BIT-2261: Check if user has master password to determine default timeout action (#1289)

This commit is contained in:
David Perez 2024-04-19 09:11:09 -05:00 committed by Álison Fernandes
parent 2cf8b05a87
commit 1e9644bc8c
2 changed files with 69 additions and 21 deletions

View file

@ -324,16 +324,16 @@ class SettingsRepositoryImpl(
// Set Vault Settings defaults
if (!isVaultTimeoutActionSet(userId = userId)) {
storeVaultTimeout(userId, VaultTimeout.FifteenMinutes)
val hasTrustedDeviceEncryption = authDiskSource
val hasMasterPassword = authDiskSource
.userState
?.activeAccount
?.profile
?.userDecryptionOptions
?.trustedDeviceUserDecryptionOptions != null
?.hasMasterPassword != false
storeVaultTimeoutAction(
userId = userId,
vaultTimeoutAction = if (hasTrustedDeviceEncryption) {
// Always logout by default when using TDE
vaultTimeoutAction = if (!hasMasterPassword) {
// Always logout by default when there is no master password
VaultTimeoutAction.LOGOUT
} else {
VaultTimeoutAction.LOCK

View file

@ -115,7 +115,53 @@ class SettingsRepositoryTest {
@Suppress("MaxLineLength")
@Test
fun `setDefaultsIfNecessary should set LOGOUT default values for the given user if necessary`() {
fun `setDefaultsIfNecessary should set LOCK default values for the given user with a password if necessary`() {
fakeAuthDiskSource.userState = MOCK_USER_STATE.copy(
accounts = mapOf(
USER_ID to MOCK_ACCOUNT.copy(
profile = MOCK_PROFILE.copy(
userDecryptionOptions = MOCK_USER_DECRYPTION_OPTIONS.copy(
hasMasterPassword = true,
),
),
),
),
)
assertNull(fakeSettingsDiskSource.getVaultTimeoutInMinutes(userId = USER_ID))
assertNull(fakeSettingsDiskSource.getVaultTimeoutAction(userId = USER_ID))
settingsRepository.setDefaultsIfNecessary(userId = USER_ID)
// Calling once sets values
assertEquals(15, fakeSettingsDiskSource.getVaultTimeoutInMinutes(userId = USER_ID))
assertEquals(
VaultTimeoutAction.LOCK,
fakeSettingsDiskSource.getVaultTimeoutAction(userId = USER_ID),
)
// Updating the Vault settings values and calling setDefaultsIfNecessary again has no
// effect on the currently stored values.
fakeSettingsDiskSource.apply {
storeVaultTimeoutInMinutes(
userId = USER_ID,
vaultTimeoutInMinutes = 240,
)
storeVaultTimeoutAction(
userId = USER_ID,
vaultTimeoutAction = VaultTimeoutAction.LOCK,
)
}
settingsRepository.setDefaultsIfNecessary(userId = USER_ID)
assertEquals(240, fakeSettingsDiskSource.getVaultTimeoutInMinutes(userId = USER_ID))
assertEquals(
VaultTimeoutAction.LOCK,
fakeSettingsDiskSource.getVaultTimeoutAction(userId = USER_ID),
)
}
@Suppress("MaxLineLength")
@Test
fun `setDefaultsIfNecessary should set LOGOUT default values for the given user without a password if necessary`() {
fakeAuthDiskSource.userState = MOCK_USER_STATE
assertNull(fakeSettingsDiskSource.getVaultTimeoutInMinutes(userId = USER_ID))
assertNull(fakeSettingsDiskSource.getVaultTimeoutAction(userId = USER_ID))
@ -956,23 +1002,25 @@ private val MOCK_USER_DECRYPTION_OPTIONS: UserDecryptionOptionsJson = UserDecryp
keyConnectorUserDecryptionOptions = null,
)
private val MOCK_PROFILE = AccountJson.Profile(
userId = USER_ID,
email = "test@bitwarden.com",
isEmailVerified = true,
name = "Bitwarden Tester",
hasPremium = false,
stamp = null,
organizationId = null,
avatarColorHex = null,
forcePasswordResetReason = null,
kdfType = KdfTypeJson.ARGON2_ID,
kdfIterations = 600000,
kdfMemory = 16,
kdfParallelism = 4,
userDecryptionOptions = MOCK_USER_DECRYPTION_OPTIONS,
)
private val MOCK_ACCOUNT = AccountJson(
profile = AccountJson.Profile(
userId = USER_ID,
email = "test@bitwarden.com",
isEmailVerified = true,
name = "Bitwarden Tester",
hasPremium = false,
stamp = null,
organizationId = null,
avatarColorHex = null,
forcePasswordResetReason = null,
kdfType = KdfTypeJson.ARGON2_ID,
kdfIterations = 600000,
kdfMemory = 16,
kdfParallelism = 4,
userDecryptionOptions = MOCK_USER_DECRYPTION_OPTIONS,
),
profile = MOCK_PROFILE,
settings = AccountJson.Settings(
environmentUrlData = EnvironmentUrlDataJson.DEFAULT_US,
),