[PM-14579] Fix maintaining vault locked on timeout Never.

[fedemkr]

🎟️ Tracking

PM-14579

📔 Objective

Fix issue where when session timeout is Never and the user manually locked the vault, the vault was being automatically unlocked when closing and opening back the app again.
So the behavior now is that if the user manually locks the vault then it remains locked no matter the session timeout.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[matt-livefront]

🤔 Instead of storing a bool for this case, would it also work to delete the never lock key if you manually lock the vault? And then restore it when you unlock the vault? Would there be any downsides to that?

[github-actions]

Checkmarx One – Scan Summary & Details – 212d0155-a545-4db9-becd-b8e5a1548b09

No New Or Fixed Issues Found

[fedemkr]

👍 Yeah, really nice improvement thanks. I'll implement that and also make the adjustments so this also impacts on the autofill extension logic.

[fedemkr]

ℹ️ After discussing it with @matt-livefront , the isManuallyLocked flag approach is the chosen one instead of removing the never lock key because it could cause some undesired side effects. Particularly, the next scenario would fail:
Given the removal of the never lock key, then it could logout the user here because until the never lock key is recreated, the getSessionTimeout would return fifteenMinutes and if more than 15 minutes have passed then it would trigger that logic to logout the user.
Also, it feels safer to use the flag as it's explicit in code and easier to know what is happening and less error prone on future additions to the flows.

[codecov]

Codecov Report

Attention: Patch coverage is 98.27586% with 1 line in your changes missing coverage. Please review.

Please upload report for BASE (release/2024.11-rc1@e6cf148). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
...Shared/Core/Auth/Repositories/AuthRepository.swift	95.23%	1 Missing ⚠️

Additional details and impacted files

@@                  Coverage Diff                   @@
##             release/2024.11-rc1    #1121   +/-   ##
======================================================
  Coverage                       ?   89.42%           
======================================================
  Files                          ?      679           
  Lines                          ?    43067           
  Branches                       ?        0           
======================================================
  Hits                           ?    38513           
  Misses                         ?     4554           
  Partials                       ?        0           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[matt-livefront]

Looks good!