[PM-22515] Update cipher decrypt list to return successful decryptions and failure metadata (#332)

Author: gbubemismith

crates/bitwarden-crypto/src/store/mod.rs

@@ -24,7 +24,7 @@
 
 use std::sync::{Arc, RwLock};
 
-use rayon::prelude::*;
+use rayon::{iter::Either, prelude::*};
 
 use crate::{CompositeEncryptable, Decryptable, IdentifyKey, KeyId, KeyIds};
 
@@ -266,6 +266,48 @@ impl<Ids: KeyIds> KeyStore<Ids> {
         res
     }
 
+    /// Decrypt a list of items using this key store, returning a tuple of successful and failed
+    /// items.
+    ///
+    /// # Arguments
+    /// * `data` - The list of items to decrypt.
+    ///
+    /// # Returns
+    /// A tuple containing two vectors: the first vector contains the successfully decrypted items,
+    /// and the second vector contains the original items that failed to decrypt.
+    pub fn decrypt_list_with_failures<
+        'a,
+        Key: KeyId,
+        Data: Decryptable<Ids, Key, Output> + IdentifyKey<Key> + Send + Sync + 'a,
+        Output: Send + Sync,
+    >(
+        &self,
+        data: &'a [Data],
+    ) -> (Vec<Output>, Vec<&'a Data>) {
+        let results: (Vec<_>, Vec<_>) = data
+            .par_chunks(batch_chunk_size(data.len()))
+            .flat_map(|chunk| {
+                let mut ctx = self.context();
+
+                chunk
+                    .iter()
+                    .map(|item| {
+                        let result = item
+                            .decrypt(&mut ctx, item.key_identifier())
+                            .map_err(|_| item);
+                        ctx.clear_local();
+                        result
+                    })
+                    .collect::<Vec<_>>()
+            })
+            .partition_map(|result| match result {
+                Ok(output) => Either::Left(output),
+                Err(original_item) => Either::Right(original_item),
+            });
+
+        results
+    }
+
     /// Encrypt a list of items using this key store. The keys returned by
     /// `data[i].key_identifier()` must already be present in the store, otherwise this will
     /// return an error. This method will try to parallelize the encryption of the items, for

crates/bitwarden-uniffi/src/vault/ciphers.rs

@@ -1,5 +1,8 @@
 use bitwarden_core::OrganizationId;
-use bitwarden_vault::{Cipher, CipherListView, CipherView, EncryptionContext, Fido2CredentialView};
+use bitwarden_vault::{
+    Cipher, CipherListView, CipherView, DecryptCipherListResult, EncryptionContext,
+    Fido2CredentialView,
+};
 use uuid::Uuid;
 
 use crate::{error::Error, Result};
@@ -25,6 +28,12 @@ impl CiphersClient {
         Ok(self.0.decrypt_list(ciphers).map_err(Error::Decrypt)?)
     }
 
+    /// Decrypt cipher list with failures
+    /// Returns both successfully decrypted ciphers and any that failed to decrypt
+    pub fn decrypt_list_with_failures(&self, ciphers: Vec<Cipher>) -> DecryptCipherListResult {
+        self.0.decrypt_list_with_failures(ciphers)
+    }
+
     pub fn decrypt_fido2_credentials(
         &self,
         cipher_view: CipherView,

crates/bitwarden-vault/src/cipher/cipher.rs

@@ -252,6 +252,22 @@ pub struct CipherListView {
     pub local_data: Option<LocalDataView>,
 }
 
+/// Represents the result of decrypting a list of ciphers.
+///
+/// This struct contains two vectors: `successes` and `failures`.
+/// `successes` contains the decrypted `CipherListView` objects,
+/// while `failures` contains the original `Cipher` objects that failed to decrypt.
+#[derive(Serialize, Deserialize, Debug)]
+#[serde(rename_all = "camelCase", deny_unknown_fields)]
+#[cfg_attr(feature = "uniffi", derive(uniffi::Record))]
+#[cfg_attr(feature = "wasm", derive(Tsify), tsify(into_wasm_abi, from_wasm_abi))]
+pub struct DecryptCipherListResult {
+    /// The decrypted `CipherListView` objects.
+    pub successes: Vec<CipherListView>,
+    /// The original `Cipher` objects that failed to decrypt.
+    pub failures: Vec<Cipher>,
+}
+
 impl CipherListView {
     pub(crate) fn get_totp_key(
         self,

crates/bitwarden-vault/src/cipher/cipher_client.rs

@@ -4,7 +4,10 @@ use bitwarden_crypto::IdentifyKey;
 use wasm_bindgen::prelude::*;
 
 use super::EncryptionContext;
-use crate::{Cipher, CipherError, CipherListView, CipherView, DecryptError, EncryptError};
+use crate::{
+    cipher::cipher::DecryptCipherListResult, Cipher, CipherError, CipherListView, CipherView,
+    DecryptError, EncryptError,
+};
 
 #[allow(missing_docs)]
 #[cfg_attr(feature = "wasm", wasm_bindgen)]
@@ -57,6 +60,18 @@ impl CiphersClient {
         Ok(cipher_views)
     }
 
+    /// Decrypt cipher list with failures
+    /// Returns both successfully decrypted ciphers and any that failed to decrypt
+    pub fn decrypt_list_with_failures(&self, ciphers: Vec<Cipher>) -> DecryptCipherListResult {
+        let key_store = self.client.internal.get_key_store();
+        let (successes, failures) = key_store.decrypt_list_with_failures(&ciphers);
+
+        DecryptCipherListResult {
+            successes,
+            failures: failures.into_iter().cloned().collect(),
+        }
+    }
+
     #[allow(missing_docs)]
     pub fn decrypt_fido2_credentials(
         &self,
@@ -98,50 +113,6 @@ mod tests {
     use super::*;
     use crate::{Attachment, CipherRepromptType, CipherType, Login, VaultClientExt};
 
-    #[tokio::test]
-    async fn test_decrypt_list() {
-        let client = Client::init_test_account(test_bitwarden_com_account()).await;
-
-        let dec = client
-            .vault()
-            .ciphers()
-            .decrypt_list(vec![Cipher {
-                id: Some("a1569f46-0797-4d3f-b859-b181009e2e49".parse().unwrap()),
-                organization_id: Some("1bc9ac1e-f5aa-45f2-94bf-b181009709b8".parse().unwrap()),
-                folder_id: None,
-                collection_ids: vec!["66c5ca57-0868-4c7e-902f-b181009709c0".parse().unwrap()],
-                key: None,
-                name: "2.RTdUGVWYl/OZHUMoy68CMg==|sCaT5qHx8i0rIvzVrtJKww==|jB8DsRws6bXBtXNfNXUmFJ0JLDlB6GON6Y87q0jgJ+0=".parse().unwrap(),
-                notes: None,
-                r#type: CipherType::Login,
-                login: Some(Login{
-                    username: Some("2.ouEYEk+SViUtqncesfe9Ag==|iXzEJq1zBeNdDbumFO1dUA==|RqMoo9soSwz/yB99g6YPqk8+ASWRcSdXsKjbwWzyy9U=".parse().unwrap()),
-                    password: Some("2.6yXnOz31o20Z2kiYDnXueA==|rBxTb6NK9lkbfdhrArmacw==|ogZir8Z8nLgiqlaLjHH+8qweAtItS4P2iPv1TELo5a0=".parse().unwrap()),
-                    password_revision_date: None, uris:None, totp: None, autofill_on_page_load: None, fido2_credentials: None }),
-                identity: None,
-                card: None,
-                secure_note: None,
-                ssh_key: None,
-                favorite: false,
-                reprompt: CipherRepromptType::None,
-                organization_use_totp: true,
-                edit: true,
-                permissions: None,
-                view_password: true,
-                local_data: None,
-                attachments: None,
-                fields:  None,
-                password_history: None,
-                creation_date: "2024-05-31T09:35:55.12Z".parse().unwrap(),
-                deleted_date: None,
-                revision_date: "2024-05-31T09:35:55.12Z".parse().unwrap(),
-            }])
-
-            .unwrap();
-
-        assert_eq!(dec[0].name, "Test item");
-    }
-
     fn test_cipher() -> Cipher {
         Cipher {
             id: Some("358f2b2b-9326-4e5e-94a8-b18100bb0908".parse().unwrap()),
@@ -203,6 +174,84 @@ mod tests {
         }
     }
 
+    #[tokio::test]
+    async fn test_decrypt_list() {
+        let client = Client::init_test_account(test_bitwarden_com_account()).await;
+
+        let dec = client
+            .vault()
+            .ciphers()
+            .decrypt_list(vec![Cipher {
+                id: Some("a1569f46-0797-4d3f-b859-b181009e2e49".parse().unwrap()),
+                organization_id: Some("1bc9ac1e-f5aa-45f2-94bf-b181009709b8".parse().unwrap()),
+                folder_id: None,
+                collection_ids: vec!["66c5ca57-0868-4c7e-902f-b181009709c0".parse().unwrap()],
+                key: None,
+                name: "2.RTdUGVWYl/OZHUMoy68CMg==|sCaT5qHx8i0rIvzVrtJKww==|jB8DsRws6bXBtXNfNXUmFJ0JLDlB6GON6Y87q0jgJ+0=".parse().unwrap(),
+                notes: None,
+                r#type: CipherType::Login,
+                login: Some(Login{
+                    username: Some("2.ouEYEk+SViUtqncesfe9Ag==|iXzEJq1zBeNdDbumFO1dUA==|RqMoo9soSwz/yB99g6YPqk8+ASWRcSdXsKjbwWzyy9U=".parse().unwrap()),
+                    password: Some("2.6yXnOz31o20Z2kiYDnXueA==|rBxTb6NK9lkbfdhrArmacw==|ogZir8Z8nLgiqlaLjHH+8qweAtItS4P2iPv1TELo5a0=".parse().unwrap()),
+                    password_revision_date: None, uris:None, totp: None, autofill_on_page_load: None, fido2_credentials: None }),
+                identity: None,
+                card: None,
+                secure_note: None,
+                ssh_key: None,
+                favorite: false,
+                reprompt: CipherRepromptType::None,
+                organization_use_totp: true,
+                edit: true,
+                permissions: None,
+                view_password: true,
+                local_data: None,
+                attachments: None,
+                fields:  None,
+                password_history: None,
+                creation_date: "2024-05-31T09:35:55.12Z".parse().unwrap(),
+                deleted_date: None,
+                revision_date: "2024-05-31T09:35:55.12Z".parse().unwrap(),
+            }])
+
+            .unwrap();
+
+        assert_eq!(dec[0].name, "Test item");
+    }
+
+    #[tokio::test]
+    async fn test_decrypt_list_with_failures_all_success() {
+        let client = Client::init_test_account(test_bitwarden_com_account()).await;
+
+        let valid_cipher = test_cipher();
+
+        let result = client
+            .vault()
+            .ciphers()
+            .decrypt_list_with_failures(vec![valid_cipher]);
+
+        assert_eq!(result.successes.len(), 1);
+        assert!(result.failures.is_empty());
+        assert_eq!(result.successes[0].name, "234234");
+    }
+
+    #[tokio::test]
+    async fn test_decrypt_list_with_failures_mixed_results() {
+        let client = Client::init_test_account(test_bitwarden_com_account()).await;
+        let valid_cipher = test_cipher();
+        let mut invalid_cipher = test_cipher();
+        // Set an invalid encryptedkey to cause decryption failure
+        invalid_cipher.key = Some("2.Gg8yCM4IIgykCZyq0O4+cA==|GJLBtfvSJTDJh/F7X4cJPkzI6ccnzJm5DYl3yxOW2iUn7DgkkmzoOe61sUhC5dgVdV0kFqsZPcQ0yehlN1DDsFIFtrb4x7LwzJNIkMgxNyg=|1rGkGJ8zcM5o5D0aIIwAyLsjMLrPsP3EWm3CctBO3Fw=".parse().unwrap());
+
+        let ciphers = vec![valid_cipher, invalid_cipher.clone()];
+
+        let result = client.vault().ciphers().decrypt_list_with_failures(ciphers);
+
+        assert_eq!(result.successes.len(), 1);
+        assert_eq!(result.failures.len(), 1);
+
+        assert_eq!(result.successes[0].name, "234234");
+    }
+
     #[tokio::test]
     async fn test_move_user_cipher_with_attachment_without_key_to_org_fails() {
         let client = Client::init_test_account(test_bitwarden_com_account()).await;

crates/bitwarden-vault/src/cipher/mod.rs

@@ -20,7 +20,7 @@ pub use attachment_client::{AttachmentsClient, DecryptFileError, EncryptFileErro
 pub use card::{CardBrand, CardListView, CardView};
 pub use cipher::{
     Cipher, CipherError, CipherListView, CipherListViewType, CipherRepromptType, CipherType,
-    CipherView, EncryptionContext,
+    CipherView, DecryptCipherListResult, EncryptionContext,
 };
 pub use cipher_client::CiphersClient;
 pub use field::FieldView;