[PM-30899] Store account keys on new user creation

This commit updates the `createAccountKeys` API call to handle and store the full response object, which includes the `accountKeys`.

When a new SSO user is created, the `accountKeys` received from the `createAccountKeys` endpoint are now stored in `authDiskSource`.

Additionally, during a soft logout, the user's `accountKeys` are preserved and restored along with other account data upon re-authentication.

Specific changes include:
- Modified `AccountsService` and related API definitions to expect and return a `CreateAccountKeysResponseJson` object instead of `Unit`.
- Introduced the `CreateAccountKeysResponseJson` data class to model the API response.
- Updated `AuthRepositoryImpl` to store the `accountKeys` from the response after creating a new SSO user.
- Updated `UserLogoutManagerImpl` to ensure `accountKeys` are retained during a soft logout.
- Adjusted associated tests to reflect these changes, including mocking the new response structure and verifying that `accountKeys` are stored correctly.

Author: SaintPatrck

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/manager/UserLogoutManagerImpl.kt

@@ -86,6 +86,7 @@ class UserLogoutManagerImpl(
         val pinProtectedUserKeyEnvelope = authDiskSource.getPinProtectedUserKeyEnvelope(
             userId = userId,
         )
+        val accountKeys = authDiskSource.getAccountKeys(userId = userId)
 
         switchUserIfAvailable(
             currentUserId = userId,
@@ -114,6 +115,7 @@ class UserLogoutManagerImpl(
                 userId = userId,
                 pinProtectedUserKeyEnvelope = pinProtectedUserKeyEnvelope,
             )
+            storeAccountKeys(userId = userId, accountKeys = accountKeys)
         }
     }
 

app/src/main/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt

@@ -439,6 +439,7 @@ class AuthRepositoryImpl(
             },
         )
 
+    @Suppress("LongMethod")
     override suspend fun createNewSsoUser(): NewSsoUserResult {
         val account = authDiskSource.userState?.activeAccount
             ?: return NewSsoUserResult.Failure(error = NoActiveUserException())
@@ -465,6 +466,13 @@ class AuthRepositoryImpl(
                                 publicKey = keys.publicKey,
                                 encryptedPrivateKey = keys.privateKey,
                             )
+                            .onSuccess { response ->
+                                authDiskSource
+                                    .storeAccountKeys(
+                                        userId = userId,
+                                        accountKeys = response.accountKeys,
+                                    )
+                            }
                             .map { keys }
                     }
                     .flatMap { keys ->

app/src/test/kotlin/com/x8bit/bitwarden/data/auth/manager/UserLogoutManagerTest.kt

@@ -2,6 +2,7 @@ package com.x8bit.bitwarden.data.auth.manager
 
 import com.bitwarden.core.data.manager.dispatcher.FakeDispatcherManager
 import com.bitwarden.core.data.manager.toast.ToastManager
+import com.bitwarden.network.model.AccountKeysJson
 import com.bitwarden.network.model.KdfTypeJson
 import com.bitwarden.ui.platform.base.MainDispatcherExtension
 import com.bitwarden.ui.platform.resource.BitwardenString
@@ -144,6 +145,7 @@ class UserLogoutManagerTest {
         val pinProtectedUserKey = "pinProtectedUserKey"
         val pinProtectedUserKeyEnvelope = "pinProtectedUserKeyEnvelope"
         val encryptedPin = "encryptedPin"
+        val accountKeys: AccountKeysJson = mockk()
 
         every { authDiskSource.userState } returns MULTI_USER_STATE
         every {
@@ -172,6 +174,10 @@ class UserLogoutManagerTest {
         every {
             authDiskSource.storeEncryptedPin(userId = userId, encryptedPin = encryptedPin)
         } just runs
+        every { authDiskSource.getAccountKeys(userId = userId) } returns accountKeys
+        every {
+            authDiskSource.storeAccountKeys(userId = userId, accountKeys = accountKeys)
+        } just runs
 
         userLogoutManager.softLogout(userId = userId, reason = LogoutReason.Timeout)
 
@@ -204,6 +210,7 @@ class UserLogoutManagerTest {
                 pinProtectedUserKey = pinProtectedUserKey,
             )
             authDiskSource.storeEncryptedPin(userId = userId, encryptedPin = encryptedPin)
+            authDiskSource.storeAccountKeys(userId = userId, accountKeys = accountKeys)
         }
     }
 
@@ -215,6 +222,7 @@ class UserLogoutManagerTest {
         val pinProtectedUserKey = "pinProtectedUserKey"
         val pinProtectedUserKeyEnvelope = "pinProtectedUserKeyEnvelope"
         val encryptedPin = "encryptedPin"
+        val accountKeys: AccountKeysJson = mockk()
 
         every { authDiskSource.userState } returns MULTI_USER_STATE
         every {
@@ -243,6 +251,10 @@ class UserLogoutManagerTest {
         every {
             authDiskSource.storeEncryptedPin(userId = userId, encryptedPin = encryptedPin)
         } just runs
+        every { authDiskSource.getAccountKeys(userId = userId) } returns accountKeys
+        every {
+            authDiskSource.storeAccountKeys(userId = userId, accountKeys = accountKeys)
+        } just runs
 
         userLogoutManager.softLogout(userId = userId, reason = LogoutReason.Timeout)
 
@@ -269,6 +281,7 @@ class UserLogoutManagerTest {
                 pinProtectedUserKey = pinProtectedUserKey,
             )
             authDiskSource.storeEncryptedPin(userId = userId, encryptedPin = encryptedPin)
+            authDiskSource.storeAccountKeys(userId = userId, accountKeys = accountKeys)
         }
     }
 

app/src/test/kotlin/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryTest.kt

@@ -26,6 +26,7 @@ import com.bitwarden.data.datasource.disk.model.ServerConfig
 import com.bitwarden.data.datasource.disk.util.FakeConfigDiskSource
 import com.bitwarden.data.repository.model.Environment
 import com.bitwarden.network.model.ConfigResponseJson
+import com.bitwarden.network.model.CreateAccountKeysResponseJson
 import com.bitwarden.network.model.DeleteAccountResponseJson
 import com.bitwarden.network.model.GetTokenResponseJson
 import com.bitwarden.network.model.IdentityTokenAuthModel
@@ -1137,7 +1138,12 @@ class AuthRepositoryTest {
                 publicKey = userPublicKey,
                 encryptedPrivateKey = userPrivateKey,
             )
-        } returns Unit.asSuccess()
+        } returns CreateAccountKeysResponseJson(
+            key = null,
+            publicKey = userPublicKey,
+            privateKey = userPrivateKey,
+            accountKeys = null,
+        ).asSuccess()
         coEvery {
             organizationService.organizationResetPasswordEnroll(
                 organizationId = orgId,
@@ -1222,7 +1228,12 @@ class AuthRepositoryTest {
                     publicKey = userPublicKey,
                     encryptedPrivateKey = userPrivateKey,
                 )
-            } returns Unit.asSuccess()
+            } returns CreateAccountKeysResponseJson(
+                key = null,
+                publicKey = userPublicKey,
+                privateKey = userPrivateKey,
+                accountKeys = ACCOUNT_KEYS,
+            ).asSuccess()
             coEvery {
                 organizationService.organizationResetPasswordEnroll(
                     organizationId = orgId,
@@ -1236,6 +1247,7 @@ class AuthRepositoryTest {
             val result = repository.createNewSsoUser()
 
             fakeAuthDiskSource.assertPrivateKey(userId = USER_ID_1, privateKey = userPrivateKey)
+            fakeAuthDiskSource.assertAccountKeys(userId = USER_ID_1, accountKeys = ACCOUNT_KEYS)
             assertEquals(NewSsoUserResult.Success, result)
             coVerify(exactly = 1) {
                 organizationService.getOrganizationAutoEnrollStatus(orgIdentifier)
@@ -1310,7 +1322,12 @@ class AuthRepositoryTest {
                     publicKey = userPublicKey,
                     encryptedPrivateKey = userPrivateKey,
                 )
-            } returns Unit.asSuccess()
+            } returns CreateAccountKeysResponseJson(
+                key = null,
+                publicKey = userPublicKey,
+                privateKey = userPrivateKey,
+                accountKeys = ACCOUNT_KEYS,
+            ).asSuccess()
             coEvery {
                 organizationService.organizationResetPasswordEnroll(
                     organizationId = orgId,
@@ -1330,6 +1347,7 @@ class AuthRepositoryTest {
             val result = repository.createNewSsoUser()
 
             fakeAuthDiskSource.assertPrivateKey(userId = USER_ID_1, privateKey = userPrivateKey)
+            fakeAuthDiskSource.assertAccountKeys(userId = USER_ID_1, accountKeys = ACCOUNT_KEYS)
             assertEquals(NewSsoUserResult.Success, result)
             coVerify(exactly = 1) {
                 organizationService.getOrganizationAutoEnrollStatus(orgIdentifier)

network/src/main/kotlin/com/bitwarden/network/api/AuthenticatedAccountsApi.kt

@@ -1,6 +1,7 @@
 package com.bitwarden.network.api
 
 import com.bitwarden.network.model.CreateAccountKeysRequest
+import com.bitwarden.network.model.CreateAccountKeysResponseJson
 import com.bitwarden.network.model.DeleteAccountRequestJson
 import com.bitwarden.network.model.NetworkResult
 import com.bitwarden.network.model.ResetPasswordRequestJson
@@ -26,7 +27,9 @@ internal interface AuthenticatedAccountsApi {
      * Creates the keys for the current account.
      */
     @POST("/accounts/keys")
-    suspend fun createAccountKeys(@Body body: CreateAccountKeysRequest): NetworkResult<Unit>
+    suspend fun createAccountKeys(
+        @Body body: CreateAccountKeysRequest,
+    ): NetworkResult<CreateAccountKeysResponseJson>
 
     /**
      * Deletes the current account.

network/src/main/kotlin/com/bitwarden/network/model/CreateAccountKeysResponseJson.kt

@@ -0,0 +1,27 @@
+package com.bitwarden.network.model
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+/**
+ * Response object returned when creating account keys.
+ *
+ * @property key The user key (nullable).
+ * @property publicKey The public key for the account.
+ * @property privateKey The encrypted private key for the account.
+ * @property accountKeys The account keys containing encryption key pairs and security state.
+ */
+@Serializable
+data class CreateAccountKeysResponseJson(
+    @SerialName("key")
+    val key: String?,
+
+    @SerialName("publicKey")
+    val publicKey: String?,
+
+    @SerialName("privateKey")
+    val privateKey: String?,
+
+    @SerialName("accountKeys")
+    val accountKeys: AccountKeysJson?,
+)

network/src/main/kotlin/com/bitwarden/network/service/AccountsService.kt

@@ -1,5 +1,6 @@
 package com.bitwarden.network.service
 
+import com.bitwarden.network.model.CreateAccountKeysResponseJson
 import com.bitwarden.network.model.DeleteAccountResponseJson
 import com.bitwarden.network.model.KeyConnectorKeyRequestJson
 import com.bitwarden.network.model.KeyConnectorMasterKeyResponseJson
@@ -26,7 +27,10 @@ interface AccountsService {
     /**
      * Creates a new account's keys.
      */
-    suspend fun createAccountKeys(publicKey: String, encryptedPrivateKey: String): Result<Unit>
+    suspend fun createAccountKeys(
+        publicKey: String,
+        encryptedPrivateKey: String,
+    ): Result<CreateAccountKeysResponseJson>
 
     /**
      * Make delete account request.

network/src/main/kotlin/com/bitwarden/network/service/AccountsServiceImpl.kt

@@ -5,6 +5,7 @@ import com.bitwarden.network.api.AuthenticatedKeyConnectorApi
 import com.bitwarden.network.api.UnauthenticatedAccountsApi
 import com.bitwarden.network.api.UnauthenticatedKeyConnectorApi
 import com.bitwarden.network.model.CreateAccountKeysRequest
+import com.bitwarden.network.model.CreateAccountKeysResponseJson
 import com.bitwarden.network.model.DeleteAccountRequestJson
 import com.bitwarden.network.model.DeleteAccountResponseJson
 import com.bitwarden.network.model.KeyConnectorKeyRequestJson
@@ -50,7 +51,7 @@ internal class AccountsServiceImpl(
     override suspend fun createAccountKeys(
         publicKey: String,
         encryptedPrivateKey: String,
-    ): Result<Unit> =
+    ): Result<CreateAccountKeysResponseJson> =
         authenticatedAccountsApi
             .createAccountKeys(
                 body = CreateAccountKeysRequest(

network/src/test/kotlin/com/bitwarden/network/service/AccountsServiceTest.kt

@@ -53,11 +53,10 @@ class AccountsServiceTest : BaseServiceTest() {
     }
 
     @Test
-    fun `createAccountKeys with empty response is success`() = runTest {
+    fun `createAccountKeys success response should return Success`() = runTest {
         val publicKey = "publicKey"
         val encryptedPrivateKey = "encryptedPrivateKey"
-        val json = ""
-        val response = MockResponse().setBody(json)
+        val response = MockResponse().setBody(CREATE_ACCOUNT_KEYS_REQUEST_RESPONSE)
         server.enqueue(response)
 
         val result = service.createAccountKeys(
@@ -368,3 +367,22 @@ private val UPDATE_KDF_REQUEST = UpdateKdfJsonRequest(
         salt = "mockSalt",
     ),
 )
+private val CREATE_ACCOUNT_KEYS_REQUEST_RESPONSE = """
+{
+  "key": null,
+  "publicKey": "mockPublicKey-1",
+  "privateKey": "mockPrivateKey-1",
+  "accountKeys": {
+    "signatureKeyPair": null,
+    "publicKeyEncryptionKeyPair": {
+      "wrappedPrivateKey": "mockWrappedPrivateKey-1",
+      "publicKey": "mockPublicKey-1",
+      "signedPublicKey": null,
+      "object": "publicKeyEncryptionKeyPair"
+    },
+    "securityState": null,
+    "object": "privateKeys"
+  },
+  "object": "keys"
+}
+""".trimIndent()