[PM-13351] Prevent editing of TOTP key in 'can edit except passwords' collection

[mpbw2]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-13351

📔 Objective

This disables the ability to edit the TOTP key if the item is part of a collection with Can Edit, Except Passwords permission

📸 Screenshots

Item with existing TOTP key:

Item without existing TOTP key:

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
  issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 8aa5da00-8a8f-4b4a-a3a5-a0fcba27701c

Fixed Issues (12)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Privacy_Violation	/app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModel.kt: 346
	Privacy_Violation	/app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModel.kt: 346
	Privacy_Violation	/app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/createaccount/CreateAccountViewModel.kt: 321
	Privacy_Violation	/app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/createaccount/CreateAccountViewModel.kt: 321
	Privacy_Violation	/app/src/main/java/com/x8bit/bitwarden/ui/vault/feature/item/VaultItemViewModel.kt: 905
	Privacy_Violation	/app/src/main/java/com/x8bit/bitwarden/data/tools/generator/repository/utils/GeneratorRepositoryExtensions.kt: 11
	Privacy_Violation	/app/src/main/java/com/x8bit/bitwarden/data/autofill/manager/AutofillTotpManagerImpl.kt: 29
	Privacy_Violation	/app/src/main/java/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/deleteaccount/DeleteAccountViewModel.kt: 94
	Privacy_Violation	/app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModel.kt: 237
	Privacy_Violation	/app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModel.kt: 248
	Privacy_Violation	/app/src/main/java/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModel.kt: 259
	Use_of_Hardcoded_Password	/app/src/main/java/com/x8bit/bitwarden/data/autofill/util/HtmlInfoExtensions.kt: 20

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 88.41%. Comparing base (92b9240) to head (c1c4f06).
Report is 19 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff            @@
##             main    #4583    +/-   ##
========================================
  Coverage   88.40%   88.41%            
========================================
  Files         604      607     +3     
  Lines       40987    41188   +201     
  Branches     5770     5774     +4     
========================================
+ Hits        36236    36415   +179     
- Misses       2746     2754     +8     
- Partials     2005     2019    +14     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[david-livefront]

The code looks good to me, do we have any tests for this?

[mpbw2]

The code looks good to me, do we have any tests for this?

Still working on that

[dseverns-livefront]

🎨 We could have also left this:

coachMarkHighlightItem(
        key = AddEditItemCoachMark.TOTP,
        title = R.string.coachmark_2_of_3.asText(),
        description = R.string.you_ll_only_need_to_set_up_authenticator_key.asText(),
        onDismiss = onCoachMarkDismissed,
        leftAction = {
            CoachMarkActionText(
                actionLabel = stringResource(R.string.back),
                onActionClick = onPreviousCoachMark,
            )
        },
        rightAction = {
            CoachMarkActionText(
                actionLabel = stringResource(R.string.next),
                onActionClick = onNextCoachMark,
            )
        },
        modifier = Modifier.standardHorizontalMargin(),
    ) { 
          TotpRow(
              totpKey = loginState.totp,
              canViewTotp = loginState.canViewPassword,
              loginItemTypeHandlers = loginItemTypeHandlers,
              onTotpSetupClick = onTotpSetupClick,
         )
}

And made it so TotpRow still encapsulated the if/else logic, but didn't need to have any deps on the coach mark related code.

[mpbw2]

@dseverns-livefront I took a similar approach to PasswordRow for consistency, but I'm also not familiar with coach mark best practices. Feel free to change it if there's a better way, I won't be offended :)