Merge branch 'main' into km/pin-unlock

Author: quexten

.github/workflows/build-android.yml

@@ -6,6 +6,11 @@ on:
     branches:
       - "main"
   workflow_dispatch:
+    inputs:
+      update-android-repo:
+        description: "Update Android Repo - Opens a PR updating the SDK in bitwarden/android"
+        type: boolean
+        default: false
 
 defaults:
   run:
@@ -59,6 +64,9 @@ jobs:
     name: Combine
     runs-on: ubuntu-24.04
     needs: build
+    outputs:
+      sdk-package-id: ${{ steps.publish.outputs.sdk-package-id }}
+      sdk-version: ${{ steps.publish.outputs.sdk-version }}
     permissions:
       contents: read
       packages: write
@@ -118,7 +126,53 @@ jobs:
           ./gradlew build --warning-mode all --stacktrace
 
       - name: Publish
+        id: publish
         run: ./gradlew sdk:publish
         working-directory: crates/bitwarden-uniffi/kotlin
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  update:
+    name: Trigger SDK update in Android repo
+    runs-on: ubuntu-24.04
+    if: (github.ref == 'refs/heads/main' && github.event_name == 'push') || inputs.update-android-repo
+    needs: combine
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Log in to Azure
+        uses: bitwarden/gh-actions/azure-login@main
+        with:
+          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
+          client_id: ${{ secrets.AZURE_CLIENT_ID }}
+
+      - name: Get Azure Key Vault secrets
+        id: get-kv-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: gh-org-bitwarden
+          secrets: "BW-GHAPP-ID,BW-GHAPP-KEY"
+
+      - name: Log out from Azure
+        uses: bitwarden/gh-actions/azure-logout@main
+
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.1
+        id: app-token
+        with:
+          app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
+          private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
+          owner: bitwarden
+          repositories: android
+          permission-actions: write
+
+      - name: Call SDLC SDK Update workflow in Android repo
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          _SDK_PACKAGE: ${{ needs.combine.outputs.sdk-package-id }}
+          _SDK_VERSION: ${{ needs.combine.outputs.sdk-version }}
+        run: |
+          echo "🚀 Triggering sdlc-sdk-update.yml workflow in bitwarden/android repo..."
+          gh workflow run sdlc-sdk-update.yml --repo bitwarden/android --ref main -f run-mode=Update -f sdk-package=$_SDK_PACKAGE -f sdk-version=$_SDK_VERSION

.husky/pre-commit

@@ -0,0 +1 @@
+npx lint-staged

Cargo.lock

@@ -26,6 +26,7 @@ bitwarden-cli = { path = "crates/bitwarden-cli", version = "=1.0.0" }
 bitwarden-collections = { path = "crates/bitwarden-collections", version = "=1.0.0" }
 bitwarden-core = { path = "crates/bitwarden-core", version = "=1.0.0" }
 bitwarden-crypto = { path = "crates/bitwarden-crypto", version = "=1.0.0" }
+bitwarden-encoding = { path = "crates/bitwarden-encoding", version = "=1.0.0" }
 bitwarden-error = { path = "crates/bitwarden-error", version = "=1.0.0" }
 bitwarden-error-macro = { path = "crates/bitwarden-error-macro", version = "=1.0.0" }
 bitwarden-exporters = { path = "crates/bitwarden-exporters", version = "=1.0.0" }
@@ -49,6 +50,7 @@ chrono = { version = ">=0.4.26, <0.5", features = [
     "serde",
     "std",
 ], default-features = false }
+data-encoding = ">=2.0, <3"
 js-sys = { version = ">=0.3.72, <0.4" }
 log = ">=0.4.18, <0.5"
 proc-macro2 = ">=1.0.89, <2"

Cargo.toml

@@ -63,9 +63,9 @@ are:
 
 ## API Bindings
 
-We autogenerate the server bindings
-using[openapi-generator](https://github.com/OpenAPITools/openapi-generator). To do this, we first
-need to build the internal swagger documentation.
+We autogenerate the server bindings using
+[openapi-generator](https://github.com/OpenAPITools/openapi-generator). To do this, we first need to
+build the internal swagger documentation.
 
 ### Swagger generation
 

README.md

@@ -1,5 +1,5 @@
 use bitwarden_api_api::models::ProjectCreateRequestModel;
-use bitwarden_core::{key_management::SymmetricKeyId, Client};
+use bitwarden_core::{key_management::SymmetricKeyId, Client, OrganizationId};
 use bitwarden_crypto::PrimitiveEncryptable;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
@@ -28,7 +28,7 @@ pub(crate) async fn create_project(
     input.validate()?;
 
     let key_store = client.internal.get_key_store();
-    let key = SymmetricKeyId::Organization(input.organization_id);
+    let key = SymmetricKeyId::Organization(OrganizationId::new(input.organization_id));
 
     let project = Some(ProjectCreateRequestModel {
         name: input

bitwarden_license/bitwarden-sm/src/projects/create.rs

@@ -1,7 +1,7 @@
 use bitwarden_api_api::models::ProjectResponseModel;
 use bitwarden_core::{
     key_management::{KeyIds, SymmetricKeyId},
-    require,
+    require, OrganizationId,
 };
 use bitwarden_crypto::{Decryptable, EncString, KeyStoreContext};
 use chrono::{DateTime, Utc};
@@ -28,7 +28,7 @@ impl ProjectResponse {
         ctx: &mut KeyStoreContext<KeyIds>,
     ) -> Result<Self, SecretsManagerError> {
         let organization_id = require!(response.organization_id);
-        let key = SymmetricKeyId::Organization(organization_id);
+        let key = SymmetricKeyId::Organization(OrganizationId::new(organization_id));
 
         let name = require!(response.name)
             .parse::<EncString>()?

bitwarden_license/bitwarden-sm/src/projects/project_response.rs

@@ -1,5 +1,5 @@
 use bitwarden_api_api::models::ProjectUpdateRequestModel;
-use bitwarden_core::{key_management::SymmetricKeyId, Client};
+use bitwarden_core::{key_management::SymmetricKeyId, Client, OrganizationId};
 use bitwarden_crypto::PrimitiveEncryptable;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
@@ -30,7 +30,7 @@ pub(crate) async fn update_project(
     input.validate()?;
 
     let key_store = client.internal.get_key_store();
-    let key = SymmetricKeyId::Organization(input.organization_id);
+    let key = SymmetricKeyId::Organization(OrganizationId::new(input.organization_id));
 
     let project = Some(ProjectUpdateRequestModel {
         name: input

bitwarden_license/bitwarden-sm/src/projects/update.rs

@@ -1,5 +1,5 @@
 use bitwarden_api_api::models::SecretCreateRequestModel;
-use bitwarden_core::{key_management::SymmetricKeyId, Client};
+use bitwarden_core::{key_management::SymmetricKeyId, Client, OrganizationId};
 use bitwarden_crypto::PrimitiveEncryptable;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
@@ -36,7 +36,7 @@ pub(crate) async fn create_secret(
     input.validate()?;
 
     let key_store = client.internal.get_key_store();
-    let key = SymmetricKeyId::Organization(input.organization_id);
+    let key = SymmetricKeyId::Organization(OrganizationId::new(input.organization_id));
 
     let secret = {
         let mut ctx = key_store.context();

bitwarden_license/bitwarden-sm/src/secrets/create.rs

@@ -4,7 +4,7 @@ use bitwarden_api_api::models::{
 use bitwarden_core::{
     client::Client,
     key_management::{KeyIds, SymmetricKeyId},
-    require,
+    require, OrganizationId,
 };
 use bitwarden_crypto::{Decryptable, EncString, KeyStoreContext};
 use schemars::JsonSchema;
@@ -99,7 +99,7 @@ impl SecretIdentifierResponse {
         ctx: &mut KeyStoreContext<KeyIds>,
     ) -> Result<SecretIdentifierResponse, SecretsManagerError> {
         let organization_id = require!(response.organization_id);
-        let enc_key = SymmetricKeyId::Organization(organization_id);
+        let enc_key = SymmetricKeyId::Organization(OrganizationId::new(organization_id));
 
         let key = require!(response.key)
             .parse::<EncString>()?