BIT-1898: Two-factor auth should have access to device data if available (#1054)

2025-03-15 18:58:59 +03:00 · 2024-02-22 14:05:13 -06:00 · 2024-02-22 14:05:13 -06:00 · c0c88f5108
commit c0c88f5108
parent f03d40d5d7
2 changed files with 25 additions and 0 deletions
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt
@ -129,6 +129,12 @@ class AuthRepositoryImpl(
     */
    private var identityTokenAuthModel: IdentityTokenAuthModel? = null

+    /**
+     * The device auth information to unlock the vault when logging in with device in the case
+     * of two-factor authentication.
+     */
+    private var twoFactorDeviceData: DeviceDataModel? = null
+
    /**
     * The information necessary to resend the verification code email for two-factor login.
     */
@ -381,6 +387,7 @@ class AuthRepositoryImpl(
                authModel = it,
                twoFactorData = twoFactorData,
                captchaToken = captchaToken ?: twoFactorResponse?.captchaToken,
+                deviceData = twoFactorDeviceData,
            )
        }
        ?: LoginResult.Error(errorMessage = null)
@ -431,6 +438,7 @@ class AuthRepositoryImpl(
                        // Cache the data necessary for the remaining two-factor auth flow.
                        identityTokenAuthModel = authModel
                        twoFactorResponse = loginResponse
+                        twoFactorDeviceData = deviceData
                        resendEmailRequestJson = ResendEmailRequestJson(
                            deviceIdentifier = authDiskSource.uniqueAppId,
                            email = email,
@ -468,6 +476,7 @@ class AuthRepositoryImpl(
                        identityTokenAuthModel = null
                        twoFactorResponse = null
                        resendEmailRequestJson = null
+                        twoFactorDeviceData = null

                        // Attempt to unlock the vault with password if possible.
                        password?.let {
--- a/app/src/test/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryTest.kt
+++ b/app/src/test/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryTest.kt
@ -1532,6 +1532,22 @@ class AuthRepositoryTest {
                environmentUrlData = EnvironmentUrlDataJson.DEFAULT_US,
            )
        } returns SINGLE_USER_STATE_1
+        coEvery {
+            vaultRepository.unlockVault(
+                userId = SINGLE_USER_STATE_1.activeUserId,
+                email = SINGLE_USER_STATE_1.activeAccount.profile.email,
+                kdf = SINGLE_USER_STATE_1.activeAccount.profile.toSdkParams(),
+                privateKey = successResponse.privateKey,
+                initUserCryptoMethod = InitUserCryptoMethod.AuthRequest(
+                    requestPrivateKey = DEVICE_REQUEST_PRIVATE_KEY,
+                    method = AuthRequestMethod.MasterKey(
+                        protectedMasterKey = DEVICE_ASYMMETRICAL_KEY,
+                        authRequestKey = successResponse.key,
+                    ),
+                ),
+                organizationKeys = null,
+            )
+        } returns VaultUnlockResult.Success
        val finalResult = repository.login(
            email = EMAIL,
            password = null,