[PM-29309] [BWA-209] Fix TOTP countdown freeze when returning to Authenticator app (change Flow to StateFlow)#6246
Closed
tajchert wants to merge 0 commit intobitwarden:mainfrom
Closed
[PM-29309] [BWA-209] Fix TOTP countdown freeze when returning to Authenticator app (change Flow to StateFlow)#6246tajchert wants to merge 0 commit intobitwarden:mainfrom
tajchert wants to merge 0 commit intobitwarden:mainfrom
Conversation
tajchert
requested review from
a team,
brian-livefront and
david-livefront
as code owners
|
|
|
Thank you for your contribution! We've added this to our internal tracking system for review. Details on our contribution process can be found here: https://contributing.bitwarden.com/contributing/pull-requests/community-pr-process. |
bitwarden-bot
changed the title
SaintPatrck
requested changes
Jan 29, 2026
Contributor
SaintPatrck
left a comment
SaintPatrck
left a comment
There was a problem hiding this comment.
Thank you for contributing, @tajchert.
I've left a few blocking concerns that need to be addressed.
Since you are using Claude to assist with development, would you be open to allowing our Claude agent to review your changes alongside us?
| delay(ONE_SECOND_MILLISECOND) | ||
| .stateIn( | ||
| scope = itemScope, | ||
| started = SharingStarted.Eagerly, |
Contributor
There was a problem hiding this comment.
I think this has the potential to cause leaks. Can we use WhileSubscribed()? That appears to be working in the PasswordManager version.
| var verificationCodeItem: VerificationCodeItem? = null | ||
|
|
||
| while (currentCoroutineContext().isActive) { | ||
| val time = (clock.millis() / ONE_SECOND_MILLISECOND).toInt() |
Contributor
There was a problem hiding this comment.
The PasswordManager version gets dateTime and time differently. Can you update this to follow it? It will also give you an instance of DateTime so that you don't have to create one inline, below.
Comment on lines
+110
to
+111
| .getOrNull() | ||
| ?.let { response -> |
Contributor
There was a problem hiding this comment.
Can we use onSuccess and onFailure here, like we're doing in the PasswordManager version?
| issueTime = clock.millis(), | ||
| id = when (item.source) { | ||
| is AuthenticatorItem.Source.Local -> item.source.cipherId | ||
| is AuthenticatorItem.Source.Shared -> UUID.randomUUID().toString() |
Contributor
There was a problem hiding this comment.
We recently introduced a UuidManager to ease testing. Can you use it here instead of UUID directly?
Comment on lines
+141
to
+145
| // Emit item | ||
| emit(verificationCodeItem) | ||
|
|
||
| // Wait one second before heading to the top of the loop: | ||
| delay(ONE_SECOND_MILLISECOND) |
Contributor
There was a problem hiding this comment.
These comments are redundant. The code itself already describes what is being done. Comments would only be helpful here if they described why it's being done, which is obvious.
| * | ||
| * This implementation uses per-item [StateFlow] caching to prevent flow recreation on each | ||
| * subscribe, ensuring smooth UI updates when returning from background. The pattern mirrors | ||
| * the Password Manager's [com.x8bit.bitwarden.data.vault.manager.TotpCodeManagerImpl]. |
Contributor
There was a problem hiding this comment.
Add this to the imports if needed so we don't need the FQN.
| @Suppress("LongMethod") | ||
| private fun createVerificationCodeFlow( | ||
| item: AuthenticatorItem, | ||
| ) = flow<VerificationCodeItem?> { |
Contributor
There was a problem hiding this comment.
⛏️
Suggested change
| ) = flow<VerificationCodeItem?> { | |
| ): Flow<VerificationCodeItem?> = flow { |
|
|
||
| @Test | ||
| fun `getTotpCodesFlow should return flow that emits empty list when input list is empty`() = | ||
| fun `getTotpCodesFlow should return StateFlow that emits empty list when input list is empty`() = |
Contributor
There was a problem hiding this comment.
This is going to trigger detekt. Can you add Suppress("MaxLineLength")?
I recommend setting up detekt as a commit-hook as described in README#setup, or at least running it manually before submitting changes.
Comment on lines
+15
to
+16
| * updated verification codes every second. The StateFlow is cached per-item to prevent | ||
| * recreation on each subscribe, ensuring smooth UI updates when returning from background. |
Contributor
There was a problem hiding this comment.
The last sentence reads more like implementation detail. Since the implementation has good KDoc let's remove those details from the interface.
Collaborator
|
@tajchert I'm going to rebase this PR and address some of the comment @SaintPatrck has left behind. I think we can push this PR through in fairly short order 😄 |
Contributor
|
New Issues (128)Checkmarx found the following issues in this Pull Request
|
Collaborator
|
My apologies, I seemed to have closed this PR with my previous comment. I have re-opened this here with all the same commits and attributions. |
Collaborator
|
The updated PR has been merged. @tajchert Thank you for your contribution! |
Contributor
Author
|
Thanks, sorry for not responding to the comments to my PR and addressing them @david-livefront |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Disclaimer: This PR was created with AI assisted agent (Claude Code) but manually checked myself to my best knowledge and this repository standards. If you feel this is against contribution guidelines (I haven't found anything related to such) feel free to disregard this PR. I honestly believe this is valid PR, and I tested it manually as well.
This fix OTP code freeze when returning to Authenticator app from background - issue #6244
when occasionally user can experience frozen TOTP codes and countdown timers when returning to the Authenticator app from background. The codes remain static and don't update until the screen is manually refreshed. This changes flow implementation in AUthenticator app (Flow) to one that is Password Manager (StateFlow).
Root Cause
The bug stems from a flow lifecycle mismatch in
TotpCodeManagerImpl. The TOTP code update mechanism relies on continuous Flow emissions with a 1-second delay loop, but this flow stops when the app goes to background.The race condition:
collectAsStateWithLifecycle()stops collectingSharingStarted.WhileSubscribed(5_000L)stops upstream flowsdelay(ONE_SECOND_MILLISECOND)timer loop stops entirelystateInvalue briefly displayed before new emissionscombine()waits for all flows to emitSolution
Aligned
TotpCodeManagerImplwith the Password Manager's proven pattern:mutableMapOf<AuthenticatorItem, StateFlow<...>>— Prevents flow recreation on resubscribeSharingStarted.WhileSubscribed()without delaySharingStarted.Eagerlyfor per-item flows — Ensures cached per-item flows continue emitting even when the combined flow changes (e.g., when adding new items)Changes
TotpCodeManager.kt— Changed return type fromFlow<List<VerificationCodeItem>>toStateFlow<List<VerificationCodeItem>>TotpCodeManagerImpl.kt— AddedDispatcherManagerdependency, per-item StateFlow caching withgetOrCreateItemStateFlow(), and cleanup handlersAuthenticatorManagerModule.kt— PassesdispatcherManagertoTotpCodeManagerImplconstructorAuthenticatorRepositoryImpl.kt— Removed 5-second timeout, now usesSharingStarted.WhileSubscribed()without delayMutableStateFlow()instead offlowOf()Testing
I wasn't able to recreate issue after this fix.