[PM-15969] Update inline comment

.checkmarx/config.yml

@@ -8,4 +8,4 @@ checkmarx:
     configs:
       sast:
         # Exclude test directories
-        filter: "**/test/**,!**/androidTest/**,!**/commonTest/**,!**/jvmTest/**,!**/jsTest/**,!**/iosTest/**"
+        filter: "!app/src/test/**"

.editorconfig

@@ -12,20 +12,127 @@ end_of_line = lf
 charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = true
+guidelines = 120
+
+# Code files
+[*.{cs,csx,vb,vbx}]
+indent_size = 4
+
+# Xml project files
+[*.{csproj,vbproj,vcxproj,vcxproj.filters,proj,projitems,shproj}]
+indent_size = 2
+
+# Xml config files
+[*.{props,targets,ruleset,config,nuspec,resx,vsixmanifest,vsct}]
+indent_size = 2
 
 # JSON files
 [*.json]
 indent_size = 2
 
-# Kotlin files
-# noinspection EditorConfigKeyCorrectness
-[*.{kt,kts}]
-# https://pinterest.github.io/ktlint/1.0.1/rules/configuration-ktlint/#trailing-comma-on-declaration-site
-ij_kotlin_allow_trailing_comma = true
-# https://pinterest.github.io/ktlint/1.0.1/rules/configuration-ktlint/#trailing-comma-on-declaration-site
-trailing-comma-on-declaration-site = true
-# https://pinterest.github.io/ktlint/1.0.1/rules/configuration-ktlint/#trailing-comma-on-call-site
-ij_kotlin_allow_trailing_comma_on_call_site = true
-
-[*.{scss,yml}]
+# JS files
+[*.{js,ts,scss,html}]
 indent_size = 2
+
+[*.{ts}]
+quote_type = single
+
+[*.{scss,yml,csproj}]
+indent_size = 2
+
+[*.sln]
+indent_style = tab
+
+# Dotnet code style settings:
+[*.{cs,vb}]
+# Sort using and Import directives with System.* appearing first
+dotnet_sort_system_directives_first = true
+# Avoid "this." and "Me." if not necessary
+dotnet_style_qualification_for_field = false:suggestion
+dotnet_style_qualification_for_property = false:suggestion
+dotnet_style_qualification_for_method = false:suggestion
+dotnet_style_qualification_for_event = false:suggestion
+
+# Use language keywords instead of framework type names for type references
+dotnet_style_predefined_type_for_locals_parameters_members = true:suggestion
+dotnet_style_predefined_type_for_member_access = true:suggestion
+
+# Suggest more modern language features when available
+dotnet_style_object_initializer = true:suggestion
+dotnet_style_collection_initializer = true:suggestion
+dotnet_style_coalesce_expression = true:suggestion
+dotnet_style_null_propagation = true:suggestion
+dotnet_style_explicit_tuple_names = true:suggestion
+
+# Prefix private members with underscore
+dotnet_naming_rule.private_members_with_underscore.symbols = private_fields
+dotnet_naming_rule.private_members_with_underscore.style = prefix_underscore
+dotnet_naming_rule.private_members_with_underscore.severity = suggestion
+
+dotnet_naming_symbols.private_fields.applicable_kinds = field
+dotnet_naming_symbols.private_fields.applicable_accessibilities = private
+
+dotnet_naming_style.prefix_underscore.capitalization = camel_case
+dotnet_naming_style.prefix_underscore.required_prefix = _
+
+# Async methods should have "Async" suffix
+dotnet_naming_rule.async_methods_end_in_async.symbols = any_async_methods
+dotnet_naming_rule.async_methods_end_in_async.style = end_in_async
+dotnet_naming_rule.async_methods_end_in_async.severity = suggestion
+
+dotnet_naming_symbols.any_async_methods.applicable_kinds = method
+dotnet_naming_symbols.any_async_methods.applicable_accessibilities = *
+dotnet_naming_symbols.any_async_methods.required_modifiers = async
+
+dotnet_naming_style.end_in_async.required_prefix = 
+dotnet_naming_style.end_in_async.required_suffix = Async
+dotnet_naming_style.end_in_async.capitalization = pascal_case
+dotnet_naming_style.end_in_async.word_separator = 
+
+# Obsolete warnings, this should be removed or changed to warning once we address some of the obsolete items.
+dotnet_diagnostic.CS0618.severity = suggestion
+
+# Obsolete warnings, this should be removed or changed to warning once we address some of the obsolete items.
+dotnet_diagnostic.CS0612.severity = suggestion
+
+# Remove unnecessary using directives https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/style-rules/ide0005
+dotnet_diagnostic.IDE0005.severity = warning
+
+# CSharp code style settings:
+[*.cs]
+# Prefer "var" everywhere
+csharp_style_var_for_built_in_types = true:suggestion
+csharp_style_var_when_type_is_apparent = true:suggestion
+csharp_style_var_elsewhere = true:suggestion
+
+# Prefer method-like constructs to have a expression-body
+csharp_style_expression_bodied_methods = true:none
+csharp_style_expression_bodied_constructors = true:none
+csharp_style_expression_bodied_operators = true:none
+
+# Prefer property-like constructs to have an expression-body
+csharp_style_expression_bodied_properties = true:none
+csharp_style_expression_bodied_indexers = true:none
+csharp_style_expression_bodied_accessors = true:none
+
+# Suggest more modern language features when available
+csharp_style_pattern_matching_over_is_with_cast_check = true:suggestion
+csharp_style_pattern_matching_over_as_with_null_check = true:suggestion
+csharp_style_inlined_variable_declaration = true:suggestion
+csharp_style_throw_expression = true:suggestion
+csharp_style_conditional_delegate_call = true:suggestion
+
+# Newline settings
+csharp_new_line_before_open_brace = all
+csharp_new_line_before_else = true
+csharp_new_line_before_catch = true
+csharp_new_line_before_finally = true
+csharp_new_line_before_members_in_object_initializers = true
+csharp_new_line_before_members_in_anonymous_types = true
+
+# Namespace settings
+csharp_style_namespace_declarations = file_scoped:warning
+
+# Switch expression
+dotnet_diagnostic.CS8509.severity = error # missing switch case for named enum value
+dotnet_diagnostic.CS8524.severity = none # missing switch case for unnamed enum value

.github/ISSUE_TEMPLATE/bug-bwa.yml

@@ -1,84 +0,0 @@
-name: Authenticator Android App Bug Report
-description: File a bug report
-labels: [ "app:authenticator", "bug" ]
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Thanks for taking the time to fill out this bug report!
-
-        Please do not submit feature requests. The [Community Forums](https://community.bitwarden.com) has a section for submitting, voting for, and discussing product feature requests.
-  - type: textarea
-    id: reproduce
-    attributes:
-      label: Steps To Reproduce
-      description: How can we reproduce the behavior.
-      value: |
-        1. Go to '...'
-        2. Click on '...'
-        3. Scroll down to '...'
-        4. Click on '...'
-    validations:
-      required: true
-  - type: textarea
-    id: expected
-    attributes:
-      label: Expected Result
-      description: A clear and concise description of what you expected to happen.
-    validations:
-      required: true
-  - type: textarea
-    id: actual
-    attributes:
-      label: Actual Result
-      description: A clear and concise description of what is happening.
-    validations:
-      required: true
-  - type: textarea
-    id: screenshots
-    attributes:
-      label: Screenshots or Videos
-      description: If applicable, add screenshots and/or a short video to help explain your problem.
-  - type: textarea
-    id: additional-context
-    attributes:
-      label: Additional Context
-      description: Add any other context about the problem here.
-  - type: input
-    id: version
-    attributes:
-      label: Build Version
-      description: What version of our software are you running?
-    validations:
-      required: true
-  - type: dropdown
-    id: server-region
-    attributes:
-      label: What server are you connecting to?
-      options:
-        - US
-        - EU
-        - Self-host
-        - N/A
-    validations:
-      required: true
-  - type: input
-    id: server-version
-    attributes:
-      label: Self-host Server Version
-      description: If self-hosting, what version of Bitwarden Server are you running?
-  - type: textarea
-    id: environment-details
-    attributes:
-      label: Environment Details
-      placeholder: |
-        - Device: [e.g. Pixel Tablet, Samsung Galaxy S24 ]
-        - OS Version: [e.g. API 32, Tiramisu ]
-  - type: checkboxes
-    id: issue-tracking-info
-    attributes:
-      label: Issue Tracking Info
-      description: |
-        Issue tracking information
-      options:
-        - label: I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

.github/ISSUE_TEMPLATE/bug-passkey.yml

@@ -1,64 +0,0 @@
-name: Passkey Bug Report
-description: File a Passkey / FIDO2 related bug report
-labels: [ "app:password-manager", "bug-passkey" ]
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Thanks for taking the time to fill out this Passkey-related bug report!
-
-        Please provide as much detail as possible to help us investigate the issue.
-
-  - type: dropdown
-    id: origin
-    attributes:
-      label: Origin
-      description: Are you using a web browser or a native application?
-      options:
-        - Web (Browser)
-        - Native Application (non-browser app)
-    validations:
-      required: true
-
-  - type: input
-    id: rp-id
-    attributes:
-      label: Web URL or App name
-      description: The website domain or app name you were trying to use the Passkey with
-      placeholder: "e.g. example.com or ExampleApp"
-    validations:
-      required: true
-
-  - type: checkboxes
-    id: operation-type
-    attributes:
-      label: Passkey Action
-      description: What passkey related action(s) were you trying to perform?
-      options:
-        - label: Creating new passkey (Registration)
-        - label: Signing in (Authentication)
-    validations:
-      required: true
-
-  - type: textarea
-    id: build-info
-    attributes:
-      label: Build Information
-      description: Please retrieve the build information from the About screen by tapping the Version number field
-    validations:
-      required: true
-
-  - type: textarea
-    id: additional-info
-    attributes:
-      label: Additional Information
-      description: Any additional context, steps to reproduce, error messages, or relevant information about the issue
-
-  - type: checkboxes
-    id: issue-tracking-info
-    attributes:
-      label: Issue Tracking Info
-      description: |
-        Issue tracking information
-      options:
-        - label: I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

.github/ISSUE_TEMPLATE/bug.yml

@@ -1,6 +1,6 @@
-name: Password Manager Android App Bug Report
+name: Android Bug Report
 description: File a bug report
-labels: [ "app:password-manager", "bug" ]
+labels: [ bug ]
 body:
   - type: markdown
     attributes:

.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +1,8 @@
 blank_issues_enabled: false
 contact_links:
+  - name: Legacy Android Bug Reports
+    url: https://github.com/bitwarden/mobile/issues
+    about: Bugs found in the publicly available .NET MAUI app should be reported in [bitwarden/mobile](https://github.com/bitwarden/mobile)
   - name: Feature Requests
     url: https://community.bitwarden.com/c/feature-requests/
     about: Request new features using the Community Forums. Please search existing feature requests before making a new one.

.github/PULL_REQUEST_TEMPLATE.md

@@ -15,11 +15,10 @@
 - Contributor guidelines followed
 - All formatters and local linters executed and passed
 - Written new unit and / or integration tests where applicable
-- Protected functional changes with optionality (feature flags)
 - Used internationalization (i18n) for all UI strings
 - CI builds passed
 - Communicated to DevOps any deployment requirements
-- Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team
+- Updated any necessary documentation or informed the documentation team
 
 ## 🦮 Reviewer guidelines
 
@@ -28,7 +27,8 @@
 - 👍 (`:+1:`) or similar for great changes
 - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info
 - ❓ (`:question:`) for questions
-- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
+- 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed
+  issue and could potentially benefit from discussion
 - 🎨 (`:art:`) for suggestions / improvements
 - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention
 - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt

.github/codecov.yml

@@ -1,2 +0,0 @@
-ignore:
-  - "src/test/**" # Tests

.github/renovate.json

@@ -1,56 +1,32 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "github>bitwarden/renovate-config"
-  ],
-  "enabledManagers": [
-    "github-actions",
-    "gradle",
-    "bundler"
-  ],
+  "extends": ["github>bitwarden/renovate-config"],
+  "enabledManagers": ["github-actions", "gradle", "bundler"],
   "packageRules": [
     {
       "groupName": "gh minor",
-      "matchManagers": [
-        "github-actions"
-      ],
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ]
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["minor", "patch"]
     },
     {
       "groupName": "gradle minor",
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ],
-      "matchManagers": [
-        "gradle"
-      ]
+      "matchUpdateTypes": ["minor", "patch"],
+      "matchManagers": ["gradle"]
     },
     {
       "groupName": "kotlin",
       "description": "Kotlin and Compose dependencies that must be updated together to maintain compatibility.",
-      "matchManagers": [
-        "gradle"
+      "matchPackagePatterns": [
+        "androidx.compose:compose-bom",
+        "org.jetbrains.kotlin.*",
+        "com.google.devtools.ksp"
       ],
-      "matchPackageNames": [
-        "/androidx.compose:compose-bom/",
-        "/androidx.lifecycle:*/",
-        "/org.jetbrains.kotlin.*/",
-        "/com.google.devtools.ksp/"
-      ]
+      "matchManagers": ["gradle"]
     },
     {
       "groupName": "bundler minor",
-      "matchUpdateTypes": [
-        "minor",
-        "patch"
-      ],
-      "matchManagers": [
-        "bundler"
-      ]
+      "matchUpdateTypes": ["minor", "patch"],
+      "matchManagers": ["bundler"]
     }
   ]
 }

.github/scripts/validate-json/.python-version

@@ -1 +0,0 @@
-3.13

.github/scripts/validate-json/README.md

@@ -1,39 +0,0 @@
-# JSON Validation Scripts
-
-Utility scripts for validating JSON files and checking for duplicate package names between Google and Community privileged browser lists.
-
-## Usage
-
-### Validate a JSON file
-
-```bash
-python validate_json.py validate <json_file>
-```
-
-### Check for duplicates between two JSON files
-
-```bash
-python validate_json.py duplicates <json_file1> <json_file2> [output_file]
-```
-
-If `output_file` is not specified, duplicates will be saved to `duplicates.txt`.
-
-## Running Tests
-
-```bash
-# Run all tests
-python -m unittest test_validate_json.py
-
-# Run the invalid JSON test individually
-python -m unittest test_validate_json.TestValidateJson.test_validate_json_invalid
-```
-
-## Examples
-
-```bash
-# Validate Google privileged browsers list
-python validate_json.py validate ../../app/src/main/assets/fido2_privileged_google.json
-
-# Check for duplicates between Google and Community lists
-python validate_json.py duplicates ../../app/src/main/assets/fido2_privileged_google.json ../../app/src/main/assets/fido2_privileged_community.json duplicates.txt
-```

.github/scripts/validate-json/fixtures/sample-invalid.json

@@ -1,20 +0,0 @@
-{
-  "apps": [
-
-      "type": "android",
-      "info": {
-        "package_name": "com.android.chrome",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
-          },
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
-          }
-        ]
-      }
-    }
-  ]
-}

.github/scripts/validate-json/fixtures/sample-valid1.json

@@ -1,48 +0,0 @@
-{
-  "apps": [
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.android.chrome",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "F0:FD:6C:5B:41:0F:25:CB:25:C3:B5:33:46:C8:97:2F:AE:30:F8:EE:74:11:DF:91:04:80:AD:6B:2D:60:DB:83"
-          },
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.chrome.dev",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "90:44:EE:5F:EE:4B:BC:5E:21:DD:44:66:54:31:C4:EB:1F:1F:71:A3:27:16:A0:BC:92:7B:CB:B3:92:33:CA:BF"
-          },
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "3D:7A:12:23:01:9A:A3:9D:9E:A0:E3:43:6A:B7:C0:89:6B:FB:4F:B6:79:F4:DE:5F:E7:C2:3F:32:6C:8F:99:4A"
-          }
-        ]
-      }
-    },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "com.chrome.canary",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "DF:A1:FB:23:EF:BF:70:C5:BC:D1:44:3C:5B:EA:B0:4F:3F:2F:F4:36:6E:9A:C1:E3:45:76:39:A2:4C:FC"
-          }
-        ]
-      }
-    }
-  ]
-}

.github/scripts/validate-json/fixtures/sample-valid2.json

@@ -1,20 +0,0 @@
-{
-  "apps": [
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.chromium.chrome",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "C6:AD:B8:B8:3C:6D:4C:17:D2:92:AF:DE:56:FD:48:8A:51:D3:16:FF:8F:2C:11:C5:41:02:23:BF:F8:A7:DB:B3"
-          },
-          {
-            "build": "userdebug",
-            "cert_fingerprint_sha256": "19:75:B2:F1:71:77:BC:89:A5:DF:F3:1F:9E:64:A6:CA:E2:81:A5:3D:C1:D1:D5:9B:1D:14:7F:E1:C8:2A:FA:00"
-          }
-        ]
-      }
-    }
-  ]
-}

.github/scripts/validate-json/test_validate_json.py

@@ -1,48 +0,0 @@
-#!/usr/bin/env python3
-import unittest
-import os
-import json
-from validate_json import validate_json, find_duplicates, get_package_names
-from unittest.mock import patch
-import io
-
-
-class TestValidateJson(unittest.TestCase):
-    def setUp(self):
-        self.valid_file = os.path.join(os.path.dirname(__file__), "fixtures/sample-valid1.json")
-        self.valid_file2 = os.path.join(os.path.dirname(__file__), "fixtures/sample-valid2.json")
-        self.invalid_file = os.path.join(os.path.dirname(__file__), "fixtures/sample-invalid.json")
-
-        # Suppress stdout
-        self.stdout_patcher = patch('sys.stdout', new=io.StringIO())
-        self.stdout_patcher.start()
-
-    def tearDown(self):
-        self.stdout_patcher.stop()
-
-    def test_validate_json_valid(self):
-        """Test validation of valid JSON file"""
-        self.assertTrue(validate_json(self.valid_file))
-
-    def test_validate_json_invalid(self):
-        """Test validation of invalid JSON file"""
-        self.assertFalse(validate_json(self.invalid_file))
-
-    def test_find_duplicates(self):
-        """Test when using the same file (should find duplicates)"""
-        expected_package_names = get_package_names(self.valid_file)
-
-        duplicates = find_duplicates(self.valid_file, self.valid_file)
-
-        self.assertEqual(len(duplicates), len(expected_package_names))
-        for package_name in expected_package_names:
-            self.assertIn(package_name, duplicates)
-
-    def test_find_duplicates_returns_empty_list_when_no_duplicates(self):
-        """Test when using different files (should not find duplicates)"""
-        duplicates = find_duplicates(self.valid_file, self.valid_file2)
-        self.assertEqual(len(duplicates), 0)
-
-
-if __name__ == "__main__":
-    unittest.main()

.github/scripts/validate-json/validate_json.py

@@ -1,145 +0,0 @@
-#!/usr/bin/env python3
-import json
-import sys
-import os
-from typing import List, Dict, Any, Set
-
-
-def get_package_names(file_path: str) -> Set[str]:
-    """
-    Extracts package names from a JSON file.
-
-    Args:
-        file_path: Path to the JSON file
-
-    Returns:
-        Set of package names
-    """
-    with open(file_path, 'r') as f:
-        data = json.load(f)
-
-    package_names = set()
-    for app in data["apps"]:
-        package_names.add(app["info"]["package_name"])
-
-    return package_names
-
-
-def validate_json(file_path: str) -> bool:
-    """
-    Validates if a JSON file is correctly formatted by attempting to deserialize it.
-
-    Args:
-        file_path: Path to the JSON file to validate
-
-    Returns:
-        True if valid, False otherwise
-    """
-    try:
-        if not os.path.exists(file_path):
-            print(f"Error: File {file_path} does not exist")
-            return False
-
-        with open(file_path, 'r') as f:
-            json.load(f)
-        print(f"✅ JSON file {file_path} is valid")
-        return True
-    except json.JSONDecodeError as e:
-        print(f"❌ Invalid JSON in {file_path}: {str(e)}")
-        return False
-    except Exception as e:
-        print(f"❌ Error validating {file_path}: {str(e)}")
-        return False
-
-
-def find_duplicates(file1_path: str, file2_path: str) -> List[str]:
-    """
-    Checks for duplicate package_name entries between two JSON files.
-
-    Args:
-        file1_path: Path to the first JSON file
-        file2_path: Path to the second JSON file
-
-    Returns:
-        List of duplicate package names, empty list if none found
-    """
-    try:
-        # Get package names from both files
-        packages1 = get_package_names(file1_path)
-        packages2 = get_package_names(file2_path)
-
-        # Find duplicates
-        duplicates = list(packages1.intersection(packages2))
-
-        if duplicates:
-            print(f"❌ Found {len(duplicates)} duplicate package names between {file1_path} and {file2_path}:")
-            for dup in duplicates:
-                print(f"  - {dup}")
-            return duplicates
-        else:
-            print(f"✅ No duplicate package names found between {file1_path} and {file2_path}")
-            return []
-
-    except Exception as e:
-        print(f"❌ Error checking duplicates: {str(e)}")
-        return []
-
-
-def save_duplicates_to_file(duplicates: List[str], output_file: str) -> None:
-    """
-    Saves the list of duplicates to a file.
-
-    Args:
-        duplicates: List of duplicate package names
-        output_file: Path to save the list of duplicates
-    """
-    try:
-        with open(output_file, 'w') as f:
-            for dup in duplicates:
-                f.write(f"{dup}\n")
-        print(f"Duplicates saved to {output_file}")
-    except Exception as e:
-        print(f"❌ Error saving duplicates to file: {str(e)}")
-
-
-def main():
-    if len(sys.argv) < 2:
-        print("Usage:")
-        print("  Validate JSON: python validate_json.py validate <json_file>")
-        print("  Check duplicates: python validate_json.py duplicates <json_file1> <json_file2> [output_file]")
-        sys.exit(1)
-
-    command = sys.argv[1]
-
-    match command:
-        case "validate":
-            if len(sys.argv) < 3:
-                print("Error: Missing JSON file path")
-                sys.exit(1)
-
-            file_path = sys.argv[2]
-            success = validate_json(file_path)
-            sys.exit(0 if success else 1)
-
-        case "duplicates":
-            if len(sys.argv) < 4:
-                print("Error: Missing JSON file paths")
-                sys.exit(1)
-
-            file1_path = sys.argv[2]
-            file2_path = sys.argv[3]
-            output_file = sys.argv[4] if len(sys.argv) > 4 else "duplicates.txt"
-
-            duplicates = find_duplicates(file1_path, file2_path)
-            if duplicates:
-                save_duplicates_to_file(duplicates, output_file)
-
-            sys.exit(0)
-
-        case _:
-            print(f"Unknown command: {command}")
-            sys.exit(1)
-
-
-if __name__ == "__main__":
-    main()

.github/workflows/build-authenticator.yml

@@ -1,289 +0,0 @@
-name: Build Authenticator
-
-on:
-  push:
-    branches:
-      - main
-  workflow_dispatch:
-    inputs:
-      version-name:
-        description: "Optional. Version string to use, in X.Y.Z format. Overrides default in the project."
-        required: false
-        type: string
-      version-code:
-        description: "Optional. Build number to use. Overrides default of GitHub run number."
-        required: false
-        type: number
-      distribute-to-firebase:
-        description: "Optional. Distribute artifacts to Firebase."
-        required: false
-        default: false
-        type: boolean
-      publish-to-play-store:
-        description: "Optional. Deploy bundle artifact to Google Play Store"
-        required: false
-        default: false
-        type: boolean
-
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  JAVA_VERSION: 17
-
-jobs:
-  build:
-    name: Build Authenticator
-    runs-on: ubuntu-24.04
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
-
-      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-v2-
-
-      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
-        with:
-          path: |
-            ${{ github.workspace }}/build-cache
-          key: ${{ runner.os }}-build-cache-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-build-
-
-      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
-        with:
-          distribution: "temurin"
-          java-version: ${{ env.JAVA_VERSION }}
-
-      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
-        with:
-          bundler-cache: true
-
-      - name: Install Fastlane
-        run: |
-          gem install bundler:2.2.27
-          bundle config path vendor/bundle
-          bundle install --jobs 4 --retry 3
-
-      - name: Check Authenticator
-        run: bundle exec fastlane checkAuthenticator
-
-      - name: Build Authenticator
-        run: bundle exec fastlane buildAuthenticatorDebug
-
-  publish_playstore:
-    name: Publish Authenticator Play Store artifacts
-    needs:
-      - build
-    runs-on: ubuntu-24.04
-    strategy:
-      fail-fast: false
-      matrix:
-        variant: ["aab", "apk"]
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
-        with:
-          bundler-cache: true
-
-      - name: Install Fastlane
-        run: |
-          gem install bundler:2.2.27
-          bundle config path vendor/bundle
-          bundle install --jobs 4 --retry 3
-
-      - name: Log in to Azure
-        uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
-        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-
-      - name: Retrieve secrets
-        env:
-          ACCOUNT_NAME: bitwardenci
-          CONTAINER_NAME: mobile
-        run: |
-          mkdir -p ${{ github.workspace }}/secrets
-          mkdir -p ${{ github.workspace }}/keystores
-
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
-          --name authenticator_apk-keystore.jks --file ${{ github.workspace }}/keystores/authenticator_apk-keystore.jks --output none
-
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
-          --name authenticator_aab-keystore.jks --file ${{ github.workspace }}/keystores/authenticator_aab-keystore.jks --output none
-
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
-          --name com.bitwarden.authenticator-google-services.json --file ${{ github.workspace }}/authenticator/src/google-services.json --output none
-
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
-          --name com.bitwarden.authenticator.dev-google-services.json --file ${{ github.workspace }}/authenticator/src/debug/google-services.json --output none
-
-      - name: Download Firebase credentials
-        if : ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
-        env:
-          ACCOUNT_NAME: bitwardenci
-          CONTAINER_NAME: mobile
-        run: |
-          mkdir -p ${{ github.workspace }}/secrets
-
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
-          --name authenticator_play_firebase-creds.json --file ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json --output none
-
-      - name: Download Play Store credentials
-        if: ${{ inputs.publish-to-play-store }}
-        env:
-          ACCOUNT_NAME: bitwardenci
-          CONTAINER_NAME: mobile
-        run: |
-          mkdir -p ${{ github.workspace }}/secrets
-
-          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
-          --name authenticator_play_store-creds.json --file ${{ github.workspace }}/secrets/authenticator_play_store-creds.json --output none
-
-      - name: Verify Play Store credentials
-        if: ${{ inputs.publish-to-play-store }}
-        run: |
-          bundle exec fastlane run validate_play_store_json_key \
-          json_key:${{ github.workspace }}/secrets/authenticator_play_store-creds.json }}
-
-      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
-
-      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-v2-
-
-      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
-        with:
-          path: |
-            ${{ github.workspace }}/build-cache
-          key: ${{ runner.os }}-build-cache-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-build-
-
-      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
-        with:
-          distribution: "temurin"
-          java-version: ${{ env.JAVA_VERSION }}
-
-      - name: Increment version
-        run: |
-          DEFAULT_VERSION_CODE=$GITHUB_RUN_NUMBER
-          VERSION_CODE="${{ inputs.version-code || '$DEFAULT_VERSION_CODE' }}"
-          bundle exec fastlane setAuthenticatorBuildVersionInfo \
-          versionCode:$VERSION_CODE \
-          versionName:${{ inputs.version-name || '' }}
-
-          regex='versionName = "([^"]+)"'
-          if [[ "$(cat authenticator/build.gradle.kts)" =~ $regex ]]; then
-            VERSION_NAME="${BASH_REMATCH[1]}"
-          fi
-          echo "Version Name: ${VERSION_NAME}" >> $GITHUB_STEP_SUMMARY
-          echo "Version Number: $VERSION_CODE" >> $GITHUB_STEP_SUMMARY
-
-      - name: Generate release Play Store bundle
-        if: ${{ matrix.variant == 'aab' }}
-        run: |
-          bundle exec fastlane bundleAuthenticatorRelease \
-          storeFile:${{ github.workspace }}/keystores/authenticator_aab-keystore.jks \
-          storePassword:'${{ secrets.BWA_AAB_KEYSTORE_STORE_PASSWORD }}' \
-          keyAlias:authenticatorupload \
-          keyPassword:'${{ secrets.BWA_AAB_KEYSTORE_KEY_PASSWORD }}'
-
-      - name: Generate release Play Store APK
-        if: ${{ matrix.variant == 'apk' }}
-        run: |
-          bundle exec fastlane buildAuthenticatorRelease \
-          storeFile:${{ github.workspace }}/keystores/authenticator_apk-keystore.jks \
-          storePassword:'${{ secrets.BWA_APK_KEYSTORE_STORE_PASSWORD }}' \
-          keyAlias:bitwardenauthenticator \
-          keyPassword:'${{ secrets.BWA_APK_KEYSTORE_KEY_PASSWORD }}'
-
-      - name: Upload release Play Store .aab artifact
-        if: ${{ matrix.variant == 'aab' }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        with:
-          name: com.bitwarden.authenticator.aab
-          path: authenticator/build/outputs/bundle/release/com.bitwarden.authenticator.aab
-          if-no-files-found: error
-
-      - name: Upload release .apk artifact
-        if: ${{ matrix.variant == 'apk' }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        with:
-          name: com.bitwarden.authenticator.apk
-          path: authenticator/build/outputs/apk/release/com.bitwarden.authenticator.apk
-          if-no-files-found: error
-
-      - name: Create checksum file for Release AAB
-        if: ${{ matrix.variant == 'aab' }}
-        run: |
-          sha256sum "authenticator/build/outputs/bundle/release/com.bitwarden.authenticator.aab" \
-            > ./authenticator-android-aab-sha256.txt
-
-      - name: Create checksum for release .apk artifact
-        if: ${{ matrix.variant == 'apk' }}
-        run: |
-          sha256sum "authenticator/build/outputs/apk/release/com.bitwarden.authenticator.apk" \
-            > ./authenticator-android-apk-sha256.txt
-
-      - name: Upload .apk SHA file for release
-        if: ${{ matrix.variant == 'apk' }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        with:
-          name: authenticator-android-apk-sha256.txt
-          path: ./authenticator-android-apk-sha256.txt
-          if-no-files-found: error
-
-      - name: Upload .aab SHA file for release
-        if: ${{ matrix.variant == 'aab' }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        with:
-          name: authenticator-android-aab-sha256.txt
-          path: ./authenticator-android-aab-sha256.txt
-          if-no-files-found: error
-
-      - name: Install Firebase app distribution plugin
-        if: ${{ inputs.distribute-to-firebase || github.event_name == 'push' }}
-        run: bundle exec fastlane add_plugin firebase_app_distribution
-
-      - name: Publish release bundle to Firebase
-        if: ${{ matrix.variant == 'aab' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
-        env:
-          FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/authenticator_play_firebase-creds.json
-        run: |
-          bundle exec fastlane distributeAuthenticatorReleaseBundleToFirebase \
-          serviceCredentialsFile:${{ env.FIREBASE_CREDS_PATH }}
-
-      # Only publish bundles to Play Store when `publish-to-play-store` is true while building
-      # bundles
-      - name: Publish release bundle to Google Play Store
-        if: ${{ inputs.publish-to-play-store && matrix.variant == 'aab' }}
-        env:
-          PLAY_STORE_CREDS_FILE: ${{ github.workspace }}/secrets/authenticator_play_store-creds.json
-        run: |
-          bundle exec fastlane publishAuthenticatorReleaseToGooglePlayStore \
-          serviceCredentialsFile:${{ env.PLAY_STORE_CREDS_FILE }} \

.github/workflows/build.yml

@@ -40,7 +40,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1
 
       - name: Cache Gradle files
         uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
@@ -62,13 +62,13 @@ jobs:
             ${{ runner.os }}-build-
 
       - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
         with:
           distribution: "temurin"
           java-version: ${{ env.JAVA_VERSION }}
 
       - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0
         with:
           bundler-cache: true
 
@@ -85,7 +85,7 @@ jobs:
         run: bundle exec fastlane assembleDebugApks
 
       - name: Upload test reports on failure
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         if: failure()
         with:
           name: test-reports
@@ -106,7 +106,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0
         with:
           bundler-cache: true
 
@@ -157,7 +157,7 @@ jobs:
           --name app_play_prod_firebase-creds.json --file ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json --output none
 
       - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1
 
       - name: Cache Gradle files
         uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
@@ -179,7 +179,7 @@ jobs:
             ${{ runner.os }}-build-
 
       - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
         with:
           distribution: "temurin"
           java-version: ${{ env.JAVA_VERSION }}
@@ -253,7 +253,7 @@ jobs:
 
       - name: Upload release Play Store .aab artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: com.x8bit.bitwarden.aab
           path: app/build/outputs/bundle/standardRelease/com.x8bit.bitwarden.aab
@@ -261,7 +261,7 @@ jobs:
 
       - name: Upload beta Play Store .aab artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: com.x8bit.bitwarden.beta.aab
           path: app/build/outputs/bundle/standardBeta/com.x8bit.bitwarden.beta.aab
@@ -269,7 +269,7 @@ jobs:
 
       - name: Upload release .apk artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: com.x8bit.bitwarden.apk
           path: app/build/outputs/apk/standard/release/com.x8bit.bitwarden.apk
@@ -277,7 +277,7 @@ jobs:
 
       - name: Upload beta .apk artifact
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: com.x8bit.bitwarden.beta.apk
           path: app/build/outputs/apk/standard/beta/com.x8bit.bitwarden.beta.apk
@@ -286,7 +286,7 @@ jobs:
       # When building variants other than 'prod'
       - name: Upload debug .apk artifact
         if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: com.x8bit.bitwarden.${{ matrix.variant }}.apk
           path: app/build/outputs/apk/standard/debug/com.x8bit.bitwarden.dev.apk
@@ -324,7 +324,7 @@ jobs:
 
       - name: Upload .apk SHA file for release
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: com.x8bit.bitwarden.apk-sha256.txt
           path: ./com.x8bit.bitwarden.apk-sha256.txt
@@ -332,7 +332,7 @@ jobs:
 
       - name: Upload .apk SHA file for beta
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: com.x8bit.bitwarden.beta.apk-sha256.txt
           path: ./com.x8bit.bitwarden.beta.apk-sha256.txt
@@ -340,7 +340,7 @@ jobs:
 
       - name: Upload .aab SHA file for release
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: com.x8bit.bitwarden.aab-sha256.txt
           path: ./com.x8bit.bitwarden.aab-sha256.txt
@@ -348,7 +348,7 @@ jobs:
 
       - name: Upload .aab SHA file for beta
         if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: com.x8bit.bitwarden.beta.aab-sha256.txt
           path: ./com.x8bit.bitwarden.beta.aab-sha256.txt
@@ -356,7 +356,7 @@ jobs:
 
       - name: Upload .apk SHA file for debug
         if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
           path: ./com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
@@ -405,7 +405,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0
         with:
           bundler-cache: true
 
@@ -442,7 +442,7 @@ jobs:
           --name app_fdroid_firebase-creds.json --file ${{ github.workspace }}/secrets/app_fdroid_firebase-creds.json --output none
 
       - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1
 
       - name: Cache Gradle files
         uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
@@ -464,7 +464,7 @@ jobs:
             ${{ runner.os }}-build-
 
       - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
         with:
           distribution: "temurin"
           java-version: ${{ env.JAVA_VERSION }}
@@ -515,7 +515,7 @@ jobs:
           keyPassword:"${{ env.FDROID_BETA_KEY_PASSWORD }}"
 
       - name: Upload F-Droid .apk artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: com.x8bit.bitwarden-fdroid.apk
           path: app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid.apk
@@ -527,14 +527,14 @@ jobs:
           > ./com.x8bit.bitwarden-fdroid.apk-sha256.txt
 
       - name: Upload F-Droid SHA file
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: com.x8bit.bitwarden-fdroid.apk-sha256.txt
           path: ./com.x8bit.bitwarden-fdroid.apk-sha256.txt
           if-no-files-found: error
 
       - name: Upload F-Droid Beta .apk artifact
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: com.x8bit.bitwarden.beta-fdroid.apk
           path: app/build/outputs/apk/fdroid/beta/com.x8bit.bitwarden.beta-fdroid.apk
@@ -546,7 +546,7 @@ jobs:
           > ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
 
       - name: Upload F-Droid Beta SHA file
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
           path: ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt

.github/workflows/cron-sync-google-priviledged-browsers.yml

@@ -1,98 +0,0 @@
-name: Cron / Sync Google Privileged Browsers List
-
-on:
-  schedule:
-    # Run weekly on Monday at 00:00 UTC
-    - cron: '0 0 * * 1'
-  workflow_dispatch:
-
-env:
-  SOURCE_URL: https://www.gstatic.com/gpm-passkeys-privileged-apps/apps.json
-  GOOGLE_FILE: app/src/main/assets/fido2_privileged_google.json
-  COMMUNITY_FILE: app/src/main/assets/fido2_privileged_community.json
-
-jobs:
-  sync-privileged-browsers:
-    name: Sync Google Privileged Browsers List
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: write
-      pull-requests: write
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
-
-      - name: Download Google Privileged Browsers List
-        run: curl -s $SOURCE_URL -o $GOOGLE_FILE
-
-      - name: Check for changes
-        id: check-changes
-        run: |
-          if git diff --quiet -- $GOOGLE_FILE; then
-            echo "👀 No changes detected, skipping..."
-            echo "has_changes=false" >> $GITHUB_OUTPUT
-            exit 0
-          fi
-
-          echo "has_changes=true" >> $GITHUB_OUTPUT
-          echo "👀 Changes detected, validating fido2_privileged_google.json..."
-
-          python .github/scripts/validate-json/validate_json.py validate $GOOGLE_FILE
-          if [ $? -ne 0 ]; then
-            echo "::error::JSON validation failed for $GOOGLE_FILE"
-            exit 1
-          fi
-
-          echo "👀 fido2_privileged_google.json is valid, checking for duplicates..."
-
-          # Check for duplicates between Google and Community files
-          python .github/scripts/validate-json/validate_json.py duplicates $GOOGLE_FILE $COMMUNITY_FILE duplicates.txt
-
-          if [ -f duplicates.txt ]; then
-            echo "::warning::Duplicate package names found between Google and Community files."
-            echo "duplicates_found=true" >> $GITHUB_OUTPUT
-          else
-            echo "✅ No duplicate package names found between Google and Community files"
-            echo "duplicates_found=false" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Create branch and commit
-        if: steps.check-changes.outputs.has_changes == 'true'
-        run: |
-          echo "👀 Committing fido2_privileged_google.json..."
-
-          BRANCH_NAME="cron-sync-privileged-browsers/$GITHUB_RUN_NUMBER-sync"
-          git config user.name "GitHub Actions Bot"
-          git config user.email "actions@github.com"
-          git checkout -b $BRANCH_NAME
-          git add $GOOGLE_FILE
-          git commit -m "Update Google privileged browsers list"
-          git push origin $BRANCH_NAME
-          echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
-          echo "🌱 Branch created: $BRANCH_NAME"
-
-      - name: Create Pull Request
-        if: steps.check-changes.outputs.has_changes == 'true'
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          DUPLICATES_FOUND: ${{ steps.check-changes.outputs.duplicates_found }}
-          BASE_PR_URL: ${{ github.server_url }}/${{ github.repository }}/pull/
-        run: |
-          PR_BODY="Updates the Google privileged browsers list with the latest data from $SOURCE_URL"
-
-          if [ "$DUPLICATES_FOUND" = "true" ]; then
-            PR_BODY="$PR_BODY\n\n> [!WARNING]\n> :suspect: The following package(s) appear in both Google and Community files:"
-            while IFS= read -r line; do
-              PR_BODY="$PR_BODY\n> - $line"
-            done < duplicates.txt
-          fi
-
-          # Use echo -e to interpret escape sequences and pipe to gh pr create
-          PR_URL=$(echo -e "$PR_BODY" | gh pr create \
-            --title "Update Google privileged browsers list" \
-            --body-file - \
-            --base main \
-            --head $BRANCH_NAME \
-            --label "automated-pr" \
-            --label "t:ci")

.github/workflows/crowdin-pull-authenticator.yml

@@ -1,56 +0,0 @@
-name: Crowdin Sync - Authenticator
-
-on:
-  workflow_dispatch:
-    inputs: {}
-  schedule:
-    - cron: '0 0 * * 5'
-
-jobs:
-  crowdin-sync:
-    name: Autosync
-    runs-on: ubuntu-24.04
-    env:
-      _CROWDIN_PROJECT_ID: "673718"
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Log in to Azure - CI Subscription
-        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
-        with:
-          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
-
-      - name: Retrieve secrets
-        id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@main
-        with:
-          keyvault: "bitwarden-ci"
-          secrets: "github-gpg-private-key, github-gpg-private-key-passphrase"
-
-      - name: Generate GH App token
-        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
-        id: app-token
-        with:
-          app-id: ${{ secrets.BW_GHAPP_ID }}
-          private-key: ${{ secrets.BW_GHAPP_KEY }}
-
-      - name: Download translations
-        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
-        env:
-          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
-          CROWDIN_API_TOKEN: ${{ secrets.CROWDIN_API_TOKEN }}
-        with:
-          config: crowdin-bwa.yml
-          upload_sources: false
-          upload_translations: false
-          download_translations: true
-          github_user_name: "bitwarden-devops-bot"
-          github_user_email: "106330231+bitwarden-devops-bot@users.noreply.github.com"
-          commit_message: "Autosync the updated translations"
-          localization_branch_name: crowdin-auto-sync
-          create_pull_request: true
-          pull_request_title: "Autosync Crowdin Translations"
-          pull_request_body: "Autosync the updated translations"
-          gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }}
-          gpg_passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }}

.github/workflows/crowdin-pull.yml

@@ -29,14 +29,14 @@ jobs:
           secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"
 
       - name: Generate GH App token
-        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
         id: app-token
         with:
           app-id: ${{ secrets.BW_GHAPP_ID }}
           private-key: ${{ secrets.BW_GHAPP_KEY }}
 
       - name: Download translations
-        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
+        uses: crowdin/github-action@a9ffb7d5ac46eca1bb1f06656bf888b39462f161 # v2.4.0
         env:
           GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
           CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}

.github/workflows/crowdin-push-authenticator.yml

@@ -1,30 +0,0 @@
-name: Crowdin Push - Authenticator
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - "main"
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  JAVA_VERSION: 17
-
-jobs:
-  crowdin-push:
-    name: Crowdin Push
-    runs-on: ubuntu-24.04
-    env:
-      _CROWDIN_PROJECT_ID: "673718"
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Upload sources
-        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          CROWDIN_API_TOKEN: ${{ secrets.CROWDIN_API_TOKEN }}
-        with:
-          config: crowdin-bwa.yml
-          upload_sources: true
-          upload_translations: false

.github/workflows/crowdin-push.yml

@@ -29,7 +29,7 @@ jobs:
           secrets: "crowdin-api-token"
 
       - name: Upload sources
-        uses: crowdin/github-action@d1632879d4d4da358f2d040f79fa094571c9a649 # v2.5.1
+        uses: crowdin/github-action@a9ffb7d5ac46eca1bb1f06656bf888b39462f161 # v2.4.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}

.github/workflows/github-release.yml

@@ -95,7 +95,7 @@ jobs:
 
       - name: Create Release
         id: create_release
-        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
+        uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0
         with:
           tag_name: "v${{ inputs.version-name }}"
           name: "${{ inputs.version-name }} (${{ inputs.version-number }})"

.github/workflows/scan-authenticator.yml

@@ -1,78 +0,0 @@
-name: Scan Authenticator
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - "main"
-      - "rc"
-      - "hotfix-rc"
-  pull_request_target:
-    types: [opened, synchronize]
-
-jobs:
-  check-run:
-    name: Check PR run
-    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
-
-  sast:
-    name: SAST scan
-    runs-on: ubuntu-24.04
-    needs: check-run
-    permissions:
-      contents: read
-      pull-requests: write
-      security-events: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{  github.event.pull_request.head.sha }}
-
-      - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
-        env:
-          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
-        with:
-          project_name: ${{ github.repository }}
-          cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
-          base_uri: https://ast.checkmarx.net/
-          cx_client_id: ${{ secrets.CHECKMARX_CLIENT_ID }}
-          cx_client_secret: ${{ secrets.CHECKMARX_SECRET }}
-          additional_params: |
-            --report-format sarif \
-            --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
-            --output-path . ${{ env.INCREMENTAL }}
-
-      - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2
-        with:
-          sarif_file: cx_result.sarif
-          sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
-          ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }}
-
-  quality:
-    name: Quality scan
-    runs-on: ubuntu-24.04
-    needs: check-run
-    permissions:
-      contents: read
-      pull-requests: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-          ref: ${{  github.event.pull_request.head.sha }}
-
-      - name: Scan with SonarCloud
-        uses: sonarsource/sonarqube-scan-action@bfd4e558cda28cda6b5defafb9232d191be8c203 # v4.2.1
-        env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        with:
-          args: >
-            -Dsonar.organization=${{ github.repository_owner }}
-            -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
-            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}

.github/workflows/scan-ci.yml

@@ -21,7 +21,7 @@ jobs:
           fetch-depth: 0
 
       - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
+        uses: checkmarx/ast-github-action@b74e8d514feae4ad5ad2b43e72590935bd2daf5f # 2.0.39
         with:
           project_name: ${{ github.repository }}
           cx_tenant: ${{ secrets.CHECKMARX_TENANT }}
@@ -34,11 +34,9 @@ jobs:
             --output-path .
 
       - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
+        uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
         with:
           sarif_file: cx_result.sarif
-          sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
-          ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }}
 
   quality:
     name: Quality scan
@@ -60,4 +58,3 @@ jobs:
           args: >
             -Dsonar.organization=${{ github.repository_owner }}
             -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
-            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}

.github/workflows/scan.yml

@@ -4,6 +4,8 @@ on:
   workflow_dispatch:
   pull_request_target:
     types: [opened, synchronize]
+  merge_group:
+    types: [checks_requested]
 
 jobs:
   check-run:
@@ -26,7 +28,7 @@ jobs:
           ref: ${{  github.event.pull_request.head.sha }}
 
       - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
+        uses: checkmarx/ast-github-action@b74e8d514feae4ad5ad2b43e72590935bd2daf5f # 2.0.39
         env:
           INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
         with:
@@ -41,11 +43,9 @@ jobs:
             --output-path . ${{ env.INCREMENTAL }}
 
       - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
+        uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
         with:
           sarif_file: cx_result.sarif
-          sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
-          ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }}
 
   quality:
     name: Quality scan
@@ -70,4 +70,3 @@ jobs:
           args: >
             -Dsonar.organization=${{ github.repository_owner }}
             -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
-            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}

.github/workflows/test-authenticator.yml

@@ -1,82 +0,0 @@
-name: Test Authenticator
-
-on:
-  push:
-    branches:
-      - "main"
-      - "rc"
-      - "hotfix-rc"
-  pull_request_target:
-    types: [opened, synchronize]
-
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  JAVA_VERSION: 17
-
-jobs:
-  check-run:
-    name: Check PR run
-    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
-
-  test:
-    name: Test
-    runs-on: ubuntu-24.04
-    needs: check-run
-    permissions:
-      contents: read
-      packages: read
-      pull-requests: write
-
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{  github.event.pull_request.head.sha }}
-
-      - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
-
-      - name: Cache Gradle files
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-v2-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties', '**/libs.versions.toml') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-v2-
-
-      - name: Cache build output
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
-        with:
-          path: |
-            ${{ github.workspace }}/build-cache
-          key: ${{ runner.os }}-build-cache-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-build-
-
-      - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
-        with:
-          bundler-cache: true
-
-      - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
-        with:
-          distribution: "temurin"
-          java-version: ${{ env.JAVA_VERSION }}
-
-      - name: Install Fastlane
-        run: |
-          gem install bundler:2.2.27
-          bundle config path vendor/bundle
-          bundle install --jobs 4 --retry 3
-
-      - name: Build and test Authenticator
-        run: |
-          bundle exec fastlane checkAuthenticator
-
-      - name: Upload to codecov.io
-        uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
-        with:
-          files: authenticator/build/reports/kover/reportDebug.xml

.github/workflows/test.yml

@@ -13,23 +13,24 @@ on:
   workflow_dispatch:
 
 env:
-  _JAVA_VERSION: 17
-  _GITHUB_ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/attempts/${{ github.run_attempt }}
-
+  JAVA_VERSION: 17
 
 jobs:
   test:
     name: Test
     runs-on: ubuntu-24.04
     permissions:
+      contents: read
+      issues: write
       packages: read
+      pull-requests: write
 
     steps:
       - name: Check out repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Validate Gradle wrapper
-        uses: gradle/actions/wrapper-validation@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
+        uses: gradle/actions/wrapper-validation@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0 # v4.2.1
 
       - name: Cache Gradle files
         uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
@@ -51,15 +52,15 @@ jobs:
             ${{ runner.os }}-build-
 
       - name: Configure Ruby
-        uses: ruby/setup-ruby@28c4deda893d5a96a6b2d958c5b47fc18d65c9d3 # v1.213.0
+        uses: ruby/setup-ruby@2a18b06812b0e15bb916e1df298d3e740422c47e # v1.203.0
         with:
           bundler-cache: true
 
       - name: Configure JDK
-        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
+        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
         with:
           distribution: "temurin"
-          java-version: ${{ env._JAVA_VERSION }}
+          java-version: ${{ env.JAVA_VERSION }}
 
       - name: Install Fastlane
         run: |
@@ -68,58 +69,17 @@ jobs:
           bundle install --jobs 4 --retry 3
 
       - name: Build and test
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Used in settings.gradle.kts to download the SDK from GitHub Maven Packages
         run: |
           bundle exec fastlane check
 
-      - name: Upload test reports
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
-        if: always()
-        with:
-          name: test-reports
-          path: |
-            app/build/reports/tests/
-            app/build/reports/kover/reportStandardDebug.xml
-
-  report:
-    name: Process Test Reports
-    needs: test
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      issues: write
-      pull-requests: write
-    if: success()
-
-    steps:
-      - name: Download test artifacts
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-        if: github.event_name == 'push' || github.event_name == 'pull_request'
+      - name: Upload test reports on failure
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        if: failure()
         with:
           name: test-reports
+          path: app/build/reports/tests/
 
       - name: Upload to codecov.io
-        id: upload-to-codecov
-        uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
-        if: github.event_name == 'push' || github.event_name == 'pull_request'
-        continue-on-error: true
+        uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1
         with:
-          os: linux
-          files: kover/reportStandardDebug.xml
-          fail_ci_if_error: true
-
-      - name: Comment PR if tests failed
-        if: steps.upload-to-codecov.outcome == 'failure' && (github.event_name == 'push' || github.event_name == 'pull_request')
-        env:
-            PR_NUMBER: ${{ github.event.number }}
-            GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-            RUN_ACTOR: ${{ github.triggering_actor }}
-        run: |
-          echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-          echo "> Uploading code coverage report failed. Please check the \"Upload to codecov.io\" step of \"Process Test Reports\" job for more details." >> $GITHUB_STEP_SUMMARY
-
-          if [ ! -z "$PR_NUMBER" ]; then
-            message=$'> [!WARNING]\n> @'$RUN_ACTOR' Uploading code coverage report failed. Please check the "Upload to codecov.io" step of [Process Test Reports job]('$_GITHUB_ACTION_RUN_URL') for more details.'
-            gh pr comment --repo $GITHUB_REPOSITORY $PR_NUMBER --body "$message"
-          fi
+          files: app/build/reports/kover/reportStandardDebug.xml

.gitignore

@@ -25,13 +25,5 @@ user.properties
 
 # Secrets
 /keystores/*.jks
-/app/src/standardBeta/google-services.json
+/app/src/standardDebug/google-services.json
 /app/src/standardRelease/google-services.json
-/authenticator/src/google-services.json
-
-# Python
-.python-version
-__pycache__/
-
-# Generated by .github/scripts/validate-json/validate-json.py
-duplicates.txt

.husky/pre-commit

@@ -1 +0,0 @@
-npx lint-staged

Gemfile.lock

@@ -9,22 +9,21 @@ GEM
       public_suffix (>= 2.0.2, < 7.0)
     artifactory (3.0.17)
     atomos (0.1.3)
-    aws-eventstream (1.3.2)
-    aws-partitions (1.1067.0)
-    aws-sdk-core (3.220.1)
+    aws-eventstream (1.3.0)
+    aws-partitions (1.1026.0)
+    aws-sdk-core (3.214.0)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.992.0)
       aws-sigv4 (~> 1.9)
-      base64
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.99.0)
-      aws-sdk-core (~> 3, >= 3.216.0)
+    aws-sdk-kms (1.96.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
       aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.182.0)
-      aws-sdk-core (~> 3, >= 3.216.0)
+    aws-sdk-s3 (1.176.1)
+      aws-sdk-core (~> 3, >= 3.210.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.5)
-    aws-sigv4 (1.11.0)
+    aws-sigv4 (1.10.1)
       aws-eventstream (~> 1, >= 1.0.2)
     babosa (1.0.4)
     base64 (0.2.0)
@@ -35,7 +34,7 @@ GEM
       highline (~> 2.0.0)
     date (3.4.1)
     declarative (0.0.20)
-    digest-crc (0.7.0)
+    digest-crc (0.6.5)
       rake (>= 12.0.0, < 14.0.0)
     domain_name (0.6.20240107)
     dotenv (2.8.1)
@@ -69,8 +68,8 @@ GEM
     faraday-retry (1.0.3)
     faraday_middleware (1.2.1)
       faraday (~> 1.0)
-    fastimage (2.4.0)
-    fastlane (2.227.0)
+    fastimage (2.3.1)
+    fastlane (2.226.0)
       CFPropertyList (>= 2.3, < 4.0.0)
       addressable (>= 2.8, < 3.0.0)
       artifactory (~> 3.0)
@@ -112,7 +111,7 @@ GEM
       xcodeproj (>= 1.13.0, < 2.0.0)
       xcpretty (~> 0.4.0)
       xcpretty-travis-formatter (>= 0.0.3, < 2.0.0)
-    fastlane-plugin-firebase_app_distribution (0.10.0)
+    fastlane-plugin-firebase_app_distribution (0.9.1)
       google-apis-firebaseappdistribution_v1 (~> 0.3.0)
       google-apis-firebaseappdistribution_v1alpha (~> 0.2.0)
     fastlane-sirp (1.0.0)
@@ -138,12 +137,12 @@ GEM
       google-apis-core (>= 0.11.0, < 2.a)
     google-apis-storage_v1 (0.31.0)
       google-apis-core (>= 0.11.0, < 2.a)
-    google-cloud-core (1.8.0)
+    google-cloud-core (1.7.1)
       google-cloud-env (>= 1.0, < 3.a)
       google-cloud-errors (~> 1.0)
     google-cloud-env (1.6.0)
       faraday (>= 0.17.3, < 3.0)
-    google-cloud-errors (1.5.0)
+    google-cloud-errors (1.4.0)
     google-cloud-storage (1.47.0)
       addressable (~> 2.8)
       digest-crc (~> 0.4)
@@ -161,23 +160,21 @@ GEM
     highline (2.0.3)
     http-cookie (1.0.8)
       domain_name (~> 0.5)
-    httpclient (2.9.0)
-      mutex_m
+    httpclient (2.8.3)
     jmespath (1.6.2)
-    json (2.10.2)
-    jwt (2.10.1)
+    json (2.9.1)
+    jwt (2.9.3)
       base64
     mini_magick (4.13.2)
     mini_mime (1.1.5)
     multi_json (1.15.0)
     multipart-post (2.4.1)
-    mutex_m (0.3.0)
     nanaimo (0.4.0)
     naturally (2.2.1)
     nkf (0.2.0)
     optparse (0.6.0)
     os (1.1.4)
-    plist (3.7.2)
+    plist (3.7.1)
     public_suffix (6.0.1)
     rake (13.2.1)
     representable (3.2.0)
@@ -185,10 +182,10 @@ GEM
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     retriable (3.1.2)
-    rexml (3.4.1)
+    rexml (3.4.0)
     rouge (3.28.0)
     ruby2_keywords (0.0.5)
-    rubyzip (2.4.1)
+    rubyzip (2.3.2)
     security (0.1.5)
     signet (0.19.0)
       addressable (~> 2.8)

README-bwa.md

@@ -1,61 +0,0 @@
-[![Github Workflow build on main](https://github.com/bitwarden/authenticator-android/actions/workflows/build-authenticator.yml/badge.svg?branch=main)](https://github.com/bitwarden/authenticator-android/actions/workflows/build-authenticator.yml?query=branch:main)
-[![Join the chat at https://gitter.im/bitwarden/Lobby](https://badges.gitter.im/bitwarden/Lobby.svg)](https://gitter.im/bitwarden/Lobby)
-
-# Bitwarden Authenticator Android App
-
-<a href="https://play.google.com/store/apps/details?id=com.bitwarden.authenticator" target="_blank"><img alt="Get it on Google Play" src="https://imgur.com/YQzmZi9.png" width="153" height="46"></a>
-
-Bitwarden Authenticator allows you easily store and generate two-factor authentication codes on your device. The Bitwarden Authenticator Android application is written in Kotlin.
-
-<img src="https://raw.githubusercontent.com/bitwarden/brand/master/screenshots/authenticator-android-codes.png" alt="" width="325" height="650" />
-
-## Compatibility
-
-- **Minimum SDK**: 28
-- **Target SDK**: 34
-- **Device Types Supported**: Phone and Tablet
-- **Orientations Supported**: Portrait and Landscape
-
-## Setup
-
-
-1. Clone the repository:
-
-    ```sh
-    $ git clone https://github.com/bitwarden/authenticator-android
-    ```
-
-2. Create a `user.properties` file in the root directory of the project and add the following properties:
-
-    - `gitHubToken`: A "classic" Github Personal Access Token (PAT) with the `read:packages` scope (ex: `gitHubToken=gph_xx...xx`). These can be generated by going to the [Github tokens page](https://github.com/settings/tokens). See [the Github Packages user documentation concerning authentication](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-gradle-registry#authenticating-to-github-packages) for more details.
-
-3. Setup the code style formatter:
-
-    All code must follow the guidelines described in the [Code Style Guidelines document](docs/STYLE_AND_BEST_PRACTICES.md). To aid in adhering to these rules, all contributors should apply `docs/bitwarden-style.xml` as their code style scheme. In IntelliJ / Android Studio:
-
-    - Navigate to `Preferences > Editor > Code Style`.
-    - Hit the `Manage` button next to `Scheme`.
-    - Select `Import`.
-    - Find the `bitwarden-style.xml` file in the project's `docs/` directory.
-    - Import "from" `BitwardenStyle` "to" `BitwardenStyle`.
-    - Hit `Apply` and `OK` to save the changes and exit Preferences.
-
-    Note that in some cases you may need to restart Android Studio for the changes to take effect.
-
-    All code should be formatted before submitting a pull request. This can be done manually but it can also be helpful to create a macro with a custom keyboard binding to auto-format when saving. In Android Studio on OS X:
-
-    - Select `Edit > Macros > Start Macro Recording`
-    - Select `Code > Optimize Imports`
-    - Select `Code > Reformat Code`
-    - Select `File > Save All`
-    - Select `Edit > Macros > Stop Macro Recording`
-
-    This can then be mapped to a set of keys by navigating to `Android Studio > Preferences` and editing the macro under `Keymap` (ex : shift + command + s).
-
-    Please avoid mixing formatting and logical changes in the same commit/PR. When possible, fix any large formatting issues in a separate PR before opening one to make logical changes to the same code. This helps others focus on the meaningful code changes when reviewing the code.
-
-## Contribute
-
-Code contributions are welcome! Please commit any pull requests against the `main` branch. Learn more about how to contribute by reading the [Contributing Guidelines](https://contributing.bitwarden.com/contributing/). Check out the [Contributing Documentation](https://contributing.bitwarden.com/) for how to get started with your first contribution.
-
-Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the [`SECURITY.md`](SECURITY.md) file.

README.md

@@ -1,40 +1,232 @@
+# Bitwarden Android
 
-<p align="center">
-    <picture>
-        <source media="(prefers-color-scheme: dark)" srcset=".github/images/android-dark.png">
-        <source media="(prefers-color-scheme: light)" srcset=".github/images/android-light.png">
-        <img alt="Bitwarden Android apps screenshots." src=".github/images/android-light.png">
-    </picture>
-</p>
-<p align="center">
-    <a href="https://github.com/bitwarden/android/actions/workflows/build.yml?query=branch:main" target="_blank"><img src="https://github.com/bitwarden/android/actions/workflows/build.yml/badge.svg?branch=main" alt="GitHub Workflow Android CI build on main" /></a>
-    <a href="https://github.com/bitwarden/android/actions/workflows/test.yml?query=branch:main" target="_blank"><img src="https://github.com/bitwarden/android/actions/workflows/test.yml/badge.svg?branch=main" alt="GitHub Workflow Android Password Manager Test on main" /></a>
-    <a href="https://gitter.im/bitwarden/Lobby" target="_blank"><img src="https://badges.gitter.im/bitwarden/Lobby.svg" alt="gitter chat" /></a>
-</p>
+## Contents
 
----
+- [Compatibility](#compatibility)
+- [Setup](#setup)
+- [Dependencies](#dependencies)
 
-# Bitwarden Android Password Manager & Authenticator Apps
+## Compatibility
 
-Please refer to the [Contributing Documentation](https://contributing.bitwarden.com/) for setup instructions, recommended tooling, code style tips, and lots of other great information to get you started. Relevant Links:
+- **Minimum SDK**: 29
+- **Target SDK**: 35
+- **Device Types Supported**: Phone and Tablet
+- **Orientations Supported**: Portrait and Landscape
 
-- [Getting Started](https://contributing.bitwarden.com/getting-started/mobile/android/)
-- [Code Style](https://contributing.bitwarden.com/contributing/code-style/android-kotlin)
-- [Architecture](https://contributing.bitwarden.com/architecture/mobile-clients/android/)
-- [Push Notifications Deep Dive](https://contributing.bitwarden.com/architecture/deep-dives/push-notifications/mobile)
+## Setup
 
-## Related projects:
 
-- [bitwarden/server](https://github.com/bitwarden/server): The core infrastructure backend (API, database, Docker, etc).
-- [bitwarden/clients](https://github.com/bitwarden/clients): Non-mobile Bitwarden Clients Applications.
-- [bitwarden/directory-connector](https://github.com/bitwarden/directory-connector): A tool for syncing a directory (AD, LDAP, Azure, G Suite, Okta) to an organization.
+1. Clone the repository:
 
-# We're Hiring!
+    ```sh
+    $ git clone https://github.com/bitwarden/android
+    ```
 
-Interested in contributing in a big way? Consider joining our team! We're hiring for many positions. Please take a look at our [Careers page](https://bitwarden.com/careers/) to see what opportunities are [currently open](https://bitwarden.com/careers/#open-positions) as well as what it's like to work at Bitwarden.
+2. Create a `user.properties` file in the root directory of the project and add the following properties:
 
-# Contribute
+    - `gitHubToken`: A "classic" Github Personal Access Token (PAT) with the `read:packages` scope (ex: `gitHubToken=gph_xx...xx`). These can be generated by going to the [Github tokens page](https://github.com/settings/tokens). See [the Github Packages user documentation concerning authentication](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-gradle-registry#authenticating-to-github-packages) for more details.
+    - `localSdk`: A boolean value to determine if the SDK should be loaded from the local maven artifactory (ex: `localSdk=true`). This is particularly useful when developing new SDK capabilities. Review [Linking SDK to clients](https://contributing.bitwarden.com/getting-started/sdk/#linking-the-sdk-to-clients) for more details.
 
-Code contributions are welcome! Please commit any pull requests against the `main` branch. Learn more about how to contribute by reading the [Contributing Guidelines](https://contributing.bitwarden.com/contributing/). Check out the [Contributing Documentation](https://contributing.bitwarden.com/) for how to get started with your first contribution.
+3. Setup the code style formatter:
 
-Security audits and feedback are welcome. Please open an issue or email us privately if the report is sensitive in nature. You can read our security policy in the [`SECURITY.md`](SECURITY.md) file.
+    All code must follow the guidelines described in the [Code Style Guidelines document](docs/STYLE_AND_BEST_PRACTICES.md). To aid in adhering to these rules, all contributors should apply `docs/bitwarden-style.xml` as their code style scheme. In IntelliJ / Android Studio:
+
+    - Navigate to `Preferences > Editor > Code Style`.
+    - Hit the `Manage` button next to `Scheme`.
+    - Select `Import`.
+    - Find the `bitwarden-style.xml` file in the project's `docs/` directory.
+    - Import "from" `BitwardenStyle` "to" `BitwardenStyle`.
+    - Hit `Apply` and `OK` to save the changes and exit Preferences.
+
+    Note that in some cases you may need to restart Android Studio for the changes to take effect.
+
+    All code should be formatted before submitting a pull request. This can be done manually but it can also be helpful to create a macro with a custom keyboard binding to auto-format when saving. In Android Studio on OS X:
+
+    - Select `Edit > Macros > Start Macro Recording`
+    - Select `Code > Optimize Imports`
+    - Select `Code > Reformat Code`
+    - Select `File > Save All`
+    - Select `Edit > Macros > Stop Macro Recording`
+
+    This can then be mapped to a set of keys by navigating to `Android Studio > Preferences` and editing the macro under `Keymap` (ex : shift + command + s).
+
+    Please avoid mixing formatting and logical changes in the same commit/PR. When possible, fix any large formatting issues in a separate PR before opening one to make logical changes to the same code. This helps others focus on the meaningful code changes when reviewing the code.
+
+## Dependencies
+
+### Application Dependencies
+
+The following is a list of all third-party dependencies included as part of the application beyond the standard Android SDK.
+
+- **AndroidX Appcompat**
+    - https://developer.android.com/jetpack/androidx/releases/appcompat
+    - Purpose: Allows access to new APIs on older API versions.
+    - License: Apache 2.0
+
+- **AndroidX Autofill**
+    - https://developer.android.com/jetpack/androidx/releases/autofill
+    - Purpose: Allows access to tools for building inline autofill UI.
+    - License: Apache 2.0
+
+- **AndroidX Biometrics**
+    - https://developer.android.com/jetpack/androidx/releases/biometric
+    - Purpose: Authenticate with biometrics or device credentials.
+    - License: Apache 2.0
+
+- **AndroidX Browser**
+    - https://developer.android.com/jetpack/androidx/releases/browser
+    - Purpose: Displays webpages with the user's default browser.
+    - License: Apache 2.0
+
+- **AndroidX CameraX Camera2**
+    - https://developer.android.com/jetpack/androidx/releases/camera
+    - Purpose: Display and capture images for barcode scanning.
+    - License: Apache 2.0
+
+- **AndroidX Compose**
+    - https://developer.android.com/jetpack/androidx/releases/compose
+    - Purpose: A Kotlin-based declarative UI framework.
+    - License: Apache 2.0
+
+- **AndroidX Core SplashScreen**
+    - https://developer.android.com/jetpack/androidx/releases/core
+    - Purpose: Backwards compatible SplashScreen API implementation.
+    - License: Apache 2.0
+
+- **AndroidX Credentials**
+    - https://developer.android.com/jetpack/androidx/releases/credentials
+    - Purpose: Unified access to user's credentials.
+    - License: Apache 2.0
+
+- **AndroidX Lifecycle**
+    - https://developer.android.com/jetpack/androidx/releases/lifecycle
+    - Purpose: Lifecycle aware components and tooling.
+    - License: Apache 2.0
+
+- **AndroidX Room**
+    - https://developer.android.com/jetpack/androidx/releases/room
+    - Purpose: A convenient SQLite-based persistence layer for Android.
+    - License: Apache 2.0
+
+- **AndroidX Security**
+    - https://developer.android.com/jetpack/androidx/releases/security
+    - Purpose: Safely manage keys and encrypt files and sharedpreferences.
+    - License: Apache 2.0
+
+- **AndroidX WorkManager**
+    - https://developer.android.com/jetpack/androidx/releases/work
+    - Purpose: The WorkManager is used to schedule deferrable, asynchronous tasks that must be run reliably.
+    - License: Apache 2.0
+
+- **Dagger Hilt**
+    - https://github.com/google/dagger
+    - Purpose: Dependency injection framework.
+    - License: Apache 2.0
+
+- **Firebase Cloud Messaging**
+    - https://github.com/firebase/firebase-android-sdk
+    - Purpose: Allows for push notification support. (**NOTE:** This dependency is not included in builds distributed via F-Droid.)
+    - License: Apache 2.0
+
+- **Firebase Crashlytics**
+    - https://github.com/firebase/firebase-android-sdk
+    - Purpose: SDK for crash and non-fatal error reporting. (**NOTE:** This dependency is not included in builds distributed via F-Droid.)
+    - License: Apache 2.0
+  
+- **Google Play Reviews**
+  - https://developer.android.com/reference/com/google/android/play/core/release-notes
+  - Purpose: On standard builds provide an interface to add a review for the password manager application in Google Play.
+  - License: Apache 2.0
+
+- **Glide**
+    - https://github.com/bumptech/glide
+    - Purpose: Image loading and caching.
+    - License: BSD, part MIT and Apache 2.0
+
+- **kotlinx.collections.immutable**
+    - https://github.com/Kotlin/kotlinx.collections.immutable
+    - Purpose: Immutable collection interfaces and implementation prototypes for Kotlin.
+    - License: Apache 2.0
+
+- **kotlinx.coroutines**
+    - https://github.com/Kotlin/kotlinx.coroutines
+    - Purpose: Kotlin coroutines library for asynchronous and reactive code.
+    - License: Apache 2.0
+
+- **kotlinx.serialization**
+    - https://github.com/Kotlin/kotlinx.serialization/
+    - Purpose: JSON serialization library for Kotlin.
+    - License: Apache 2.0
+
+- **kotlinx.serialization converter**
+    - https://github.com/square/retrofit/tree/trunk/retrofit-converters/kotlinx-serialization
+    - Purpose: Converter for Retrofit 2 and kotlinx.serialization.
+    - License: Apache 2.0
+
+- **OkHttp 3**
+    - https://github.com/square/okhttp
+    - Purpose: An HTTP client used by the library to intercept and log traffic.
+    - License: Apache 2.0
+
+- **Retrofit 2**
+    - https://github.com/square/retrofit
+    - Purpose: A networking layer interface.
+    - License: Apache 2.0
+
+- **Timber**
+    - https://github.com/JakeWharton/timber
+    - Purpose: Extensible logging library for Android.
+    - License: Apache 2.0
+
+- **zxcvbn4j**
+    - https://github.com/nulab/zxcvbn4j
+    - Purpose: Password strength estimation.
+    - License: MIT
+
+- **ZXing**
+    - https://github.com/zxing/zxing
+    - Purpose: Barcode scanning and generation.
+    - License: Apache 2.0
+
+### Development Environment Dependencies
+
+The following is a list of additional third-party dependencies used as part of the local development environment. This includes test-related artifacts as well as tools related to code quality and linting. These are not present in the final packaged application.
+
+- **detekt**
+    - https://github.com/detekt/detekt
+    - Purpose: A static code analysis tool for the Kotlin programming language.
+    - License: Apache 2.0
+
+- **JUnit 5**
+    - https://github.com/junit-team/junit5
+    - Purpose: Unit Testing framework for testing application code.
+    - License: Eclipse Public License 2.0
+
+- **MockK**
+    - https://github.com/mockk/mockk
+    - Purpose: Kotlin-friendly mocking library.
+    - License: Apache 2.0
+
+- **Robolectric**
+    - https://github.com/robolectric/robolectric
+    - Purpose: A unit testing framework for code directly depending on the Android framework.
+    - License: MIT
+
+- **Turbine**
+    - https://github.com/cashapp/turbine
+    - Purpose: A small testing library for kotlinx.coroutine's Flow.
+    - License: Apache 2.0
+
+### CI/CD Dependencies
+
+The following is a list of additional third-party dependencies used as part of the CI/CD workflows. These are not present in the final packaged application.
+
+- **Fastlane**
+    - https://fastlane.tools/
+    - Purpose: Automates building, signing, and distributing applications.
+    - License: MIT
+
+- **Kover**
+    - https://github.com/Kotlin/kotlinx-kover
+    - Purpose: Kotlin code coverage toolset.
+    - License: Apache 2.0

SECURITY.md

@@ -1,32 +1,21 @@
-Bitwarden believes that working with security researchers across the globe is crucial to keeping our
-users safe. If you believe you've found a security issue in our product or service, we encourage you
-to please submit a report through our [HackerOne Program](https://hackerone.com/bitwarden/). We
-welcome working with you to resolve the issue promptly. Thanks in advance!
+Bitwarden believes that working with security researchers across the globe is crucial to keeping our users safe. If you believe you've found a security issue in our product or service, we encourage you to please submit a report through our [HackerOne Program](https://hackerone.com/bitwarden/). We welcome working with you to resolve the issue promptly. Thanks in advance!
 
 # Disclosure Policy
 
-- Let us know as soon as possible upon discovery of a potential security issue, and we'll make every
-  effort to quickly resolve the issue.
-- Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or
-  a third-party. We may publicly disclose the issue before resolving it, if appropriate.
-- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or
-  degradation of our service. Only interact with accounts you own or with explicit permission of the
-  account holder.
-- If you would like to encrypt your report, please use the PGP key with long ID
-  `0xDE6887086F892325FEC04CC0D847525B6931381F` (available in the public keyserver pool).
+-   Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
+-   Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. We may publicly disclose the issue before resolving it, if appropriate.
+-   Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
+-   If you would like to encrypt your report, please use the PGP key with long ID `0xDE6887086F892325FEC04CC0D847525B6931381F` (available in the public keyserver pool).
 
 While researching, we'd like to ask you to refrain from:
 
-- Denial of service
-- Spamming
-- Social engineering (including phishing) of Bitwarden staff or contractors
-- Any physical attempts against Bitwarden property or data centers
+-   Denial of service
+-   Spamming
+-   Social engineering (including phishing) of Bitwarden staff or contractors
+-   Any physical attempts against Bitwarden property or data centers
 
 # We want to help you!
 
-If you have something that you feel is close to exploitation, or if you'd like some information
-regarding the internal API, or generally have any questions regarding the app that would help in
-your efforts, please email us at https://bitwarden.com/contact and ask for that information. As
-stated above, Bitwarden wants to help you find issues, and is more than willing to help.
+If you have something that you feel is close to exploitation, or if you'd like some information regarding the internal API, or generally have any questions regarding the app that would help in your efforts, please email us at https://bitwarden.com/contact and ask for that information. As stated above, Bitwarden wants to help you find issues, and is more than willing to help.
 
 Thank you for helping keep Bitwarden and our users safe!

app/build.gradle.kts

@@ -68,7 +68,7 @@ android {
         buildConfigField(
             type = "String",
             name = "CI_INFO",
-            value = "${ciProperties.getOrDefault("ci.info", "\"local\"")}",
+            value = "${ciProperties.getOrDefault("ci.info", "\"local\"")}"
         )
     }
 
@@ -104,7 +104,7 @@ android {
             isMinifyEnabled = true
             proguardFiles(
                 getDefaultProguardFile("proguard-android-optimize.txt"),
-                "proguard-rules.pro",
+                "proguard-rules.pro"
             )
 
             buildConfigField(type = "boolean", name = "HAS_DEBUG_MENU", value = "false")
@@ -115,7 +115,7 @@ android {
             isMinifyEnabled = true
             proguardFiles(
                 getDefaultProguardFile("proguard-android-optimize.txt"),
-                "proguard-rules.pro",
+                "proguard-rules.pro"
             )
 
             buildConfigField(type = "boolean", name = "HAS_DEBUG_MENU", value = "false")
@@ -180,6 +180,7 @@ android {
             excludes += "/META-INF/{AL2.0,LGPL2.1}"
         }
     }
+    @Suppress("UnstableApiUsage")
     testOptions {
         // Required for Robolectric
         unitTests.isIncludeAndroidResources = true
@@ -271,8 +272,6 @@ dependencies {
 
     testImplementation(libs.androidx.compose.ui.test)
     testImplementation(libs.google.hilt.android.testing)
-    testImplementation(platform(libs.junit.bom))
-    testRuntimeOnly(libs.junit.platform.launcher)
     testImplementation(libs.junit.junit5)
     testImplementation(libs.junit.vintage)
     testImplementation(libs.kotlinx.coroutines.test)
@@ -326,7 +325,6 @@ kover {
                     "*_*Factory\$*",
                     "*.Hilt_*",
                     "*_HiltModules",
-                    "*_HiltModules*",
                     "*_HiltModules\$*",
                     "*_Impl",
                     "*_Impl\$*",

app/src/main/AndroidManifest.xml

@@ -15,7 +15,7 @@
     <uses-permission android:name="android.permission.CAMERA" />
     <uses-permission android:name="android.permission.INTERNET" />
     <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
-    <uses-permission android:name="android.permission.READ_USER_DICTIONARY"/>
+
     <!-- Protect access to AuthenticatorBridgeService using this custom permission.
 
     Note that each build type uses a different value for knownCerts.
@@ -320,11 +320,6 @@
             <action android:name="android.intent.action.MAIN" />
             <category android:name="android.intent.category.HOME" />
         </intent>
-        <!-- To Query Chrome Beta: -->
-        <package android:name="com.chrome.beta" />
-
-        <!-- To Query Chrome Stable: -->
-        <package android:name="com.android.chrome" />
     </queries>
 
 </manifest>

app/src/main/assets/fido2_privileged_community.json

@@ -12,20 +12,6 @@
         ]
       }
     },
-
-    {
-      "type": "android",
-      "info": {
-        "package_name": "net.quetta.browser",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "BE:FE:E7:31:12:6A:A5:6E:7E:FD:AE:AF:5E:F3:FA:EA:44:1C:19:CC:E0:CA:EC:42:6B:65:BB:F8:2C:59:46:80"
-          }
-        ]
-      }
-    },
-
     {
       "type": "android",
       "info": {
@@ -50,18 +36,6 @@
         ]
       }
     },
-    {
-      "type": "android",
-      "info": {
-        "package_name": "org.ironfoxoss.ironfox",
-        "signatures": [
-          {
-            "build": "release",
-            "cert_fingerprint_sha256": "C5:E2:91:B5:A5:71:F9:C8:CD:9A:97:99:C2:C9:4E:02:EC:97:03:94:88:93:F2:CA:75:6D:67:B9:42:04:F9:04"
-          }
-        ]
-      }
-    },
     {
       "type": "android",
       "info": {
@@ -85,6 +59,34 @@
           }
         ]
       }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "us.spotco.fennec_dos",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "26:0E:0A:49:67:8C:78:B7:0C:02:D6:53:7A:DD:3B:6D:C0:A1:71:71:BB:DE:8C:E7:5F:D4:02:6A:8A:3E:18:D2"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "FF:81:F5:BE:56:39:65:94:EE:E7:0F:EF:28:32:25:6E:15:21:41:22:E2:BA:9C:ED:D2:60:05:FF:D4:BC:AA:A8"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "us.spotco.mulch",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "26:0E:0A:49:67:8C:78:B7:0C:02:D6:53:7A:DD:3B:6D:C0:A1:71:71:BB:DE:8C:E7:5F:D4:02:6A:8A:3E:18:D2"
+          }
+        ]
+      }
     }
   ]
 }

app/src/main/java/com/x8bit/bitwarden/BitwardenApplication.kt

@@ -4,8 +4,8 @@ import android.app.Application
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestNotificationManager
 import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.platform.manager.LogsManager
+import com.x8bit.bitwarden.data.platform.manager.NetworkConfigManager
 import com.x8bit.bitwarden.data.platform.manager.event.OrganizationEventManager
-import com.x8bit.bitwarden.data.platform.manager.network.NetworkConfigManager
 import com.x8bit.bitwarden.data.platform.manager.restriction.RestrictionManager
 import dagger.hilt.android.HiltAndroidApp
 import javax.inject.Inject

app/src/main/java/com/x8bit/bitwarden/BitwardenLegacyAppComponents.kt

@@ -6,11 +6,6 @@ package com.x8bit.bitwarden
 const val LEGACY_ACCESSIBILITY_SERVICE_NAME: String =
     "com.x8bit.bitwarden.Accessibility.AccessibilityService"
 
-/**
- * The short form legacy name for the accessibility service.
- */
-const val LEGACY_SHORT_ACCESSIBILITY_SERVICE_NAME: String = ".Accessibility.AccessibilityService"
-
 /**
  * The legacy name for the autofill service.
  */

app/src/main/java/com/x8bit/bitwarden/MainActivity.kt

@@ -1,7 +1,6 @@
 package com.x8bit.bitwarden
 
 import android.content.Intent
-import android.os.Build
 import android.os.Bundle
 import android.view.KeyEvent
 import android.view.MotionEvent
@@ -12,34 +11,27 @@ import androidx.activity.viewModels
 import androidx.appcompat.app.AppCompatActivity
 import androidx.appcompat.app.AppCompatDelegate
 import androidx.compose.runtime.getValue
-import androidx.compose.runtime.remember
 import androidx.core.os.LocaleListCompat
 import androidx.core.splashscreen.SplashScreen.Companion.installSplashScreen
 import androidx.lifecycle.compose.collectAsStateWithLifecycle
-import androidx.navigation.compose.NavHost
 import androidx.navigation.compose.rememberNavController
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityCompletionManager
 import com.x8bit.bitwarden.data.autofill.manager.AutofillActivityManager
 import com.x8bit.bitwarden.data.autofill.manager.AutofillCompletionManager
 import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
-import com.x8bit.bitwarden.data.platform.manager.util.ObserveScreenDataEffect
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
 import com.x8bit.bitwarden.ui.platform.base.util.EventsEffect
 import com.x8bit.bitwarden.ui.platform.composition.LocalManagerProvider
-import com.x8bit.bitwarden.ui.platform.feature.debugmenu.debugMenuDestination
 import com.x8bit.bitwarden.ui.platform.feature.debugmenu.manager.DebugMenuLaunchManager
 import com.x8bit.bitwarden.ui.platform.feature.debugmenu.navigateToDebugMenuScreen
-import com.x8bit.bitwarden.ui.platform.feature.rootnav.ROOT_ROUTE
-import com.x8bit.bitwarden.ui.platform.feature.rootnav.rootNavDestination
+import com.x8bit.bitwarden.ui.platform.feature.rootnav.RootNavScreen
 import com.x8bit.bitwarden.ui.platform.theme.BitwardenTheme
-import com.x8bit.bitwarden.ui.platform.util.appLanguage
 import dagger.hilt.android.AndroidEntryPoint
 import javax.inject.Inject
 
 /**
  * Primary entry point for the application.
  */
-@Suppress("TooManyFunctions")
 @OmitFromCoverage
 @AndroidEntryPoint
 class MainActivity : AppCompatActivity() {
@@ -61,7 +53,6 @@ class MainActivity : AppCompatActivity() {
     @Inject
     lateinit var debugLaunchManager: DebugMenuLaunchManager
 
-    @Suppress("LongMethod")
     override fun onCreate(savedInstanceState: Bundle?) {
         var shouldShowSplashScreen = true
         installSplashScreen().setKeepOnScreenCondition { shouldShowSplashScreen }
@@ -75,10 +66,13 @@ class MainActivity : AppCompatActivity() {
             )
         }
 
-        // Within the app the theme will change dynamically and will be managed by the
-        // OS, but we need to ensure we properly set the values when upgrading from older versions
-        // that handle this differently or when the activity restarts.
-        AppCompatDelegate.setDefaultNightMode(settingsRepository.appTheme.osValue)
+        // Within the app the language will change dynamically and will be managed
+        // by the OS, but we need to ensure we properly set the language when
+        // upgrading from older versions that handle this differently.
+        settingsRepository.appLanguage.localeName?.let { localeName ->
+            val localeList = LocaleListCompat.forLanguageTags(localeName)
+            AppCompatDelegate.setApplicationLocales(localeList)
+        }
         setContent {
             val state by mainViewModel.stateFlow.collectAsStateWithLifecycle()
             val navController = rememberNavController()
@@ -100,43 +94,15 @@ class MainActivity : AppCompatActivity() {
                             )
                             .show()
                     }
-
-                    is MainEvent.UpdateAppLocale -> {
-                        AppCompatDelegate.setApplicationLocales(
-                            LocaleListCompat.forLanguageTags(event.localeName),
-                        )
-                    }
-
-                    is MainEvent.UpdateAppTheme -> {
-                        AppCompatDelegate.setDefaultNightMode(event.osTheme)
-                    }
                 }
             }
             updateScreenCapture(isScreenCaptureAllowed = state.isScreenCaptureAllowed)
-            LocalManagerProvider(featureFlagsState = state.featureFlagsState) {
-                ObserveScreenDataEffect(
-                    onDataUpdate = remember(mainViewModel) {
-                        {
-                            mainViewModel.trySendAction(
-                                MainAction.ResumeScreenDataReceived(it),
-                            )
-                        }
-                    },
-                )
+            LocalManagerProvider {
                 BitwardenTheme(theme = state.theme) {
-                    NavHost(
+                    RootNavScreen(
+                        onSplashScreenRemoved = { shouldShowSplashScreen = false },
                         navController = navController,
-                        startDestination = ROOT_ROUTE,
-                    ) {
-                        // Nothing else should end up at this top level, we just want the ability
-                        // to have the debug menu appear on top of the rest of the app without
-                        // interacting with the state-based navigation used by the RootNavScreen.
-                        rootNavDestination { shouldShowSplashScreen = false }
-                        debugMenuDestination(
-                            onNavigateBack = { navController.popBackStack() },
-                            onSplashScreenRemoved = { shouldShowSplashScreen = false },
-                        )
-                    }
+                    )
                 }
             }
         }
@@ -151,31 +117,6 @@ class MainActivity : AppCompatActivity() {
         )
     }
 
-    override fun onResume() {
-        super.onResume()
-        // When the app resumes check for any app specific language which may have been
-        // set via the device settings. Similar to the theme setting in onCreate this
-        // ensures we properly set the values when upgrading from older versions
-        // that handle this differently or when the activity restarts.
-        val appSpecificLanguage = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
-            val locales: LocaleListCompat = AppCompatDelegate.getApplicationLocales()
-            if (locales.isEmpty) {
-                // App is using the system language
-                null
-            } else {
-                // App has specific language settings
-                locales.get(0)?.appLanguage
-            }
-        } else {
-            // For older versions, use what ever language is available from the repository.
-            settingsRepository.appLanguage
-        }
-
-        appSpecificLanguage?.let {
-            mainViewModel.trySendAction(MainAction.AppSpecificLanguageUpdate(it))
-        }
-    }
-
     override fun onStop() {
         super.onStop()
         // In some scenarios on an emulator the Activity can leak when recreated

app/src/main/java/com/x8bit/bitwarden/MainViewModel.kt

@@ -13,18 +13,14 @@ import com.x8bit.bitwarden.data.auth.util.getPasswordlessRequestDataIntentOrNull
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilitySelectionManager
 import com.x8bit.bitwarden.data.autofill.fido2.manager.Fido2CredentialManager
 import com.x8bit.bitwarden.data.autofill.fido2.util.getFido2AssertionRequestOrNull
-import com.x8bit.bitwarden.data.autofill.fido2.util.getFido2CreateCredentialRequestOrNull
+import com.x8bit.bitwarden.data.autofill.fido2.util.getFido2CredentialRequestOrNull
 import com.x8bit.bitwarden.data.autofill.fido2.util.getFido2GetCredentialsRequestOrNull
 import com.x8bit.bitwarden.data.autofill.manager.AutofillSelectionManager
 import com.x8bit.bitwarden.data.autofill.util.getAutofillSaveItemOrNull
 import com.x8bit.bitwarden.data.autofill.util.getAutofillSelectionDataOrNull
-import com.x8bit.bitwarden.data.platform.manager.AppResumeManager
-import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
 import com.x8bit.bitwarden.data.platform.manager.SpecialCircumstanceManager
 import com.x8bit.bitwarden.data.platform.manager.garbage.GarbageCollectionManager
-import com.x8bit.bitwarden.data.platform.manager.model.AppResumeScreenData
 import com.x8bit.bitwarden.data.platform.manager.model.CompleteRegistrationData
-import com.x8bit.bitwarden.data.platform.manager.model.FlagKey
 import com.x8bit.bitwarden.data.platform.manager.model.SpecialCircumstance
 import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepository
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
@@ -34,10 +30,8 @@ import com.x8bit.bitwarden.data.vault.repository.VaultRepository
 import com.x8bit.bitwarden.ui.platform.base.BaseViewModel
 import com.x8bit.bitwarden.ui.platform.base.util.Text
 import com.x8bit.bitwarden.ui.platform.base.util.asText
-import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.model.AppLanguage
 import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.model.AppTheme
 import com.x8bit.bitwarden.ui.platform.manager.intent.IntentManager
-import com.x8bit.bitwarden.ui.platform.model.FeatureFlagsState
 import com.x8bit.bitwarden.ui.platform.util.isAccountSecurityShortcut
 import com.x8bit.bitwarden.ui.platform.util.isMyVaultShortcut
 import com.x8bit.bitwarden.ui.platform.util.isPasswordGeneratorShortcut
@@ -58,7 +52,6 @@ import java.time.Clock
 import javax.inject.Inject
 
 private const val SPECIAL_CIRCUMSTANCE_KEY = "special-circumstance"
-private const val ANIMATION_REFRESH_DELAY = 500L
 
 /**
  * A view model that helps launch actions for the [MainActivity].
@@ -68,26 +61,21 @@ private const val ANIMATION_REFRESH_DELAY = 500L
 class MainViewModel @Inject constructor(
     accessibilitySelectionManager: AccessibilitySelectionManager,
     autofillSelectionManager: AutofillSelectionManager,
-    featureFlagManager: FeatureFlagManager,
     private val addTotpItemFromAuthenticatorManager: AddTotpItemFromAuthenticatorManager,
     private val specialCircumstanceManager: SpecialCircumstanceManager,
     private val garbageCollectionManager: GarbageCollectionManager,
     private val fido2CredentialManager: Fido2CredentialManager,
     private val intentManager: IntentManager,
-    private val settingsRepository: SettingsRepository,
+    settingsRepository: SettingsRepository,
     private val vaultRepository: VaultRepository,
     private val authRepository: AuthRepository,
     private val environmentRepository: EnvironmentRepository,
     private val savedStateHandle: SavedStateHandle,
-    private val appResumeManager: AppResumeManager,
     private val clock: Clock,
 ) : BaseViewModel<MainState, MainEvent, MainAction>(
     initialState = MainState(
         theme = settingsRepository.appTheme,
         isScreenCaptureAllowed = settingsRepository.isScreenCaptureAllowed,
-        isErrorReportingDialogEnabled = featureFlagManager.getFeatureFlag(
-            key = FlagKey.MobileErrorReporting,
-        ),
     ),
 ) {
     private var specialCircumstance: SpecialCircumstance?
@@ -105,12 +93,6 @@ class MainViewModel @Inject constructor(
             .onEach { specialCircumstance = it }
             .launchIn(viewModelScope)
 
-        featureFlagManager
-            .getFeatureFlagFlow(key = FlagKey.MobileErrorReporting)
-            .map { MainAction.Internal.OnMobileErrorReportingReceive(it) }
-            .onEach(::sendAction)
-            .launchIn(viewModelScope)
-
         accessibilitySelectionManager
             .accessibilitySelectionFlow
             .map { MainAction.Internal.AccessibilitySelectionReceive(it) }
@@ -126,11 +108,6 @@ class MainViewModel @Inject constructor(
             .appThemeStateFlow
             .onEach { trySendAction(MainAction.Internal.ThemeUpdate(it)) }
             .launchIn(viewModelScope)
-        settingsRepository
-            .appLanguageStateFlow
-            .map { MainEvent.UpdateAppLocale(it.localeName) }
-            .onEach(::sendEvent)
-            .launchIn(viewModelScope)
 
         settingsRepository
             .isScreenCaptureAllowedStateFlow
@@ -149,7 +126,8 @@ class MainViewModel @Inject constructor(
                 // Switching between account states often involves some kind of animation (ex:
                 // account switcher) that we might want to give time to finish before triggering
                 // a refresh.
-                delay(ANIMATION_REFRESH_DELAY)
+                @Suppress("MagicNumber")
+                delay(500)
                 trySendAction(MainAction.Internal.CurrentUserStateChange)
             }
             .launchIn(viewModelScope)
@@ -161,7 +139,8 @@ class MainViewModel @Inject constructor(
                     is VaultStateEvent.Locked -> {
                         // Similar to account switching, triggering this action too soon can
                         // interfere with animations or navigation logic, so we will delay slightly.
-                        delay(ANIMATION_REFRESH_DELAY)
+                        @Suppress("MagicNumber")
+                        delay(500)
                         trySendAction(MainAction.Internal.VaultUnlockStateChange)
                     }
 
@@ -185,17 +164,6 @@ class MainViewModel @Inject constructor(
     }
 
     override fun handleAction(action: MainAction) {
-        when (action) {
-            is MainAction.ReceiveFirstIntent -> handleFirstIntentReceived(action)
-            is MainAction.ReceiveNewIntent -> handleNewIntentReceived(action)
-            MainAction.OpenDebugMenu -> handleOpenDebugMenu()
-            is MainAction.ResumeScreenDataReceived -> handleAppResumeDataUpdated(action)
-            is MainAction.AppSpecificLanguageUpdate -> handleAppSpecificLanguageUpdate(action)
-            is MainAction.Internal -> handleInternalAction(action)
-        }
-    }
-
-    private fun handleInternalAction(action: MainAction.Internal) {
         when (action) {
             is MainAction.Internal.AccessibilitySelectionReceive -> {
                 handleAccessibilitySelectionReceive(action)
@@ -209,28 +177,9 @@ class MainViewModel @Inject constructor(
             is MainAction.Internal.ScreenCaptureUpdate -> handleScreenCaptureUpdate(action)
             is MainAction.Internal.ThemeUpdate -> handleAppThemeUpdated(action)
             is MainAction.Internal.VaultUnlockStateChange -> handleVaultUnlockStateChange()
-            is MainAction.Internal.OnMobileErrorReportingReceive -> {
-                handleOnMobileErrorReportingReceive(action)
-            }
-        }
-    }
-
-    private fun handleOnMobileErrorReportingReceive(
-        action: MainAction.Internal.OnMobileErrorReportingReceive,
-    ) {
-        mutableStateFlow.update {
-            it.copy(isErrorReportingDialogEnabled = action.isErrorReportingEnabled)
-        }
-    }
-
-    private fun handleAppSpecificLanguageUpdate(action: MainAction.AppSpecificLanguageUpdate) {
-        settingsRepository.appLanguage = action.appLanguage
-    }
-
-    private fun handleAppResumeDataUpdated(action: MainAction.ResumeScreenDataReceived) {
-        when (val data = action.screenResumeData) {
-            null -> appResumeManager.clearResumeScreen()
-            else -> appResumeManager.setResumeScreen(data)
+            is MainAction.ReceiveFirstIntent -> handleFirstIntentReceived(action)
+            is MainAction.ReceiveNewIntent -> handleNewIntentReceived(action)
+            MainAction.OpenDebugMenu -> handleOpenDebugMenu()
         }
     }
 
@@ -262,7 +211,6 @@ class MainViewModel @Inject constructor(
 
     private fun handleAppThemeUpdated(action: MainAction.Internal.ThemeUpdate) {
         mutableStateFlow.update { it.copy(theme = action.theme) }
-        sendEvent(MainEvent.UpdateAppTheme(osTheme = action.theme.osValue))
     }
 
     private fun handleVaultUnlockStateChange() {
@@ -309,7 +257,7 @@ class MainViewModel @Inject constructor(
         val hasGeneratorShortcut = intent.isPasswordGeneratorShortcut
         val hasVaultShortcut = intent.isMyVaultShortcut
         val hasAccountSecurityShortcut = intent.isAccountSecurityShortcut
-        val fido2CreateCredentialRequestData = intent.getFido2CreateCredentialRequestOrNull()
+        val fido2CredentialRequestData = intent.getFido2CredentialRequestOrNull()
         val completeRegistrationData = intent.getCompleteRegistrationDataIntentOrNull()
         val fido2CredentialAssertionRequest = intent.getFido2AssertionRequestOrNull()
         val fido2GetCredentialsRequest = intent.getFido2GetCredentialsRequestOrNull()
@@ -370,31 +318,25 @@ class MainViewModel @Inject constructor(
                     )
             }
 
-            fido2CreateCredentialRequestData != null -> {
+            fido2CredentialRequestData != null -> {
                 // Set the user's verification status when a new FIDO 2 request is received to force
                 // explicit verification if the user's vault is unlocked when the request is
                 // received.
-                fido2CreateCredentialRequestData.isUserVerified
-                    ?.let { isVerified -> fido2CredentialManager.isUserVerified = isVerified }
+                fido2CredentialManager.isUserVerified = false
                 specialCircumstanceManager.specialCircumstance =
                     SpecialCircumstance.Fido2Save(
-                        fido2CreateCredentialRequest = fido2CreateCredentialRequestData,
+                        fido2CreateCredentialRequest = fido2CredentialRequestData,
                     )
 
                 // Switch accounts if the selected user is not the active user.
                 if (authRepository.activeUserId != null &&
-                    authRepository.activeUserId != fido2CreateCredentialRequestData.userId
+                    authRepository.activeUserId != fido2CredentialRequestData.userId
                 ) {
-                    authRepository.switchAccount(fido2CreateCredentialRequestData.userId)
+                    authRepository.switchAccount(fido2CredentialRequestData.userId)
                 }
             }
 
             fido2CredentialAssertionRequest != null -> {
-                // If device biometric verification was performed as part of single-tap
-                // authentication, set the user's verification state to the device result.
-                // Otherwise, retain the verification state as-is.
-                fido2CredentialAssertionRequest.isUserVerified
-                    ?.let { isVerified -> fido2CredentialManager.isUserVerified = isVerified }
                 specialCircumstanceManager.specialCircumstance =
                     SpecialCircumstance.Fido2Assertion(
                         fido2AssertionRequest = fido2CredentialAssertionRequest,
@@ -480,16 +422,7 @@ class MainViewModel @Inject constructor(
 data class MainState(
     val theme: AppTheme,
     val isScreenCaptureAllowed: Boolean,
-    private val isErrorReportingDialogEnabled: Boolean,
-) : Parcelable {
-    /**
-     * Contains all feature flags that are available to the UI.
-     */
-    val featureFlagsState: FeatureFlagsState
-        get() = FeatureFlagsState(
-            isErrorReportingDialogEnabled = isErrorReportingDialogEnabled,
-        )
-}
+) : Parcelable
 
 /**
  * Models actions for the [MainActivity].
@@ -510,17 +443,6 @@ sealed class MainAction {
      */
     data object OpenDebugMenu : MainAction()
 
-    /**
-     * Receive event to save the app resume screen
-     */
-    data class ResumeScreenDataReceived(val screenResumeData: AppResumeScreenData?) : MainAction()
-
-    /**
-     * Receive if there is an app specific locale selection made by user
-     * in the device's settings.
-     */
-    data class AppSpecificLanguageUpdate(val appLanguage: AppLanguage) : MainAction()
-
     /**
      * Actions for internal use by the ViewModel.
      */
@@ -533,13 +455,6 @@ sealed class MainAction {
             val cipherView: CipherView,
         ) : Internal()
 
-        /**
-         * Indicates the Mobile Error Reporting feature flag has been updated.
-         */
-        data class OnMobileErrorReportingReceive(
-            val isErrorReportingEnabled: Boolean,
-        ) : Internal()
-
         /**
          * Indicates the user has manually selected the given [cipherView] for autofill.
          */
@@ -603,18 +518,4 @@ sealed class MainEvent {
      * Show a toast with the given [message].
      */
     data class ShowToast(val message: Text) : MainEvent()
-
-    /**
-     * Indicates that the app language has been updated.
-     */
-    data class UpdateAppLocale(
-        val localeName: String?,
-    ) : MainEvent()
-
-    /**
-     * Indicates that the app theme has been updated.
-     */
-    data class UpdateAppTheme(
-        val osTheme: Int,
-    ) : MainEvent()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSource.kt

@@ -7,7 +7,6 @@ import com.x8bit.bitwarden.data.auth.datasource.disk.model.PendingAuthRequestJso
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson
 import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
 import kotlinx.coroutines.flow.Flow
-import java.time.Instant
 
 /**
  * Primary access point for disk information.
@@ -173,16 +172,6 @@ interface AuthDiskSource {
         pendingAuthRequest: PendingAuthRequestJson?,
     )
 
-    /**
-     * Gets the biometrics initialization vector for the given [userId].
-     */
-    fun getUserBiometricInitVector(userId: String): ByteArray?
-
-    /**
-     * Stores the biometrics initialization vector for the given [userId].
-     */
-    fun storeUserBiometricInitVector(userId: String, iv: ByteArray?)
-
     /**
      * Gets the biometrics key for the given [userId].
      */
@@ -353,14 +342,4 @@ interface AuthDiskSource {
      * Stores the new device notice state for the given [userId].
      */
     fun storeNewDeviceNoticeState(userId: String, newState: NewDeviceNoticeState?)
-
-    /**
-     * Gets the last lock timestamp for the given [userId].
-     */
-    fun getLastLockTimestamp(userId: String): Instant?
-
-    /**
-     * Stores the last lock timestamp for the given [userId].
-     */
-    fun storeLastLockTimestamp(userId: String, lastLockTimestamp: Instant?)
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSourceImpl.kt

@@ -15,15 +15,14 @@ import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
 import kotlinx.coroutines.flow.Flow
 import kotlinx.coroutines.flow.MutableSharedFlow
 import kotlinx.coroutines.flow.onSubscription
+import kotlinx.serialization.encodeToString
 import kotlinx.serialization.json.Json
-import java.time.Instant
 import java.util.UUID
 
 // These keys should be encrypted
 private const val ACCOUNT_TOKENS_KEY = "accountTokens"
 private const val AUTHENTICATOR_SYNC_SYMMETRIC_KEY = "authenticatorSyncSymmetric"
 private const val AUTHENTICATOR_SYNC_UNLOCK_KEY = "authenticatorSyncUnlock"
-private const val BIOMETRICS_INIT_VECTOR_KEY = "biometricInitializationVector"
 private const val BIOMETRICS_UNLOCK_KEY = "userKeyBiometricUnlock"
 private const val USER_AUTO_UNLOCK_KEY_KEY = "userKeyAutoUnlock"
 private const val DEVICE_KEY_KEY = "deviceKey"
@@ -50,7 +49,6 @@ private const val USES_KEY_CONNECTOR = "usesKeyConnector"
 private const val ONBOARDING_STATUS_KEY = "onboardingStatus"
 private const val SHOW_IMPORT_LOGINS_KEY = "showImportLogins"
 private const val NEW_DEVICE_NOTICE_STATE = "newDeviceNoticeState"
-private const val LAST_LOCK_TIMESTAMP = "lastLockTimestamp"
 
 /**
  * Primary implementation of [AuthDiskSource].
@@ -147,7 +145,6 @@ class AuthDiskSourceImpl(
         storePrivateKey(userId = userId, privateKey = null)
         storeOrganizationKeys(userId = userId, organizationKeys = null)
         storeOrganizations(userId = userId, organizations = null)
-        storeUserBiometricInitVector(userId = userId, iv = null)
         storeUserBiometricUnlockKey(userId = userId, biometricsKey = null)
         storeMasterPasswordHash(userId = userId, passwordHash = null)
         storePolicies(userId = userId, policies = null)
@@ -156,7 +153,6 @@ class AuthDiskSourceImpl(
         storeIsTdeLoginComplete(userId = userId, isTdeLoginComplete = null)
         storeAuthenticatorSyncUnlockKey(userId = userId, authenticatorSyncUnlockKey = null)
         storeShowImportLogins(userId = userId, showImportLogins = null)
-        storeLastLockTimestamp(userId = userId, lastLockTimestamp = null)
 
         // Do not remove the DeviceKey or PendingAuthRequest on logout, these are persisted
         // indefinitely unless the TDE flow explicitly removes them.
@@ -284,17 +280,6 @@ class AuthDiskSourceImpl(
         )
     }
 
-    override fun getUserBiometricInitVector(userId: String): ByteArray? =
-        getEncryptedString(key = BIOMETRICS_INIT_VECTOR_KEY.appendIdentifier(userId))
-            ?.toByteArray(Charsets.ISO_8859_1)
-
-    override fun storeUserBiometricInitVector(userId: String, iv: ByteArray?) {
-        putEncryptedString(
-            key = BIOMETRICS_INIT_VECTOR_KEY.appendIdentifier(userId),
-            value = iv?.toString(Charsets.ISO_8859_1),
-        )
-    }
-
     override fun getUserBiometricUnlockKey(userId: String): String? =
         getEncryptedString(key = BIOMETRICS_UNLOCK_KEY.appendIdentifier(userId))
 
@@ -505,19 +490,6 @@ class AuthDiskSourceImpl(
         )
     }
 
-    override fun getLastLockTimestamp(userId: String): Instant? {
-        return getLong(key = LAST_LOCK_TIMESTAMP.appendIdentifier(userId))?.let {
-            Instant.ofEpochMilli(it)
-        }
-    }
-
-    override fun storeLastLockTimestamp(userId: String, lastLockTimestamp: Instant?) {
-        putLong(
-            key = LAST_LOCK_TIMESTAMP.appendIdentifier(userId),
-            value = lastLockTimestamp?.toEpochMilli(),
-        )
-    }
-
     private fun generateAndStoreUniqueAppId(): String =
         UUID
             .randomUUID()

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/EnvironmentUrlDataJson.kt

@@ -7,7 +7,6 @@ import kotlinx.serialization.Serializable
  * Represents URLs for various Bitwarden domains.
  *
  * @property base The overall base URL.
- * @property keyUri A Uri containing the alias and host of the key used for mutual TLS.
  * @property api Separate base URL for the "/api" domain (if applicable).
  * @property identity Separate base URL for the "/identity" domain (if applicable).
  * @property icon Separate base URL for the icon domain (if applicable).
@@ -20,9 +19,6 @@ data class EnvironmentUrlDataJson(
     @SerialName("base")
     val base: String,
 
-    @SerialName("keyUri")
-    val keyUri: String? = null,
-
     @SerialName("api")
     val api: String? = null,
 
@@ -55,7 +51,6 @@ data class EnvironmentUrlDataJson(
          */
         val DEFAULT_LEGACY_US: EnvironmentUrlDataJson = EnvironmentUrlDataJson(
             base = "https://vault.bitwarden.com",
-            keyUri = null,
             api = "https://api.bitwarden.com",
             identity = "https://identity.bitwarden.com",
             icon = "https://icons.bitwarden.net",
@@ -76,7 +71,6 @@ data class EnvironmentUrlDataJson(
          */
         val DEFAULT_LEGACY_EU: EnvironmentUrlDataJson = EnvironmentUrlDataJson(
             base = "https://vault.bitwarden.eu",
-            keyUri = null,
             api = "https://api.bitwarden.eu",
             identity = "https://identity.bitwarden.eu",
             icon = "https://icons.bitwarden.eu",

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedAccountsApi.kt

@@ -3,7 +3,6 @@ package com.x8bit.bitwarden.data.auth.datasource.network.api
 import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorKeyRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.PasswordHintRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendEmailRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendNewDeviceOtpRequestJson
 import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import com.x8bit.bitwarden.data.platform.datasource.network.util.HEADER_KEY_AUTHORIZATION
 import retrofit2.http.Body
@@ -29,9 +28,4 @@ interface UnauthenticatedAccountsApi {
         @Body body: KeyConnectorKeyRequestJson,
         @Header(HEADER_KEY_AUTHORIZATION) bearerToken: String,
     ): NetworkResult<Unit>
-
-    @POST("/accounts/resend-new-device-otp")
-    suspend fun resendNewDeviceOtp(
-        @Body body: ResendNewDeviceOtpRequestJson,
-    ): NetworkResult<Unit>
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedIdentityApi.kt

@@ -47,13 +47,12 @@ interface UnauthenticatedIdentityApi {
         @Field(value = "twoFactorProvider") twoFactorMethod: String?,
         @Field(value = "twoFactorRemember") twoFactorRemember: String?,
         @Field(value = "authRequest") authRequestId: String?,
-        @Field(value = "newDeviceOtp") newDeviceOtp: String?,
     ): NetworkResult<GetTokenResponseJson.Success>
 
     @GET("/sso/prevalidate")
     suspend fun prevalidateSso(
         @Query("domainHint") organizationIdentifier: String,
-    ): NetworkResult<PrevalidateSsoResponseJson.Success>
+    ): NetworkResult<PrevalidateSsoResponseJson>
 
     /**
      * This call needs to be synchronous so we need it to return a [Call] directly. The identity

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/AuthRequestTypeJson.kt

@@ -21,7 +21,5 @@ enum class AuthRequestTypeJson {
 }
 
 @Keep
-private class AuthRequestTypeSerializer : BaseEnumeratedIntSerializer<AuthRequestTypeJson>(
-    className = "AuthRequestTypeJson",
-    values = AuthRequestTypeJson.entries.toTypedArray(),
-)
+private class AuthRequestTypeSerializer :
+    BaseEnumeratedIntSerializer<AuthRequestTypeJson>(AuthRequestTypeJson.entries.toTypedArray())

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/DeleteAccountResponseJson.kt

@@ -23,15 +23,6 @@ sealed class DeleteAccountResponseJson {
     @Serializable
     data class Invalid(
         @SerialName("validationErrors")
-        private val validationErrors: Map<String, List<String?>>?,
-    ) : DeleteAccountResponseJson() {
-        /**
-         * A human readable error message.
-         */
-        val message: String?
-            get() = validationErrors
-                ?.values
-                ?.firstOrNull()
-                ?.firstOrNull()
-    }
+        val validationErrors: Map<String, List<String?>>?,
+    ) : DeleteAccountResponseJson()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/GetTokenResponseJson.kt

@@ -1,9 +1,7 @@
 package com.x8bit.bitwarden.data.auth.datasource.network.model
 
-import kotlinx.serialization.ExperimentalSerializationApi
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
-import kotlinx.serialization.json.JsonNames
 import kotlinx.serialization.json.JsonObject
 
 /**
@@ -94,56 +92,41 @@ sealed class GetTokenResponseJson {
 
     /**
      * Models json body of an invalid request.
-     *
-     * This model supports older versions of the error response model that used lower-case keys.
      */
-    @OptIn(ExperimentalSerializationApi::class)
     @Serializable
     data class Invalid(
-        @JsonNames("errorModel")
         @SerialName("ErrorModel")
-        private val errorModel: ErrorModel?,
+        val errorModel: ErrorModel?,
+        @SerialName("errorModel")
+        val legacyErrorModel: LegacyErrorModel?,
     ) : GetTokenResponseJson() {
 
         /**
          * The error message returned from the server, or null.
          */
-        val errorMessage: String? get() = errorModel?.errorMessage
-
-        /**
-         * The type of invalid responses that can be received.
-         */
-        sealed class InvalidType {
-            /**
-             * Represents an invalid response indicating that a new device verification is required.
-             */
-            data object NewDeviceVerification : InvalidType()
-
-            /**
-             * Represents generic invalid response
-             */
-            data object GenericInvalid : InvalidType()
-        }
-
-        val invalidType: InvalidType
-            get() = if (errorMessage?.lowercase() == "new device verification required") {
-                InvalidType.NewDeviceVerification
-            } else {
-                InvalidType.GenericInvalid
-            }
+        val errorMessage: String?
+            get() = errorModel?.errorMessage ?: legacyErrorModel?.errorMessage
 
         /**
          * The error body of an invalid request containing a message.
-         *
-         * This model supports older versions of the error response model that used lower-case
-         * keys.
          */
         @Serializable
         data class ErrorModel(
-            @JsonNames("message")
             @SerialName("Message")
             val errorMessage: String,
         )
+
+        /**
+         * The legacy error body of an invalid request containing a message.
+         *
+         * This model is used to support older versions of the error response model that used
+         * lower-case keys.
+         */
+        @Serializable
+        data class LegacyErrorModel(
+            @SerialName("message")
+            val errorMessage: String,
+        )
     }
 
     /**

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/KdfTypeJson.kt

@@ -18,7 +18,5 @@ enum class KdfTypeJson {
 }
 
 @Keep
-private class KdfTypeSerializer : BaseEnumeratedIntSerializer<KdfTypeJson>(
-    className = "KdfTypeJson",
-    values = KdfTypeJson.entries.toTypedArray(),
-)
+private class KdfTypeSerializer :
+    BaseEnumeratedIntSerializer<KdfTypeJson>(KdfTypeJson.entries.toTypedArray())

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/PrevalidateSsoResponseJson.kt

@@ -7,20 +7,6 @@ import kotlinx.serialization.Serializable
  * Response body from the SSO prevalidate request.
  */
 @Serializable
-sealed class PrevalidateSsoResponseJson {
-    /**
-     * Models json body of a successful response.
-     */
-    @Serializable
-    data class Success(
-        @SerialName("token") val token: String?,
-    ) : PrevalidateSsoResponseJson()
-
-    /**
-     * Models json body of an error response.
-     */
-    @Serializable
-    data class Error(
-        @SerialName("message") val message: String?,
-    ) : PrevalidateSsoResponseJson()
-}
+data class PrevalidateSsoResponseJson(
+    @SerialName("token") val token: String?,
+)

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/RegisterResponseJson.kt

@@ -1,9 +1,7 @@
 package com.x8bit.bitwarden.data.auth.datasource.network.model
 
-import kotlinx.serialization.ExperimentalSerializationApi
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
-import kotlinx.serialization.json.JsonNames
 
 /**
  * Models response bodies for the register request.
@@ -52,24 +50,20 @@ sealed class RegisterResponseJson {
      * The values in the array should be used for display to the user, since the keys tend to come
      * back as nonsense. (eg: empty string key)
      */
-    @OptIn(ExperimentalSerializationApi::class)
     @Serializable
     data class Invalid(
-        @JsonNames("message")
-        @SerialName("Message")
+        @SerialName("message")
         private val invalidMessage: String? = null,
 
+        @SerialName("Message")
+        private val errorMessage: String? = null,
+
         @SerialName("validationErrors")
-        private val validationErrors: Map<String, List<String>>?,
+        val validationErrors: Map<String, List<String>>?,
     ) : RegisterResponseJson() {
         /**
          * A generic error message.
          */
-        val message: String?
-            get() = validationErrors
-                ?.values
-                ?.firstOrNull()
-                ?.firstOrNull()
-                ?: invalidMessage
+        val message: String? get() = invalidMessage ?: errorMessage
     }
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/ResendNewDeviceOtpRequestJson.kt

@@ -1,20 +0,0 @@
-package com.x8bit.bitwarden.data.auth.datasource.network.model
-
-import kotlinx.serialization.SerialName
-import kotlinx.serialization.Serializable
-
-/**
- * Hold the information necessary to resend the email with the
- * new device verification code.
- *
- * @property email The user's email address.
- * @property passwordHash The master password hash
- */
-@Serializable
-data class ResendNewDeviceOtpRequestJson(
-    @SerialName("Email")
-    val email: String,
-
-    @SerialName("MasterPasswordHash")
-    val passwordHash: String?,
-)

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/TwoFactorAuthMethod.kt

@@ -39,7 +39,5 @@ enum class TwoFactorAuthMethod(val value: UInt) {
 }
 
 @Keep
-private class TwoFactorAuthMethodSerializer : BaseEnumeratedIntSerializer<TwoFactorAuthMethod>(
-    className = "TwoFactorAuthMethod",
-    values = TwoFactorAuthMethod.entries.toTypedArray(),
-)
+private class TwoFactorAuthMethodSerializer :
+    BaseEnumeratedIntSerializer<TwoFactorAuthMethod>(TwoFactorAuthMethod.entries.toTypedArray())

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/AccountsService.kt

@@ -5,7 +5,6 @@ import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorKeyReq
 import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.PasswordHintResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendEmailRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendNewDeviceOtpRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.ResetPasswordRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.SetPasswordRequestJson
 
@@ -53,11 +52,6 @@ interface AccountsService {
      */
     suspend fun resendVerificationCodeEmail(body: ResendEmailRequestJson): Result<Unit>
 
-    /**
-     * Resend the email with the verification code for new devices
-     */
-    suspend fun resendNewDeviceOtp(body: ResendNewDeviceOtpRequestJson): Result<Unit>
-
     /**
      * Reset the password.
      */

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/AccountsServiceImpl.kt

@@ -13,13 +13,11 @@ import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMaster
 import com.x8bit.bitwarden.data.auth.datasource.network.model.PasswordHintRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.PasswordHintResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendEmailRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendNewDeviceOtpRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.ResetPasswordRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.SetPasswordRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyOtpRequestJson
 import com.x8bit.bitwarden.data.platform.datasource.network.model.toBitwardenError
 import com.x8bit.bitwarden.data.platform.datasource.network.util.HEADER_VALUE_BEARER_PREFIX
-import com.x8bit.bitwarden.data.platform.datasource.network.util.NetworkErrorCode
 import com.x8bit.bitwarden.data.platform.datasource.network.util.parseErrorBodyOrNull
 import com.x8bit.bitwarden.data.platform.datasource.network.util.toResult
 import kotlinx.serialization.json.Json
@@ -74,7 +72,7 @@ class AccountsServiceImpl(
                 throwable
                     .toBitwardenError()
                     .parseErrorBodyOrNull<DeleteAccountResponseJson.Invalid>(
-                        code = NetworkErrorCode.BAD_REQUEST,
+                        code = 400,
                         json = json,
                     )
                     ?: throw throwable
@@ -105,7 +103,7 @@ class AccountsServiceImpl(
                 throwable
                     .toBitwardenError()
                     .parseErrorBodyOrNull<PasswordHintResponseJson.Error>(
-                        code = NetworkErrorCode.TOO_MANY_REQUESTS,
+                        code = 429,
                         json = json,
                     )
                     ?: throw throwable
@@ -116,11 +114,6 @@ class AccountsServiceImpl(
             .resendVerificationCodeEmail(body = body)
             .toResult()
 
-    override suspend fun resendNewDeviceOtp(body: ResendNewDeviceOtpRequestJson): Result<Unit> =
-        unauthenticatedAccountsApi
-            .resendNewDeviceOtp(body = body)
-            .toResult()
-
     override suspend fun resetPassword(body: ResetPasswordRequestJson): Result<Unit> =
         if (body.currentPasswordHash == null) {
             authenticatedAccountsApi

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/IdentityService.kt

@@ -46,7 +46,6 @@ interface IdentityService {
         authModel: IdentityTokenAuthModel,
         captchaToken: String?,
         twoFactorData: TwoFactorDataModel? = null,
-        newDeviceOtp: String? = null,
     ): Result<GetTokenResponseJson>
 
     /**

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/IdentityServiceImpl.kt

@@ -16,7 +16,6 @@ import com.x8bit.bitwarden.data.auth.datasource.network.model.TwoFactorDataModel
 import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyEmailTokenRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyEmailTokenResponseJson
 import com.x8bit.bitwarden.data.platform.datasource.network.model.toBitwardenError
-import com.x8bit.bitwarden.data.platform.datasource.network.util.NetworkErrorCode
 import com.x8bit.bitwarden.data.platform.datasource.network.util.base64UrlEncode
 import com.x8bit.bitwarden.data.platform.datasource.network.util.executeForNetworkResult
 import com.x8bit.bitwarden.data.platform.datasource.network.util.parseErrorBodyOrNull
@@ -35,6 +34,7 @@ class IdentityServiceImpl(
             .preLogin(PreLoginRequestJson(email = email))
             .toResult()
 
+    @Suppress("MagicNumber")
     override suspend fun register(body: RegisterRequestJson): Result<RegisterResponseJson> =
         unauthenticatedIdentityApi
             .register(body)
@@ -43,26 +43,23 @@ class IdentityServiceImpl(
                 val bitwardenError = throwable.toBitwardenError()
                 bitwardenError
                     .parseErrorBodyOrNull<RegisterResponseJson.CaptchaRequired>(
-                        code = NetworkErrorCode.BAD_REQUEST,
+                        code = 400,
                         json = json,
                     )
                     ?: bitwardenError.parseErrorBodyOrNull<RegisterResponseJson.Invalid>(
-                        codes = listOf(
-                            NetworkErrorCode.BAD_REQUEST,
-                            NetworkErrorCode.TOO_MANY_REQUESTS,
-                        ),
+                        codes = listOf(400, 429),
                         json = json,
                     )
                     ?: throw throwable
             }
 
+    @Suppress("MagicNumber")
     override suspend fun getToken(
         uniqueAppId: String,
         email: String,
         authModel: IdentityTokenAuthModel,
         captchaToken: String?,
         twoFactorData: TwoFactorDataModel?,
-        newDeviceOtp: String?,
     ): Result<GetTokenResponseJson> = unauthenticatedIdentityApi
         .getToken(
             scope = "api offline_access",
@@ -82,25 +79,20 @@ class IdentityServiceImpl(
             twoFactorRemember = twoFactorData?.remember?.let { if (it) "1" else "0 " },
             captchaResponse = captchaToken,
             authRequestId = authModel.authRequestId,
-            newDeviceOtp = newDeviceOtp,
         )
         .toResult()
         .recoverCatching { throwable ->
             val bitwardenError = throwable.toBitwardenError()
-            bitwardenError
-                .parseErrorBodyOrNull<GetTokenResponseJson.CaptchaRequired>(
-                    code = NetworkErrorCode.BAD_REQUEST,
-                    json = json,
-                )
-                ?: bitwardenError.parseErrorBodyOrNull<GetTokenResponseJson.TwoFactorRequired>(
-                    code = NetworkErrorCode.BAD_REQUEST,
-                    json = json,
-                )
-                ?: bitwardenError.parseErrorBodyOrNull<GetTokenResponseJson.Invalid>(
-                    code = NetworkErrorCode.BAD_REQUEST,
-                    json = json,
-                )
-                ?: throw throwable
+            bitwardenError.parseErrorBodyOrNull<GetTokenResponseJson.CaptchaRequired>(
+                code = 400,
+                json = json,
+            ) ?: bitwardenError.parseErrorBodyOrNull<GetTokenResponseJson.TwoFactorRequired>(
+                code = 400,
+                json = json,
+            ) ?: bitwardenError.parseErrorBodyOrNull<GetTokenResponseJson.Invalid>(
+                code = 400,
+                json = json,
+            ) ?: throw throwable
         }
 
     override suspend fun prevalidateSso(
@@ -110,15 +102,6 @@ class IdentityServiceImpl(
             organizationIdentifier = organizationIdentifier,
         )
         .toResult()
-        .recoverCatching { throwable ->
-            val bitwardenError = throwable.toBitwardenError()
-            bitwardenError
-                .parseErrorBodyOrNull<PrevalidateSsoResponseJson.Error>(
-                    code = NetworkErrorCode.BAD_REQUEST,
-                    json = json,
-                )
-                ?: throw throwable
-        }
 
     override fun refreshTokenSynchronously(
         refreshToken: String,
@@ -131,6 +114,7 @@ class IdentityServiceImpl(
         .executeForNetworkResult()
         .toResult()
 
+    @Suppress("MagicNumber")
     override suspend fun registerFinish(
         body: RegisterFinishRequestJson,
     ): Result<RegisterResponseJson> =
@@ -141,10 +125,7 @@ class IdentityServiceImpl(
                 val bitwardenError = throwable.toBitwardenError()
                 bitwardenError
                     .parseErrorBodyOrNull<RegisterResponseJson.Invalid>(
-                        codes = listOf(
-                            NetworkErrorCode.BAD_REQUEST,
-                            NetworkErrorCode.TOO_MANY_REQUESTS,
-                        ),
+                        codes = listOf(400, 429),
                         json = json,
                     )
                     ?: throw throwable
@@ -161,7 +142,7 @@ class IdentityServiceImpl(
                 throwable
                     .toBitwardenError()
                     .parseErrorBodyOrNull<SendVerificationEmailResponseJson.Invalid>(
-                        code = NetworkErrorCode.BAD_REQUEST,
+                        code = 400,
                         json = json,
                     )
                     ?: throw throwable
@@ -180,7 +161,7 @@ class IdentityServiceImpl(
             val bitwardenError = throwable.toBitwardenError()
             bitwardenError
                 .parseErrorBodyOrNull<VerifyEmailTokenResponseJson.Invalid>(
-                    code = NetworkErrorCode.BAD_REQUEST,
+                    code = 400,
                     json = json,
                 )
                 ?.checkForExpiredMessage()

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/sdk/AuthSdkSourceImpl.kt

@@ -8,7 +8,7 @@ import com.bitwarden.core.RegisterKeyResponse
 import com.bitwarden.core.RegisterTdeKeyResponse
 import com.bitwarden.crypto.HashPurpose
 import com.bitwarden.crypto.Kdf
-import com.bitwarden.sdk.AuthClient
+import com.bitwarden.sdk.ClientAuth
 import com.x8bit.bitwarden.data.auth.datasource.sdk.model.PasswordStrength
 import com.x8bit.bitwarden.data.auth.datasource.sdk.util.toPasswordStrengthOrNull
 import com.x8bit.bitwarden.data.auth.datasource.sdk.util.toUByte
@@ -17,7 +17,7 @@ import com.x8bit.bitwarden.data.platform.manager.SdkClientManager
 
 /**
  * Primary implementation of [AuthSdkSource] that serves as a convenience wrapper around a
- * [AuthClient].
+ * [ClientAuth].
  */
 class AuthSdkSourceImpl(
     sdkClientManager: SdkClientManager,

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AuthRequestManagerImpl.kt

@@ -16,7 +16,6 @@ import com.x8bit.bitwarden.data.auth.manager.model.AuthRequestsUpdatesResult
 import com.x8bit.bitwarden.data.auth.manager.model.CreateAuthRequestResult
 import com.x8bit.bitwarden.data.auth.manager.util.isSso
 import com.x8bit.bitwarden.data.auth.manager.util.toAuthRequestTypeJson
-import com.x8bit.bitwarden.data.platform.error.NoActiveUserException
 import com.x8bit.bitwarden.data.platform.util.asFailure
 import com.x8bit.bitwarden.data.platform.util.asSuccess
 import com.x8bit.bitwarden.data.platform.util.flatMap
@@ -52,9 +51,7 @@ class AuthRequestManagerImpl(
     override fun getAuthRequestsWithUpdates(): Flow<AuthRequestsUpdatesResult> = flow {
         while (currentCoroutineContext().isActive) {
             when (val result = getAuthRequests()) {
-                is AuthRequestsResult.Error -> {
-                    emit(AuthRequestsUpdatesResult.Error(error = result.error))
-                }
+                AuthRequestsResult.Error -> emit(AuthRequestsUpdatesResult.Error)
 
                 is AuthRequestsResult.Success -> {
                     emit(AuthRequestsUpdatesResult.Update(authRequests = result.authRequests))
@@ -73,8 +70,9 @@ class AuthRequestManagerImpl(
             email = email,
             authRequestType = authRequestType.toAuthRequestTypeJson(),
         )
-            .getOrElse {
-                emit(CreateAuthRequestResult.Error(error = it))
+            .getOrNull()
+            ?: run {
+                emit(CreateAuthRequestResult.Error)
                 return@flow
             }
         var authRequest = initialResult.authRequest
@@ -105,7 +103,7 @@ class AuthRequestManagerImpl(
                     )
                 }
                 .fold(
-                    onFailure = { emit(CreateAuthRequestResult.Error(error = it)) },
+                    onFailure = { emit(CreateAuthRequestResult.Error) },
                     onSuccess = { updateAuthRequest ->
                         when {
                             updateAuthRequest.requestApproved -> {
@@ -184,7 +182,7 @@ class AuthRequestManagerImpl(
                     )
                 }
                 .fold(
-                    onFailure = { emit(AuthRequestUpdatesResult.Error(error = it)) },
+                    onFailure = { emit(AuthRequestUpdatesResult.Error) },
                     onSuccess = { updateAuthRequest ->
                         when {
                             updateAuthRequest.requestApproved -> {
@@ -220,18 +218,13 @@ class AuthRequestManagerImpl(
         fingerprint: String,
     ): Flow<AuthRequestUpdatesResult> = getAuthRequest {
         when (val authRequestsResult = getAuthRequests()) {
-            is AuthRequestsResult.Error -> {
-                AuthRequestUpdatesResult.Error(error = authRequestsResult.error)
-            }
-
+            AuthRequestsResult.Error -> AuthRequestUpdatesResult.Error
             is AuthRequestsResult.Success -> {
                 authRequestsResult
                     .authRequests
                     .firstOrNull { it.fingerprint == fingerprint }
                     ?.let { AuthRequestUpdatesResult.Update(it) }
-                    ?: AuthRequestUpdatesResult.Error(
-                        error = IllegalStateException("Could not find the auth request."),
-                    )
+                    ?: AuthRequestUpdatesResult.Error
             }
         }
     }
@@ -241,28 +234,30 @@ class AuthRequestManagerImpl(
     ): Flow<AuthRequestUpdatesResult> = getAuthRequest {
         authRequestsService
             .getAuthRequest(requestId)
-            .mapCatching { response ->
-                getFingerprintPhrase(response.publicKey)
-                    .getOrThrow()
-                    .let { fingerprint ->
-                        AuthRequest(
-                            id = response.id,
-                            publicKey = response.publicKey,
-                            platform = response.platform,
-                            ipAddress = response.ipAddress,
-                            key = response.key,
-                            masterPasswordHash = response.masterPasswordHash,
-                            creationDate = response.creationDate,
-                            responseDate = response.responseDate,
-                            requestApproved = response.requestApproved ?: false,
-                            originUrl = response.originUrl,
-                            fingerprint = fingerprint,
-                        )
-                    }
+            .map { response ->
+                getFingerprintPhrase(response.publicKey).getOrNull()?.let { fingerprint ->
+                    AuthRequest(
+                        id = response.id,
+                        publicKey = response.publicKey,
+                        platform = response.platform,
+                        ipAddress = response.ipAddress,
+                        key = response.key,
+                        masterPasswordHash = response.masterPasswordHash,
+                        creationDate = response.creationDate,
+                        responseDate = response.responseDate,
+                        requestApproved = response.requestApproved ?: false,
+                        originUrl = response.originUrl,
+                        fingerprint = fingerprint,
+                    )
+                }
             }
             .fold(
-                onFailure = { AuthRequestUpdatesResult.Error(error = it) },
-                onSuccess = { AuthRequestUpdatesResult.Update(authRequest = it) },
+                onFailure = { AuthRequestUpdatesResult.Error },
+                onSuccess = { authRequest ->
+                    authRequest
+                        ?.let { AuthRequestUpdatesResult.Update(it) }
+                        ?: AuthRequestUpdatesResult.Error
+                },
             )
     }
 
@@ -314,7 +309,7 @@ class AuthRequestManagerImpl(
                 }
             }
             .fold(
-                onFailure = { AuthRequestsResult.Error(error = it) },
+                onFailure = { AuthRequestsResult.Error },
                 onSuccess = { AuthRequestsResult.Success(authRequests = it) },
             )
 
@@ -324,7 +319,7 @@ class AuthRequestManagerImpl(
         publicKey: String,
         isApproved: Boolean,
     ): AuthRequestResult {
-        val userId = activeUserId ?: return AuthRequestResult.Error(error = NoActiveUserException())
+        val userId = activeUserId ?: return AuthRequestResult.Error
         return vaultSdkSource
             .getAuthRequestKey(
                 publicKey = publicKey,
@@ -355,7 +350,7 @@ class AuthRequestManagerImpl(
                 )
             }
             .fold(
-                onFailure = { AuthRequestResult.Error(error = it) },
+                onFailure = { AuthRequestResult.Error },
                 onSuccess = { AuthRequestResult.Success(authRequest = it) },
             )
     }
@@ -467,7 +462,7 @@ class AuthRequestManagerImpl(
         publicKey: String,
     ): Result<String> {
         val profile = authDiskSource.userState?.activeAccount?.profile
-            ?: return NoActiveUserException().asFailure()
+            ?: return IllegalStateException("No active account").asFailure()
         return authSdkSource.getUserFingerprint(
             email = profile.email,
             publicKey = publicKey,

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/AuthRequestResult.kt

@@ -14,7 +14,5 @@ sealed class AuthRequestResult {
     /**
      * There was an error getting the user's auth requests.
      */
-    data class Error(
-        val error: Throwable,
-    ) : AuthRequestResult()
+    data object Error : AuthRequestResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/AuthRequestUpdatesResult.kt

@@ -19,9 +19,7 @@ sealed class AuthRequestUpdatesResult {
     /**
      * There was an error getting the user's auth requests.
      */
-    data class Error(
-        val error: Throwable,
-    ) : AuthRequestUpdatesResult()
+    data object Error : AuthRequestUpdatesResult()
 
     /**
      * The auth request has been declined.

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/AuthRequestsResult.kt

@@ -14,7 +14,5 @@ sealed class AuthRequestsResult {
     /**
      * There was an error getting the user's auth requests.
      */
-    data class Error(
-        val error: Throwable,
-    ) : AuthRequestsResult()
+    data object Error : AuthRequestsResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/AuthRequestsUpdatesResult.kt

@@ -14,7 +14,5 @@ sealed class AuthRequestsUpdatesResult {
     /**
      * There was an error getting the user's auth requests.
      */
-    data class Error(
-        val error: Throwable,
-    ) : AuthRequestsUpdatesResult()
+    data object Error : AuthRequestsUpdatesResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/CreateAuthRequestResult.kt

@@ -23,9 +23,7 @@ sealed class CreateAuthRequestResult {
     /**
      * There was a generic error getting the user's auth requests.
      */
-    data class Error(
-        val error: Throwable,
-    ) : CreateAuthRequestResult()
+    data object Error : CreateAuthRequestResult()
 
     /**
      * The auth request has been declined.

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepository.kt

@@ -230,19 +230,6 @@ interface AuthRepository : AuthenticatorProvider, AuthRequestManager {
         organizationIdentifier: String,
     ): LoginResult
 
-    /**
-     * Repeat the previous login attempt but this time with New Device OTP
-     * information. Password is included if available to unlock the vault after
-     * authentication. Updated access token will be reflected in [authStateFlow].
-     */
-    suspend fun login(
-        email: String,
-        password: String?,
-        newDeviceOtp: String,
-        captchaToken: String?,
-        orgIdentifier: String?,
-    ): LoginResult
-
     /**
      * Log out the current user.
      */
@@ -265,11 +252,6 @@ interface AuthRepository : AuthenticatorProvider, AuthRequestManager {
      */
     suspend fun resendVerificationCodeEmail(): ResendEmailResult
 
-    /**
-     * Resend the email with the new device verification code.
-     */
-    suspend fun resendNewDeviceOtp(): ResendEmailResult
-
     /**
      * Switches to the account corresponding to the given [userId] if possible.
      */
@@ -380,10 +362,8 @@ interface AuthRepository : AuthenticatorProvider, AuthRequestManager {
 
     /**
      * Get the password strength for the given [email] and [password] combo.
-     * If no value is passed for the [email] will use the active email of the current active
-     * account via the [userStateFlow].
      */
-    suspend fun getPasswordStrength(email: String? = null, password: String): PasswordStrengthResult
+    suspend fun getPasswordStrength(email: String, password: String): PasswordStrengthResult
 
     /**
      * Validates the master password for the current logged in user.
@@ -421,7 +401,7 @@ interface AuthRepository : AuthenticatorProvider, AuthRequestManager {
     /**
      * Update the value of the onboarding status for the user.
      */
-    fun setOnboardingStatus(status: OnboardingStatus)
+    fun setOnboardingStatus(userId: String, status: OnboardingStatus?)
 
     /**
      * Checks if a new device notice should be displayed.

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt

@@ -17,13 +17,11 @@ import com.x8bit.bitwarden.data.auth.datasource.network.model.DeviceDataModel
 import com.x8bit.bitwarden.data.auth.datasource.network.model.GetTokenResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.IdentityTokenAuthModel
 import com.x8bit.bitwarden.data.auth.datasource.network.model.PasswordHintResponseJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.PrevalidateSsoResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.RefreshTokenResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterFinishRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendEmailRequestJson
-import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendNewDeviceOtpRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.ResetPasswordRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.SendVerificationEmailRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.SendVerificationEmailResponseJson
@@ -99,8 +97,6 @@ import com.x8bit.bitwarden.data.auth.util.YubiKeyResult
 import com.x8bit.bitwarden.data.auth.util.toSdkParams
 import com.x8bit.bitwarden.data.platform.datasource.disk.ConfigDiskSource
 import com.x8bit.bitwarden.data.platform.datasource.network.util.isSslHandShakeError
-import com.x8bit.bitwarden.data.platform.error.MissingPropertyException
-import com.x8bit.bitwarden.data.platform.error.NoActiveUserException
 import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
 import com.x8bit.bitwarden.data.platform.manager.FirstTimeActionManager
 import com.x8bit.bitwarden.data.platform.manager.LogsManager
@@ -228,11 +224,6 @@ class AuthRepositoryImpl(
      */
     private var resendEmailRequestJson: ResendEmailRequestJson? = null
 
-    /**
-     * The information necessary to resend the verification code email for new devices.
-     */
-    private var resendNewDeviceOtpRequestJson: ResendNewDeviceOtpRequestJson? = null
-
     private var organizationIdentifier: String? = null
 
     /**
@@ -469,7 +460,7 @@ class AuthRepositoryImpl(
         masterPassword: String,
     ): DeleteAccountResult {
         val profile = authDiskSource.userState?.activeAccount?.profile
-            ?: return DeleteAccountResult.Error(message = null, error = NoActiveUserException())
+            ?: return DeleteAccountResult.Error(message = null)
         mutableHasPendingAccountDeletionStateFlow.value = true
         return authSdkSource
             .hashPassword(
@@ -503,13 +494,18 @@ class AuthRepositoryImpl(
         fold(
             onFailure = {
                 clearPendingAccountDeletion()
-                DeleteAccountResult.Error(error = it, message = null)
+                DeleteAccountResult.Error(message = null)
             },
             onSuccess = { response ->
                 when (response) {
                     is DeleteAccountResponseJson.Invalid -> {
                         clearPendingAccountDeletion()
-                        DeleteAccountResult.Error(message = response.message, error = null)
+                        DeleteAccountResult.Error(
+                            message = response.validationErrors
+                                ?.values
+                                ?.firstOrNull()
+                                ?.firstOrNull(),
+                        )
                     }
 
                     DeleteAccountResponseJson.Success -> {
@@ -521,10 +517,8 @@ class AuthRepositoryImpl(
         )
 
     override suspend fun createNewSsoUser(): NewSsoUserResult {
-        val account = authDiskSource.userState?.activeAccount
-            ?: return NewSsoUserResult.Failure(error = NoActiveUserException())
-        val orgIdentifier = rememberedOrgIdentifier
-            ?: return NewSsoUserResult.Failure(error = MissingPropertyException("OrgIdentifier"))
+        val account = authDiskSource.userState?.activeAccount ?: return NewSsoUserResult.Failure
+        val orgIdentifier = rememberedOrgIdentifier ?: return NewSsoUserResult.Failure
         val userId = account.profile.userId
         return organizationService
             .getOrganizationAutoEnrollStatus(orgIdentifier)
@@ -576,7 +570,7 @@ class AuthRepositoryImpl(
             }
             .fold(
                 onSuccess = { NewSsoUserResult.Success },
-                onFailure = { NewSsoUserResult.Failure(error = it) },
+                onFailure = { NewSsoUserResult.Failure },
             )
     }
 
@@ -585,13 +579,10 @@ class AuthRepositoryImpl(
         asymmetricalKey: String,
     ): LoginResult {
         val profile = authDiskSource.userState?.activeAccount?.profile
-            ?: return LoginResult.Error(errorMessage = null, error = NoActiveUserException())
+            ?: return LoginResult.Error(errorMessage = null)
         val userId = profile.userId
         val privateKey = authDiskSource.getPrivateKey(userId = userId)
-            ?: return LoginResult.Error(
-                errorMessage = null,
-                error = MissingPropertyException("Private Key"),
-            )
+            ?: return LoginResult.Error(errorMessage = null)
 
         checkForVaultUnlockError(
             onVaultUnlockError = { error ->
@@ -641,7 +632,7 @@ class AuthRepositoryImpl(
             onFailure = { throwable ->
                 when {
                     throwable.isSslHandShakeError() -> LoginResult.CertificateError
-                    else -> LoginResult.Error(errorMessage = null, error = throwable)
+                    else -> LoginResult.Error(errorMessage = null)
                 }
             },
             onSuccess = { it },
@@ -690,33 +681,7 @@ class AuthRepositoryImpl(
                 orgIdentifier = orgIdentifier,
             )
         }
-        ?: LoginResult.Error(
-            errorMessage = null,
-            error = MissingPropertyException("Identity Token Auth Model"),
-        )
-
-    override suspend fun login(
-        email: String,
-        password: String?,
-        newDeviceOtp: String,
-        captchaToken: String?,
-        orgIdentifier: String?,
-    ): LoginResult = identityTokenAuthModel
-        ?.let {
-            loginCommon(
-                email = email,
-                password = password,
-                authModel = it,
-                newDeviceOtp = newDeviceOtp,
-                captchaToken = captchaToken ?: twoFactorResponse?.captchaToken,
-                deviceData = twoFactorDeviceData,
-                orgIdentifier = orgIdentifier,
-            )
-        }
-        ?: LoginResult.Error(
-            errorMessage = null,
-            error = MissingPropertyException("Identity Token Auth Model"),
-        )
+        ?: LoginResult.Error(errorMessage = null)
 
     override suspend fun login(
         email: String,
@@ -775,7 +740,7 @@ class AuthRepositoryImpl(
     override suspend fun requestOneTimePasscode(): RequestOtpResult =
         accountsService.requestOneTimePasscode()
             .fold(
-                onFailure = { RequestOtpResult.Error(message = it.message, error = it) },
+                onFailure = { RequestOtpResult.Error(it.message) },
                 onSuccess = { RequestOtpResult.Success },
             )
 
@@ -785,7 +750,7 @@ class AuthRepositoryImpl(
                 passcode = oneTimePasscode,
             )
             .fold(
-                onFailure = { VerifyOtpResult.NotVerified(errorMessage = it.message, error = it) },
+                onFailure = { VerifyOtpResult.NotVerified(it.message) },
                 onSuccess = { VerifyOtpResult.Verified },
             )
 
@@ -793,27 +758,11 @@ class AuthRepositoryImpl(
         resendEmailRequestJson
             ?.let { jsonRequest ->
                 accountsService.resendVerificationCodeEmail(body = jsonRequest).fold(
-                    onFailure = { ResendEmailResult.Error(message = it.message, error = it) },
+                    onFailure = { ResendEmailResult.Error(message = it.message) },
                     onSuccess = { ResendEmailResult.Success },
                 )
             }
-            ?: ResendEmailResult.Error(
-                message = null,
-                error = MissingPropertyException("Resend Email Request"),
-            )
-
-    override suspend fun resendNewDeviceOtp(): ResendEmailResult =
-        resendNewDeviceOtpRequestJson
-            ?.let { jsonRequest ->
-                accountsService.resendNewDeviceOtp(body = jsonRequest).fold(
-                    onFailure = { ResendEmailResult.Error(message = it.message, error = it) },
-                    onSuccess = { ResendEmailResult.Success },
-                )
-            }
-            ?: ResendEmailResult.Error(
-                message = null,
-                error = MissingPropertyException("Resend New Device OTP Request"),
-            )
+            ?: ResendEmailResult.Error(message = null)
 
     override fun switchAccount(userId: String): SwitchAccountResult {
         val currentUserState = authDiskSource.userState ?: return SwitchAccountResult.NoChange
@@ -915,10 +864,7 @@ class AuthRepositoryImpl(
                         is RegisterResponseJson.CaptchaRequired -> {
                             it.validationErrors.captchaKeys.firstOrNull()
                                 ?.let { key -> RegisterResult.CaptchaRequired(captchaId = key) }
-                                ?: RegisterResult.Error(
-                                    errorMessage = null,
-                                    error = MissingPropertyException("Captcha ID"),
-                                )
+                                ?: RegisterResult.Error(errorMessage = null)
                         }
 
                         is RegisterResponseJson.Success -> {
@@ -927,11 +873,18 @@ class AuthRepositoryImpl(
                         }
 
                         is RegisterResponseJson.Invalid -> {
-                            RegisterResult.Error(errorMessage = it.message, error = null)
+                            RegisterResult.Error(
+                                errorMessage = it
+                                    .validationErrors
+                                    ?.values
+                                    ?.firstOrNull()
+                                    ?.firstOrNull()
+                                    ?: it.message,
+                            )
                         }
                     }
                 },
-                onFailure = { RegisterResult.Error(errorMessage = null, error = it) },
+                onFailure = { RegisterResult.Error(errorMessage = null) },
             )
     }
 
@@ -939,15 +892,11 @@ class AuthRepositoryImpl(
         return accountsService.requestPasswordHint(email).fold(
             onSuccess = {
                 when (it) {
-                    is PasswordHintResponseJson.Error -> PasswordHintResult.Error(
-                        message = it.errorMessage,
-                        error = null,
-                    )
-
+                    is PasswordHintResponseJson.Error -> PasswordHintResult.Error(it.errorMessage)
                     PasswordHintResponseJson.Success -> PasswordHintResult.Success
                 }
             },
-            onFailure = { PasswordHintResult.Error(message = null, error = it) },
+            onFailure = { PasswordHintResult.Error(null) },
         )
     }
 
@@ -955,12 +904,12 @@ class AuthRepositoryImpl(
         val activeAccount = authDiskSource
             .userState
             ?.activeAccount
-            ?: return RemovePasswordResult.Error(error = NoActiveUserException())
+            ?: return RemovePasswordResult.Error
         val profile = activeAccount.profile
         val userId = profile.userId
         val userKey = authDiskSource
             .getUserKey(userId = userId)
-            ?: return RemovePasswordResult.Error(error = MissingPropertyException("User Key"))
+            ?: return RemovePasswordResult.Error
         val keyConnectorUrl = organizations
             .find {
                 it.shouldUseKeyConnector &&
@@ -968,9 +917,7 @@ class AuthRepositoryImpl(
                     it.type != OrganizationType.ADMIN
             }
             ?.keyConnectorUrl
-            ?: return RemovePasswordResult.Error(
-                error = MissingPropertyException("Key Connector URL"),
-            )
+            ?: return RemovePasswordResult.Error
         return keyConnectorManager
             .migrateExistingUserToKeyConnector(
                 userId = userId,
@@ -988,7 +935,7 @@ class AuthRepositoryImpl(
                 settingsRepository.setDefaultsIfNecessary(userId = userId)
             }
             .fold(
-                onFailure = { RemovePasswordResult.Error(error = it) },
+                onFailure = { RemovePasswordResult.Error },
                 onSuccess = { RemovePasswordResult.Success },
             )
     }
@@ -1001,7 +948,7 @@ class AuthRepositoryImpl(
         val activeAccount = authDiskSource
             .userState
             ?.activeAccount
-            ?: return ResetPasswordResult.Error(error = NoActiveUserException())
+            ?: return ResetPasswordResult.Error
         val currentPasswordHash = currentPassword?.let { password ->
             authSdkSource
                 .hashPassword(
@@ -1011,7 +958,7 @@ class AuthRepositoryImpl(
                     purpose = HashPurpose.SERVER_AUTHORIZATION,
                 )
                 .fold(
-                    onFailure = { return ResetPasswordResult.Error(error = it) },
+                    onFailure = { return ResetPasswordResult.Error },
                     onSuccess = { it },
                 )
         }
@@ -1057,7 +1004,7 @@ class AuthRepositoryImpl(
                     // Return the success.
                     ResetPasswordResult.Success
                 },
-                onFailure = { ResetPasswordResult.Error(error = it) },
+                onFailure = { ResetPasswordResult.Error },
             )
     }
 
@@ -1070,7 +1017,7 @@ class AuthRepositoryImpl(
         val activeAccount = authDiskSource
             .userState
             ?.activeAccount
-            ?: return SetPasswordResult.Error(error = NoActiveUserException())
+            ?: return SetPasswordResult.Error
         val userId = activeAccount.profile.userId
 
         // Update the saved master password hash.
@@ -1081,7 +1028,7 @@ class AuthRepositoryImpl(
                 kdf = activeAccount.profile.toSdkParams(),
                 purpose = HashPurpose.SERVER_AUTHORIZATION,
             )
-            .getOrElse { return@setPassword SetPasswordResult.Error(error = it) }
+            .getOrElse { return@setPassword SetPasswordResult.Error }
 
         return when (activeAccount.profile.forcePasswordResetReason) {
             ForcePasswordResetReason.TDE_USER_WITHOUT_PASSWORD_HAS_PASSWORD_RESET_PERMISSION -> {
@@ -1131,7 +1078,7 @@ class AuthRepositoryImpl(
                     }
             }
             .flatMap {
-                when (val result = vaultRepository.unlockVaultWithMasterPassword(password)) {
+                when (vaultRepository.unlockVaultWithMasterPassword(password)) {
                     is VaultUnlockResult.Success -> {
                         enrollUserInPasswordReset(
                             userId = userId,
@@ -1140,9 +1087,11 @@ class AuthRepositoryImpl(
                         )
                     }
 
-                    is VaultUnlockError -> {
-                        (result.error ?: IllegalStateException("Failed to unlock vault"))
-                            .asFailure()
+                    is VaultUnlockResult.AuthenticationError,
+                    VaultUnlockResult.InvalidStateError,
+                    VaultUnlockResult.GenericError,
+                        -> {
+                        IllegalStateException("Failed to unlock vault").asFailure()
                     }
                 }
             }
@@ -1152,7 +1101,7 @@ class AuthRepositoryImpl(
                 this.organizationIdentifier = null
             }
             .fold(
-                onFailure = { SetPasswordResult.Error(error = it) },
+                onFailure = { SetPasswordResult.Error },
                 onSuccess = { SetPasswordResult.Success },
             )
     }
@@ -1187,7 +1136,7 @@ class AuthRepositoryImpl(
                     verifiedDate = it.verifiedDate,
                 )
             },
-            onFailure = { OrganizationDomainSsoDetailsResult.Failure(error = it) },
+            onFailure = { OrganizationDomainSsoDetailsResult.Failure },
         )
 
     override suspend fun getVerifiedOrganizationDomainSsoDetails(
@@ -1202,7 +1151,7 @@ class AuthRepositoryImpl(
                     verifiedOrganizationDomainSsoDetails = it.verifiedOrganizationDomainSsoDetails,
                 )
             },
-            onFailure = { VerifiedOrganizationDomainSsoDetailsResult.Failure(error = it) },
+            onFailure = { VerifiedOrganizationDomainSsoDetailsResult.Failure },
         )
 
     override suspend fun prevalidateSso(
@@ -1213,21 +1162,13 @@ class AuthRepositoryImpl(
         )
         .fold(
             onSuccess = {
-                when (it) {
-                    is PrevalidateSsoResponseJson.Error -> {
-                        PrevalidateSsoResult.Failure(message = it.message, error = null)
-                    }
-
-                    is PrevalidateSsoResponseJson.Success -> {
-                        if (it.token.isNullOrBlank()) {
-                            PrevalidateSsoResult.Failure(error = MissingPropertyException("Token"))
-                        } else {
-                            PrevalidateSsoResult.Success(token = it.token)
-                        }
-                    }
+                if (it.token.isNullOrBlank()) {
+                    PrevalidateSsoResult.Failure
+                } else {
+                    PrevalidateSsoResult.Success(it.token)
                 }
             },
-            onFailure = { PrevalidateSsoResult.Failure(error = it) },
+            onFailure = { PrevalidateSsoResult.Failure },
         )
 
     override fun setSsoCallbackResult(result: SsoCallbackResult) {
@@ -1241,39 +1182,34 @@ class AuthRepositoryImpl(
                 deviceId = authDiskSource.uniqueAppId,
             )
             .fold(
-                onFailure = { KnownDeviceResult.Error(error = it) },
-                onSuccess = { KnownDeviceResult.Success(isKnownDevice = it) },
+                onFailure = { KnownDeviceResult.Error },
+                onSuccess = { KnownDeviceResult.Success(it) },
             )
 
     override suspend fun getPasswordBreachCount(password: String): BreachCountResult =
         haveIBeenPwnedService
             .getPasswordBreachCount(password)
             .fold(
-                onFailure = { BreachCountResult.Error(error = it) },
+                onFailure = { BreachCountResult.Error },
                 onSuccess = { BreachCountResult.Success(it) },
             )
 
     override suspend fun getPasswordStrength(
-        email: String?,
+        email: String,
         password: String,
     ): PasswordStrengthResult =
         authSdkSource
             .passwordStrength(
-                email = email
-                    ?: userStateFlow
-                        .value
-                        ?.activeAccount
-                        ?.email
-                        .orEmpty(),
+                email = email,
                 password = password,
             )
             .fold(
                 onSuccess = { PasswordStrengthResult.Success(passwordStrength = it) },
-                onFailure = { PasswordStrengthResult.Error(error = it) },
+                onFailure = { PasswordStrengthResult.Error },
             )
 
     override suspend fun validatePassword(password: String): ValidatePasswordResult {
-        val userId = activeUserId ?: return ValidatePasswordResult.Error(NoActiveUserException())
+        val userId = activeUserId ?: return ValidatePasswordResult.Error
         return authDiskSource
             .getMasterPasswordHash(userId = userId)
             ?.let { masterPasswordHash ->
@@ -1285,13 +1221,13 @@ class AuthRepositoryImpl(
                     )
                     .fold(
                         onSuccess = { ValidatePasswordResult.Success(isValid = it) },
-                        onFailure = { ValidatePasswordResult.Error(error = it) },
+                        onFailure = { ValidatePasswordResult.Error },
                     )
             }
             ?: run {
                 val encryptedKey = authDiskSource
                     .getUserKey(userId)
-                    ?: return ValidatePasswordResult.Error(MissingPropertyException("UserKey"))
+                    ?: return ValidatePasswordResult.Error
                 vaultSdkSource
                     .validatePasswordUserKey(
                         userId = userId,
@@ -1321,12 +1257,10 @@ class AuthRepositoryImpl(
             .userState
             ?.activeAccount
             ?.profile
-            ?: return ValidatePinResult.Error(error = NoActiveUserException())
+            ?: return ValidatePinResult.Error
         val pinProtectedUserKey = authDiskSource
             .getPinProtectedUserKey(userId = activeAccount.userId)
-            ?: return ValidatePinResult.Error(
-                error = MissingPropertyException("Pin Protected User Key"),
-            )
+            ?: return ValidatePinResult.Error
         return vaultSdkSource
             .validatePin(
                 userId = activeAccount.userId,
@@ -1335,7 +1269,7 @@ class AuthRepositoryImpl(
             )
             .fold(
                 onSuccess = { ValidatePinResult.Success(isValid = it) },
-                onFailure = { ValidatePinResult.Error(error = it) },
+                onFailure = { ValidatePinResult.Error },
             )
     }
 
@@ -1361,10 +1295,7 @@ class AuthRepositoryImpl(
                 onSuccess = {
                     when (it) {
                         is SendVerificationEmailResponseJson.Invalid -> {
-                            SendVerificationEmailResult.Error(
-                                errorMessage = it.message,
-                                error = null,
-                            )
+                            SendVerificationEmailResult.Error(it.message)
                         }
 
                         is SendVerificationEmailResponseJson.Success -> {
@@ -1372,7 +1303,9 @@ class AuthRepositoryImpl(
                         }
                     }
                 },
-                onFailure = { SendVerificationEmailResult.Error(errorMessage = null, error = it) },
+                onFailure = {
+                    SendVerificationEmailResult.Error(null)
+                },
             )
 
     override suspend fun validateEmailToken(email: String, token: String): EmailTokenResult {
@@ -1388,23 +1321,20 @@ class AuthRepositoryImpl(
                     when (val json = it) {
                         VerifyEmailTokenResponseJson.Valid -> EmailTokenResult.Success
                         is VerifyEmailTokenResponseJson.Invalid -> {
-                            EmailTokenResult.Error(message = json.message, error = null)
+                            EmailTokenResult.Error(json.message)
                         }
 
                         VerifyEmailTokenResponseJson.TokenExpired -> EmailTokenResult.Expired
                     }
                 },
-                onFailure = { EmailTokenResult.Error(message = null, error = it) },
+                onFailure = {
+                    EmailTokenResult.Error(message = null)
+                },
             )
     }
 
-    override fun setOnboardingStatus(status: OnboardingStatus) {
-        activeUserId?.let { userId ->
-            authDiskSource.storeOnboardingStatus(
-                userId = userId,
-                onboardingStatus = status,
-            )
-        }
+    override fun setOnboardingStatus(userId: String, status: OnboardingStatus?) {
+        authDiskSource.storeOnboardingStatus(userId = userId, onboardingStatus = status)
     }
 
     override fun getNewDeviceNoticeState(): NewDeviceNoticeState? {
@@ -1442,7 +1372,6 @@ class AuthRepositoryImpl(
                 // the notice needs to appear again
                 NewDeviceNoticeDisplayStatus.HAS_SEEN ->
                     newDeviceNoticeState.shouldDisplayNoticeIfSeen
-
                 NewDeviceNoticeDisplayStatus.HAS_NOT_SEEN -> true
                 // the user never needs to see the notice again
                 NewDeviceNoticeDisplayStatus.CAN_ACCESS_EMAIL_PERMANENT -> false
@@ -1459,9 +1388,7 @@ class AuthRepositoryImpl(
      * - Cannot have two-factor authentication enabled.
      */
     private fun newDeviceNoticePreConditionsValid(): Boolean {
-        val checkEnvironment = !featureFlagManager.getFeatureFlag(FlagKey.IgnoreEnvironmentCheck)
-        val isSelfHosted = environmentRepository.environment.type == Environment.Type.SELF_HOSTED
-        if (checkEnvironment && isSelfHosted) {
+        if (environmentRepository.environment.type == Environment.Type.SELF_HOSTED) {
             return false
         }
 
@@ -1648,7 +1575,6 @@ class AuthRepositoryImpl(
         deviceData: DeviceDataModel? = null,
         orgIdentifier: String? = null,
         captchaToken: String?,
-        newDeviceOtp: String? = null,
     ): LoginResult = identityService
         .getToken(
             uniqueAppId = authDiskSource.uniqueAppId,
@@ -1656,7 +1582,6 @@ class AuthRepositoryImpl(
             authModel = authModel,
             twoFactorData = twoFactorData ?: getRememberedTwoFactorData(email),
             captchaToken = captchaToken,
-            newDeviceOtp = newDeviceOtp,
         )
         .fold(
             onFailure = { throwable ->
@@ -1665,11 +1590,7 @@ class AuthRepositoryImpl(
                     configDiskSource.serverConfig?.isOfficialBitwardenServer == false -> {
                         LoginResult.UnofficialServerError
                     }
-
-                    else -> LoginResult.Error(
-                        errorMessage = null,
-                        error = throwable,
-                    )
+                    else -> LoginResult.Error(errorMessage = null)
                 }
             },
             onSuccess = { loginResponse ->
@@ -1693,23 +1614,9 @@ class AuthRepositoryImpl(
                         orgIdentifier = orgIdentifier,
                     )
 
-                    is GetTokenResponseJson.Invalid -> {
-                        when (loginResponse.invalidType) {
-                            is GetTokenResponseJson.Invalid.InvalidType.NewDeviceVerification ->
-                                handleLoginCommonNewDeviceVerification(
-                                    email = email,
-                                    authModel = authModel,
-                                    error = loginResponse.errorMessage,
-                                )
-
-                            is GetTokenResponseJson.Invalid.InvalidType.GenericInvalid -> {
-                                LoginResult.Error(
-                                    errorMessage = loginResponse.errorMessage,
-                                    error = null,
-                                )
-                            }
-                        }
-                    }
+                    is GetTokenResponseJson.Invalid -> LoginResult.Error(
+                        errorMessage = loginResponse.errorMessage,
+                    )
                 }
             },
         )
@@ -1797,6 +1704,15 @@ class AuthRepositoryImpl(
         )
         settingsRepository.hasUserLoggedInOrCreatedAccount = true
 
+        val shouldSetOnboardingStatus = featureFlagManager.getFeatureFlag(FlagKey.OnboardingFlow) &&
+            !settingsRepository.getUserHasLoggedInValue(userId = userId)
+        if (shouldSetOnboardingStatus) {
+            setOnboardingStatus(
+                userId = userId,
+                status = OnboardingStatus.NOT_STARTED,
+            )
+        }
+
         authDiskSource.userState = userStateJson
         loginResponse.key?.let {
             // Only set the value if it's present, since we may have set it already
@@ -1825,7 +1741,6 @@ class AuthRepositoryImpl(
         twoFactorResponse = null
         resendEmailRequestJson = null
         twoFactorDeviceData = null
-        resendNewDeviceOtpRequestJson = null
         settingsRepository.setDefaultsIfNecessary(userId = userId)
         settingsRepository.storeUserHasLoggedInValue(userId)
         vaultRepository.syncIfNecessary()
@@ -1858,24 +1773,6 @@ class AuthRepositoryImpl(
         return LoginResult.TwoFactorRequired
     }
 
-    /**
-     * A helper method that processes the
-     * [GetTokenResponseJson.Invalid.InvalidType.NewDeviceVerification] when logging in.
-     */
-    private fun handleLoginCommonNewDeviceVerification(
-        email: String,
-        authModel: IdentityTokenAuthModel,
-        error: String?,
-    ): LoginResult {
-        identityTokenAuthModel = authModel
-        resendNewDeviceOtpRequestJson = ResendNewDeviceOtpRequestJson(
-            email = email,
-            passwordHash = authModel.password,
-        )
-
-        return LoginResult.NewDeviceVerification(error)
-    }
-
     /**
      * Attempt to unlock the current user's vault with key connector data.
      */
@@ -1908,7 +1805,7 @@ class AuthRepositoryImpl(
                 }
                 .fold(
                     // If the request failed, we want to abort the login process
-                    onFailure = { VaultUnlockResult.GenericError(error = it) },
+                    onFailure = { VaultUnlockResult.GenericError },
                     onSuccess = { it },
                 )
         } else {
@@ -1948,7 +1845,7 @@ class AuthRepositoryImpl(
                 }
                 .fold(
                     // If the request failed, we want to abort the login process
-                    onFailure = { VaultUnlockResult.GenericError(error = it) },
+                    onFailure = { VaultUnlockResult.GenericError },
                     onSuccess = { it },
                 )
         }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/BreachCountResult.kt

@@ -12,8 +12,5 @@ sealed class BreachCountResult {
     /**
      * There was an error determining if the password has been breached.
      */
-    data class Error(
-        val error: Throwable,
-        val message: String? = null,
-    ) : BreachCountResult()
+    data object Error : BreachCountResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/DeleteAccountResult.kt

@@ -12,8 +12,5 @@ sealed class DeleteAccountResult {
     /**
      * There was an error deleting the account.
      */
-    data class Error(
-        val message: String?,
-        val error: Throwable?,
-    ) : DeleteAccountResult()
+    data class Error(val message: String?) : DeleteAccountResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/EmailTokenResult.kt

@@ -18,8 +18,5 @@ sealed class EmailTokenResult {
     /**
      * There was an error validating the token.
      */
-    data class Error(
-        val message: String?,
-        val error: Throwable?,
-    ) : EmailTokenResult()
+    data class Error(val message: String?) : EmailTokenResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/KnownDeviceResult.kt

@@ -12,7 +12,5 @@ sealed class KnownDeviceResult {
     /**
      * There was an error determining if this is a known device.
      */
-    data class Error(
-        val error: Throwable,
-    ) : KnownDeviceResult()
+    data object Error : KnownDeviceResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LoginResult.kt

@@ -22,10 +22,7 @@ sealed class LoginResult {
     /**
      * There was an error logging in.
      */
-    data class Error(
-        val errorMessage: String?,
-        val error: Throwable?,
-    ) : LoginResult()
+    data class Error(val errorMessage: String?) : LoginResult()
 
     /**
      * There was an error while logging into an unofficial Bitwarden server.
@@ -36,9 +33,4 @@ sealed class LoginResult {
      * There was an error in validating the certificate chain for the server
      */
     data object CertificateError : LoginResult()
-
-    /**
-     * New device verification is required
-     */
-    data class NewDeviceVerification(val errorMessage: String?) : LoginResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LoginResultExtensions.kt

@@ -8,12 +8,8 @@ import com.x8bit.bitwarden.data.vault.repository.model.VaultUnlockResult
  * the necessary `message` if applicable.
  */
 fun VaultUnlockError.toLoginErrorResult(): LoginResult.Error = when (this) {
-    is VaultUnlockResult.AuthenticationError -> {
-        LoginResult.Error(errorMessage = this.message, error = this.error)
-    }
-
-    is VaultUnlockResult.BiometricDecodingError,
-    is VaultUnlockResult.GenericError,
-    is VaultUnlockResult.InvalidStateError,
-        -> LoginResult.Error(errorMessage = null, error = this.error)
+    is VaultUnlockResult.AuthenticationError -> LoginResult.Error(this.message)
+    VaultUnlockResult.GenericError,
+    VaultUnlockResult.InvalidStateError,
+        -> LoginResult.Error(errorMessage = null)
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/NewSsoUserResult.kt

@@ -12,7 +12,5 @@ sealed class NewSsoUserResult {
     /**
      * There was an error while truing to create the new user.
      */
-    data class Failure(
-        val error: Throwable,
-    ) : NewSsoUserResult()
+    data object Failure : NewSsoUserResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/Organization.kt

@@ -18,4 +18,5 @@ data class Organization(
     val shouldManageResetPassword: Boolean,
     val shouldUseKeyConnector: Boolean,
     val role: OrganizationType,
+    val shouldUsersGetPremium: Boolean,
 )

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/OrganizationDomainSsoDetailsResult.kt

@@ -22,7 +22,5 @@ sealed class OrganizationDomainSsoDetailsResult {
     /**
      * The request failed.
      */
-    data class Failure(
-        val error: Throwable,
-    ) : OrganizationDomainSsoDetailsResult()
+    data object Failure : OrganizationDomainSsoDetailsResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/PasswordHintResult.kt

@@ -13,8 +13,5 @@ sealed class PasswordHintResult {
     /**
      * There was an error.
      */
-    data class Error(
-        val message: String?,
-        val error: Throwable?,
-    ) : PasswordHintResult()
+    data class Error(val message: String?) : PasswordHintResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/PasswordStrengthResult.kt

@@ -16,7 +16,5 @@ sealed class PasswordStrengthResult {
     /**
      * There was an error determining the password strength.
      */
-    data class Error(
-        val error: Throwable,
-    ) : PasswordStrengthResult()
+    data object Error : PasswordStrengthResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/PrevalidateSsoResult.kt

@@ -14,8 +14,5 @@ sealed class PrevalidateSsoResult {
     /**
      * There was an error in prevalidation.
      */
-    data class Failure(
-        val message: String? = null,
-        val error: Throwable?,
-    ) : PrevalidateSsoResult()
+    data object Failure : PrevalidateSsoResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/RegisterResult.kt

@@ -23,10 +23,7 @@ sealed class RegisterResult {
      *
      * @param errorMessage a message describing the error.
      */
-    data class Error(
-        val errorMessage: String?,
-        val error: Throwable?,
-    ) : RegisterResult()
+    data class Error(val errorMessage: String?) : RegisterResult()
 
     /**
      * Password hash was found in a data breach.

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/RemovePasswordResult.kt

@@ -12,7 +12,5 @@ sealed class RemovePasswordResult {
     /**
      * There was an error removing the password.
      */
-    data class Error(
-        val error: Throwable,
-    ) : RemovePasswordResult()
+    data object Error : RemovePasswordResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/RequestOtpResult.kt

@@ -13,8 +13,5 @@ sealed class RequestOtpResult {
     /**
      * Represents a failure to send the one-time passcode.
      */
-    data class Error(
-        val message: String?,
-        val error: Throwable,
-    ) : RequestOtpResult()
+    data class Error(val message: String?) : RequestOtpResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/ResendEmailResult.kt

@@ -13,8 +13,5 @@ sealed class ResendEmailResult {
     /**
      * There was an error.
      */
-    data class Error(
-        val message: String?,
-        val error: Throwable,
-    ) : ResendEmailResult()
+    data class Error(val message: String?) : ResendEmailResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/ResetPasswordResult.kt

@@ -12,7 +12,5 @@ sealed class ResetPasswordResult {
     /**
      * There was an error resetting the password.
      */
-    data class Error(
-        val error: Throwable,
-    ) : ResetPasswordResult()
+    data object Error : ResetPasswordResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/SendVerificationEmailResult.kt

@@ -18,8 +18,5 @@ sealed class SendVerificationEmailResult {
      *
      * @param errorMessage a message describing the error.
      */
-    data class Error(
-        val errorMessage: String?,
-        val error: Throwable?,
-    ) : SendVerificationEmailResult()
+    data class Error(val errorMessage: String?) : SendVerificationEmailResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/SetPasswordResult.kt

@@ -12,7 +12,5 @@ sealed class SetPasswordResult {
     /**
      * There was an error setting the password.
      */
-    data class Error(
-        val error: Throwable,
-    ) : SetPasswordResult()
+    data object Error : SetPasswordResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/UserFingerprintResult.kt

@@ -14,7 +14,5 @@ sealed class UserFingerprintResult {
     /**
      * There was an error getting the user fingerprint.
      */
-    data class Error(
-        val error: Throwable,
-    ) : UserFingerprintResult()
+    data object Error : UserFingerprintResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/ValidatePasswordResult.kt

@@ -15,7 +15,5 @@ sealed class ValidatePasswordResult {
     /**
      * There was an error determining if the validity of the password.
      */
-    data class Error(
-        val error: Throwable,
-    ) : ValidatePasswordResult()
+    data object Error : ValidatePasswordResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/ValidatePinResult.kt

@@ -14,7 +14,5 @@ sealed class ValidatePinResult {
     /**
      * There was an error determining if the validity of the PIN.
      */
-    data class Error(
-        val error: Throwable,
-    ) : ValidatePinResult()
+    data object Error : ValidatePinResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/VerifiedOrganizationDomainSsoDetailsResult.kt

@@ -18,7 +18,5 @@ sealed class VerifiedOrganizationDomainSsoDetailsResult {
     /**
      * The request failed.
      */
-    data class Failure(
-        val error: Throwable,
-    ) : VerifiedOrganizationDomainSsoDetailsResult()
+    data object Failure : VerifiedOrganizationDomainSsoDetailsResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/VerifyOtpResult.kt

@@ -13,8 +13,5 @@ sealed class VerifyOtpResult {
     /**
      * Represents a failure to verify the one-time passcode.
      */
-    data class NotVerified(
-        val errorMessage: String?,
-        val error: Throwable,
-    ) : VerifyOtpResult()
+    data class NotVerified(val errorMessage: String?) : VerifyOtpResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/SyncResponseJsonExtensions.kt

@@ -22,6 +22,7 @@ fun SyncResponseJson.Profile.Organization.toOrganization(): Organization =
         shouldUseKeyConnector = this.shouldUseKeyConnector,
         role = this.type,
         shouldManageResetPassword = this.permissions.shouldManageResetPassword,
+        shouldUsersGetPremium = this.shouldUsersGetPremium,
     )
 
 /**

app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/BitwardenAccessibilityService.kt

@@ -1,10 +1,8 @@
 package com.x8bit.bitwarden.data.autofill.accessibility
 
 import android.accessibilityservice.AccessibilityService
-import android.content.Intent
 import android.view.accessibility.AccessibilityEvent
 import androidx.annotation.Keep
-import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityEnabledManager
 import com.x8bit.bitwarden.data.autofill.accessibility.processor.BitwardenAccessibilityProcessor
 import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
 import com.x8bit.bitwarden.data.tiles.BitwardenAutofillTileService
@@ -23,28 +21,9 @@ class BitwardenAccessibilityService : AccessibilityService() {
     @Inject
     lateinit var processor: BitwardenAccessibilityProcessor
 
-    @Inject
-    lateinit var accessibilityEnabledManager: AccessibilityEnabledManager
-
     override fun onAccessibilityEvent(event: AccessibilityEvent) {
         processor.processAccessibilityEvent(event = event) { rootInActiveWindow }
     }
 
     override fun onInterrupt() = Unit
-
-    override fun onCreate() {
-        super.onCreate()
-        accessibilityEnabledManager.refreshAccessibilityEnabledFromSettings()
-    }
-
-    override fun onUnbind(intent: Intent?): Boolean {
-        return super
-            .onUnbind(intent)
-            .also { accessibilityEnabledManager.refreshAccessibilityEnabledFromSettings() }
-    }
-
-    override fun onServiceConnected() {
-        super.onServiceConnected()
-        accessibilityEnabledManager.refreshAccessibilityEnabledFromSettings()
-    }
 }

app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/di/AccessibilityModule.kt

@@ -57,10 +57,10 @@ object AccessibilityModule {
     @Singleton
     @Provides
     fun providesAccessibilityEnabledManager(
-        @ApplicationContext context: Context,
+        accessibilityManager: AccessibilityManager,
     ): AccessibilityEnabledManager =
         AccessibilityEnabledManagerImpl(
-            context = context,
+            accessibilityManager = accessibilityManager,
         )
 
     @Singleton

app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/manager/AccessibilityEnabledManager.kt

@@ -10,9 +10,4 @@ interface AccessibilityEnabledManager {
      * Emits updates that track whether the accessibility autofill service is enabled..
      */
     val isAccessibilityEnabledStateFlow: StateFlow<Boolean>
-
-    /**
-     * Gets the accessibility enabled state from the system settings.
-     */
-    fun refreshAccessibilityEnabledFromSettings()
 }

app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/manager/AccessibilityEnabledManagerImpl.kt

@@ -1,7 +1,6 @@
 package com.x8bit.bitwarden.data.autofill.accessibility.manager
 
-import android.content.Context
-import com.x8bit.bitwarden.data.autofill.accessibility.util.isAccessibilityServiceEnabled
+import android.view.accessibility.AccessibilityManager
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.StateFlow
 import kotlinx.coroutines.flow.asStateFlow
@@ -10,20 +9,18 @@ import kotlinx.coroutines.flow.asStateFlow
  * The default implementation of [AccessibilityEnabledManager].
  */
 class AccessibilityEnabledManagerImpl(
-    private val context: Context,
+    accessibilityManager: AccessibilityManager,
 ) : AccessibilityEnabledManager {
-    private val mutableIsAccessibilityEnabledStateFlow = MutableStateFlow(
-        value = context.isAccessibilityServiceEnabled,
-    )
+    private val mutableIsAccessibilityEnabledStateFlow = MutableStateFlow(value = false)
 
     init {
-        mutableIsAccessibilityEnabledStateFlow.value = context.isAccessibilityServiceEnabled
+        accessibilityManager.addAccessibilityStateChangeListener(
+            AccessibilityManager.AccessibilityStateChangeListener { isEnabled ->
+                mutableIsAccessibilityEnabledStateFlow.value = isEnabled
+            },
+        )
     }
 
     override val isAccessibilityEnabledStateFlow: StateFlow<Boolean>
         get() = mutableIsAccessibilityEnabledStateFlow.asStateFlow()
-
-    override fun refreshAccessibilityEnabledFromSettings() {
-        mutableIsAccessibilityEnabledStateFlow.value = context.isAccessibilityServiceEnabled
-    }
 }

app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/util/BrowserUtil.kt

@@ -128,11 +128,6 @@ private val ACCESSIBILITY_SUPPORTED_BROWSERS = listOf(
         // 2nd = Anticipation
         possibleUrlFieldIds = listOf("url_bar_title", "mozac_browser_toolbar_url_view"),
     ),
-    Browser(
-        packageName = "org.ironfoxoss.ironfox",
-        // 2nd = Legacy
-        possibleUrlFieldIds = listOf("mozac_browser_toolbar_url_view", "url_bar_title"),
-    ),
     Browser(packageName = "org.mozilla.fenix", urlFieldId = "mozac_browser_toolbar_url_view"),
     // [DEPRECATED ENTRY]
     Browser(
@@ -196,6 +191,11 @@ private val ACCESSIBILITY_SUPPORTED_BROWSERS = listOf(
     ),
     Browser(packageName = "org.ungoogled.chromium.extensions.stable", urlFieldId = "url_bar"),
     Browser(packageName = "org.ungoogled.chromium.stable", urlFieldId = "url_bar"),
+    Browser(
+        packageName = "us.spotco.fennec_dos",
+        // 2nd = Legacy
+        possibleUrlFieldIds = listOf("mozac_browser_toolbar_url_view", "url_bar_title"),
+    ),
 
     // [Section B] Entries only present here
     // TODO: Test the compatibility of these with Autofill Framework