message.
-         */
-        @get:StringRes
-        abstract val messageResId: Int
 
         /**
          * Indicates the digital asset links file could not be located.
          */
-        data object AssetLinkNotFound : Error() {
-            override val messageResId =
-                R.string.passkey_operation_failed_because_of_missing_asset_links
-        }
+        data object AssetLinkNotFound : Error()
 
         /**
          * Indicates the application package name was not found in the digital asset links file.
          */
-        data object ApplicationNotFound : Error() {
-            override val messageResId =
-                R.string.passkey_operation_failed_because_app_not_found_in_asset_links
-        }
+        data object ApplicationNotFound : Error()
 
         /**
          * Indicates the application fingerprint was not found the digital asset links file.
          */
-        data object ApplicationFingerprintNotVerified : Error() {
-            override val messageResId =
-                R.string.passkey_operation_failed_because_app_could_not_be_verified
-        }
+        data object ApplicationFingerprintNotVerified : Error()
 
         /**
          * Indicates the calling application is privileged but its package name is not found within
          * the privileged app allow list.
          */
-        data object PrivilegedAppNotAllowed : Error() {
-            override val messageResId =
-                R.string.passkey_operation_failed_because_browser_is_not_privileged
-        }
+        data object PrivilegedAppNotAllowed : Error()
 
         /**
          * Indicates the calling app is privileged but but no matching signing certificate signature
          * is present in the allow list.
          */
-        data object PrivilegedAppSignatureNotFound : Error() {
-            override val messageResId =
-                R.string.passkey_operation_failed_because_browser_signature_does_not_match
-        }
+        data object PrivilegedAppSignatureNotFound : Error()
 
         /**
          * Indicates passkeys are not supported for the requesting application.
          */
-        data object PasskeyNotSupportedForApp : Error() {
-            override val messageResId = R.string.passkeys_not_supported_for_this_app
-        }
+        data object PasskeyNotSupportedForApp : Error()
 
         /**
          * Indicates an unknown error was encountered while validating the origin.
          */
-        data object Unknown : Error() {
-            override val messageResId = R.string.generic_error_message
-        }
+        data object Unknown : Error()
     }
 }

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/processor/Fido2ProviderProcessorImpl.kt

@@ -29,6 +29,9 @@ import androidx.credentials.provider.CreateEntry
 import androidx.credentials.provider.CredentialEntry
 import androidx.credentials.provider.ProviderClearCredentialStateRequest
 import androidx.credentials.provider.PublicKeyCredentialEntry
+import com.bitwarden.core.data.repository.model.DataState
+import com.bitwarden.core.data.repository.util.takeUntilLoaded
+import com.bitwarden.data.manager.DispatcherManager
 import com.bitwarden.fido.Fido2CredentialAutofillView
 import com.bitwarden.sdk.Fido2CredentialStore
 import com.bitwarden.vault.CipherView
@@ -39,10 +42,7 @@ import com.x8bit.bitwarden.data.autofill.fido2.manager.Fido2CredentialManager
 import com.x8bit.bitwarden.data.autofill.util.isActiveWithFido2Credentials
 import com.x8bit.bitwarden.data.platform.manager.BiometricsEncryptionManager
 import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.platform.manager.model.FlagKey
-import com.x8bit.bitwarden.data.platform.repository.model.DataState
-import com.x8bit.bitwarden.data.platform.repository.util.takeUntilLoaded
 import com.x8bit.bitwarden.data.platform.util.isBuildVersionBelow
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository
 import com.x8bit.bitwarden.data.vault.repository.model.DecryptFido2CredentialAutofillViewResult

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/util/Fido2IntentUtils.kt

@@ -2,10 +2,10 @@ package com.x8bit.bitwarden.data.autofill.fido2.util
 
 import android.content.Intent
 import android.os.Build
-import androidx.credentials.CreatePublicKeyCredentialRequest
-import androidx.credentials.GetPublicKeyCredentialOption
-import androidx.credentials.provider.BeginGetPublicKeyCredentialOption
+import androidx.credentials.provider.BeginGetCredentialRequest
 import androidx.credentials.provider.PendingIntentHandler
+import androidx.credentials.provider.ProviderCreateCredentialRequest
+import androidx.credentials.provider.ProviderGetCredentialRequest
 import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2CreateCredentialRequest
 import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2CredentialAssertionRequest
 import com.x8bit.bitwarden.data.autofill.fido2.model.Fido2GetCredentialsRequest
@@ -21,25 +21,23 @@ import com.x8bit.bitwarden.ui.platform.manager.intent.EXTRA_KEY_USER_ID
 fun Intent.getFido2CreateCredentialRequestOrNull(): Fido2CreateCredentialRequest? {
     if (isBuildVersionBelow(Build.VERSION_CODES.UPSIDE_DOWN_CAKE)) return null
 
-    val systemRequest = PendingIntentHandler
-        .retrieveProviderCreateCredentialRequest(this)
-        ?: return null
-
-    val createPublicKeyRequest = systemRequest
-        .callingRequest
-        as? CreatePublicKeyCredentialRequest
+    val systemRequest = PendingIntentHandler.retrieveProviderCreateCredentialRequest(this)
         ?: return null
 
     val userId = getStringExtra(EXTRA_KEY_USER_ID)
         ?: return null
 
+    // Extract the OS biometric prompt result from the request data because it is not included in
+    // the bundle returned by `ProviderGetCredentialRequest.asBundle()`.
+    val isUserPreVerified = systemRequest
+        .biometricPromptResult
+        ?.isSuccessful
+        ?: false
+
     return Fido2CreateCredentialRequest(
         userId = userId,
-        requestJson = createPublicKeyRequest.requestJson,
-        packageName = systemRequest.callingAppInfo.packageName,
-        signingInfo = systemRequest.callingAppInfo.signingInfo,
-        origin = systemRequest.callingAppInfo.origin,
-        isUserVerified = systemRequest.biometricPromptResult?.isSuccessful,
+        isUserPreVerified = isUserPreVerified,
+        requestData = ProviderCreateCredentialRequest.asBundle(systemRequest),
     )
 }
 
@@ -54,11 +52,6 @@ fun Intent.getFido2AssertionRequestOrNull(): Fido2CredentialAssertionRequest? {
         .retrieveProviderGetCredentialRequest(this)
         ?: return null
 
-    val option: GetPublicKeyCredentialOption = systemRequest
-        .credentialOptions
-        .firstNotNullOfOrNull { it as? GetPublicKeyCredentialOption }
-        ?: return null
-
     val credentialId = getStringExtra(EXTRA_KEY_CREDENTIAL_ID)
         ?: return null
 
@@ -68,18 +61,19 @@ fun Intent.getFido2AssertionRequestOrNull(): Fido2CredentialAssertionRequest? {
     val userId: String = getStringExtra(EXTRA_KEY_USER_ID)
         ?: return null
 
-    val isUserVerified = systemRequest.biometricPromptResult?.isSuccessful
+    // Extract the OS biometric prompt result from the request data because it is not included in
+    // the bundle returned by `ProviderGetCredentialRequest.asBundle()`.
+    val isUserPreVerified = systemRequest
+        .biometricPromptResult
+        ?.isSuccessful
+        ?: false
 
     return Fido2CredentialAssertionRequest(
         userId = userId,
         cipherId = cipherId,
         credentialId = credentialId,
-        requestJson = option.requestJson,
-        clientDataHash = option.clientDataHash,
-        packageName = systemRequest.callingAppInfo.packageName,
-        signingInfo = systemRequest.callingAppInfo.signingInfo,
-        origin = systemRequest.callingAppInfo.origin,
-        isUserVerified = isUserVerified,
+        isUserPreVerified = isUserPreVerified,
+        requestData = ProviderGetCredentialRequest.asBundle(systemRequest),
     )
 }
 
@@ -94,26 +88,11 @@ fun Intent.getFido2GetCredentialsRequestOrNull(): Fido2GetCredentialsRequest? {
         .retrieveBeginGetCredentialRequest(this)
         ?: return null
 
-    val option: BeginGetPublicKeyCredentialOption = systemRequest
-        .beginGetCredentialOptions
-        .firstNotNullOfOrNull { it as? BeginGetPublicKeyCredentialOption }
-        ?: return null
-
-    val callingAppInfo = systemRequest
-        .callingAppInfo
-        ?: return null
-
     val userId: String = getStringExtra(EXTRA_KEY_USER_ID)
         ?: return null
 
     return Fido2GetCredentialsRequest(
-        candidateQueryData = option.candidateQueryData,
-        id = option.id,
         userId = userId,
-        requestJson = option.requestJson,
-        clientDataHash = option.clientDataHash,
-        packageName = callingAppInfo.packageName,
-        signingInfo = callingAppInfo.signingInfo,
-        origin = callingAppInfo.origin,
+        requestData = BeginGetCredentialRequest.asBundle(systemRequest),
     )
 }

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/util/ProviderCreateCredentialRequestExtensions.kt

@@ -0,0 +1,12 @@
+package com.x8bit.bitwarden.data.autofill.fido2.util
+
+import androidx.credentials.CreatePublicKeyCredentialRequest
+import androidx.credentials.provider.ProviderCreateCredentialRequest
+
+/**
+ * Retrieves the [CreatePublicKeyCredentialRequest] from a [ProviderCreateCredentialRequest],
+ * otherwise null.
+ */
+@Suppress("MaxLineLength")
+fun ProviderCreateCredentialRequest.getCreatePasskeyCredentialRequestOrNull(): CreatePublicKeyCredentialRequest? =
+    callingRequest as? CreatePublicKeyCredentialRequest

app/src/main/java/com/x8bit/bitwarden/data/autofill/manager/AutofillCompletionManagerImpl.kt

@@ -2,6 +2,7 @@ package com.x8bit.bitwarden.data.autofill.manager
 
 import android.app.Activity
 import android.content.Intent
+import com.bitwarden.data.manager.DispatcherManager
 import com.bitwarden.vault.CipherView
 import com.x8bit.bitwarden.data.autofill.builder.FilledDataBuilder
 import com.x8bit.bitwarden.data.autofill.builder.FilledDataBuilderImpl
@@ -12,7 +13,6 @@ import com.x8bit.bitwarden.data.autofill.util.createAutofillSelectionResultInten
 import com.x8bit.bitwarden.data.autofill.util.getAutofillAssistStructureOrNull
 import com.x8bit.bitwarden.data.autofill.util.toAutofillAppInfo
 import com.x8bit.bitwarden.data.autofill.util.toAutofillCipherProvider
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.platform.manager.event.OrganizationEventManager
 import com.x8bit.bitwarden.data.platform.manager.model.OrganizationEvent
 import kotlinx.coroutines.CoroutineScope

app/src/main/java/com/x8bit/bitwarden/data/autofill/manager/AutofillTotpManagerImpl.kt

@@ -2,6 +2,7 @@ package com.x8bit.bitwarden.data.autofill.manager
 
 import android.content.Context
 import android.widget.Toast
+import com.bitwarden.ui.util.asText
 import com.bitwarden.vault.CipherView
 import com.x8bit.bitwarden.R
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
@@ -9,7 +10,6 @@ import com.x8bit.bitwarden.data.platform.manager.clipboard.BitwardenClipboardMan
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository
 import com.x8bit.bitwarden.data.vault.repository.model.GenerateTotpResult
-import com.x8bit.bitwarden.ui.platform.base.util.asText
 import java.time.Clock
 
 /**

app/src/main/java/com/x8bit/bitwarden/data/autofill/manager/chrome/ChromeThirdPartyAutofillManagerImpl.kt

@@ -3,9 +3,9 @@ package com.x8bit.bitwarden.data.autofill.manager.chrome
 import android.content.ContentResolver
 import android.content.Context
 import android.net.Uri
+import com.bitwarden.core.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.autofill.model.chrome.ChromeReleaseChannel
 import com.x8bit.bitwarden.data.autofill.model.chrome.ChromeThirdPartyAutoFillData
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 
 private const val CONTENT_PROVIDER_NAME = ".AutofillThirdPartyModeContentProvider"
 private const val THIRD_PARTY_MODE_COLUMN = "autofill_third_party_state"

app/src/main/java/com/x8bit/bitwarden/data/autofill/processor/AutofillProcessorImpl.kt

@@ -5,6 +5,8 @@ import android.service.autofill.FillCallback
 import android.service.autofill.FillRequest
 import android.service.autofill.SaveCallback
 import android.service.autofill.SaveRequest
+import com.bitwarden.data.manager.DispatcherManager
+import com.bitwarden.network.model.PolicyTypeJson
 import com.x8bit.bitwarden.data.autofill.builder.FillResponseBuilder
 import com.x8bit.bitwarden.data.autofill.builder.FilledDataBuilder
 import com.x8bit.bitwarden.data.autofill.builder.SaveInfoBuilder
@@ -14,9 +16,7 @@ import com.x8bit.bitwarden.data.autofill.parser.AutofillParser
 import com.x8bit.bitwarden.data.autofill.util.createAutofillSavedItemIntentSender
 import com.x8bit.bitwarden.data.autofill.util.toAutofillSaveItem
 import com.x8bit.bitwarden.data.platform.manager.PolicyManager
-import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
-import com.x8bit.bitwarden.data.vault.datasource.network.model.PolicyTypeJson
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Job
 import kotlinx.coroutines.launch

app/src/main/java/com/x8bit/bitwarden/data/autofill/util/ActivityExtensions.kt

@@ -4,8 +4,8 @@ package com.x8bit.bitwarden.data.autofill.util
 
 import android.app.Activity
 import android.os.Build
+import com.bitwarden.core.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.autofill.model.AutofillAppInfo
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 
 /**
  * Build an [AutofillAppInfo] from the given [Activity].

app/src/main/java/com/x8bit/bitwarden/data/autofill/util/AutofillIntentUtils.kt

@@ -11,13 +11,13 @@ import android.content.IntentSender
 import android.service.autofill.Dataset
 import android.view.autofill.AutofillManager
 import androidx.core.os.bundleOf
+import com.bitwarden.core.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.AutofillTotpCopyActivity
 import com.x8bit.bitwarden.MainActivity
 import com.x8bit.bitwarden.data.autofill.model.AutofillAppInfo
 import com.x8bit.bitwarden.data.autofill.model.AutofillSaveItem
 import com.x8bit.bitwarden.data.autofill.model.AutofillSelectionData
 import com.x8bit.bitwarden.data.autofill.model.AutofillTotpCopyData
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.platform.util.getSafeParcelableExtra
 import kotlin.random.Random
 

app/src/main/java/com/x8bit/bitwarden/data/autofill/util/HtmlInfoExtensions.kt

@@ -1,7 +1,7 @@
 package com.x8bit.bitwarden.data.autofill.util
 
 import android.view.ViewStructure.HtmlInfo
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
+import com.bitwarden.core.annotation.OmitFromCoverage
 
 /**
  * Whether this [HtmlInfo] represents a password field.

app/src/main/java/com/x8bit/bitwarden/data/autofill/util/IntExtensions.kt

@@ -3,7 +3,7 @@ package com.x8bit.bitwarden.data.autofill.util
 import android.app.PendingIntent
 import android.os.Build
 import android.text.InputType
-import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
+import com.bitwarden.core.annotation.OmitFromCoverage
 
 /**
  * Whether this [Int] is a password [InputType].

app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/di/EncryptedPreferences.kt

@@ -1,11 +0,0 @@
-package com.x8bit.bitwarden.data.platform.datasource.di
-
-import android.content.SharedPreferences
-import javax.inject.Qualifier
-
-/**
- * Used to denote an instance of [SharedPreferences] that encrypts its data.
- */
-@Qualifier
-@Retention(AnnotationRetention.RUNTIME)
-annotation class EncryptedPreferences

app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/disk/EnvironmentDiskSource.kt

@@ -1,6 +1,6 @@
 package com.x8bit.bitwarden.data.platform.datasource.disk
 
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.EnvironmentUrlDataJson
+import com.bitwarden.data.datasource.disk.model.EnvironmentUrlDataJson
 import kotlinx.coroutines.flow.Flow
 
 /**

app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/disk/EnvironmentDiskSourceImpl.kt

@@ -1,9 +1,10 @@
 package com.x8bit.bitwarden.data.platform.datasource.disk
 
 import android.content.SharedPreferences
-import com.x8bit.bitwarden.data.auth.datasource.disk.model.EnvironmentUrlDataJson
-import com.x8bit.bitwarden.data.platform.repository.util.bufferedMutableSharedFlow
-import com.x8bit.bitwarden.data.platform.util.decodeFromStringOrNull
+import com.bitwarden.core.data.repository.util.bufferedMutableSharedFlow
+import com.bitwarden.core.data.util.decodeFromStringOrNull
+import com.bitwarden.data.datasource.disk.BaseDiskSource
+import com.bitwarden.data.datasource.disk.model.EnvironmentUrlDataJson
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.flow.onSubscription
 import kotlinx.serialization.json.Json