Lift in user_id into login method

[Hinton]

🎟️ Tracking

📔 Objective

Refactors user_id to be part of the Login Method. This seems like a more logical place to put it since in a fully SDK based flow you can always get the id as part of the access token. And it decreases us from three states to two.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation
  team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
  issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 5d9b8da4-aae5-4d68-9d0c-ba1224d3d02c

Great job, no security vulnerabilities found in this Pull Request

[coroiu]

failing builds

[codecov]

Codecov Report

Attention: Patch coverage is 54.02299% with 40 lines in your changes missing coverage. Please review.

Project coverage is 71.70%. Comparing base (c9bd7f9) to head (9e090f6).

Files with missing lines	Patch %	Lines
crates/bitwarden-core/src/auth/auth_client.rs	0.00%	8 Missing ⚠️
...ates/bitwarden-core/src/auth/login/auth_request.rs	0.00%	6 Missing ⚠️
crates/bitwarden-core/src/auth/login/password.rs	0.00%	6 Missing ⚠️
crates/bitwarden-core/src/auth/tde.rs	0.00%	5 Missing ⚠️
crates/bitwarden-core/src/auth/login/api_key.rs	0.00%	4 Missing ⚠️
crates/bitwarden-core/src/client/internal.rs	66.66%	3 Missing ⚠️
crates/bitwarden-core/src/key_management/crypto.rs	86.66%	2 Missing ⚠️
...es/bitwarden-core/src/platform/get_user_api_key.rs	0.00%	2 Missing ⚠️
crates/bitwarden-uniffi/src/auth/mod.rs	0.00%	2 Missing ⚠️
crates/bitwarden-core/src/auth/renew.rs	0.00%	1 Missing ⚠️
... and 1 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #318      +/-   ##
==========================================
- Coverage   71.76%   71.70%   -0.07%     
==========================================
  Files         224      224              
  Lines       18384    18405      +21     
==========================================
+ Hits        13193    13197       +4     
- Misses       5191     5208      +17     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
1.5% Duplication on New Code

See analysis details on SonarQube Cloud

[dani-garcia]

I feel like moving the user_uuid into login_method defeats a bit the initial point of the change, which was to have an immutable user id associated to an SDK client instance. Because of compatibility we couldn't just include it as part of client settings, so we changed it to be set-once only.

By moving it into the LoginMethod we're back to a situation where a client could be modified to be for a different user. Maybe what we really need to do is to also allow setting login_method once.

[Hinton]

I think the more we can couple these things and make them immutable the better. I would be for changing LoginMethod to be once lock, there might be edge cases where you want to move between login methods i.e. logging in using username but transitioning to TDE?

[dani-garcia]

I think making as many fields immutable or initialized during construction makes sense, but there may be a lot of edge cases since a lot of things can change.

For example, on mobile a lot of calls to init_crypto also set the login_method, so we'd need to be careful as mobile calls init_crypto multiple times if the user inputs the wrong password (see #321, which is trying to solve some similar issues on mobile).

We also store email and KDF settings in LoginMethod, which potentially would need changing during key rotation or email change, though we're not handling those right now.