Skip to content

[PM-18210] Cipher key encryption error handling #5611

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 26 commits into
base: main
Choose a base branch
from
Open

[PM-18210] Cipher key encryption error handling #5611

wants to merge 26 commits into from

Conversation

andrebispo5
Copy link
Contributor

@andrebispo5 andrebispo5 commented Jul 29, 2025
edited
Loading

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-18210

📔 Objective

After the user navigates to their vault view

If there is a corrupt cipher:

  • replace cipher name with “[error: failed to decrypt]”
  • show dialog alert with share option

If user selects the corrupt cipher

  • reopen the simple dialog alert with share option for the selected cipher

📸 Screenshots

Screen.Recording.2025-07-29.at.14.28.54.mov
Screen.Recording.2025-07-29.at.22.55.59.mov

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 29, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsf896f6bc-c8b6-4a5d-abed-43fe0571bb8f

Great job! No new security vulnerabilities introduced in this pull request

SaintPatrck
SaintPatrck reviewed Jul 29, 2025
View reviewed changes
andrebispo5 added 11 commits July 29, 2025 16:20
@codecov Codecov
Copy link

codecov bot commented Jul 30, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 92.38754% with 22 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.91%. Comparing base (2fa9ea1) to head (2331fcd).
⚠️ Report is 11 commits behind head on main.

Files with missing lines Patch % Lines
.../vault/repository/util/VaultSdkCipherExtensions.kt 88.57% 3 Missing and 1 partial ⚠️
...t/bitwarden/ui/vault/feature/vault/VaultContent.kt 42.85% 2 Missing and 2 partials ⚠️
...bitwarden/ui/vault/feature/vault/VaultViewModel.kt 93.65% 3 Missing and 1 partial ⚠️
...ui/vault/feature/vault/util/VaultDataExtensions.kt 95.16% 3 Missing ⚠️
...ult/feature/itemlisting/VaultItemListingContent.kt 66.66% 1 Missing and 1 partial ⚠️
...t/feature/itemlisting/VaultItemListingViewModel.kt 90.90% 1 Missing and 1 partial ⚠️
...itemlisting/util/VaultItemListingDataExtensions.kt 95.65% 0 Missing and 2 partials ⚠️
...ault/feature/itemlisting/VaultItemListingScreen.kt 93.33% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5611      +/-   ##
==========================================
+ Coverage   83.86%   83.91%   +0.04%     
==========================================
  Files         696      696              
  Lines       52703    52960     +257     
  Branches     7216     7243      +27     
==========================================
+ Hits        44200    44439     +239     
- Misses       5975     5988      +13     
- Partials     2528     2533       +5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@andrebispo5 andrebispo5 requested a review from SaintPatrck July 31, 2025 08:23
@andrebispo5 andrebispo5 changed the title [Android] (WIP) Cipher key encryption error handling [PM-18210] (WIP) Cipher key encryption error handling Jul 31, 2025
@andrebispo5 andrebispo5 changed the title [PM-18210] (WIP) Cipher key encryption error handling [PM-18210] Cipher key encryption error handling Jul 31, 2025
@pamperer562580892423 pamperer562580892423 mentioned this pull request Aug 1, 2025
Closed
1 task
@andrebispo5 andrebispo5 marked this pull request as ready for review August 5, 2025 11:36
SaintPatrck
SaintPatrck reviewed Aug 12, 2025
View reviewed changes
...tlin/com/x8bit/bitwarden/ui/vault/feature/itemlisting/util/VaultItemListingDataExtensions.kt
Comment on lines +131 to +135
.filter { cipherListView ->
cipherListView.determineListingPredicate(itemListingType)
}
.applyRestrictItemTypesPolicy(restrictItemTypesPolicyOrgIds)
.toFilteredList(vaultFilterType)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎨 Can we extract this into an extension function. Something like,

Suggested change
.filter { cipherListView ->
cipherListView.determineListingPredicate(itemListingType)
}
.applyRestrictItemTypesPolicy(restrictItemTypesPolicyOrgIds)
.toFilteredList(vaultFilterType)
.applyFilters(
itemListingType = itemListingType,
vaultFilterType = vaultFilterType,
restrictItemTypesPolicyOrgIds = restrictItemTypesPolicyOrgIds,
) 
private fun List<CipherListView>.applyFilters(
    itemListingType: VaultItemListingState.ItemListingType.Vault,
    vaultFilterType: VaultFilterType,
    restrictItemTypesPolicyOrgIds: List<String>,
): List<CipherListView> = this
    .filter { it.determineListingPredicate(itemListingType) }
    .applyRestrictItemTypesPolicy(restrictItemTypesPolicyOrgIds)
    .toFilteredList(vaultFilterType)
  )

SaintPatrck
SaintPatrck reviewed Aug 12, 2025
View reviewed changes
Copy link
Contributor

@SaintPatrck SaintPatrck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⛏️ Minor, but I think these variable names could be improved for readability. The function is getting pretty complex. I'd like to break it up with helper/extension functions at some point, but updating the var names will at least help in the interim.

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/util/VaultDataExtensions.kt
@@ -44,15 +45,36 @@ fun VaultData.toViewState(
vaultFilterType: VaultFilterType,
restrictItemTypesPolicyOrgIds: List<String>?,
): VaultState.ViewState {

val filteredCipherViewListWithDeletedItems =
val filteredAllCipherViewListWithDeletedItems =
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

val allCipherViews

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/util/VaultDataExtensions.kt
.applyRestrictItemTypesPolicy(restrictItemTypesPolicyOrgIds ?: emptyList())
.toFilteredList(vaultFilterType)

val filteredCipherViewList = filteredCipherViewListWithDeletedItems
val filteredCipherViewList = filteredAllCipherViewListWithDeletedItems
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

val activeCipherViews

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/util/VaultDataExtensions.kt
val filteredCipherViewList = filteredAllCipherViewListWithDeletedItems
.filter { it.deletedDate == null }

val filteredSuccessCipherViewList = decryptCipherListResult
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

val activeDecryptedCipherViews

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/util/VaultDataExtensions.kt
.applyRestrictItemTypesPolicy(restrictItemTypesPolicyOrgIds ?: emptyList())
.toFilteredList(vaultFilterType)

val filteredFailureCipherViewList = decryptCipherListResult
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

val activeUndecryptableCipherViews

app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/util/VaultDataExtensions.kt
Comment on lines +76 to +77
.applyRestrictItemTypesPolicy(restrictItemTypesPolicyOrgIds ?: emptyList())
.toFilteredList(vaultFilterType)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to my previous comment, it would be nice to extract this common filtering logic into an ext function.

SaintPatrck
SaintPatrck reviewed Aug 12, 2025
View reviewed changes
app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultViewModel.kt
Comment on lines +952 to +954
.mapNotNull {
it.id
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to declare the lambda arg here or in the enclosing update { } block.

Suggested change
.mapNotNull {
it.id
}
.mapNotNull { cipher -> cipher.id }

SaintPatrck
SaintPatrck reviewed Aug 12, 2025
View reviewed changes
app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/util/VaultDataExtensions.kt
@@ -233,6 +282,7 @@ private fun CipherListView.toVaultItemOrNull(
extraIconList = toLabelIcons(),
shouldShowMasterPasswordReprompt = hasMasterPassword &&
reprompt == CipherRepromptType.PASSWORD,
hasDecryptionError = hasDecryptionError,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use hasDecryptionError to control the overflow options that are assigned? That would make the item.hasDecryptionError checks in VaultContent unnecessary. Something like...

overflowOptions = toOverflowOptions(...).takeUnless { hasDecryptionError }

or if we don't want toOverflowOptions() to execute...

overflowOptions = if (hasDecryptionError) {
    emptyList()
} else { 
    toOverflowOptions()
}

and in VaultContent we can revert

overflowOptions = if (favoriteItem.hasDecryptionError) {
    persistentListOf()
} else {
    favoriteItem.overflowOptions.toImmutableList()
},

SaintPatrck
SaintPatrck reviewed Aug 12, 2025
View reviewed changes
app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultContent.kt
Comment on lines +126 to +130
label = if (favoriteItem.hasDecryptionError) {
stringResource(id = BitwardenString.error_cannot_decrypt)
} else {
favoriteItem.name()
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can make this check unnecessary too, if we perform the hasDecryptionError check in VaultDataExtensions instead.

SaintPatrck
SaintPatrck reviewed Aug 12, 2025
View reviewed changes
app/src/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/itemlisting/VaultItemListingContent.kt
Comment on lines +210 to +214
label = if (isDecryptionErrorType) {
stringResource(id = BitwardenString.error_cannot_decrypt)
} else {
it.title
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@andrebispo5 @david-livefront thoughts on making DisplayItem.title: Text instead of String?

That would allow us to assign title in VaultItemListingDataExtensions instead of having this if (decryptionError) check in the Composable.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No concern from me

SaintPatrck
SaintPatrck reviewed Aug 12, 2025
View reviewed changes
...rc/main/kotlin/com/x8bit/bitwarden/ui/vault/feature/itemlisting/VaultItemListingViewModel.kt
private fun handleShareCipherDecryptionErrorClick(cipherId: String?) {
sendEvent(
event = VaultItemListingEvent.ShowShareSheet(
content = cipherId.orEmpty(),
Copy link
Contributor

@SaintPatrck SaintPatrck Aug 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of printing an empty string, can we print something that explicitly states the cipher does not have an ID? This should never happen, but if it does it will be easier to track down than sending an empty log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SaintPatrck SaintPatrck SaintPatrck left review comments

@brian-livefront brian-livefront Awaiting requested review from brian-livefront brian-livefront is a code owner

@david-livefront david-livefront Awaiting requested review from david-livefront david-livefront is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andrebispo5 @SaintPatrck @david-livefront