Merge branch 'main' into pm-8217/new-device-notice-ui

Author: andrebispo5

.github/CODEOWNERS

@@ -5,7 +5,7 @@
 # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners
 
 # Default file owners.
-* @bitwarden/team-android @brian-livefront @david-livefront @dseverns-livefront @ahaisting-livefront
+* @bitwarden/team-android @brian-livefront @david-livefront @dseverns-livefront @ahaisting-livefront @phil-livefront
 
 # Actions and workflow changes.
 .github/ @bitwarden/dept-development-mobile

.github/workflows/build.yml

@@ -460,6 +460,10 @@ jobs:
           distribution: "temurin"
           java-version: ${{ env.JAVA_VERSION }}
 
+      - name: Update app CI Build info
+        run: |
+          ./Scripts/update_app_ci_build_info.sh $GITHUB_REPOSITORY $GITHUB_REF_NAME $GITHUB_SHA $GITHUB_RUN_ID $GITHUB_RUN_ATTEMPT
+
       # Start from 11000 to prevent collisions with mobile build version codes
       - name: Increment version
         run: |

app/build.gradle.kts

@@ -68,7 +68,7 @@ android {
         buildConfigField(
             type = "String",
             name = "CI_INFO",
-            value = "\"${ciProperties.getOrDefault("ci.info", "local")}\""
+            value = "${ciProperties.getOrDefault("ci.info", "\"local\"")}"
         )
     }
 

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt

@@ -94,6 +94,7 @@ import com.x8bit.bitwarden.data.auth.util.KdfParamsConstants.DEFAULT_PBKDF2_ITER
 import com.x8bit.bitwarden.data.auth.util.YubiKeyResult
 import com.x8bit.bitwarden.data.auth.util.toSdkParams
 import com.x8bit.bitwarden.data.platform.datasource.disk.ConfigDiskSource
+import com.x8bit.bitwarden.data.platform.datasource.network.util.isSslHandShakeError
 import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
 import com.x8bit.bitwarden.data.platform.manager.FirstTimeActionManager
 import com.x8bit.bitwarden.data.platform.manager.LogsManager
@@ -624,7 +625,12 @@ class AuthRepositoryImpl(
             )
         }
         .fold(
-            onFailure = { LoginResult.Error(errorMessage = null) },
+            onFailure = { throwable ->
+                when {
+                    throwable.isSslHandShakeError() -> LoginResult.CertificateError
+                    else -> LoginResult.Error(errorMessage = null)
+                }
+            },
             onSuccess = { it },
         )
 
@@ -1491,9 +1497,12 @@ class AuthRepositoryImpl(
             captchaToken = captchaToken,
         )
         .fold(
-            onFailure = {
-                when (configDiskSource.serverConfig?.isOfficialBitwardenServer) {
-                    false -> LoginResult.UnofficialServerError
+            onFailure = { throwable ->
+                when {
+                    throwable.isSslHandShakeError() -> LoginResult.CertificateError
+                    configDiskSource.serverConfig?.isOfficialBitwardenServer == false -> {
+                        LoginResult.UnofficialServerError
+                    }
                     else -> LoginResult.Error(errorMessage = null)
                 }
             },

app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LoginResult.kt

@@ -28,4 +28,9 @@ sealed class LoginResult {
      * There was an error while logging into an unofficial Bitwarden server.
      */
     data object UnofficialServerError : LoginResult()
+
+    /**
+     * There was an error in validating the certificate chain for the server
+     */
+    data object CertificateError : LoginResult()
 }

app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/util/NetworkUtils.kt

@@ -3,7 +3,9 @@ package com.x8bit.bitwarden.data.platform.datasource.network.util
 import okio.ByteString.Companion.decodeBase64
 import java.net.UnknownHostException
 import java.nio.charset.Charset
+import java.security.cert.CertPathValidatorException
 import java.util.Base64
+import javax.net.ssl.SSLHandshakeException
 
 /**
  * Base 64 encode the string as well as make special modifications required by the backend:
@@ -41,3 +43,12 @@ fun Throwable?.isNoConnectionError(): Boolean {
     return this is UnknownHostException ||
         this?.cause?.isNoConnectionError() ?: false
 }
+
+/**
+ * Returns true if the throwable represents a SSL handshake error.
+ */
+fun Throwable?.isSslHandShakeError(): Boolean {
+    return this is SSLHandshakeException ||
+        this is CertPathValidatorException ||
+        this?.cause?.isSslHandShakeError() ?: false
+}

app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/enterprisesignon/EnterpriseSignOnViewModel.kt

@@ -194,6 +194,17 @@ class EnterpriseSignOnViewModel @Inject constructor(
                     ),
                 )
             }
+
+            LoginResult.CertificateError -> {
+                mutableStateFlow.update {
+                    it.copy(
+                        dialogState = EnterpriseSignOnState.DialogState.Error(
+                            title = R.string.an_error_has_occurred.asText(),
+                            message = R.string.we_couldnt_verify_the_servers_certificate.asText(),
+                        ),
+                    )
+                }
+            }
         }
     }
 

app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/login/LoginViewModel.kt

@@ -191,6 +191,17 @@ class LoginViewModel @Inject constructor(
             is LoginResult.Success -> {
                 mutableStateFlow.update { it.copy(dialogState = null) }
             }
+
+            LoginResult.CertificateError -> {
+                mutableStateFlow.update {
+                    it.copy(
+                        dialogState = LoginState.DialogState.Error(
+                            title = R.string.an_error_has_occurred.asText(),
+                            message = R.string.we_couldnt_verify_the_servers_certificate.asText(),
+                        ),
+                    )
+                }
+            }
         }
     }
 
@@ -302,7 +313,7 @@ data class LoginState(
          */
         @Parcelize
         data class Error(
-            val title: Text?,
+            val title: Text? = null,
             val message: Text,
         ) : DialogState()
 

app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/loginwithdevice/LoginWithDeviceViewModel.kt

@@ -256,6 +256,17 @@ class LoginWithDeviceViewModel @Inject constructor(
                 sendEvent(LoginWithDeviceEvent.ShowToast(R.string.login_approved.asText()))
                 mutableStateFlow.update { it.copy(dialogState = null) }
             }
+
+            LoginResult.CertificateError -> {
+                mutableStateFlow.update {
+                    it.copy(
+                        dialogState = LoginWithDeviceState.DialogState.Error(
+                            title = R.string.an_error_has_occurred.asText(),
+                            message = R.string.we_couldnt_verify_the_servers_certificate.asText(),
+                        ),
+                    )
+                }
+            }
         }
     }
 
@@ -452,7 +463,7 @@ data class LoginWithDeviceState(
          */
         @Parcelize
         data class Error(
-            val title: Text?,
+            val title: Text? = null,
             val message: Text,
         ) : DialogState()
     }

app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/twofactorlogin/TwoFactorLoginViewModel.kt

@@ -323,6 +323,16 @@ class TwoFactorLoginViewModel @Inject constructor(
 
             // NO-OP: Let the auth flow handle navigation after this.
             is LoginResult.Success -> Unit
+            LoginResult.CertificateError -> {
+                mutableStateFlow.update {
+                    it.copy(
+                        dialogState = TwoFactorLoginState.DialogState.Error(
+                            title = R.string.an_error_has_occurred.asText(),
+                            message = R.string.we_couldnt_verify_the_servers_certificate.asText(),
+                        ),
+                    )
+                }
+            }
         }
     }
 

app/src/main/java/com/x8bit/bitwarden/ui/platform/feature/settings/about/AboutViewModel.kt

@@ -1,5 +1,6 @@
 package com.x8bit.bitwarden.ui.platform.feature.settings.about
 
+import android.os.Build
 import android.os.Parcelable
 import androidx.lifecycle.SavedStateHandle
 import androidx.lifecycle.viewModelScope
@@ -91,8 +92,34 @@ class AboutViewModel @Inject constructor(
     }
 
     private fun handleVersionClick() {
+        val buildFlavour = when (BuildConfig.FLAVOR) {
+            "standard" -> ""
+            else -> "-${BuildConfig.FLAVOR}"
+        }
+
+        val buildVariant = when (BuildConfig.BUILD_TYPE) {
+            "debug" -> "dev"
+            "release" -> "prod"
+            else -> BuildConfig.BUILD_TYPE
+        }
+
+        val deviceBrandModel = "\uD83D\uDCF1 ${Build.BRAND} ${Build.MODEL}"
+        val osInfo = "\uD83E\uDD16 ${Build.VERSION.RELEASE}@${Build.VERSION.SDK_INT}"
+        val buildInfo = "\uD83D\uDCE6 $buildVariant$buildFlavour"
+        val ciBuildInfoString = BuildConfig.CI_INFO
+
         clipboardManager.setText(
-            text = state.copyrightInfo.concat("\n\n".asText()).concat(state.version),
+            text = state.copyrightInfo
+                .concat("\n\n".asText())
+                .concat(state.version)
+                .concat("\n".asText())
+                .concat("$deviceBrandModel $osInfo $buildInfo".asText())
+                .concat(
+                    "\n$ciBuildInfoString"
+                        .takeUnless { ciBuildInfoString.isEmpty() }
+                        .orEmpty()
+                        .asText(),
+                ),
         )
     }
 

app/src/main/res/values/strings.xml

@@ -1118,4 +1118,5 @@ Do you want to switch to this account?</string>
   <string name="need_some_inspiration">"Need some inspiration?"</string>
   <string name="check_out_the_passphrase_generator">"Check out the passphrase generator"</string>
   <string name="copied_to_clipboard">Copied to clipboard.</string>
+  <string name="we_couldnt_verify_the_servers_certificate">We couldn’t verify the server’s certificate. The certificate chain or proxy settings on your device or your Bitwarden server may not be set up correctly.</string>
 </resources>

app/src/test/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryTest.kt

@@ -152,6 +152,7 @@ import org.junit.jupiter.api.Assertions.assertTrue
 import org.junit.jupiter.api.BeforeEach
 import org.junit.jupiter.api.Test
 import java.time.ZonedDateTime
+import javax.net.ssl.SSLHandshakeException
 
 @Suppress("LargeClass")
 class AuthRepositoryTest {
@@ -1510,6 +1511,43 @@ class AuthRepositoryTest {
             coVerify { identityService.preLogin(email = EMAIL) }
         }
 
+    @Suppress("MaxLineLength")
+    @Test
+    fun `login get token fails should return CertificateError when SSLHandshakeException is thrown`() =
+        runTest {
+            coEvery {
+                identityService.preLogin(email = EMAIL)
+            } returns PRE_LOGIN_SUCCESS.asSuccess()
+            coEvery {
+                identityService.getToken(
+                    email = EMAIL,
+                    authModel = IdentityTokenAuthModel.MasterPassword(
+                        username = EMAIL,
+                        password = PASSWORD_HASH,
+                    ),
+                    captchaToken = null,
+                    uniqueAppId = UNIQUE_APP_ID,
+                )
+            } returns SSLHandshakeException("error").asFailure()
+            val result = repository.login(email = EMAIL, password = PASSWORD, captchaToken = null)
+            assertEquals(LoginResult.CertificateError, result)
+            assertEquals(AuthState.Unauthenticated, repository.authStateFlow.value)
+            coVerify { identityService.preLogin(email = EMAIL) }
+        }
+
+    @Suppress("MaxLineLength")
+    @Test
+    fun `prelogin fails should return CertificateError when SSLHandshakeException is thrown`() =
+        runTest {
+            coEvery {
+                identityService.preLogin(email = EMAIL)
+            } returns SSLHandshakeException("error").asFailure()
+            val result = repository.login(email = EMAIL, password = PASSWORD, captchaToken = null)
+            assertEquals(LoginResult.CertificateError, result)
+            assertEquals(AuthState.Unauthenticated, repository.authStateFlow.value)
+            coVerify { identityService.preLogin(email = EMAIL) }
+        }
+
     @Test
     fun `login get token returns Invalid should return Error with correct message`() = runTest {
         coEvery {

app/src/test/java/com/x8bit/bitwarden/data/platform/datasource/network/util/NetworkUtilsTest.kt

@@ -4,6 +4,8 @@ import org.junit.jupiter.api.Assertions.assertEquals
 import org.junit.jupiter.api.Assertions.assertNull
 import org.junit.jupiter.api.Test
 import java.net.UnknownHostException
+import java.security.cert.CertPathValidatorException
+import javax.net.ssl.SSLHandshakeException
 
 class NetworkUtilsTest {
     @Test
@@ -57,4 +59,37 @@ class NetworkUtilsTest {
             IllegalStateException().isNoConnectionError(),
         )
     }
+
+    @Test
+    fun `isSslHandshakeError should return return true for SSLHandshakeException`() {
+        assertEquals(
+            true,
+            SSLHandshakeException("whoops").isSslHandShakeError(),
+        )
+    }
+
+    @Test
+    fun `isSslHandshakeError should return return true for CertPathValidatorException`() {
+        assertEquals(
+            true,
+            CertPathValidatorException("whoops").isSslHandShakeError(),
+        )
+    }
+
+    @Suppress("MaxLineLength")
+    @Test
+    fun `isSslHandshakeError should return return true if exceptions cause is SSLHandshakeException`() {
+        assertEquals(
+            true,
+            Exception(SSLHandshakeException("whoops")).isSslHandShakeError(),
+        )
+    }
+
+    @Test
+    fun `isSslHandshakeError should return return false for not IllegalStateException`() {
+        assertEquals(
+            false,
+            IllegalStateException().isSslHandShakeError(),
+        )
+    }
 }