github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-05-08 21:10:40 -05:00
Code Issues 1.1k Packages Projects Releases 122 Wiki Activity

[PR #5994] [MERGED] [PM-26716] Validate credential exchange request #54435

New Issue
Closed
opened 2026-05-01 19:55:55 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-05-01 19:55:55 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/bitwarden/android/pull/5994
Author: @SaintPatrck
Created: 10/8/2025
Status: Merged
Merged: 10/8/2025
Merged by: @SaintPatrck

Base: mainHead: cxf/app/validate-import-request

📝 Commits (1)

  • fc61db8 [PM-26716] Validate credential exchange request

📊 Changes

18 files changed (+391 additions, -34 deletions)

View changed files

📝 app/src/main/kotlin/com/x8bit/bitwarden/ui/platform/composition/LocalManagerProvider.kt (+6 -0)
📝 app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/reviewexport/ReviewExportScreen.kt (+1 -1)
📝 app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/reviewexport/ReviewExportViewModel.kt (+3 -3)
📝 app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/selectaccount/SelectAccountScreen.kt (+42 -0)
📝 app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/selectaccount/SelectAccountViewModel.kt (+84 -21)
📝 app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/util/SpecialCircumstanceExtensionsTest.kt (+3 -3)
📝 app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/base/BitwardenComposeTest.kt (+3 -0)
📝 app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/SelectAccountScreenTest.kt (+11 -0)
📝 app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/SelectAccountViewModelTest.kt (+91 -2)
📝 app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/reviewexport/ReviewExportScreenTest.kt (+1 -1)
📝 app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/reviewexport/ReviewExportViewModelTest.kt (+1 -1)
📝 cxf/src/main/kotlin/com/bitwarden/cxf/importer/CredentialExchangeImporterImpl.kt (+0 -2)
cxf/src/main/kotlin/com/bitwarden/cxf/ui/composition/LocalCredentialExchangeRequestValidatorProvider.kt (+17 -0)
cxf/src/main/kotlin/com/bitwarden/cxf/validator/CredentialExchangeRequestValidator.kt (+19 -0)
cxf/src/main/kotlin/com/bitwarden/cxf/validator/CredentialExchangeRequestValidatorImpl.kt (+30 -0)
cxf/src/main/kotlin/com/bitwarden/cxf/validator/dsl/CredentialExchangeRequestValidatorBuilder.kt (+49 -0)
cxf/src/test/kotlin/com/bitwarden/cxf/validator/CredentialExchangeRequestValidatorTest.kt (+29 -0)
📝 ui/src/main/res/values/strings.xml (+1 -0)

📄 Description

🎟️ Tracking

PM-26716

📔 Objective

This commit introduces validation for incoming credential exchange requests to ensure they originate from a trusted source (Google Mobile Services).

Previously, the app would immediately process any credential import request. This change adds a validation step at the beginning of the flow. If the request is not valid, an error screen is displayed to the user, preventing further processing.

Specific changes:

  • Add CredentialExchangeRequestValidator to validate incoming import requests by checking the calling package.
  • Introduce a CredentialExchangeRequestValidatorBuilder and a corresponding DSL for easy instantiation.
  • Provide the validator via LocalCredentialExchangeRequestValidator CompositionLocal.
  • In SelectAccountViewModel, validate the request data upon initialization. If validation fails, transition to an error state.
  • Add an error state to the SelectAccountScreen to handle and display validation failures.
  • Update ReviewExportViewModel to rename importCredentialsRequest to importCredentialsRequestData for clarity.
  • Add a new string resource for the import request processing error message.

📸 Screenshots

image

Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/bitwarden/android/pull/5994 **Author:** [@SaintPatrck](https://github.com/SaintPatrck) **Created:** 10/8/2025 **Status:** ✅ Merged **Merged:** 10/8/2025 **Merged by:** [@SaintPatrck](https://github.com/SaintPatrck) **Base:** `main` ← **Head:** `cxf/app/validate-import-request` --- ### 📝 Commits (1) - [`fc61db8`](https://github.com/bitwarden/android/commit/fc61db8ed089b0dc18763dd5e4e7c385bfe47de1) [PM-26716] Validate credential exchange request ### 📊 Changes **18 files changed** (+391 additions, -34 deletions) <details> <summary>View changed files</summary> 📝 `app/src/main/kotlin/com/x8bit/bitwarden/ui/platform/composition/LocalManagerProvider.kt` (+6 -0) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/reviewexport/ReviewExportScreen.kt` (+1 -1) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/reviewexport/ReviewExportViewModel.kt` (+3 -3) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/selectaccount/SelectAccountScreen.kt` (+42 -0) 📝 `app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/selectaccount/SelectAccountViewModel.kt` (+84 -21) 📝 `app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/util/SpecialCircumstanceExtensionsTest.kt` (+3 -3) 📝 `app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/base/BitwardenComposeTest.kt` (+3 -0) 📝 `app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/SelectAccountScreenTest.kt` (+11 -0) 📝 `app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/SelectAccountViewModelTest.kt` (+91 -2) 📝 `app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/reviewexport/ReviewExportScreenTest.kt` (+1 -1) 📝 `app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/reviewexport/ReviewExportViewModelTest.kt` (+1 -1) 📝 `cxf/src/main/kotlin/com/bitwarden/cxf/importer/CredentialExchangeImporterImpl.kt` (+0 -2) ➕ `cxf/src/main/kotlin/com/bitwarden/cxf/ui/composition/LocalCredentialExchangeRequestValidatorProvider.kt` (+17 -0) ➕ `cxf/src/main/kotlin/com/bitwarden/cxf/validator/CredentialExchangeRequestValidator.kt` (+19 -0) ➕ `cxf/src/main/kotlin/com/bitwarden/cxf/validator/CredentialExchangeRequestValidatorImpl.kt` (+30 -0) ➕ `cxf/src/main/kotlin/com/bitwarden/cxf/validator/dsl/CredentialExchangeRequestValidatorBuilder.kt` (+49 -0) ➕ `cxf/src/test/kotlin/com/bitwarden/cxf/validator/CredentialExchangeRequestValidatorTest.kt` (+29 -0) 📝 `ui/src/main/res/values/strings.xml` (+1 -0) </details> ### 📄 Description ## 🎟️ Tracking PM-26716 ## 📔 Objective This commit introduces validation for incoming credential exchange requests to ensure they originate from a trusted source (Google Mobile Services). Previously, the app would immediately process any credential import request. This change adds a validation step at the beginning of the flow. If the request is not valid, an error screen is displayed to the user, preventing further processing. Specific changes: - Add `CredentialExchangeRequestValidator` to validate incoming import requests by checking the calling package. - Introduce a `CredentialExchangeRequestValidatorBuilder` and a corresponding DSL for easy instantiation. - Provide the validator via `LocalCredentialExchangeRequestValidator` CompositionLocal. - In `SelectAccountViewModel`, validate the request data upon initialization. If validation fails, transition to an error state. - Add an error state to the `SelectAccountScreen` to handle and display validation failures. - Update `ReviewExportViewModel` to rename `importCredentialsRequest` to `importCredentialsRequestData` for clarity. - Add a new string resource for the import request processing error message. ## 📸 Screenshots <img width="365" alt="image" src="https://github.com/user-attachments/assets/c76b0107-a1bb-42a8-aba2-ef62a0be2e13" /> ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Protected functional changes with optionality (feature flags) - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team ## 🦮 Reviewer guidelines <!-- Suggested interactions but feel free to use (or not) as you desire! --> - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-01 19:55:55 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#54435
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?