bitwarden_auth/login/models/
trusted_device_user_decryption_option.rs

1use bitwarden_crypto::{EncString, UnsignedSharedKey};
2use serde::{Deserialize, Serialize};
3
4use crate::login::api::response::TrustedDeviceUserDecryptionOptionApiResponse;
5
6/// SDK domain model for Trusted Device user decryption option.
7#[derive(Serialize, Deserialize, Debug, Clone, PartialEq)]
8#[serde(rename_all = "camelCase")]
9#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
10#[cfg_attr(
11    feature = "wasm",
12    derive(tsify::Tsify),
13    tsify(into_wasm_abi, from_wasm_abi)
14)]
15pub struct TrustedDeviceUserDecryptionOption {
16    /// Whether the user has admin approval for device login.
17    pub has_admin_approval: bool,
18
19    /// Whether the user has a device that can approve logins.
20    pub has_login_approving_device: bool,
21
22    /// Whether the user has permission to manage password reset for other users.
23    pub has_manage_reset_password_permission: bool,
24
25    /// Whether the user is in TDE offboarding.
26    pub is_tde_offboarding: bool,
27
28    /// The device key encrypted device private key. Only present if the device is trusted.
29    #[serde(skip_serializing_if = "Option::is_none")]
30    pub encrypted_private_key: Option<EncString>,
31
32    /// The device private key encrypted user key. Only present if the device is trusted.
33    #[serde(skip_serializing_if = "Option::is_none")]
34    pub encrypted_user_key: Option<UnsignedSharedKey>,
35}
36
37impl From<TrustedDeviceUserDecryptionOptionApiResponse> for TrustedDeviceUserDecryptionOption {
38    fn from(api: TrustedDeviceUserDecryptionOptionApiResponse) -> Self {
39        Self {
40            has_admin_approval: api.has_admin_approval,
41            has_login_approving_device: api.has_login_approving_device,
42            has_manage_reset_password_permission: api.has_manage_reset_password_permission,
43            is_tde_offboarding: api.is_tde_offboarding,
44            encrypted_private_key: api.encrypted_private_key,
45            encrypted_user_key: api.encrypted_user_key,
46        }
47    }
48}
49
50#[cfg(test)]
51mod tests {
52    use super::*;
53
54    #[test]
55    fn test_trusted_device_conversion() {
56        let api = TrustedDeviceUserDecryptionOptionApiResponse {
57            has_admin_approval: true,
58            has_login_approving_device: false,
59            has_manage_reset_password_permission: true,
60            is_tde_offboarding: false,
61            encrypted_private_key: Some("2.pMS6/icTQABtulw52pq2lg==|XXbxKxDTh+mWiN1HjH2N1w==|Q6PkuT+KX/axrgN9ubD5Ajk2YNwxQkgs3WJM0S0wtG8=".parse().unwrap()),
62            encrypted_user_key: Some("4.ZheRb3PCfAunyFdQYPfyrFqpuvmln9H9w5nDjt88i5A7ug1XE0LJdQHCIYJl0YOZ1gCOGkhFu/CRY2StiLmT3iRKrrVBbC1+qRMjNNyDvRcFi91LWsmRXhONVSPjywzrJJXglsztDqGkLO93dKXNhuKpcmtBLsvgkphk/aFvxbaOvJ/FHdK/iV0dMGNhc/9tbys8laTdwBlI5xIChpRcrfH+XpSFM88+Bu03uK67N9G6eU1UmET+pISJwJvMuIDMqH+qkT7OOzgL3t6I0H2LDj+CnsumnQmDsvQzDiNfTR0IgjpoE9YH2LvPXVP2wVUkiTwXD9cG/E7XeoiduHyHjw==".parse().unwrap()),
63        };
64
65        let domain: TrustedDeviceUserDecryptionOption = api.clone().into();
66
67        assert_eq!(domain.has_admin_approval, api.has_admin_approval);
68        assert_eq!(
69            domain.has_login_approving_device,
70            api.has_login_approving_device
71        );
72        assert_eq!(
73            domain.has_manage_reset_password_permission,
74            api.has_manage_reset_password_permission
75        );
76        assert_eq!(domain.is_tde_offboarding, api.is_tde_offboarding);
77        assert_eq!(domain.encrypted_private_key, api.encrypted_private_key);
78        assert_eq!(domain.encrypted_user_key, api.encrypted_user_key);
79    }
80}