Merge branch 'main' into scanner

.github/codecov.yml

@@ -1,3 +1,4 @@
 ignore:
   - "crates/sdk-schemas" # Tool
   - "crates/uniffi-bindgen" # Tool
+  - "crates/memory-testing" # Testing

.github/workflows/build-rust-cross-platform.yml

@@ -8,6 +8,7 @@ on:
       - main
       - rc
       - hotfix-rc
+  pull_request:
 
 jobs:
   build_rust:

.github/workflows/memory-testing.yml

@@ -0,0 +1,43 @@
+---
+name: Test for memory leaks
+
+on:
+  pull_request:
+    paths:
+      - "crates/bitwarden-crypto/**"
+      - "crates/memory-testing/**"
+  push:
+    paths:
+      - "crates/bitwarden-crypto/**"
+      - "crates/memory-testing/**"
+    branches:
+      - "main"
+      - "rc"
+      - "hotfix-rc"
+
+jobs:
+  memory-test:
+    name: Testing
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Set up gdb
+        run: |
+          sudo apt update
+          sudo apt -y install gdb
+
+      - name: Install rust
+        uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 # stable
+        with:
+          toolchain: stable
+
+      - name: Cache cargo registry
+        uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3
+        with:
+          key: memtest-cargo
+
+      - name: Test
+        run: ./crates/memory-testing/run_test.sh no-docker

.github/workflows/release-go.yml

@@ -1,4 +1,5 @@
-name: Release Go
+name: Release Go SDK
+run-name: Release Go SDK ${{ inputs.release_type }}
 
 on:
   workflow_dispatch:
@@ -15,6 +16,7 @@ on:
 env:
   GO111MODULE: on
   GO_VERSION: "^1.18"
+  _KEY_VAULT: "bitwarden-ci"
 
 jobs:
   validate:
@@ -27,7 +29,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Branch check
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        if: ${{ inputs.release_type != 'Dry Run' }}
         run: |
           if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
             echo "==================================="
@@ -47,22 +49,23 @@ jobs:
     runs-on: ubuntu-22.04
     needs: validate
     env:
-      _KEY_VAULT: "bitwarden-ci"
       _BOT_EMAIL: [email protected]
       _BOT_NAME: bitwarden-devops-bot
       _PKG_VERSION: ${{ needs.validate.outputs.version }}
     steps:
       - name: Checkout SDK repo
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+        uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0
         with:
           path: sdk
 
-      - name: Checkout SDK-Go repo
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+      - name: Download artifacts
+        uses: bitwarden/gh-actions/download-artifacts@main
         with:
-          repository: bitwarden/sm-sdk-go
-          path: sm-sdk-go
-          ref: main
+          workflow: generate_schemas.yml
+          path: sdk/languages/go/bitwarden_sdk_secrets/lib
+          workflow_conclusion: success
+          branch: ${{ inputs.release_type == 'Dry Run' && 'main' ||  github.ref_name }}
+          artifacts: schemas.go
 
       - name: Login to Azure - Prod Subscription
         uses: Azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
@@ -71,11 +74,19 @@ jobs:
 
       - name: Retrieve secrets
         id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f
+        uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c
         with:
           keyvault: ${{ env._KEY_VAULT }}
           secrets: "github-pat-bitwarden-devops-bot-repo-scope"
 
+      - name: Checkout SDK-Go repo
+        uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4.0.0
+        with:
+          repository: bitwarden/sm-sdk-go
+          path: sm-sdk-go
+          ref: main
+          token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
+
       - name: Setup Git
         working-directory: sm-sdk-go
         run: |
@@ -85,15 +96,21 @@ jobs:
       - name: Update files
         run: |
           # Copy files to local sm-sdk-go repo path
-          cp --verbose -rf sdk/languages/go sm-sdk-go
+          cp --verbose -rf sdk/languages/go/. sm-sdk-go
+
+      - name: Replace repo name
+        working-directory: sm-sdk-go
+        run: |
+          find . -name '*' -exec \
+          gsed -i -e 's/github.com\/bitwarden\/sdk\/languages\/go/github.com\/bitwarden\/sm-sdk-go/g' {} \;
 
       - name: Push changes
         working-directory: sm-sdk-go
         run: |
           git add .
           git commit -m "Update Go SDK to ${{ github.sha }}"
 
-          if [[ "${{ github.event.inputs.release_type }}" == "Dry Run" ]]; then
+          if [[ "${{ inputs.release_type }}" == "Dry Run" ]]; then
             echo "==================================="
             echo "[!] Dry Run - Skipping push"
             echo "==================================="
@@ -104,7 +121,7 @@ jobs:
           fi
 
       - name: Create release tag on SDK Go repo
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        if: ${{ inputs.release_type != 'Dry Run' }}
         working-directory: sm-sdk-go
         run: |
           # Check if tag exists, set output then exit 0 if true.
@@ -134,18 +151,66 @@ jobs:
 
       - name: Retrieve secrets
         id: retrieve-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@62d1bf7c3e31c458cc7236b1e69a475d235cd78f
+        uses: bitwarden/gh-actions/get-keyvault-secrets@4f37134d838f21609c38cb56694d8605f176704c
         with:
           keyvault: ${{ env._KEY_VAULT }}
           secrets: "github-pat-bitwarden-devops-bot-repo-scope"
 
+      - name: Download x86_64-apple-darwin artifact
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build-rust-cross-platform.yml
+          workflow_conclusion: success
+          branch: ${{ inputs.release_type == 'Dry Run' && 'main' ||  github.ref_name }}
+          artifacts: libbitwarden_c_files-x86_64-apple-darwin
+          skip_unpack: true
+
+      - name: Download aarch64-apple-darwin artifact
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build-rust-cross-platform.yml
+          workflow_conclusion: success
+          branch: ${{ inputs.release_type == 'Dry Run' && 'main' ||  github.ref_name }}
+          artifacts: libbitwarden_c_files-aarch64-apple-darwin
+          skip_unpack: true
+
+      - name: Download x86_64-unknown-linux-gnu artifact
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build-rust-cross-platform.yml
+          workflow_conclusion: success
+          branch: ${{ inputs.release_type == 'Dry Run' && 'main' ||  github.ref_name }}
+          artifacts: libbitwarden_c_files-x86_64-unknown-linux-gnu
+          skip_unpack: true
+
+      - name: Download x86_64-pc-windows-msvc artifact
+        uses: bitwarden/gh-actions/download-artifacts@main
+        with:
+          workflow: build-rust-cross-platform.yml
+          workflow_conclusion: success
+          branch: ${{ inputs.release_type == 'Dry Run' && 'main' ||  github.ref_name }}
+          artifacts: libbitwarden_c_files-x86_64-pc-windows-msvc
+          skip_unpack: true
+
+      - name: Rename build artifacts
+        run: |
+          mv libbitwarden_c_files-x86_64-apple-darwin.zip libbitwarden_c_files-x86_64-apple-darwin-$_PKG_VERSION.zip
+          mv libbitwarden_c_files-aarch64-apple-darwin.zip libbitwarden_c_files-aarch64-apple-darwin-$_PKG_VERSION.zip
+          mv libbitwarden_c_files-x86_64-unknown-linux-gnu.zip libbitwarden_c_files-x86_64-unknown-linux-gnu-$_PKG_VERSION.zip
+          mv libbitwarden_c_files-x86_64-pc-windows-msvc.zip libbitwarden_c_files-x86_64-pc-windows-msvc-$_PKG_VERSION.zip
+
       - name: Create release
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        if: ${{ inputs.release_type != 'Dry Run' }}
         uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # v1.13.0
         with:
           tag: v${{ env._PKG_VERSION }}
           name: v${{ env._PKG_VERSION }}
           body: "<insert release notes here>"
           token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }}
           draft: true
-          repo: bitwarden/sm-sdk-go
+          repo: sm-sdk-go
+          owner: bitwarden
+          artifacts: "libbitwarden_c_files-x86_64-apple-darwin-${{ env._PKG_VERSION }}.zip,
+            libbitwarden_c_files-aarch64-apple-darwin-${{ env._PKG_VERSION }}.zip,
+            libbitwarden_c_files-x86_64-unknown-linux-gnu-${{ env._PKG_VERSION }}.zip,
+            libbitwarden_c_files-x86_64-pc-windows-msvc-${{ env._PKG_VERSION }}.zip"

.gitignore

@@ -12,7 +12,6 @@ x64/
 x86/
 build/
 bld/
-[Bb]in/
 [Oo]bj/
 *.wasm
 

README.md

@@ -86,5 +86,56 @@ This project uses customized templates which lives in the `support/openapi-templ
 These templates resolves some outstanding issues we've experienced with the rust generator. But we
 strive towards modifying the templates as little as possible to ease future upgrades.
 
+## Tests
+
+Many of the SDK tests are based on encrypted data provided by the other Bitwarden clients. In order
+to provide a consistent method of retrieving the data we provide a test account with user keys.
+
+**Disclaimer:** The server typically encrypts and protects certain fields. In order to allow
+accounts to be used on other servers this protection was explicitly removed from these data dumps.
+
+### `[email protected]`
+
+- Email: `[email protected]`
+- Password: `asdfasdfasdf`
+- PBKDF2: `600_000` iterations
+
+```sql
+INSERT INTO vault_dev.dbo.[User] (
+  Id, Name, Email, EmailVerified, MasterPassword,
+  MasterPasswordHint, Culture, SecurityStamp,
+  TwoFactorProviders, TwoFactorRecoveryCode,
+  EquivalentDomains, ExcludedGlobalEquivalentDomains,
+  AccountRevisionDate, [Key], PublicKey,
+  PrivateKey, Premium, PremiumExpirationDate,
+  Storage, MaxStorageGb, Gateway, GatewayCustomerId,
+  GatewaySubscriptionId, LicenseKey,
+  CreationDate, RevisionDate, RenewalReminderDate,
+  Kdf, KdfIterations, ReferenceData,
+  ApiKey, ForcePasswordReset, UsesKeyConnector,
+  FailedLoginCount, LastFailedLoginDate,
+  AvatarColor, KdfMemory, KdfParallelism,
+  LastPasswordChangeDate, LastKdfChangeDate,
+  LastKeyRotationDate, LastEmailChangeDate
+)
+VALUES
+  (
+    N 'b1fd4bf2-9643-4787-87f3-b0f00189c33b',
+    N 'Test', N '[email protected]',
+    0, N 'AQAAAAEAAYagAAAAEJ3ky9F/Zt5sy3/UAHVvBarMR+tBXYOM5IGgXy4/mx82uptgHgItauyCN+UZTvAqiA==',
+    null, N 'en-US', N 'F3KL7SCJKEXO4LJFVLGZITPEHM7SAVSZ',
+    null, null, null, null, N '2024-01-07 23:56:48.2600000',
+    N '2.Q/2PhzcC7GdeiMHhWguYAQ==|GpqzVdr0go0ug5cZh1n+uixeBC3oC90CIe0hd/HWA/pTRDZ8ane4fmsEIcuc8eMKUt55Y2q/fbNzsYu41YTZzzsJUSeqVjT8/iTQtgnNdpo=|dwI+uyvZ1h/iZ03VQ+/wrGEFYVewBUUl/syYgjsNMbE=',
+    N 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Ww2chogqCpaAR7Uw448am4b7vDFXiM5kXjFlGfXBlrAdAqTTggEvTDlMNYqPlCo+mBM6iFmTTUY9rpZBvFskMnKvsvpJ47/fehAH2o2e3Ulv/5NFevaVCMCmpkBDtbMbO1A4a3btdRtCP8DsKWMefHauEpaoLxNTLWnOIZVfCMjsSgx2EvULHAZPTtbFwm4+UVKniM4ds4jvOsD85h4jn2aLs/jWJXFfxN8iVSqEqpC2TBvsPdyHb49xQoWWfF0Z6BiNqeNGKEU9Uos1pjL+kzhEzzSpH31PZT/ufJ/oo4+93wrUt57hb6f0jxiXhwd5yQ+9F6wVwpbfkq0IwhjOwIDAQAB',
+    N '2.yN7l00BOlUE0Sb0M//Q53w==|EwKG/BduQRQ33Izqc/ogoBROIoI5dmgrxSo82sgzgAMIBt3A2FZ9vPRMY+GWT85JiqytDitGR3TqwnFUBhKUpRRAq4x7rA6A1arHrFp5Tp1p21O3SfjtvB3quiOKbqWk6ZaU1Np9HwqwAecddFcB0YyBEiRX3VwF2pgpAdiPbSMuvo2qIgyob0CUoC/h4Bz1be7Qa7B0Xw9/fMKkB1LpOm925lzqosyMQM62YpMGkjMsbZz0uPopu32fxzDWSPr+kekNNyLt9InGhTpxLmq1go/pXR2uw5dfpXc5yuta7DB0EGBwnQ8Vl5HPdDooqOTD9I1jE0mRyuBpWTTI3FRnu3JUh3rIyGBJhUmHqGZvw2CKdqHCIrQeQkkEYqOeJRJVdBjhv5KGJifqT3BFRwX/YFJIChAQpebNQKXe/0kPivWokHWwXlDB7S7mBZzhaAPidZvnuIhalE2qmTypDwHy22FyqV58T8MGGMchcASDi/QXI6kcdpJzPXSeU9o+NC68QDlOIrMVxKFeE7w7PvVmAaxEo0YwmuAzzKy9QpdlK0aab/xEi8V4iXj4hGepqAvHkXIQd+r3FNeiLfllkb61p6WTjr5urcmDQMR94/wYoilpG5OlybHdbhsYHvIzYoLrC7fzl630gcO6t4nM24vdB6Ymg9BVpEgKRAxSbE62Tqacxqnz9AcmgItb48NiR/He3n3ydGjPYuKk/ihZMgEwAEZvSlNxYONSbYrIGDtOY+8Nbt6KiH3l06wjZW8tcmFeVlWv+tWotnTY9IqlAfvNVTjtsobqtQnvsiDjdEVtNy/s2ci5TH+NdZluca2OVEr91Wayxh70kpM6ib4UGbfdmGgCo74gtKvKSJU0rTHakQ5L9JlaSDD5FamBRyI0qfL43Ad9qOUZ8DaffDCyuaVyuqk7cz9HwmEmvWU3VQ+5t06n/5kRDXttcw8w+3qClEEdGo1KeENcnXCB32dQe3tDTFpuAIMLqwXs6FhpawfZ5kPYvLPczGWaqftIs/RXJ/EltGc0ugw2dmTLpoQhCqrcKEBDoYVk0LDZKsnzitOGdi9mOWse7Se8798ib1UsHFUjGzISEt6upestxOeupSTOh0v4+AjXbDzRUyogHww3V+Bqg71bkcMxtB+WM+pn1XNbVTyl9NR040nhP7KEf6e9ruXAtmrBC2ah5cFEpLIot77VFZ9ilLuitSz+7T8n1yAh1IEG6xxXxninAZIzi2qGbH69O5RSpOJuJTv17zTLJQIIc781JwQ2TTwTGnx5wZLbffhCasowJKd2EVcyMJyhz6ru0PvXWJ4hUdkARJs3Xu8dus9a86N8Xk6aAPzBDqzYb1vyFIfBxP0oO8xFHgd30Cgmz8UrSE3qeWRrF8ftrI6xQnFjHBGWD/JWSvd6YMcQED0aVuQkuNW9ST/DzQThPzRfPUoiL10yAmV7Ytu4fR3x2sF0Yfi87YhHFuCMpV/DsqxmUizyiJuD938eRcH8hzR/VO53Qo3UIsqOLcyXtTv6THjSlTopQ+JOLOnHm1w8dzYbLN44OG44rRsbihMUQp+wUZ6bsI8rrOnm9WErzkbQFbrfAINdoCiNa6cimYIjvvnMTaFWNymqY1vZxGztQiMiHiHYwTfwHTXrb9j0uPM=|09J28iXv9oWzYtzK2LBT6Yht4IT4MijEkk0fwFdrVQ4=',
+    0, null, null, null, null, null, null,
+    null, N '2024-01-07 23:53:38.5900000',
+    N '2024-01-07 23:53:38.5900000',
+    null, 0, 600000, N '{"id":null}', N '7gp59kKHt9kMlks0BuNC4IjNXYkljR',
+    0, 0, 0, null, null, null, null, null,
+    null, null, null
+  );
+```
+
 [secrets-manager]: https://bitwarden.com/products/secrets-manager/
 [bws-help]: https://bitwarden.com/help/secrets-manager-cli/

crates/bitwarden-uniffi/src/auth/mod.rs

@@ -130,7 +130,7 @@ impl ClientAuth {
     }
 
     /// Trust the current device
-    pub async fn t(&self) -> Result<TrustDeviceResponse> {
+    pub async fn trust_device(&self) -> Result<TrustDeviceResponse> {
         Ok(self.0 .0.write().await.auth().trust_device()?)
     }
 }

crates/bitwarden-uniffi/src/platform/mod.rs

@@ -31,4 +31,10 @@ impl ClientPlatform {
             .platform()
             .user_fingerprint(fingerprint_material)?)
     }
+
+    /// Load feature flags into the client
+    pub async fn load_flags(&self, flags: std::collections::HashMap<String, bool>) -> Result<()> {
+        self.0 .0.write().await.load_flags(flags);
+        Ok(())
+    }
 }

crates/bitwarden/CHANGELOG.md

@@ -9,7 +9,8 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ### Changed
 
-- Switched TLS backend to `rustls`, removing the dependency on `OpenSSL`.
+- Switched TLS backend to `rustls`, removing the dependency on `OpenSSL`. (#374)
+- `client::AccessToken` is now `auth::AccessToken`. (#656)
 
 ## [0.4.0] - 2023-12-21
 

crates/bitwarden/src/client/access_token.rs → crates/bitwarden/src/auth/access_token.rs

@@ -65,12 +65,12 @@ impl FromStr for AccessToken {
 #[cfg(test)]
 mod tests {
 
+    use super::AccessToken;
+
     #[test]
     fn can_decode_access_token() {
         use std::str::FromStr;
 
-        use crate::client::AccessToken;
-
         let access_token = "0.ec2c1d46-6a4b-4751-a310-af9601317f2d.C2IgxjjLF7qSshsbwe8JGcbM075YXw:X8vbvA0bduihIDe/qrzIQQ==";
         let token = AccessToken::from_str(access_token).unwrap();
 
@@ -86,8 +86,6 @@ mod tests {
     fn malformed_tokens() {
         use std::str::FromStr;
 
-        use crate::client::AccessToken;
-
         // Encryption key without base64 padding, we generate it with padding but ignore it when
         // decoding
         let t = "0.ec2c1d46-6a4b-4751-a310-af9601317f2d.C2IgxjjLF7qSshsbwe8JGcbM075YXw:X8vbvA0bduihIDe/qrzIQQ";