Only allow setting userID once

Author: MGibson1

crates/bitwarden-core/src/client/client.rs

@@ -1,4 +1,4 @@
-use std::sync::{Arc, RwLock};
+use std::sync::{Arc, OnceLock, RwLock};
 
 use bitwarden_crypto::KeyStore;
 use reqwest::header::{self, HeaderValue};
@@ -75,7 +75,7 @@ impl Client {
 
         Self {
             internal: Arc::new(InternalClient {
-                user_id: RwLock::new(None),
+                user_id: OnceLock::new(),
                 tokens: RwLock::new(Tokens::default()),
                 login_method: RwLock::new(None),
                 #[cfg(feature = "internal")]

crates/bitwarden-core/src/client/encryption_settings.rs

@@ -6,6 +6,7 @@ use thiserror::Error;
 use uuid::Uuid;
 
 use crate::{
+    error::UserIdAlreadySetError,
     key_management::{AsymmetricKeyId, KeyIds, SymmetricKeyId},
     MissingPrivateKeyError, VaultLockedError,
 };
@@ -27,6 +28,9 @@ pub enum EncryptionSettingsError {
 
     #[error(transparent)]
     MissingPrivateKey(#[from] MissingPrivateKeyError),
+
+    #[error(transparent)]
+    UserIdAlreadySetError(#[from] UserIdAlreadySetError),
 }
 
 pub struct EncryptionSettings {}

crates/bitwarden-core/src/client/internal.rs

@@ -1,4 +1,4 @@
-use std::sync::{Arc, RwLock};
+use std::sync::{Arc, OnceLock, RwLock};
 
 use bitwarden_crypto::KeyStore;
 #[cfg(any(feature = "internal", feature = "secrets"))]
@@ -13,6 +13,7 @@ use super::login_method::ServiceAccountLoginMethod;
 use crate::{
     auth::renew::renew_token,
     client::{encryption_settings::EncryptionSettings, login_method::LoginMethod},
+    error::UserIdAlreadySetError,
     key_management::KeyIds,
     DeviceType,
 };
@@ -44,7 +45,7 @@ pub(crate) struct Tokens {
 
 #[derive(Debug)]
 pub struct InternalClient {
-    pub(crate) user_id: RwLock<Option<Uuid>>,
+    pub(crate) user_id: OnceLock<Uuid>,
     pub(crate) tokens: RwLock<Tokens>,
     pub(crate) login_method: RwLock<Option<Arc<LoginMethod>>>,
 
@@ -173,12 +174,12 @@ impl InternalClient {
         &self.key_store
     }
 
-    pub fn set_user_id(&self, user_id: Uuid) {
-        *self.user_id.write().expect("RwLock is not poisoned") = Some(user_id);
+    pub fn init_user_id(&self, user_id: Uuid) -> Result<(), UserIdAlreadySetError> {
+        self.user_id.set(user_id).map_err(|_| UserIdAlreadySetError)
     }
 
     pub fn get_user_id(&self) -> Option<Uuid> {
-        *self.user_id.read().expect("RwLock is not poisoned")
+        self.user_id.get().copied()
     }
 
     #[cfg(feature = "internal")]

crates/bitwarden-core/src/error.rs

@@ -48,6 +48,11 @@ impl_bitwarden_error!(IdentityError, ApiError);
 #[error("The client is not authenticated or the session has expired")]
 pub struct NotAuthenticatedError;
 
+/// Client's user ID is already set.
+#[derive(Debug, Error)]
+#[error("The client user ID is already set")]
+pub struct UserIdAlreadySetError;
+
 /// Missing required field.
 #[derive(Debug, Error)]
 #[error("The response received was missing a required field: {0}")]

crates/bitwarden-core/src/mobile/crypto.rs

@@ -133,7 +133,7 @@ pub async fn initialize_user_crypto(
     let private_key: EncString = req.private_key.parse()?;
 
     if let Some(user_id) = req.user_id {
-        client.internal.set_user_id(user_id);
+        client.internal.init_user_id(user_id)?;
     }
 
     match req.method {