Skip to content

Auth/PM-19555 - Fix multi account logout on lock screens not redirecting properly #14630

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weโ€™ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 21 commits into
base: main
Choose a base branch
from
+313 โˆ’203
Open

Auth/PM-19555 - Fix multi account logout on lock screens not redirecting properly #14630

Show file tree
Hide file tree
Changes from 17 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
64efe00
PM-19555 - LogoutService - build abstraction, default, and extension โ€ฆ
JaredSnider-Bitwarden Apr 30, 2025
59421d8
PM-19555 - Lock Comp - use logoutService
JaredSnider-Bitwarden May 2, 2025
7612123
PM-19555 - LoginDecryptionOptions - Use logout service which removed โ€ฆ
JaredSnider-Bitwarden May 2, 2025
dfa7788
PM-19555 - AccountSwitcher logic update - (1) Use logout service + reโ€ฆ
JaredSnider-Bitwarden May 2, 2025
172b04a
Merge branch 'main' into auth/pm-19555/multi-account-logout-on-lock-sโ€ฆ
JaredSnider-Bitwarden May 5, 2025
430a8f0
PM-19555 - Extension - Acct Switcher comp - clean up TODOs
JaredSnider-Bitwarden May 5, 2025
85fe195
PM-19555 - Add TODOs for remaining tech debt
JaredSnider-Bitwarden May 5, 2025
2fd9387
PM-19555 - Add tests for new logout services.
JaredSnider-Bitwarden May 5, 2025
a3e84b6
PM-19555 - Extension - LoginInitiated - show acct switcher b/c user iโ€ฆ
JaredSnider-Bitwarden May 6, 2025
0b7fd09
PM-19555 - Add TODO to replace LogoutCallback with LogoutService
JaredSnider-Bitwarden May 6, 2025
fdf8f12
PM-19555 WIP
JaredSnider-Bitwarden May 6, 2025
dcfb958
PM-19555 - Extension App Comp - account switching to account in TDE lโ€ฆ
JaredSnider-Bitwarden May 6, 2025
4de0bf2
PM-19555 - Extension App Comp - add docs
JaredSnider-Bitwarden May 6, 2025
f4d5c67
PM-19555 - Extension App Comp - add early return
JaredSnider-Bitwarden May 6, 2025
6a6326b
PM-19555 - Desktop App Comp - add handling for TDE lock case to switcโ€ฆ
JaredSnider-Bitwarden May 6, 2025
f32942a
Merge remote-tracking branch 'origin/main' into auth/pm-19555/multi-aโ€ฆ
JaredSnider-Bitwarden May 8, 2025
d07cc16
PM-19555 - Extension - Account Component - if account unlocked go to โ€ฆ
JaredSnider-Bitwarden May 9, 2025
a165492
PM-19555 - Per PR feedback, clean up unnecessary nullish coalescing oโ€ฆ
JaredSnider-Bitwarden May 14, 2025
0c88286
Merge remote-tracking branch 'origin/main' into auth/pm-19555/multi-aโ€ฆ
JaredSnider-Bitwarden May 14, 2025
06ea455
Merge remote-tracking branch 'origin/main' into auth/pm-19555/multi-aโ€ฆ
JaredSnider-Bitwarden Jun 2, 2025
8181921
PM-19555 - Extension - AppComponent - fix everHadUserKey merge issue
JaredSnider-Bitwarden Jun 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 5 additions & 7 deletions apps/browser/src/auth/popup/account-switching/account-switcher.component.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
import { Subject, firstValueFrom, map, of, startWith, switchMap } from "rxjs";

import { JslibModule } from "@bitwarden/angular/jslib.module";
import { LockService } from "@bitwarden/auth/common";
import { LockService, LogoutService } from "@bitwarden/auth/common";

Check warning on line 7 in apps/browser/src/auth/popup/account-switching/account-switcher.component.ts

View check run for this annotation

Codecov / codecov/patch

apps/browser/src/auth/popup/account-switching/account-switcher.component.ts#L7 

Added line #L7 was not covered by tests
import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
Expand Down Expand Up @@ -70,6 +70,7 @@
private vaultTimeoutSettingsService: VaultTimeoutSettingsService,
private authService: AuthService,
private lockService: LockService,
private logoutService: LogoutService,

Check warning on line 73 in apps/browser/src/auth/popup/account-switching/account-switcher.component.ts

View check run for this annotation

Codecov / codecov/patch

apps/browser/src/auth/popup/account-switching/account-switcher.component.ts#L73 

Added line #L73 was not covered by tests
) {}

get accountLimit() {
Expand Down Expand Up @@ -141,12 +142,9 @@
});

if (confirmed) {
const result = await this.accountSwitcherService.logoutAccount(userId);
// unlocked logout responses need to be navigated out of the account switcher.
// other responses will be handled by background and app.component
if (result?.status === AuthenticationStatus.Unlocked) {
this.location.back();
}
await this.logoutService.logout(userId);

Check warning on line 145 in apps/browser/src/auth/popup/account-switching/account-switcher.component.ts

View check run for this annotation

Codecov / codecov/patch

apps/browser/src/auth/popup/account-switching/account-switcher.component.ts#L145 

Added line #L145 was not covered by tests
// navigate to root so redirect guard can properly route next active user or null user to correct page
await this.router.navigate(["/"]);

Check warning on line 147 in apps/browser/src/auth/popup/account-switching/account-switcher.component.ts

View check run for this annotation

Codecov / codecov/patch

apps/browser/src/auth/popup/account-switching/account-switcher.component.ts#L147 

Added line #L147 was not covered by tests
Comment on lines +146 to +147
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Product signed off on this change in behavior so next up users are left in the correct default state instead of on any screen that the first user was using.

}
this.loading = false;
}
Expand Down
9 changes: 5 additions & 4 deletions apps/browser/src/auth/popup/account-switching/account.component.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
// FIXME: Update this file to be type safe and remove this and next line
// @ts-strict-ignore
import { CommonModule, Location } from "@angular/common";
import { CommonModule } from "@angular/common";

Check warning on line 3 in apps/browser/src/auth/popup/account-switching/account.component.ts

View check run for this annotation

Codecov / codecov/patch

apps/browser/src/auth/popup/account-switching/account.component.ts#L3 

Added line #L3 was not covered by tests
import { Component, EventEmitter, Input, Output } from "@angular/core";
import { Router } from "@angular/router";

Check warning on line 5 in apps/browser/src/auth/popup/account-switching/account.component.ts

View check run for this annotation

Codecov / codecov/patch

apps/browser/src/auth/popup/account-switching/account.component.ts#L5 

Added line #L5 was not covered by tests

import { JslibModule } from "@bitwarden/angular/jslib.module";
import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
Expand All @@ -24,7 +25,7 @@

constructor(
private accountSwitcherService: AccountSwitcherService,
private location: Location,
private router: Router,
private i18nService: I18nService,
private logService: LogService,
private biometricsService: BiometricsService,
Expand All @@ -45,8 +46,8 @@

// Navigate out of account switching for unlocked accounts
// locked or logged out account statuses are handled by background and app.component
if (result?.status === AuthenticationStatus.Unlocked) {
this.location.back();
if (result?.authenticationStatus === AuthenticationStatus.Unlocked) {
await this.router.navigate(["vault"]);

Check warning on line 50 in apps/browser/src/auth/popup/account-switching/account.component.ts

View check run for this annotation

Codecov / codecov/patch

apps/browser/src/auth/popup/account-switching/account.component.ts#L50 

Added line #L50 was not covered by tests
await this.biometricsService.setShouldAutopromptNow(false);
} else {
await this.biometricsService.setShouldAutopromptNow(true);
Expand Down
31 changes: 0 additions & 31 deletions apps/browser/src/auth/popup/account-switching/services/account-switcher.service.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,35 +207,4 @@ describe("AccountSwitcherService", () => {
expect(removeListenerSpy).toBeCalledTimes(1);
});
});

describe("logout", () => {
const userId1 = "1" as UserId;
const userId2 = "2" as UserId;
it("initiates logout", async () => {
let listener: (
message: { command: string; userId: UserId; status: AuthenticationStatus },
sender: unknown,
sendResponse: unknown,
) => void;
jest.spyOn(chrome.runtime.onMessage, "addListener").mockImplementation((addedListener) => {
listener = addedListener;
});

const removeListenerSpy = jest.spyOn(chrome.runtime.onMessage, "removeListener");

const logoutPromise = accountSwitcherService.logoutAccount(userId1);

listener(
{ command: "switchAccountFinish", userId: userId2, status: AuthenticationStatus.Unlocked },
undefined,
undefined,
);

const result = await logoutPromise;

expect(messagingService.send).toHaveBeenCalledWith("logout", { userId: userId1 });
expect(result).toEqual({ newUserId: userId2, status: AuthenticationStatus.Unlocked });
expect(removeListenerSpy).toBeCalledTimes(1);
});
});
});
27 changes: 4 additions & 23 deletions apps/browser/src/auth/popup/account-switching/services/account-switcher.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import {
timeout,
} from "rxjs";

import { NewActiveUser } from "@bitwarden/auth/common";
import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
import { AvatarService } from "@bitwarden/common/auth/abstractions/avatar.service";
Expand Down Expand Up @@ -43,7 +44,7 @@ export class AccountSwitcherService {
SPECIAL_ADD_ACCOUNT_ID = "addAccount";
availableAccounts$: Observable<AvailableAccount[]>;

switchAccountFinished$: Observable<{ userId: UserId; status: AuthenticationStatus }>;
switchAccountFinished$: Observable<NewActiveUser | null>;

constructor(
private accountService: AccountService,
Expand Down Expand Up @@ -118,7 +119,7 @@ export class AccountSwitcherService {
[message: { command: string; userId: UserId; status: AuthenticationStatus }]
>(chrome.runtime.onMessage).pipe(
filter(([message]) => message.command === "switchAccountFinish"),
map(([message]) => ({ userId: message.userId, status: message.status })),
map(([message]) => ({ userId: message.userId, authenticationStatus: message.status })),
);
}

Expand All @@ -143,29 +144,9 @@ export class AccountSwitcherService {
return await switchAccountFinishedPromise;
}

/**
*
* @param userId the user id to logout
* @returns the userId and status of the that has been switch to due to the logout. null on errors.
*/
async logoutAccount(
userId: UserId,
): Promise<{ newUserId: UserId; status: AuthenticationStatus } | null> {
// logout creates an account switch to the next up user, which may be null
const switchPromise = this.listenForSwitchAccountFinish(null);

await this.messagingService.send("logout", { userId });

// wait for account switch to happen, the result will be the new user id and status
const result = await switchPromise;
return { newUserId: result.userId, status: result.status };
}

// Listens for the switchAccountFinish message and returns the userId from the message
// Optionally filters switchAccountFinish to an expected userId
private listenForSwitchAccountFinish(
expectedUserId: UserId | null,
): Promise<{ userId: UserId; status: AuthenticationStatus } | null> {
listenForSwitchAccountFinish(expectedUserId: UserId | null): Promise<NewActiveUser | null> {
return firstValueFrom(
this.switchAccountFinished$.pipe(
filter(({ userId }) => (expectedUserId ? userId === expectedUserId : true)),
Expand Down
64 changes: 0 additions & 64 deletions ...rc/auth/popup/login-decryption-options/extension-login-decryption-options.service.spec.ts
View file
Open in desktop

This file was deleted.

37 changes: 0 additions & 37 deletions ...ser/src/auth/popup/login-decryption-options/extension-login-decryption-options.service.ts
View file
Open in desktop

This file was deleted.

101 changes: 101 additions & 0 deletions apps/browser/src/auth/popup/logout/extension-logout.service.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
import { MockProxy, mock } from "jest-mock-extended";

import { LogoutReason, LogoutService } from "@bitwarden/auth/common";
import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
import { UserId } from "@bitwarden/common/types/guid";

import { AccountSwitcherService } from "../account-switching/services/account-switcher.service";

import { ExtensionLogoutService } from "./extension-logout.service";

describe("ExtensionLogoutService", () => {
let logoutService: LogoutService;
let messagingService: MockProxy<MessagingService>;
let accountSwitcherService: MockProxy<AccountSwitcherService>;

let primaryUserId: UserId;
let secondaryUserId: UserId;
let logoutReason: LogoutReason;

beforeEach(() => {
primaryUserId = "1" as UserId;
secondaryUserId = "2" as UserId;
logoutReason = "vaultTimeout";

messagingService = mock<MessagingService>();
accountSwitcherService = mock<AccountSwitcherService>();
logoutService = new ExtensionLogoutService(messagingService, accountSwitcherService);
});

it("instantiates", () => {
expect(logoutService).not.toBeFalsy();
});

describe("logout", () => {
describe("No new active user", () => {
beforeEach(() => {
accountSwitcherService.listenForSwitchAccountFinish.mockResolvedValue(null);
});

it("sends logout message without a logout reason when not provided", async () => {
const result = await logoutService.logout(primaryUserId);

expect(accountSwitcherService.listenForSwitchAccountFinish).toHaveBeenCalledTimes(1);
expect(messagingService.send).toHaveBeenCalledWith("logout", { userId: primaryUserId });

expect(result).toBeUndefined();
});

it("sends logout message with a logout reason when provided", async () => {
const result = await logoutService.logout(primaryUserId, logoutReason);

expect(accountSwitcherService.listenForSwitchAccountFinish).toHaveBeenCalledTimes(1);
expect(messagingService.send).toHaveBeenCalledWith("logout", {
userId: primaryUserId,
logoutReason,
});
expect(result).toBeUndefined();
});
});

describe("New active user", () => {
const newActiveUserAuthenticationStatus = AuthenticationStatus.Unlocked;

beforeEach(() => {
accountSwitcherService.listenForSwitchAccountFinish.mockResolvedValue({
userId: secondaryUserId,
authenticationStatus: newActiveUserAuthenticationStatus,
});
});

it("sends logout message without a logout reason when not provided and returns the new active user", async () => {
const result = await logoutService.logout(primaryUserId);

expect(accountSwitcherService.listenForSwitchAccountFinish).toHaveBeenCalledTimes(1);

expect(messagingService.send).toHaveBeenCalledWith("logout", { userId: primaryUserId });

expect(result).toEqual({
userId: secondaryUserId,
authenticationStatus: newActiveUserAuthenticationStatus,
});
});

it("sends logout message with a logout reason when provided and returns the new active user", async () => {
const result = await logoutService.logout(primaryUserId, logoutReason);

expect(accountSwitcherService.listenForSwitchAccountFinish).toHaveBeenCalledTimes(1);

expect(messagingService.send).toHaveBeenCalledWith("logout", {
userId: primaryUserId,
logoutReason,
});
expect(result).toEqual({
userId: secondaryUserId,
authenticationStatus: newActiveUserAuthenticationStatus,
});
});
});
});
});
Loading
Loading