Merge branch 'main' into km/tracing

Author: quexten

crates/bitwarden-auth/src/auth_client.rs

@@ -2,7 +2,9 @@ use bitwarden_core::Client;
 #[cfg(feature = "wasm")]
 use wasm_bindgen::prelude::*;
 
-use crate::{identity::IdentityClient, send_access::SendAccessClient};
+use crate::{
+    identity::IdentityClient, registration::RegistrationClient, send_access::SendAccessClient,
+};
 
 /// Subclient containing auth functionality.
 #[derive(Clone)]
@@ -32,6 +34,11 @@ impl AuthClient {
     pub fn send_access(&self) -> SendAccessClient {
         SendAccessClient::new(self.client.clone())
     }
+
+    /// Client for initializing user account cryptography and unlock methods after JIT provisioning
+    pub fn registration(&self) -> RegistrationClient {
+        RegistrationClient::new(self.client.clone())
+    }
 }
 
 /// Extension trait for `Client` to provide access to the `AuthClient`.

crates/bitwarden-auth/src/lib.rs

@@ -3,6 +3,7 @@
 mod auth_client;
 
 pub mod identity;
+pub mod registration;
 pub mod send_access;
 
 pub(crate) mod api; // keep internal to crate

crates/bitwarden-auth/src/registration.rs

@@ -0,0 +1,36 @@
+//! Client for account registration and cryptography initialization related API methods.
+//! It is used both for the initial registration request in the case of password registrations,
+//! and for cryptography initialization for a jit provisioned user. After a method
+//! on this client is called, the user account should have initialized account keys, an
+//! authentication method such as SSO or master password, and a decryption method such as
+//! key-connector, TDE, or master password.
+
+use bitwarden_core::Client;
+#[cfg(feature = "wasm")]
+use wasm_bindgen::prelude::*;
+
+/// Client for initializing a user account.
+#[derive(Clone)]
+#[cfg_attr(feature = "wasm", wasm_bindgen)]
+pub struct RegistrationClient {
+    #[allow(dead_code)]
+    pub(crate) client: Client,
+}
+
+impl RegistrationClient {
+    pub(crate) fn new(client: Client) -> Self {
+        Self { client }
+    }
+}
+#[cfg_attr(feature = "wasm", wasm_bindgen)]
+impl RegistrationClient {
+    /// Example method to demonstrate usage of the client.
+    /// Note: This will be removed once real methods are implemented.
+    #[allow(unused)]
+    async fn example(&self) {
+        let client = &self.client.internal;
+        #[allow(unused_variables)]
+        let api_client = &client.get_api_configurations().await.api_client;
+        // Do API request here. It will be authenticated using the client's tokens.
+    }
+}

crates/bitwarden-auth/src/send_access/access_token_request.rs

@@ -41,10 +41,16 @@ pub struct SendEmailOtpCredentials {
 pub enum SendAccessCredentials {
     #[allow(missing_docs)]
     Password(SendPasswordCredentials),
-    #[allow(missing_docs)]
-    Email(SendEmailCredentials),
+    // IMPORTANT: EmailOtp must come before Email due to #[serde(untagged)] deserialization.
+    // Serde tries variants in order and stops at the first match. Since EmailOtp has
+    // both "email" and "otp" fields, while Email only has "email", placing Email first
+    // would cause {"email": "...", "otp": "..."} to incorrectly match the Email variant
+    // (ignoring the "otp" field). We always must order untagged enum variants from most specific
+    // (most fields) to least specific (fewest fields).
     #[allow(missing_docs)]
     EmailOtp(SendEmailOtpCredentials),
+    #[allow(missing_docs)]
+    Email(SendEmailCredentials),
 }
 
 /// A request structure for requesting a send access token from the API.
@@ -204,15 +210,16 @@ mod tests {
             use serde_json::{from_str, to_string};
 
             use super::*;
+
             #[test]
-            fn deserializes_camelcase_from_ts() {
+            fn deserialize_struct_camelcase_from_ts() {
                 let json = r#"{ "passwordHashB64": "ha$h" }"#;
                 let s: SendPasswordCredentials = from_str(json).unwrap();
                 assert_eq!(s.password_hash_b64, "ha$h");
             }
 
             #[test]
-            fn serializes_camelcase_to_wire() {
+            fn serialize_struct_camelcase_to_wire() {
                 let s = SendPasswordCredentials {
                     password_hash_b64: "ha$h".into(),
                 };
@@ -221,31 +228,163 @@ mod tests {
             }
 
             #[test]
-            fn roundtrip_camel_in_to_camel_out() {
+            fn roundtrip_struct_camel_in_to_camel_out() {
                 let in_json = r#"{ "passwordHashB64": "ha$h" }"#;
                 let parsed: SendPasswordCredentials = from_str(in_json).unwrap();
                 let out_json = to_string(&parsed).unwrap();
                 assert_eq!(out_json, r#"{"passwordHashB64":"ha$h"}"#);
             }
+
+            #[test]
+            fn deserialize_enum_variant_from_json() {
+                let json = r#"{"passwordHashB64":"ha$h"}"#;
+                let creds: SendAccessCredentials = from_str(json).unwrap();
+                match creds {
+                    SendAccessCredentials::Password(password_creds) => {
+                        assert_eq!(password_creds.password_hash_b64, "ha$h");
+                    }
+                    _ => panic!("Expected Password variant"),
+                }
+            }
+
+            #[test]
+            fn serialize_enum_variant_to_json() {
+                let creds = SendAccessCredentials::Password(SendPasswordCredentials {
+                    password_hash_b64: "ha$h".into(),
+                });
+                let json = to_string(&creds).unwrap();
+                assert_eq!(json, r#"{"passwordHashB64":"ha$h"}"#);
+            }
+
+            #[test]
+            fn roundtrip_enum_variant_through_json() {
+                let in_json = r#"{"passwordHashB64":"ha$h"}"#;
+                let creds: SendAccessCredentials = from_str(in_json).unwrap();
+                let out_json = to_string(&creds).unwrap();
+                assert_eq!(out_json, r#"{"passwordHashB64":"ha$h"}"#);
+            }
         }
 
-        #[test]
-        fn serialize_email_credentials() {
-            let creds = SendAccessCredentials::Email(SendEmailCredentials {
-                email: "user@example.com".into(),
-            });
-            let json = serde_json::to_string(&creds).unwrap();
-            assert_eq!(json, r#"{"email":"user@example.com"}"#);
+        mod send_access_email_credentials_tests {
+            use serde_json::{from_str, to_string};
+
+            use super::*;
+
+            #[test]
+            fn deserialize_struct_camelcase_from_ts() {
+                let json = r#"{ "email": "user@example.com" }"#;
+                let s: SendEmailCredentials = from_str(json).unwrap();
+                assert_eq!(s.email, "user@example.com");
+            }
+
+            #[test]
+            fn serialize_struct_camelcase_to_wire() {
+                let s = SendEmailCredentials {
+                    email: "user@example.com".into(),
+                };
+                let json = to_string(&s).unwrap();
+                assert_eq!(json, r#"{"email":"user@example.com"}"#);
+            }
+
+            #[test]
+            fn roundtrip_struct_camel_in_to_camel_out() {
+                let in_json = r#"{ "email": "user@example.com" }"#;
+                let parsed: SendEmailCredentials = from_str(in_json).unwrap();
+                let out_json = to_string(&parsed).unwrap();
+                assert_eq!(out_json, r#"{"email":"user@example.com"}"#);
+            }
+
+            #[test]
+            fn deserialize_enum_variant_from_json() {
+                let json = r#"{"email":"user@example.com"}"#;
+                let creds: SendAccessCredentials = from_str(json).unwrap();
+                match creds {
+                    SendAccessCredentials::Email(email_creds) => {
+                        assert_eq!(email_creds.email, "user@example.com");
+                    }
+                    _ => panic!("Expected Email variant"),
+                }
+            }
+
+            #[test]
+            fn serialize_enum_variant_to_json() {
+                let creds = SendAccessCredentials::Email(SendEmailCredentials {
+                    email: "user@example.com".into(),
+                });
+                let json = to_string(&creds).unwrap();
+                assert_eq!(json, r#"{"email":"user@example.com"}"#);
+            }
+
+            #[test]
+            fn roundtrip_enum_variant_through_json() {
+                let in_json = r#"{"email":"user@example.com"}"#;
+                let creds: SendAccessCredentials = from_str(in_json).unwrap();
+                let out_json = to_string(&creds).unwrap();
+                assert_eq!(out_json, r#"{"email":"user@example.com"}"#);
+            }
         }
 
-        #[test]
-        fn serialize_email_otp_credentials() {
-            let creds = SendAccessCredentials::EmailOtp(SendEmailOtpCredentials {
-                email: "user@example.com".into(),
-                otp: "123456".into(),
-            });
-            let json = serde_json::to_string(&creds).unwrap();
-            assert_eq!(json, r#"{"email":"user@example.com","otp":"123456"}"#);
+        mod send_access_email_otp_credentials_tests {
+            use serde_json::{from_str, to_string};
+
+            use super::*;
+
+            #[test]
+            fn deserialize_struct_camelcase_from_ts() {
+                let json = r#"{ "email": "user@example.com", "otp": "123456" }"#;
+                let s: SendEmailOtpCredentials = from_str(json).unwrap();
+                assert_eq!(s.email, "user@example.com");
+                assert_eq!(s.otp, "123456");
+            }
+
+            #[test]
+            fn serialize_struct_camelcase_to_wire() {
+                let s = SendEmailOtpCredentials {
+                    email: "user@example.com".into(),
+                    otp: "123456".into(),
+                };
+                let json = to_string(&s).unwrap();
+                assert_eq!(json, r#"{"email":"user@example.com","otp":"123456"}"#);
+            }
+
+            #[test]
+            fn roundtrip_struct_camel_in_to_camel_out() {
+                let in_json = r#"{ "email": "user@example.com", "otp": "123456" }"#;
+                let parsed: SendEmailOtpCredentials = from_str(in_json).unwrap();
+                let out_json = to_string(&parsed).unwrap();
+                assert_eq!(out_json, r#"{"email":"user@example.com","otp":"123456"}"#);
+            }
+
+            #[test]
+            fn deserialize_enum_variant_from_json() {
+                let json = r#"{"email":"user@example.com","otp":"123456"}"#;
+                let creds: SendAccessCredentials = from_str(json).unwrap();
+                match creds {
+                    SendAccessCredentials::EmailOtp(otp_creds) => {
+                        assert_eq!(otp_creds.email, "user@example.com");
+                        assert_eq!(otp_creds.otp, "123456");
+                    }
+                    _ => panic!("Expected EmailOtp variant"),
+                }
+            }
+
+            #[test]
+            fn serialize_enum_variant_to_json() {
+                let creds = SendAccessCredentials::EmailOtp(SendEmailOtpCredentials {
+                    email: "user@example.com".into(),
+                    otp: "123456".into(),
+                });
+                let json = to_string(&creds).unwrap();
+                assert_eq!(json, r#"{"email":"user@example.com","otp":"123456"}"#);
+            }
+
+            #[test]
+            fn roundtrip_enum_variant_through_json() {
+                let in_json = r#"{"email":"user@example.com","otp":"123456"}"#;
+                let creds: SendAccessCredentials = from_str(in_json).unwrap();
+                let out_json = to_string(&creds).unwrap();
+                assert_eq!(out_json, r#"{"email":"user@example.com","otp":"123456"}"#);
+            }
         }
     }
 }