Make client internally mutable

bitwarden · Jun 12, 2024 · f61d104 · f61d104
1 parent c56add5
commit f61d104
Show file tree

Hide file tree

Showing 30 changed files with 219 additions and 173 deletions.
diff --git a/crates/bitwarden-crypto/src/keys/asymmetric_crypto_key.rs b/crates/bitwarden-crypto/src/keys/asymmetric_crypto_key.rs
@@ -36,6 +36,7 @@ impl AsymmetricEncryptable for AsymmetricPublicCryptoKey {
 
 /// An asymmetric encryption key. Contains both the public and private key. Can be used to both
 /// encrypt and decrypt [`AsymmetricEncString`](crate::AsymmetricEncString).
+#[derive(Clone)]
 pub struct AsymmetricCryptoKey {
     // RsaPrivateKey is not a Copy type so this isn't completely necessary, but
     // to keep the compiler from making stack copies when moving this struct around,

diff --git a/crates/bitwarden-crypto/src/keys/key_encryptable.rs b/crates/bitwarden-crypto/src/keys/key_encryptable.rs
@@ -1,4 +1,4 @@
-use std::{collections::HashMap, hash::Hash};
+use std::{collections::HashMap, hash::Hash, sync::Arc};
 
 use rayon::prelude::*;
 use uuid::Uuid;
@@ -9,6 +9,12 @@ pub trait KeyContainer: Send + Sync {
     fn get_key(&self, org_id: &Option<Uuid>) -> Option<&SymmetricCryptoKey>;
 }
 
+impl<T: KeyContainer> KeyContainer for Arc<T> {
+    fn get_key(&self, org_id: &Option<Uuid>) -> Option<&SymmetricCryptoKey> {
+        self.as_ref().get_key(org_id)
+    }
+}
+
 pub trait LocateKey {
     fn locate_key<'a>(
         &self,

diff --git a/crates/bitwarden-crypto/src/keys/symmetric_crypto_key.rs b/crates/bitwarden-crypto/src/keys/symmetric_crypto_key.rs
@@ -10,6 +10,7 @@ use super::key_encryptable::CryptoKey;
 use crate::CryptoError;
 
 /// A symmetric encryption key. Used to encrypt and decrypt [`EncString`](crate::EncString)
+#[derive(Clone)]
 pub struct SymmetricCryptoKey {
     // GenericArray is equivalent to [u8; N], which is a Copy type placed on the stack.
     // To keep the compiler from making stack copies when moving this struct around,

diff --git a/crates/bitwarden/src/auth/login/access_token.rs b/crates/bitwarden/src/auth/login/access_token.rs
@@ -104,7 +104,7 @@ async fn request_access_token(
 ) -> Result<IdentityTokenResponse> {
     let config = client.get_api_configurations().await;
     AccessTokenRequest::new(input.access_token_id, &input.client_secret)
-        .send(config)
+        .send(&config)
         .await
 }
 

diff --git a/crates/bitwarden/src/auth/login/api_key.rs b/crates/bitwarden/src/auth/login/api_key.rs
@@ -63,7 +63,7 @@ async fn request_api_identity_tokens(
 ) -> Result<IdentityTokenResponse> {
     let config = client.get_api_configurations().await;
     ApiTokenRequest::new(&input.client_id, &input.client_secret)
-        .send(config)
+        .send(&config)
         .await
 }
 

diff --git a/crates/bitwarden/src/auth/login/auth_request.rs b/crates/bitwarden/src/auth/login/auth_request.rs
@@ -81,7 +81,7 @@ pub(crate) async fn complete_auth_request(
         config.device_type,
         &auth_req.device_identifier,
     )
-    .send(config)
+    .send(&config)
     .await?;
 
     if let IdentityTokenResponse::Authenticated(r) = response {

diff --git a/crates/bitwarden/src/auth/login/password.rs b/crates/bitwarden/src/auth/login/password.rs
@@ -76,7 +76,7 @@ async fn request_identity_tokens(
         "b86dd6ab-4265-4ddf-a7f1-eb28d5677f33",
         &input.two_factor,
     )
-    .send(config)
+    .send(&config)
     .await
 }
 

diff --git a/crates/bitwarden/src/auth/password/validate.rs b/crates/bitwarden/src/auth/password/validate.rs
@@ -13,12 +13,9 @@ pub(crate) fn validate_password(
     password: String,
     password_hash: String,
 ) -> Result<bool> {
-    let login_method = client
-        .login_method
-        .as_ref()
-        .ok_or(Error::NotAuthenticated)?;
+    let login_method = client.get_login_method().ok_or(Error::NotAuthenticated)?;
 
-    if let LoginMethod::User(login_method) = login_method {
+    if let LoginMethod::User(login_method) = login_method.as_ref() {
         match login_method {
             UserLoginMethod::Username { email, kdf, .. }
             | UserLoginMethod::ApiKey { email, kdf, .. } => {
@@ -45,12 +42,9 @@ pub(crate) fn validate_password_user_key(
 ) -> Result<String> {
     use bitwarden_core::VaultLocked;
 
-    let login_method = client
-        .login_method
-        .as_ref()
-        .ok_or(Error::NotAuthenticated)?;
+    let login_method = client.get_login_method().ok_or(Error::NotAuthenticated)?;
 
-    if let LoginMethod::User(login_method) = login_method {
+    if let LoginMethod::User(login_method) = login_method.as_ref() {
         match login_method {
             UserLoginMethod::Username { email, kdf, .. }
             | UserLoginMethod::ApiKey { email, kdf, .. } => {

diff --git a/crates/bitwarden/src/auth/renew.rs b/crates/bitwarden/src/auth/renew.rs
@@ -12,34 +12,49 @@ use crate::{
 pub(crate) async fn renew_token(client: &Client) -> Result<()> {
     const TOKEN_RENEW_MARGIN_SECONDS: i64 = 5 * 60;
 
-    if let (Some(expires), Some(login_method)) = (&client.token_expires_on, &client.login_method) {
+    let expires = *client
+        .token_expires_on
+        .read()
+        .expect("RwLock is not poisoned");
+    let login_method = client
+        .login_method
+        .read()
+        .expect("RwLock is not poisoned")
+        .clone();
+
+    if let (Some(expires), Some(login_method)) = (expires, login_method) {
         if Utc::now().timestamp() < expires - TOKEN_RENEW_MARGIN_SECONDS {
             return Ok(());
         }
 
-        let res = match login_method {
+        let config = client
+            .__api_configurations
+            .read()
+            .expect("RwLock is not poisoned")
+            .clone();
+
+        let res = match login_method.as_ref() {
             #[cfg(feature = "internal")]
             LoginMethod::User(u) => match u {
                 UserLoginMethod::Username { client_id, .. } => {
                     let refresh = client
                         .refresh_token
-                        .as_deref()
+                        .read()
+                        .expect("RwLock is not poisoned")
+                        .clone()
                         .ok_or(Error::NotAuthenticated)?;
 
-                    crate::auth::api::request::RenewTokenRequest::new(
-                        refresh.to_owned(),
-                        client_id.to_owned(),
-                    )
-                    .send(&client.__api_configurations)
-                    .await?
+                    crate::auth::api::request::RenewTokenRequest::new(refresh, client_id.to_owned())
+                        .send(&config)
+                        .await?
                 }
                 UserLoginMethod::ApiKey {
                     client_id,
                     client_secret,
                     ..
                 } => {
                     ApiTokenRequest::new(client_id, client_secret)
-                        .send(&client.__api_configurations)
+                        .send(&config)
                         .await?
                 }
             },
@@ -53,7 +68,7 @@ pub(crate) async fn renew_token(client: &Client) -> Result<()> {
                         access_token.access_token_id,
                         &access_token.client_secret,
                     )
-                    .send(&client.__api_configurations)
+                    .send(&config)
                     .await?;
 
                     if let (IdentityTokenResponse::Payload(r), Some(state_file), Ok(enc_settings)) =