[PM-8979] Check that user is authed before getting user config (#10031)

* Check that user is authed before getting user config * Accept PR Suggestion Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> * Use Strict Equal --------- Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com>
2024-07-15 10:41:10 -04:00 · 2024-07-15 10:41:10 -04:00 · 5fcf4bbd10
parent 5a46c7d5cc
commit 5fcf4bbd10
5 changed files with 56 additions and 6 deletions
--- a/apps/browser/src/background/main.background.ts
+++ b/apps/browser/src/background/main.background.ts
@ -716,6 +716,7 @@ export default class MainBackground {
      this.environmentService,
      this.logService,
      this.stateProvider,
+      this.authService,
    );

    this.cipherService = new CipherService(
--- a/apps/cli/src/service-container.ts
+++ b/apps/cli/src/service-container.ts
@ -586,6 +586,7 @@ export class ServiceContainer {
      this.environmentService,
      this.logService,
      this.stateProvider,
+      this.authService,
    );

    this.cipherService = new CipherService(
--- a/libs/angular/src/services/jslib-services.module.ts
+++ b/libs/angular/src/services/jslib-services.module.ts
@ -954,7 +954,13 @@ const safeProviders: SafeProvider[] = [
  safeProvider({
    provide: DefaultConfigService,
    useClass: DefaultConfigService,
-    deps: [ConfigApiServiceAbstraction, EnvironmentService, LogService, StateProvider],
+    deps: [
+      ConfigApiServiceAbstraction,
+      EnvironmentService,
+      LogService,
+      StateProvider,
+      AuthServiceAbstraction,
+    ],
  }),
  safeProvider({
    provide: ConfigService,
--- a/libs/common/src/platform/services/config/config.service.spec.ts
+++ b/libs/common/src/platform/services/config/config.service.spec.ts
@ -14,6 +14,8 @@ import {
  mockAccountServiceWith,
 } from "../../../../spec";
 import { subscribeTo } from "../../../../spec/observable-tracker";
+import { AuthService } from "../../../auth/abstractions/auth.service";
+import { AuthenticationStatus } from "../../../auth/enums/authentication-status";
 import { UserId } from "../../../types/guid";
 import { ConfigApiServiceAbstraction } from "../../abstractions/config/config-api.service.abstraction";
 import { ServerConfig } from "../../abstractions/config/server-config";
@ -39,6 +41,9 @@ describe("ConfigService", () => {
  const configApiService = mock<ConfigApiServiceAbstraction>();
  const environmentService = mock<EnvironmentService>();
  const logService = mock<LogService>();
+  const authService = mock<AuthService>({
+    authStatusFor$: (userId) => of(AuthenticationStatus.Unlocked),
+  });
  let stateProvider: FakeStateProvider;
  let globalState: FakeGlobalState<Record<ApiUrl, ServerConfig>>;
  let userState: FakeSingleUserState<ServerConfig>;
@ -71,6 +76,7 @@ describe("ConfigService", () => {
        environmentService,
        logService,
        stateProvider,
+        authService,
      );
    });

@ -188,6 +194,30 @@ describe("ConfigService", () => {
    });
  });

+  it("gets global config when there is an locked active user", async () => {
+    await accountService.switchAccount(userId);
+    environmentService.environment$ = of(environmentFactory(activeApiUrl));
+
+    globalState.stateSubject.next({
+      [activeApiUrl]: serverConfigFactory(activeApiUrl + "global"),
+    });
+    userState.nextState(serverConfigFactory(userId));
+
+    const sut = new DefaultConfigService(
+      configApiService,
+      environmentService,
+      logService,
+      stateProvider,
+      mock<AuthService>({
+        authStatusFor$: () => of(AuthenticationStatus.Locked),
+      }),
+    );
+
+    const config = await firstValueFrom(sut.serverConfig$);
+
+    expect(config.gitHash).toEqual(activeApiUrl + "global");
+  });
+
  describe("environment change", () => {
    let sut: DefaultConfigService;
    let environmentSubject: Subject<Environment>;
@ -205,6 +235,7 @@ describe("ConfigService", () => {
        environmentService,
        logService,
        stateProvider,
+        authService,
      );
    });

--- a/libs/common/src/platform/services/config/default-config.service.ts
+++ b/libs/common/src/platform/services/config/default-config.service.ts
@ -13,6 +13,8 @@ import {
 } from "rxjs";
 import { SemVer } from "semver";

+import { AuthService } from "../../../auth/abstractions/auth.service";
+import { AuthenticationStatus } from "../../../auth/enums/authentication-status";
 import {
  DefaultFeatureFlagValue,
  FeatureFlag,
@ -60,16 +62,25 @@ export class DefaultConfigService implements ConfigService {
    private environmentService: EnvironmentService,
    private logService: LogService,
    private stateProvider: StateProvider,
+    private authService: AuthService,
  ) {
    const apiUrl$ = this.environmentService.environment$.pipe(
      map((environment) => environment.getApiUrl()),
    );
+    const userId$ = this.stateProvider.activeUserId$;
+    const authStatus$ = userId$.pipe(
+      switchMap((userId) => (userId == null ? of(null) : this.authService.authStatusFor$(userId))),
+    );

-    this.serverConfig$ = combineLatest([this.stateProvider.activeUserId$, apiUrl$]).pipe(
-      switchMap(([userId, apiUrl]) => {
-        const config$ =
-          userId == null ? this.globalConfigFor$(apiUrl) : this.userConfigFor$(userId);
-        return config$.pipe(map((config) => [config, userId, apiUrl] as const));
+    this.serverConfig$ = combineLatest([userId$, apiUrl$, authStatus$]).pipe(
+      switchMap(([userId, apiUrl, authStatus]) => {
+        if (userId == null || authStatus !== AuthenticationStatus.Unlocked) {
+          return this.globalConfigFor$(apiUrl).pipe(
+            map((config) => [config, null, apiUrl] as const),
+          );
+        }
+
+        return this.userConfigFor$(userId).pipe(map((config) => [config, userId, apiUrl] as const));
      }),
      tap(async (rec) => {
        const [existingConfig, userId, apiUrl] = rec;