github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-05-10 05:49:44 -05:00
Code Issues 1.1k Packages Projects Releases 122 Wiki Activity

[PR #2769] [MERGED] [PM-3726] prevent legacy user login #52012

New Issue
Closed
opened 2026-05-01 15:45:43 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-05-01 15:45:43 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/bitwarden/android/pull/2769
Author: @jlf0dev
Created: 9/13/2023
Status: Merged
Merged: 9/20/2023
Merged by: @trmartin4

Base: masterHead: auth/pm-3726/migrate-legacy-users

📝 Commits (10+)

  • 1423387 [PM-3726] prevent legacy user login
  • 6e5de95 [PM-3726] prevent unlock or auto key migration if legacy user
  • 0adc967 [PM-3726] add legacy checks to lock page and refactor
  • 170af72 [PM-3726] rethrow exception from pin
  • 213dbb3 formatting
  • 7b4b711 [PM-3726] add changes to LockViewController, consolidate logout calls
  • d23e680 formatting
  • 98fd17f [PM-3726] pr feedback
  • 4bcd357 Merge branch 'master' into auth/pm-3726/migrate-legacy-users
  • 64c4024 generate resx

📊 Changes

11 files changed (+2146 additions, -4431 deletions)

View changed files

📝 src/App/Pages/Accounts/LockPageViewModel.cs (+221 -143)
📝 src/App/Pages/Accounts/LoginPageViewModel.cs (+8 -0)
📝 src/App/Resources/AppResources.Designer.cs (+1682 -4189)
📝 src/App/Resources/AppResources.resx (+3 -0)
📝 src/Core/Abstractions/ICryptoService.cs (+1 -0)
src/Core/Exceptions/LegacyUserException.cs (+11 -0)
📝 src/Core/Models/Domain/AuthResult.cs (+1 -0)
📝 src/Core/Services/AuthService.cs (+11 -0)
📝 src/Core/Services/CryptoService.cs (+43 -0)
📝 src/Core/Services/VaultTimeoutService.cs (+15 -4)
📝 src/iOS.Core/Controllers/BaseLockPasswordViewController.cs (+150 -95)

📄 Description

Type of change

  • Bug fix
  • New feature development
  • Tech debt (refactoring, code cleanup, dependency upgrades, etc)
  • Build/deploy pipeline (DevOps)
  • Other

Objective

Prevent legacy users from logging in and direct them to the web vault for migration.

Code changes

Legacy users are detected early in the AuthService.LoginHelper by checking for the existence of a local hashed password (meaning MP was used to login) and the absence of a IdentityToken.Key. We can then return early before the authentication process and prevent any state from being set.

  • LockPageViewModel.cs: Prevents unlocks for legacy users. Most of these changes are formatting. I split out the SubmitAsync method into UnlockWithPinAsync and UnlockWithMasterPasswordAsync. I also am catching any LegacyUserException errors now in the SubmitAsync method in order to process them.
  • BaseLockPasswordViewController.cs: Duplicate changes as LockPageViewModel
  • LoginPageViewModel.cs: Prevent logins for legacy users. Note: Instead of using the LegacyUserException like on the LockPage, I have added AuthResult.RequiresEncryptionKeyMigration. The clients repo couldn't use an exception in the same way so I decided to keep the models similar.
  • AuthService.cs: If a user is logging in with their MP, we can determine if they are a legacy user and return early.
  • CryptoService.cs: Add ValidateUserKeyAsync and IsLegacyUserAsync for legacy user detection. Throw exceptions from migration methods if a legacy user is detected.
  • VaultTimeoutService.cs: If a legacy user has an auto key set, we need to catch the exception and log them out before they are migrated.

Screenshots

image

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/bitwarden/android/pull/2769 **Author:** [@jlf0dev](https://github.com/jlf0dev) **Created:** 9/13/2023 **Status:** ✅ Merged **Merged:** 9/20/2023 **Merged by:** [@trmartin4](https://github.com/trmartin4) **Base:** `master` ← **Head:** `auth/pm-3726/migrate-legacy-users` --- ### 📝 Commits (10+) - [`1423387`](https://github.com/bitwarden/android/commit/1423387ef640255eed27161e1778ec366f0fbdaf) [PM-3726] prevent legacy user login - [`6e5de95`](https://github.com/bitwarden/android/commit/6e5de95852fbb218ab8e6a855b54e3cdff67868a) [PM-3726] prevent unlock or auto key migration if legacy user - [`0adc967`](https://github.com/bitwarden/android/commit/0adc967ec20d355920e81382e0456d8857d0446d) [PM-3726] add legacy checks to lock page and refactor - [`170af72`](https://github.com/bitwarden/android/commit/170af7214c75fcdfd901b85d5f7fc9a793c57d3b) [PM-3726] rethrow exception from pin - [`213dbb3`](https://github.com/bitwarden/android/commit/213dbb32e8f307cb2e9bf9fce883b2ba50632aa4) formatting - [`7b4b711`](https://github.com/bitwarden/android/commit/7b4b7115ae42124f49f161b7608d1334f42448e1) [PM-3726] add changes to LockViewController, consolidate logout calls - [`d23e680`](https://github.com/bitwarden/android/commit/d23e680832479c0021fc0a27e828298ec97a82ef) formatting - [`98fd17f`](https://github.com/bitwarden/android/commit/98fd17fa1b9147b46e12da55bcd566f9851ed86c) [PM-3726] pr feedback - [`4bcd357`](https://github.com/bitwarden/android/commit/4bcd3574cf1f5dca102c43136dbc4036174c1168) Merge branch 'master' into auth/pm-3726/migrate-legacy-users - [`64c4024`](https://github.com/bitwarden/android/commit/64c4024a7359188872a4b841ade5abeac482a7ca) generate resx ### 📊 Changes **11 files changed** (+2146 additions, -4431 deletions) <details> <summary>View changed files</summary> 📝 `src/App/Pages/Accounts/LockPageViewModel.cs` (+221 -143) 📝 `src/App/Pages/Accounts/LoginPageViewModel.cs` (+8 -0) 📝 `src/App/Resources/AppResources.Designer.cs` (+1682 -4189) 📝 `src/App/Resources/AppResources.resx` (+3 -0) 📝 `src/Core/Abstractions/ICryptoService.cs` (+1 -0) ➕ `src/Core/Exceptions/LegacyUserException.cs` (+11 -0) 📝 `src/Core/Models/Domain/AuthResult.cs` (+1 -0) 📝 `src/Core/Services/AuthService.cs` (+11 -0) 📝 `src/Core/Services/CryptoService.cs` (+43 -0) 📝 `src/Core/Services/VaultTimeoutService.cs` (+15 -4) 📝 `src/iOS.Core/Controllers/BaseLockPasswordViewController.cs` (+150 -95) </details> ### 📄 Description ## Type of change - [x] Bug fix - [ ] New feature development - [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) - [ ] Build/deploy pipeline (DevOps) - [ ] Other ## Objective <!--Describe what the purpose of this PR is. For example: what bug you're fixing or what new feature you're adding--> Prevent legacy users from logging in and direct them to the web vault for migration. ## Code changes <!--Explain the changes you've made to each file or major component. This should help the reviewer understand your changes--> <!--Also refer to any related changes or PRs in other repositories--> Legacy users are detected early in the `AuthService.LoginHelper` by checking for the existence of a local hashed password (meaning MP was used to login) and the absence of a `IdentityToken.Key`. We can then return early before the authentication process and prevent any state from being set. - **LockPageViewModel.cs:** Prevents unlocks for legacy users. Most of these changes are formatting. I split out the `SubmitAsync` method into `UnlockWithPinAsync` and `UnlockWithMasterPasswordAsync`. I also am catching any `LegacyUserException` errors now in the `SubmitAsync` method in order to process them. - **BaseLockPasswordViewController.cs:** Duplicate changes as `LockPageViewModel` - **LoginPageViewModel.cs:** Prevent logins for legacy users. **Note:** Instead of using the `LegacyUserException` like on the LockPage, I have added `AuthResult.RequiresEncryptionKeyMigration`. The clients repo couldn't use an exception in the same way so I decided to keep the models similar. - **AuthService.cs:** If a user is logging in with their MP, we can determine if they are a legacy user and return early. - **CryptoService.cs:** Add `ValidateUserKeyAsync` and `IsLegacyUserAsync` for legacy user detection. Throw exceptions from migration methods if a legacy user is detected. - **VaultTimeoutService.cs:** If a legacy user has an auto key set, we need to catch the exception and log them out before they are migrated. ## Screenshots <!--Required for any UI changes. Delete if not applicable--> ![image](https://github.com/bitwarden/mobile/assets/24985544/52fdff17-2c55-451b-8960-f53c44738b36) ## Before you submit - Please check for formatting errors (`dotnet format --verify-no-changes`) (required) - Please add **unit tests** where it makes sense to do so (encouraged but not required) - If this change requires a **documentation update** - notify the documentation team - If this change has particular **deployment requirements** - notify the DevOps team --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-01 15:45:43 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#52012
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?