bitwarden · brant-livefront · Oct 7, 2024 · Sep 12, 2024 · Sep 12, 2024 · Sep 12, 2024
@@ -28,7 +28,7 @@ actor DefaultAuthenticatorSyncService: NSObject, AuthenticatorSyncService {
     private var cipherPublisherTasks = [String: Task<Void, Error>?]()
 
     /// The service used to manage syncing and updates to the user's ciphers.
-    private let cipherService: CipherService
+    private let cipherDataStore: CipherDataStore
 
     /// The service that handles common client functionality such as encryption and decryption.
     private let clientService: ClientService
@@ -55,6 +55,10 @@ actor DefaultAuthenticatorSyncService: NSObject, AuthenticatorSyncService {
     /// a user opts-in to Authenticator sync.
     private var syncSettingSubscriberTask: Task<Void, Error>?
 
+    /// a Task that subscribes to the vault lock publisher for accounts. This allows us to take action once
+    /// a user unlocks their vault..
+    private var vaultUnlockSubscriberTask: Task<Void, Error>?
+
     /// The service used by the application to manage vault access.
     private let vaultTimeoutService: VaultTimeoutService
 
@@ -64,7 +68,7 @@ actor DefaultAuthenticatorSyncService: NSObject, AuthenticatorSyncService {
     ///
     /// - Parameters:
     ///   - authBridgeItemService: The service for managing sharing items to/from the Authenticator app.
-    ///   - cipherService: The service used to manage syncing and updates to the user's ciphers.
+    ///   - cipherDataStore: The service used to manage syncing and updates to the user's ciphers.
     ///   - clientService: The service that handles common client functionality such as encryption and decryption.
     ///   - configService: The service to get server-specified configuration.
     ///   - errorReporter: The service used by the application to report non-fatal errors.\ organizations.
@@ -76,7 +80,7 @@ actor DefaultAuthenticatorSyncService: NSObject, AuthenticatorSyncService {
     ///
     init(
         authBridgeItemService: AuthenticatorBridgeItemService,
-        cipherService: CipherService,
+        cipherDataStore: CipherDataStore,
         clientService: ClientService,
         configService: ConfigService,
         errorReporter: ErrorReporter,
@@ -86,7 +90,7 @@ actor DefaultAuthenticatorSyncService: NSObject, AuthenticatorSyncService {
         vaultTimeoutService: VaultTimeoutService
     ) {
         self.authBridgeItemService = authBridgeItemService
-        self.cipherService = cipherService
+        self.cipherDataStore = cipherDataStore
         self.clientService = clientService
         self.configService = configService
         self.errorReporter = errorReporter
@@ -102,9 +106,33 @@ actor DefaultAuthenticatorSyncService: NSObject, AuthenticatorSyncService {
     public func start() async {
         guard !started else { return }
         started = true
-        if await configService.getFeatureFlag(FeatureFlag.enableAuthenticatorSync,
-                                              defaultValue: false) {
-            subscribeToAppState()
+
+        guard await configService.getFeatureFlag(FeatureFlag.enableAuthenticatorSync,
+                                                 defaultValue: false) else {
+            return
+        }
+
+        syncSettingSubscriberTask = Task {
+            for await (userId, _) in await self.stateService.syncToAuthenticatorPublisher().values {
+                guard let userId else { continue }
+
+                do {
+                    try await determineSyncForUserId(userId)
+                } catch {
+                    errorReporter.log(error: error)
+                }
+            }
+        }
+        vaultUnlockSubscriberTask = Task {
+            for await vaultStatus in await self.vaultTimeoutService.vaultLockStatusPublisher().values {
+                guard let vaultStatus else { continue }
+
+                do {
+                    try await determineSyncForUserId(vaultStatus.userId)
+                } catch {
+                    errorReporter.log(error: error)
+                }
+            }
         }
     }
 
@@ -141,7 +169,7 @@ actor DefaultAuthenticatorSyncService: NSObject, AuthenticatorSyncService {
             try await self.clientService.vault().ciphers().decrypt(cipher: cipher)
         }
         let account = try await stateService.getActiveAccount()
-        let username = account.profile.name ?? account.profile.email
+        let username = account.profile.email
 
         return decryptedCiphers.map { cipher in
             AuthenticatorBridgeItemDataView(
@@ -154,43 +182,24 @@ actor DefaultAuthenticatorSyncService: NSObject, AuthenticatorSyncService {
         }
     }
 
-    /// This function handles the initial syncing with the Authenticator app as well as listening for updates
-    /// when the user adds new items. This is called when the sync is turned on.
+    /// Determine if the given userId has sync turned on and an unlocked vault. This method serves as the
+    /// integration point of both the sync settings subscriber and the vault subscriber. When the user has sync turned
+    /// on and the vault unlocked, we can proceed with the sync.
     ///
-    /// - Parameter userId: The userId of the user who has turned on sync.
+    /// - Parameter userId: The userId of the user whose sync status is being determined.
     ///
-    private func handleSyncOnForUserId(_ userId: String) async {
-        guard !vaultTimeoutService.isLocked(userId: userId) else {
+    private func determineSyncForUserId(_ userId: String) async throws {
+        guard try await stateService.getSyncToAuthenticator(userId: userId),
+              !vaultTimeoutService.isLocked(userId: userId) else {
+            cipherPublisherTasks[userId]??.cancel()
+            cipherPublisherTasks[userId] = nil
             return
         }
 
-        do {
-            try await createAuthenticatorKeyIfNeeded()
-        } catch {
-            errorReporter.log(error: error)
-        }
+        try await createAuthenticatorKeyIfNeeded()
         subscribeToCipherUpdates(userId: userId)
     }
 
-    /// This function handles stopping sync and cleaning up all sync-related items when a user has turned sync Off.
-    ///
-    /// - Parameter userId: The userId of the user who has turned off sync.
-    ///
-    private func handleSyncOffForUserId(_ userId: String) {
-        cipherPublisherTasks[userId]??.cancel()
-        cipherPublisherTasks[userId] = nil
-    }
-
-    /// Subscribe to NotificationCenter updates about if the app is in the foreground vs. background.
-    ///
-    private func subscribeToAppState() {
-        Task {
-            for await _ in notificationCenterService.willEnterForegroundPublisher() {
-                subscribeToSyncToAuthenticatorSetting()
-            }
-        }
-    }
-
     /// Create a task for the given userId to listen for Cipher updates and sync to the Authenticator store.
     ///
     /// - Parameter userId: The userId of the account to listen for.
@@ -200,7 +209,7 @@ actor DefaultAuthenticatorSyncService: NSObject, AuthenticatorSyncService {
 
         cipherPublisherTasks[userId] = Task {
             do {
-                for try await ciphers in try await self.cipherService.ciphersPublisher().values {
+                for try await ciphers in self.cipherDataStore.cipherPublisher(userId: userId).values {
                     try await writeCiphers(ciphers: ciphers, userId: userId)
                 }
             } catch {
@@ -209,24 +218,6 @@ actor DefaultAuthenticatorSyncService: NSObject, AuthenticatorSyncService {
         }
     }
 
-    /// Subscribe to the Sync to Authenticator setting to handle when the user grants (or revokes)
-    /// permission to sync items to the Authenticator app.
-    ///
-    private func subscribeToSyncToAuthenticatorSetting() {
-        syncSettingSubscriberTask?.cancel()
-        syncSettingSubscriberTask = Task {
-            for await (userId, shouldSync) in await self.stateService.syncToAuthenticatorPublisher().values {
-                guard let userId else { continue }
-
-                if shouldSync {
-                    await handleSyncOnForUserId(userId)
-                } else {
-                    handleSyncOffForUserId(userId)
-                }
-            }
-        }
-    }
-
     /// Takes in a list of encrypted Ciphers, decrypts them, and writes ones with TOTP codes to the shared store.
     ///
     /// - Parameters: