feat(extension-device-approval): [PM-14943] Answering Service Full Implementation - Can respond to requests that came in from the background now.

libs/angular/src/services/jslib-services.module.ts

@@ -106,6 +106,7 @@ import { AccountApiServiceImplementation } from "@bitwarden/common/auth/services
 import { AccountServiceImplementation } from "@bitwarden/common/auth/services/account.service";
 import { AnonymousHubService } from "@bitwarden/common/auth/services/anonymous-hub.service";
 import { AuthRequestAnsweringService } from "@bitwarden/common/auth/services/auth-request-answering/auth-request-answering.service";
+import { PendingAuthRequestsStateService } from "@bitwarden/common/auth/services/auth-request-answering/pending-auth-requests.state";
 import { AuthService } from "@bitwarden/common/auth/services/auth.service";
 import { AvatarService } from "@bitwarden/common/auth/services/avatar.service";
 import { DefaultActiveUserAccessor } from "@bitwarden/common/auth/services/default-active-user.accessor";
@@ -939,6 +940,11 @@ const safeProviders: SafeProvider[] = [
     useClass: UnsupportedSystemNotificationsService,
     deps: [],
   }),
+  safeProvider({
+    provide: PendingAuthRequestsStateService,
+    useClass: PendingAuthRequestsStateService,
+    deps: [StateProvider],
+  }),
   safeProvider({
     provide: AuthRequestAnsweringServiceAbstraction,
     useClass: AuthRequestAnsweringService,
@@ -948,6 +954,8 @@ const safeProviders: SafeProvider[] = [
       AuthServiceAbstraction,
       I18nServiceAbstraction,
       MasterPasswordServiceAbstraction,
+      MessagingServiceAbstraction,
+      PendingAuthRequestsStateService,
       PlatformUtilsServiceAbstraction,
       SystemNotificationsService,
     ],

libs/auth/src/angular/self-hosted-env-config-dialog/self-hosted-env-config-dialog.component.ts

@@ -1,5 +1,5 @@
 import { CommonModule } from "@angular/common";
-import { Component, OnDestroy, OnInit } from "@angular/core";
+import { Component, HostListener, OnDestroy, OnInit } from "@angular/core";
 import {
   AbstractControl,
   FormBuilder,
@@ -160,6 +160,21 @@ export class SelfHostedEnvConfigDialogComponent implements OnInit, OnDestroy {
       });
   }
 
+  @HostListener("document:keydown.control.b", ["$event"])
+  onCtrlB(event: KeyboardEvent) {
+    if (process.env.ENV === "development") {
+      event.preventDefault();
+      this.formGroup.patchValue({
+        baseUrl: "",
+        webVaultUrl: "https://localhost:8080",
+        apiUrl: "http://localhost:4000",
+        identityUrl: "http://localhost:33656",
+        iconsUrl: "http://localhost:50024",
+        notificationsUrl: "http://localhost:61840",
+      });
+    }
+  }
+
   submit = async () => {
     this.showErrorSummary = false;
 

libs/common/src/auth/abstractions/auth-request-answering/auth-request-answering.service.abstraction.ts

@@ -5,4 +5,6 @@ export abstract class AuthRequestAnsweringServiceAbstraction {
   abstract receivedPendingAuthRequest(userId: UserId, notificationId: string): Promise<void>;
 
   abstract handleAuthRequestNotificationClicked(event: SystemNotificationEvent): Promise<void>;
+
+  abstract processPendingAuthRequests(): void;
 }

libs/common/src/auth/services/auth-request-answering/auth-request-answering.service.ts

@@ -7,6 +7,7 @@ import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/for
 import { getUserId } from "@bitwarden/common/auth/services/account.service";
 import { MasterPasswordServiceAbstraction } from "@bitwarden/common/key-management/master-password/abstractions/master-password.service.abstraction";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
 import { ActionsService } from "@bitwarden/common/platform/actions";
 import {
@@ -19,6 +20,8 @@ import { UserId } from "@bitwarden/user-core";
 
 import { AuthRequestAnsweringServiceAbstraction } from "../../abstractions/auth-request-answering/auth-request-answering.service.abstraction";
 
+import { PendingAuthRequestsStateService } from "./pending-auth-requests.state";
+
 export class AuthRequestAnsweringService implements AuthRequestAnsweringServiceAbstraction {
   constructor(
     private readonly accountService: AccountService,
@@ -26,10 +29,43 @@ export class AuthRequestAnsweringService implements AuthRequestAnsweringServiceA
     private readonly authService: AuthService,
     private readonly i18nService: I18nService,
     private readonly masterPasswordService: MasterPasswordServiceAbstraction,
+    private readonly messagingService: MessagingService,
+    private readonly pendingAuthRequestsState: PendingAuthRequestsStateService,
     private readonly platformUtilsService: PlatformUtilsService,
     private readonly systemNotificationsService: SystemNotificationsService,
   ) {}
 
+  async processPendingAuthRequests(): Promise<void> {
+    // Prune any stale pending requests (older than 15 minutes)
+    // This comes from GlobalSettings.cs
+    //    public TimeSpan UserRequestExpiration { get; set; } = TimeSpan.FromMinutes(15);
+    const fifteenMinutesMs = 15 * 60 * 1000;
+
+    await this.pendingAuthRequestsState.pruneOlderThan(fifteenMinutesMs);
+
+    const pending = (await firstValueFrom(this.pendingAuthRequestsState.getAll$())) ?? [];
+
+    if (pending.length > 0) {
+      const activeUserId = await firstValueFrom(this.accountService.activeAccount$.pipe(getUserId));
+      const pendingForActive = pending.some((e) => e.userId === activeUserId);
+
+      if (pendingForActive) {
+        const isUnlocked =
+          (await firstValueFrom(this.authService.authStatusFor$(activeUserId))) ===
+          AuthenticationStatus.Unlocked;
+
+        const forceSetPasswordReason = await firstValueFrom(
+          this.masterPasswordService.forceSetPasswordReason$(activeUserId),
+        );
+
+        if (isUnlocked && forceSetPasswordReason === ForceSetPasswordReason.None) {
+          console.debug("[AuthRequestAnsweringService] popupOpened - Opening popup.");
+          this.messagingService.send("openLoginApproval");
+        }
+      }
+    }
+  }
+
   async handleAuthRequestNotificationClicked(event: SystemNotificationEvent): Promise<void> {
     if (event.buttonIdentifier === ButtonLocation.NotificationButton) {
       await this.systemNotificationsService.clear({
@@ -40,21 +76,37 @@ export class AuthRequestAnsweringService implements AuthRequestAnsweringServiceA
   }
 
   async receivedPendingAuthRequest(userId: UserId, authRequestId: string): Promise<void> {
+    console.debug(
+      "[AuthRequestAnsweringService] receivedPendingAuthRequest",
+      { userId, authRequestId },
+    );
     const authStatus = await firstValueFrom(this.authService.activeAccountStatus$);
     const activeUserId = await firstValueFrom(this.accountService.activeAccount$.pipe(getUserId));
     const forceSetPasswordReason = await firstValueFrom(
       this.masterPasswordService.forceSetPasswordReason$(userId),
     );
+    const popupOpen = await this.platformUtilsService.isPopupOpen();
 
-    // Is the popup already open?
-    if (
-      (await this.platformUtilsService.isPopupOpen()) &&
+    console.debug(
+      "[AuthRequestAnsweringService] current state",
+      { popupOpen, authStatus, activeUserId, forceSetPasswordReason },
+    );
+
+    // Always persist the pending marker for this user to global state.
+    await this.pendingAuthRequestsState.add(userId);
+
+    // These are the conditions we are looking for to know if the extension is in a state to show
+    // the approval dialog.
+    const conditionsMet =
+      popupOpen &&
       authStatus === AuthenticationStatus.Unlocked &&
       activeUserId === userId &&
-      forceSetPasswordReason === ForceSetPasswordReason.None
-    ) {
-      // TODO: Handled in 14934
-    } else {
+      forceSetPasswordReason === ForceSetPasswordReason.None;
+
+    if (!conditionsMet) {
+      console.debug(
+        "[AuthRequestAnsweringService] receivedPendingAuthRequest - Conditions not met, creating system notification",
+      );
       // Get the user's email to include in the system notification
       const accounts = await firstValueFrom(this.accountService.accounts$);
       const emailForUser = accounts[userId].email;
@@ -65,6 +117,11 @@ export class AuthRequestAnsweringService implements AuthRequestAnsweringServiceA
         body: this.i18nService.t("confirmAccessAttempt", emailForUser),
         buttons: [],
       });
+      return;
     }
+
+    // Popup is open and conditions are met; open dialog immediately for this request
+    console.debug("[AuthRequestAnsweringService] receivedPendingAuthRequest - Opening popup.");
+    this.messagingService.send("openLoginApproval");
   }
 }

libs/common/src/auth/services/auth-request-answering/pending-auth-requests.state.ts

@@ -0,0 +1,52 @@
+import { Observable } from "rxjs";
+
+import { AUTH_REQUEST_DISK_LOCAL, GlobalState, KeyDefinition, StateProvider } from "@bitwarden/common/platform/state";
+import { UserId } from "@bitwarden/user-core";
+
+export type PendingAuthUserMarker = {
+  userId: UserId;
+  receivedAtMs: number;
+};
+
+export const PENDING_AUTH_REQUESTS = KeyDefinition.array<PendingAuthUserMarker>(
+  AUTH_REQUEST_DISK_LOCAL,
+  "pendingAuthRequests",
+  {
+    deserializer: (json) => json,
+  },
+);
+
+export class PendingAuthRequestsStateService {
+  private readonly state: GlobalState<PendingAuthUserMarker[]>;
+
+  constructor(private readonly stateProvider: StateProvider) {
+    this.state = this.stateProvider.getGlobal(PENDING_AUTH_REQUESTS);
+  }
+
+  getAll$(): Observable<PendingAuthUserMarker[] | null> {
+    return this.state.state$;
+  }
+
+  async add(userId: UserId): Promise<void> {
+    const now = Date.now();
+    await this.stateProvider.getGlobal(PENDING_AUTH_REQUESTS).update((current) => {
+      const list = (current ?? []).filter((e) => e.userId !== userId);
+      return [...list, { userId, receivedAtMs: now }];
+    });
+  }
+
+  async pruneOlderThan(maxAgeMs: number): Promise<void> {
+    const cutoff = Date.now() - maxAgeMs;
+    await this.stateProvider.getGlobal(PENDING_AUTH_REQUESTS).update((current) => {
+      const list = current ?? [];
+      return list.filter((e) => e.receivedAtMs >= cutoff);
+    });
+  }
+
+  async clearByUserId(userId: UserId): Promise<void> {
+    await this.stateProvider.getGlobal(PENDING_AUTH_REQUESTS).update((current) => {
+      const list = current ?? [];
+      return list.filter((e) => e.userId !== userId);
+    });
+  }
+}

libs/common/src/auth/services/auth-request-answering/unsupported-auth-request-answering.service.ts

@@ -14,4 +14,8 @@ export class UnsupportedAuthRequestAnsweringService
   async receivedPendingAuthRequest(userId: UserId, notificationId: string): Promise<void> {
     throw new Error("Received pending auth request not supported.");
   }
+
+  processPendingAuthRequests(): void {
+    throw new Error("Popup opened not supported.");
+  }
 }

libs/common/src/platform/server-notifications/internal/default-server-notifications.service.ts

@@ -6,6 +6,7 @@ import {
   filter,
   firstValueFrom,
   map,
+  merge,
   mergeMap,
   Observable,
   share,
@@ -62,20 +63,20 @@ export class DefaultServerNotificationsService implements ServerNotificationsSer
     private readonly authRequestAnsweringService: AuthRequestAnsweringServiceAbstraction,
     private readonly configService: ConfigService,
   ) {
-    this.notifications$ = this.accountService.activeAccount$.pipe(
-      map((account) => account?.id),
-      distinctUntilChanged(),
-      switchMap((activeAccountId) => {
-        if (activeAccountId == null) {
-          // We don't emit server-notifications for inactive accounts currently
+    this.notifications$ = this.accountService.accounts$.pipe(
+      map((accounts) => Object.keys(accounts) as UserId[]),
+      switchMap((userIds) => {
+        if (userIds.length === 0) {
           return EMPTY;
         }
 
-        return this.userNotifications$(activeAccountId).pipe(
-          map((notification) => [notification, activeAccountId] as const),
+        const streams = userIds.map((id) =>
+          this.userNotifications$(id).pipe(map((notification) => [notification, id] as const)),
         );
+
+        return merge(...streams);
       }),
-      share(), // Multiple subscribers should only create a single connection to the server
+      share(), // Multiple subscribers should only create a single connection to the server per subscriber
     );
   }
 
@@ -160,6 +161,20 @@ export class DefaultServerNotificationsService implements ServerNotificationsSer
       return;
     }
 
+    // Allow-list of notification types that are safe to process for non-active users
+    const multiUserNotificationTypes = new Set<NotificationType>([
+      NotificationType.AuthRequest,
+    ]);
+
+    const activeAccountId = await firstValueFrom(
+      this.accountService.activeAccount$.pipe(map((a) => a?.id)),
+    );
+
+    const isActiveUser = activeAccountId === userId;
+    if (!isActiveUser && !multiUserNotificationTypes.has(notification.type)) {
+      return;
+    }
+
     switch (notification.type) {
       case NotificationType.SyncCipherCreate:
       case NotificationType.SyncCipherUpdate:
@@ -221,7 +236,7 @@ export class DefaultServerNotificationsService implements ServerNotificationsSer
       case NotificationType.AuthRequest:
         if (
           await firstValueFrom(
-            this.configService.getFeatureFlag$(FeatureFlag.PM14938_BrowserExtensionLoginApproval),
+            this.configService.getFeatureFlag$(FeatureFlag.PM14938_BrowserExtensionLoginApproval)
           )
         ) {
           await this.authRequestAnsweringService.receivedPendingAuthRequest(