github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-03-09 03:33:36 -05:00
Code Issues 144 Packages Projects Releases 116 Wiki Activity

[PR #6133] PM-27902: Logout user after successful master password reset #6345

New Issue
Closed
opened 2025-11-27 00:22:34 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2025-11-27 00:22:34 -06:00
Owner
Copy Link

Original Pull Request: https://github.com/bitwarden/android/pull/6133

State: closed
Merged: Yes

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-27902

📔 Objective

Fixes a critical security issue where users remained logged in after updating their master password due to policy requirements. This allowed users to immediately access their vault with the new password without re-authentication, bypassing the security intent of forced password resets.

Root Cause

When AuthRepositoryImpl.resetPassword() succeeded, it cleared the forcePasswordResetReason flag but never triggered logout. The reactive navigation system (RootNavViewModel) detected that the reset reason was cleared and the vault was still unlocked, causing navigation to the vault screen instead of the login screen.

Solution

This fix removes the manual clearing of forcePasswordResetReason and instead calls logout() after the password update succeeds. The logout operation atomically clears all user state (including the reset reason) and forces re-authentication with the new password.

Additionally, a new LogoutReason.PasswordReset enum value was added to provide semantic clarity in audit logs and analytics, distinguishing password reset logouts from other security-related logout events.

Changes

  • AuthRepositoryImpl.kt: Replace manual state clearing with logout(LogoutReason.PasswordReset) call
  • LogoutReason.kt: Add PasswordReset enum value for audit trail clarity
  • AuthRepositoryTest.kt: Update test to verify logout is called with correct reason

Expected Flow After Fix

  1. User with weak password logs in → sees Reset Password screen
  2. User updates password → API call succeeds
  3. Repository updates stored password hash
  4. Repository calls logout(PasswordReset) → clears all user state
  5. User sees login screen
  6. User must re-authenticate with new password

📸 Screenshots

**Original Pull Request:** https://github.com/bitwarden/android/pull/6133 **State:** closed **Merged:** Yes --- ## 🎟️ Tracking https://bitwarden.atlassian.net/browse/PM-27902 ## 📔 Objective Fixes a critical security issue where users remained logged in after updating their master password due to policy requirements. This allowed users to immediately access their vault with the new password without re-authentication, bypassing the security intent of forced password resets. ### Root Cause When `AuthRepositoryImpl.resetPassword()` succeeded, it cleared the `forcePasswordResetReason` flag but never triggered logout. The reactive navigation system (`RootNavViewModel`) detected that the reset reason was cleared and the vault was still unlocked, causing navigation to the vault screen instead of the login screen. ### Solution This fix removes the manual clearing of `forcePasswordResetReason` and instead calls `logout()` after the password update succeeds. The logout operation atomically clears all user state (including the reset reason) and forces re-authentication with the new password. Additionally, a new `LogoutReason.PasswordReset` enum value was added to provide semantic clarity in audit logs and analytics, distinguishing password reset logouts from other security-related logout events. ### Changes - **AuthRepositoryImpl.kt**: Replace manual state clearing with `logout(LogoutReason.PasswordReset)` call - **LogoutReason.kt**: Add `PasswordReset` enum value for audit trail clarity - **AuthRepositoryTest.kt**: Update test to verify logout is called with correct reason ### Expected Flow After Fix 1. User with weak password logs in → sees Reset Password screen 2. User updates password → API call succeeds 3. Repository updates stored password hash 4. Repository calls `logout(PasswordReset)` → clears all user state 5. User sees login screen 6. User must re-authenticate with new password ✅ ## 📸 Screenshots <video src="https://github.com/user-attachments/assets/50c108b4-be36-4d6f-9f5e-0c10cd90a7e8" /> ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Protected functional changes with optionality (feature flags) - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team ## 🦮 Reviewer guidelines <!-- Suggested interactions but feel free to use (or not) as you desire! --> - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes
GiteaMirror added the pull-request label 2025-11-27 00:22:34 -06:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#6345
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?