github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-05-07 19:39:41 -05:00
Code Issues 1.1k Packages Projects Releases 122 Wiki Activity

[PR #5955] [MERGED] [PM-23278] Upgrade user KDF settings to minimums #36681

New Issue
Closed
opened 2026-04-21 03:50:28 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-21 03:50:28 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/bitwarden/android/pull/5955
Author: @andrebispo5
Created: 9/29/2025
Status: Merged
Merged: 10/9/2025
Merged by: @andrebispo5

Base: mainHead: pm-23278/kdf-upgrade-minimum

📝 Commits (10+)

  • 5ff44d6 [PM-23278] Add SDK makeUpdateKdf call
  • a0bbc1a [PM-23278] Add updateKdf service call and test
  • 0ff6bb4 [PM-23278] Add func to update to minimum kdf settings to AuthRepository
  • b200af3 [PM-23278] Remove unused imports
  • 6300d5d [PM-23278] Add customisation to BitwardenMasterPasswordDialog
  • 98d0361 [PM-23278] Add dialog to input password to update KDF settings to minimums
  • d07e8f9 Merge branch 'main' into pm-23278/kdf-upgrade-minimum
  • 7c5a6ac [PM-23278] Check and show if user needs KDF update on vault load.
  • c4078cd [PM-23278] Try to update KDF to minimums after password unlock.
  • 03a09ef [PM-23278] Update tests.

📊 Changes

35 files changed (+1573 additions, -23 deletions)

View changed files

📝 app/src/main/kotlin/com/x8bit/bitwarden/data/auth/datasource/sdk/util/KdfExtensions.kt (+21 -0)
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/KdfManager.kt (+19 -0)
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/KdfManagerImpl.kt (+101 -0)
📝 app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/di/AuthManagerModule.kt (+17 -0)
📝 app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepository.kt (+6 -1)
📝 app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt (+15 -0)
📝 app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/di/AuthRepositoryModule.kt (+3 -0)
app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/model/UpdateKdfMinimumsResult.kt (+25 -0)
📝 app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/util/UserStateJsonExtensions.kt (+26 -0)
📝 app/src/main/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/VaultSdkSource.kt (+10 -0)
📝 app/src/main/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/VaultSdkSourceImpl.kt (+11 -0)
📝 app/src/main/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManagerImpl.kt (+20 -3)
📝 app/src/main/kotlin/com/x8bit/bitwarden/data/vault/manager/di/VaultManagerModule.kt (+3 -0)
📝 app/src/main/kotlin/com/x8bit/bitwarden/ui/platform/components/dialog/BitwardenMasterPasswordDialog.kt (+14 -5)
📝 app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultScreen.kt (+13 -0)
📝 app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultViewModel.kt (+122 -13)
📝 app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/handlers/VaultHandlers.kt (+4 -0)
app/src/test/kotlin/com/x8bit/bitwarden/data/auth/manager/KdfManagerTest.kt (+422 -0)
📝 app/src/test/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryTest.kt (+42 -1)
📝 app/src/test/kotlin/com/x8bit/bitwarden/data/auth/repository/util/UserStateJsonExtensionsTest.kt (+187 -0)

...and 15 more files

📄 Description

Note

Depends on PR: https://github.com/bitwarden/android/pull/5944

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-23278
https://bitwarden.atlassian.net/browse/PM-23577

📔 Objective

This pull request introduces functionality to ensure user KDF (Key Derivation Function) settings meet minimum security requirements. It adds logic to check if an account's KDF configuration is outdated and, if so, updates it automatically after password unlock, provided the relevant feature flag is enabled. The changes also include necessary model, service, and dependency updates to support this workflow.

KDF Minimums Enforcement and Update Workflow

  • Added new methods to AuthRepository and AuthRepositoryImpl to check if a user's KDF settings are below the minimum and to update them if needed, including integration with a feature flag (ForceUpdateKdfSettings). [1] [2]
  • Automatically triggers KDF update after password unlock if the user's settings are outdated and the feature flag is enabled.

Model and SDK Support

  • Introduced UpdateKdfMinimumsResult sealed class to model the result of updating KDF settings.
  • Added makeUpdateKdf method to VaultSdkSource and its implementation to generate updated KDF data using the SDK. [1] [2]
  • Added extension function toKdfRequestModel to convert SDK KDF objects to network request models.

Dependency Injection and Feature Flag Integration

  • Updated DI module (AuthRepositoryModule) to provide FeatureFlagManager to AuthRepositoryImpl. [1] [2] [3]

📸 Screenshots

https://github.com/user-attachments/assets/fadacc0a-2c75-49fa-9172-b5e04fe76979

Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/bitwarden/android/pull/5955 **Author:** [@andrebispo5](https://github.com/andrebispo5) **Created:** 9/29/2025 **Status:** ✅ Merged **Merged:** 10/9/2025 **Merged by:** [@andrebispo5](https://github.com/andrebispo5) **Base:** `main` ← **Head:** `pm-23278/kdf-upgrade-minimum` --- ### 📝 Commits (10+) - [`5ff44d6`](https://github.com/bitwarden/android/commit/5ff44d6133e3009139eb47fd1d58d716f30310f6) [PM-23278] Add SDK makeUpdateKdf call - [`a0bbc1a`](https://github.com/bitwarden/android/commit/a0bbc1a3137454121267751caec620027b82041a) [PM-23278] Add updateKdf service call and test - [`0ff6bb4`](https://github.com/bitwarden/android/commit/0ff6bb4aebacc84e19662afb08b1cbcb9c39badf) [PM-23278] Add func to update to minimum kdf settings to AuthRepository - [`b200af3`](https://github.com/bitwarden/android/commit/b200af36a0c910d396b32ed6751d49e23235f138) [PM-23278] Remove unused imports - [`6300d5d`](https://github.com/bitwarden/android/commit/6300d5d789f814f4f5412b8d38ab6a87007b3281) [PM-23278] Add customisation to BitwardenMasterPasswordDialog - [`98d0361`](https://github.com/bitwarden/android/commit/98d03614f45b98e6ebaf4aa6608a7fcde361be92) [PM-23278] Add dialog to input password to update KDF settings to minimums - [`d07e8f9`](https://github.com/bitwarden/android/commit/d07e8f9ae2e06f35d906cedb1eb5ddb6bb0bb9ce) Merge branch 'main' into pm-23278/kdf-upgrade-minimum - [`7c5a6ac`](https://github.com/bitwarden/android/commit/7c5a6ac2d8affb38ed710ae91d139a8865586adb) [PM-23278] Check and show if user needs KDF update on vault load. - [`c4078cd`](https://github.com/bitwarden/android/commit/c4078cd10271967d1e5a5e3d0287c46b41e624b1) [PM-23278] Try to update KDF to minimums after password unlock. - [`03a09ef`](https://github.com/bitwarden/android/commit/03a09ef6c01d770fbdddccd02e55dd8a690c36ae) [PM-23278] Update tests. ### 📊 Changes **35 files changed** (+1573 additions, -23 deletions) <details> <summary>View changed files</summary> 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/auth/datasource/sdk/util/KdfExtensions.kt` (+21 -0) ➕ `app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/KdfManager.kt` (+19 -0) ➕ `app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/KdfManagerImpl.kt` (+101 -0) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/di/AuthManagerModule.kt` (+17 -0) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepository.kt` (+6 -1) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt` (+15 -0) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/di/AuthRepositoryModule.kt` (+3 -0) ➕ `app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/model/UpdateKdfMinimumsResult.kt` (+25 -0) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/util/UserStateJsonExtensions.kt` (+26 -0) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/VaultSdkSource.kt` (+10 -0) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/VaultSdkSourceImpl.kt` (+11 -0) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/vault/manager/VaultLockManagerImpl.kt` (+20 -3) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/data/vault/manager/di/VaultManagerModule.kt` (+3 -0) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/ui/platform/components/dialog/BitwardenMasterPasswordDialog.kt` (+14 -5) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultScreen.kt` (+13 -0) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultViewModel.kt` (+122 -13) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/handlers/VaultHandlers.kt` (+4 -0) ➕ `app/src/test/kotlin/com/x8bit/bitwarden/data/auth/manager/KdfManagerTest.kt` (+422 -0) 📝 `app/src/test/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryTest.kt` (+42 -1) 📝 `app/src/test/kotlin/com/x8bit/bitwarden/data/auth/repository/util/UserStateJsonExtensionsTest.kt` (+187 -0) _...and 15 more files_ </details> ### 📄 Description > [!NOTE] > Depends on PR: https://github.com/bitwarden/android/pull/5944 ## 🎟️ Tracking <!-- Paste the link to the Jira or GitHub issue or otherwise describe / point to where this change is coming from. --> https://bitwarden.atlassian.net/browse/PM-23278 https://bitwarden.atlassian.net/browse/PM-23577 ## 📔 Objective <!-- Describe what the purpose of this PR is, for example what bug you're fixing or new feature you're adding. --> This pull request introduces functionality to ensure user KDF (Key Derivation Function) settings meet minimum security requirements. It adds logic to check if an account's KDF configuration is outdated and, if so, updates it automatically after password unlock, provided the relevant feature flag is enabled. The changes also include necessary model, service, and dependency updates to support this workflow. **KDF Minimums Enforcement and Update Workflow** * Added new methods to `AuthRepository` and `AuthRepositoryImpl` to check if a user's KDF settings are below the minimum and to update them if needed, including integration with a feature flag (`ForceUpdateKdfSettings`). [[1]](diffhunk://#diff-244d60798bc7c42ddc79023019fbb5a176aee94e424a594ff0c5cb597278031dR355-R364) [[2]](diffhunk://#diff-ae5f127fe7d307dcd51856e300d493864975cc1e63f8c1b9192e62fd8890bb75R1246-R1347) * Automatically triggers KDF update after password unlock if the user's settings are outdated and the feature flag is enabled. **Model and SDK Support** * Introduced `UpdateKdfMinimumsResult` sealed class to model the result of updating KDF settings. * Added `makeUpdateKdf` method to `VaultSdkSource` and its implementation to generate updated KDF data using the SDK. [[1]](diffhunk://#diff-bc38f23e72696d977701f709d191ce920aaa5e04543c04eaae5171b3d5c5d505R495-R503) [[2]](diffhunk://#diff-39f0a2dfbe9a72ed11b2695853b67ccec43d5030d22763a2f1b2db638a16116aR10) * Added extension function `toKdfRequestModel` to convert SDK KDF objects to network request models. **Dependency Injection and Feature Flag Integration** * Updated DI module (`AuthRepositoryModule`) to provide `FeatureFlagManager` to `AuthRepositoryImpl`. [[1]](diffhunk://#diff-07bf629e29ffd49d7c2493930e79ad1bf5f434c11a10e750ac5aba381668bc95R21) [[2]](diffhunk://#diff-07bf629e29ffd49d7c2493930e79ad1bf5f434c11a10e750ac5aba381668bc95R71) [[3]](diffhunk://#diff-07bf629e29ffd49d7c2493930e79ad1bf5f434c11a10e750ac5aba381668bc95R96) ## 📸 Screenshots <!-- Required for any UI changes; delete if not applicable. Use fixed width images for better display. --> https://github.com/user-attachments/assets/fadacc0a-2c75-49fa-9172-b5e04fe76979 ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Protected functional changes with optionality (feature flags) - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team ## 🦮 Reviewer guidelines <!-- Suggested interactions but feel free to use (or not) as you desire! --> - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-21 03:50:28 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#36681
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?