Fix issue where non-SSO users are forced into an SSO flow (#951)

bitwarden · Sep 20, 2024 · a26d0c7 · a26d0c7
1 parent 3a02b1d
commit a26d0c7
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 2 deletions.
diff --git a/BitwardenShared/UI/Auth/AuthRouterTests.swift b/BitwardenShared/UI/Auth/AuthRouterTests.swift
@@ -155,6 +155,43 @@ final class AuthRouterTests: BitwardenTestCase { // swiftlint:disable:this type_
         XCTAssertEqual(route, .enterpriseSingleSignOn(email: "[email protected]"))
     }
 
+    /// `handleAndRoute(_ :)` redirects `.accountBecameActive()` to `.vaultUnlock`
+    /// when the user profile has no user decryption options.
+    func test_handleAndRoute_accountBecameActive_noUserDecryptionOptions() async {
+        let active = Account.fixture(
+            profile: .fixture(
+                userDecryptionOptions: nil
+            )
+        )
+        stateService.activeAccount = active
+
+        biometricsRepository.biometricUnlockStatus = .success(
+            .available(.faceID, enabled: true, hasValidIntegrity: false)
+        )
+        stateService.isAuthenticated = [
+            active.profile.userId: true,
+        ]
+        authRepository.isLockedResult = .success(true)
+
+        let route = await subject.handleAndRoute(
+            .accountBecameActive(
+                active,
+                animated: true,
+                attemptAutomaticBiometricUnlock: true,
+                didSwitchAccountAutomatically: false
+            )
+        )
+        XCTAssertEqual(
+            route,
+            .vaultUnlock(
+                active,
+                animated: true,
+                attemptAutomaticBiometricUnlock: true,
+                didSwitchAccountAutomatically: false
+            )
+        )
+    }
+
     /// `handleAndRoute(_ :)` redirects `.accountBecameActive()` to `.vaultUnlock` when checking if
     /// an account is authenticated fails.
     func test_handleAndRoute_accountBecameActive_logout_isAuthenticatedError() async {

diff --git a/BitwardenShared/UI/Auth/Extensions/AuthRouter+Redirects.swift b/BitwardenShared/UI/Auth/Extensions/AuthRouter+Redirects.swift
@@ -335,7 +335,7 @@ extension AuthRouter {
     /// - Parameters:
     ///    - activeAccount: The active account.
     ///    - animated: If the suggested route can be animated, use this value.
-    ///    - shouldAttemptAutomaticBiometricUnlock: If the route uses automatic bioemtrics unlock,
+    ///    - shouldAttemptAutomaticBiometricUnlock: If the route uses automatic biometrics unlock,
     ///      this value enables or disables the feature.
     ///    - shouldAttemptAccountSwitch: Should the application automatically switch accounts for the user?
     /// - Returns: A suggested route for the active account with state pre-configured.
@@ -364,7 +364,7 @@ extension AuthRouter {
                     return .landingSoftLoggedOut(email: activeAccount.profile.email)
                 }
 
-                let hasMasterPassword = activeAccount.profile.userDecryptionOptions?.hasMasterPassword == true
+                let hasMasterPassword = activeAccount.profile.userDecryptionOptions?.hasMasterPassword ?? true
 
                 if !hasMasterPassword {
                     let biometricUnlockStatus = try await services.biometricsRepository.getBiometricUnlockStatus()