SM-866: Add state to the SDK & BWS CLI

[coltonhurst]

Type of change

- [ ] Bug fix
- [x] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

This PR adds the ability to manage basic state via the SDK. It also updates the bws crate to use this SDK change, implementing basic state management for auth tokens. The core benefit is that reauthentication per command will no longer be needed, so that server auth requests will be mitigated.

Code changes

(to be added)

• file.ext: Description of what was changed and why

Before you submit

• Please add unit tests where it makes sense to do so (encouraged but not required)

[bitwarden-bot]

Checkmarx One – Scan Summary & Details – 46489a45-7b43-4fcf-8bfc-dee0f6cc1927

New Issues

Severity	Issue	Source File / Package	Checkmarx Insight
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 56	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...

Fixed Issues

Severity	Issue	Source File / Package
	Unpinned Actions Full Length Commit SHA	/version-bump.yml: 59

[dani-garcia]

Some quick review comments

[Hinton]

I had hoped we could leave the bitwarden crate mostly untouched and have the state mostly in the bws crate.

[dani-garcia]

We will have the same problem with the PHP bindings, so having a solution just for bws won't solve all the issues at least.

[coltonhurst]

I had hoped we could leave the bitwarden crate mostly untouched and have the state mostly in the bws crate.

Yeah, that's why I tried to leave "minimal" changes in the bitwarden crate, and a lot of the storage logic is in bws. However, as @dani-garcia mentioned, multiple integrations will need to be able to use state to avoid the reauthentication each time (PHP and Python specifically have been discussed).

If you're open to it we can leave the minimal "generalized" state changes in the bitwarden crate and keep the rest of the storage logic in bws. Then we can revisit a more robust approach to state as we discussed previously?

Update (Dec 5): PR has been updated, most of the logic is in the bitwarden crate so extensions can take advantage of state management, though it is in its own module. We can move this if needed, but it would be great to keep management in the bitwarden crate for integrations if possible.

[dani-garcia]

Some minor things to avoid some unneeded clones but otherwise LGTM

[codecov]

Codecov Report

Attention: 108 lines in your changes are missing coverage. Please review.

Comparison is base (4c079e8) 45.45% compared to head (bd3c420) 44.81%.
Report is 1 commits behind head on main.

Files	Patch %	Lines
crates/bitwarden/src/auth/login/access_token.rs	12.76%	41 Missing ⚠️
crates/bitwarden/src/secrets_manager/state.rs	0.00%	28 Missing ⚠️
crates/bitwarden/src/auth/renew.rs	5.88%	16 Missing ⚠️
crates/bws/src/main.rs	0.00%	11 Missing ⚠️
crates/bws/src/state.rs	0.00%	10 Missing ⚠️
crates/bws/src/config.rs	33.33%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #388      +/-   ##
==========================================
- Coverage   45.45%   44.81%   -0.64%     
==========================================
  Files         149      151       +2     
  Lines        6771     6881     +110     
==========================================
+ Hits         3078     3084       +6     
- Misses       3693     3797     +104     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Hinton]

Looks good, ideally we would have test cases for the new access token login logic, and ClientState logic.