bitwarden · rr-bw · Oct 16, 2025 · Oct 17, 2025 · Oct 17, 2025 · Oct 19, 2025
@@ -0,0 +1,237 @@
+import { mock, MockProxy } from "jest-mock-extended";
+import { of } from "rxjs";
+
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { AuthRequestAnsweringService } from "@bitwarden/common/auth/abstractions/auth-request-answering/auth-request-answering.service.abstraction";
+import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { AuthServerNotificationTags } from "@bitwarden/common/auth/enums/auth-server-notification-tags";
+import { AuthenticationStatus } from "@bitwarden/common/auth/enums/authentication-status";
+import { ForceSetPasswordReason } from "@bitwarden/common/auth/models/domain/force-set-password-reason";
+import { PendingAuthRequestsStateService } from "@bitwarden/common/auth/services/auth-request-answering/pending-auth-requests.state";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
+import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { ActionsService } from "@bitwarden/common/platform/actions";
+import {
+  ButtonLocation,
+  SystemNotificationEvent,
+  SystemNotificationsService,
+} from "@bitwarden/common/platform/system-notifications/system-notifications.service";
+import { LogService } from "@bitwarden/logging";
+import { UserId } from "@bitwarden/user-core";
+
+import { ExtensionAuthRequestAnsweringService } from "./extension-auth-request-answering.service";
+
+describe("ExtensionAuthRequestAnsweringService", () => {
+  let accountService: MockProxy<AccountService>;
+  let authService: MockProxy<AuthService>;
+  let masterPasswordService: any; // MasterPasswordServiceAbstraction has many members; we only use forceSetPasswordReason$
+  let messagingService: MockProxy<MessagingService>;
+  let pendingAuthRequestsState: MockProxy<PendingAuthRequestsStateService>;
+  let actionService: MockProxy<ActionsService>;
+  let i18nService: MockProxy<I18nService>;
+  let platformUtilsService: MockProxy<PlatformUtilsService>;
+  let systemNotificationsService: MockProxy<SystemNotificationsService>;
+  let logService: MockProxy<LogService>;
+
+  let sut: AuthRequestAnsweringService;
+
+  const userId = "9f4c3452-6a45-48af-a7d0-74d3e8b65e4c" as UserId;
+  const authRequestId = "auth-request-id-123";
+
+  beforeEach(() => {
+    accountService = mock<AccountService>();
+    authService = mock<AuthService>();
+    masterPasswordService = {
+      forceSetPasswordReason$: jest.fn().mockReturnValue(of(ForceSetPasswordReason.None)),
+    };
+    messagingService = mock<MessagingService>();
+    pendingAuthRequestsState = mock<PendingAuthRequestsStateService>();
+    actionService = mock<ActionsService>();
+    i18nService = mock<I18nService>();
+    platformUtilsService = mock<PlatformUtilsService>();
+    systemNotificationsService = mock<SystemNotificationsService>();
+    logService = mock<LogService>();
+
+    // Common defaults
+    authService.activeAccountStatus$ = of(AuthenticationStatus.Locked);
+    accountService.activeAccount$ = of({
+      id: userId,
+      email: "[email protected]",
+      emailVerified: true,
+      name: "User",
+    });
+    accountService.accounts$ = of({
+      [userId]: { email: "[email protected]", emailVerified: true, name: "User" },
+    });
+    platformUtilsService.isPopupOpen.mockResolvedValue(false);
+    i18nService.t.mockImplementation(
+      (key: string, p1?: any) => `${key}${p1 != null ? ":" + p1 : ""}`,
+    );
+    systemNotificationsService.create.mockResolvedValue("notif-id");
+
+    sut = new ExtensionAuthRequestAnsweringService(
+      accountService,
+      authService,
+      masterPasswordService,
+      messagingService,
+      pendingAuthRequestsState,
+      actionService,
+      i18nService,
+      platformUtilsService,
+      systemNotificationsService,
+      logService,
+    );
+  });
+
+  describe("receivedPendingAuthRequest()", () => {
+    it("should throw if authRequestUserId not given", async () => {
+      // Act
+      const promise = sut.receivedPendingAuthRequest(undefined, authRequestId);
+
+      // Assert
+      await expect(promise).rejects.toThrow("authRequestUserId required");
+    });
+
+    it("should throw if authRequestId not given", async () => {
+      // Act
+      const promise = sut.receivedPendingAuthRequest(userId, undefined);
+
+      // Assert
+      await expect(promise).rejects.toThrow("authRequestId required");
+    });
+
+    it("should add a pending marker for the user to state", async () => {
+      // Act
+      await sut.receivedPendingAuthRequest(userId, authRequestId);
+
+      // Assert
+      expect(pendingAuthRequestsState.add).toHaveBeenCalledTimes(1);
+      expect(pendingAuthRequestsState.add).toHaveBeenCalledWith(userId);
+    });
+
+    describe("given the active user is the intended recipient of the auth request, unlocked, and not required to set/change their master password", () => {
+      describe("given the popup is open", () => {
+        it("should send an 'openLoginApproval' message", async () => {
+          // Arrange
+          platformUtilsService.isPopupOpen.mockResolvedValue(true);
+          authService.activeAccountStatus$ = of(AuthenticationStatus.Unlocked);
+
+          // Act
+          await sut.receivedPendingAuthRequest(userId, authRequestId);
+
+          // Assert
+          expect(messagingService.send).toHaveBeenCalledTimes(1);
+          expect(messagingService.send).toHaveBeenCalledWith("openLoginApproval", {
+            notificationId: authRequestId,
+          });
+        });
+
+        it("should not create a system notification", async () => {
+          // Arrange
+          platformUtilsService.isPopupOpen.mockResolvedValue(true);
+          authService.activeAccountStatus$ = of(AuthenticationStatus.Unlocked);
+
+          // Act
+          await sut.receivedPendingAuthRequest(userId, authRequestId);
+
+          // Assert
+          expect(systemNotificationsService.create).not.toHaveBeenCalled();
+        });
+      });
+
+      describe("given the popup is closed", () => {
+        it("should not send an 'openLoginApproval' message", async () => {
+          // Arrange
+          platformUtilsService.isPopupOpen.mockResolvedValue(false);
+          authService.activeAccountStatus$ = of(AuthenticationStatus.Unlocked);
+
+          // Act
+          await sut.receivedPendingAuthRequest(userId, authRequestId);
+
+          // Assert
+          expect(messagingService.send).not.toHaveBeenCalled();
+        });
+
+        it("should create a system notification", async () => {
+          // Arrange
+          platformUtilsService.isPopupOpen.mockResolvedValue(false);
+          authService.activeAccountStatus$ = of(AuthenticationStatus.Unlocked);
+
+          // Act
+          await sut.receivedPendingAuthRequest(userId, authRequestId);
+
+          // Assert
+          expect(i18nService.t).toHaveBeenCalledWith("accountAccessRequested");
+          expect(i18nService.t).toHaveBeenCalledWith("confirmAccessAttempt", "[email protected]");
+          expect(systemNotificationsService.create).toHaveBeenCalledWith({
+            id: `${AuthServerNotificationTags.AuthRequest}_${authRequestId}`,
+            title: "accountAccessRequested",
+            body: "confirmAccessAttempt:[email protected]",
+            buttons: [],
+          });
+        });
+      });
+    });
+  });
+
+  describe("activeUserMeetsConditionsToShowApprovalDialog()", () => {
+    describe("given the active user is the intended recipient of the auth request, unlocked, and not required to set/change their master password", () => {
+      it("should return true if popup is open", async () => {
+        // Arrange
+        platformUtilsService.isPopupOpen.mockResolvedValue(true);
+        authService.activeAccountStatus$ = of(AuthenticationStatus.Unlocked);
+
+        // Act
+        const result = await sut.activeUserMeetsConditionsToShowApprovalDialog(userId);
+
+        // Assert
+        expect(result).toBe(true);
+      });
+
+      it("should return false if popup is closed", async () => {
+        // Arrange
+        platformUtilsService.isPopupOpen.mockResolvedValue(false);
+        authService.activeAccountStatus$ = of(AuthenticationStatus.Unlocked);
+
+        // Act
+        const result = await sut.activeUserMeetsConditionsToShowApprovalDialog(userId);
+
+        // Assert
+        expect(result).toBe(false);
+      });
+    });
+  });
+
+  describe("handleAuthRequestNotificationClicked()", () => {
+    it("should clear notification and open popup when notification body is clicked", async () => {
+      // Arrange
+      const event: SystemNotificationEvent = {
+        id: "123",
+        buttonIdentifier: ButtonLocation.NotificationButton,
+      };
+
+      // Act
+      await sut.handleAuthRequestNotificationClicked(event);
+
+      // Assert
+      expect(systemNotificationsService.clear).toHaveBeenCalledWith({ id: "123" });
+      expect(actionService.openPopup).toHaveBeenCalledTimes(1);
+    });
+
+    it("should do nothing when an optional notification button is clicked", async () => {
+      // Arrange
+      const event: SystemNotificationEvent = {
+        id: "123",
+        buttonIdentifier: ButtonLocation.FirstOptionalButton,
+      };
+
+      // Act
+      await sut.handleAuthRequestNotificationClicked(event);
+
+      // Assert
+      expect(systemNotificationsService.clear).not.toHaveBeenCalled();
+      expect(actionService.openPopup).not.toHaveBeenCalled();
+    });
+  });
+});
@@ -0,0 +1,116 @@
+import { firstValueFrom } from "rxjs";
+
+import { AccountService } from "@bitwarden/common/auth/abstractions/account.service";
+import { AuthRequestAnsweringService } from "@bitwarden/common/auth/abstractions/auth-request-answering/auth-request-answering.service.abstraction";
+import { AuthService } from "@bitwarden/common/auth/abstractions/auth.service";
+import { AuthServerNotificationTags } from "@bitwarden/common/auth/enums/auth-server-notification-tags";
+import { DefaultAuthRequestAnsweringService } from "@bitwarden/common/auth/services/auth-request-answering/default-auth-request-answering.service";
+import { PendingAuthRequestsStateService } from "@bitwarden/common/auth/services/auth-request-answering/pending-auth-requests.state";
+import { MasterPasswordServiceAbstraction } from "@bitwarden/common/key-management/master-password/abstractions/master-password.service.abstraction";
+import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
+import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
+import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { ActionsService } from "@bitwarden/common/platform/actions";
+import {
+  ButtonLocation,
+  SystemNotificationEvent,
+  SystemNotificationsService,
+} from "@bitwarden/common/platform/system-notifications/system-notifications.service";
+import { LogService } from "@bitwarden/logging";
+import { UserId } from "@bitwarden/user-core";
+
+export class ExtensionAuthRequestAnsweringService
+  extends DefaultAuthRequestAnsweringService
+  implements AuthRequestAnsweringService
+{
+  constructor(
+    protected readonly accountService: AccountService,
+    protected readonly authService: AuthService,
+    protected readonly masterPasswordService: MasterPasswordServiceAbstraction,
+    protected readonly messagingService: MessagingService,
+    protected readonly pendingAuthRequestsState: PendingAuthRequestsStateService,
+    private readonly actionService: ActionsService,
+    private readonly i18nService: I18nService,
+    private readonly platformUtilsService: PlatformUtilsService,
+    private readonly systemNotificationsService: SystemNotificationsService,
+    private readonly logService: LogService,
+  ) {
+    super(
+      accountService,
+      authService,
+      masterPasswordService,
+      messagingService,
+      pendingAuthRequestsState,
+    );
+  }
+
+  async receivedPendingAuthRequest(
+    authRequestUserId: UserId,
+    authRequestId: string,
+  ): Promise<void> {
+    if (!authRequestUserId) {
+      throw new Error("authRequestUserId required");
+    }
+    if (!authRequestId) {
+      throw new Error("authRequestId required");
+    }
+
+    // Always persist the pending marker for this user to global state.
+    await this.pendingAuthRequestsState.add(authRequestUserId);
+
+    const activeUserMeetsConditionsToShowApprovalDialog =
+      await this.activeUserMeetsConditionsToShowApprovalDialog(authRequestUserId);
+
+    if (activeUserMeetsConditionsToShowApprovalDialog) {
+      // Send message to open dialog immediately for this request
+      this.messagingService.send("openLoginApproval", {
+        // Include the authRequestId so the DeviceManagementComponent can upsert the correct device.
+        // This will only matter if the user is on the /device-management screen when the auth request is received.
+        notificationId: authRequestId,
+      });
+    } else {
+      // Create a system notification
+      const accounts = await firstValueFrom(this.accountService.accounts$);
+      const accountInfo = accounts[authRequestUserId];
+
+      if (!accountInfo) {
+        this.logService.error("Account not found for authRequestUserId");
+        return;
+      }
+
+      const emailForUser = accountInfo.email;
+      await this.systemNotificationsService.create({
+        id: `${AuthServerNotificationTags.AuthRequest}_${authRequestId}`, // the underscore is an important delimiter.
+        title: this.i18nService.t("accountAccessRequested"),
+        body: this.i18nService.t("confirmAccessAttempt", emailForUser),
+        buttons: [],
+      });
+    }
+  }
+
+  async activeUserMeetsConditionsToShowApprovalDialog(authRequestUserId: UserId): Promise<boolean> {
+    const meetsBasicConditions = await super.activeUserMeetsConditionsToShowApprovalDialog(
+      authRequestUserId,
+    );
+
+    // To show an approval dialog immediately on Extension, the popup must be open.
+    const isPopupOpen = await this.platformUtilsService.isPopupOpen();
+    const meetsExtensionConditions = meetsBasicConditions && isPopupOpen;
+
+    return meetsExtensionConditions;
+  }
+
+  /**
+   * When a system notification is clicked, this function is used to process that event.
+   *
+   * @param event The event passed in. Check initNotificationSubscriptions in main.background.ts.
+   */
+  async handleAuthRequestNotificationClicked(event: SystemNotificationEvent): Promise<void> {
+    if (event.buttonIdentifier === ButtonLocation.NotificationButton) {
+      await this.systemNotificationsService.clear({
+        id: `${event.id}`,
+      });
+      await this.actionService.openPopup();
+    }
+  }
+}