[PM-11941] Migrate TOTP Generator to use SDK

[gbubemismith]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-11941

📔 Objective

Migrate Totp Generation service to use sdk. This PR depends on bitwarden/sdk-internal#126

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – fdb7ba19-84f3-41db-8444-cbea37edae1b

New Issues (13)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Client_Privacy_Violation	/apps/desktop/src/vault/app/vault/view.component.html: 497	details Method view_component at line 497 of /apps/desktop/src/vault/app/vault/view.component.html sends user information outside the application. This may... Attack Vector
	Client_Privacy_Violation	/apps/desktop/src/vault/app/vault/view.component.html: 497	details Method view_component at line 497 of /apps/desktop/src/vault/app/vault/view.component.html sends user information outside the application. This may... Attack Vector
	Client_Privacy_Violation	/apps/desktop/src/vault/app/vault/view.component.html: 497	details Method view_component at line 497 of /apps/desktop/src/vault/app/vault/view.component.html sends user information outside the application. This may... Attack Vector
	Client_Privacy_Violation	/apps/desktop/src/vault/app/vault/view.component.html: 470	details Method view_component at line 470 of /apps/desktop/src/vault/app/vault/view.component.html sends user information outside the application. This may... Attack Vector
	Client_Privacy_Violation	/apps/desktop/src/vault/app/vault/view.component.html: 470	details Method view_component at line 470 of /apps/desktop/src/vault/app/vault/view.component.html sends user information outside the application. This may... Attack Vector
	Client_Privacy_Violation	/apps/desktop/src/vault/app/vault/view.component.html: 470	details Method view_component at line 470 of /apps/desktop/src/vault/app/vault/view.component.html sends user information outside the application. This may... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/individual-vault/view.component.ts: 80	details Method at line 80 of /apps/web/src/app/vault/individual-vault/view.component.ts sends user information outside the application. This may constitut... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/individual-vault/view.component.ts: 80	details Method at line 80 of /apps/web/src/app/vault/individual-vault/view.component.ts sends user information outside the application. This may constitut... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/individual-vault/view.component.ts: 80	details Method at line 80 of /apps/web/src/app/vault/individual-vault/view.component.ts sends user information outside the application. This may constitut... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/individual-vault/view.component.ts: 106	details Method ngOnInit at line 106 of /apps/web/src/app/vault/individual-vault/view.component.ts sends user information outside the application. This may ... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/individual-vault/view.component.ts: 106	details Method ngOnInit at line 106 of /apps/web/src/app/vault/individual-vault/view.component.ts sends user information outside the application. This may ... Attack Vector
	Client_Privacy_Violation	/apps/web/src/app/vault/individual-vault/view.component.ts: 106	details Method ngOnInit at line 106 of /apps/web/src/app/vault/individual-vault/view.component.ts sends user information outside the application. This may ... Attack Vector
	Client_Privacy_Violation	/apps/browser/src/autofill/background/overlay.background.ts: 696	details Method buildCipherData at line 696 of /apps/browser/src/autofill/background/overlay.background.ts sends user information outside the application. T... Attack Vector

Fixed Issues (4)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Client_Privacy_Violation	/apps/browser/src/autofill/background/overlay.background.ts: 695
	Client_Privacy_Violation	/apps/browser/src/autofill/background/overlay.background.ts: 696
	Client_Privacy_Violation	/libs/vault/src/components/totp-countdown/totp-countdown.component.ts: 17
	Client_Privacy_Violation	/libs/vault/src/components/totp-countdown/totp-countdown.component.ts: 16

[coroiu]

I think this PR is good for approval but you'll need to merge the SDK PR first and then update package.json in this PR to point to pull in the new TOTP functionality. Re-request a review from me then and I'll approve this PR 👍

[coroiu]

question(non-blocking): are we defining the type here but not using it here? It seems the implementation for mapping TotpResponse to TotpInfo is in view.component.ts?

[gbubemismith]

totp-countdown.component.ts also uses it

[codecov]

Codecov Report

Attention: Patch coverage is 27.11864% with 43 lines in your changes missing coverage. Please review.

Project coverage is 35.17%. Comparing base (543cf0f) to head (0a0a85d).
Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...ponents/totp-countdown/totp-countdown.component.ts	9.09%	10 Missing ⚠️
...c/app/vault/individual-vault/add-edit.component.ts	0.00%	7 Missing ⚠️
...ibs/angular/src/vault/components/view.component.ts	0.00%	6 Missing ⚠️
...wser/src/autofill/background/overlay.background.ts	28.57%	1 Missing and 4 partials ⚠️
...pps/desktop/src/vault/app/vault/vault.component.ts	0.00%	4 Missing ⚠️
apps/cli/src/commands/get.command.ts	0.00%	3 Missing ⚠️
.../src/app/vault/individual-vault/vault.component.ts	0.00%	2 Missing ⚠️
...pps/web/src/app/vault/org-vault/vault.component.ts	0.00%	2 Missing ⚠️
...bs/vault/src/services/copy-cipher-field.service.ts	50.00%	1 Missing and 1 partial ⚠️
apps/browser/src/background/main.background.ts	0.00%	1 Missing ⚠️
... and 1 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #12987      +/-   ##
==========================================
- Coverage   35.20%   35.17%   -0.03%     
==========================================
  Files        3126     3126              
  Lines       92563    92456     -107     
  Branches    16857    16831      -26     
==========================================
- Hits        32590    32526      -64     
+ Misses      57516    57478      -38     
+ Partials     2457     2452       -5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coroiu]

LGTM 👍

[jprusik]

Is totpResponse guaranteed to have a code property in this scenario (and elsewhere)?

[gbubemismith]

I think this is a similar question to this #12987 (comment), it is not guaranteed. How would you prefer errors in this scenario to be handled in the autofill context?

[jprusik]

Naively, I'd probably do something like

const totpResponse = await firstValueFrom(this.totpService.getCode$(cipher.login.totp));

if (totpResponse?.code) {
  this.platformUtilsService.copyToClipboard();
} else {
  /* 
  let the user know the copy didn't happen in whatever way 
  makes sense for the context (toast, console error, etc)
  */
}

[jprusik]

readability nit:

Suggested change

	let totpValue = (
	await firstValueFrom(this.totpService.getCode$(options.cipher.login.totp))
	).code;
	const totpResponse = await firstValueFrom(
	this.totpService.getCode$(options.cipher.login.totp),
	);
	let totpValue = totpResponse.code;

[gbubemismith]

Thanks

[jprusik]

One small question, otherwise LGTM for Autofill concerns