PM-9002: Fix vault early timeout (#732)

Author: matt-livefront

BitwardenShared/Core/Vault/Services/VaultTimeoutService.swift

@@ -117,9 +117,7 @@ class DefaultVaultTimeoutService: VaultTimeoutService {
     // MARK: Methods
 
     func hasPassedSessionTimeout(userId: String) async throws -> Bool {
-        guard let lastActiveTime = try await stateService.getLastActiveTime(userId: userId) else { return true }
         let vaultTimeout = try await sessionTimeoutValue(userId: userId)
-
         switch vaultTimeout {
         case .never,
              .onAppRestart:
@@ -128,8 +126,11 @@ class DefaultVaultTimeoutService: VaultTimeoutService {
             return false
         default:
             // Otherwise, calculate a timeout.
+            guard let lastActiveTime = try await stateService.getLastActiveTime(userId: userId)
+            else { return true }
+
             return timeProvider.presentTime.timeIntervalSince(lastActiveTime)
-                >= TimeInterval(vaultTimeout.rawValue)
+                >= TimeInterval(vaultTimeout.seconds)
         }
     }
 

BitwardenShared/Core/Vault/Services/VaultTimeoutServiceTests.swift

@@ -45,39 +45,104 @@ final class VaultTimeoutServiceTests: BitwardenTestCase {
 
     // MARK: Tests
 
-    /// `.hasPassedSessionTimeout()` returns false if the user should not be timed out.
-    func test_hasPassedSessionTimeout_false() async throws {
+    /// `.hasPassedSessionTimeout()` returns true if the user should be timed out.
+    func test_hasPassedSessionTimeout() async throws {
         let account = Account.fixture()
         stateService.activeAccount = account
-        stateService.lastActiveTime[account.profile.userId] = Date()
-        stateService.vaultTimeout[account.profile.userId] = .custom(120)
+        stateService.vaultTimeout[account.profile.userId] = .fiveMinutes
 
-        let shouldTimeout = try await subject.hasPassedSessionTimeout(userId: account.profile.userId)
+        let currentTime = Date(year: 2024, month: 1, day: 2, hour: 6, minute: 0)
+        timeProvider.timeConfig = .mockTime(currentTime)
+
+        // Last active 4 minutes ago, no timeout.
+        stateService.lastActiveTime[account.profile.userId] = Calendar.current
+            .date(byAdding: .minute, value: -4, to: currentTime)
+        var shouldTimeout = try await subject.hasPassedSessionTimeout(userId: account.profile.userId)
         XCTAssertFalse(shouldTimeout)
+
+        // Last active 5 minutes ago, timeout.
+        stateService.lastActiveTime[account.profile.userId] = Calendar.current
+            .date(byAdding: .minute, value: -5, to: currentTime)
+        shouldTimeout = try await subject.hasPassedSessionTimeout(userId: account.profile.userId)
+        XCTAssertTrue(shouldTimeout)
+
+        // Last active 6 minutes ago, timeout.
+        stateService.lastActiveTime[account.profile.userId] = Calendar.current
+            .date(byAdding: .minute, value: -6, to: currentTime)
+        shouldTimeout = try await subject.hasPassedSessionTimeout(userId: account.profile.userId)
+        XCTAssertTrue(shouldTimeout)
+
+        // Last active in the distant past, timeout.
+        stateService.lastActiveTime[account.profile.userId] = .distantPast
+        shouldTimeout = try await subject.hasPassedSessionTimeout(userId: account.profile.userId)
+        XCTAssertTrue(shouldTimeout)
     }
 
-    /// `.hasPassedSessionTimeout()` returns false if the user's vault timeout value is negative.
-    func test_hasPassedSessionTimeout_never() async throws {
+    /// `.hasPassedSessionTimeout()` returns false for a timeout value of app restart.
+    func test_hasPassedSessionTimeout_appRestart() async throws {
         let account = Account.fixture()
         stateService.activeAccount = account
-        stateService.lastActiveTime[account.profile.userId] = Date()
-        stateService.vaultTimeout[account.profile.userId] = .never
+        stateService.lastActiveTime[account.profile.userId] = .distantPast
+        stateService.vaultTimeout[account.profile.userId] = .onAppRestart
 
         let shouldTimeout = try await subject.hasPassedSessionTimeout(userId: account.profile.userId)
         XCTAssertFalse(shouldTimeout)
     }
 
-    /// `.hasPassedSessionTimeout()` returns true if the user should be timed out.
-    func test_hasPassedSessionTimeout_true() async throws {
+    /// `.hasPassedSessionTimeout()` returns true if the user should be timed out for a custom timeout value.
+    func test_hasPassedSessionTimeout_custom() async throws {
         let account = Account.fixture()
         stateService.activeAccount = account
+        stateService.vaultTimeout[account.profile.userId] = .custom(120)
+
+        let currentTime = Date(year: 2024, month: 1, day: 2, hour: 6, minute: 0)
+        timeProvider.timeConfig = .mockTime(currentTime)
+
+        // Last active 119 minutes ago, no timeout.
+        stateService.lastActiveTime[account.profile.userId] = Calendar.current
+            .date(byAdding: .minute, value: -119, to: currentTime)
+        var shouldTimeout = try await subject.hasPassedSessionTimeout(userId: account.profile.userId)
+        XCTAssertFalse(shouldTimeout)
+
+        // Last active 120 minutes ago, timeout.
+        stateService.lastActiveTime[account.profile.userId] = Calendar.current
+            .date(byAdding: .minute, value: -120, to: currentTime)
+        shouldTimeout = try await subject.hasPassedSessionTimeout(userId: account.profile.userId)
+        XCTAssertTrue(shouldTimeout)
+
+        // Last active 121 minutes ago, timeout.
+        stateService.lastActiveTime[account.profile.userId] = Calendar.current
+            .date(byAdding: .minute, value: -121, to: currentTime)
+        shouldTimeout = try await subject.hasPassedSessionTimeout(userId: account.profile.userId)
+        XCTAssertTrue(shouldTimeout)
+
+        // Last active in the distant past, timeout.
         stateService.lastActiveTime[account.profile.userId] = .distantPast
-        stateService.vaultTimeout[account.profile.userId] = .oneMinute
+        shouldTimeout = try await subject.hasPassedSessionTimeout(userId: account.profile.userId)
+        XCTAssertTrue(shouldTimeout)
+    }
+
+    /// `.hasPassedSessionTimeout()` returns true if there's no last active time recorded for the user.
+    func test_hasPassedSessionTimeout_noLastActiveTime() async throws {
+        let account = Account.fixture()
+        stateService.activeAccount = account
+        stateService.vaultTimeout[account.profile.userId] = .fiveMinutes
 
         let shouldTimeout = try await subject.hasPassedSessionTimeout(userId: account.profile.userId)
         XCTAssertTrue(shouldTimeout)
     }
 
+    /// `.hasPassedSessionTimeout()` returns false if the user's vault timeout value is negative.
+    func test_hasPassedSessionTimeout_never() async throws {
+        let account = Account.fixture()
+        stateService.activeAccount = account
+        stateService.lastActiveTime[account.profile.userId] = .distantPast
+        stateService.vaultTimeout[account.profile.userId] = .never
+
+        let shouldTimeout = try await subject.hasPassedSessionTimeout(userId: account.profile.userId)
+        XCTAssertFalse(shouldTimeout)
+    }
+
     /// Tests that locking and unlocking the vault works correctly.
     func test_lock_unlock() async throws {
         let account = Account.fixtureAccountLogin()

BitwardenShared/UI/Platform/Settings/Settings/AccountSecurity/AccountSecurityState.swift

@@ -90,6 +90,12 @@ public enum SessionTimeoutValue: RawRepresentable, CaseIterable, Equatable, Menu
         }
     }
 
+    /// The session timeout value in seconds.
+    var seconds: Int {
+        rawValue * 60
+    }
+
+    /// The session timeout value in minutes.
     public var rawValue: Int {
         switch self {
         case .immediately: 0