github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-05-11 10:54:26 -05:00
Code Issues 1.1k Packages Projects Releases 124 Wiki Activity

Compare commits

base: github-starred:release/2026.1-rc45
Branches Tags
github-starred:main github-starred:release/hotfix-v2026.4.1-bwpm github-starred:cron-sync-privileged-browsers/60-sync github-starred:sdlc/sdk-update github-starred:renovate/lock-file-maintenance github-starred:renovate/sonarqube github-starred:renovate/fastlane-2.x github-starred:agalles/fdroid-only github-starred:remove-retrofit-dependency github-starred:target-sdk-37 github-starred:PM-33982/build-device-screen github-starred:new-item-types/PM-32806_passport github-starred:new-item-types/PM-32808_drivers-license github-starred:BWA-99/show-next-totp github-starred:BWA-99/add-preview-next-totp-code-setting github-starred:renovate/glidecompose github-starred:sync-min-sdk github-starred:release/2026.4-rc51 github-starred:fix/security-sast-22741894-bvwj github-starred:related-origin-passkey-creation github-starred:release/2026.4-rc50 github-starred:platform/android-breaking-change-detection github-starred:innovation-sprint-2026-send-folder github-starred:release/2026.3-rc49 github-starred:PM-34193-vault-lockout github-starred:android-collections github-starred:llm/add-resolving-sdk-updates-skill github-starred:QA-1523/sanity-test-saucelabs github-starred:release/2026.3-rc48 github-starred:PM-26577-app-links-support github-starred:PM-26896-autofill-fix github-starred:release/2026.2-rc47 github-starred:pr-6572 github-starred:release/2026.2-rc46 github-starred:release/2026.1-rc45 github-starred:PM-30644/added-logs-for-debug github-starred:PM-30644/quicktile-nav-not-showing-migration github-starred:minor-gradle-updates github-starred:release/2026.1-rc42 github-starred:release/2026.1-rc44 github-starred:release/2026.1-rc43 github-starred:PM-28834/set-landscape-on-horizonos-devices github-starred:PM-28468/validate-and-navigate-to-vault-migration github-starred:PM-20026/force-ltr-passwords-and-codes github-starred:release/2025.12-rc41 github-starred:cmcg/testCoverage github-starred:PM-29014/talkback-support-for-passwords github-starred:release/2025.12-rc40 github-starred:BRE-1305/publish_test github-starred:accept-user-certs github-starred:autofill-permissions github-starred:release/2025.11-rc39 github-starred:PM-22479/check-all-certificates-validate-asset-links github-starred:release/2025.10-rc38 github-starred:agalles/android-latest github-starred:retro-agent github-starred:PM-27001/skip-account-selection-only-one-exists-cxp github-starred:release/2025.10-rc37 github-starred:agalles/test-1118 github-starred:release/2025.10-rc36 github-starred:PM-20593-token-refresh github-starred:QA-1126b/adding-native-sanity-test github-starred:release/2025.9-rc35 github-starred:pm-25933/sdk-update-password github-starred:release/2025.9-rc34 github-starred:release/2025.8-rc33 github-starred:agalles/20250821-release github-starred:debug-release-issues github-starred:pm-24249-allow-automated-prs-for-sdk-updates github-starred:release/2025.8-rc32 github-starred:release/WORKFLOW-TEST-2025.8-rc28 github-starred:agalles/20250807release github-starred:release/2025.07-rc25 github-starred:release/hotfix-v2025.7.0-bwa github-starred:pm-23311/export-vault-policy-bypass github-starred:release/2025.07-rc24 github-starred:authenticator-pm-sync-flags-issue github-starred:release/hotfix-v2025.6.0-bwpm github-starred:release/2025.06-rc21 github-starred:agalles/automate-android-fastlane-patch github-starred:release/2025.05-rc20 github-starred:release/2025.04-rc19 github-starred:languages/basque github-starred:release/2025.03-rc19 github-starred:update-readme github-starred:qrcode/feature github-starred:innovation/archive/pm-19153-archive-items github-starred:qrcode/2-ui-fields github-starred:qrcode/1-page github-starred:hold-on-biometric-prompt-alternative github-starred:release-notes-process github-starred:release/2025.02-rc16 github-starred:bwa-monorepo github-starred:PM-8223/new-device-verification-ux-improvements github-starred:pm-18451/exempt-from-policies github-starred:test-bwa github-starred:release/2025.01-rc15 github-starred:release/2025.01-rc14 github-starred:release/2024.12-rc13 github-starred:pm-16670/sync-leave-notice github-starred:821 github-starred:PM-16695/backport-lean-more-new-device-verification github-starred:release/hotfix-v2024.11.7 github-starred:release/2024.11-rc1 github-starred:pm-11304/collection-add-item-button github-starred:PM-14241/disabling-logs-app-crash github-starred:poc/offline-editing github-starred:new-version-calc github-starred:pm-11649/expired-link-services github-starred:pm-6702/add-feature-flag github-starred:pm-6702/email-verification-feature github-starred:pm-9933/marketing-copy-update github-starred:pm-6702/registration-flows github-starred:update-templates github-starred:pm-6701/email-verification-selfhost-registration
github-starred:v2026.4.1-bwa github-starred:v2026.4.1-bwpm github-starred:v2026.4.0-bwa github-starred:v2026.4.0-bwpm github-starred:v2026.3.1-bwa github-starred:v2026.3.1-bwpm github-starred:v2026.3.0-bwpm github-starred:v2026.3.0-bwa github-starred:v2026.2.1-bwpm github-starred:v2026.2.1-bwa github-starred:v2026.2.0-bwpm github-starred:v2026.2.0-bwa github-starred:v2026.1.1-bwa github-starred:v2026.1.1-bwpm github-starred:temp-test github-starred:v2026.1.0-bwpm github-starred:v2026.1.0-bwa github-starred:v2025.12.1-bwa github-starred:v2025.12.1-bwpm github-starred:v2025.12.0-bwa github-starred:v2025.12.0-bwpm github-starred:v2025.11.1-bwpm github-starred:v2025.11.1-bwa github-starred:v2025.11.0-bwpm github-starred:v2025.11.0-bwa github-starred:v2025.10.1-bwa github-starred:v2025.10.1-bwpm github-starred:v2025.10.0-bwa github-starred:v2025.10.0-bwpm github-starred:v2025.9.1-bwa github-starred:v2025.9.1-bwpm github-starred:v2025.9.0-bwa github-starred:v2025.9.0-bwpm github-starred:v2025.8.1-bwa github-starred:v2025.8.1-bwpm github-starred:v2025.8.0-bwa github-starred:v2025.8.0-bwpm github-starred:v2025.7.2-bwa github-starred:v2025.7.2-bwpm github-starred:v2025.7.1-bwa github-starred:v2025.7.1-bwpm github-starred:v2025.7.0-bwa github-starred:v2025.7.0-bwpm github-starred:v2025.6.1-bwpm github-starred:v2025.6.0-bwa github-starred:v2025.6.0-bwpm github-starred:v2025.1.0-bwa github-starred:v2025.5.0-bwa github-starred:v2025.5.0-bwpm github-starred:v2025.5.999 github-starred:2025.4.0 github-starred:v2025.4.0 github-starred:untagged-4731eaadac73f3dfbbb8 github-starred:v2025.3.0 github-starred:v2025.2.0 github-starred:untagged-815a165c5d70ffe75bc7 github-starred:v2025.1.2 github-starred:v2025.1.1 github-starred:v2025.1.0 github-starred:v2024.12.0 github-starred:untagged-5a76b6392a4c8998c63a github-starred:v2024.11.7 github-starred:v2024.11.6 github-starred:v2024.11.5 github-starred:v2024.11.4 github-starred:v2024.11.3 github-starred:v2024.11.2 github-starred:v2024.11.1 github-starred:v2024.11.0 github-starred:v2024.10.2 github-starred:v2024.10.1 github-starred:v2024.10.0 github-starred:v2024.9.0 github-starred:v2024.8.1 github-starred:v2024.8.0 github-starred:v2024.7.3 github-starred:v2024.7.2 github-starred:v2024.7.1 github-starred:v2024.7.0 github-starred:v2024.6.1 github-starred:v2024.6.0 github-starred:v2024.5.1 github-starred:v2024.4.1 github-starred:v2024.4.2 github-starred:v2024.4.0 github-starred:v2024.3.3 github-starred:v2024.3.1 github-starred:v2024.3.0 github-starred:v2024.2.1 github-starred:v2024.2.0 github-starred:v2024.1.1 github-starred:v2024.1.0 github-starred:v2023.12.0 github-starred:v2023.10.0 github-starred:v2023.9.2 github-starred:maui-single-project-android github-starred:v2023.9.1 github-starred:v2023.9.0 github-starred:v2023.8.0 github-starred:v2023.7.0 github-starred:v2023.5.0 github-starred:v2023.4.0 github-starred:v2023.3.2 github-starred:v2023.3.1 github-starred:v2023.3.0 github-starred:v2023.2.0 github-starred:v2023.1.0 github-starred:v2022.11.0 github-starred:v2022.10.0 github-starred:v2022.9.1 github-starred:v2022.9.0 github-starred:v2022.8.0 github-starred:v2022.6.2 github-starred:v2022.6.1 github-starred:v2022.6.0 github-starred:v2022.05.0 github-starred:v2.18.0 github-starred:v2.17.0 github-starred:v2.16.4 github-starred:v2.16.3 github-starred:v2.16.2 github-starred:v2.16.1 github-starred:v2.15.0 github-starred:v2.14.2 github-starred:v2.14.1 github-starred:v2.14.0 github-starred:v2.13.0 github-starred:v2.12.0 github-starred:v2.11.3 github-starred:v2.11.2 github-starred:v2.11.1 github-starred:v2.11.0 github-starred:v2.10.0 github-starred:v2.9.1 github-starred:v2.9.0 github-starred:v2.8.2 github-starred:v2.8.1 github-starred:v2.8.0 github-starred:v2.7.2 github-starred:v2.7.0 github-starred:v2.6.1 github-starred:v2.6.0 github-starred:v2.5.6 github-starred:v.2.5.5 github-starred:v2.5.5 github-starred:v2.5.4 github-starred:v2.5.3 github-starred:v2.5.2 github-starred:v2.5.1 github-starred:v2.5.0 github-starred:v2.4.3 github-starred:v2.4.2 github-starred:v2.4.1 github-starred:v2.4.0 github-starred:v2.3.1 github-starred:v2.3.0 github-starred:v2.2.8 github-starred:v2.2.7 github-starred:v2.2.6 github-starred:v2.2.2 github-starred:v2.2.1 github-starred:v2.2.0 github-starred:v2.1.2 github-starred:v2.1.0 github-starred:v2.0.6 github-starred:v2.0.5 github-starred:v2.0.4 github-starred:v2.0.3 github-starred:v2.0.2 github-starred:v2.0.1 github-starred:v2.0.0 github-starred:v1.22.1 github-starred:v1.22.0 github-starred:v1.21.0 github-starred:v1.20.0 github-starred:v1.19.0 github-starred:v1.18.1 github-starred:v1.18.0 github-starred:v1.17.0 github-starred:v1.16.0 github-starred:v1.15.2 github-starred:v1.15.1 github-starred:v1.15.0 github-starred:v1.14.4 github-starred:v1.14.1 github-starred:v1.14.0 github-starred:v1.13.0 github-starred:v1.12.2 github-starred:v1.12.1 github-starred:v1.12.0 github-starred:v1.11.1 github-starred:v1.11.0 github-starred:v1.10.0 github-starred:v1.9.0 github-starred:v1.8.1 github-starred:v1.8.0 github-starred:v1.7.0 github-starred:v1.6.5 github-starred:v1.6.1 github-starred:v1.6.0 github-starred:v1.5.1 github-starred:v1.5.0 github-starred:v1.4.4 github-starred:v1.4.3 github-starred:v1.4.0 github-starred:v1.3.0 github-starred:v1.2.1 github-starred:v1.2.0 github-starred:v1.1.0 github-starred:v1.0.0 github-starred:v0.0.6 github-starred:v0.0.5 github-starred:v0.0.4 github-starred:v0.0.3 github-starred:v0.0.2 github-starred:v0.0.1
..
compare: github-starred:release/2025.11-rc39
Branches Tags
github-starred:release/hotfix-v2026.4.1-bwpm github-starred:main github-starred:cron-sync-privileged-browsers/60-sync github-starred:sdlc/sdk-update github-starred:renovate/lock-file-maintenance github-starred:renovate/sonarqube github-starred:renovate/fastlane-2.x github-starred:agalles/fdroid-only github-starred:remove-retrofit-dependency github-starred:target-sdk-37 github-starred:PM-33982/build-device-screen github-starred:new-item-types/PM-32806_passport github-starred:new-item-types/PM-32808_drivers-license github-starred:BWA-99/show-next-totp github-starred:BWA-99/add-preview-next-totp-code-setting github-starred:renovate/glidecompose github-starred:sync-min-sdk github-starred:release/2026.4-rc51 github-starred:fix/security-sast-22741894-bvwj github-starred:related-origin-passkey-creation github-starred:release/2026.4-rc50 github-starred:platform/android-breaking-change-detection github-starred:innovation-sprint-2026-send-folder github-starred:release/2026.3-rc49 github-starred:PM-34193-vault-lockout github-starred:android-collections github-starred:llm/add-resolving-sdk-updates-skill github-starred:QA-1523/sanity-test-saucelabs github-starred:release/2026.3-rc48 github-starred:PM-26577-app-links-support github-starred:PM-26896-autofill-fix github-starred:release/2026.2-rc47 github-starred:pr-6572 github-starred:release/2026.2-rc46 github-starred:release/2026.1-rc45 github-starred:PM-30644/added-logs-for-debug github-starred:PM-30644/quicktile-nav-not-showing-migration github-starred:minor-gradle-updates github-starred:release/2026.1-rc42 github-starred:release/2026.1-rc44 github-starred:release/2026.1-rc43 github-starred:PM-28834/set-landscape-on-horizonos-devices github-starred:PM-28468/validate-and-navigate-to-vault-migration github-starred:PM-20026/force-ltr-passwords-and-codes github-starred:release/2025.12-rc41 github-starred:cmcg/testCoverage github-starred:PM-29014/talkback-support-for-passwords github-starred:release/2025.12-rc40 github-starred:BRE-1305/publish_test github-starred:accept-user-certs github-starred:autofill-permissions github-starred:release/2025.11-rc39 github-starred:PM-22479/check-all-certificates-validate-asset-links github-starred:release/2025.10-rc38 github-starred:agalles/android-latest github-starred:retro-agent github-starred:PM-27001/skip-account-selection-only-one-exists-cxp github-starred:release/2025.10-rc37 github-starred:agalles/test-1118 github-starred:release/2025.10-rc36 github-starred:PM-20593-token-refresh github-starred:QA-1126b/adding-native-sanity-test github-starred:release/2025.9-rc35 github-starred:pm-25933/sdk-update-password github-starred:release/2025.9-rc34 github-starred:release/2025.8-rc33 github-starred:agalles/20250821-release github-starred:debug-release-issues github-starred:pm-24249-allow-automated-prs-for-sdk-updates github-starred:release/2025.8-rc32 github-starred:release/WORKFLOW-TEST-2025.8-rc28 github-starred:agalles/20250807release github-starred:release/2025.07-rc25 github-starred:release/hotfix-v2025.7.0-bwa github-starred:pm-23311/export-vault-policy-bypass github-starred:release/2025.07-rc24 github-starred:authenticator-pm-sync-flags-issue github-starred:release/hotfix-v2025.6.0-bwpm github-starred:release/2025.06-rc21 github-starred:agalles/automate-android-fastlane-patch github-starred:release/2025.05-rc20 github-starred:release/2025.04-rc19 github-starred:languages/basque github-starred:release/2025.03-rc19 github-starred:update-readme github-starred:qrcode/feature github-starred:innovation/archive/pm-19153-archive-items github-starred:qrcode/2-ui-fields github-starred:qrcode/1-page github-starred:hold-on-biometric-prompt-alternative github-starred:release-notes-process github-starred:release/2025.02-rc16 github-starred:bwa-monorepo github-starred:PM-8223/new-device-verification-ux-improvements github-starred:pm-18451/exempt-from-policies github-starred:test-bwa github-starred:release/2025.01-rc15 github-starred:release/2025.01-rc14 github-starred:release/2024.12-rc13 github-starred:pm-16670/sync-leave-notice github-starred:821 github-starred:PM-16695/backport-lean-more-new-device-verification github-starred:release/hotfix-v2024.11.7 github-starred:release/2024.11-rc1 github-starred:pm-11304/collection-add-item-button github-starred:PM-14241/disabling-logs-app-crash github-starred:poc/offline-editing github-starred:new-version-calc github-starred:pm-11649/expired-link-services github-starred:pm-6702/add-feature-flag github-starred:pm-6702/email-verification-feature github-starred:pm-9933/marketing-copy-update github-starred:pm-6702/registration-flows github-starred:update-templates github-starred:pm-6701/email-verification-selfhost-registration
github-starred:v2026.4.1-bwa github-starred:v2026.4.1-bwpm github-starred:v2026.4.0-bwa github-starred:v2026.4.0-bwpm github-starred:v2026.3.1-bwa github-starred:v2026.3.1-bwpm github-starred:v2026.3.0-bwpm github-starred:v2026.3.0-bwa github-starred:v2026.2.1-bwpm github-starred:v2026.2.1-bwa github-starred:v2026.2.0-bwpm github-starred:v2026.2.0-bwa github-starred:v2026.1.1-bwa github-starred:v2026.1.1-bwpm github-starred:temp-test github-starred:v2026.1.0-bwpm github-starred:v2026.1.0-bwa github-starred:v2025.12.1-bwa github-starred:v2025.12.1-bwpm github-starred:v2025.12.0-bwa github-starred:v2025.12.0-bwpm github-starred:v2025.11.1-bwpm github-starred:v2025.11.1-bwa github-starred:v2025.11.0-bwpm github-starred:v2025.11.0-bwa github-starred:v2025.10.1-bwa github-starred:v2025.10.1-bwpm github-starred:v2025.10.0-bwa github-starred:v2025.10.0-bwpm github-starred:v2025.9.1-bwa github-starred:v2025.9.1-bwpm github-starred:v2025.9.0-bwa github-starred:v2025.9.0-bwpm github-starred:v2025.8.1-bwa github-starred:v2025.8.1-bwpm github-starred:v2025.8.0-bwa github-starred:v2025.8.0-bwpm github-starred:v2025.7.2-bwa github-starred:v2025.7.2-bwpm github-starred:v2025.7.1-bwa github-starred:v2025.7.1-bwpm github-starred:v2025.7.0-bwa github-starred:v2025.7.0-bwpm github-starred:v2025.6.1-bwpm github-starred:v2025.6.0-bwa github-starred:v2025.6.0-bwpm github-starred:v2025.1.0-bwa github-starred:v2025.5.0-bwa github-starred:v2025.5.0-bwpm github-starred:v2025.5.999 github-starred:2025.4.0 github-starred:v2025.4.0 github-starred:untagged-4731eaadac73f3dfbbb8 github-starred:v2025.3.0 github-starred:v2025.2.0 github-starred:untagged-815a165c5d70ffe75bc7 github-starred:v2025.1.2 github-starred:v2025.1.1 github-starred:v2025.1.0 github-starred:v2024.12.0 github-starred:untagged-5a76b6392a4c8998c63a github-starred:v2024.11.7 github-starred:v2024.11.6 github-starred:v2024.11.5 github-starred:v2024.11.4 github-starred:v2024.11.3 github-starred:v2024.11.2 github-starred:v2024.11.1 github-starred:v2024.11.0 github-starred:v2024.10.2 github-starred:v2024.10.1 github-starred:v2024.10.0 github-starred:v2024.9.0 github-starred:v2024.8.1 github-starred:v2024.8.0 github-starred:v2024.7.3 github-starred:v2024.7.2 github-starred:v2024.7.1 github-starred:v2024.7.0 github-starred:v2024.6.1 github-starred:v2024.6.0 github-starred:v2024.5.1 github-starred:v2024.4.1 github-starred:v2024.4.2 github-starred:v2024.4.0 github-starred:v2024.3.3 github-starred:v2024.3.1 github-starred:v2024.3.0 github-starred:v2024.2.1 github-starred:v2024.2.0 github-starred:v2024.1.1 github-starred:v2024.1.0 github-starred:v2023.12.0 github-starred:v2023.10.0 github-starred:v2023.9.2 github-starred:maui-single-project-android github-starred:v2023.9.1 github-starred:v2023.9.0 github-starred:v2023.8.0 github-starred:v2023.7.0 github-starred:v2023.5.0 github-starred:v2023.4.0 github-starred:v2023.3.2 github-starred:v2023.3.1 github-starred:v2023.3.0 github-starred:v2023.2.0 github-starred:v2023.1.0 github-starred:v2022.11.0 github-starred:v2022.10.0 github-starred:v2022.9.1 github-starred:v2022.9.0 github-starred:v2022.8.0 github-starred:v2022.6.2 github-starred:v2022.6.1 github-starred:v2022.6.0 github-starred:v2022.05.0 github-starred:v2.18.0 github-starred:v2.17.0 github-starred:v2.16.4 github-starred:v2.16.3 github-starred:v2.16.2 github-starred:v2.16.1 github-starred:v2.15.0 github-starred:v2.14.2 github-starred:v2.14.1 github-starred:v2.14.0 github-starred:v2.13.0 github-starred:v2.12.0 github-starred:v2.11.3 github-starred:v2.11.2 github-starred:v2.11.1 github-starred:v2.11.0 github-starred:v2.10.0 github-starred:v2.9.1 github-starred:v2.9.0 github-starred:v2.8.2 github-starred:v2.8.1 github-starred:v2.8.0 github-starred:v2.7.2 github-starred:v2.7.0 github-starred:v2.6.1 github-starred:v2.6.0 github-starred:v2.5.6 github-starred:v.2.5.5 github-starred:v2.5.5 github-starred:v2.5.4 github-starred:v2.5.3 github-starred:v2.5.2 github-starred:v2.5.1 github-starred:v2.5.0 github-starred:v2.4.3 github-starred:v2.4.2 github-starred:v2.4.1 github-starred:v2.4.0 github-starred:v2.3.1 github-starred:v2.3.0 github-starred:v2.2.8 github-starred:v2.2.7 github-starred:v2.2.6 github-starred:v2.2.2 github-starred:v2.2.1 github-starred:v2.2.0 github-starred:v2.1.2 github-starred:v2.1.0 github-starred:v2.0.6 github-starred:v2.0.5 github-starred:v2.0.4 github-starred:v2.0.3 github-starred:v2.0.2 github-starred:v2.0.1 github-starred:v2.0.0 github-starred:v1.22.1 github-starred:v1.22.0 github-starred:v1.21.0 github-starred:v1.20.0 github-starred:v1.19.0 github-starred:v1.18.1 github-starred:v1.18.0 github-starred:v1.17.0 github-starred:v1.16.0 github-starred:v1.15.2 github-starred:v1.15.1 github-starred:v1.15.0 github-starred:v1.14.4 github-starred:v1.14.1 github-starred:v1.14.0 github-starred:v1.13.0 github-starred:v1.12.2 github-starred:v1.12.1 github-starred:v1.12.0 github-starred:v1.11.1 github-starred:v1.11.0 github-starred:v1.10.0 github-starred:v1.9.0 github-starred:v1.8.1 github-starred:v1.8.0 github-starred:v1.7.0 github-starred:v1.6.5 github-starred:v1.6.1 github-starred:v1.6.0 github-starred:v1.5.1 github-starred:v1.5.0 github-starred:v1.4.4 github-starred:v1.4.3 github-starred:v1.4.0 github-starred:v1.3.0 github-starred:v1.2.1 github-starred:v1.2.0 github-starred:v1.1.0 github-starred:v1.0.0 github-starred:v0.0.6 github-starred:v0.0.5 github-starred:v0.0.4 github-starred:v0.0.3 github-starred:v0.0.2 github-starred:v0.0.1

1 Commits
release/20 ... release/20

Author SHA1 Message Date
Patrick Honkonen
63c4e1fe93 🍒 PM-28545: Remove the compatibility mode toggle from the Autofill screen (#6191) 
Co-authored-by: David Perez <david@livefront.com>
 2025-11-21 15:55:57 -05:00
603 changed files with 5966 additions and 31547 deletions
Expand all files Collapse all files

24
.claude/prompts/review-code.md
View File

@@ -1,3 +1,27 @@
Use the `reviewing-changes` skill to review this pull request.
The PR branch is already checked out in the current working directory.
## CRITICAL OUTPUT REQUIREMENTS
**Summary Format (REQUIRED):**
- **Clean PRs (no issues)**: 2-3 lines MAXIMUM
- Format: `**Overall Assessment:** APPROVE\n[One sentence]`
- Example: "Clean refactoring following established patterns"
- **PRs with issues**: Verdict + critical issues list (5-10 lines MAX)
- Format: `**Overall Assessment:** APPROVE/REQUEST CHANGES\n**Critical Issues:**\n- issue 1\nSee inline comments`
- All details go in inline comments with `<details>` tags, NOT in summary
**NEVER create:**
- ❌ Praise sections ("Strengths", "Good Practices", "Excellent X")
- ❌ Verbose analysis sections (Architecture Assessment, Technical Review, Code Quality, etc.)
- ❌ Tables, statistics, or detailed breakdowns in summary
- ❌ Multiple summary sections
- ❌ Checkmarks listing everything done correctly
**Inline Comments:**
- Create separate inline comment for each specific issue/recommendation
- Use collapsible `<details>` sections for code examples and explanations
- Only severity + one-line description visible; all other content collapsed
- Track status of previously identified issues if this is a subsequent review

276
.claude/skills/reviewing-changes/SKILL.md
View File

@@ -1,34 +1,56 @@
---
name: reviewing-changes
version: 3.0.0
description: Guides Android code reviews with type-specific checklists and MVVM/Compose pattern validation. Use when reviewing Android PRs, pull requests, diffs, or local changes involving Kotlin, ViewModel, Composable, Repository, or Gradle files. Triggered by "review PR", "review changes", "check this code", "Android review", or code review requests mentioning bitwarden/android. Loads specialized checklists for feature additions, bug fixes, UI refinements, refactoring, dependency updates, and infrastructure changes.
version: 2.0.0
description: Comprehensive code reviews for Bitwarden Android. Detects change type (dependency update, bug fix, feature, UI, refactoring, infrastructure) and applies appropriate review depth. Validates MVVM patterns, Hilt DI, security requirements, and test coverage per project standards. Use when reviewing pull requests, checking commits, analyzing code changes, or evaluating architectural compliance.
---
# Reviewing Changes - Android Additions
This skill provides Android-specific workflow additions that complement the base `bitwarden-code-reviewer` agent standards.
# Reviewing Changes
## Instructions
**IMPORTANT**: Use structured thinking throughout your review process. Plan your analysis in `<thinking>` tags before providing final feedback.
**IMPORTANT**: Use structured thinking throughout your review process. Plan your analysis in `<thinking>` tags before providing final feedback. This improves accuracy by 40% according to research.
### Step 1: Retrieve Additional Details
### Step 1: Check for Existing Review Threads
Always check for existing comment threads to avoid duplicate comments:
<thinking>
Determine if more context is available for the changes:
1. Are there JIRA tickets or GitHub Issues mentioned in the PR title or body?
2. Are there other GitHub pull requests mentioned in the PR title or body?
Before creating any comments:
1. Is this a fresh review or re-review of the same PR?
2. What existing discussion might already exist?
3. Which findings should update existing threads vs create new?
</thinking>
Retrieve any additional information linked to the pull request using available tools (JIRA MCP, GitHub API).
**Thread Detection Procedure:**
If pull request title and message do not provide enough context, request additional details from the reviewer:
- Link a JIRA ticket
- Associate a GitHub issue
- Link to another pull request
- Add more detail to the PR title or body
1. **Fetch existing comment count:**
```bash
gh pr view <pr-number> --json comments --jq '.comments | length'
```
### Step 2: Detect Change Type with Android Refinements
2. **If count = 0:** No existing threads. Skip to Step 2 (all comments will be new).
3. **If count > 0:** Fetch full comment data to check for existing threads.
```bash
gh pr view <pr-number> --json comments --jq '.comments[] | {id, path, line, body}' > pr_comments.json
```
4. **Parse existing threads:** Extract file paths, line numbers, and issue summaries from previous review comments.
- Build map: `{file:line → {comment_id, issue_summary, resolved}}`
- Note which issues already have active discussions
5. **Matching Strategy (Hybrid Approach):**
When you identify an issue to comment on:
- **Exact match:** Same file + same line number → existing thread found
- **Nearby match:** Same file + line within ±5 → existing thread found
- **No match:** Create new inline comment
6. **Handling Evolved Issues:**
- **Issue persists unchanged:** Respond in existing thread with update
- **Issue resolved:** Note resolution in thread response (can mark as resolved if supported)
- **Issue changed significantly:** Resolve/close old thread, create new comment explaining evolution
### Step 2: Detect Change Type
<thinking>
Analyze the changeset systematically:
@@ -38,13 +60,17 @@ Analyze the changeset systematically:
4. What's the risk level of these changes?
</thinking>
Use the base change type detection from the agent, with Android-specific refinements:
Analyze the changeset to determine the primary change type:
**Android-specific patterns:**
- **Feature Addition**: New `ViewModel`, new `Repository`, new `@Composable` functions, new `*Screen.kt` files
- **UI Refinement**: Changes only in `*Screen.kt`, `*Composable.kt`, `ui/` package files
- **Infrastructure**: Changes to `.github/workflows/`, `gradle/`, `build.gradle.kts`, `libs.versions.toml`
- **Dependency Update**: Changes only to `libs.versions.toml` or `build.gradle.kts` with version bumps
**Detection Rules:**
- **Dependency Update**: Only gradle files changed (`libs.versions.toml`, `build.gradle.kts`) with version number modifications
- **Bug Fix**: PR/commit title contains "fix", "bug", or issue ID; addresses existing broken behavior
- **Feature Addition**: New files, new ViewModels, significant new functionality
- **UI Refinement**: Only UI/Compose files changed, layout/styling focus
- **Refactoring**: Code restructuring without behavior change, pattern improvements
- **Infrastructure**: CI/CD files, Gradle config, build scripts, tooling changes
If changeset spans multiple types, use the most complex type's checklist.
### Step 3: Load Appropriate Checklist
@@ -63,7 +89,7 @@ The checklist provides:
- What to check and what to skip
- Structured thinking guidance
### Step 4: Execute Review Following Checklist
### Step 4: Execute Review with Structured Thinking
<thinking>
Before diving into details:
@@ -76,7 +102,7 @@ Before diving into details:
Follow the checklist's multi-pass strategy, thinking through each pass systematically.
### Step 5: Consult Android Reference Materials As Needed
### Step 5: Consult Reference Materials As Needed
Load reference files only when needed for specific questions:
@@ -89,10 +115,206 @@ Load reference files only when needed for specific questions:
- **UI questions** → `reference/ui-patterns.md` (Compose patterns, theming)
- **Style questions** → `docs/STYLE_AND_BEST_PRACTICES.md`
### Step 6: Document Findings
## 🛑 STOP: Determine Output Format FIRST
<thinking>
Before writing ANY output, answer this critical question:
1. Did I find ANY issues (Critical, Important, Suggested, or Questions)?
2. If NO issues found → This is a CLEAN PR → Use 2-3 line minimal format and STOP
3. If issues found → Use verdict + critical issues list + inline comments format
4. NEVER create praise sections or elaborate on correct implementations
</thinking>
**Decision Tree:**
```
Do you have ANY issues to report (Critical/Important/Suggested/Questions)?
├─ NO → CLEAN PR
│ └─ Use 2-3 line format:
│ "**Overall Assessment:** APPROVE
│ [One sentence describing what PR does well]"
│ └─ STOP. Do not proceed to detailed format guidance.
└─ YES → PR WITH ISSUES
└─ Use minimal summary + inline comments:
"**Overall Assessment:** APPROVE / REQUEST CHANGES
**Critical Issues:**
- [issue with file:line]
See inline comments for details."
```
## Special Case: Clean PRs with No Issues
When you find NO critical, important, or suggested issues:
**Minimal Approval Format (REQUIRED):**
```
**Overall Assessment:** APPROVE
[One sentence describing what the PR does well]
```
**Examples:**
- "Clean refactoring following established patterns"
- "Solid bug fix with comprehensive test coverage"
- "Well-structured feature implementation meeting all standards"
**NEVER do this for clean PRs:**
- ❌ Multiple sections (Key Strengths, Changes, Code Quality, etc.)
- ❌ Listing everything that was done correctly
- ❌ Checkmarks for each file or pattern followed
- ❌ Elaborate praise or detailed positive analysis
- ❌ Tables, statistics, or detailed breakdowns
**Why brevity matters:**
- Respects developer time (quick approval = move forward faster)
- Reduces noise in PR conversations
- Saves tokens and processing time
- Focuses attention on PRs that actually need discussion
**If you're tempted to write more than 3 lines for a clean PR, STOP. You're doing it wrong.**
---
<thinking>
Before writing each comment:
1. Is this issue Critical, Important, Suggested, or just Acknowledgment?
2. Should I ask a question or provide direction?
3. What's the rationale I need to explain?
4. What code example would make this actionable?
5. Is there a documentation reference to include?
</thinking>
**CRITICAL**: Use summary comment + inline comments approach.
**Review Comment Structure**:
- Create ONE summary comment with overall verdict + critical issues list
- Create separate inline comment for EACH specific issue on the exact line with full details
- Summary directs readers to inline comments ("See inline comments for details")
- Do NOT duplicate issue details between summary and inline comments
### CRITICAL: No Praise-Only Comments
❌ **NEVER** create inline comments solely for positive feedback
❌ **NEVER** create summary sections like "Strengths", "Good Practices", "What Went Well"
❌ **NEVER** use inline comments to elaborate on correct implementations
Focus exclusively on actionable feedback. Reserve comments for issues requiring attention.
**Inline Comment Format** (REQUIRED: Use `<details>` Tags):
**MUST use `<details>` tags for ALL inline comments.** Only severity + one-line description should be visible; all other content must be collapsed.
```
[emoji] **[SEVERITY]**: [One-line issue description]
<details>
<summary>Details and fix</summary>
[Code example or specific fix]
[Rationale explaining why]
Reference: [docs link if applicable]
</details>
```
**Visibility Rule:**
- **Visible:** Severity prefix (emoji + text) + one-line description
- **Collapsed in `<details>`:** Code examples, rationale, explanations, references
**Example inline comment**:
```
⚠️ **CRITICAL**: Exposes mutable state
<details>
<summary>Details and fix</summary>
Change `MutableStateFlow<State>` to `StateFlow<State>`:
\```kotlin
private val _state = MutableStateFlow<State>()
val state: StateFlow<State> = _state.asStateFlow()
\```
Exposing MutableStateFlow allows external mutation, violating MVVM unidirectional data flow.
Reference: docs/ARCHITECTURE.md#mvvm-pattern
</details>
```
**Summary Comment Format (REQUIRED - No Exceptions):**
When you have issues to report, use this format ONLY:
```
**Overall Assessment:** APPROVE / REQUEST CHANGES
**Critical Issues** (if any):
- [One-line summary with file:line reference]
See inline comments for all details.
```
**Maximum Length**: 5-10 lines total, regardless of PR size or complexity.
**No exceptions for**:
- ❌ Large PRs (10+ files)
- ❌ Multiple issue domains
- ❌ High-severity issues
- ❌ Complex changes
All details belong in inline comments with `<details>` tags, NOT in the summary.
**Output Format Rules**:
**What to Include:**
- **Inline comments**: Create separate comment for EACH specific issue with full details in `<details>` tag
- **Summary comment**: Overall assessment (APPROVE/REQUEST CHANGES) + list of CRITICAL issues only
- **Severity levels** (hybrid emoji + text format):
- ⚠️ **CRITICAL** (blocking)
- 📋 **IMPORTANT** (should fix)
- 💡 **SUGGESTED** (nice to have)
- ❓ **QUESTION** (seeking clarification)
**What to Exclude:**
- **No duplication**: Never repeat inline comment details in the summary
- **No Important/Suggested in summary**: Only CRITICAL blocking issues belong in summary
- **No "Good Practices"/"Strengths" sections**: Never include positive commentary sections
- **No "Action Items" section**: This duplicates inline comments - avoid entirely
- **No verbose analysis**: Keep detailed analysis (compilation status, security review, rollback plans) in inline comments only
### ❌ Common Anti-Patterns to Avoid
**DO NOT:**
- Create multiple summary sections (Strengths, Recommendations, Test Coverage Status, Architecture Compliance)
- Duplicate critical issues in both summary and inline comments
- Write elaborate descriptions in summary (details belong in inline comments)
- Exceed 5-10 lines for simple PRs
- Create inline comments that only provide praise
**DO:**
- Put verdict + critical issue list ONLY in summary
- Put ALL details (explanations, code, rationale) in inline comments with `<details>` collapse
- Keep summary to 5-10 lines maximum, regardless of PR size or your analysis depth
- Focus comments exclusively on actionable issues
**Visibility Guidelines:**
- **Inline comments visible**: Severity + one-line description only
- **Inline comments collapsed**: Code examples, rationale, references in `<details>` tag
- **Summary visible**: Verdict + critical issues list only
See `examples/review-outputs.md` for complete examples.
## Core Principles
- **Minimal reviews for clean PRs**: 2-3 lines when no issues found (see Step 6 format guidance)
- **Issues-focused feedback**: Only comment when there's something actionable; acknowledge good work briefly without elaboration (see priority-framework.md:145-166)
- **Appropriate depth**: Match review rigor to change complexity and risk
- **Specific references**: Always use `file:line_number` format for precise location
- **Actionable feedback**: Say what to do and why, not just what's wrong
- **Efficient reviews**: Use multi-pass strategy, skip what's not relevant
- **Android patterns**: Validate MVVM, Hilt DI, Compose conventions, Kotlin idioms
- **Constructive tone**: Ask questions for design decisions, explain rationale, focus on code not people
- **Efficient reviews**: Use multi-pass strategy, time-box reviews, skip what's not relevant

48
.claude/skills/reviewing-changes/examples/review-outputs.md
View File

@@ -2,27 +2,6 @@
Well-structured code reviews demonstrating appropriate depth, tone, and formatting for different change types.
## Table of Contents
**Format Reference:**
- [Quick Format Reference](#quick-format-reference)
- [Inline Comment Format](#inline-comment-format-required)
- [Summary Comment Format](#summary-comment-format)
**Examples:**
- [Example 1: Clean PR (No Issues)](#example-1-clean-pr-no-issues)
- [Example 2: Dependency Update with Breaking Changes](#example-2-dependency-update-with-breaking-changes)
- [Example 3: Feature Addition with Critical Issues](#example-3-feature-addition-with-critical-issues)
**Anti-Patterns:**
- [❌ Anti-Patterns to Avoid](#-anti-patterns-to-avoid)
- [Problem: Verbose Summary with Multiple Sections](#problem-verbose-summary-with-multiple-sections)
- [Problem: Praise-Only Inline Comments](#problem-praise-only-inline-comments)
- [Problem: Missing `<details>` Tags](#problem-missing-details-tags)
**Summary:**
- [Summary](#summary)
---
## Quick Format Reference
@@ -46,11 +25,10 @@ Reference: [docs link if applicable]
```
**Severity Levels:**
- **CRITICAL** - Blocking, must fix (security, crashes, architecture violations)
- ⚠️ **IMPORTANT** - Should fix (missing tests, quality issues)
- ♻️ **DEBT** - Technical debt (duplication, convention violations, future rework needed)
- 🎨 **SUGGESTED** - Nice to have (refactoring, improvements)
- 💭 **QUESTION** - Seeking clarification (requirements, design decisions)
- ⚠️ **CRITICAL** - Blocking, must fix
- 📋 **IMPORTANT** - Should fix
- 💡 **SUGGESTED** - Nice to have
- **QUESTION** - Seeking clarification
### Summary Comment Format
@@ -103,7 +81,7 @@ See inline comments for migration details.
**Inline Comment 1** (on `network/api/BitwardenApiService.kt:34`):
```markdown
**CRITICAL**: API migration required for Retrofit 3.0
⚠️ **CRITICAL**: API migration required for Retrofit 3.0
<details>
<summary>Details and fix</summary>
@@ -158,7 +136,7 @@ See inline comments for all issues and suggestions.
**Inline Comment 1** (on `app/vault/unlock/UnlockViewModel.kt:78`):
```markdown
**CRITICAL**: Exposes mutable state
⚠️ **CRITICAL**: Exposes mutable state
<details>
<summary>Details and fix</summary>
@@ -182,7 +160,7 @@ Reference: docs/ARCHITECTURE.md#mvvm-pattern
**Inline Comment 2** (on `data/vault/UnlockRepository.kt:145`):
```markdown
**CRITICAL**: PIN stored without encryption - SECURITY ISSUE
⚠️ **CRITICAL**: PIN stored without encryption - SECURITY ISSUE
<details>
<summary>Details and fix</summary>
@@ -210,7 +188,7 @@ Reference: docs/ARCHITECTURE.md#security
**Inline Comment 3** (on `app/vault/unlock/UnlockViewModel.kt:92`):
```markdown
⚠️ **IMPORTANT**: Missing error handling test
📋 **IMPORTANT**: Missing error handling test
<details>
<summary>Details and fix</summary>
@@ -236,7 +214,7 @@ Ensures error flow remains robust across refactorings.
**Inline Comment 4** (on `app/vault/unlock/UnlockViewModel.kt:105`):
```markdown
🎨 **SUGGESTED**: Consider rate limiting for PIN attempts
💡 **SUGGESTED**: Consider rate limiting for PIN attempts
<details>
<summary>Details and fix</summary>
@@ -268,7 +246,7 @@ Would add security layer against brute force. Consider discussing threat model w
**Inline Comment 5** (on `app/vault/unlock/UnlockScreen.kt:134`):
```markdown
💭 **QUESTION**: Can we use BitwardenTextField?
**QUESTION**: Can we use BitwardenTextField?
<details>
<summary>Details</summary>
@@ -378,7 +356,7 @@ This is exactly the right approach for fail-safe security.
**What NOT to do:**
```markdown
**CRITICAL**: Missing test coverage for security-critical code
⚠️ **CRITICAL**: Missing test coverage for security-critical code
The `@OmitFromCoverage` annotation excludes this entire class from test coverage.
@@ -404,7 +382,7 @@ Security-critical code should have the highest test coverage, not be omitted.
**Correct approach:**
```markdown
**CRITICAL**: Missing test coverage for security-critical code
⚠️ **CRITICAL**: Missing test coverage for security-critical code
<details>
<summary>Details and fix</summary>
@@ -444,3 +422,5 @@ Security-critical code should have the highest test coverage, not be omitted.
- Praise-only inline comments
- Duplication between summary and inline comments
- Verbose analysis in summary (belongs in inline comments)
See `SKILL.md` for complete review guidelines.

55
.claude/skills/reviewing-changes/reference/architectural-patterns.md
View File

@@ -2,23 +2,6 @@
Quick reference for Bitwarden Android architectural patterns during code reviews. For comprehensive details, read `docs/ARCHITECTURE.md` and `docs/STYLE_AND_BEST_PRACTICES.md`.
## Table of Contents
**Core Patterns:**
- [MVVM + UDF Pattern](#mvvm--udf-pattern)
- [ViewModel Structure](#viewmodel-structure)
- [UI Layer (Compose)](#ui-layer-compose)
- [Hilt Dependency Injection](#hilt-dependency-injection)
- [ViewModels](#viewmodels)
- [Repositories and Managers](#repositories-and-managers)
- [Clock/Time Handling](#clocktime-handling)
- [Module Organization](#module-organization)
- [Error Handling](#error-handling)
- [Use Result Types, Not Exceptions](#use-result-types-not-exceptions)
- [Quick Checklist](#quick-checklist)
---
## MVVM + UDF Pattern
### ViewModel Structure
@@ -211,43 +194,6 @@ abstract class DataModule {
---
### Clock/Time Handling
Time-dependent code must use injected `Clock` rather than direct `Instant.now()` or `DateTime.now()` calls. This follows the same DI principle as other dependencies.
**✅ GOOD - Injected Clock**:
```kotlin
// ViewModel with Clock injection
class MyViewModel @Inject constructor(
private val clock: Clock,
) {
fun save() {
val timestamp = clock.instant()
}
}
// Extension function with Clock parameter
fun State.getTimestamp(clock: Clock): Instant =
existingTime ?: clock.instant()
```
**❌ BAD - Static/direct calls**:
```kotlin
// Hidden dependency, non-testable
val timestamp = Instant.now()
val dateTime = DateTime.now()
```
**Key Rules**:
- Inject `Clock` via Hilt constructor (like other dependencies)
- Pass `Clock` as parameter to extension functions
- `Clock` is provided via `CoreModule` as singleton
- Enables deterministic testing with `Clock.fixed(...)`
Reference: `docs/STYLE_AND_BEST_PRACTICES.md#best-practices--time-and-clock-handling`
---
## Module Organization
```
@@ -337,7 +283,6 @@ Reference: `docs/ARCHITECTURE.md#error-handling`
- [ ] Business logic in Repository, not ViewModel?
- [ ] Using Hilt DI (@HiltViewModel, @Inject constructor)?
- [ ] Injecting interfaces, not implementations?
- [ ] Time-dependent code uses injected `Clock` (not `Instant.now()`)?
- [ ] Correct module placement?
### Error Handling

165
.claude/skills/reviewing-changes/reference/priority-framework.md
View File

@@ -1,28 +1,8 @@
# Finding Priority Framework
# Issue Priority Framework
Use this framework to classify findings during code review. Clear prioritization helps authors triage and address issues effectively.
## Table of Contents
**Severity Categories:**
- [❌ CRITICAL (Blocker - Must Fix Before Merge)](#critical-blocker---must-fix-before-merge)
- [⚠️ IMPORTANT (Should Fix)](#important-should-fix)
- [♻️ DEBT (Technical Debt)](#debt-technical-debt)
- [🎨 SUGGESTED (Nice to Have)](#suggested-nice-to-have)
- [💭 QUESTION (Seeking Clarification)](#question-seeking-clarification)
- [Optional (Acknowledge But Don't Require)](#optional-acknowledge-but-dont-require)
**Guidelines:**
- [Classification Guidelines](#classification-guidelines)
- [When Something is Between Categories](#when-something-is-between-categories)
- [Context Matters](#context-matters)
- [Examples by Change Type](#examples-by-change-type)
- [Special Cases](#special-cases)
- [Summary](#summary)
---
## ❌ **CRITICAL** (Blocker - Must Fix Before Merge)
## Critical (Blocker - Must Fix Before Merge)
These issues **must** be addressed before the PR can be merged. They pose immediate risks to security, stability, or architecture integrity.
@@ -69,7 +49,7 @@ This violates MVVM encapsulation pattern.
---
## ⚠️ **IMPORTANT** (Should Fix)
## Important (Should Fix)
These issues should be addressed but don't block merge if there's a compelling reason. They improve code quality, maintainability, or robustness.
@@ -122,53 +102,7 @@ Fetching items one-by-one in loop. Consider batch fetch to reduce database queri
---
## ♻️ **DEBT** (Technical Debt)
Code that duplicates existing patterns, violates established conventions, or will require rework within 6 months. Introduces technical debt that should be tracked for future cleanup.
### Duplication
- Copy-pasted code blocks across files
- Repeated validation or business logic
- Multiple implementations of same pattern
- Data transformation duplicated in multiple places
**Example**:
```
**app/vault/VaultListViewModel.kt:156** - DEBT: Duplicates encryption logic
Same encryption pattern exists in VaultRepository.kt:234 and SyncManager.kt:89.
Extract to shared EncryptionUtil to reduce maintenance burden.
```
### Convention Violations
- Inconsistent error handling approaches within same module
- Mixing architectural patterns (MVVM + MVC)
- Not following established DI patterns
- Deviating from project code style significantly
**Example**:
```
**data/auth/AuthRepository.kt:78** - DEBT: Exception-based error handling
Project standard is Result<T> for error handling. This uses try-catch with throws.
Creates inconsistency and makes testing harder.
Reference: docs/ARCHITECTURE.md#error-handling
```
### Future Rework Required
- Hardcoded values that should be configurable
- Temporary workarounds without TODO/FIXME
- Code that will need changes when planned features arrive
- Tight coupling that prevents future extensibility
**Example**:
```
**app/settings/SettingsViewModel.kt:45** - DEBT: Hardcoded feature flags
Feature flags should come from remote config for A/B testing.
Will require rework when experimentation framework launches.
```
---
## 🎨 **SUGGESTED** (Nice to Have)
## Suggested (Nice to Have)
These are improvement opportunities but not required. Consider the effort vs. benefit before requesting changes.
@@ -208,80 +142,6 @@ Could be extracted to separate validator class for reusability and testing.
---
## 💭 **QUESTION** (Seeking Clarification)
Questions about requirements, unclear intent, or potential conflicts that require human knowledge to answer. Open inquiries that cannot be resolved through code inspection alone.
### Requirements Clarification
- Ambiguous acceptance criteria
- Multiple valid implementation approaches
- Unclear business rules or edge case handling
- Conflicting requirements between specs and implementation
**Example**:
```
**app/vault/ItemListViewModel.kt:67** - QUESTION: Expected sort behavior for equal timestamps?
When items have identical timestamps, should secondary sort be by:
- Name (alphabetical)
- Creation order
- Item type priority
Spec doesn't specify tie-breaking logic.
```
### Design Decisions
- Architecture choices that could go multiple ways
- Trade-offs between approaches without clear winner
- Feature flag strategy or rollout approach
- API design with multiple valid patterns
**Example**:
```
**data/sync/SyncManager.kt:134** - QUESTION: Should sync failures retry automatically?
Current implementation fails immediately. Options:
- Exponential backoff (3 retries)
- User-triggered retry only
- Background retry on network restore
What's the expected UX?
```
### System Integration
- Unclear contracts with external systems
- Potential conflicts with other features/modules
- Assumptions about third-party API behavior
- Cross-team coordination needs
**Example**:
```
**app/auth/BiometricPrompt.kt:89** - QUESTION: Compatibility with pending device credentials PR?
PR #1234 is refactoring device credentials. Should this:
- Merge first and adapt later
- Wait for #1234 to land
- Coordinate with that author
Timing unclear.
```
### Testing Strategy
- Uncertainty about test scope or approach
- Questions about mocking external dependencies
- Edge cases that need product input
- Performance testing requirements
**Example**:
```
**data/vault/EncryptionTest.kt:45** - QUESTION: Should we test against real Keystore?
Currently using mocked Keystore. Real Keystore testing would:
+ Catch hardware-specific issues
- Slow down CI significantly
- Require API 23+ emulators
What's the priority?
```
---
## Optional (Acknowledge But Don't Require)
Note good practices to reinforce positive patterns. Keep these **brief** - list only, no elaboration.
@@ -315,26 +175,11 @@ Note good practices to reinforce positive patterns. Keep these **brief** - list
- If yes → Critical
- If no → Important
**If unsure between Important and Debt**:
- Ask: "Is this a bug/defect or just duplication/inconsistency?"
- If bug/defect → Important
- If duplication/inconsistency → Debt
**If unsure between Important and Suggested**:
- Ask: "Would I block merge over this?"
- If yes → Important
- If no → Suggested
**If unsure between Debt and Suggested**:
- Ask: "Will this require rework within 6 months?"
- If yes → Debt
- If no → Suggested
**If unsure between Suggested and Question**:
- Ask: "Am I requesting a change or asking for clarification?"
- If requesting change → Suggested
- If seeking clarification → Question
**If unsure between Suggested and Optional**:
- Ask: "Is this actionable feedback or just acknowledgment?"
- If actionable → Suggested
@@ -425,7 +270,5 @@ Missing tests for refactored helper → SUGGESTED
**Critical**: Block merge, must fix (security, stability, architecture)
**Important**: Should fix before merge (testing, quality, performance)
**Debt**: Technical debt introduced, track for future cleanup
**Suggested**: Nice to have, consider effort vs benefit
**Question**: Seeking clarification on requirements or design
**Optional**: Acknowledge good practices, keep brief

14
.claude/skills/reviewing-changes/reference/review-psychology.md
View File

@@ -2,20 +2,6 @@
Effective code review feedback is clear, actionable, and constructive. This guide provides phrasing patterns for inline comments.
## Table of Contents
**Guidelines:**
- [Core Directives](#core-directives)
- [Phrasing Templates](#phrasing-templates)
- [Critical Issues (Prescriptive)](#critical-issues-prescriptive)
- [Suggested Improvements (Exploratory)](#suggested-improvements-exploratory)
- [Questions (Collaborative)](#questions-collaborative)
- [Test Suggestions](#test-suggestions)
- [When to Be Prescriptive vs Ask Questions](#when-to-be-prescriptive-vs-ask-questions)
- [Special Cases](#special-cases)
---
## Core Directives
- **Keep positive feedback minimal**: For clean PRs with no issues, use 2-3 line approval only. When acknowledging good practices in PRs with issues, use single bullet list with no elaboration. Never create elaborate sections praising correct implementations.

5
.github/actions/setup-android-build/action.yml vendored
View File

@@ -12,7 +12,7 @@ runs:
uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
- name: Cache Gradle files
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
~/.gradle/caches
@@ -22,7 +22,7 @@ runs:
${{ runner.os }}-gradle-v2-
- name: Cache build output
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
${{ github.workspace }}/build-cache
@@ -44,5 +44,6 @@ runs:
- name: Install Fastlane
shell: bash
run: |
gem install bundler:2.2.27
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3

57
.github/label-pr.json vendored
View File

@@ -1,57 +0,0 @@
{
"title_patterns": {
"t:feature-app": ["feat", "feature"],
"t:feature-tool": ["tool"],
"t:bug": ["fix", "bug", "bugfix"],
"t:tech-debt": ["refactor", "chore", "cleanup", "revert", "debt", "test", "perf"],
"t:docs": ["docs"],
"t:ci": ["ci", "build", "chore(ci)"],
"t:deps": ["deps"],
"t:breaking-change": ["breaking", "breaking-change"],
"t:misc": ["misc"]
},
"path_patterns": {
"app:shared": [
"annotation/",
"core/",
"data/",
"network/",
"ui/",
"authenticatorbridge/",
"gradle/"
],
"app:password-manager": [
"app/",
"cxf/",
"testharness/"
],
"app:authenticator": [
"authenticator/"
],
"t:feature-tool": [
"testharness/"
],
"t:feature-app": [
"app/src/main/assets/fido2_privileged_community.json",
"app/src/main/assets/fido2_privileged_google.json"
],
"t:ci": [
".checkmarx/",
".github/",
"scripts/",
"fastlane/",
".gradle/",
".claude/",
"detekt-config.yml"
],
"t:docs": [
"docs/"
],
"t:deps": [
"gradle/"
],
"t:misc": [
"keystore/"
]
}
}

33
.github/release.yml vendored
View File

@@ -1,33 +0,0 @@
changelog:
exclude:
labels:
- ignore-for-release
categories:
- title: '✨ Community Highlight'
labels:
- community-pr
- title: '🚀 New Features & Enhancements'
labels:
- t:feature-app
- t:new-feature
- t:enhancement
- title: ':shipit: Tools'
labels:
- t:feature-tool
- title: '❗ Breaking Changes'
labels:
- t:breaking-change
- title: '🐛 Bug fixes'
labels:
- t:bug
- title: '⚙️ Maintenance'
labels:
- t:tech-debt
- t:ci
- t:docs
- t:misc
- '*'
- title: '📦 Dependency Updates'
labels:
- dependencies
- t:deps

4
.github/scripts/jira-get-release-notes/README.md vendored
View File

@@ -40,7 +40,7 @@ Single line of release notes text
```json
...
"customfield_9999": {
"customfield_10335": {
"type": "doc",
"version": 1,
"content": [
@@ -62,7 +62,7 @@ Single line of release notes text
```json
...
"customfield_9999": {
"customfield_10335": {
"type": "doc",
"version": 1,
"content": [

39
.github/scripts/jira-get-release-notes/jira_release_notes.py vendored
View File

@@ -5,8 +5,6 @@ import base64
import json
import requests
SCRIPT_NAME = "jira_release_notes.py"
def extract_text_from_content(content):
if isinstance(content, list):
texts = [extract_text_from_content(item) for item in content]
@@ -25,42 +23,19 @@ def extract_text_from_content(content):
return ''
def log_customfields_with_content(fields):
"""Log all customfield_* fields that have a 'content' key to help troubleshoot structure changes."""
print(f"[{SCRIPT_NAME}] Available customfield_* fields with 'content':", file=sys.stderr)
found = False
for key, value in fields.items():
if key.startswith('customfield_') and isinstance(value, dict) and 'content' in value:
found = True
print(f"[{SCRIPT_NAME}] {key}: {json.dumps(value, indent=2)}", file=sys.stderr)
if not found:
print(f"[{SCRIPT_NAME}] None found", file=sys.stderr)
def parse_release_notes(response_json):
release_notes_field_name = 'customfield_10309'
try:
fields = response_json.get('fields')
if not fields:
print(f"[{SCRIPT_NAME}] 'fields' is empty or missing in response", file=sys.stderr)
fields = response_json.get('fields', {})
release_notes_field = fields.get('customfield_10335', {})
if not release_notes_field or not release_notes_field.get('content'):
return ''
release_notes_field = fields.get(release_notes_field_name)
if not release_notes_field:
print(f"[{SCRIPT_NAME}] Release notes field is empty or missing. Field name: {release_notes_field_name}", file=sys.stderr)
log_customfields_with_content(fields)
return ''
content = release_notes_field.get('content', [])
if not content:
print(f"[{SCRIPT_NAME}] Release notes field was found but 'content' is empty or missing in {release_notes_field_name}", file=sys.stderr)
log_customfields_with_content(fields)
return ''
release_notes = extract_text_from_content(content)
release_notes = extract_text_from_content(release_notes_field.get('content', []))
return release_notes
except Exception as e:
print(f"[{SCRIPT_NAME}] Error parsing release notes: {str(e)}", file=sys.stderr)
print(f"Error parsing release notes: {str(e)}", file=sys.stderr)
return ''
def main():
@@ -85,7 +60,7 @@ def main():
)
if response.status_code != 200:
print(f"[{SCRIPT_NAME}] Error fetching Jira issue ({jira_issue_id}). Status code: {response.status_code}. Msg: {response.text}", file=sys.stderr)
print(f"Error fetching Jira issue: {response.status_code}", file=sys.stderr)
sys.exit(1)
release_notes = parse_release_notes(response.json())

263
.github/scripts/label-pr.py vendored
View File

@@ -1,263 +0,0 @@
#!/usr/bin/env python3
# Requires Python 3.9+
"""
Label pull requests based on changed file paths and PR title patterns (conventional commit format).
Usage:
python label-pr.py <pr-number> <pr-labels> [-a|--add|-r|--replace] [-d|--dry-run] [-c|--config CONFIG]
Arguments:
pr-number: The pull request number
pr-labels: Current PR labels as JSON array string
-a, --add: Add labels without removing existing ones (default)
-r, --replace: Replace all existing labels
-d, --dry-run: Run without actually applying labels
-c, --config: Path to JSON config file (default: .github/label-pr.json)
Examples:
python label-pr.py 1234 '[]'
python label-pr.py 1234 '[{"name":"label1"}]' -a
python label-pr.py 1234 '[{"name":"label1"}]' --replace
python label-pr.py 1234 '[{"name":"label1"}]' -r -d
python label-pr.py 1234 '[]' --config custom-config.json
"""
import argparse
import json
import os
import subprocess
import sys
DEFAULT_MODE = "add"
DEFAULT_CONFIG_PATH = ".github/label-pr.json"
def load_config_json(config_file: str) -> dict:
"""Load configuration from JSON file."""
if not os.path.exists(config_file):
print(f"❌ Config file not found: {config_file}")
sys.exit(1)
try:
with open(config_file, 'r') as f:
config = json.load(f)
print(f"✅ Loaded config from: {config_file}")
valid_config = True
if not config.get("title_patterns"):
print("❌ Missing 'title_patterns' in config file")
valid_config = False
if not config.get("path_patterns"):
print("❌ Missing 'path_patterns' in config file")
valid_config = False
if not valid_config:
print("::error::Invalid label-pr.json config file, exiting...")
sys.exit(1)
return config
except json.JSONDecodeError as e:
print(f"❌ JSON deserialization error in label-pr.json config: {e}")
sys.exit(1)
except Exception as e:
print(f"❌ Unexpected error loading label-pr.json config: {e}")
sys.exit(1)
def gh_get_changed_files(pr_number: str) -> list[str]:
"""Get list of changed files in a pull request."""
try:
result = subprocess.run(
["gh", "pr", "diff", pr_number, "--name-only"],
capture_output=True,
text=True,
check=True
)
changed_files = result.stdout.strip().split("\n")
return list(filter(None, changed_files))
except subprocess.CalledProcessError as e:
print(f"::error::Error getting changed files: {e}")
return []
def gh_get_pr_title(pr_number: str) -> str:
"""Get the title of a pull request."""
try:
result = subprocess.run(
["gh", "pr", "view", pr_number, "--json", "title", "--jq", ".title"],
capture_output=True,
text=True,
check=True
)
return result.stdout.strip()
except subprocess.CalledProcessError as e:
print(f"::error::Error getting PR title: {e}")
return ""
def gh_add_labels(pr_number: str, labels: list[str]) -> None:
"""Add labels to a pull request (doesn't remove existing labels)."""
gh_labels = ','.join(labels)
subprocess.run(
["gh", "pr", "edit", pr_number, "--add-label", gh_labels],
check=True
)
def gh_replace_labels(pr_number: str, labels: list[str]) -> None:
"""Replace all labels on a pull request with the specified labels."""
payload = json.dumps({"labels": labels})
subprocess.run(
["gh", "api", "repos/{owner}/{repo}/issues/" + pr_number, "-X", "PATCH", "--silent", "--input", "-"],
input=payload,
text=True,
check=True
)
def label_filepaths(changed_files: list[str], path_patterns: dict) -> list[str]:
"""Check changed files against path patterns and return labels to apply."""
if not changed_files:
return []
labels_to_apply = set() # Use set to avoid duplicates
for label, patterns in path_patterns.items():
for file in changed_files:
if any(file.startswith(pattern) for pattern in patterns):
print(f"👀 File '{file}' matches pattern for label '{label}'")
labels_to_apply.add(label)
break
if "app:shared" in labels_to_apply:
labels_to_apply.add("app:password-manager")
labels_to_apply.add("app:authenticator")
labels_to_apply.remove("app:shared")
if not labels_to_apply:
print("::notice::No matching file paths found.")
return list(labels_to_apply)
def label_title(pr_title: str, title_patterns: dict) -> list[str]:
"""Check PR title against patterns and return labels to apply."""
if not pr_title:
return []
labels_to_apply = set()
title_lower = pr_title.lower()
for label, patterns in title_patterns.items():
for pattern in patterns:
# Check for pattern with : or ( suffix (conventional commits format)
if f"{pattern}:" in title_lower or f"{pattern}(" in title_lower:
print(f"📝 Title matches pattern '{pattern}' for label '{label}'")
labels_to_apply.add(label)
break
if not labels_to_apply:
print("::notice::No matching title patterns found.")
return list(labels_to_apply)
def parse_pr_labels(pr_labels_str: str) -> list[str]:
"""Parse PR labels from JSON array string."""
try:
labels = json.loads(pr_labels_str)
if not isinstance(labels, list):
print("::warning::Failed to parse PR labels: not a list")
return []
return [item.get("name") for item in labels if item.get("name")]
except (json.JSONDecodeError, TypeError) as e:
print(f"::error::Error parsing PR labels: {e}")
return []
def get_preserved_labels(pr_labels_str: str) -> list[str]:
"""Get existing PR labels that should be preserved (exclude app: and t: labels)."""
existing_labels = parse_pr_labels(pr_labels_str)
print(f"🔍 Parsed PR labels: {existing_labels}")
preserved_labels = [label for label in existing_labels if not (label.startswith("app:") or label.startswith("t:"))]
if preserved_labels:
print(f"🔍 Preserving existing labels: {', '.join(preserved_labels)}")
return preserved_labels
def parse_args():
"""Parse command line arguments."""
parser = argparse.ArgumentParser(
description="Label pull requests based on changed file paths and PR title patterns."
)
parser.add_argument(
"pr_number",
help="The pull request number"
)
parser.add_argument(
"pr_labels",
help="Current PR labels (JSON array)"
)
mode_group = parser.add_mutually_exclusive_group()
mode_group.add_argument(
"-a", "--add",
action="store_true",
help="Add labels without removing existing ones (default)"
)
mode_group.add_argument(
"-r", "--replace",
action="store_true",
help="Replace all existing labels"
)
parser.add_argument(
"-d", "--dry-run",
action="store_true",
help="Run without actually applying labels"
)
parser.add_argument(
"-c", "--config",
default=DEFAULT_CONFIG_PATH,
help=f"Path to JSON config file (default: {DEFAULT_CONFIG_PATH})"
)
args, unknown = parser.parse_known_args() # required to handle --dry-run passed as an empty string ("") by the workflow
return args
def main():
args = parse_args()
config = load_config_json(args.config)
LABEL_TITLE_PATTERNS = config["title_patterns"]
LABEL_PATH_PATTERNS = config["path_patterns"]
pr_number = args.pr_number
mode = "replace" if args.replace else "add"
if args.dry_run:
print("🔍 DRY RUN MODE - Labels will not be applied")
print(f"📌 Labeling mode: {mode}")
print(f"🔍 Checking PR #{pr_number}...")
pr_title = gh_get_pr_title(pr_number)
print(f"📋 PR Title: {pr_title}\n")
changed_files = gh_get_changed_files(pr_number)
print("👀 Changed files:\n" + "\n".join(changed_files) + "\n")
filepath_labels = label_filepaths(changed_files, LABEL_PATH_PATTERNS)
title_labels = label_title(pr_title, LABEL_TITLE_PATTERNS)
all_labels = set(filepath_labels + title_labels)
if all_labels:
print("--------------------------------")
labels_str = ', '.join(sorted(all_labels))
if mode == "add":
print(f"::notice::🏷️ Adding labels: {labels_str}")
if not args.dry_run:
gh_add_labels(pr_number, list(all_labels))
else:
preserved_labels = get_preserved_labels(args.pr_labels)
if preserved_labels:
all_labels.update(preserved_labels)
labels_str = ', '.join(sorted(all_labels))
print(f"::notice::🏷️ Replacing labels with: {labels_str}")
if not args.dry_run:
gh_replace_labels(pr_number, list(all_labels))
else:
print("::warning::No matching patterns found, no labels applied.")
print("✅ Done")
if __name__ == "__main__":
main()

4
.github/workflows/_version.yml vendored
View File

@@ -79,7 +79,7 @@ jobs:
- name: Check out repository
if: ${{ !inputs.skip_checkout || false }}
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
with:
fetch-depth: 0
persist-credentials: false
@@ -167,7 +167,7 @@ jobs:
echo '```' >> "$GITHUB_STEP_SUMMARY"
- name: Upload version info artifact
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: version-info
path: version_info.json

54
.github/workflows/build-authenticator.yml vendored
View File

@@ -21,19 +21,17 @@ on:
distribute-to-firebase:
description: "Optional. Distribute artifacts to Firebase."
required: false
default: true
default: false
type: boolean
publish-to-play-store:
description: "Optional. Deploy bundle artifact to Google Play Store"
required: false
default: true
default: false
type: boolean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
JAVA_VERSION: 21
DISTRIBUTE_TO_FIREBASE: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
PUBLISH_TO_PLAY_STORE: ${{ inputs.publish-to-play-store || github.event_name == 'push' }}
permissions:
contents: read
@@ -61,7 +59,7 @@ jobs:
inputs: "${{ toJson(inputs) }}"
- name: Check out repo
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
@@ -69,7 +67,7 @@ jobs:
uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
- name: Cache Gradle files
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
~/.gradle/caches
@@ -79,7 +77,7 @@ jobs:
${{ runner.os }}-gradle-v2-
- name: Cache build output
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
${{ github.workspace }}/build-cache
@@ -100,6 +98,7 @@ jobs:
- name: Install Fastlane
run: |
gem install bundler:2.2.27
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
@@ -124,7 +123,7 @@ jobs:
steps:
- name: Check out repo
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
@@ -135,6 +134,7 @@ jobs:
- name: Install Fastlane
run: |
gem install bundler:2.2.27
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
@@ -173,7 +173,7 @@ jobs:
--name com.bitwarden.authenticator.dev-google-services.json --file ${{ github.workspace }}/authenticator/src/debug/google-services.json --output none
- name: Download Firebase credentials
if: ${{ env.DISTRIBUTE_TO_FIREBASE }}
if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
env:
ACCOUNT_NAME: bitwardenci
CONTAINER_NAME: mobile
@@ -184,7 +184,7 @@ jobs:
--name authenticator_play_firebase-creds.json --file ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json --output none
- name: Download Play Store credentials
if: ${{ env.PUBLISH_TO_PLAY_STORE }}
if: ${{ inputs.publish-to-play-store }}
env:
ACCOUNT_NAME: bitwardenci
CONTAINER_NAME: mobile
@@ -198,7 +198,7 @@ jobs:
uses: bitwarden/gh-actions/azure-logout@main
- name: Verify Play Store credentials
if: ${{ env.PUBLISH_TO_PLAY_STORE }}
if: ${{ inputs.publish-to-play-store }}
run: |
bundle exec fastlane run validate_play_store_json_key \
json_key:"${{ github.workspace }}/secrets/authenticator_play_store-creds.json"
@@ -207,7 +207,7 @@ jobs:
uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
- name: Cache Gradle files
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
~/.gradle/caches
@@ -217,7 +217,7 @@ jobs:
${{ runner.os }}-gradle-v2-
- name: Cache build output
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
${{ github.workspace }}/build-cache
@@ -283,17 +283,17 @@ jobs:
keyAlias:"bitwardenauthenticator" \
keyPassword:"$KEY_PASSWORD"
- name: Upload to GitHub Artifacts - prod.aab
- name: Upload release Play Store .aab artifact
if: ${{ matrix.variant == 'aab' }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.bitwarden.authenticator.aab
path: authenticator/build/outputs/bundle/release/com.bitwarden.authenticator.aab
if-no-files-found: error
- name: Upload to GitHub Artifacts - prod.apk
- name: Upload release .apk artifact
if: ${{ matrix.variant == 'apk' }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.bitwarden.authenticator.apk
path: authenticator/build/outputs/apk/release/com.bitwarden.authenticator.apk
@@ -311,36 +311,38 @@ jobs:
sha256sum "authenticator/build/outputs/apk/release/com.bitwarden.authenticator.apk" \
> ./authenticator-android-apk-sha256.txt
- name: Upload to GitHub Artifacts - prod.apk-sha256.txt
- name: Upload .apk SHA file for release
if: ${{ matrix.variant == 'apk' }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: authenticator-android-apk-sha256.txt
path: ./authenticator-android-apk-sha256.txt
if-no-files-found: error
- name: Upload to GitHub Artifacts - prod.aab-sha256.txt
- name: Upload .aab SHA file for release
if: ${{ matrix.variant == 'aab' }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: authenticator-android-aab-sha256.txt
path: ./authenticator-android-aab-sha256.txt
if-no-files-found: error
- name: Install Firebase app distribution plugin
if: ${{ matrix.variant == 'aab' && env.DISTRIBUTE_TO_FIREBASE }}
if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
run: bundle exec fastlane add_plugin firebase_app_distribution
- name: Distribute to Firebase - prod.aab
if: ${{ matrix.variant == 'aab' && env.DISTRIBUTE_TO_FIREBASE }}
- name: Publish release bundle to Firebase
if: ${{ matrix.variant == 'aab' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
env:
FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json
run: |
bundle exec fastlane distributeAuthenticatorReleaseBundleToFirebase \
serviceCredentialsFile:"$FIREBASE_CREDS_PATH"
- name: Publish to Play Store - prod.aab
if: ${{ matrix.variant == 'aab' && env.PUBLISH_TO_PLAY_STORE }}
# Only publish bundles to Play Store when `publish-to-play-store` is true while building
# bundles
- name: Publish release bundle to Google Play Store
if: ${{ inputs.publish-to-play-store && matrix.variant == 'aab' }}
env:
PLAY_STORE_CREDS_FILE: ${{ github.workspace }}/secrets/authenticator_play_store-creds.json
run: |

134
.github/workflows/build-testharness.yml vendored
View File

@@ -1,134 +0,0 @@
name: Build Test Harness
on:
push:
paths:
- testharness/**
workflow_dispatch:
inputs:
version-name:
description: "Optional. Version string to use, in X.Y.Z format. Overrides default in the project."
required: false
type: string
version-code:
description: "Optional. Build number to use. Overrides default of GitHub run number."
required: false
type: number
patch_version:
description: "Order 999 - Overrides Patch version"
type: boolean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
JAVA_VERSION: 21
permissions:
contents: read
packages: read
jobs:
version:
name: Calculate Version Name and Number
uses: bitwarden/android/.github/workflows/_version.yml@main
with:
app_codename: "bwpm"
base_version_number: 0
version_name: ${{ inputs.version-name }}
version_number: ${{ inputs.version-code }}
patch_version: ${{ inputs.patch_version && '999' || '' }}
build:
name: Build Test Harness
runs-on: ubuntu-24.04
needs: version
steps:
- name: Log inputs to job summary
uses: bitwarden/android/.github/actions/log-inputs@main
with:
inputs: "${{ toJson(inputs) }}"
- name: Check out repo
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
persist-credentials: false
- name: Validate Gradle wrapper
uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
- name: Cache Gradle files
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
restore-keys: |
${{ runner.os }}-gradle-v2-
- name: Cache build output
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
with:
path: |
${{ github.workspace }}/build-cache
key: ${{ runner.os }}-build-cache-${{ github.sha }}
restore-keys: |
${{ runner.os }}-build-
- name: Configure JDK
uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
with:
distribution: "temurin"
java-version: ${{ env.JAVA_VERSION }}
- name: Configure Ruby
uses: ruby/setup-ruby@44511735964dcb71245e7e55f72539531f7bc0eb # v1.257.0
with:
bundler-cache: true
- name: Install Fastlane
run: |
gem install bundler:2.2.27
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
- name: Increment version
env:
DEFAULT_VERSION_CODE: ${{ github.run_number }}
INPUT_VERSION_CODE: "${{ needs.version.outputs.version_number }}"
INPUT_VERSION_NAME: ${{ needs.version.outputs.version_name }}
run: |
VERSION_CODE="${INPUT_VERSION_CODE:-$DEFAULT_VERSION_CODE}"
VERSION_NAME_INPUT="${INPUT_VERSION_NAME:-}"
bundle exec fastlane setBuildVersionInfo \
versionCode:"$VERSION_CODE" \
versionName:"$VERSION_NAME_INPUT"
regex='appVersionName = "(.+)"'
if [[ "$(cat gradle/libs.versions.toml)" =~ $regex ]]; then
VERSION_NAME="${BASH_REMATCH[1]}"
fi
echo "Version Name: ${VERSION_NAME}" >> "$GITHUB_STEP_SUMMARY"
echo "Version Number: $VERSION_CODE" >> "$GITHUB_STEP_SUMMARY"
- name: Build Test Harness Debug APK
run: ./gradlew :testharness:assembleDebug
- name: Upload Test Harness APK
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: com.bitwarden.testharness.dev-debug.apk
path: testharness/build/outputs/apk/debug/com.bitwarden.testharness.dev.apk
if-no-files-found: error
- name: Create checksum for Test Harness APK
run: |
sha256sum "testharness/build/outputs/apk/debug/com.bitwarden.testharness.dev.apk" \
> ./com.bitwarden.testharness.dev.apk-sha256.txt
- name: Upload Test Harness SHA file
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: com.bitwarden.testharness.dev.apk-sha256.txt
path: ./com.bitwarden.testharness.dev.apk-sha256.txt
if-no-files-found: error

107
.github/workflows/build.yml vendored
View File

@@ -33,8 +33,6 @@ env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
JAVA_VERSION: 21
GITHUB_ACTION_RUN_URL: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
DISTRIBUTE_TO_FIREBASE: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
PUBLISH_TO_PLAY_STORE: ${{ inputs.publish-to-play-store || github.event_name == 'push' }}
permissions:
contents: read
@@ -63,7 +61,7 @@ jobs:
inputs: "${{ toJson(inputs) }}"
- name: Check out repo
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
@@ -71,7 +69,7 @@ jobs:
uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
- name: Cache Gradle files
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
~/.gradle/caches
@@ -81,7 +79,7 @@ jobs:
${{ runner.os }}-gradle-v2-
- name: Cache build output
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
${{ github.workspace }}/build-cache
@@ -102,6 +100,7 @@ jobs:
- name: Install Fastlane
run: |
gem install bundler:2.2.27
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
@@ -112,7 +111,7 @@ jobs:
run: bundle exec fastlane assembleDebugApks
- name: Upload test reports on failure
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
if: failure()
with:
name: test-reports
@@ -133,7 +132,7 @@ jobs:
artifact: ["apk", "aab"]
steps:
- name: Check out repo
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
@@ -144,6 +143,7 @@ jobs:
- name: Install Fastlane
run: |
gem install bundler:2.2.27
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
@@ -186,7 +186,7 @@ jobs:
--name google-services.json --file ${{ github.workspace }}/app/src/standardBeta/google-services.json --output none
- name: Download Firebase credentials
if: ${{ matrix.variant == 'prod' && env.DISTRIBUTE_TO_FIREBASE }}
if: ${{ matrix.variant == 'prod' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
env:
ACCOUNT_NAME: bitwardenci
CONTAINER_NAME: mobile
@@ -203,7 +203,7 @@ jobs:
uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
- name: Cache Gradle files
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
~/.gradle/caches
@@ -213,7 +213,7 @@ jobs:
${{ runner.os }}-gradle-v2-
- name: Cache build output
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
${{ github.workspace }}/build-cache
@@ -297,42 +297,42 @@ jobs:
run: |
bundle exec fastlane assembleDebugApks
- name: Upload to GitHub Artifacts - prod.aab
- name: Upload release Play Store .aab artifact
if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.x8bit.bitwarden.aab
path: app/build/outputs/bundle/standardRelease/com.x8bit.bitwarden.aab
if-no-files-found: error
- name: Upload to GitHub Artifacts - beta.aab
- name: Upload beta Play Store .aab artifact
if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.x8bit.bitwarden.beta.aab
path: app/build/outputs/bundle/standardBeta/com.x8bit.bitwarden.beta.aab
if-no-files-found: error
- name: Upload to GitHub Artifacts - prod.apk
- name: Upload release .apk artifact
if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.x8bit.bitwarden.apk
path: app/build/outputs/apk/standard/release/com.x8bit.bitwarden.apk
if-no-files-found: error
- name: Upload to GitHub Artifacts - beta.apk
- name: Upload beta .apk artifact
if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.x8bit.bitwarden.beta.apk
path: app/build/outputs/apk/standard/beta/com.x8bit.bitwarden.beta.apk
if-no-files-found: error
# When building variants other than 'prod'
- name: Upload to GitHub Artifacts - dev.apk
- name: Upload debug .apk artifact
if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.x8bit.bitwarden.${{ matrix.variant }}.apk
path: app/build/outputs/apk/standard/debug/com.x8bit.bitwarden.dev.apk
@@ -368,52 +368,52 @@ jobs:
sha256sum "app/build/outputs/apk/standard/debug/com.x8bit.bitwarden.dev.apk" \
> ./com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
- name: Upload to GitHub Artifacts - prod.apk-sha256.txt
- name: Upload .apk SHA file for release
if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.x8bit.bitwarden.apk-sha256.txt
path: ./com.x8bit.bitwarden.apk-sha256.txt
if-no-files-found: error
- name: Upload to GitHub Artifacts - beta.apk-sha256.txt
- name: Upload .apk SHA file for beta
if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.x8bit.bitwarden.beta.apk-sha256.txt
path: ./com.x8bit.bitwarden.beta.apk-sha256.txt
if-no-files-found: error
- name: Upload to GitHub Artifacts - prod.aab-sha256.txt
- name: Upload .aab SHA file for release
if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.x8bit.bitwarden.aab-sha256.txt
path: ./com.x8bit.bitwarden.aab-sha256.txt
if-no-files-found: error
- name: Upload to GitHub Artifacts - beta.aab-sha256.txt
- name: Upload .aab SHA file for beta
if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.x8bit.bitwarden.beta.aab-sha256.txt
path: ./com.x8bit.bitwarden.beta.aab-sha256.txt
if-no-files-found: error
- name: Upload to GitHub Artifacts - debug.apk-sha256.txt
- name: Upload .apk SHA file for debug
if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
path: ./com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
if-no-files-found: error
- name: Install Firebase app distribution plugin
if: ${{ matrix.variant == 'prod' && matrix.artifact == 'apk' && env.DISTRIBUTE_TO_FIREBASE }}
if: ${{ matrix.variant == 'prod' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
run: bundle exec fastlane add_plugin firebase_app_distribution
- name: Distribute to Firebase - prod.apk
if: ${{ matrix.variant == 'prod' && matrix.artifact == 'apk' && env.DISTRIBUTE_TO_FIREBASE }}
- name: Publish release artifacts to Firebase
if: ${{ matrix.variant == 'prod' && matrix.artifact == 'apk' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
env:
APP_PLAY_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json
run: |
@@ -421,8 +421,8 @@ jobs:
actionUrl:$GITHUB_ACTION_RUN_URL \
service_credentials_file:$APP_PLAY_FIREBASE_CREDS_PATH
- name: Distribute to Firebase - beta.apk
if: ${{ matrix.variant == 'prod' && matrix.artifact == 'apk' && env.DISTRIBUTE_TO_FIREBASE }}
- name: Publish beta artifacts to Firebase
if: ${{ (matrix.variant == 'prod' && matrix.artifact == 'apk') && (inputs.distribute-to-firebase || github.event_name == 'push') }}
env:
APP_PLAY_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json
run: |
@@ -431,12 +431,12 @@ jobs:
service_credentials_file:$APP_PLAY_FIREBASE_CREDS_PATH
- name: Verify Play Store credentials
if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' && env.PUBLISH_TO_PLAY_STORE }}
if: ${{ matrix.variant == 'prod' && inputs.publish-to-play-store }}
run: |
bundle exec fastlane run validate_play_store_json_key
- name: Publish to Play Store - prod.aab
if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' && env.PUBLISH_TO_PLAY_STORE }}
- name: Publish Play Store bundle
if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' && (inputs.publish-to-play-store || github.event_name == 'push') }}
run: |
bundle exec fastlane publishProdToPlayStore
bundle exec fastlane publishBetaToPlayStore
@@ -451,7 +451,7 @@ jobs:
id-token: write
steps:
- name: Check out repo
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
@@ -462,6 +462,7 @@ jobs:
- name: Install Fastlane
run: |
gem install bundler:2.2.27
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
@@ -490,7 +491,7 @@ jobs:
--name app_beta_fdroid-keystore.jks --file ${{ github.workspace }}/keystores/app_beta_fdroid-keystore.jks --output none
- name: Download Firebase credentials
if: ${{ env.DISTRIBUTE_TO_FIREBASE }}
if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
env:
ACCOUNT_NAME: bitwardenci
CONTAINER_NAME: mobile
@@ -507,7 +508,7 @@ jobs:
uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
- name: Cache Gradle files
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
~/.gradle/caches
@@ -517,7 +518,7 @@ jobs:
${{ runner.os }}-gradle-v2-
- name: Cache build output
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
${{ github.workspace }}/build-cache
@@ -577,8 +578,8 @@ jobs:
keyAlias:bitwarden-beta \
keyPassword:$FDROID_BETA_KEY_PASSWORD
- name: Upload to GitHub Artifacts - fdroid.apk
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
- name: Upload F-Droid .apk artifact
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.x8bit.bitwarden-fdroid.apk
path: app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid.apk
@@ -589,15 +590,15 @@ jobs:
sha256sum "app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid.apk" \
> ./com.x8bit.bitwarden-fdroid.apk-sha256.txt
- name: Upload to GitHub Artifacts - fdroid.apk-sha256.txt
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
- name: Upload F-Droid SHA file
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.x8bit.bitwarden-fdroid.apk-sha256.txt
path: ./com.x8bit.bitwarden-fdroid.apk-sha256.txt
if-no-files-found: error
- name: Upload to GitHub Artifacts - beta.fdroid.apk
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
- name: Upload F-Droid Beta .apk artifact
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.x8bit.bitwarden.beta-fdroid.apk
path: app/build/outputs/apk/fdroid/beta/com.x8bit.bitwarden.beta-fdroid.apk
@@ -608,19 +609,19 @@ jobs:
sha256sum "app/build/outputs/apk/fdroid/beta/com.x8bit.bitwarden.beta-fdroid.apk" \
> ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
- name: Upload to GitHub Artifacts - beta.fdroid.apk-sha256.txt
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
- name: Upload F-Droid Beta SHA file
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
path: ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
if-no-files-found: error
- name: Install Firebase app distribution plugin
if: ${{ env.DISTRIBUTE_TO_FIREBASE }}
if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
run: bundle exec fastlane add_plugin firebase_app_distribution
- name: Distribute to Firebase - fdroid.apk
if: ${{ env.DISTRIBUTE_TO_FIREBASE }}
- name: Publish release F-Droid artifacts to Firebase
if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
env:
APP_FDROID_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_fdroid_firebase-creds.json
run: |

8
.github/workflows/cron-sync-google-priviledged-browsers.yml vendored
View File

@@ -2,8 +2,8 @@ name: Cron / Sync Google Privileged Browsers List
on:
schedule:
# Run weekly on Sunday at 00:00 UTC
- cron: '0 0 * * 0'
# Run weekly on Monday at 00:00 UTC
- cron: "0 0 * * 1"
workflow_dispatch:
env:
@@ -21,7 +21,7 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: true
@@ -96,4 +96,4 @@ jobs:
--base main \
--head "$BRANCH_NAME" \
--label "automated-pr" \
--label "t:deps"
--label "t:ci"

13
.github/workflows/crowdin-pull.yml vendored
View File

@@ -4,21 +4,19 @@ run-name: Crowdin Pull - ${{ github.event_name == 'workflow_dispatch' && 'Manual
on:
workflow_dispatch:
schedule:
# Run weekly on Sunday at 00:00 UTC
- cron: '0 0 * * 0'
permissions: {}
- cron: "0 0 * * 5"
jobs:
crowdin-sync:
name: Crowdin Pull - ${{ github.event_name }}
runs-on: ubuntu-24.04
permissions:
contents: read
contents: write
pull-requests: write
id-token: write
steps:
- name: Checkout repo
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
@@ -52,8 +50,6 @@ jobs:
with:
app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
permission-contents: write # for creating and pushing a new branch
permission-pull-requests: write # for creating pull request
- name: Download translations
uses: crowdin/github-action@0749939f635900a2521aa6aac7a3766642b2dc71 # v2.11.0
@@ -73,6 +69,5 @@ jobs:
create_pull_request: true
pull_request_title: "Crowdin Pull"
pull_request_body: ":inbox_tray: New translations received!"
pull_request_labels: "automated-pr, t:misc"
gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}

2
.github/workflows/crowdin-push.yml vendored
View File

@@ -16,7 +16,7 @@ jobs:
id-token: write
steps:
- name: Check out repo
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false

16
.github/workflows/github-release.yml vendored
View File

@@ -25,7 +25,7 @@ jobs:
steps:
- name: Check out repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
persist-credentials: true
@@ -183,15 +183,11 @@ jobs:
_JIRA_API_EMAIL: ${{ steps.get-kv-secrets.outputs.JIRA-API-EMAIL }}
_JIRA_API_TOKEN: ${{ steps.get-kv-secrets.outputs.JIRA-API-TOKEN }}
run: |
echo "Getting product release notes..."
# capture output and exit code so this step continues even if we can't retrieve release notes.
script_exit_code=0
product_release_notes=$(python .github/scripts/jira-get-release-notes/jira_release_notes.py "$_RELEASE_TICKET_ID" "$_JIRA_API_EMAIL" "$_JIRA_API_TOKEN") || script_exit_code=$?
echo "--------------------------------"
echo "Getting product release notes"
product_release_notes=$(python3 .github/scripts/jira-get-release-notes/jira_release_notes.py "$_RELEASE_TICKET_ID" "$_JIRA_API_EMAIL" "$_JIRA_API_TOKEN")
if [[ $script_exit_code -ne 0 || -z "$product_release_notes" ]]; then
echo "Script Output: $product_release_notes"
echo "::warning::Failed to fetch release notes from Jira. Check script logs for more details."
if [[ -z "$product_release_notes" || $product_release_notes == "Error checking"* ]]; then
echo "::warning::Failed to fetch release notes from Jira. Output: $product_release_notes"
product_release_notes="<insert product release notes here>"
else
echo "✅ Product release notes:"
@@ -289,5 +285,5 @@ jobs:
echo " * :ocean: Previous tag set in the description \"Full Changelog\" link: \`$_LAST_RELEASE_TAG\`"
echo " * :white_check_mark: Description has automated release notes and they match the commits in the release branch"
echo "> [!NOTE]"
echo "> Commits directly pushed to branches without a Pull Request won't appear in the automated release notes."
echo "> Commits directly pushed to branches without a Pull Request won't appear in the automated release notes."
} >> "$GITHUB_STEP_SUMMARY"

3
.github/workflows/publish-store.yml vendored
View File

@@ -73,7 +73,7 @@ jobs:
inputs: "${{ toJson(inputs) }}"
- name: Check out repo
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
- name: Configure Ruby
@@ -83,6 +83,7 @@ jobs:
- name: Install Fastlane
run: |
gem install bundler:2.2.27
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3

2
.github/workflows/release-branch.yml vendored
View File

@@ -22,7 +22,7 @@ jobs:
actions: write
steps:
- name: Check out repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
persist-credentials: true

2
.github/workflows/review-code.yml vendored
View File

@@ -2,7 +2,7 @@ name: Code Review
on:
pull_request:
types: [opened, synchronize, reopened]
types: [opened, synchronize, reopened, ready_for_review]
permissions: {}

90
.github/workflows/sdlc-label-pr.yml vendored
View File

@@ -1,90 +0,0 @@
name: SDLC / Label PR
run-name: Label PR ${{ github.event.pull_request.number || inputs.pr-number }}${{ github.event_name == 'workflow_dispatch' && format(' / mode "{0}" dry-run "{1}"', inputs.mode, inputs.dry-run) || '' }}
on:
pull_request:
types: [opened, synchronize]
workflow_dispatch:
inputs:
pr-number:
description: "Pull Request Number"
required: true
type: number
mode:
description: "Labeling Mode"
type: choice
options:
- add
- replace
default: add
dry-run:
description: "Dry Run - Don't apply labels"
type: boolean
default: false
env:
_PR_NUMBER: ${{ github.event.pull_request.number || inputs.pr-number }}
jobs:
label-pr:
name: Label PR by Changed Files
runs-on: ubuntu-24.04
permissions:
pull-requests: write # required to update labels
contents: read
steps:
- name: Check out repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
with:
persist-credentials: false
- name: Determine label mode for Pull Request
id: label-mode
env:
GH_TOKEN: ${{ github.token }}
_PR_USER: ${{ github.event.pull_request.user.login }}
_IS_FORK: ${{ github.event.pull_request.head.repo.fork }}
run: |
# Support workflow_dispatch testing by retrieving PR data
if [ -z "$_PR_USER" ]; then
echo "👀 PR User is empty, retrieving PR data for PR #$_PR_NUMBER..."
PR_DATA=$(gh pr view "$_PR_NUMBER" --json author,isCrossRepository)
_PR_USER=$(echo "$PR_DATA" | jq -r '.author.login')
_IS_FORK=$(echo "$PR_DATA" | jq -r '.isCrossRepository')
fi
echo "📋 PR User: $_PR_USER"
echo "📋 Is Fork: $_IS_FORK"
# Handle PRs with labels set by other automations by adding instead of replacing
if [ "$_IS_FORK" = "true" ]; then
echo "➡️ Fork PR ($_PR_USER). Label mode: --add"
echo "label_mode=--add" >> "$GITHUB_OUTPUT"
exit 0
fi
if [[ "$_PR_USER" == app/* || "$_PR_USER" == *\[bot\] ]]; then
echo "➡️ Bot PR ($_PR_USER). Label mode: --add"
echo "label_mode=--add" >> "$GITHUB_OUTPUT"
exit 0
fi
echo "➡️ Normal PR. Label mode: --replace"
echo "label_mode=--replace" >> "$GITHUB_OUTPUT"
- name: Label PR based on changed files
env:
GH_TOKEN: ${{ github.token }}
_LABEL_MODE: ${{ inputs.mode && format('--{0}', inputs.mode) || steps.label-mode.outputs.label_mode }}
_DRY_RUN: ${{ inputs.dry-run == true && '--dry-run' || '' }}
_PR_LABELS: ${{ toJSON(github.event.pull_request.labels) }}
run: |
if [ -z "$_PR_LABELS" ] || [ "$_PR_LABELS" = "null" ] || [ "$_PR_LABELS" = "[]" ]; then
echo "🔍 No current PR labels found, retrieving PR data for PR #$_PR_NUMBER..."
_PR_LABELS=$(gh pr view "$_PR_NUMBER" --json labels --jq '.labels')
fi
echo "🔍 Labeling PR #$_PR_NUMBER with mode: \"$_LABEL_MODE\" and dry-run: \"$_DRY_RUN\" and current PR labels: \"$_PR_LABELS\"..."
echo "🐍 Running label-pr.py script..."
echo ""
python3 .github/scripts/label-pr.py "$_PR_NUMBER" "$_PR_LABELS" "$_LABEL_MODE" "$_DRY_RUN"

6
.github/workflows/sdlc-sdk-update.yml vendored
View File

@@ -63,7 +63,7 @@ jobs:
permission-contents: write
- name: Check out repo
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
token: ${{ steps.app-token.outputs.token }}
fetch-depth: 0
@@ -190,7 +190,7 @@ jobs:
--base main \
--head "$_BRANCH_NAME" \
--label "automated-pr" \
--label "t:deps")
--label "t:ci")
echo "## 🚀 Created PR: $PR_URL" >> "$GITHUB_STEP_SUMMARY"
fi
@@ -204,7 +204,7 @@ jobs:
steps:
- name: Check out repo
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false

9
.github/workflows/test.yml vendored
View File

@@ -26,7 +26,7 @@ jobs:
steps:
- name: Check out repo
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
persist-credentials: false
@@ -34,7 +34,7 @@ jobs:
uses: gradle/actions/wrapper-validation@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0
- name: Cache Gradle files
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
~/.gradle/caches
@@ -44,7 +44,7 @@ jobs:
${{ runner.os }}-gradle-v2-
- name: Cache build output
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
with:
path: |
${{ github.workspace }}/build-cache
@@ -65,6 +65,7 @@ jobs:
- name: Install Fastlane
run: |
gem install bundler:2.2.27
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
@@ -75,7 +76,7 @@ jobs:
bundle exec fastlane check
- name: Upload test reports
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
if: always()
with:
name: test-reports

1
.husky/pre-commit Executable file
View File

@@ -0,0 +1 @@
npx lint-staged

3
Gemfile
View File

@@ -14,8 +14,5 @@ gem 'logger'
gem 'mutex_m'
gem 'csv'
# Since ruby 3.4.1 these are not included in the standard library
gem 'nkf'
# Starting with Ruby 3.5.0, these are not included in the standard library
gem 'ostruct'

49
Gemfile.lock
View File

@@ -1,15 +1,18 @@
GEM
remote: https://rubygems.org/
specs:
CFPropertyList (3.0.8)
CFPropertyList (3.0.7)
base64
nkf
rexml
abbrev (0.1.2)
addressable (2.8.8)
public_suffix (>= 2.0.2, < 8.0)
addressable (2.8.7)
public_suffix (>= 2.0.2, < 7.0)
artifactory (3.0.17)
atomos (0.1.3)
aws-eventstream (1.4.0)
aws-partitions (1.1206.0)
aws-sdk-core (3.241.4)
aws-partitions (1.1181.0)
aws-sdk-core (3.236.0)
aws-eventstream (~> 1, >= 1.3.0)
aws-partitions (~> 1, >= 1.992.0)
aws-sigv4 (~> 1.9)
@@ -17,25 +20,25 @@ GEM
bigdecimal
jmespath (~> 1, >= 1.6.1)
logger
aws-sdk-kms (1.121.0)
aws-sdk-core (~> 3, >= 3.241.4)
aws-sdk-kms (1.117.0)
aws-sdk-core (~> 3, >= 3.234.0)
aws-sigv4 (~> 1.5)
aws-sdk-s3 (1.212.0)
aws-sdk-core (~> 3, >= 3.241.4)
aws-sdk-s3 (1.203.0)
aws-sdk-core (~> 3, >= 3.234.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.5)
aws-sigv4 (1.12.1)
aws-eventstream (~> 1, >= 1.0.2)
babosa (1.0.4)
base64 (0.3.0)
bigdecimal (4.0.1)
bigdecimal (3.3.1)
claide (1.1.0)
colored (1.2)
colored2 (3.1.2)
commander (4.6.0)
highline (~> 2.0.0)
csv (3.3.5)
date (3.5.1)
date (3.5.0)
declarative (0.0.20)
digest-crc (0.7.0)
rake (>= 12.0.0, < 14.0.0)
@@ -55,14 +58,14 @@ GEM
faraday-rack (~> 1.0)
faraday-retry (~> 1.0)
ruby2_keywords (>= 0.0.4)
faraday-cookie_jar (0.0.8)
faraday-cookie_jar (0.0.7)
faraday (>= 0.8.0)
http-cookie (>= 1.0.0)
http-cookie (~> 1.0.0)
faraday-em_http (1.0.0)
faraday-em_synchrony (1.0.1)
faraday-excon (1.1.0)
faraday-httpclient (1.0.1)
faraday-multipart (1.2.0)
faraday-multipart (1.1.1)
multipart-post (~> 2.0)
faraday-net_http (1.0.2)
faraday-net_http_persistent (1.2.0)
@@ -72,9 +75,8 @@ GEM
faraday_middleware (1.2.1)
faraday (~> 1.0)
fastimage (2.4.0)
fastlane (2.229.0)
fastlane (2.228.0)
CFPropertyList (>= 2.3, < 4.0.0)
abbrev (~> 0.1.2)
addressable (>= 2.8, < 3.0.0)
artifactory (~> 3.0)
aws-sdk-s3 (~> 1.0)
@@ -82,7 +84,6 @@ GEM
bundler (>= 1.12.0, < 3.0.0)
colored (~> 1.2)
commander (~> 4.6)
csv (~> 3.3)
dotenv (>= 2.1.1, < 3.0.0)
emoji_regex (>= 0.1, < 4.0)
excon (>= 0.71.0, < 1.0.0)
@@ -102,7 +103,6 @@ GEM
jwt (>= 2.1.0, < 3)
mini_magick (>= 4.9.4, < 5.0.0)
multipart-post (>= 2.0.0, < 3.0.0)
mutex_m (~> 0.3.0)
naturally (~> 2.2)
optparse (>= 0.1.1, < 1.0.0)
plist (>= 3.1.0, < 4.0.0)
@@ -169,23 +169,23 @@ GEM
httpclient (2.9.0)
mutex_m
jmespath (1.6.2)
json (2.18.0)
json (2.16.0)
jwt (2.10.2)
base64
logger (1.7.0)
mini_magick (4.13.2)
mini_mime (1.1.5)
multi_json (1.19.1)
multi_json (1.17.0)
multipart-post (2.4.1)
mutex_m (0.3.0)
nanaimo (0.4.0)
naturally (2.3.0)
nkf (0.2.0)
optparse (0.8.1)
optparse (0.8.0)
os (1.1.4)
ostruct (0.6.3)
plist (3.7.2)
public_suffix (7.0.2)
public_suffix (6.0.2)
rake (13.3.1)
representable (3.2.0)
declarative (< 0.1.0)
@@ -209,7 +209,7 @@ GEM
terminal-notifier (2.0.0)
terminal-table (3.0.2)
unicode-display_width (>= 1.1.1, < 3)
time (0.4.2)
time (0.4.1)
date
trailblazer-option (0.1.2)
tty-cursor (0.7.1)
@@ -241,7 +241,6 @@ DEPENDENCIES
fastlane-plugin-firebase_app_distribution
logger
mutex_m
nkf
ostruct
time
@@ -249,4 +248,4 @@ RUBY VERSION
ruby 3.4.2p28
BUNDLED WITH
2.6.2
2.6.9

1
app/build.gradle.kts
View File

@@ -235,7 +235,6 @@ dependencies {
implementation(libs.androidx.browser)
implementation(libs.androidx.biometrics)
implementation(libs.androidx.camera.camera2)
implementation(libs.androidx.camera.compose)
implementation(platform(libs.androidx.compose.bom))
implementation(libs.androidx.compose.animation)
implementation(libs.androidx.compose.material3)

70
app/schemas/com.x8bit.bitwarden.data.platform.datasource.disk.database.PlatformDatabase/2.json
View File

@@ -1,70 +0,0 @@
{
"formatVersion": 1,
"database": {
"version": 2,
"identityHash": "2835802f9de260f6f5109c81081e9b46",
"entities": [
{
"tableName": "organization_events",
"createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, `user_id` TEXT NOT NULL, `organization_event_type` TEXT NOT NULL, `cipher_id` TEXT, `date` INTEGER NOT NULL, `organization_id` TEXT)",
"fields": [
{
"fieldPath": "id",
"columnName": "id",
"affinity": "INTEGER",
"notNull": true
},
{
"fieldPath": "userId",
"columnName": "user_id",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "organizationEventType",
"columnName": "organization_event_type",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "cipherId",
"columnName": "cipher_id",
"affinity": "TEXT"
},
{
"fieldPath": "date",
"columnName": "date",
"affinity": "INTEGER",
"notNull": true
},
{
"fieldPath": "organizationId",
"columnName": "organization_id",
"affinity": "TEXT"
}
],
"primaryKey": {
"autoGenerate": true,
"columnNames": [
"id"
]
},
"indices": [
{
"name": "index_organization_events_user_id",
"unique": false,
"columnNames": [
"user_id"
],
"orders": [],
"createSql": "CREATE INDEX IF NOT EXISTS `index_organization_events_user_id` ON `${TABLE_NAME}` (`user_id`)"
}
]
}
],
"setupQueries": [
"CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
"INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, '2835802f9de260f6f5109c81081e9b46')"
]
}
}

279
app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/9.json
View File

@@ -1,279 +0,0 @@
{
"formatVersion": 1,
"database": {
"version": 9,
"identityHash": "61353072161e3101ade140e2c4b65495",
"entities": [
{
"tableName": "ciphers",
"createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `has_totp` INTEGER NOT NULL DEFAULT 1, `cipher_type` TEXT NOT NULL, `cipher_json` TEXT NOT NULL, `organization_id` TEXT, PRIMARY KEY(`id`))",
"fields": [
{
"fieldPath": "id",
"columnName": "id",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "userId",
"columnName": "user_id",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "hasTotp",
"columnName": "has_totp",
"affinity": "INTEGER",
"notNull": true,
"defaultValue": "1"
},
{
"fieldPath": "cipherType",
"columnName": "cipher_type",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "cipherJson",
"columnName": "cipher_json",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "organizationId",
"columnName": "organization_id",
"affinity": "TEXT"
}
],
"primaryKey": {
"autoGenerate": false,
"columnNames": [
"id"
]
},
"indices": [
{
"name": "index_ciphers_user_id",
"unique": false,
"columnNames": [
"user_id"
],
"orders": [],
"createSql": "CREATE INDEX IF NOT EXISTS `index_ciphers_user_id` ON `${TABLE_NAME}` (`user_id`)"
},
{
"name": "index_ciphers_user_id_organization_id",
"unique": false,
"columnNames": [
"user_id",
"organization_id"
],
"orders": [],
"createSql": "CREATE INDEX IF NOT EXISTS `index_ciphers_user_id_organization_id` ON `${TABLE_NAME}` (`user_id`, `organization_id`)"
}
]
},
{
"tableName": "collections",
"createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `organization_id` TEXT NOT NULL, `should_hide_passwords` INTEGER NOT NULL, `name` TEXT NOT NULL, `external_id` TEXT, `read_only` INTEGER NOT NULL, `manage` INTEGER, `default_user_collection_email` TEXT, `type` TEXT NOT NULL DEFAULT '0', PRIMARY KEY(`id`))",
"fields": [
{
"fieldPath": "id",
"columnName": "id",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "userId",
"columnName": "user_id",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "organizationId",
"columnName": "organization_id",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "shouldHidePasswords",
"columnName": "should_hide_passwords",
"affinity": "INTEGER",
"notNull": true
},
{
"fieldPath": "name",
"columnName": "name",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "externalId",
"columnName": "external_id",
"affinity": "TEXT"
},
{
"fieldPath": "isReadOnly",
"columnName": "read_only",
"affinity": "INTEGER",
"notNull": true
},
{
"fieldPath": "canManage",
"columnName": "manage",
"affinity": "INTEGER"
},
{
"fieldPath": "defaultUserCollectionEmail",
"columnName": "default_user_collection_email",
"affinity": "TEXT"
},
{
"fieldPath": "type",
"columnName": "type",
"affinity": "TEXT",
"notNull": true,
"defaultValue": "'0'"
}
],
"primaryKey": {
"autoGenerate": false,
"columnNames": [
"id"
]
},
"indices": [
{
"name": "index_collections_user_id",
"unique": false,
"columnNames": [
"user_id"
],
"orders": [],
"createSql": "CREATE INDEX IF NOT EXISTS `index_collections_user_id` ON `${TABLE_NAME}` (`user_id`)"
}
]
},
{
"tableName": "domains",
"createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`user_id` TEXT NOT NULL, `domains_json` TEXT, PRIMARY KEY(`user_id`))",
"fields": [
{
"fieldPath": "userId",
"columnName": "user_id",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "domainsJson",
"columnName": "domains_json",
"affinity": "TEXT"
}
],
"primaryKey": {
"autoGenerate": false,
"columnNames": [
"user_id"
]
}
},
{
"tableName": "folders",
"createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `name` TEXT, `revision_date` INTEGER NOT NULL, PRIMARY KEY(`id`))",
"fields": [
{
"fieldPath": "id",
"columnName": "id",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "userId",
"columnName": "user_id",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "name",
"columnName": "name",
"affinity": "TEXT"
},
{
"fieldPath": "revisionDate",
"columnName": "revision_date",
"affinity": "INTEGER",
"notNull": true
}
],
"primaryKey": {
"autoGenerate": false,
"columnNames": [
"id"
]
},
"indices": [
{
"name": "index_folders_user_id",
"unique": false,
"columnNames": [
"user_id"
],
"orders": [],
"createSql": "CREATE INDEX IF NOT EXISTS `index_folders_user_id` ON `${TABLE_NAME}` (`user_id`)"
}
]
},
{
"tableName": "sends",
"createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `send_type` TEXT NOT NULL, `send_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
"fields": [
{
"fieldPath": "id",
"columnName": "id",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "userId",
"columnName": "user_id",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "sendType",
"columnName": "send_type",
"affinity": "TEXT",
"notNull": true
},
{
"fieldPath": "sendJson",
"columnName": "send_json",
"affinity": "TEXT",
"notNull": true
}
],
"primaryKey": {
"autoGenerate": false,
"columnNames": [
"id"
]
},
"indices": [
{
"name": "index_sends_user_id",
"unique": false,
"columnNames": [
"user_id"
],
"orders": [],
"createSql": "CREATE INDEX IF NOT EXISTS `index_sends_user_id` ON `${TABLE_NAME}` (`user_id`)"
}
]
}
],
"setupQueries": [
"CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
"INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, '61353072161e3101ade140e2c4b65495')"
]
}
}

7
app/src/debug/res/xml/provider.xml Normal file
View File

@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<credential-provider>
<capabilities>
<capability name="android.credentials.TYPE_PASSWORD_CREDENTIAL" />
<capability name="androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" />
</capabilities>
</credential-provider>

17
app/src/main/AndroidManifest.xml
View File

@@ -13,7 +13,6 @@
<uses-permission android:name="android.permission.USE_BIOMETRIC" />
<uses-permission android:name="android.permission.NFC" />
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="horizons.permission.HEADSET_CAMERA" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
<uses-permission android:name="android.permission.READ_USER_DICTIONARY" />
@@ -87,7 +86,6 @@
<intent-filter>
<action android:name="com.x8bit.bitwarden.credentials.ACTION_CREATE_PASSKEY" />
<action android:name="com.x8bit.bitwarden.credentials.ACTION_GET_PASSKEY" />
<action android:name="com.x8bit.bitwarden.credentials.ACTION_CREATE_PASSWORD" />
<action android:name="com.x8bit.bitwarden.credentials.ACTION_GET_PASSWORD" />
<action android:name="com.x8bit.bitwarden.credentials.ACTION_UNLOCK_ACCOUNT" />
@@ -140,19 +138,6 @@
android:launchMode="singleTop"
android:noHistory="true"
android:theme="@android:style/Theme.NoDisplay">
<intent-filter android:autoVerify="true">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="https" />
<data android:host="bitwarden.com" />
<data android:host="bitwarden.eu" />
<data android:pathPattern="/duo-callback" />
<data android:pathPattern="/sso-callback" />
<data android:pathPattern="/webauthn-callback" />
</intent-filter>
<intent-filter>
<action android:name="android.intent.action.VIEW" />
@@ -275,7 +260,7 @@
android:name="com.x8bit.bitwarden.AutofillTileService"
android:exported="true"
android:icon="@drawable/ic_notification"
android:label="@string/autofill_verb"
android:label="@string/autofill_title"
android:permission="android.permission.BIND_QUICK_SETTINGS_TILE"
tools:ignore="MissingClass">
<intent-filter>

28
app/src/main/assets/fido2_privileged_community.json
View File

@@ -1,21 +1,5 @@
{
"apps": [
{
"type": "android",
"info": {
"package_name": "eu.weblibre.gecko",
"signatures": [
{
"build": "release",
"cert_fingerprint_sha256": "BB:2A:97:F5:61:53:35:C9:E5:7C:86:6F:1C:30:ED:4F:D7:D7:BD:DC:BC:BC:06:68:FE:93:A5:79:17:3D:3D:2D"
},
{
"build": "release",
"cert_fingerprint_sha256": "8F:52:6E:1E:53:D6:BD:4D:FB:F4:F4:B9:3C:2A:91:EC:B5:CB:8D:A5:E1:4A:D9:4C:25:70:E1:E3:C7:13:52:7F"
},
]
}
},
{
"type": "android",
"info": {
@@ -28,6 +12,18 @@
]
}
},
{
"type": "android",
"info": {
"package_name": "org.chromium.chrome",
"signatures": [
{
"build": "release",
"cert_fingerprint_sha256": "A8:56:48:50:79:BC:B3:57:BF:BE:69:BA:19:A9:BA:43:CD:0A:D9:AB:22:67:52:C7:80:B6:88:8A:FD:48:21:6B"
}
]
}
},
{
"type": "android",
"info": {

2
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSource.kt
View File

@@ -211,7 +211,7 @@ interface AuthDiskSource : AppIdProvider {
/**
* Gets the flow for the biometrics key for the given [userId].
*/
fun getUserBiometricUnlockKeyFlow(userId: String): Flow<String?>
fun getUserBiometicUnlockKeyFlow(userId: String): Flow<String?>
/**
* Retrieves a pin-protected user key for the given [userId].

20
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSourceImpl.kt
View File

@@ -145,6 +145,9 @@ class AuthDiskSourceImpl(
storeInvalidUnlockAttempts(userId = userId, invalidUnlockAttempts = null)
storeUserKey(userId = userId, userKey = null)
storeUserAutoUnlockKey(userId = userId, userAutoUnlockKey = null)
storePinProtectedUserKey(userId = userId, pinProtectedUserKey = null)
storePinProtectedUserKeyEnvelope(userId = userId, pinProtectedUserKeyEnvelope = null)
storeEncryptedPin(userId = userId, encryptedPin = null)
storePrivateKey(userId = userId, privateKey = null)
storeAccountKeys(userId = userId, accountKeys = null)
storeOrganizationKeys(userId = userId, organizationKeys = null)
@@ -159,14 +162,10 @@ class AuthDiskSourceImpl(
storeAuthenticatorSyncUnlockKey(userId = userId, authenticatorSyncUnlockKey = null)
storeShowImportLogins(userId = userId, showImportLogins = null)
storeLastLockTimestamp(userId = userId, lastLockTimestamp = null)
storeEncryptedPin(userId = userId, encryptedPin = null)
storePinProtectedUserKey(userId = userId, pinProtectedUserKey = null)
storePinProtectedUserKeyEnvelope(userId = userId, pinProtectedUserKeyEnvelope = null)
// Certain values are never removed as required by the feature requirements:
// * DeviceKey
// * PendingAuthRequest
// * OnboardingStatus
// Do not remove the DeviceKey or PendingAuthRequest on logout, these are persisted
// indefinitely unless the TDE flow explicitly removes them.
// Do not remove OnboardingStatus we want to keep track of this even after logout.
}
override fun getAuthenticatorSyncUnlockKey(userId: String): String? =
@@ -331,7 +330,7 @@ class AuthDiskSourceImpl(
getMutableBiometricUnlockKeyFlow(userId).tryEmit(biometricsKey)
}
override fun getUserBiometricUnlockKeyFlow(userId: String): Flow<String?> =
override fun getUserBiometicUnlockKeyFlow(userId: String): Flow<String?> =
getMutableBiometricUnlockKeyFlow(userId)
.onSubscription { emit(getUserBiometricUnlockKey(userId = userId)) }
@@ -373,10 +372,7 @@ class AuthDiskSourceImpl(
inMemoryOnly: Boolean,
) {
inMemoryPinProtectedUserKeyEnvelopes[userId] = pinProtectedUserKeyEnvelope
if (inMemoryOnly) {
getMutablePinProtectedUserKeyEnvelopeFlow(userId).tryEmit(pinProtectedUserKeyEnvelope)
return
}
if (inMemoryOnly) return
putString(
key = PIN_PROTECTED_USER_KEY_KEY_ENVELOPE.appendIdentifier(userId),
value = pinProtectedUserKeyEnvelope,

4
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/datasource/sdk/AuthSdkSourceImpl.kt
View File

@@ -30,7 +30,7 @@ class AuthSdkSourceImpl(
getClient()
.auth()
.newAuthRequest(
email = email.lowercase(),
email = email,
)
}
@@ -42,7 +42,7 @@ class AuthSdkSourceImpl(
.platform()
.fingerprint(
req = FingerprintRequest(
fingerprintMaterial = email.lowercase(),
fingerprintMaterial = email,
publicKey = publicKey,
),
)

3
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/AuthRequestManagerImpl.kt
View File

@@ -28,6 +28,7 @@ import kotlinx.coroutines.flow.flow
import kotlinx.coroutines.isActive
import java.time.Clock
import javax.inject.Singleton
import kotlin.coroutines.coroutineContext
private const val PASSWORDLESS_NOTIFICATION_TIMEOUT_MILLIS: Long = 15L * 60L * 1_000L
private const val PASSWORDLESS_NOTIFICATION_RETRY_INTERVAL_MILLIS: Long = 4L * 1_000L
@@ -162,7 +163,7 @@ class AuthRequestManagerImpl(
emit(result)
if (result is AuthRequestUpdatesResult.Error) return@flow
var isComplete = false
while (currentCoroutineContext().isActive && !isComplete) {
while (coroutineContext.isActive && !isComplete) {
delay(PASSWORDLESS_APPROVER_INTERVAL_MILLIS)
val updateResult = result as AuthRequestUpdatesResult.Update
authRequestsService

41
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/UserLogoutManagerImpl.kt
View File

@@ -49,14 +49,14 @@ class UserLogoutManagerImpl(
override fun logout(userId: String, reason: LogoutReason) {
authDiskSource.userState ?: return
Timber.d("logout reason=$reason")
val isSecurityStamp = reason == LogoutReason.SecurityStamp
if (isSecurityStamp) {
val isExpired = reason == LogoutReason.SecurityStamp
if (isExpired) {
showToast(message = BitwardenString.login_expired)
}
val ableToSwitchToNewAccount = switchUserIfAvailable(
currentUserId = userId,
isSecurityStamp = isSecurityStamp,
isExpired = isExpired,
removeCurrentUserFromAccounts = true,
)
@@ -73,24 +73,25 @@ class UserLogoutManagerImpl(
override fun softLogout(userId: String, reason: LogoutReason) {
Timber.d("softLogout reason=$reason")
val isSecurityStamp = reason == LogoutReason.SecurityStamp
if (isSecurityStamp) {
val isExpired = reason == LogoutReason.SecurityStamp
if (isExpired) {
showToast(message = BitwardenString.login_expired)
}
authDiskSource.storeAccountTokens(
userId = userId,
accountTokens = null,
)
// Save any data that will still need to be retained after otherwise clearing all data
// Save any data that will still need to be retained after otherwise clearing all dat
val vaultTimeoutInMinutes = settingsDiskSource.getVaultTimeoutInMinutes(userId = userId)
val vaultTimeoutAction = settingsDiskSource.getVaultTimeoutAction(userId = userId)
val encryptedPin = authDiskSource.getEncryptedPin(userId = userId)
val pinProtectedUserKey = authDiskSource.getPinProtectedUserKey(userId = userId)
val pinProtectedUserKeyEnvelope = authDiskSource.getPinProtectedUserKeyEnvelope(
userId = userId,
)
val pinProtectedUserKeyEnvelope = authDiskSource
.getPinProtectedUserKeyEnvelope(userId = userId)
switchUserIfAvailable(
currentUserId = userId,
removeCurrentUserFromAccounts = false,
isSecurityStamp = isSecurityStamp,
isExpired = isExpired,
)
clearData(userId = userId)
@@ -107,14 +108,10 @@ class UserLogoutManagerImpl(
vaultTimeoutAction = vaultTimeoutAction,
)
}
authDiskSource.apply {
storeEncryptedPin(userId = userId, encryptedPin = encryptedPin)
storePinProtectedUserKey(userId = userId, pinProtectedUserKey = pinProtectedUserKey)
storePinProtectedUserKeyEnvelope(
userId = userId,
pinProtectedUserKeyEnvelope = pinProtectedUserKeyEnvelope,
)
}
authDiskSource.storePinProtectedUserKeyEnvelope(
userId = userId,
pinProtectedUserKeyEnvelope = pinProtectedUserKeyEnvelope,
)
}
private fun clearData(userId: String) {
@@ -136,7 +133,7 @@ class UserLogoutManagerImpl(
private fun switchUserIfAvailable(
currentUserId: String,
removeCurrentUserFromAccounts: Boolean,
isSecurityStamp: Boolean,
isExpired: Boolean = false,
): Boolean {
val currentUserState = authDiskSource.userState ?: return false
@@ -148,7 +145,7 @@ class UserLogoutManagerImpl(
// Check if there is a new active user
return if (updatedAccounts.isNotEmpty()) {
if (currentUserId == currentUserState.activeUserId && !isSecurityStamp) {
if (currentUserId == currentUserState.activeUserId && !isExpired) {
showToast(message = BitwardenString.account_switched_automatically)
}

16
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepository.kt
View File

@@ -26,7 +26,6 @@ import com.x8bit.bitwarden.data.auth.repository.model.RemovePasswordResult
import com.x8bit.bitwarden.data.auth.repository.model.RequestOtpResult
import com.x8bit.bitwarden.data.auth.repository.model.ResendEmailResult
import com.x8bit.bitwarden.data.auth.repository.model.ResetPasswordResult
import com.x8bit.bitwarden.data.auth.repository.model.RevokeFromOrganizationResult
import com.x8bit.bitwarden.data.auth.repository.model.SendVerificationEmailResult
import com.x8bit.bitwarden.data.auth.repository.model.SetPasswordResult
import com.x8bit.bitwarden.data.auth.repository.model.SwitchAccountResult
@@ -39,7 +38,6 @@ import com.x8bit.bitwarden.data.auth.repository.util.SsoCallbackResult
import com.x8bit.bitwarden.data.auth.repository.util.WebAuthResult
import com.x8bit.bitwarden.data.auth.util.YubiKeyResult
import com.x8bit.bitwarden.data.platform.datasource.network.authenticator.AuthenticatorProvider
import com.x8bit.bitwarden.data.platform.manager.BiometricsEncryptionManager
import kotlinx.coroutines.flow.Flow
import kotlinx.coroutines.flow.StateFlow
@@ -50,7 +48,6 @@ import kotlinx.coroutines.flow.StateFlow
interface AuthRepository :
AuthenticatorProvider,
AuthRequestManager,
BiometricsEncryptionManager,
KdfManager,
UserStateManager {
/**
@@ -360,14 +357,14 @@ interface AuthRepository :
suspend fun getPasswordStrength(email: String? = null, password: String): PasswordStrengthResult
/**
* Validates the master password for the current logged-in user.
* Validates the master password for the current logged in user.
*/
suspend fun validatePassword(password: String): ValidatePasswordResult
/**
* Validates the PIN for the current logged-in user.
* Validates the PIN for the current logged in user.
*/
suspend fun validatePinUserKey(pin: String): ValidatePinResult
suspend fun validatePin(pin: String): ValidatePinResult
/**
* Validates the given [password] against the master password
@@ -403,11 +400,4 @@ interface AuthRepository :
suspend fun leaveOrganization(
organizationId: String,
): LeaveOrganizationResult
/**
* Revokes self from the organization that matches the given [organizationId]
*/
suspend fun revokeFromOrganization(
organizationId: String,
): RevokeFromOrganizationResult
}

230
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt
View File

@@ -2,10 +2,7 @@ package com.x8bit.bitwarden.data.auth.repository
import com.bitwarden.core.AuthRequestMethod
import com.bitwarden.core.InitUserCryptoMethod
import com.bitwarden.core.RegisterTdeKeyResponse
import com.bitwarden.core.WrappedAccountCryptographicState
import com.bitwarden.core.data.manager.dispatcher.DispatcherManager
import com.bitwarden.core.data.repository.error.MissingPropertyException
import com.bitwarden.core.data.repository.util.bufferedMutableSharedFlow
import com.bitwarden.core.data.util.asFailure
import com.bitwarden.core.data.util.asSuccess
@@ -15,7 +12,6 @@ import com.bitwarden.crypto.Kdf
import com.bitwarden.data.datasource.disk.ConfigDiskSource
import com.bitwarden.data.repository.util.toEnvironmentUrls
import com.bitwarden.data.repository.util.toEnvironmentUrlsOrDefault
import com.bitwarden.network.model.CreateAccountKeysResponseJson
import com.bitwarden.network.model.DeleteAccountResponseJson
import com.bitwarden.network.model.GetTokenResponseJson
import com.bitwarden.network.model.IdentityTokenAuthModel
@@ -81,7 +77,6 @@ import com.x8bit.bitwarden.data.auth.repository.model.RemovePasswordResult
import com.x8bit.bitwarden.data.auth.repository.model.RequestOtpResult
import com.x8bit.bitwarden.data.auth.repository.model.ResendEmailResult
import com.x8bit.bitwarden.data.auth.repository.model.ResetPasswordResult
import com.x8bit.bitwarden.data.auth.repository.model.RevokeFromOrganizationResult
import com.x8bit.bitwarden.data.auth.repository.model.SendVerificationEmailResult
import com.x8bit.bitwarden.data.auth.repository.model.SetPasswordResult
import com.x8bit.bitwarden.data.auth.repository.model.SwitchAccountResult
@@ -105,8 +100,8 @@ import com.x8bit.bitwarden.data.auth.util.KdfParamsConstants.DEFAULT_PBKDF2_ITER
import com.x8bit.bitwarden.data.auth.util.YubiKeyResult
import com.x8bit.bitwarden.data.auth.util.toSdkParams
import com.x8bit.bitwarden.data.platform.datasource.disk.SettingsDiskSource
import com.x8bit.bitwarden.data.platform.error.MissingPropertyException
import com.x8bit.bitwarden.data.platform.error.NoActiveUserException
import com.x8bit.bitwarden.data.platform.manager.BiometricsEncryptionManager
import com.x8bit.bitwarden.data.platform.manager.LogsManager
import com.x8bit.bitwarden.data.platform.manager.PolicyManager
import com.x8bit.bitwarden.data.platform.manager.PushManager
@@ -117,7 +112,6 @@ import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
import com.x8bit.bitwarden.data.vault.repository.VaultRepository
import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockError
import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockResult
import com.x8bit.bitwarden.data.vault.repository.util.createWrappedAccountCryptographicState
import com.x8bit.bitwarden.data.vault.repository.util.toSdkMasterPasswordUnlock
import kotlinx.coroutines.CoroutineScope
import kotlinx.coroutines.Dispatchers
@@ -163,7 +157,6 @@ class AuthRepositoryImpl(
private val settingsRepository: SettingsRepository,
private val vaultRepository: VaultRepository,
private val authRequestManager: AuthRequestManager,
private val biometricsEncryptionManager: BiometricsEncryptionManager,
private val keyConnectorManager: KeyConnectorManager,
private val trustedDeviceManager: TrustedDeviceManager,
private val userLogoutManager: UserLogoutManager,
@@ -175,7 +168,6 @@ class AuthRepositoryImpl(
dispatcherManager: DispatcherManager,
) : AuthRepository,
AuthRequestManager by authRequestManager,
BiometricsEncryptionManager by biometricsEncryptionManager,
KdfManager by kdfManager,
UserStateManager by userStateManager {
/**
@@ -462,32 +454,42 @@ class AuthRepositoryImpl(
.getShouldTrustDevice(userId = userId) == true,
)
}
.flatMap { registerTdeKeyResponse ->
.flatMap { keys ->
accountsService
.createAccountKeys(
publicKey = registerTdeKeyResponse.publicKey,
encryptedPrivateKey = registerTdeKeyResponse.privateKey,
publicKey = keys.publicKey,
encryptedPrivateKey = keys.privateKey,
)
.map { createAccountKeysResponse ->
registerTdeKeyResponse to createAccountKeysResponse
}
.map { keys }
}
.flatMap { (registerTdeKeyResponse, createAccountKeysResponse) ->
.flatMap { keys ->
organizationService
.organizationResetPasswordEnroll(
organizationId = orgAutoEnrollStatus.organizationId,
userId = userId,
passwordHash = null,
resetPasswordKey = registerTdeKeyResponse.adminReset,
resetPasswordKey = keys.adminReset,
)
.map { registerTdeKeyResponse to createAccountKeysResponse }
.map { keys }
}
.onSuccess { (registerTdeKeyResponse, createAccountKeysResponse) ->
createNewSsoUserSuccess(
.onSuccess { keys ->
// TDE and SSO user creation still uses crypto-v1. These users are not
// expected to have the AEAD keys so we only store the private key for now.
// See https://github.com/bitwarden/android/pull/5682#discussion_r2273940332
// for more details.
authDiskSource.storePrivateKey(
userId = userId,
createAccountKeysResponse = createAccountKeysResponse,
registerTdeKeyResponse = registerTdeKeyResponse,
privateKey = keys.privateKey,
)
// Order matters here, we need to make sure that the vault is unlocked
// before we trust the device, to avoid state-base navigation issues.
vaultRepository.syncVaultState(userId = userId)
keys.deviceKey?.let { trustDeviceResponse ->
trustedDeviceManager.trustThisDevice(
userId = userId,
trustDeviceResponse = trustDeviceResponse,
)
}
}
}
.fold(
@@ -496,37 +498,6 @@ class AuthRepositoryImpl(
)
}
/**
* Stores all the relevant data from a successful creation of an SSO user. The data is stored
* while in an [UserStateManager.userStateTransaction] to ensure the `UserState` is only
* updated once after data stored.
*/
private suspend fun createNewSsoUserSuccess(
userId: String,
createAccountKeysResponse: CreateAccountKeysResponseJson,
registerTdeKeyResponse: RegisterTdeKeyResponse,
): Unit = userStateManager.userStateTransaction {
authDiskSource.storeAccountKeys(
userId = userId,
accountKeys = createAccountKeysResponse.accountKeys,
)
// TDE and SSO user creation still uses crypto-v1. These users are not
// expected to have the AEAD keys so we only store the private key for now.
// See https://github.com/bitwarden/android/pull/5682#discussion_r2273940332
// for more details.
authDiskSource.storePrivateKey(
userId = userId,
privateKey = registerTdeKeyResponse.privateKey,
)
vaultRepository.syncVaultState(userId = userId)
registerTdeKeyResponse.deviceKey?.let { trustDeviceResponse ->
trustedDeviceManager.trustThisDevice(
userId = userId,
trustDeviceResponse = trustDeviceResponse,
)
}
}
override suspend fun completeTdeLogin(
requestPrivateKey: String,
asymmetricalKey: String,
@@ -543,7 +514,6 @@ class AuthRepositoryImpl(
)
val signingKey = accountKeys?.signatureKeyPair?.wrappedSigningKey
val securityState = accountKeys?.securityState?.securityState
val signedPublicKey = accountKeys?.publicKeyEncryptionKeyPair?.signedPublicKey
checkForVaultUnlockError(
onVaultUnlockError = { error ->
@@ -551,13 +521,10 @@ class AuthRepositoryImpl(
},
) {
unlockVault(
accountCryptographicState = createWrappedAccountCryptographicState(
privateKey = privateKey,
securityState = securityState,
signingKey = signingKey,
signedPublicKey = signedPublicKey,
),
accountProfile = profile,
privateKey = privateKey,
signingKey = signingKey,
securityState = securityState,
initUserCryptoMethod = InitUserCryptoMethod.AuthRequest(
requestPrivateKey = requestPrivateKey,
method = AuthRequestMethod.UserKey(protectedUserKey = asymmetricalKey),
@@ -1320,7 +1287,7 @@ class AuthRepositoryImpl(
}
}
override suspend fun validatePinUserKey(pin: String): ValidatePinResult {
override suspend fun validatePin(pin: String): ValidatePinResult {
val activeAccount = authDiskSource
.userState
?.activeAccount
@@ -1329,13 +1296,13 @@ class AuthRepositoryImpl(
val pinProtectedUserKeyEnvelope = authDiskSource
.getPinProtectedUserKeyEnvelope(userId = activeAccount.userId)
?: return ValidatePinResult.Error(
error = MissingPropertyException("Pin Protected User Key Envelope"),
error = MissingPropertyException("Pin Protected User Key"),
)
return vaultSdkSource
.validatePinUserKey(
.validatePin(
userId = activeAccount.userId,
pin = pin,
pinProtectedUserKeyEnvelope = pinProtectedUserKeyEnvelope,
pinProtectedUserKey = pinProtectedUserKeyEnvelope,
)
.fold(
onSuccess = { ValidatePinResult.Success(isValid = it) },
@@ -1389,10 +1356,10 @@ class AuthRepositoryImpl(
)
.fold(
onSuccess = {
when (it) {
when (val json = it) {
VerifyEmailTokenResponseJson.Valid -> EmailTokenResult.Success
is VerifyEmailTokenResponseJson.Invalid -> {
EmailTokenResult.Error(message = it.message, error = null)
EmailTokenResult.Error(message = json.message, error = null)
}
VerifyEmailTokenResponseJson.TokenExpired -> EmailTokenResult.Expired
@@ -1417,14 +1384,6 @@ class AuthRepositoryImpl(
onFailure = { LeaveOrganizationResult.Error(error = it) },
)
override suspend fun revokeFromOrganization(
organizationId: String,
): RevokeFromOrganizationResult =
organizationService.revokeFromOrganization(organizationId).fold(
onSuccess = { RevokeFromOrganizationResult.Success },
onFailure = { RevokeFromOrganizationResult.Error(error = it) },
)
@Suppress("CyclomaticComplexMethod")
private suspend fun validatePasswordAgainstPolicy(
password: String,
@@ -1847,23 +1806,14 @@ class AuthRepositoryImpl(
)
.map {
unlockVault(
accountCryptographicState = createWrappedAccountCryptographicState(
privateKey = privateKey,
securityState = loginResponse.accountKeys
?.securityState
?.securityState,
signingKey = loginResponse.accountKeys
?.signatureKeyPair
?.wrappedSigningKey,
signedPublicKey = loginResponse.accountKeys
?.publicKeyEncryptionKeyPair
?.signedPublicKey,
),
accountProfile = profile,
privateKey = privateKey,
initUserCryptoMethod = InitUserCryptoMethod.KeyConnector(
masterKey = it.masterKey,
userKey = key,
),
securityState = loginResponse.accountKeys?.securityState?.securityState,
signingKey = loginResponse.accountKeys?.signatureKeyPair?.wrappedSigningKey,
)
}
.fold(
@@ -1884,21 +1834,11 @@ class AuthRepositoryImpl(
organizationIdentifier = orgIdentifier,
)
.map { keyConnectorResponse ->
val accountKeys = loginResponse.accountKeys
val result = unlockVault(
accountCryptographicState = createWrappedAccountCryptographicState(
privateKey = keyConnectorResponse.keys.private,
securityState = accountKeys
?.securityState
?.securityState,
signingKey = accountKeys
?.signatureKeyPair
?.wrappedSigningKey,
signedPublicKey = accountKeys
?.publicKeyEncryptionKeyPair
?.signedPublicKey,
),
accountProfile = profile,
privateKey = keyConnectorResponse.keys.private,
securityState = loginResponse.accountKeys?.securityState?.securityState,
signingKey = loginResponse.accountKeys?.signatureKeyPair?.wrappedSigningKey,
initUserCryptoMethod = InitUserCryptoMethod.KeyConnector(
masterKey = keyConnectorResponse.masterKey,
userKey = keyConnectorResponse.encryptedUserKey,
@@ -1943,30 +1883,27 @@ class AuthRepositoryImpl(
// Attempt to unlock the vault with password if possible.
val masterPassword = password ?: return null
val privateKey = loginResponse.privateKeyOrNull() ?: return null
val key = loginResponse.key ?: return null
val masterPasswordUnlock = loginResponse
val initUserCryptoMethod = loginResponse
.userDecryptionOptions
?.masterPasswordUnlock
?: return null
val initUserCryptoMethod = InitUserCryptoMethod.MasterPasswordUnlock(
password = masterPassword,
masterPasswordUnlock = masterPasswordUnlock.toSdkMasterPasswordUnlock(),
)
?.let { masterPasswordUnlock ->
InitUserCryptoMethod.MasterPasswordUnlock(
password = masterPassword,
masterPasswordUnlock = masterPasswordUnlock.toSdkMasterPasswordUnlock(),
)
}
?: InitUserCryptoMethod.Password(
password = masterPassword,
userKey = key,
)
return unlockVault(
accountCryptographicState = createWrappedAccountCryptographicState(
privateKey = privateKey,
securityState = loginResponse.accountKeys
?.securityState
?.securityState,
signingKey = loginResponse.accountKeys
?.signatureKeyPair
?.wrappedSigningKey,
signedPublicKey = loginResponse.accountKeys
?.publicKeyEncryptionKeyPair
?.signedPublicKey,
),
accountProfile = profile,
privateKey = privateKey,
securityState = loginResponse.accountKeys?.securityState?.securityState,
signingKey = loginResponse.accountKeys?.signatureKeyPair?.wrappedSigningKey,
initUserCryptoMethod = initUserCryptoMethod,
)
}
@@ -1974,7 +1911,6 @@ class AuthRepositoryImpl(
/**
* Attempt to unlock the current user's vault with trusted device specific data.
*/
@Suppress("LongMethod")
private suspend fun unlockVaultWithTdeOnLoginSuccess(
loginResponse: GetTokenResponseJson.Success,
profile: AccountJson.Profile,
@@ -1987,19 +1923,10 @@ class AuthRepositoryImpl(
if (privateKey != null && key != null) {
deviceData?.let { model ->
return unlockVault(
accountCryptographicState = createWrappedAccountCryptographicState(
privateKey = privateKey,
securityState = loginResponse.accountKeys
?.securityState
?.securityState,
signingKey = loginResponse.accountKeys
?.signatureKeyPair
?.wrappedSigningKey,
signedPublicKey = loginResponse.accountKeys
?.publicKeyEncryptionKeyPair
?.signedPublicKey,
),
accountProfile = profile,
privateKey = privateKey,
securityState = loginResponse.accountKeys?.securityState?.securityState,
signingKey = loginResponse.accountKeys?.signatureKeyPair?.wrappedSigningKey,
initUserCryptoMethod = InitUserCryptoMethod.AuthRequest(
requestPrivateKey = model.privateKey,
method = model
@@ -2029,18 +1956,9 @@ class AuthRepositoryImpl(
unlockVaultWithTrustedDeviceUserDecryptionOptionsAndStoreKeys(
options = options,
profile = profile,
privateKey = accountKeys
.publicKeyEncryptionKeyPair
.wrappedPrivateKey,
securityState = accountKeys
.securityState
?.securityState,
signedPublicKey = accountKeys
.publicKeyEncryptionKeyPair
.signedPublicKey,
signingKey = accountKeys
.signatureKeyPair
?.wrappedSigningKey,
privateKey = accountKeys.publicKeyEncryptionKeyPair.wrappedPrivateKey,
securityState = accountKeys.securityState?.securityState,
signingKey = accountKeys.signatureKeyPair?.wrappedSigningKey,
)
}
?: loginResponse.privateKey
@@ -2050,7 +1968,6 @@ class AuthRepositoryImpl(
profile = profile,
privateKey = privateKey,
securityState = null,
signedPublicKey = null,
signingKey = null,
)
}
@@ -2066,7 +1983,6 @@ class AuthRepositoryImpl(
profile: AccountJson.Profile,
privateKey: String,
securityState: String?,
signedPublicKey: String?,
signingKey: String?,
): VaultUnlockResult? {
var vaultUnlockResult: VaultUnlockResult? = null
@@ -2084,13 +2000,10 @@ class AuthRepositoryImpl(
// For approved requests the key will always be present.
val userKey = requireNotNull(request.key)
vaultUnlockResult = unlockVault(
accountCryptographicState = createWrappedAccountCryptographicState(
privateKey = privateKey,
securityState = securityState,
signingKey = signingKey,
signedPublicKey = signedPublicKey,
),
accountProfile = profile,
privateKey = privateKey,
signingKey = signingKey,
securityState = securityState,
initUserCryptoMethod = InitUserCryptoMethod.AuthRequest(
requestPrivateKey = pendingRequest.requestPrivateKey,
method = AuthRequestMethod.UserKey(protectedUserKey = userKey),
@@ -2116,13 +2029,10 @@ class AuthRepositoryImpl(
}
vaultUnlockResult = unlockVault(
accountCryptographicState = createWrappedAccountCryptographicState(
privateKey = privateKey,
securityState = securityState,
signingKey = signingKey,
signedPublicKey = signedPublicKey,
),
accountProfile = profile,
privateKey = privateKey,
securityState = securityState,
signingKey = signingKey,
initUserCryptoMethod = InitUserCryptoMethod.DeviceKey(
deviceKey = deviceKey,
protectedDevicePrivateKey = encryptedPrivateKey,
@@ -2140,16 +2050,20 @@ class AuthRepositoryImpl(
* A helper function to unlock the vault for the user associated with the [accountProfile].
*/
private suspend fun unlockVault(
accountCryptographicState: WrappedAccountCryptographicState,
accountProfile: AccountJson.Profile,
privateKey: String,
securityState: String?,
signingKey: String?,
initUserCryptoMethod: InitUserCryptoMethod,
): VaultUnlockResult {
val userId = accountProfile.userId
return vaultRepository.unlockVault(
accountCryptographicState = accountCryptographicState,
userId = userId,
email = accountProfile.email,
kdf = accountProfile.toSdkParams(),
privateKey = privateKey,
signingKey = signingKey,
securityState = securityState,
initUserCryptoMethod = initUserCryptoMethod,
// The value for the organization keys here will typically be null. We can separately
// unlock the vault for organization data after receiving the sync response if this

3
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/di/AuthRepositoryModule.kt
View File

@@ -19,7 +19,6 @@ import com.x8bit.bitwarden.data.auth.manager.UserStateManagerImpl
import com.x8bit.bitwarden.data.auth.repository.AuthRepository
import com.x8bit.bitwarden.data.auth.repository.AuthRepositoryImpl
import com.x8bit.bitwarden.data.platform.datasource.disk.SettingsDiskSource
import com.x8bit.bitwarden.data.platform.manager.BiometricsEncryptionManager
import com.x8bit.bitwarden.data.platform.manager.FirstTimeActionManager
import com.x8bit.bitwarden.data.platform.manager.LogsManager
import com.x8bit.bitwarden.data.platform.manager.PolicyManager
@@ -61,7 +60,6 @@ object AuthRepositoryModule {
environmentRepository: EnvironmentRepository,
settingsRepository: SettingsRepository,
vaultRepository: VaultRepository,
biometricsEncryptionManager: BiometricsEncryptionManager,
keyConnectorManager: KeyConnectorManager,
authRequestManager: AuthRequestManager,
trustedDeviceManager: TrustedDeviceManager,
@@ -87,7 +85,6 @@ object AuthRepositoryModule {
environmentRepository = environmentRepository,
settingsRepository = settingsRepository,
vaultRepository = vaultRepository,
biometricsEncryptionManager = biometricsEncryptionManager,
keyConnectorManager = keyConnectorManager,
authRequestManager = authRequestManager,
trustedDeviceManager = trustedDeviceManager,

2
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/model/LeaveOrganizationResult.kt
View File

@@ -1,7 +1,7 @@
package com.x8bit.bitwarden.data.auth.repository.model
/**
* Models result of leaving an organization.
* Models result of deleting an account.
*/
sealed class LeaveOrganizationResult {
/**

18
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/model/RevokeFromOrganizationResult.kt
View File

@@ -1,18 +0,0 @@
package com.x8bit.bitwarden.data.auth.repository.model
/**
* Models result of leaving an organization.
*/
sealed class RevokeFromOrganizationResult {
/**
* Revoke from organization succeeded.
*/
data object Success : RevokeFromOrganizationResult()
/**
* There was an error revoking from the organization.
*/
data class Error(
val error: Throwable?,
) : RevokeFromOrganizationResult()
}

33
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/util/DuoUtils.kt
View File

@@ -5,11 +5,7 @@ import android.net.Uri
import androidx.browser.auth.AuthTabIntent
import com.bitwarden.annotation.OmitFromCoverage
private const val BITWARDEN_EU_HOST: String = "bitwarden.eu"
private const val BITWARDEN_US_HOST: String = "bitwarden.com"
private const val APP_LINK_SCHEME: String = "https"
private const val DEEPLINK_SCHEME: String = "bitwarden"
private const val CALLBACK: String = "duo-callback"
private const val DUO_HOST: String = "duo-callback"
/**
* Retrieves a [DuoCallbackTokenResult] from an Intent. There are three possible cases.
@@ -22,28 +18,11 @@ private const val CALLBACK: String = "duo-callback"
* - [DuoCallbackTokenResult.Success]: Intent is the Duo callback, and it has a token.
*/
fun Intent.getDuoCallbackTokenResult(): DuoCallbackTokenResult? {
if (action != Intent.ACTION_VIEW) return null
val localData = data ?: return null
return when (localData.scheme) {
DEEPLINK_SCHEME -> {
if (localData.host == CALLBACK) {
localData.getDuoCallbackTokenResult()
} else {
null
}
}
APP_LINK_SCHEME -> {
if ((localData.host == BITWARDEN_US_HOST || localData.host == BITWARDEN_EU_HOST) &&
localData.path == "/$CALLBACK"
) {
localData.getDuoCallbackTokenResult()
} else {
null
}
}
else -> null
val localData = data
return if (action == Intent.ACTION_VIEW && localData != null && localData.host == DUO_HOST) {
localData.getDuoCallbackTokenResult()
} else {
null
}
}

42
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/util/SsoUtils.kt
View File

@@ -4,20 +4,14 @@ import android.content.Intent
import android.net.Uri
import android.os.Parcelable
import androidx.browser.auth.AuthTabIntent
import androidx.core.net.toUri
import com.bitwarden.annotation.OmitFromCoverage
import kotlinx.parcelize.Parcelize
import java.net.URLEncoder
import java.security.MessageDigest
import java.util.Base64
private const val BITWARDEN_EU_HOST: String = "bitwarden.eu"
private const val BITWARDEN_US_HOST: String = "bitwarden.com"
private const val APP_LINK_SCHEME: String = "https"
private const val DEEPLINK_SCHEME: String = "bitwarden"
private const val CALLBACK: String = "sso-callback"
const val SSO_URI: String = "bitwarden://$CALLBACK"
private const val SSO_HOST: String = "sso-callback"
const val SSO_URI: String = "bitwarden://$SSO_HOST"
/**
* Generates a URI for the SSO custom tab.
@@ -34,7 +28,7 @@ fun generateUriForSso(
token: String,
state: String,
codeVerifier: String,
): Uri {
): String {
val redirectUri = URLEncoder.encode(SSO_URI, "UTF-8")
val encodedOrganizationIdentifier = URLEncoder.encode(organizationIdentifier, "UTF-8")
val encodedToken = URLEncoder.encode(token, "UTF-8")
@@ -45,7 +39,7 @@ fun generateUriForSso(
.digest(codeVerifier.toByteArray()),
)
val uri = "$identityBaseUrl/connect/authorize" +
return "$identityBaseUrl/connect/authorize" +
"?client_id=mobile" +
"&redirect_uri=$redirectUri" +
"&response_type=code" +
@@ -56,7 +50,6 @@ fun generateUriForSso(
"&response_mode=query" +
"&domain_hint=$encodedOrganizationIdentifier" +
"&ssoToken=$encodedToken"
return uri.toUri()
}
/**
@@ -69,28 +62,11 @@ fun generateUriForSso(
* - [SsoCallbackResult.Success]: Intent is the SSO callback with required data.
*/
fun Intent.getSsoCallbackResult(): SsoCallbackResult? {
if (action != Intent.ACTION_VIEW) return null
val localData = data ?: return null
return when (localData.scheme) {
DEEPLINK_SCHEME -> {
if (localData.host == CALLBACK) {
localData.getSsoCallbackResult()
} else {
null
}
}
APP_LINK_SCHEME -> {
if ((localData.host == BITWARDEN_US_HOST || localData.host == BITWARDEN_EU_HOST) &&
localData.path == "/$CALLBACK"
) {
localData.getSsoCallbackResult()
} else {
null
}
}
else -> null
val localData = data
return if (action == Intent.ACTION_VIEW && localData?.host == SSO_HOST) {
localData.getSsoCallbackResult()
} else {
null
}
}

39
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/util/WebAuthUtils.kt
View File

@@ -11,13 +11,8 @@ import kotlinx.serialization.json.put
import java.net.URLEncoder
import java.util.Base64
private const val BITWARDEN_EU_HOST: String = "bitwarden.eu"
private const val BITWARDEN_US_HOST: String = "bitwarden.com"
private const val APP_LINK_SCHEME: String = "https"
private const val DEEPLINK_SCHEME: String = "bitwarden"
private const val CALLBACK: String = "webauthn-callback"
private const val CALLBACK_URI = "bitwarden://$CALLBACK"
private const val WEB_AUTH_HOST: String = "webauthn-callback"
private const val CALLBACK_URI = "bitwarden://$WEB_AUTH_HOST"
/**
* Retrieves an [WebAuthResult] from an [Intent]. There are three possible cases.
@@ -27,28 +22,14 @@ private const val CALLBACK_URI = "bitwarden://$CALLBACK"
* - [WebAuthResult.Failure]: Intent is the web auth key callback with incorrect data.
*/
fun Intent.getWebAuthResultOrNull(): WebAuthResult? {
if (action != Intent.ACTION_VIEW) return null
val localData = data ?: return null
return when (localData.scheme) {
DEEPLINK_SCHEME -> {
if (localData.host == CALLBACK) {
localData.getWebAuthResult()
} else {
null
}
}
APP_LINK_SCHEME -> {
if ((localData.host == BITWARDEN_US_HOST || localData.host == BITWARDEN_EU_HOST) &&
localData.path == "/$CALLBACK"
) {
localData.getWebAuthResult()
} else {
null
}
}
else -> null
val localData = data
return if (action == Intent.ACTION_VIEW &&
localData != null &&
localData.host == WEB_AUTH_HOST
) {
localData.getWebAuthResult()
} else {
null
}
}

4
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/util/CompleteRegistrationDataUtils.kt
View File

@@ -1,7 +1,7 @@
package com.x8bit.bitwarden.data.auth.util
import android.content.Intent
import androidx.core.net.toUri
import android.net.Uri
import com.x8bit.bitwarden.data.platform.manager.model.CompleteRegistrationData
/**
@@ -14,7 +14,7 @@ fun Intent.getCompleteRegistrationDataIntentOrNull(): CompleteRegistrationData?
newValue = "/",
ignoreCase = true,
)
val uri = runCatching { sanitizedUriString.toUri() }.getOrNull() ?: return null
val uri = runCatching { Uri.parse(sanitizedUriString) }.getOrNull() ?: return null
uri.host ?: return null
if (uri.path != "/finish-signup") return null
val email = uri.getQueryParameter("email") ?: return null

5
app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/accessibility/util/UriExtensions.kt
View File

@@ -1,7 +1,6 @@
package com.x8bit.bitwarden.data.autofill.accessibility.util
import android.net.Uri
import androidx.core.net.toUri
import com.bitwarden.annotation.OmitFromCoverage
import java.net.URISyntaxException
@@ -11,7 +10,7 @@ import java.net.URISyntaxException
@OmitFromCoverage
fun String.toUriOrNull(): Uri? =
try {
this.toUri()
} catch (_: URISyntaxException) {
Uri.parse(this)
} catch (e: URISyntaxException) {
null
}

4
app/src/main/kotlin/com/x8bit/bitwarden/data/autofill/provider/AutofillCipherProviderImpl.kt
View File

@@ -68,8 +68,6 @@ class AutofillCipherProviderImpl(
it.type is CipherListViewType.Card &&
// Must not be deleted.
it.deletedDate == null &&
// Must not be archived.
it.archivedDate == null &&
// Must not require a reprompt.
it.reprompt == CipherRepromptType.NONE &&
// Must not be restricted by organization.
@@ -108,8 +106,6 @@ class AutofillCipherProviderImpl(
it.type is CipherListViewType.Login &&
// Must not be deleted.
it.deletedDate == null &&
// Must not be archived.
it.archivedDate == null &&
// Must not require a reprompt.
it.reprompt == CipherRepromptType.NONE
}

9
app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/builder/CredentialEntryBuilderImpl.kt
View File

@@ -11,10 +11,10 @@ import com.bitwarden.fido.Fido2CredentialAutofillView
import com.bitwarden.ui.platform.resource.BitwardenDrawable
import com.bitwarden.ui.platform.resource.BitwardenString
import com.bitwarden.vault.CipherListView
import com.x8bit.bitwarden.data.auth.repository.AuthRepository
import com.x8bit.bitwarden.data.autofill.util.login
import com.x8bit.bitwarden.data.credentials.manager.CredentialManagerPendingIntentManager
import com.x8bit.bitwarden.data.credentials.util.setBiometricPromptDataIfSupported
import com.x8bit.bitwarden.data.platform.manager.BiometricsEncryptionManager
/**
* Primary implementation of [CredentialEntryBuilder].
@@ -22,7 +22,7 @@ import com.x8bit.bitwarden.data.credentials.util.setBiometricPromptDataIfSupport
class CredentialEntryBuilderImpl(
private val context: Context,
private val pendingIntentManager: CredentialManagerPendingIntentManager,
private val authRepository: AuthRepository,
private val biometricsEncryptionManager: BiometricsEncryptionManager,
) : CredentialEntryBuilder {
override fun buildPublicKeyCredentialEntries(
@@ -82,7 +82,7 @@ class CredentialEntryBuilderImpl(
.also { builder ->
if (!isUserVerified) {
builder.setBiometricPromptDataIfSupported(
cipher = authRepository.getOrCreateCipher(userId),
cipher = biometricsEncryptionManager.getOrCreateCipher(userId),
)
}
}
@@ -113,7 +113,8 @@ class CredentialEntryBuilderImpl(
.apply {
if (!isUserVerified) {
setBiometricPromptDataIfSupported(
cipher = authRepository.getOrCreateCipher(userId),
cipher = biometricsEncryptionManager
.getOrCreateCipher(userId),
)
}
}

7
app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/di/CredentialProviderModule.kt
View File

@@ -25,6 +25,7 @@ import com.x8bit.bitwarden.data.credentials.repository.PrivilegedAppRepositoryIm
import com.x8bit.bitwarden.data.credentials.sanitizer.PasskeyAttestationOptionsSanitizer
import com.x8bit.bitwarden.data.credentials.sanitizer.PasskeyAttestationOptionsSanitizerImpl
import com.x8bit.bitwarden.data.platform.manager.AssetManager
import com.x8bit.bitwarden.data.platform.manager.BiometricsEncryptionManager
import com.x8bit.bitwarden.data.platform.manager.ciphermatching.CipherMatchingManager
import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
import com.x8bit.bitwarden.data.vault.repository.VaultRepository
@@ -53,6 +54,7 @@ object CredentialProviderModule {
bitwardenCredentialManager: BitwardenCredentialManager,
dispatcherManager: DispatcherManager,
pendingIntentManager: CredentialManagerPendingIntentManager,
biometricsEncryptionManager: BiometricsEncryptionManager,
clock: Clock,
): CredentialProviderProcessor =
CredentialProviderProcessorImpl(
@@ -61,6 +63,7 @@ object CredentialProviderModule {
bitwardenCredentialManager = bitwardenCredentialManager,
pendingIntentManager = pendingIntentManager,
clock = clock,
biometricsEncryptionManager = biometricsEncryptionManager,
dispatcherManager = dispatcherManager,
)
@@ -105,11 +108,11 @@ object CredentialProviderModule {
fun provideCredentialEntryBuilder(
@ApplicationContext context: Context,
pendingIntentManager: CredentialManagerPendingIntentManager,
authRepository: AuthRepository,
biometricsEncryptionManager: BiometricsEncryptionManager,
): CredentialEntryBuilder = CredentialEntryBuilderImpl(
context = context,
pendingIntentManager = pendingIntentManager,
authRepository = authRepository,
biometricsEncryptionManager = biometricsEncryptionManager,
)
@Provides

14
app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/manager/BitwardenCredentialManagerImpl.kt
View File

@@ -50,8 +50,6 @@ import kotlinx.coroutines.withContext
import kotlinx.serialization.json.Json
import timber.log.Timber
private const val DAL_ROUTE = ".well-known/assetlinks.json"
/**
* Primary implementation of [BitwardenCredentialManager].
*/
@@ -125,7 +123,7 @@ class BitwardenCredentialManagerImpl(
.getSignatureFingerprintAsHexString()
.orEmpty(),
host = hostUrl,
assetLinkUrl = hostUrl.toDigitalAssetLinkUrl(),
assetLinkUrl = hostUrl,
),
)
}
@@ -260,7 +258,6 @@ class BitwardenCredentialManagerImpl(
userId = userId,
fido2CredentialStore = fido2CredentialStore,
relyingPartyId = relyingPartyId,
userHandle = null,
)
.fold(
onSuccess = { it },
@@ -318,7 +315,7 @@ class BitwardenCredentialManagerImpl(
packageName = callingAppInfo.packageName,
sha256CertFingerprint = signatureFingerprint,
host = host,
assetLinkUrl = host.toDigitalAssetLinkUrl(),
assetLinkUrl = host,
),
)
@@ -430,13 +427,6 @@ class BitwardenCredentialManagerImpl(
?.relyingParty
?.id
?.prefixHttpsIfNecessaryOrNull()
private fun String.toDigitalAssetLinkUrl(): String =
when {
this.endsWith(DAL_ROUTE) -> this
this.endsWith("/") -> "$this$DAL_ROUTE"
else -> "$this/$DAL_ROUTE"
}
}
private const val MAX_AUTHENTICATION_ATTEMPTS = 5

7
app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/manager/CredentialManagerPendingIntentManager.kt
View File

@@ -58,13 +58,6 @@ interface CredentialManagerPendingIntentManager {
userId: String,
): PendingIntent
/**
* Creates a pending intent to use when providing options for Password credential creation.
*/
fun createPasswordCreationPendingIntent(
userId: String,
): PendingIntent
/**
* Creates a pending intent to use when providing options for Password credential filling.
*/

19
app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/manager/CredentialManagerPendingIntentManagerImpl.kt
View File

@@ -75,24 +75,6 @@ class CredentialManagerPendingIntentManagerImpl(
)
}
/**
* Creates a pending intent to use when providing options for FIDO 2 credential creation.
*/
override fun createPasswordCreationPendingIntent(
userId: String,
): PendingIntent {
val intent = Intent(CREATE_PASSWORD_ACTION)
.setPackage(context.packageName)
.putExtra(EXTRA_KEY_USER_ID, userId)
return PendingIntent.getActivity(
/* context = */ context,
/* requestCode = */ Random.nextInt(),
/* intent = */ intent,
/* flags = */ PendingIntent.FLAG_UPDATE_CURRENT.toPendingIntentMutabilityFlag(),
)
}
/**
* Creates a pending intent to use when providing options for Password credential filling.
*/
@@ -119,5 +101,4 @@ class CredentialManagerPendingIntentManagerImpl(
private const val CREATE_PASSKEY_ACTION = "com.x8bit.bitwarden.credentials.ACTION_CREATE_PASSKEY"
private const val UNLOCK_ACCOUNT_ACTION = "com.x8bit.bitwarden.credentials.ACTION_UNLOCK_ACCOUNT"
private const val GET_PASSKEY_ACTION = "com.x8bit.bitwarden.credentials.ACTION_GET_PASSKEY"
private const val CREATE_PASSWORD_ACTION = "com.x8bit.bitwarden.credentials.ACTION_CREATE_PASSWORD"
private const val GET_PASSWORD_ACTION = "com.x8bit.bitwarden.credentials.ACTION_GET_PASSWORD"

4
app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/manager/OriginManagerImpl.kt
View File

@@ -49,7 +49,6 @@ class OriginManagerImpl(
)
.fold(
onSuccess = {
Timber.d("Digital asset link validation result: linked = ${it.linked}")
if (it.linked) {
ValidateOriginResult.Success(null)
} else {
@@ -57,7 +56,6 @@ class OriginManagerImpl(
}
},
onFailure = {
Timber.e("Failed to validate origin for calling app")
ValidateOriginResult.Error.AssetLinkNotFound
},
)
@@ -107,7 +105,7 @@ class OriginManagerImpl(
.fold(
onSuccess = { it },
onFailure = {
Timber.e(it, "Failed to validate calling app is privileged.")
Timber.e(it, "Failed to validate privileged app: ${callingAppInfo.packageName}")
ValidateOriginResult.Error.Unknown
},
)

10
app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/model/CreateCredentialRequest.kt
View File

@@ -2,7 +2,6 @@ package com.x8bit.bitwarden.data.credentials.model
import android.os.Bundle
import android.os.Parcelable
import androidx.credentials.CreatePasswordRequest
import androidx.credentials.CreatePublicKeyCredentialRequest
import androidx.credentials.provider.CallingAppInfo
import androidx.credentials.provider.ProviderCreateCredentialRequest
@@ -49,15 +48,6 @@ data class CreateCredentialRequest(
providerRequest.callingRequest as? CreatePublicKeyCredentialRequest
}
/**
* The [CreatePasswordRequest] of the [providerRequest], or null if the calling
* request is not a [CreatePasswordRequest].
*/
@IgnoredOnParcel
val createPasswordCredentialRequest: CreatePasswordRequest? by lazy {
providerRequest.callingRequest as? CreatePasswordRequest
}
/**
* The [requestJson] of the [createPublicKeyCredentialRequest], or null if the calling request
* is not a [CreatePublicKeyCredentialRequest].

106
app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/processor/CredentialProviderProcessorImpl.kt
View File

@@ -19,7 +19,6 @@ import androidx.credentials.exceptions.GetCredentialUnknownException
import androidx.credentials.provider.AuthenticationAction
import androidx.credentials.provider.BeginCreateCredentialRequest
import androidx.credentials.provider.BeginCreateCredentialResponse
import androidx.credentials.provider.BeginCreatePasswordCredentialRequest
import androidx.credentials.provider.BeginCreatePublicKeyCredentialRequest
import androidx.credentials.provider.BeginGetCredentialRequest
import androidx.credentials.provider.BeginGetCredentialResponse
@@ -34,9 +33,9 @@ import com.x8bit.bitwarden.data.auth.repository.model.UserState
import com.x8bit.bitwarden.data.credentials.manager.BitwardenCredentialManager
import com.x8bit.bitwarden.data.credentials.manager.CredentialManagerPendingIntentManager
import com.x8bit.bitwarden.data.credentials.model.GetCredentialsRequest
import com.x8bit.bitwarden.data.platform.manager.BiometricsEncryptionManager
import kotlinx.coroutines.CoroutineScope
import kotlinx.coroutines.launch
import timber.log.Timber
import java.time.Clock
import javax.crypto.Cipher
@@ -52,6 +51,7 @@ class CredentialProviderProcessorImpl(
private val bitwardenCredentialManager: BitwardenCredentialManager,
private val pendingIntentManager: CredentialManagerPendingIntentManager,
private val clock: Clock,
private val biometricsEncryptionManager: BiometricsEncryptionManager,
dispatcherManager: DispatcherManager,
) : CredentialProviderProcessor {
@@ -62,27 +62,21 @@ class CredentialProviderProcessorImpl(
cancellationSignal: CancellationSignal,
callback: OutcomeReceiver<BeginCreateCredentialResponse, CreateCredentialException>,
) {
Timber.d("Create credential request received.")
val userId = authRepository.activeUserId
if (userId == null) {
Timber.w("No active user. Cannot create credential.")
callback.onError(CreateCredentialUnknownException("Active user is required."))
return
}
val createCredentialJob = ioScope.launch {
(handleCreatePasskeyQuery(request) ?: handleCreatePasswordQuery(request))
processCreateCredentialRequest(request = request)
?.let { callback.onResult(it) }
?: run {
Timber.w("Unknown create credential request.")
callback.onError(CreateCredentialUnknownException())
}
?: callback.onError(CreateCredentialUnknownException())
}
cancellationSignal.setOnCancelListener {
if (createCredentialJob.isActive) {
createCredentialJob.cancel()
}
Timber.d("Create credential request cancelled by system.")
callback.onError(CreateCredentialCancellationException())
}
}
@@ -92,18 +86,15 @@ class CredentialProviderProcessorImpl(
cancellationSignal: CancellationSignal,
callback: OutcomeReceiver<BeginGetCredentialResponse, GetCredentialException>,
) {
Timber.d("Get credential request received.")
// If the user is not logged in, return an error.
val userState = authRepository.userStateFlow.value
if (userState == null) {
Timber.w("No active user. Cannot get credentials.")
callback.onError(GetCredentialUnknownException("Active user is required."))
return
}
// Return an unlock action if the current account is locked.
if (!userState.activeAccount.isVaultUnlocked) {
Timber.d("Vault is locked. Requesting unlock.")
val authenticationAction = AuthenticationAction(
title = context.getString(BitwardenString.unlock),
pendingIntent = pendingIntentManager.createFido2UnlockPendingIntent(
@@ -128,17 +119,10 @@ class CredentialProviderProcessorImpl(
BeginGetCredentialRequest.asBundle(request),
),
)
.onSuccess {
Timber.d("Credentials retrieved.")
callback.onResult(BeginGetCredentialResponse(credentialEntries = it))
}
.onFailure {
Timber.w("Error getting credentials.")
callback.onError(GetCredentialUnknownException(it.message))
}
.onSuccess { callback.onResult(BeginGetCredentialResponse(credentialEntries = it)) }
.onFailure { callback.onError(GetCredentialUnknownException(it.message)) }
}
cancellationSignal.setOnCancelListener {
Timber.d("Get credential request cancelled by system.")
callback.onError(GetCredentialCancellationException())
getCredentialJob.cancel()
}
@@ -150,15 +134,24 @@ class CredentialProviderProcessorImpl(
callback: OutcomeReceiver<Void?, ClearCredentialException>,
) {
// no-op: RFU
Timber.w("Unsupported clear credential state request received.")
callback.onError(ClearCredentialUnsupportedException())
}
private fun handleCreatePasskeyQuery(
private fun processCreateCredentialRequest(
request: BeginCreateCredentialRequest,
): BeginCreateCredentialResponse? {
if (request !is BeginCreatePublicKeyCredentialRequest) return null
return when (request) {
is BeginCreatePublicKeyCredentialRequest -> {
handleCreatePasskeyQuery(request)
}
else -> null
}
}
private fun handleCreatePasskeyQuery(
request: BeginCreatePublicKeyCredentialRequest,
): BeginCreateCredentialResponse? {
val requestJson = request
.candidateQueryData
.getString("androidx.credentials.BUNDLE_KEY_REQUEST_JSON")
@@ -168,19 +161,14 @@ class CredentialProviderProcessorImpl(
val userState = authRepository.userStateFlow.value ?: return null
return BeginCreateCredentialResponse.Builder()
.setCreateEntries(
userState.accounts.toCreatePasskeyEntry(userState.activeUserId),
)
.setCreateEntries(userState.accounts.toCreateEntries(userState.activeUserId))
.build()
}
private fun List<UserState.Account>.toCreatePasskeyEntry(
activeUserId: String,
): List<CreateEntry> = map { it.toCreatePasskeyEntry(isActive = activeUserId == it.userId) }
private fun List<UserState.Account>.toCreateEntries(activeUserId: String) =
map { it.toCreateEntry(isActive = activeUserId == it.userId) }
private fun UserState.Account.toCreatePasskeyEntry(
isActive: Boolean,
): CreateEntry {
private fun UserState.Account.toCreateEntry(isActive: Boolean): CreateEntry {
val accountName = name ?: email
val entryBuilder = CreateEntry
.Builder(
@@ -201,55 +189,7 @@ class CredentialProviderProcessorImpl(
.setAutoSelectAllowed(true)
if (isVaultUnlocked) {
authRepository
.getOrCreateCipher(userId)
?.let { entryBuilder.setBiometricPromptDataIfSupported(cipher = it) }
}
return entryBuilder.build()
}
private fun handleCreatePasswordQuery(
request: BeginCreateCredentialRequest,
): BeginCreateCredentialResponse? {
if (request !is BeginCreatePasswordCredentialRequest) return null
val userState = authRepository.userStateFlow.value ?: return null
return BeginCreateCredentialResponse.Builder()
.setCreateEntries(
userState.accounts.toCreatePasswordEntry(userState.activeUserId),
)
.build()
}
private fun List<UserState.Account>.toCreatePasswordEntry(
activeUserId: String,
) = map { it.toCreatePasswordEntry(isActive = activeUserId == it.userId) }
private fun UserState.Account.toCreatePasswordEntry(
isActive: Boolean,
): CreateEntry {
val accountName = name ?: email
val entryBuilder = CreateEntry
.Builder(
accountName = accountName,
pendingIntent = pendingIntentManager.createPasswordCreationPendingIntent(
userId = userId,
),
)
.setDescription(
context.getString(
BitwardenString.your_password_will_be_saved_to_your_bitwarden_vault_for_x,
accountName,
),
)
// Set the last used time to "now" so the active account is the default option in the
// system prompt.
.setLastUsedTime(if (isActive) clock.instant() else null)
.setAutoSelectAllowed(true)
if (isVaultUnlocked) {
authRepository
biometricsEncryptionManager
.getOrCreateCipher(userId)
?.let { entryBuilder.setBiometricPromptDataIfSupported(cipher = it) }
}

14
app/src/main/kotlin/com/x8bit/bitwarden/data/credentials/util/CredentialEntryBuilderExtensions.kt
View File

@@ -7,7 +7,6 @@ import androidx.credentials.provider.PasswordCredentialEntry
import androidx.credentials.provider.PublicKeyCredentialEntry
import com.bitwarden.annotation.OmitFromCoverage
import com.bitwarden.core.util.isBuildVersionAtLeast
import com.bitwarden.core.util.isHyperOS
import javax.crypto.Cipher
/**
@@ -16,7 +15,7 @@ import javax.crypto.Cipher
fun PublicKeyCredentialEntry.Builder.setBiometricPromptDataIfSupported(
cipher: Cipher?,
): PublicKeyCredentialEntry.Builder =
if (isBiometricPromptDataSupported() && cipher != null) {
if (isBuildVersionAtLeast(Build.VERSION_CODES.VANILLA_ICE_CREAM) && cipher != null) {
setBiometricPromptData(
biometricPromptData = buildPromptDataWithCipher(cipher),
)
@@ -30,19 +29,10 @@ fun PublicKeyCredentialEntry.Builder.setBiometricPromptDataIfSupported(
fun PasswordCredentialEntry.Builder.setBiometricPromptDataIfSupported(
cipher: Cipher?,
): PasswordCredentialEntry.Builder =
if (isBiometricPromptDataSupported() && cipher != null) {
if (isBuildVersionAtLeast(Build.VERSION_CODES.VANILLA_ICE_CREAM) && cipher != null) {
setBiometricPromptData(
biometricPromptData = buildPromptDataWithCipher(cipher),
)
} else {
this
}
/**
* Returns whether biometric prompt data is supported on this device.
* Note: Xiaomi HyperOS is known to be incompatible.
*/
private fun isBiometricPromptDataSupported(): Boolean {
return isBuildVersionAtLeast(Build.VERSION_CODES.VANILLA_ICE_CREAM) &&
!isHyperOS()
}

2
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/EventDiskSourceImpl.kt
View File

@@ -30,7 +30,6 @@ class EventDiskSourceImpl(
},
cipherId = event.cipherId,
date = event.date,
organizationId = event.organizationId,
),
)
}
@@ -49,7 +48,6 @@ class EventDiskSourceImpl(
},
cipherId = it.cipherId,
date = it.date,
organizationId = it.organizationId,
)
}
}

32
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/SettingsDiskSource.kt
View File

@@ -1,7 +1,7 @@
package com.x8bit.bitwarden.data.platform.datasource.disk
import com.bitwarden.data.datasource.disk.FlightRecorderDiskSource
import com.bitwarden.ui.platform.feature.settings.appearance.model.AppTheme
import com.x8bit.bitwarden.data.platform.datasource.disk.model.FlightRecorderDataSet
import com.x8bit.bitwarden.data.platform.manager.model.AppResumeScreenData
import com.x8bit.bitwarden.data.platform.repository.model.UriMatchType
import com.x8bit.bitwarden.data.platform.repository.model.VaultTimeoutAction
@@ -13,7 +13,7 @@ import java.time.Instant
* Primary access point for general settings-related disk information.
*/
@Suppress("TooManyFunctions")
interface SettingsDiskSource : FlightRecorderDiskSource {
interface SettingsDiskSource {
/**
* The currently persisted app language (or `null` if not set).
@@ -95,6 +95,16 @@ interface SettingsDiskSource : FlightRecorderDiskSource {
*/
val hasUserLoggedInOrCreatedAccountFlow: Flow<Boolean?>
/**
* The current status of whether the flight recorder is enabled.
*/
var flightRecorderData: FlightRecorderDataSet?
/**
* Emits updates that track [flightRecorderData].
*/
val flightRecorderDataFlow: Flow<FlightRecorderDataSet?>
/**
* The time at which the browser autofill dialog is allowed to be shown to the user again.
*/
@@ -105,24 +115,6 @@ interface SettingsDiskSource : FlightRecorderDiskSource {
*/
fun clearData(userId: String)
/**
* Retrieves the stored value of whether the introducing archive action card has been dismissed.
*/
fun getIntroducingArchiveActionCardDismissed(userId: String): Boolean?
/**
* Stores whether the introducing archive action card has been dismissed.
*/
fun storeIntroducingArchiveActionCardDismissed(
userId: String,
isDismissed: Boolean?,
)
/**
* Emits updates that track [getIntroducingArchiveActionCardDismissed] for the given [userId].
*/
fun getIntroducingArchiveActionCardDismissedFlow(userId: String): Flow<Boolean?>
/**
* Retrieves the biometric integrity validity for the given [userId] and
* [systemBioIntegrityState].

56
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/SettingsDiskSourceImpl.kt
View File

@@ -5,8 +5,8 @@ import androidx.core.content.edit
import com.bitwarden.core.data.repository.util.bufferedMutableSharedFlow
import com.bitwarden.core.data.util.decodeFromStringOrNull
import com.bitwarden.data.datasource.disk.BaseDiskSource
import com.bitwarden.data.datasource.disk.FlightRecorderDiskSource
import com.bitwarden.ui.platform.feature.settings.appearance.model.AppTheme
import com.x8bit.bitwarden.data.platform.datasource.disk.model.FlightRecorderDataSet
import com.x8bit.bitwarden.data.platform.manager.model.AppResumeScreenData
import com.x8bit.bitwarden.data.platform.repository.model.UriMatchType
import com.x8bit.bitwarden.data.platform.repository.model.VaultTimeoutAction
@@ -47,10 +47,9 @@ private const val CREATE_ACTION_COUNT = "createActionCount"
private const val SHOULD_SHOW_ADD_LOGIN_COACH_MARK = "shouldShowAddLoginCoachMark"
private const val SHOULD_SHOW_GENERATOR_COACH_MARK = "shouldShowGeneratorCoachMark"
private const val RESUME_SCREEN = "resumeScreen"
private const val FLIGHT_RECORDER_KEY = "flightRecorderData"
private const val IS_DYNAMIC_COLORS_ENABLED = "isDynamicColorsEnabled"
private const val BROWSER_AUTOFILL_DIALOG_RESHOW_TIME = "browserAutofillDialogReshowTime"
private const val INTRODUCING_ARCHIVE_ACTION_CARD_DISMISSED =
"introducingArchiveActionCardDismissed"
/**
* Primary implementation of [SettingsDiskSource].
@@ -59,10 +58,8 @@ private const val INTRODUCING_ARCHIVE_ACTION_CARD_DISMISSED =
class SettingsDiskSourceImpl(
private val sharedPreferences: SharedPreferences,
private val json: Json,
flightRecorderDiskSource: FlightRecorderDiskSource,
) : BaseDiskSource(sharedPreferences = sharedPreferences),
SettingsDiskSource,
FlightRecorderDiskSource by flightRecorderDiskSource {
SettingsDiskSource {
private val mutableAppLanguageFlow = bufferedMutableSharedFlow<AppLanguage?>(replay = 1)
private val mutableAppThemeFlow = bufferedMutableSharedFlow<AppTheme>(replay = 1)
@@ -89,15 +86,14 @@ class SettingsDiskSourceImpl(
private val mutableShowImportLoginsSettingBadgeFlowMap =
mutableMapOf<String, MutableSharedFlow<Boolean?>>()
private val mutableIntroducingArchiveActionCardDismissedFlowMap =
mutableMapOf<String, MutableSharedFlow<Boolean?>>()
private val mutableIsIconLoadingDisabledFlow = bufferedMutableSharedFlow<Boolean?>()
private val mutableIsCrashLoggingEnabledFlow = bufferedMutableSharedFlow<Boolean?>()
private val mutableHasUserLoggedInOrCreatedAccountFlow = bufferedMutableSharedFlow<Boolean?>()
private val mutableFlightRecorderDataFlow = bufferedMutableSharedFlow<FlightRecorderDataSet?>()
private val mutableHasSeenAddLoginCoachMarkFlow = bufferedMutableSharedFlow<Boolean?>()
private val mutableHasSeenGeneratorCoachMarkFlow = bufferedMutableSharedFlow<Boolean?>()
@@ -218,6 +214,20 @@ class SettingsDiskSourceImpl(
get() = mutableHasUserLoggedInOrCreatedAccountFlow
.onSubscription { emit(getBoolean(HAS_USER_LOGGED_IN_OR_CREATED_AN_ACCOUNT_KEY)) }
override var flightRecorderData: FlightRecorderDataSet?
get() = getString(key = FLIGHT_RECORDER_KEY)
?.let { json.decodeFromStringOrNull<FlightRecorderDataSet>(it) }
set(value) {
putString(
key = FLIGHT_RECORDER_KEY,
value = value?.let { json.encodeToString(it) },
)
mutableFlightRecorderDataFlow.tryEmit(value)
}
override val flightRecorderDataFlow: Flow<FlightRecorderDataSet?>
get() = mutableFlightRecorderDataFlow.onSubscription { emit(flightRecorderData) }
override var browserAutofillDialogReshowTime: Instant?
get() = getLong(key = BROWSER_AUTOFILL_DIALOG_RESHOW_TIME)?.let { Instant.ofEpochMilli(it) }
set(value) {
@@ -245,29 +255,8 @@ class SettingsDiskSourceImpl(
// - show unlock setting badge
// - should show add login coach mark
// - should show generator coach mark
// - should show introducing archive action card dismissed
}
override fun getIntroducingArchiveActionCardDismissed(userId: String): Boolean? =
getBoolean(
key = INTRODUCING_ARCHIVE_ACTION_CARD_DISMISSED.appendIdentifier(identifier = userId),
)
override fun storeIntroducingArchiveActionCardDismissed(
userId: String,
isDismissed: Boolean?,
) {
putBoolean(
key = INTRODUCING_ARCHIVE_ACTION_CARD_DISMISSED.appendIdentifier(identifier = userId),
value = isDismissed,
)
getMutableIntroducingArchiveActionCardDismissedFlow(userId = userId).tryEmit(isDismissed)
}
override fun getIntroducingArchiveActionCardDismissedFlow(userId: String): Flow<Boolean?> =
getMutableIntroducingArchiveActionCardDismissedFlow(userId = userId)
.onSubscription { emit(getIntroducingArchiveActionCardDismissed(userId = userId)) }
override fun getAccountBiometricIntegrityValidity(
userId: String,
systemBioIntegrityState: String,
@@ -605,13 +594,6 @@ class SettingsDiskSourceImpl(
override fun getAppResumeScreen(userId: String): AppResumeScreenData? =
getString(RESUME_SCREEN.appendIdentifier(userId))?.let { json.decodeFromStringOrNull(it) }
private fun getMutableIntroducingArchiveActionCardDismissedFlow(
userId: String,
): MutableSharedFlow<Boolean?> =
mutableIntroducingArchiveActionCardDismissedFlowMap.getOrPut(userId) {
bufferedMutableSharedFlow(replay = 1)
}
private fun getMutableLastSyncFlow(
userId: String,
): MutableSharedFlow<Instant?> =

6
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/database/PlatformDatabase.kt
View File

@@ -1,6 +1,5 @@
package com.x8bit.bitwarden.data.platform.datasource.disk.database
import androidx.room.AutoMigration
import androidx.room.Database
import androidx.room.RoomDatabase
import androidx.room.TypeConverters
@@ -15,11 +14,8 @@ import com.x8bit.bitwarden.data.vault.datasource.disk.convertor.ZonedDateTimeTyp
entities = [
OrganizationEventEntity::class,
],
version = 2,
version = 1,
exportSchema = true,
autoMigrations = [
AutoMigration(from = 1, to = 2),
],
)
@TypeConverters(ZonedDateTimeTypeConverter::class)
abstract class PlatformDatabase : RoomDatabase() {

3
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/di/PlatformDiskModule.kt
View File

@@ -5,7 +5,6 @@ import android.content.Context
import android.content.SharedPreferences
import androidx.room.Room
import com.bitwarden.core.data.manager.dispatcher.DispatcherManager
import com.bitwarden.data.datasource.disk.FlightRecorderDiskSource
import com.bitwarden.data.datasource.disk.di.EncryptedPreferences
import com.bitwarden.data.datasource.disk.di.UnencryptedPreferences
import com.x8bit.bitwarden.data.platform.datasource.disk.EnvironmentDiskSource
@@ -140,12 +139,10 @@ object PlatformDiskModule {
fun provideSettingsDiskSource(
@UnencryptedPreferences sharedPreferences: SharedPreferences,
json: Json,
flightRecorderDiskSource: FlightRecorderDiskSource,
): SettingsDiskSource =
SettingsDiskSourceImpl(
sharedPreferences = sharedPreferences,
json = json,
flightRecorderDiskSource = flightRecorderDiskSource,
)
@Provides

3
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/entity/OrganizationEventEntity.kt
View File

@@ -25,7 +25,4 @@ data class OrganizationEventEntity(
@ColumnInfo(name = "date")
val date: ZonedDateTime,
@ColumnInfo(name = "organization_id")
val organizationId: String?,
)

2
data/src/main/kotlin/com/bitwarden/data/datasource/disk/model/FlightRecorderDataSet.kt → app/src/main/kotlin/com/x8bit/bitwarden/data/platform/datasource/disk/model/FlightRecorderDataSet.kt
View File

@@ -1,4 +1,4 @@
package com.bitwarden.data.datasource.disk.model
package com.x8bit.bitwarden.data.platform.datasource.disk.model
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable

2
core/src/main/kotlin/com/bitwarden/core/data/repository/error/MissingPropertyException.kt → app/src/main/kotlin/com/x8bit/bitwarden/data/platform/error/MissingPropertyException.kt
View File

@@ -1,4 +1,4 @@
package com.bitwarden.core.data.repository.error
package com.x8bit.bitwarden.data.platform.error
/**
* An exception indicating that a required property was missing.

1
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/BiometricsEncryptionManager.kt
View File

@@ -32,6 +32,7 @@ interface BiometricsEncryptionManager {
*/
fun isBiometricIntegrityValid(
userId: String,
cipher: Cipher?,
): Boolean
/**

10
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/BiometricsEncryptionManagerImpl.kt
View File

@@ -90,8 +90,8 @@ class BiometricsEncryptionManagerImpl(
return cipher?.takeIf { isCipherInitialized }
}
override fun isBiometricIntegrityValid(userId: String): Boolean =
isSystemBiometricIntegrityValid(userId) && isAccountBiometricIntegrityValid(userId)
override fun isBiometricIntegrityValid(userId: String, cipher: Cipher?): Boolean =
isSystemBiometricIntegrityValid(userId, cipher) && isAccountBiometricIntegrityValid(userId)
override fun isAccountBiometricIntegrityValid(userId: String): Boolean {
val systemBioIntegrityState = settingsDiskSource
@@ -203,13 +203,11 @@ class BiometricsEncryptionManagerImpl(
}
/**
* Validates the keystore key and decrypts it, if decryption is successful `true` is returned,
* `false` otherwise.
* Validates the keystore key and decrypts it using the user-provided [cipher].
*/
private fun isSystemBiometricIntegrityValid(userId: String): Boolean {
private fun isSystemBiometricIntegrityValid(userId: String, cipher: Cipher?): Boolean {
// Attempt to get the user scoped key. If that fails, we check to see if a legacy key
// is available.
val cipher = getOrCreateCipher(userId = userId)
val secretKey = getSecretKeyOrNull(userId = userId) ?: getSecretKeyOrNull(userId = null)
return if (cipher != null && secretKey != null) {
cipher.initializeCipher(userId = userId, secretKey = secretKey)

2
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/CertificateManagerImpl.kt
View File

@@ -7,9 +7,9 @@ import android.security.KeyChainException
import androidx.annotation.VisibleForTesting
import androidx.annotation.WorkerThread
import androidx.core.net.toUri
import com.bitwarden.core.data.repository.error.MissingPropertyException
import com.x8bit.bitwarden.data.platform.datasource.disk.model.MutualTlsCertificate
import com.x8bit.bitwarden.data.platform.datasource.disk.model.MutualTlsKeyHost
import com.x8bit.bitwarden.data.platform.error.MissingPropertyException
import com.x8bit.bitwarden.data.platform.manager.model.ImportPrivateKeyResult
import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepository
import timber.log.Timber

6
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/PolicyManager.kt
View File

@@ -25,10 +25,4 @@ interface PolicyManager {
userId: String,
type: PolicyTypeJson,
): List<SyncResponseJson.Policy>
/**
* Get the organization id of the personal ownership policy.
* If multiple organizations enforce the policy, return the first to set it.
*/
fun getPersonalOwnershipPolicyOrganizationId(): String?
}

7
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/PolicyManagerImpl.kt
View File

@@ -66,13 +66,6 @@ class PolicyManagerImpl(
)
.orEmpty()
override fun getPersonalOwnershipPolicyOrganizationId(): String? =
this
.getActivePolicies(PolicyTypeJson.PERSONAL_OWNERSHIP)
.sortedBy { it.revisionDate }
.firstOrNull()
?.organizationId
/**
* A helper method to filter policies.
*/

33
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/PushManagerImpl.kt
View File

@@ -34,8 +34,6 @@ import java.time.Clock
import java.time.ZoneOffset
import java.time.ZonedDateTime
import javax.inject.Inject
import kotlin.contracts.ExperimentalContracts
import kotlin.contracts.contract
import kotlin.time.Duration
import kotlin.time.Duration.Companion.days
import kotlin.time.toJavaDuration
@@ -136,6 +134,7 @@ class PushManagerImpl @Inject constructor(
@Suppress("LongMethod", "CyclomaticComplexMethod")
private fun onMessageReceived(notification: BitwardenNotification) {
if (authDiskSource.uniqueAppId == notification.contextId) return
val userId = activeUserId ?: return
Timber.d("Push Notification Received: ${notification.notificationType}")
when (val type = notification.notificationType) {
@@ -180,13 +179,11 @@ class PushManagerImpl @Inject constructor(
.decodeFromString<NotificationPayload.SyncCipherNotification>(
string = notification.payload,
)
.takeIf {
it.cipherId != null && it.revisionDate != null && isLoggedIn(it.userId)
}
.takeIf { isLoggedIn(userId) && it.userMatchesNotification(userId) }
?.takeIf { it.cipherId != null && it.revisionDate != null }
?.let {
mutableSyncCipherUpsertSharedFlow.tryEmit(
SyncCipherUpsertData(
userId = requireNotNull(it.userId),
cipherId = requireNotNull(it.cipherId),
revisionDate = requireNotNull(it.revisionDate),
organizationId = it.organizationId,
@@ -231,13 +228,11 @@ class PushManagerImpl @Inject constructor(
.decodeFromString<NotificationPayload.SyncFolderNotification>(
string = notification.payload,
)
.takeIf {
it.folderId != null && it.revisionDate != null && isLoggedIn(it.userId)
}
.takeIf { isLoggedIn(userId) && it.userMatchesNotification(userId) }
?.takeIf { it.folderId != null && it.revisionDate != null }
?.let {
mutableSyncFolderUpsertSharedFlow.tryEmit(
SyncFolderUpsertData(
userId = requireNotNull(it.userId),
folderId = requireNotNull(it.folderId),
revisionDate = requireNotNull(it.revisionDate),
isUpdate = type == NotificationType.SYNC_FOLDER_UPDATE,
@@ -278,13 +273,11 @@ class PushManagerImpl @Inject constructor(
.decodeFromString<NotificationPayload.SyncSendNotification>(
string = notification.payload,
)
.takeIf {
it.sendId != null && it.revisionDate != null && isLoggedIn(it.userId)
}
.takeIf { isLoggedIn(userId) && it.userMatchesNotification(userId) }
?.takeIf { it.sendId != null && it.revisionDate != null }
?.let {
mutableSyncSendUpsertSharedFlow.tryEmit(
SyncSendUpsertData(
userId = requireNotNull(it.userId),
sendId = requireNotNull(it.sendId),
revisionDate = requireNotNull(it.revisionDate),
isUpdate = type == NotificationType.SYNC_SEND_UPDATE,
@@ -368,11 +361,11 @@ class PushManagerImpl @Inject constructor(
)
}
@OptIn(ExperimentalContracts::class)
private fun isLoggedIn(
userId: String?,
): Boolean {
contract { returns(true) implies (userId != null) }
return userId?.let { authDiskSource.getAccountTokens(it) }?.isLoggedIn == true
}
userId: String,
): Boolean = authDiskSource.getAccountTokens(userId)?.isLoggedIn == true
}
private fun NotificationPayload.userMatchesNotification(userId: String): Boolean {
return this.userId != null && this.userId == userId
}

33
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/di/PlatformManagerModule.kt
View File

@@ -63,6 +63,10 @@ import com.x8bit.bitwarden.data.platform.manager.clipboard.BitwardenClipboardMan
import com.x8bit.bitwarden.data.platform.manager.clipboard.BitwardenClipboardManagerImpl
import com.x8bit.bitwarden.data.platform.manager.event.OrganizationEventManager
import com.x8bit.bitwarden.data.platform.manager.event.OrganizationEventManagerImpl
import com.x8bit.bitwarden.data.platform.manager.flightrecorder.FlightRecorderManager
import com.x8bit.bitwarden.data.platform.manager.flightrecorder.FlightRecorderManagerImpl
import com.x8bit.bitwarden.data.platform.manager.flightrecorder.FlightRecorderWriter
import com.x8bit.bitwarden.data.platform.manager.flightrecorder.FlightRecorderWriterImpl
import com.x8bit.bitwarden.data.platform.manager.garbage.GarbageCollectionManager
import com.x8bit.bitwarden.data.platform.manager.garbage.GarbageCollectionManagerImpl
import com.x8bit.bitwarden.data.platform.manager.network.NetworkConfigManager
@@ -80,6 +84,7 @@ import com.x8bit.bitwarden.data.platform.repository.DebugMenuRepository
import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepository
import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
import com.x8bit.bitwarden.data.vault.datasource.disk.VaultDiskSource
import com.x8bit.bitwarden.data.vault.manager.FileManager
import com.x8bit.bitwarden.data.vault.manager.VaultLockManager
import com.x8bit.bitwarden.data.vault.repository.VaultRepository
import dagger.Module
@@ -104,6 +109,34 @@ object PlatformManagerModule {
application: Application,
): AppStateManager = AppStateManagerImpl(application = application)
@Provides
@Singleton
fun provideFlightRecorderWriter(
clock: Clock,
fileManager: FileManager,
dispatcherManager: DispatcherManager,
): FlightRecorderWriter = FlightRecorderWriterImpl(
clock = clock,
fileManager = fileManager,
dispatcherManager = dispatcherManager,
)
@Provides
@Singleton
fun provideFlightRecorderManager(
@ApplicationContext context: Context,
clock: Clock,
dispatcherManager: DispatcherManager,
settingsDiskSource: SettingsDiskSource,
flightRecorderWriter: FlightRecorderWriter,
): FlightRecorderManager = FlightRecorderManagerImpl(
context = context,
clock = clock,
dispatcherManager = dispatcherManager,
settingsDiskSource = settingsDiskSource,
flightRecorderWriter = flightRecorderWriter,
)
@Provides
@Singleton
fun provideAuthenticatorBridgeProcessor(

1
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/event/OrganizationEventManagerImpl.kt
View File

@@ -79,7 +79,6 @@ class OrganizationEventManagerImpl(
type = event.type,
cipherId = event.cipherId,
date = ZonedDateTime.now(clock),
organizationId = event.organizationId,
),
)
}

6
data/src/main/kotlin/com/bitwarden/data/manager/flightrecorder/FlightRecorderManager.kt → app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/flightrecorder/FlightRecorderManager.kt
View File

@@ -1,7 +1,7 @@
package com.bitwarden.data.manager.flightrecorder
package com.x8bit.bitwarden.data.platform.manager.flightrecorder
import com.bitwarden.data.datasource.disk.model.FlightRecorderDataSet
import com.bitwarden.data.manager.model.FlightRecorderDuration
import com.x8bit.bitwarden.data.platform.datasource.disk.model.FlightRecorderDataSet
import com.x8bit.bitwarden.data.platform.repository.model.FlightRecorderDuration
import kotlinx.coroutines.flow.StateFlow
/**

26
data/src/main/kotlin/com/bitwarden/data/manager/flightrecorder/FlightRecorderManagerImpl.kt → app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/flightrecorder/FlightRecorderManagerImpl.kt
View File

@@ -1,4 +1,4 @@
package com.bitwarden.data.manager.flightrecorder
package com.x8bit.bitwarden.data.platform.manager.flightrecorder
import android.content.BroadcastReceiver
import android.content.Context
@@ -7,9 +7,9 @@ import android.content.IntentFilter
import com.bitwarden.core.data.manager.dispatcher.DispatcherManager
import com.bitwarden.core.data.util.concurrentMapOf
import com.bitwarden.core.data.util.toFormattedPattern
import com.bitwarden.data.datasource.disk.FlightRecorderDiskSource
import com.bitwarden.data.datasource.disk.model.FlightRecorderDataSet
import com.bitwarden.data.manager.model.FlightRecorderDuration
import com.x8bit.bitwarden.data.platform.datasource.disk.SettingsDiskSource
import com.x8bit.bitwarden.data.platform.datasource.disk.model.FlightRecorderDataSet
import com.x8bit.bitwarden.data.platform.repository.model.FlightRecorderDuration
import kotlinx.coroutines.CoroutineScope
import kotlinx.coroutines.Job
import kotlinx.coroutines.delay
@@ -33,7 +33,7 @@ private const val EXPIRATION_DURATION_DAYS: Long = 30
internal class FlightRecorderManagerImpl(
private val context: Context,
private val clock: Clock,
private val flightRecorderDiskSource: FlightRecorderDiskSource,
private val settingsDiskSource: SettingsDiskSource,
private val flightRecorderWriter: FlightRecorderWriter,
dispatcherManager: DispatcherManager,
) : FlightRecorderManager {
@@ -44,12 +44,10 @@ internal class FlightRecorderManagerImpl(
private val flightRecorderTree = FlightRecorderTree()
override val flightRecorderData: FlightRecorderDataSet
get() = flightRecorderDiskSource
.flightRecorderData
?: FlightRecorderDataSet(data = emptySet())
get() = settingsDiskSource.flightRecorderData ?: FlightRecorderDataSet(data = emptySet())
override val flightRecorderDataFlow: StateFlow<FlightRecorderDataSet>
get() = flightRecorderDiskSource
get() = settingsDiskSource
.flightRecorderDataFlow
.map { it ?: FlightRecorderDataSet(data = emptySet()) }
.stateIn(
@@ -75,7 +73,7 @@ internal class FlightRecorderManagerImpl(
override fun dismissFlightRecorderBanner() {
val originalData = flightRecorderData
flightRecorderDiskSource.flightRecorderData = originalData.copy(
settingsDiskSource.flightRecorderData = originalData.copy(
data = originalData.data.map { it.copy(isBannerDismissed = true) }.toSet(),
)
}
@@ -83,7 +81,7 @@ internal class FlightRecorderManagerImpl(
override fun startFlightRecorder(duration: FlightRecorderDuration) {
val startTime = clock.instant()
val originalData = flightRecorderData
flightRecorderDiskSource.flightRecorderData = originalData.copy(
settingsDiskSource.flightRecorderData = originalData.copy(
data = originalData
.data
.mapToInactive(clock = clock)
@@ -108,7 +106,7 @@ internal class FlightRecorderManagerImpl(
override fun endFlightRecorder() {
val originalData = flightRecorderData
flightRecorderDiskSource.flightRecorderData = originalData.copy(
settingsDiskSource.flightRecorderData = originalData.copy(
data = originalData.data.mapToInactive(clock = clock),
)
}
@@ -119,7 +117,7 @@ internal class FlightRecorderManagerImpl(
data = flightRecorderData.data.filterNot { it.isActive }.toSet(),
)
// Clear everything but the active log.
flightRecorderDiskSource.flightRecorderData = activeLog?.let {
settingsDiskSource.flightRecorderData = activeLog?.let {
FlightRecorderDataSet(data = setOf(it))
}
// Clear all logs but the active one.
@@ -129,7 +127,7 @@ internal class FlightRecorderManagerImpl(
override fun deleteLog(data: FlightRecorderDataSet.FlightRecorderData) {
if (data.isActive) return
val originalData = flightRecorderData
flightRecorderDiskSource.flightRecorderData = originalData.copy(
settingsDiskSource.flightRecorderData = originalData.copy(
data = originalData.data.filterNot { it == data }.toSet(),
)
ioScope.launch { flightRecorderWriter.deleteLog(data = data) }

4
data/src/main/kotlin/com/bitwarden/data/manager/flightrecorder/FlightRecorderWriter.kt → app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/flightrecorder/FlightRecorderWriter.kt
View File

@@ -1,6 +1,6 @@
package com.bitwarden.data.manager.flightrecorder
package com.x8bit.bitwarden.data.platform.manager.flightrecorder
import com.bitwarden.data.datasource.disk.model.FlightRecorderDataSet
import com.x8bit.bitwarden.data.platform.datasource.disk.model.FlightRecorderDataSet
import java.io.File
/**

18
data/src/main/kotlin/com/bitwarden/data/manager/flightrecorder/FlightRecorderWriterImpl.kt → app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/flightrecorder/FlightRecorderWriterImpl.kt
View File

@@ -1,13 +1,13 @@
package com.bitwarden.data.manager.flightrecorder
package com.x8bit.bitwarden.data.platform.manager.flightrecorder
import android.os.Build
import android.util.Log
import com.bitwarden.annotation.OmitFromCoverage
import com.bitwarden.core.data.manager.BuildInfoManager
import com.bitwarden.core.data.manager.dispatcher.DispatcherManager
import com.bitwarden.core.data.util.toFormattedPattern
import com.bitwarden.data.datasource.disk.model.FlightRecorderDataSet
import com.bitwarden.data.manager.file.FileManager
import com.x8bit.bitwarden.BuildConfig
import com.x8bit.bitwarden.data.platform.datasource.disk.model.FlightRecorderDataSet
import com.x8bit.bitwarden.data.vault.manager.FileManager
import kotlinx.coroutines.withContext
import timber.log.Timber
import java.io.BufferedWriter
@@ -25,11 +25,10 @@ private const val LOG_TIME_PATTERN: String = "yyyy-MM-dd HH:mm:ss:SSS"
* The default implementation of the [FlightRecorderWriter].
*/
@OmitFromCoverage
internal class FlightRecorderWriterImpl(
class FlightRecorderWriterImpl(
private val clock: Clock,
private val fileManager: FileManager,
private val dispatcherManager: DispatcherManager,
private val buildInfoManager: BuildInfoManager,
) : FlightRecorderWriter {
override suspend fun deleteLog(data: FlightRecorderDataSet.FlightRecorderData) {
fileManager.delete(File(File(fileManager.logsDirectory), data.fileName))
@@ -56,18 +55,19 @@ internal class FlightRecorderWriterImpl(
val startTime = Instant
.ofEpochMilli(data.startTimeMs)
.toFormattedPattern(pattern = LOG_TIME_PATTERN, clock = clock)
val appVersion = "${BuildConfig.VERSION_NAME} (${BuildConfig.VERSION_CODE})"
val operatingSystem = "${Build.VERSION.RELEASE} (${Build.VERSION.SDK_INT})"
// Upon creating the new file, we pre-populate it with basic data
BufferedWriter(FileWriter(logFile, true)).use { bw ->
bw.append("Bitwarden Android - ${buildInfoManager.applicationName}")
bw.append("Bitwarden Android")
bw.newLine()
bw.append("Log Start Time: $startTime")
bw.newLine()
bw.append("Log Duration: ${data.durationMs.milliseconds}")
bw.newLine()
bw.append("App Version: ${buildInfoManager.versionData}")
bw.append("App Version: $appVersion")
bw.newLine()
bw.append("Build: ${buildInfoManager.buildAndFlavor}")
bw.append("Build: ${BuildConfig.BUILD_TYPE}/${BuildConfig.FLAVOR}")
bw.newLine()
bw.append("Operating System: $operatingSystem")
bw.newLine()

39
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/model/OrganizationEvent.kt
View File

@@ -16,17 +16,11 @@ sealed class OrganizationEvent {
*/
abstract val cipherId: String?
/**
* The optional organization ID.
*/
abstract val organizationId: String?
/**
* Tracks when a value is successfully auto-filled
*/
data class CipherClientAutoFilled(
override val cipherId: String,
override val organizationId: String? = null,
) : OrganizationEvent() {
override val type: OrganizationEventType
get() = OrganizationEventType.CIPHER_CLIENT_AUTO_FILLED
@@ -37,7 +31,6 @@ sealed class OrganizationEvent {
*/
data class CipherClientCopiedCardCode(
override val cipherId: String,
override val organizationId: String? = null,
) : OrganizationEvent() {
override val type: OrganizationEventType
get() = OrganizationEventType.CIPHER_CLIENT_COPIED_CARD_CODE
@@ -48,7 +41,6 @@ sealed class OrganizationEvent {
*/
data class CipherClientCopiedHiddenField(
override val cipherId: String,
override val organizationId: String? = null,
) : OrganizationEvent() {
override val type: OrganizationEventType
get() = OrganizationEventType.CIPHER_CLIENT_COPIED_HIDDEN_FIELD
@@ -59,7 +51,6 @@ sealed class OrganizationEvent {
*/
data class CipherClientCopiedPassword(
override val cipherId: String,
override val organizationId: String? = null,
) : OrganizationEvent() {
override val type: OrganizationEventType
get() = OrganizationEventType.CIPHER_CLIENT_COPIED_PASSWORD
@@ -70,7 +61,6 @@ sealed class OrganizationEvent {
*/
data class CipherClientToggledCardCodeVisible(
override val cipherId: String,
override val organizationId: String? = null,
) : OrganizationEvent() {
override val type: OrganizationEventType
get() = OrganizationEventType.CIPHER_CLIENT_TOGGLED_CARD_CODE_VISIBLE
@@ -81,7 +71,6 @@ sealed class OrganizationEvent {
*/
data class CipherClientToggledCardNumberVisible(
override val cipherId: String,
override val organizationId: String? = null,
) : OrganizationEvent() {
override val type: OrganizationEventType
get() = OrganizationEventType.CIPHER_CLIENT_TOGGLED_CARD_NUMBER_VISIBLE
@@ -92,7 +81,6 @@ sealed class OrganizationEvent {
*/
data class CipherClientToggledHiddenFieldVisible(
override val cipherId: String,
override val organizationId: String? = null,
) : OrganizationEvent() {
override val type: OrganizationEventType
get() = OrganizationEventType.CIPHER_CLIENT_TOGGLED_HIDDEN_FIELD_VISIBLE
@@ -103,7 +91,6 @@ sealed class OrganizationEvent {
*/
data class CipherClientToggledPasswordVisible(
override val cipherId: String,
override val organizationId: String? = null,
) : OrganizationEvent() {
override val type: OrganizationEventType
get() = OrganizationEventType.CIPHER_CLIENT_TOGGLED_PASSWORD_VISIBLE
@@ -114,7 +101,6 @@ sealed class OrganizationEvent {
*/
data class CipherClientViewed(
override val cipherId: String,
override val organizationId: String? = null,
) : OrganizationEvent() {
override val type: OrganizationEventType
get() = OrganizationEventType.CIPHER_CLIENT_VIEWED
@@ -125,32 +111,7 @@ sealed class OrganizationEvent {
*/
data object UserClientExportedVault : OrganizationEvent() {
override val cipherId: String? = null
override val organizationId: String? = null
override val type: OrganizationEventType
get() = OrganizationEventType.USER_CLIENT_EXPORTED_VAULT
}
/**
* Tracks when a user's personal ciphers have been migrated to their organization's My Items
* folder as required by the organization's personal vault ownership policy.
*/
data class ItemOrganizationAccepted(
override val cipherId: String? = null,
override val organizationId: String,
) : OrganizationEvent() {
override val type: OrganizationEventType
get() = OrganizationEventType.ORGANIZATION_ITEM_ORGANIZATION_ACCEPTED
}
/**
* Tracks when a user chooses to leave an organization instead of migrating their personal
* ciphers to their organization's My Items folder.
*/
data class ItemOrganizationDeclined(
override val cipherId: String? = null,
override val organizationId: String,
) : OrganizationEvent() {
override val type: OrganizationEventType
get() = OrganizationEventType.ORGANIZATION_ITEM_ORGANIZATION_DECLINED
}
}

2
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/model/SyncCipherUpsertData.kt
View File

@@ -5,14 +5,12 @@ import java.time.ZonedDateTime
/**
* Required data for sync cipher upsert operations.
*
* @property userId The user ID associated with this update.
* @property cipherId The cipher ID.
* @property revisionDate The cipher's revision date. This is used to determine if the local copy of
* the cipher is out-of-date.
* @property isUpdate Whether or not this is an update of an existing cipher.
*/
data class SyncCipherUpsertData(
val userId: String,
val cipherId: String,
val revisionDate: ZonedDateTime,
val organizationId: String?,

2
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/model/SyncFolderUpsertData.kt
View File

@@ -5,14 +5,12 @@ import java.time.ZonedDateTime
/**
* Required data for sync folder upsert operations.
*
* @property userId The user ID associated with this update.
* @property folderId The folder ID.
* @property revisionDate The folder's revision date. This is used to determine if the local copy of
* the folder is out-of-date.
* @property isUpdate Whether or not this is an update of an existing folder.
*/
data class SyncFolderUpsertData(
val userId: String,
val folderId: String,
val revisionDate: ZonedDateTime,
val isUpdate: Boolean,

2
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/manager/model/SyncSendUpsertData.kt
View File

@@ -5,14 +5,12 @@ import java.time.ZonedDateTime
/**
* Required data for sync send upsert operations.
*
* @property userId The user ID associated with this update.
* @property sendId The send ID.
* @property revisionDate The send's revision date. This is used to determine if the local copy of
* the send is out-of-date.
* @property isUpdate Whether or not this is an update of an existing send.
*/
data class SyncSendUpsertData(
val userId: String,
val sendId: String,
val revisionDate: ZonedDateTime,
val isUpdate: Boolean,

13
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/repository/AuthenticatorBridgeRepositoryImpl.kt
View File

@@ -4,19 +4,18 @@ import com.bitwarden.authenticatorbridge.model.SharedAccountData
import com.bitwarden.core.InitOrgCryptoRequest
import com.bitwarden.core.InitUserCryptoMethod
import com.bitwarden.core.InitUserCryptoRequest
import com.bitwarden.core.data.repository.error.MissingPropertyException
import com.bitwarden.core.data.util.asSuccess
import com.bitwarden.core.data.util.flatMap
import com.bitwarden.data.repository.util.toEnvironmentUrlsOrDefault
import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountJson
import com.x8bit.bitwarden.data.auth.repository.util.toSdkParams
import com.x8bit.bitwarden.data.platform.error.MissingPropertyException
import com.x8bit.bitwarden.data.platform.repository.util.sanitizeTotpUri
import com.x8bit.bitwarden.data.vault.datasource.disk.VaultDiskSource
import com.x8bit.bitwarden.data.vault.datasource.sdk.ScopedVaultSdkSource
import com.x8bit.bitwarden.data.vault.datasource.sdk.model.InitializeCryptoResult
import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockResult
import com.x8bit.bitwarden.data.vault.repository.util.createWrappedAccountCryptographicState
import com.x8bit.bitwarden.data.vault.repository.util.toEncryptedSdkCipher
import com.x8bit.bitwarden.data.vault.repository.util.toVaultUnlockResult
@@ -138,21 +137,17 @@ class AuthenticatorBridgeRepositoryImpl(
?.securityState
?.securityState
val signingKey = accountKeys?.signatureKeyPair?.wrappedSigningKey
val signedPublicKey = accountKeys?.publicKeyEncryptionKeyPair?.signedPublicKey
return scopedVaultSdkSource
.initializeCrypto(
userId = userId,
request = InitUserCryptoRequest(
accountCryptographicState = createWrappedAccountCryptographicState(
privateKey = privateKey,
securityState = securityState,
signingKey = signingKey,
signedPublicKey = signedPublicKey,
),
userId = userId,
kdfParams = account.profile.toSdkParams(),
email = account.profile.email,
privateKey = privateKey,
securityState = securityState,
signingKey = signingKey,
method = InitUserCryptoMethod.DecryptedKey(
decryptedUserKey = decryptedUserKey,
),

12
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/repository/SettingsRepository.kt
View File

@@ -1,8 +1,8 @@
package com.x8bit.bitwarden.data.platform.repository
import com.bitwarden.data.manager.flightrecorder.FlightRecorderManager
import com.bitwarden.ui.platform.feature.settings.appearance.model.AppTheme
import com.x8bit.bitwarden.data.auth.repository.model.UserFingerprintResult
import com.x8bit.bitwarden.data.platform.manager.flightrecorder.FlightRecorderManager
import com.x8bit.bitwarden.data.platform.repository.model.BiometricsKeyResult
import com.x8bit.bitwarden.data.platform.repository.model.ClearClipboardFrequency
import com.x8bit.bitwarden.data.platform.repository.model.UriMatchType
@@ -242,16 +242,6 @@ interface SettingsRepository : FlightRecorderManager {
*/
fun storePullToRefreshEnabled(isPullToRefreshEnabled: Boolean)
/**
* Gets updates for whether the introducing archive action card is dismissed.
*/
fun getIntroducingArchiveActionCardDismissedFlow(): StateFlow<Boolean>
/**
* Stores that the introducing archive action card has been dismissed for the active user.
*/
fun dismissIntroducingArchiveActionCard()
/**
* Stores the encrypted user key for biometrics, allowing it to be used to unlock the current
* user's vault.

27
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/repository/SettingsRepositoryImpl.kt
View File

@@ -3,7 +3,6 @@ package com.x8bit.bitwarden.data.platform.repository
import android.view.autofill.AutofillManager
import com.bitwarden.authenticatorbridge.util.generateSecretKey
import com.bitwarden.core.data.manager.dispatcher.DispatcherManager
import com.bitwarden.data.manager.flightrecorder.FlightRecorderManager
import com.bitwarden.network.model.PolicyTypeJson
import com.bitwarden.network.model.SyncResponseJson
import com.bitwarden.ui.platform.feature.settings.appearance.model.AppTheme
@@ -17,6 +16,7 @@ import com.x8bit.bitwarden.data.autofill.manager.AutofillEnabledManager
import com.x8bit.bitwarden.data.platform.datasource.disk.SettingsDiskSource
import com.x8bit.bitwarden.data.platform.error.NoActiveUserException
import com.x8bit.bitwarden.data.platform.manager.PolicyManager
import com.x8bit.bitwarden.data.platform.manager.flightrecorder.FlightRecorderManager
import com.x8bit.bitwarden.data.platform.repository.model.BiometricsKeyResult
import com.x8bit.bitwarden.data.platform.repository.model.ClearClipboardFrequency
import com.x8bit.bitwarden.data.platform.repository.model.UriMatchType
@@ -279,7 +279,7 @@ class SettingsRepositoryImpl(
get() = activeUserId
?.let { userId ->
authDiskSource
.getUserBiometricUnlockKeyFlow(userId)
.getUserBiometicUnlockKeyFlow(userId)
.map { it != null }
}
?: flowOf(false)
@@ -500,29 +500,6 @@ class SettingsRepositoryImpl(
}
}
override fun getIntroducingArchiveActionCardDismissedFlow(): StateFlow<Boolean> {
val userId = activeUserId ?: return MutableStateFlow(value = false)
return settingsDiskSource
.getIntroducingArchiveActionCardDismissedFlow(userId = userId)
.map { it ?: false }
.stateIn(
scope = unconfinedScope,
started = SharingStarted.Eagerly,
initialValue = settingsDiskSource
.getIntroducingArchiveActionCardDismissed(userId = userId)
?: false,
)
}
override fun dismissIntroducingArchiveActionCard() {
activeUserId?.let {
settingsDiskSource.storeIntroducingArchiveActionCardDismissed(
userId = it,
isDismissed = true,
)
}
}
override suspend fun setupBiometricsKey(cipher: Cipher): BiometricsKeyResult {
val userId = activeUserId
?: return BiometricsKeyResult.Error(error = NoActiveUserException())

2
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/repository/di/PlatformRepositoryModule.kt
View File

@@ -2,7 +2,6 @@ package com.x8bit.bitwarden.data.platform.repository.di
import android.view.autofill.AutofillManager
import com.bitwarden.core.data.manager.dispatcher.DispatcherManager
import com.bitwarden.data.manager.flightrecorder.FlightRecorderManager
import com.bitwarden.data.repository.ServerConfigRepository
import com.x8bit.bitwarden.data.auth.datasource.disk.AuthDiskSource
import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityEnabledManager
@@ -11,6 +10,7 @@ import com.x8bit.bitwarden.data.platform.datasource.disk.EnvironmentDiskSource
import com.x8bit.bitwarden.data.platform.datasource.disk.FeatureFlagOverrideDiskSource
import com.x8bit.bitwarden.data.platform.datasource.disk.SettingsDiskSource
import com.x8bit.bitwarden.data.platform.manager.PolicyManager
import com.x8bit.bitwarden.data.platform.manager.flightrecorder.FlightRecorderManager
import com.x8bit.bitwarden.data.platform.repository.AuthenticatorBridgeRepository
import com.x8bit.bitwarden.data.platform.repository.AuthenticatorBridgeRepositoryImpl
import com.x8bit.bitwarden.data.platform.repository.DebugMenuRepository

2
data/src/main/kotlin/com/bitwarden/data/manager/model/FlightRecorderDuration.kt → app/src/main/kotlin/com/x8bit/bitwarden/data/platform/repository/model/FlightRecorderDuration.kt
View File

@@ -1,4 +1,4 @@
package com.bitwarden.data.manager.model
package com.x8bit.bitwarden.data.platform.repository.model
/**
* The selectable durations allowed for the flight recorder.

69
app/src/main/kotlin/com/x8bit/bitwarden/data/platform/repository/util/StateFlowExtensions.kt
View File

@@ -14,36 +14,10 @@ import kotlinx.coroutines.flow.flow
import kotlinx.coroutines.flow.map
/**
* Lazily invokes the [observer] callback with the active user's ID only when this MutableStateFlow
* has external collectors and a user is logged in. Designed for operations that should only run
* when UI actively observes the resulting data, but do not require the vault to be unlocked.
*
* **Active User Tracking:**
* This function specifically tracks the active user from [userStateFlow]. When the active user
* changes (e.g., account switching), the previous observer flow is canceled and a new one is
* started for the new active user.
*
* **Subscription Detection:**
* Uses [MutableStateFlow.subscriptionCount] to detect external collectors. Only external
* `.collect()` calls increment subscriptionCount—internal flow operations (map, flatMapLatest,
* update, etc.) do not affect it.
*
* **Common Pattern:**
* ```kotlin
* private val _triggerFlow = MutableStateFlow(Unit)
* val dataFlow = _triggerFlow
* .observeWhenSubscribedAndLoggedIn(userFlow) { activeUserId ->
* repository.getData(activeUserId) // Only runs when dataFlow is collected
* }
* // _triggerFlow.update {} does NOT affect subscriptionCount
* ```
*
* **Observer Lifecycle:**
* - **Invoked** when subscriptionCount > 0 and a user is logged in
* - **Re-invoked** when the active user changes (account switch)
* - **Canceled** when subscribers disconnect or user logs out
*
* @see observeWhenSubscribedAndUnlocked for variant that also requires vault to be unlocked
* Invokes the [observer] callback whenever the user is logged in, the active changes, and there
* are subscribers to the [MutableStateFlow]. The flow from all previous calls to the `observer`
* is canceled whenever the `observer` is re-invoked, there is no active user (logged-out), or
* there are no subscribers to the [MutableStateFlow].
*/
@OptIn(ExperimentalCoroutinesApi::class)
fun <T, R> MutableStateFlow<T>.observeWhenSubscribedAndLoggedIn(
@@ -61,36 +35,11 @@ fun <T, R> MutableStateFlow<T>.observeWhenSubscribedAndLoggedIn(
}
/**
* Lazily invokes the [observer] callback with the active user's ID only when this MutableStateFlow
* has external collectors, a user is logged in, and the active user's vault is unlocked. Designed
* for expensive operations that should only run when UI actively observes the resulting data.
*
* **Active User Tracking:**
* This function specifically tracks the active user from [userStateFlow]. When the active user
* changes (e.g., account switching), the previous observer flow is canceled and a new one is
* started for the new active user. The vault unlock state is also tracked per-user.
*
* **Subscription Detection:**
* Uses [MutableStateFlow.subscriptionCount] to detect external collectors. Only external
* `.collect()` calls increment subscriptionCount—internal flow operations (map, flatMapLatest,
* update, etc.) do not affect it.
*
* **Common Pattern:**
* ```kotlin
* private val _triggerFlow = MutableStateFlow(Unit)
* val dataFlow = _triggerFlow
* .observeWhenSubscribedAndUnlocked(userFlow, unlockFlow) { activeUserId ->
* repository.getExpensiveData(activeUserId) // Only runs when dataFlow is collected
* }
* // _triggerFlow.update {} does NOT affect subscriptionCount
* ```
*
* **Observer Lifecycle:**
* - **Invoked** when subscriptionCount > 0, a user is logged in, and active user's vault unlocked
* - **Re-invoked** when the active user changes (account switch) or vault state changes
* - **Canceled** when subscribers disconnect, user logs out, or vault locks
*
* @see observeWhenSubscribedAndLoggedIn for variant without vault unlock requirement
* Invokes the [observer] callback whenever the user is logged in, the active changes,
* the vault for the user changes and there are subscribers to the [MutableStateFlow].
* The flow from all previous calls to the `observer`
* is canceled whenever the `observer` is re-invoked, there is no active user (logged-out),
* there are no subscribers to the [MutableStateFlow] or the vault is not unlocked.
*/
@OptIn(ExperimentalCoroutinesApi::class)
fun <T, R> MutableStateFlow<T>.observeWhenSubscribedAndUnlocked(

2
core/src/main/kotlin/com/bitwarden/core/util/FileExtensions.kt → app/src/main/kotlin/com/x8bit/bitwarden/data/platform/util/FileExtensions.kt
View File

@@ -1,4 +1,4 @@
package com.bitwarden.core.util
package com.x8bit.bitwarden.data.platform.util
import com.bitwarden.annotation.OmitFromCoverage
import java.io.File

2
core/src/main/kotlin/com/bitwarden/core/data/util/InputStreamExtensions.kt → app/src/main/kotlin/com/x8bit/bitwarden/data/platform/util/InputStreamExtensions.kt
View File

@@ -1,4 +1,4 @@
package com.bitwarden.core.data.util
package com.x8bit.bitwarden.data.platform.util
import android.os.Build
import com.bitwarden.annotation.OmitFromCoverage

10
app/src/main/kotlin/com/x8bit/bitwarden/data/vault/datasource/disk/VaultDiskSource.kt
View File

@@ -24,16 +24,6 @@ interface VaultDiskSource {
*/
suspend fun getCiphers(userId: String): List<SyncResponseJson.Cipher>
/**
* Checks if the user has any personal ciphers (ciphers not belonging to an organization).
*
* This is an optimized query that checks only the indexed organizationId column
* without loading full cipher JSON data. Intended for vault migration state checks.
*
* @return Flow that emits true if user has personal ciphers, false otherwise
*/
fun hasPersonalCiphersFlow(userId: String): Flow<Boolean>
/**
* Retrieves all ciphers with the given [cipherIds] from the data source for a given [userId].
*/

5
app/src/main/kotlin/com/x8bit/bitwarden/data/vault/datasource/disk/VaultDiskSourceImpl.kt
View File

@@ -55,7 +55,6 @@ class VaultDiskSourceImpl(
hasTotp = cipher.login?.totp != null,
cipherType = json.encodeToString(cipher.type),
cipherJson = json.encodeToString(cipher),
organizationId = cipher.organizationId,
),
),
)
@@ -98,9 +97,6 @@ class VaultDiskSourceImpl(
}
}
override fun hasPersonalCiphersFlow(userId: String): Flow<Boolean> =
ciphersDao.hasPersonalCiphersFlow(userId = userId)
override suspend fun getSelectedCiphers(
userId: String,
cipherIds: List<String>,
@@ -299,7 +295,6 @@ class VaultDiskSourceImpl(
hasTotp = cipher.login?.totp != null,
cipherType = json.encodeToString(cipher.type),
cipherJson = json.encodeToString(cipher),
organizationId = cipher.organizationId,
)
},
)

17
app/src/main/kotlin/com/x8bit/bitwarden/data/vault/datasource/disk/dao/CiphersDao.kt
View File

@@ -88,21 +88,4 @@ interface CiphersDao {
insertCiphers(ciphers)
return deletedCiphersCount > 0 || ciphers.isNotEmpty()
}
/**
* Checks if the user has any personal ciphers (ciphers with null organizationId).
* Returns a Flow that emits true if personal ciphers exist, false otherwise.
*
* This query is optimized for vault migration checks and uses the indexed
* organization_id column to avoid loading full cipher JSON.
*/
@Query("""
SELECT EXISTS(
SELECT 1 FROM ciphers
WHERE user_id = :userId
AND organization_id IS NULL
LIMIT 1
)
""")
fun hasPersonalCiphersFlow(userId: String): Flow<Boolean>
}

2
app/src/main/kotlin/com/x8bit/bitwarden/data/vault/datasource/disk/database/VaultDatabase.kt
View File

@@ -27,7 +27,7 @@ import com.x8bit.bitwarden.data.vault.datasource.disk.entity.SendEntity
FolderEntity::class,
SendEntity::class,
],
version = 9,
version = 8,
exportSchema = true,
autoMigrations = [
AutoMigration(from = 6, to = 7),

16
app/src/main/kotlin/com/x8bit/bitwarden/data/vault/datasource/disk/entity/CipherEntity.kt
View File

@@ -2,25 +2,18 @@ package com.x8bit.bitwarden.data.vault.datasource.disk.entity
import androidx.room.ColumnInfo
import androidx.room.Entity
import androidx.room.Index
import androidx.room.PrimaryKey
/**
* Entity representing a cipher in the database.
*/
@Entity(
tableName = "ciphers",
indices = [
Index(value = ["user_id"]),
Index(value = ["user_id", "organization_id"]),
],
)
@Entity(tableName = "ciphers")
data class CipherEntity(
@PrimaryKey(autoGenerate = false)
@ColumnInfo(name = "id")
val id: String,
@ColumnInfo(name = "user_id")
@ColumnInfo(name = "user_id", index = true)
val userId: String,
// Default to true for initial migration.
@@ -33,9 +26,4 @@ data class CipherEntity(
@ColumnInfo(name = "cipher_json")
val cipherJson: String,
// Extracted organizationId for query optimization to avoid loading full cipher JSON.
// Enables lightweight queries for vault migration checks and organization filtering.
@ColumnInfo(name = "organization_id")
val organizationId: String?,
)

19
app/src/main/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/VaultSdkSource.kt
View File

@@ -1,7 +1,6 @@
package com.x8bit.bitwarden.data.vault.datasource.sdk
import com.bitwarden.collections.Collection
import com.bitwarden.collections.CollectionId
import com.bitwarden.collections.CollectionView
import com.bitwarden.core.EnrollPinResponse
import com.bitwarden.core.InitOrgCryptoRequest
@@ -98,13 +97,12 @@ interface VaultSdkSource {
): Result<EnrollPinResponse>
/**
* Validates that the given PIN with the encrypted user key and returns `true` if the PIN is
* correct, otherwise `false`.
* Validate the user pin using the [pinProtectedUserKey].
*/
suspend fun validatePinUserKey(
suspend fun validatePin(
userId: String,
pin: String,
pinProtectedUserKeyEnvelope: String,
pinProtectedUserKey: String,
): Result<Boolean>
/**
@@ -390,16 +388,6 @@ interface VaultSdkSource {
cipherView: CipherView,
): Result<CipherView>
/**
* Re-encrypts the [cipherViews] with the organizations encryption key into the respective [collectionIds]
*/
suspend fun bulkMoveToOrganization(
userId: String,
organizationId: String,
cipherViews: List<CipherView>,
collectionIds: List<CollectionId>,
): Result<List<EncryptionContext>>
/**
* Validates that the given password matches the password hash.
*/
@@ -499,7 +487,6 @@ interface VaultSdkSource {
userId: String,
fido2CredentialStore: Fido2CredentialStore,
relyingPartyId: String,
userHandle: String?,
): Result<List<Fido2CredentialAutofillView>>
/**

30
app/src/main/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/VaultSdkSourceImpl.kt
View File

@@ -1,7 +1,6 @@
package com.x8bit.bitwarden.data.vault.datasource.sdk
import com.bitwarden.collections.Collection
import com.bitwarden.collections.CollectionId
import com.bitwarden.collections.CollectionView
import com.bitwarden.core.DeriveKeyConnectorException
import com.bitwarden.core.DeriveKeyConnectorRequest
@@ -101,7 +100,6 @@ class VaultSdkSourceImpl(
is DeriveKeyConnectorException.WrongPassword -> {
DeriveKeyConnectorResult.WrongPasswordError
}
is DeriveKeyConnectorException.Crypto -> {
DeriveKeyConnectorResult.Error(error = ex)
}
@@ -131,18 +129,15 @@ class VaultSdkSourceImpl(
.enrollPinWithEncryptedPin(encryptedPin = encryptedPin)
}
override suspend fun validatePinUserKey(
override suspend fun validatePin(
userId: String,
pin: String,
pinProtectedUserKeyEnvelope: String,
pinProtectedUserKey: String,
): Result<Boolean> =
runCatchingWithLogs {
getClient(userId = userId)
.auth()
.validatePinProtectedUserKeyEnvelope(
pin = pin,
pinProtectedUserKeyEnvelope = pinProtectedUserKeyEnvelope,
)
.validatePin(pin = pin, pinProtectedUserKey = pinProtectedUserKey)
}
override suspend fun getAuthRequestKey(
@@ -452,22 +447,6 @@ class VaultSdkSourceImpl(
.moveToOrganization(cipher = cipherView, organizationId = organizationId)
}
override suspend fun bulkMoveToOrganization(
userId: String,
organizationId: String,
cipherViews: List<CipherView>,
collectionIds: List<CollectionId>,
): Result<List<EncryptionContext>> = runCatchingWithLogs {
getClient(userId = userId)
.vault()
.ciphers()
.prepareCiphersForBulkShare(
organizationId = organizationId,
ciphers = cipherViews,
collectionIds = collectionIds,
)
}
override suspend fun validatePassword(
userId: String,
password: String,
@@ -620,7 +599,6 @@ class VaultSdkSourceImpl(
userId: String,
fido2CredentialStore: Fido2CredentialStore,
relyingPartyId: String,
userHandle: String?,
): Result<List<Fido2CredentialAutofillView>> = runCatchingWithLogs {
getClient(userId)
.platform()
@@ -629,7 +607,7 @@ class VaultSdkSourceImpl(
userInterface = Fido2CredentialSearchUserInterfaceImpl(),
credentialStore = fido2CredentialStore,
)
.silentlyDiscoverCredentials(relyingPartyId, userHandle?.toByteArray())
.silentlyDiscoverCredentials(relyingPartyId)
}
override suspend fun makeUpdateKdf(

2
app/src/main/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/Fido2CredentialAuthenticationUserInterfaceImpl.kt
View File

@@ -28,7 +28,7 @@ class Fido2CredentialAuthenticationUserInterfaceImpl(
newCredential: Fido2CredentialNewView,
): CheckUserAndPickCredentialForCreationResult = throw IllegalStateException()
override fun isVerificationEnabled(): Boolean = isVerificationSupported
override suspend fun isVerificationEnabled(): Boolean = isVerificationSupported
override suspend fun pickCredentialForAuthentication(
availableCredentials: List<CipherView>,

Some files were not shown because too many files have changed in this diff Show More