From cbb2050f1061637c6ca34bcf5f1ed8fadcf06ae7 Mon Sep 17 00:00:00 2001
From: David Perez <david@livefront.com>
Date: Tue, 14 May 2024 13:28:24 -0500
Subject: [PATCH] BIT-2318: Master password leak (#1372)

---
 .../auth/feature/vaultunlock/VaultUnlockViewModel.kt   | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/vaultunlock/VaultUnlockViewModel.kt b/app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/vaultunlock/VaultUnlockViewModel.kt
index e4b0ebcb6..dc394247d 100644
--- a/app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/vaultunlock/VaultUnlockViewModel.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/vaultunlock/VaultUnlockViewModel.kt
@@ -27,6 +27,7 @@ import kotlinx.coroutines.flow.launchIn
 import kotlinx.coroutines.flow.onEach
 import kotlinx.coroutines.flow.update
 import kotlinx.coroutines.launch
+import kotlinx.parcelize.IgnoredOnParcel
 import kotlinx.parcelize.Parcelize
 import javax.crypto.Cipher
 import javax.inject.Inject
@@ -39,12 +40,13 @@ private const val KEY_STATE = "state"
 @Suppress("TooManyFunctions")
 @HiltViewModel
 class VaultUnlockViewModel @Inject constructor(
-    private val savedStateHandle: SavedStateHandle,
     private val authRepository: AuthRepository,
     private val vaultRepo: VaultRepository,
     private val biometricsEncryptionManager: BiometricsEncryptionManager,
     environmentRepo: EnvironmentRepository,
+    savedStateHandle: SavedStateHandle,
 ) : BaseViewModel<VaultUnlockState, VaultUnlockEvent, VaultUnlockAction>(
+    // We load the state from the savedStateHandle for testing purposes.
     initialState = savedStateHandle[KEY_STATE] ?: run {
         val userState = requireNotNull(authRepository.userStateFlow.value)
         val trustedDevice = userState.activeAccount.trustedDevice
@@ -81,9 +83,6 @@ class VaultUnlockViewModel @Inject constructor(
     },
 ) {
     init {
-        stateFlow
-            .onEach { savedStateHandle[KEY_STATE] = it }
-            .launchIn(viewModelScope)
         environmentRepo
             .environmentStateFlow
             .onEach { environment ->
@@ -329,7 +328,8 @@ data class VaultUnlockState(
     val email: String,
     val environmentUrl: String,
     val dialog: VaultUnlockDialog?,
-    val input: String,
+    // We never want this saved since the input is sensitive data.
+    @IgnoredOnParcel val input: String = "",
     val isBiometricsValid: Boolean,
     val isBiometricEnabled: Boolean,
     val showAccountMenu: Boolean,