bitwarden
[PM-6037] Fix process reload not triggering on inactive account lock/logout
đī¸ Tracking
https://bitwarden.atlassian.net/browse/PM-6037
đ Objective
When logging out inactive accounts, no process reload is triggered, keeping auth tokens in renderer process memory. This is because the authservice specifically filtered for the active userId. This PR removes that check, ensuring process reloads for inactive accounts.
It seems that the loggedOut message was only called for the active user Id because it also changes the notification service connection status. Because of this, we now pass the userId-to-be-logged-out in the message, and compare this against the active userId in the message handler.
â° Reminders before review
- Contributor guidelines followed
- All formatters and local linters executed and passed
- Written new unit and / or integration tests where applicable
- Protected functional changes with optionality (feature flags)
- Used internationalization (i18n) for all UI strings
- CI builds passed
- Communicated to DevOps any deployment requirements
- Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team
đĻŽ Reviewer guidelines
- đ (
:+1:) or similar for great changes - đ (
:memo:) or âšī¸ (:information_source:) for notes or general info - â (
:question:) for questions - đ¤ (
:thinking:) or đ (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - đ¨ (
:art:) for suggestions / improvements - â (
:x:) or â ī¸ (:warning:) for more significant problems or concerns needing attention - đą (
:seedling:) or âģī¸ (:recycle:) for future improvements or indications of technical debt - â (
:pick:) for minor or nitpick changes
Codecov Report
Attention: Patch coverage is 0% with 7 lines in your changes missing coverage. Please review.
Project coverage is 35.11%. Comparing base (
0080fcc) to head (bdf4ae2). Report is 1 commits behind head on main.
:white_check_mark: All tests successful. No failed tests found.
Additional details and impacted files
@@ Coverage Diff @@
## main #9805 +/- ##
==========================================
- Coverage 35.12% 35.11% -0.01%
==========================================
Files 2691 2691
Lines 83765 83767 +2
Branches 15919 15921 +2
==========================================
- Hits 29421 29415 -6
- Misses 53376 53384 +8
Partials 968 968
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Checkmarx One â Scan Summary & Details â 98aa00ec-2ed3-405d-a5f7-c0ac9cd653c1
No New Or Fixed Issues Found
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I'll note the appcomponent broadcaster logic seems to be deprecated, but refactoring the process reload / lock events seems like a different task, so I made the (limited) changes here. We should revisit this logic at some point though.
I think there is this ticket https://bitwarden.atlassian.net/browse/PM-8544 to investigate the browsers logic related to logout, and this comment:
https://github.com/bitwarden/clients/blob/93a57e6724abdf4d59d1663f8c5ad9659f2a910c/apps/browser/src/popup/app.component.ts#L92
In a brief test, a timeout setting on a non-active account (the only way on browser to get a lock/logout on an inactive account that I know of), did seem to trigger a process reload / the popup to get closed.
Looks like @jlf0dev got removed from the auth team and no longer counts as a reviewer for them, re-requested auth-dev
