bitwarden · KatherineInCode · Dec 27, 2024 · Dec 4, 2024 · Dec 9, 2024 · Dec 9, 2024
@@ -35,6 +35,12 @@ enum FeatureFlag: String, CaseIterable, Codable {
     /// A feature flag for the create account flow.
     case nativeCreateAccountFlow = "native-create-account-flow"
 
+    /// A feature flag for the new device verification flow.
+    case newDeviceVerificationTemporaryDismiss = "new-device-temporary-dismiss"
+
+    /// A feature flag for the new device verification flow.
+    case newDeviceVerificationPermanentDismiss = "new-device-permanent-dismiss"
+
     case sshKeyVaultItem = "ssh-key-vault-item"
 
     /// A feature flag for the refactor on the SSO details endpoint.
@@ -79,6 +85,8 @@ enum FeatureFlag: String, CaseIterable, Codable {
     /// but if `isRemotelyConfigured` is false for the flag, then the value here will be used.
     /// This is a helpful way to manage local feature flags.
     static let initialValues: [FeatureFlag: AnyCodable] = [
+        .newDeviceVerificationTemporaryDismiss: .bool(true),
+        .newDeviceVerificationPermanentDismiss: .bool(true),
         .testLocalInitialBoolFlag: .bool(true),
         .testLocalInitialIntFlag: .int(42),
         .testLocalInitialStringFlag: .string("Test String"),
@@ -97,6 +105,8 @@ enum FeatureFlag: String, CaseIterable, Codable {
              .importLoginsFlow,
              .nativeCarouselFlow,
              .nativeCreateAccountFlow,
+             .newDeviceVerificationPermanentDismiss,
+             .newDeviceVerificationTemporaryDismiss,
              .testLocalFeatureFlag,
              .testLocalInitialBoolFlag,
              .testLocalInitialIntFlag,

@@ -307,6 +307,14 @@ protocol StateService: AnyObject {
     ///
     func getTimeoutAction(userId: String?) async throws -> SessionTimeoutAction
 
+    /// Gets the display state of the no-two-factor notice for a user ID.
+    ///
+    /// - Parameters:
+    ///   - userId: The user ID for the account; defaults to current active user if `nil`.
+    /// - Returns: The display state.
+    ///
+    func getTwoFactorNoticeDisplayState(userId: String?) async throws -> TwoFactorNoticeDisplayState
+
     /// Get the two-factor token (non-nil if the user selected the "remember me" option).
     ///
     /// - Parameter email: The user's email address.
@@ -642,6 +650,14 @@ protocol StateService: AnyObject {
     ///
     func setTimeoutAction(action: SessionTimeoutAction, userId: String?) async throws
 
+    /// Sets the user's no-two-factor notice display state for a userID.
+    ///
+    /// - Parameters:
+    ///   - state: The display state to set.
+    ///   - userId: The user ID associated with the state
+    ///
+    func setTwoFactorNoticeDisplayState(_ state: TwoFactorNoticeDisplayState, userId: String?) async throws
+
     /// Sets the user's two-factor token.
     ///
     /// - Parameters:
@@ -937,6 +953,14 @@ extension StateService {
         try await getTimeoutAction(userId: nil)
     }
 
+    /// Gets the display state of the no-two-factor notice for the current user.
+    ///
+    /// - Returns: The display state.
+    ///
+    func getTwoFactorNoticeDisplayState() async throws -> TwoFactorNoticeDisplayState {
+        try await getTwoFactorNoticeDisplayState(userId: nil)
+    }
+
     /// Sets the number of unsuccessful attempts to unlock the vault for the active account.
     ///
     /// - Returns: The number of unsuccessful unlock attempts for the active account.
@@ -1155,6 +1179,15 @@ extension StateService {
         try await setSyncToAuthenticator(syncToAuthenticator, userId: nil)
     }
 
+    /// Sets the display state for the no-two-factor notice
+    ///
+    /// - Parameters:
+    ///   - state: The state to set.
+    ///
+    func setTwoFactorNoticeDisplayState(state: TwoFactorNoticeDisplayState) async throws {
+        try await setTwoFactorNoticeDisplayState(state, userId: nil)
+    }
+
     /// Sets the session timeout action.
     ///
     /// - Parameter action: The action to take when the user's session times out.
@@ -1545,6 +1578,11 @@ actor DefaultStateService: StateService { // swiftlint:disable:this type_body_le
         return timeoutAction
     }
 
+    func getTwoFactorNoticeDisplayState(userId: String?) async throws -> TwoFactorNoticeDisplayState {
+        let userId = try userId ?? getActiveAccountUserId()
+        return appSettingsStore.twoFactorNoticeDisplayState(userId: userId)
+    }
+
     func getTwoFactorToken(email: String) async -> String? {
         appSettingsStore.twoFactorToken(email: email)
     }
@@ -1835,6 +1873,11 @@ actor DefaultStateService: StateService { // swiftlint:disable:this type_body_le
         appSettingsStore.setTimeoutAction(key: action, userId: userId)
     }
 
+    func setTwoFactorNoticeDisplayState(_ state: TwoFactorNoticeDisplayState, userId: String?) async throws {
+        let userId = try userId ?? getActiveAccountUserId()
+        appSettingsStore.setTwoFactorNoticeDisplayState(state, userId: userId)
+    }
+
     func setTwoFactorToken(_ token: String?, email: String) async {
         appSettingsStore.setTwoFactorToken(token, email: email)
     }

@@ -897,6 +897,27 @@ class StateServiceTests: BitwardenTestCase { // swiftlint:disable:this type_body
         XCTAssertEqual(action, .logout)
     }
 
+    /// `getTwoFactorNoticeDisplayState(userId:)` gets the display state of the two-factor notice for the user.
+    func test_getTwoFactorNoticeDisplayState() async throws {
+        appSettingsStore.setTwoFactorNoticeDisplayState(.canAccessEmail, userId: "[email protected]")
+
+        let value = try await subject.getTwoFactorNoticeDisplayState(userId: "[email protected]")
+        XCTAssertEqual(value, .canAccessEmail)
+    }
+
+    /// `getTwoFactorNoticeDisplayState()` gets the display state of the two-factor notice for the current user
+    /// and throws an error if there is no current user.
+    func test_getTwoFactorNoticeDisplayState_noId() async throws {
+        appSettingsStore.setTwoFactorNoticeDisplayState(.canAccessEmail, userId: "1")
+
+        do {
+            try await _ = subject.getTwoFactorNoticeDisplayState()
+            XCTFail("subject.getTwoFactorNoticeDisplayState() should throw an error if there is no active account")
+        } catch {
+            XCTAssertEqual(error as? StateServiceError, StateServiceError.noActiveAccount)
+        }
+    }
+
     /// `getTwoFactorToken(email:)` gets the two-factor code associated with the email.
     func test_getTwoFactorToken() async {
         appSettingsStore.setTwoFactorToken("yay_you_win!", email: "[email protected]")
@@ -1976,6 +1997,12 @@ class StateServiceTests: BitwardenTestCase { // swiftlint:disable:this type_body
         }
     }
 
+    /// `setTwoFactorNoticeDisplayState(_:userId:)` sets the display state of the two-factor notice for the user.
+    func test_setTwoFactorNoticeDisplayState() async throws {
+        try await subject.setTwoFactorNoticeDisplayState(.hasNotSeen, userId: "[email protected]")
+        XCTAssertEqual(appSettingsStore.twoFactorNoticeDisplayState(userId: "[email protected]"), .hasNotSeen)
+    }
+
     /// `setTwoFactorToken(_:email:)` sets the two-factor code for the email.
     func test_setTwoFactorToken() async {
         await subject.setTwoFactorToken("yay_you_win!", email: "[email protected]")

@@ -452,6 +452,14 @@ protocol AppSettingsStore: AnyObject {
     ///
     func setTimeoutAction(key: SessionTimeoutAction, userId: String)
 
+    /// Sets the display state for the two-factor notice.
+    ///
+    /// - Parameters:
+    ///   - state: The display state.
+    ///   - userId: The userID associated with the state.
+    ///
+    func setTwoFactorNoticeDisplayState(_ state: TwoFactorNoticeDisplayState, userId: String)
+
     /// Sets the two-factor token.
     ///
     /// - Parameters:
@@ -463,7 +471,7 @@ protocol AppSettingsStore: AnyObject {
     /// Sets the number of unsuccessful attempts to unlock the vault for a user ID.
     ///
     /// - Parameters:
-    ///  -  attempts: The number of unsuccessful unlock attempts..
+    ///  -  attempts: The number of unsuccessful unlock attempts.
     ///  -  userId: The user ID associated with the unsuccessful unlock attempts.
     ///
     func setUnsuccessfulUnlockAttempts(_ attempts: Int, userId: String)
@@ -513,6 +521,14 @@ protocol AppSettingsStore: AnyObject {
     ///
     func timeoutAction(userId: String) -> Int?
 
+    /// Get the display state of the no-two-factor notice for a user ID.
+    ///
+    /// - Parameters:
+    ///   - userId: The user ID associated with the state.
+    /// - Returns: The state for the user ID.
+    ///
+    func twoFactorNoticeDisplayState(userId: String) -> TwoFactorNoticeDisplayState
+
     /// Get the two-factor token associated with a user's email.
     ///
     /// - Parameter email: The user's email.
@@ -713,6 +729,7 @@ extension DefaultAppSettingsStore: AppSettingsStore {
         case shouldTrustDevice(userId: String)
         case syncToAuthenticator(userId: String)
         case state
+        case twoFactorNoticeDisplayState(userId: String)
         case twoFactorToken(email: String)
         case unsuccessfulUnlockAttempts(userId: String)
         case usernameGenerationOptions(userId: String)
@@ -806,6 +823,8 @@ extension DefaultAppSettingsStore: AppSettingsStore {
                 key = "state"
             case let .syncToAuthenticator(userId):
                 key = "shouldSyncToAuthenticator_\(userId)"
+            case let .twoFactorNoticeDisplayState(userId):
+                key = "twoFactorNoticeDisplayState_\(userId)"
             case let .twoFactorToken(email):
                 key = "twoFactorToken_\(email)"
             case let .unsuccessfulUnlockAttempts(userId):
@@ -1115,6 +1134,10 @@ extension DefaultAppSettingsStore: AppSettingsStore {
         store(key, for: .vaultTimeoutAction(userId: userId))
     }
 
+    func setTwoFactorNoticeDisplayState(_ state: TwoFactorNoticeDisplayState, userId: String) {
+        store(state, for: .twoFactorNoticeDisplayState(userId: userId))
+    }
+
     func setTwoFactorToken(_ token: String?, email: String) {
         store(token, for: .twoFactorToken(email: email))
     }
@@ -1139,6 +1162,10 @@ extension DefaultAppSettingsStore: AppSettingsStore {
         fetch(for: .vaultTimeoutAction(userId: userId))
     }
 
+    func twoFactorNoticeDisplayState(userId: String) -> TwoFactorNoticeDisplayState {
+        fetch(for: .twoFactorNoticeDisplayState(userId: userId)) ?? .hasNotSeen
+    }
+
     func twoFactorToken(email: String) -> String? {
         fetch(for: .twoFactorToken(email: email))
     }

@@ -856,6 +856,21 @@ class AppSettingsStoreTests: BitwardenTestCase { // swiftlint:disable:this type_
         XCTAssertFalse(userDefaults.bool(forKey: "bwPreferencesStorage:shouldSyncToAuthenticator_2"))
     }
 
+    /// `twoFactorNoticeDisplayState(userId:)` returns `.hasNotSeen` if there isn't a previously stored value.
+    func test_twoFactorNoticeDisplayState_isInitiallyNotSeen() {
+        XCTAssertEqual(subject.twoFactorNoticeDisplayState(userId: "[email protected]"), .hasNotSeen)
+    }
+
+    /// `twoFactorToken(email:)` can be used to get and set the persisted value in user defaults.
+    func test_twoFactorNoticeDisplayState_withValue() {
+        let date = Date()
+        subject.setTwoFactorNoticeDisplayState(.canAccessEmail, userId: "[email protected]")
+        subject.setTwoFactorNoticeDisplayState(.seen(date), userId: "[email protected]")
+
+        XCTAssertEqual(subject.twoFactorNoticeDisplayState(userId: "[email protected]"), .canAccessEmail)
+        XCTAssertEqual(subject.twoFactorNoticeDisplayState(userId: "[email protected]"), .seen(date))
+    }
+
     /// `twoFactorToken(email:)` returns `nil` if there isn't a previously stored value.
     func test_twoFactorToken_isInitiallyNil() {
         XCTAssertNil(subject.twoFactorToken(email: "[email protected]"))

@@ -48,6 +48,7 @@ class MockAppSettingsStore: AppSettingsStore { // swiftlint:disable:this type_bo
     var shouldTrustDevice = [String: Bool?]()
     var syncToAuthenticatorByUserId = [String: Bool]()
     var timeoutAction = [String: Int]()
+    var twoFactorNoticeDisplayState = [String: TwoFactorNoticeDisplayState]()
     var twoFactorTokens = [String: String]()
     var usesKeyConnector = [String: Bool]()
     var vaultTimeout = [String: Int]()
@@ -279,6 +280,14 @@ class MockAppSettingsStore: AppSettingsStore { // swiftlint:disable:this type_bo
         timeoutAction[userId] = key.rawValue
     }
 
+    func setTwoFactorNoticeDisplayState(_ state: TwoFactorNoticeDisplayState, userId: String) {
+        twoFactorNoticeDisplayState[userId] = state
+    }
+
+    func twoFactorNoticeDisplayState(userId: String) -> TwoFactorNoticeDisplayState {
+        twoFactorNoticeDisplayState[userId] ?? .hasNotSeen
+    }
+
     func setTwoFactorToken(_ token: String?, email: String) {
         twoFactorTokens[email] = token
     }

@@ -74,11 +74,13 @@ class MockStateService: StateService { // swiftlint:disable:this type_body_lengt
     var setAppRehydrationStateError: Error?
     var setBiometricAuthenticationEnabledResult: Result<Void, Error> = .success(())
     var setBiometricIntegrityStateError: Error?
+    var setTwoFactorNoticeDisplayStateError: Error?
     var settingsBadgeSubject = CurrentValueSubject<SettingsBadgeState, Never>(.fixture())
     var shouldTrustDevice = [String: Bool?]()
     var syncToAuthenticatorByUserId = [String: Bool]()
     var syncToAuthenticatorResult: Result<Void, Error> = .success(())
     var syncToAuthenticatorSubject = CurrentValueSubject<(String?, Bool), Never>((nil, false))
+    var twoFactorNoticeDisplayState = [String: TwoFactorNoticeDisplayState]()
     var twoFactorTokens = [String: String]()
     var unsuccessfulUnlockAttempts = [String: Int]()
     var updateProfileResponse: ProfileResponseModel?
@@ -324,6 +326,11 @@ class MockStateService: StateService { // swiftlint:disable:this type_body_lengt
         return timeoutAction[userId] ?? .lock
     }
 
+    func getTwoFactorNoticeDisplayState(userId: String?) async throws -> TwoFactorNoticeDisplayState {
+        let userId = try unwrapUserId(userId)
+        return twoFactorNoticeDisplayState[userId] ?? .hasNotSeen
+    }
+
     func getTwoFactorToken(email: String) async -> String? {
         twoFactorTokens[email]
     }
@@ -601,6 +608,14 @@ class MockStateService: StateService { // swiftlint:disable:this type_body_lengt
         accountTokens = Account.AccountTokens(accessToken: accessToken, refreshToken: refreshToken)
     }
 
+    func setTwoFactorNoticeDisplayState(_ state: TwoFactorNoticeDisplayState, userId: String?) async throws {
+        if let error = setTwoFactorNoticeDisplayStateError {
+            throw error
+        }
+        let userId = try unwrapUserId(userId)
+        twoFactorNoticeDisplayState[userId] = state
+    }
+
     func setTwoFactorToken(_ token: String?, email: String) async {
         twoFactorTokens[email] = token
     }

@@ -0,0 +1,45 @@
+// MARK: - Alert + TwoFactorNotice
+
+extension Alert {
+    // MARK: Methods
+
+    /// An alert that asks if the user wants to change their email
+    /// in a browser.
+    ///
+    /// - Parameters:
+    ///   - action: The action taken if they select continue.
+    /// - Returns: An alert that asks if the user wants to navigate to the change email page
+    ///
+    static func changeEmailAlert(action: @escaping () -> Void) -> Alert {
+        Alert(
+            title: Localizations.changeAccountEmail,
+            message: Localizations.changeEmailConfirmation,
+            alertActions: [
+                AlertAction(title: Localizations.cancel, style: .cancel),
+                AlertAction(title: Localizations.continue, style: .default) { _ in
+                    action()
+                },
+            ]
+        )
+    }
+
+    /// An alert that asks if the user wants to turn two-factor login on
+    /// in a browser.
+    ///
+    /// - Parameters:
+    ///   - action: The action taken if they select continue.
+    /// - Returns: An alert that asks if the user wants to navigate to the two-factor login setup page
+    ///
+    static func turnOnTwoFactorLoginAlert(action: @escaping () -> Void) -> Alert {
+        Alert(
+            title: Localizations.turnOnTwoStepLogin,
+            message: Localizations.turnOnTwoStepLoginConfirmation,
+            alertActions: [
+                AlertAction(title: Localizations.cancel, style: .cancel),
+                AlertAction(title: Localizations.continue, style: .default) { _ in
+                    action()
+                },
+            ]
+        )
+    }
+}