[PM-24290] Decrease intensive memory usage on iOS extensions by not syncing ASStore (#2046)

Author: fedemkr

BitwardenShared/Core/Autofill/Services/AutofillCredentialService+AppExtensionTests.swift

@@ -0,0 +1,202 @@
+// swiftlint:disable:this file_name
+
+import AuthenticationServices
+import BitwardenKit
+import BitwardenKitMocks
+import BitwardenSdk
+import TestHelpers
+import XCTest
+
+@testable import BitwardenShared
+
+/// The tests for `DefaultAutofillCredentialService` when the app context is `.appExtension`.
+/// This new file is needed given that the app context is necesary on `DefaultAutofillCredentialService`
+/// initialization to see if the subscription to the `VaultTimeoutService` is necessary. So it's easier to test
+/// having a new class test specifically for it.
+@MainActor
+class AutofillCredentialServiceAppExtensionTests: BitwardenTestCase {
+    // MARK: Properties
+
+    var appContextHelper: MockAppContextHelper!
+    var autofillCredentialServiceDelegate: MockAutofillCredentialServiceDelegate!
+    var cipherService: MockCipherService!
+    var clientService: MockClientService!
+    var credentialIdentityFactory: MockCredentialIdentityFactory!
+    var errorReporter: MockErrorReporter!
+    var eventService: MockEventService!
+    var fido2UserInterfaceHelperDelegate: MockFido2UserInterfaceHelperDelegate!
+    var fido2CredentialStore: MockFido2CredentialStore!
+    var fido2UserInterfaceHelper: MockFido2UserInterfaceHelper!
+    var identityStore: MockCredentialIdentityStore!
+    var pasteboardService: MockPasteboardService!
+    var stateService: MockStateService!
+    var timeProvider: MockTimeProvider!
+    var totpService: MockTOTPService!
+    var subject: DefaultAutofillCredentialService!
+    var vaultTimeoutService: MockVaultTimeoutService!
+
+    // MARK: Setup & Teardown
+
+    override func setUp() {
+        super.setUp()
+
+        appContextHelper = MockAppContextHelper()
+        appContextHelper.appContext = .appExtension
+
+        autofillCredentialServiceDelegate = MockAutofillCredentialServiceDelegate()
+        cipherService = MockCipherService()
+        clientService = MockClientService()
+        credentialIdentityFactory = MockCredentialIdentityFactory()
+        errorReporter = MockErrorReporter()
+        eventService = MockEventService()
+        fido2UserInterfaceHelperDelegate = MockFido2UserInterfaceHelperDelegate()
+        fido2CredentialStore = MockFido2CredentialStore()
+        fido2UserInterfaceHelper = MockFido2UserInterfaceHelper()
+        identityStore = MockCredentialIdentityStore()
+        pasteboardService = MockPasteboardService()
+        stateService = MockStateService()
+        timeProvider = MockTimeProvider(.currentTime)
+        totpService = MockTOTPService()
+        vaultTimeoutService = MockVaultTimeoutService()
+
+        subject = DefaultAutofillCredentialService(
+            appContextHelper: appContextHelper,
+            cipherService: cipherService,
+            clientService: clientService,
+            credentialIdentityFactory: credentialIdentityFactory,
+            errorReporter: errorReporter,
+            eventService: eventService,
+            fido2CredentialStore: fido2CredentialStore,
+            fido2UserInterfaceHelper: fido2UserInterfaceHelper,
+            identityStore: identityStore,
+            pasteboardService: pasteboardService,
+            stateService: stateService,
+            timeProvider: timeProvider,
+            totpService: totpService,
+            vaultTimeoutService: vaultTimeoutService,
+        )
+    }
+
+    override func tearDown() async throws {
+        try await super.tearDown()
+
+        appContextHelper = nil
+        autofillCredentialServiceDelegate = nil
+        cipherService = nil
+        clientService = nil
+        credentialIdentityFactory = nil
+        errorReporter = nil
+        eventService = nil
+        fido2UserInterfaceHelperDelegate = nil
+        fido2CredentialStore = nil
+        fido2UserInterfaceHelper = nil
+        identityStore = nil
+        pasteboardService = nil
+        stateService = nil
+        timeProvider = nil
+        totpService = nil
+        subject = nil
+        vaultTimeoutService = nil
+    }
+
+    // MARK: Tests
+
+    /// `syncIdentities(vaultLockStatus:)` doesn't update the credential identity store with the identities
+    /// from the user's vault when the app context is `.appExtension`.
+    func test_syncIdentities_appExtensionContext() { // swiftlint:disable:this function_body_length
+        prepareDataForIdentitiesReplacement()
+
+        vaultTimeoutService.vaultLockStatusSubject.send(VaultLockStatus(isVaultLocked: false, userId: "1"))
+
+        XCTAssertFalse(cipherService.fetchAllCiphersCalled)
+        XCTAssertFalse(credentialIdentityFactory.createCredentialIdentitiesMocker.called)
+        XCTAssertFalse(identityStore.replaceCredentialIdentitiesCalled)
+        XCTAssertNil(identityStore.replaceCredentialIdentitiesIdentities)
+    }
+
+    /// `updateCredentialsInStore()` replaces all identities in the identity Store correctly
+    /// for the active user ID.
+    func test_updateCredentialsInStore_succeedsActiveUserId() async throws {
+        prepareDataForIdentitiesReplacement()
+        stateService.activeAccount = .fixture(profile: .fixture(userId: "50"))
+
+        await subject.updateCredentialsInStore()
+        try await waitForAsync { [weak self] in
+            guard let self else { return false }
+            return identityStore.replaceCredentialIdentitiesIdentities != nil
+        }
+
+        XCTAssertEqual(
+            identityStore.replaceCredentialIdentitiesIdentities,
+            [
+                .password(PasswordCredentialIdentity(id: "1", uri: "bitwarden.com", username: "[email protected]")),
+                .password(PasswordCredentialIdentity(id: "3", uri: "example.com", username: "[email protected]")),
+            ],
+        )
+        XCTAssertEqual(subject.lastSyncedUserId, "50")
+    }
+
+    /// `updateCredentialsInStore()` logs error when it throws.
+    func test_updateCredentialsInStore_logOnThrow() async throws {
+        stateService.activeAccount = nil
+
+        await subject.updateCredentialsInStore()
+
+        XCTAssertNil(identityStore.replaceCredentialIdentitiesIdentities)
+        XCTAssertEqual(subject.lastSyncedUserId, nil)
+        XCTAssertEqual(errorReporter.errors as? [StateServiceError], [.noActiveAccount])
+    }
+
+    // MARK: Private methods
+
+    /// Prepares fixture data for identities replacement tests.
+    func prepareDataForIdentitiesReplacement() {
+        cipherService.fetchAllCiphersResult = .success([
+            .fixture(
+                id: "1",
+                login: .fixture(
+                    password: "password123",
+                    uris: [.fixture(uri: "bitwarden.com")],
+                    username: "[email protected]",
+                ),
+            ),
+            .fixture(id: "2", type: .identity),
+            .fixture(
+                id: "3",
+                login: .fixture(
+                    password: "123321",
+                    uris: [.fixture(uri: "example.com")],
+                    username: "[email protected]",
+                ),
+            ),
+            .fixture(deletedDate: .now, id: "4", type: .login),
+        ])
+
+        credentialIdentityFactory.createCredentialIdentitiesMocker
+            .withResult { cipher in
+                if cipher.id == "1" {
+                    [
+                        .password(
+                            PasswordCredentialIdentity(
+                                id: "1",
+                                uri: "bitwarden.com",
+                                username: "[email protected]",
+                            ),
+                        ),
+                    ]
+                } else if cipher.id == "3" {
+                    [
+                        .password(
+                            PasswordCredentialIdentity(
+                                id: "3",
+                                uri: "example.com",
+                                username: "[email protected]",
+                            ),
+                        ),
+                    ]
+                } else {
+                    []
+                }
+            }
+    }
+}

BitwardenShared/Core/Autofill/Services/AutofillCredentialService.swift

@@ -76,13 +76,21 @@ protocol AutofillCredentialService: AnyObject {
         autofillCredentialServiceDelegate: AutofillCredentialServiceDelegate,
         repromptPasswordValidated: Bool,
     ) async throws -> ASOneTimeCodeCredential
+
+    /// Updates all credential identities in the identity store with the current list of ciphers
+    /// for the current user.
+    ///
+    func updateCredentialsInStore() async
 }
 
 /// A default implementation of an `AutofillCredentialService`.
 ///
 class DefaultAutofillCredentialService {
     // MARK: Private Properties
 
+    /// Helper to know about the app context.
+    private let appContextHelper: AppContextHelper
+
     /// The service used to manage syncing and updates to the user's ciphers.
     private let cipherService: CipherService
 
@@ -109,7 +117,7 @@ class DefaultAutofillCredentialService {
     private let identityStore: CredentialIdentityStore
 
     /// The last user ID that had their identities synced.
-    private var lastSyncedUserId: String?
+    private(set) var lastSyncedUserId: String?
 
     /// The service used to manage copy/pasting from the device's clipboard.
     private let pasteboardService: PasteboardService
@@ -135,6 +143,7 @@ class DefaultAutofillCredentialService {
     /// Initialize an `AutofillCredentialService`.
     ///
     /// - Parameters:
+    ///   - appContextHelper: The helper to know about the app context.
     ///   - cipherService: The service used to manage syncing and updates to the user's ciphers.
     ///   - clientService: The service that handles common client functionality such as encryption and decryption.
     ///   - credentialIdentityFactory: The factory to create credential identities.
@@ -151,6 +160,7 @@ class DefaultAutofillCredentialService {
     ///   - vaultTimeoutService: The service used to manage vault access.
     ///
     init(
+        appContextHelper: AppContextHelper,
         cipherService: CipherService,
         clientService: ClientService,
         credentialIdentityFactory: CredentialIdentityFactory,
@@ -165,6 +175,7 @@ class DefaultAutofillCredentialService {
         totpService: TOTPService,
         vaultTimeoutService: VaultTimeoutService,
     ) {
+        self.appContextHelper = appContextHelper
         self.cipherService = cipherService
         self.clientService = clientService
         self.credentialIdentityFactory = credentialIdentityFactory
@@ -179,6 +190,10 @@ class DefaultAutofillCredentialService {
         self.totpService = totpService
         self.vaultTimeoutService = vaultTimeoutService
 
+        guard appContextHelper.appContext == .mainApp else {
+            return
+        }
+
         Task {
             for await vaultLockStatus in await self.vaultTimeoutService.vaultLockStatusPublisher().values {
                 syncIdentities(vaultLockStatus: vaultLockStatus)
@@ -419,6 +434,15 @@ extension DefaultAutofillCredentialService: AutofillCredentialService {
         return ASOneTimeCodeCredential(code: code.code)
     }
 
+    func updateCredentialsInStore() async {
+        do {
+            let userId = try await stateService.getActiveAccountId()
+            await replaceAllIdentities(userId: userId)
+        } catch {
+            errorReporter.log(error: error)
+        }
+    }
+
     // MARK: Private
 
     /// Checks if the vault is locked, unlocking if never session timeout and gets the decrypted cipher

BitwardenShared/Core/Autofill/Services/AutofillCredentialServiceTests.swift

@@ -11,6 +11,7 @@ import XCTest
 class AutofillCredentialServiceTests: BitwardenTestCase { // swiftlint:disable:this type_body_length
     // MARK: Properties
 
+    var appContextHelper: MockAppContextHelper!
     var autofillCredentialServiceDelegate: MockAutofillCredentialServiceDelegate!
     var cipherService: MockCipherService!
     var clientService: MockClientService!
@@ -33,6 +34,7 @@ class AutofillCredentialServiceTests: BitwardenTestCase { // swiftlint:disable:t
     override func setUp() {
         super.setUp()
 
+        appContextHelper = MockAppContextHelper()
         autofillCredentialServiceDelegate = MockAutofillCredentialServiceDelegate()
         cipherService = MockCipherService()
         clientService = MockClientService()
@@ -50,6 +52,7 @@ class AutofillCredentialServiceTests: BitwardenTestCase { // swiftlint:disable:t
         vaultTimeoutService = MockVaultTimeoutService()
 
         subject = DefaultAutofillCredentialService(
+            appContextHelper: appContextHelper,
             cipherService: cipherService,
             clientService: clientService,
             credentialIdentityFactory: credentialIdentityFactory,
@@ -75,6 +78,7 @@ class AutofillCredentialServiceTests: BitwardenTestCase { // swiftlint:disable:t
     override func tearDown() async throws {
         try await super.tearDown()
 
+        appContextHelper = nil
         autofillCredentialServiceDelegate = nil
         cipherService = nil
         clientService = nil

BitwardenShared/Core/Autofill/Services/TestHelpers/MockAutofillCredentialService.swift

@@ -12,6 +12,7 @@ class MockAutofillCredentialService: AutofillCredentialService {
     var provideCredentialError: Error?
     var provideFido2CredentialResult: Result<PasskeyAssertionCredential, Error> = .failure(BitwardenTestError.example)
     var provideOTPCredentialResult: Result<OneTimeCodeCredential, Error> = .failure(BitwardenTestError.example)
+    var updateCredentialsInStoreCalled = false
 
     func isAutofillCredentialsEnabled() async -> Bool {
         isAutofillCredentialsEnabled
@@ -65,6 +66,10 @@ class MockAutofillCredentialService: AutofillCredentialService {
         }
         return credential
     }
+
+    func updateCredentialsInStore() async {
+        updateCredentialsInStoreCalled = true
+    }
 }
 
 // MARK: - PasskeyAssertionCredential

BitwardenShared/Core/Platform/Services/ServiceContainer.swift

@@ -807,6 +807,7 @@ public class ServiceContainer: Services { // swiftlint:disable:this type_body_le
 
         let credentialIdentityFactory = DefaultCredentialIdentityFactory()
         let autofillCredentialService = DefaultAutofillCredentialService(
+            appContextHelper: appContextHelper,
             cipherService: cipherService,
             clientService: clientService,
             credentialIdentityFactory: credentialIdentityFactory,

BitwardenShared/UI/Platform/ExtensionSetup/ExtensionActivation/ExtensionActivationEffect.swift

@@ -0,0 +1,8 @@
+// MARK: - ExtensionActivationEffect
+
+/// Effects that can be performed by a `ExtensionActivationProcessor`.
+///
+enum ExtensionActivationEffect: Equatable {
+    /// The view appeared on screen.
+    case appeared
+}

BitwardenShared/UI/Platform/ExtensionSetup/ExtensionActivation/ExtensionActivationProcessor.swift

@@ -5,11 +5,13 @@
 class ExtensionActivationProcessor: StateProcessor<
     ExtensionActivationState,
     ExtensionActivationAction,
-    Void,
+    ExtensionActivationEffect,
 > {
     // MARK: Types
 
-    typealias Services = HasConfigService
+    typealias Services = HasAutofillCredentialService
+        & HasConfigService
+        & HasErrorReporter
 
     // MARK: Private Properties
 
@@ -40,6 +42,13 @@ class ExtensionActivationProcessor: StateProcessor<
 
     // MARK: Methods
 
+    override func perform(_ effect: ExtensionActivationEffect) async {
+        switch effect {
+        case .appeared:
+            await services.autofillCredentialService.updateCredentialsInStore()
+        }
+    }
+
     override func receive(_ action: ExtensionActivationAction) {
         switch action {
         case .cancelTapped: