Auth/pm 23620/auth request answering service (#15760)

* feat(notification-processing): [PM-19877] System Notification Implementation - Implemented auth request answering service. * test(notification-processing): [PM-19877] System Notification Implementation - Added tests.
2025-12-18 17:23:37 +00:00 · 2025-08-28 13:47:05 -04:00
parent 3b5342dfb3
commit c828b3c4f4
16 changed files with 569 additions and 26 deletions
--- a/libs/common/src/auth/abstractions/auth-request-answering/auth-request-answering.service.abstraction.ts
+++ b/libs/common/src/auth/abstractions/auth-request-answering/auth-request-answering.service.abstraction.ts
@@ -0,0 +1,8 @@
+import { SystemNotificationEvent } from "@bitwarden/common/platform/system-notifications/system-notifications.service";
+import { UserId } from "@bitwarden/user-core";
+
+export abstract class AuthRequestAnsweringServiceAbstraction {
+  abstract receivedPendingAuthRequest(userId: UserId, notificationId: string): Promise<void>;
+
+  abstract handleAuthRequestNotificationClicked(event: SystemNotificationEvent): Promise<void>;
+}
--- a/libs/common/src/auth/enums/auth-server-notification-tags.ts
+++ b/libs/common/src/auth/enums/auth-server-notification-tags.ts
@@ -0,0 +1,3 @@
+export const AuthServerNotificationTags = Object.freeze({
+  AuthRequest: "authRequest",
+});
--- a/libs/common/src/auth/services/auth-request-answering/auth-request-answering.service.spec.ts
+++ b/libs/common/src/auth/services/auth-request-answering/auth-request-answering.service.spec.ts
@@ -0,0 +1,131 @@
+import { mock, MockProxy } from "jest-mock-extended";
+import { of } from "rxjs";
+
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { AuthServerNotificationTags } from "@bitwarden/common/auth/enums/auth-server-notification-tags";
+import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
+import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { ActionsService } from "@bitwarden/common/platform/actions";
+import {
+  ButtonLocation,
+  SystemNotificationEvent,
+  SystemNotificationsService,
+} from "@bitwarden/common/platform/system-notifications/system-notifications.service";
+import { UserId } from "@bitwarden/user-core";
+
+import { AuthRequestAnsweringService } from "./auth-request-answering.service";
+
+describe("AuthRequestAnsweringService", () => {
+  let accountService: MockProxy<AccountService>;
+  let actionService: MockProxy<ActionsService>;
+  let authService: MockProxy<AuthService>;
+  let i18nService: MockProxy<I18nService>;
+  let masterPasswordService: any; // MasterPasswordServiceAbstraction has many members; we only use forceSetPasswordReason$
+  let platformUtilsService: MockProxy<PlatformUtilsService>;
+  let systemNotificationsService: MockProxy<SystemNotificationsService>;
+
+  let sut: AuthRequestAnsweringService;
+
+  const userId = "9f4c3452-6a45-48af-a7d0-74d3e8b65e4c" as UserId;
+
+  beforeEach(() => {
+    accountService = mock<AccountService>();
+    actionService = mock<ActionsService>();
+    authService = mock<AuthService>();
+    i18nService = mock<I18nService>();
+    masterPasswordService = { forceSetPasswordReason$: jest.fn() };
+    platformUtilsService = mock<PlatformUtilsService>();
+    systemNotificationsService = mock<SystemNotificationsService>();
+
+    // Common defaults
+    authService.activeAccountStatus$ = of(AuthenticationStatus.Locked);
+    accountService.activeAccount$ = of({
+      id: userId,
+      email: "user@example.com",
+      emailVerified: true,
+      name: "User",
+    });
+    accountService.accounts$ = of({
+      [userId]: { email: "user@example.com", emailVerified: true, name: "User" },
+    });
+    (masterPasswordService.forceSetPasswordReason$ as jest.Mock).mockReturnValue(
+      of(ForceSetPasswordReason.None),
+    );
+    platformUtilsService.isPopupOpen.mockResolvedValue(false);
+    i18nService.t.mockImplementation(
+      (key: string, p1?: any) => `${key}${p1 != null ? ":" + p1 : ""}`,
+    );
+    systemNotificationsService.create.mockResolvedValue("notif-id");
+
+    sut = new AuthRequestAnsweringService(
+      accountService,
+      actionService,
+      authService,
+      i18nService,
+      masterPasswordService,
+      platformUtilsService,
+      systemNotificationsService,
+    );
+  });
+
+  describe("handleAuthRequestNotificationClicked", () => {
+    it("clears notification and opens popup when notification body is clicked", async () => {
+      const event: SystemNotificationEvent = {
+        id: "123",
+        buttonIdentifier: ButtonLocation.NotificationButton,
+      };
+
+      await sut.handleAuthRequestNotificationClicked(event);
+
+      expect(systemNotificationsService.clear).toHaveBeenCalledWith({ id: "123" });
+      expect(actionService.openPopup).toHaveBeenCalledTimes(1);
+    });
+
+    it("does nothing when an optional button is clicked", async () => {
+      const event: SystemNotificationEvent = {
+        id: "123",
+        buttonIdentifier: ButtonLocation.FirstOptionalButton,
+      };
+
+      await sut.handleAuthRequestNotificationClicked(event);
+
+      expect(systemNotificationsService.clear).not.toHaveBeenCalled();
+      expect(actionService.openPopup).not.toHaveBeenCalled();
+    });
+  });
+
+  describe("receivedPendingAuthRequest", () => {
+    const authRequestId = "req-abc";
+
+    it("creates a system notification when popup is not open", async () => {
+      platformUtilsService.isPopupOpen.mockResolvedValue(false);
+      authService.activeAccountStatus$ = of(AuthenticationStatus.Unlocked);
+
+      await sut.receivedPendingAuthRequest(userId, authRequestId);
+
+      expect(i18nService.t).toHaveBeenCalledWith("accountAccessRequested");
+      expect(i18nService.t).toHaveBeenCalledWith("confirmAccessAttempt", "user@example.com");
+      expect(systemNotificationsService.create).toHaveBeenCalledWith({
+        id: `${AuthServerNotificationTags.AuthRequest}_${authRequestId}`,
+        title: "accountAccessRequested",
+        body: "confirmAccessAttempt:user@example.com",
+        buttons: [],
+      });
+    });
+
+    it("does not create a notification when popup is open, user is active, unlocked, and no force set password", async () => {
+      platformUtilsService.isPopupOpen.mockResolvedValue(true);
+      authService.activeAccountStatus$ = of(AuthenticationStatus.Unlocked);
+      (masterPasswordService.forceSetPasswordReason$ as jest.Mock).mockReturnValue(
+        of(ForceSetPasswordReason.None),
+      );
+
+      await sut.receivedPendingAuthRequest(userId, authRequestId);
+
+      expect(systemNotificationsService.create).not.toHaveBeenCalled();
+    });
+  });
+});
--- a/libs/common/src/auth/services/auth-request-answering/auth-request-answering.service.ts
+++ b/libs/common/src/auth/services/auth-request-answering/auth-request-answering.service.ts
@@ -0,0 +1,70 @@
+import { firstValueFrom } from "rxjs";
+
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { AuthServerNotificationTags } from "@bitwarden/common/auth/enums/auth-server-notification-tags";
+import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
+import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
+import { getUserId } from "@bitwarden/common/auth/services/account.service";
+import { MasterPasswordServiceAbstraction } from "@bitwarden/common/key-management/master-password/abstractions/master-password.service.abstraction";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { ActionsService } from "@bitwarden/common/platform/actions";
+import {
+  ButtonLocation,
+  SystemNotificationEvent,
+  SystemNotificationsService,
+} from "@bitwarden/common/platform/system-notifications/system-notifications.service";
+import { UserId } from "@bitwarden/user-core";
+
+import { AuthRequestAnsweringServiceAbstraction } from "../../abstractions/auth-request-answering/auth-request-answering.service.abstraction";
+
+export class AuthRequestAnsweringService implements AuthRequestAnsweringServiceAbstraction {
+  constructor(
+    private readonly accountService: AccountService,
+    private readonly actionService: ActionsService,
+    private readonly authService: AuthService,
+    private readonly i18nService: I18nService,
+    private readonly masterPasswordService: MasterPasswordServiceAbstraction,
+    private readonly platformUtilsService: PlatformUtilsService,
+    private readonly systemNotificationsService: SystemNotificationsService,
+  ) {}
+
+  async handleAuthRequestNotificationClicked(event: SystemNotificationEvent): Promise<void> {
+    if (event.buttonIdentifier === ButtonLocation.NotificationButton) {
+      await this.systemNotificationsService.clear({
+        id: `${event.id}`,
+      });
+      await this.actionService.openPopup();
+    }
+  }
+
+  async receivedPendingAuthRequest(userId: UserId, authRequestId: string): Promise<void> {
+    const authStatus = await firstValueFrom(this.authService.activeAccountStatus$);
+    const activeUserId = await firstValueFrom(this.accountService.activeAccount$.pipe(getUserId));
+    const forceSetPasswordReason = await firstValueFrom(
+      this.masterPasswordService.forceSetPasswordReason$(userId),
+    );
+
+    // Is the popup already open?
+    if (
+      (await this.platformUtilsService.isPopupOpen()) &&
+      authStatus === AuthenticationStatus.Unlocked &&
+      activeUserId === userId &&
+      forceSetPasswordReason === ForceSetPasswordReason.None
+    ) {
+      // TODO: Handled in 14934
+    } else {
+      // Get the user's email to include in the system notification
+      const accounts = await firstValueFrom(this.accountService.accounts$);
+      const emailForUser = accounts[userId].email;
+
+      await this.systemNotificationsService.create({
+        id: `${AuthServerNotificationTags.AuthRequest}_${authRequestId}`,
+        title: this.i18nService.t("accountAccessRequested"),
+        body: this.i18nService.t("confirmAccessAttempt", emailForUser),
+        buttons: [],
+      });
+    }
+  }
+}
--- a/libs/common/src/auth/services/auth-request-answering/unsupported-auth-request-answering.service.ts
+++ b/libs/common/src/auth/services/auth-request-answering/unsupported-auth-request-answering.service.ts
@@ -0,0 +1,17 @@
+import { SystemNotificationEvent } from "@bitwarden/common/platform/system-notifications/system-notifications.service";
+import { UserId } from "@bitwarden/user-core";
+
+import { AuthRequestAnsweringServiceAbstraction } from "../../abstractions/auth-request-answering/auth-request-answering.service.abstraction";
+
+export class UnsupportedAuthRequestAnsweringService
+  implements AuthRequestAnsweringServiceAbstraction
+{
+  constructor() {}
+  async handleAuthRequestNotificationClicked(event: SystemNotificationEvent): Promise<void> {
+    throw new Error("Received pending auth request not supported.");
+  }
+
+  async receivedPendingAuthRequest(userId: UserId, notificationId: string): Promise<void> {
+    throw new Error("Received pending auth request not supported.");
+  }
+}
--- a/libs/common/src/platform/server-notifications/internal/default-notifications.service.spec.ts
+++ b/libs/common/src/platform/server-notifications/internal/default-notifications.service.spec.ts
@@ -1,9 +1,11 @@
 import { mock, MockProxy } from "jest-mock-extended";
-import { BehaviorSubject, bufferCount, firstValueFrom, ObservedValueOf, of, Subject } from "rxjs";
+import { BehaviorSubject, bufferCount, firstValueFrom, ObservedValueOf, Subject } from "rxjs";

 // This import has been flagged as unallowed for this class. It may be involved in a circular dependency loop.
 // eslint-disable-next-line no-restricted-imports
 import { LogoutReason } from "@bitwarden/auth/common";
+import { AuthRequestAnsweringServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth-request-answering/auth-request-answering.service.abstraction";
+import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";

 import { awaitAsync } from "../../../../spec";
 import { Matrix } from "../../../../spec/matrix";
@@ -39,6 +41,7 @@ describe("NotificationsService", () => {
  let signalRNotificationConnectionService: MockProxy<SignalRConnectionService>;
  let authService: MockProxy<AuthService>;
  let webPushNotificationConnectionService: MockProxy<WebPushConnectionService>;
+  let authRequestAnsweringService: MockProxy<AuthRequestAnsweringServiceAbstraction>;
  let configService: MockProxy<ConfigService>;

  let activeAccount: BehaviorSubject<ObservedValueOf<AccountService["activeAccount$"]>>;
@@ -66,9 +69,16 @@ describe("NotificationsService", () => {
    signalRNotificationConnectionService = mock<SignalRConnectionService>();
    authService = mock<AuthService>();
    webPushNotificationConnectionService = mock<WorkerWebPushConnectionService>();
+    authRequestAnsweringService = mock<AuthRequestAnsweringServiceAbstraction>();
    configService = mock<ConfigService>();

-    configService.getFeatureFlag$.mockReturnValue(of(true));
+    // For these tests, use the active-user implementation (feature flag disabled)
+    configService.getFeatureFlag$.mockImplementation((flag: FeatureFlag) => {
+      const flagValueByFlag: Partial<Record<FeatureFlag, boolean>> = {
+        [FeatureFlag.PushNotificationsWhenLocked]: true,
+      };
+      return new BehaviorSubject(flagValueByFlag[flag] ?? false) as any;
+    });

    activeAccount = new BehaviorSubject<ObservedValueOf<AccountService["activeAccount$"]>>(null);
    accountService.activeAccount$ = activeAccount.asObservable();
@@ -109,6 +119,7 @@ describe("NotificationsService", () => {
      signalRNotificationConnectionService,
      authService,
      webPushNotificationConnectionService,
+      authRequestAnsweringService,
      configService,
    );
  });
@@ -116,7 +127,7 @@ describe("NotificationsService", () => {
  const mockUser1 = "user1" as UserId;
  const mockUser2 = "user2" as UserId;

-  function emitActiveUser(userId: UserId) {
+  function emitActiveUser(userId: UserId | null) {
    if (userId == null) {
      activeAccount.next(null);
    } else {
--- a/libs/common/src/platform/server-notifications/internal/default-server-notifications.service.ts
+++ b/libs/common/src/platform/server-notifications/internal/default-server-notifications.service.ts
@@ -4,6 +4,7 @@ import {
  distinctUntilChanged,
  EMPTY,
  filter,
+  firstValueFrom,
  map,
  mergeMap,
  Observable,
@@ -14,6 +15,7 @@ import {
 // This import has been flagged as unallowed for this class. It may be involved in a circular dependency loop.
 // eslint-disable-next-line no-restricted-imports
 import { LogoutReason } from "@bitwarden/auth/common";
+import { AuthRequestAnsweringServiceAbstraction } from "@bitwarden/common/auth/abstractions/auth-request-answering/auth-request-answering.service.abstraction";
 import { FeatureFlag } from "@bitwarden/common/enums/feature-flag.enum";

 import { AccountService } from "../../../auth/abstractions/account.service";
@@ -57,6 +59,7 @@ export class DefaultServerNotificationsService implements ServerNotificationsSer
    private readonly signalRConnectionService: SignalRConnectionService,
    private readonly authService: AuthService,
    private readonly webPushConnectionService: WebPushConnectionService,
+    private readonly authRequestAnsweringService: AuthRequestAnsweringServiceAbstraction,
    private readonly configService: ConfigService,
  ) {
    this.notifications$ = this.accountService.activeAccount$.pipe(
@@ -227,8 +230,16 @@ export class DefaultServerNotificationsService implements ServerNotificationsSer
        await this.syncService.syncDeleteSend(notification.payload as SyncSendNotification);
        break;
      case NotificationType.AuthRequest:
-        // create notification
-
+        if (
+          await firstValueFrom(
+            this.configService.getFeatureFlag$(FeatureFlag.PM14938_BrowserExtensionLoginApproval),
+          )
+        ) {
+          await this.authRequestAnsweringService.receivedPendingAuthRequest(
+            notification.payload.userId,
+            notification.payload.id,
+          );
+        }
        this.messagingService.send("openLoginApproval", {
          notificationId: notification.payload.id,
        });
--- a/libs/common/src/platform/system-notifications/system-notifications.service.ts
+++ b/libs/common/src/platform/system-notifications/system-notifications.service.ts
@@ -1,6 +1,6 @@
 import { Observable } from "rxjs";

-// This is currently tailored for chrome extension's api, if safari works
+// This is currently tailored for Chrome extension's api, if Safari works
 // differently where clicking a notification button produces a different
 // identifier we need to reconcile that here.
 export const ButtonLocation = Object.freeze({