[PM-23277] Force KDF updates if below minimums

[matt-livefront]

🎟️ Tracking

PM-23576 - Validate local KDF settings are correct when updating server KDF
PM-23277 - Upgrade KDF settings to minimums

📔 Objective

Note

This depends on bitwarden/sdk-internal#383 and bitwarden/server#6121

This adds forced KDF updates if the PBKDF2 iterations is below the minimum (600k). KDF updates can be performed without user interaction when unlocking the vault with a master password. Otherwise, there's a check on the vault list after syncing. In this flow, the user will have to input their master password before the update can proceed.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[codecov]

Codecov Report

❌ Patch coverage is 98.48485% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 75.79%. Comparing base (232ed85) to head (5575424).
⚠️ Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
...rvices/API/Account/Requests/UpdateKdfRequest.swift	60.00%	2 Missing ⚠️
...enShared/Core/Platform/Services/StateService.swift	94.44%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1880      +/-   ##
==========================================
- Coverage   81.33%   75.79%   -5.54%     
==========================================
  Files         825     1022     +197     
  Lines       52136    62088    +9952     
==========================================
+ Hits        42403    47062    +4659     
- Misses       9733    15026    +5293     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Checkmarx One – Scan Summary & Details – b91bfa82-9eb5-4f28-8cb1-7e33f9390660

Great job! No new security vulnerabilities introduced in this pull request

[fedemkr]

🤔 Should we actually sync at some point before checking if it needs to update KDF minimums? I was thinking in the scenario that the user has already updated KDF settings in other client but mobile has not synced yet (maybe missed the notification) and then by using the mobile app it tries to update it (again). Not sure if that's already handled by the server but raising it in case it produces any bad outcomes.

[matt-livefront]

🤔 Should we actually sync at some point before checking if it needs to update KDF minimums? I was thinking in the scenario that the user has already updated KDF settings in other client but mobile has not synced yet (maybe missed the notification) and then by using the mobile app it tries to update it (again). Not sure if that's already handled by the server but raising it in case it produces any bad outcomes.

@fedemkr Good callout, I updated the logic to sync and check again that the account still needs a KDF update before proceeding.

[mKoonrad]

Should be Updating…

Last time someone unify all ... (3 dots) to … character