[PM-20549] Refactor network layer to use BitwardenServiceClient

Introduce `BitwardenServiceClient` as the primary access point for Bitwarden services.

Key changes include:

-   **`BitwardenServiceClient`:** Introduced `BitwardenServiceClient` and its implementation `BitwardenServiceClientImpl`. This class centralizes access to all Bitwarden API services and handles the underlying networking logic.
-   **Service Consolidation:** All network service interfaces (e.g., `AccountsService`, `ConfigService`, etc.) are now accessed through the `BitwardenServiceClient`.
-   **`BitwardenServiceClientConfig`:** Added `BitwardenServiceClientConfig` to provide a structured way to configure the `BitwardenServiceClient`, including client data, authentication, and other settings.
-   **`RefreshTokenProvider`:** Introduced `RefreshTokenProvider` and `AppIdProvider` interfaces for handling refresh tokens and app IDs, respectively.
-   **`RefreshAuthenticator`:** Created `RefreshAuthenticator` to manage token refresh logic using `RefreshTokenProvider`.
-   **Retrofit Refactoring:** Moved `Retrofits` and `RetrofitsImpl` to the `network` module. `RetrofitsImpl` now supports an optional `RefreshAuthenticator`.
-   **Module Updates:**
    -   Moved `JwtTokenUtils`, `Retrofits`, `BitwardenX509ExtendedKeyManager` to the `network` module.
    - Updated `AuthDiskSource` to implement `AppIdProvider`.
    - Updated `AuthenticatorProvider` to implement `RefreshTokenProvider`.
    - Updated `Fido2NetworkModule` to use `BitwardenServiceClient`.
-   **Usage Updates:** Updated dependent modules (e.g., `authenticator`, `app`) to use the new `BitwardenServiceClient` and its services.
-   **Dependencies:** Updated dependencies between modules to reflect the changes.
- **AppId provider:** Added `AppIdProvider` and the logic to generate unique appId in `AuthDiskSource`.

Author: SaintPatrck

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSource.kt

@@ -1,6 +1,7 @@
 package com.x8bit.bitwarden.data.auth.datasource.disk
 
 import com.bitwarden.network.model.SyncResponseJson
+import com.bitwarden.network.provider.AppIdProvider
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountTokensJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.PendingAuthRequestJson
@@ -12,21 +13,14 @@ import java.time.Instant
  * Primary access point for disk information.
  */
 @Suppress("TooManyFunctions")
-interface AuthDiskSource {
+interface AuthDiskSource : AppIdProvider {
 
     /**
      * The currently persisted authenticator sync symmetric key. This key is used for
      * encrypting IPC traffic.
      */
     var authenticatorSyncSymmetricKey: ByteArray?
 
-    /**
-     * Retrieves a unique ID for the application that is stored locally. This will generate a new
-     * one if it does not yet exist and it will only be reset for new installs or when clearing
-     * application data.
-     */
-    val uniqueAppId: String
-
     /**
      * The currently persisted saved email address (or `null` if not set).
      */

app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/di/AuthNetworkModule.kt

@@ -1,26 +1,17 @@
 package com.x8bit.bitwarden.data.auth.datasource.network.di
 
+import com.bitwarden.network.BitwardenServiceClient
 import com.bitwarden.network.service.AccountsService
-import com.bitwarden.network.service.AccountsServiceImpl
 import com.bitwarden.network.service.AuthRequestsService
-import com.bitwarden.network.service.AuthRequestsServiceImpl
 import com.bitwarden.network.service.DevicesService
-import com.bitwarden.network.service.DevicesServiceImpl
 import com.bitwarden.network.service.HaveIBeenPwnedService
-import com.bitwarden.network.service.HaveIBeenPwnedServiceImpl
 import com.bitwarden.network.service.IdentityService
-import com.bitwarden.network.service.IdentityServiceImpl
 import com.bitwarden.network.service.NewAuthRequestService
-import com.bitwarden.network.service.NewAuthRequestServiceImpl
 import com.bitwarden.network.service.OrganizationService
-import com.bitwarden.network.service.OrganizationServiceImpl
-import com.x8bit.bitwarden.data.platform.datasource.network.retrofit.Retrofits
 import dagger.Module
 import dagger.Provides
 import dagger.hilt.InstallIn
 import dagger.hilt.components.SingletonComponent
-import kotlinx.serialization.json.Json
-import retrofit2.create
 import javax.inject.Singleton
 
 /**
@@ -33,70 +24,42 @@ object AuthNetworkModule {
     @Provides
     @Singleton
     fun providesAccountService(
-        retrofits: Retrofits,
-        json: Json,
-    ): AccountsService = AccountsServiceImpl(
-        unauthenticatedAccountsApi = retrofits.unauthenticatedApiRetrofit.create(),
-        authenticatedAccountsApi = retrofits.authenticatedApiRetrofit.create(),
-        unauthenticatedKeyConnectorApi = retrofits.createStaticRetrofit().create(),
-        authenticatedKeyConnectorApi = retrofits
-            .createStaticRetrofit(isAuthenticated = true)
-            .create(),
-        json = json,
-    )
+        bitwardenServiceClient: BitwardenServiceClient,
+    ): AccountsService = bitwardenServiceClient.accountsService
 
     @Provides
     @Singleton
     fun providesAuthRequestsService(
-        retrofits: Retrofits,
-    ): AuthRequestsService = AuthRequestsServiceImpl(
-        authenticatedAuthRequestsApi = retrofits.authenticatedApiRetrofit.create(),
-    )
+        bitwardenServiceClient: BitwardenServiceClient,
+    ): AuthRequestsService = bitwardenServiceClient.authRequestsService
 
     @Provides
     @Singleton
     fun providesDevicesService(
-        retrofits: Retrofits,
-    ): DevicesService = DevicesServiceImpl(
-        authenticatedDevicesApi = retrofits.authenticatedApiRetrofit.create(),
-        unauthenticatedDevicesApi = retrofits.unauthenticatedApiRetrofit.create(),
-    )
+        bitwardenServiceClient: BitwardenServiceClient,
+    ): DevicesService = bitwardenServiceClient.devicesService
 
     @Provides
     @Singleton
     fun providesIdentityService(
-        retrofits: Retrofits,
-        json: Json,
-    ): IdentityService = IdentityServiceImpl(
-        unauthenticatedIdentityApi = retrofits.unauthenticatedIdentityRetrofit.create(),
-        json = json,
-    )
+        bitwardenServiceClient: BitwardenServiceClient,
+    ): IdentityService = bitwardenServiceClient.identityService
 
     @Provides
     @Singleton
     fun providesHaveIBeenPwnedService(
-        retrofits: Retrofits,
-    ): HaveIBeenPwnedService = HaveIBeenPwnedServiceImpl(
-        api = retrofits
-            .createStaticRetrofit(baseUrl = "https://api.pwnedpasswords.com")
-            .create(),
-    )
+        bitwardenServiceClient: BitwardenServiceClient,
+    ): HaveIBeenPwnedService = bitwardenServiceClient.haveIBeenPwnedService
 
     @Provides
     @Singleton
     fun providesNewAuthRequestService(
-        retrofits: Retrofits,
-    ): NewAuthRequestService = NewAuthRequestServiceImpl(
-        authenticatedAuthRequestsApi = retrofits.authenticatedApiRetrofit.create(),
-        unauthenticatedAuthRequestsApi = retrofits.unauthenticatedApiRetrofit.create(),
-    )
+        bitwardenServiceClient: BitwardenServiceClient,
+    ): NewAuthRequestService = bitwardenServiceClient.newAuthRequestService
 
     @Provides
     @Singleton
     fun providesOrganizationService(
-        retrofits: Retrofits,
-    ): OrganizationService = OrganizationServiceImpl(
-        authenticatedOrganizationApi = retrofits.authenticatedApiRetrofit.create(),
-        unauthenticatedOrganizationApi = retrofits.unauthenticatedApiRetrofit.create(),
-    )
+        bitwardenServiceClient: BitwardenServiceClient,
+    ): OrganizationService = bitwardenServiceClient.organizationService
 }

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt

@@ -402,7 +402,11 @@ class AuthRepositoryImpl(
             .syncOrgKeysFlow
             .onEach {
                 val userId = activeUserId ?: return@onEach
-                refreshAccessTokenSynchronously(userId)
+                // TODO: [PM-20593] Investigate why tokens are explicitly refreshed.
+                refreshAccessTokenSynchronouslyInternal(
+                    userId = userId,
+                    logOutOnFailure = false,
+                )
                 vaultRepository.sync()
             }
             // This requires the ioScope to ensure that refreshAccessTokenSynchronously
@@ -755,33 +759,11 @@ class AuthRepositoryImpl(
         orgIdentifier = organizationIdentifier,
     )
 
-    override fun refreshAccessTokenSynchronously(userId: String): Result<RefreshTokenResponseJson> {
-        val refreshToken = authDiskSource
-            .getAccountTokens(userId = userId)
-            ?.refreshToken
-            ?: return IllegalStateException("Must be logged in.").asFailure()
-        return identityService
-            .refreshTokenSynchronously(refreshToken)
-            .flatMap { refreshTokenResponse ->
-                // Check to make sure the user is still logged in after making the request
-                authDiskSource
-                    .userState
-                    ?.accounts
-                    ?.get(userId)
-                    ?.let { refreshTokenResponse.asSuccess() }
-                    ?: IllegalStateException("Must be logged in.").asFailure()
-            }
-            .onSuccess { refreshTokenResponse ->
-                // Update the existing UserState with updated token information
-                authDiskSource.storeAccountTokens(
-                    userId = userId,
-                    accountTokens = AccountTokensJson(
-                        accessToken = refreshTokenResponse.accessToken,
-                        refreshToken = refreshTokenResponse.refreshToken,
-                    ),
-                )
-            }
-    }
+    override fun refreshAccessTokenSynchronously(userId: String): Result<RefreshTokenResponseJson> =
+        refreshAccessTokenSynchronouslyInternal(
+            userId = userId,
+            logOutOnFailure = true,
+        )
 
     override fun logout(reason: LogoutReason) {
         activeUserId?.let { userId -> logout(userId = userId, reason = reason) }
@@ -1433,6 +1415,42 @@ class AuthRepositoryImpl(
             onFailure = { LeaveOrganizationResult.Error(error = it) },
         )
 
+    private fun refreshAccessTokenSynchronouslyInternal(
+        userId: String,
+        logOutOnFailure: Boolean,
+    ): Result<RefreshTokenResponseJson> {
+        val refreshToken = authDiskSource
+            .getAccountTokens(userId = userId)
+            ?.refreshToken
+            ?: return IllegalStateException("Must be logged in.").asFailure()
+        return identityService
+            .refreshTokenSynchronously(refreshToken)
+            .flatMap { refreshTokenResponse ->
+                // Check to make sure the user is still logged in after making the request
+                authDiskSource
+                    .userState
+                    ?.accounts
+                    ?.get(userId)
+                    ?.let { refreshTokenResponse.asSuccess() }
+                    ?: IllegalStateException("Must be logged in.").asFailure()
+            }
+            .onFailure {
+                if (logOutOnFailure) {
+                    logout(userId = userId, reason = LogoutReason.TokenRefreshFail)
+                }
+            }
+            .onSuccess { refreshTokenResponse ->
+                // Update the existing UserState with updated token information
+                authDiskSource.storeAccountTokens(
+                    userId = userId,
+                    accountTokens = AccountTokensJson(
+                        accessToken = refreshTokenResponse.accessToken,
+                        refreshToken = refreshTokenResponse.refreshToken,
+                    ),
+                )
+            }
+    }
+
     @Suppress("CyclomaticComplexMethod")
     private suspend fun validatePasswordAgainstPolicy(
         password: String,

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/GetTokenResponseExtensions.kt

@@ -2,6 +2,7 @@ package com.x8bit.bitwarden.data.auth.repository.util
 
 import com.bitwarden.data.datasource.disk.model.EnvironmentUrlDataJson
 import com.bitwarden.network.model.GetTokenResponseJson
+import com.bitwarden.network.util.parseJwtTokenDataOrNull
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.AccountJson
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.ForcePasswordResetReason
 import com.x8bit.bitwarden.data.auth.datasource.disk.model.UserStateJson

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/datasource/network/di/Fido2NetworkModule.kt

@@ -1,13 +1,11 @@
 package com.x8bit.bitwarden.data.autofill.fido2.datasource.network.di
 
+import com.bitwarden.network.BitwardenServiceClient
 import com.bitwarden.network.service.DigitalAssetLinkService
-import com.bitwarden.network.service.DigitalAssetLinkServiceImpl
-import com.x8bit.bitwarden.data.platform.datasource.network.retrofit.Retrofits
 import dagger.Module
 import dagger.Provides
 import dagger.hilt.InstallIn
 import dagger.hilt.components.SingletonComponent
-import retrofit2.create
 import javax.inject.Singleton
 
 /**
@@ -20,11 +18,7 @@ object Fido2NetworkModule {
     @Provides
     @Singleton
     fun provideDigitalAssetLinkService(
-        retrofits: Retrofits,
+        bitwardenServiceClient: BitwardenServiceClient,
     ): DigitalAssetLinkService =
-        DigitalAssetLinkServiceImpl(
-            digitalAssetLinkApi = retrofits
-                .createStaticRetrofit()
-                .create(),
-        )
+        bitwardenServiceClient.digitalAssetLinkService
 }

app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/authenticator/AuthenticatorProvider.kt

@@ -1,12 +1,12 @@
 package com.x8bit.bitwarden.data.platform.datasource.network.authenticator
 
-import com.bitwarden.network.model.RefreshTokenResponseJson
+import com.bitwarden.network.provider.RefreshTokenProvider
 import com.x8bit.bitwarden.data.auth.repository.model.LogoutReason
 
 /**
  * A provider for all the functionality needed to properly refresh the users access token.
  */
-interface AuthenticatorProvider {
+interface AuthenticatorProvider : RefreshTokenProvider {
 
     /**
      * The currently active user's ID.
@@ -17,12 +17,4 @@ interface AuthenticatorProvider {
      * Attempts to logout the user based on the [userId].
      */
     fun logout(userId: String, reason: LogoutReason)
-
-    /**
-     * Attempt to refresh the user's access token based on the [userId].
-     *
-     * This call is both synchronous and performs a network request. Make sure that you are calling
-     * from an appropriate thread.
-     */
-    fun refreshAccessTokenSynchronously(userId: String): Result<RefreshTokenResponseJson>
 }