macOS: Bundle-Specfic Autofill Secure Vault Keychain Items

[aataraxiaa]

Task/Issue URL: https://app.asana.com/0/72649045549333/1206924205159008/f
Tech Design URL: https://app.asana.com/0/481882893211075/1206942775357851/f
BSK PR: duckduckgo/BrowserServicesKit#785
CC:

Description:
See BSK PR Description

Testing Pre-requisites

1. Testing involves using two Mac App variants - App Store (or DMG) + Debug via Xcode

• We will call these variants AppStore and Debug
• If you use DDG browser as your main browser (like me!), back up your passwords as needed (although they should be fine, but just as a precaution)

2. Save some Autofill data

• Run Debug on main via Xcode
• Save at least 1 of each Autofill type

3. Set up Sync

• Setup Sync between the Debug build, running on main, and a phone
• Ensure it is working

4. Prepare the Keychain

• Open the Keychain Access app and search for all items named DuckDuckGo Secure Vault v2 (you should find 3 items)
• Edit the Access Control of each item, ensuring that only AppStore has access (i.e remove access for Debug). The result for each item should look as follows:

5. Reproduce the issue
- Again, launch Debug from main branch via Xcode
- Observe you are asked for keychain access repeatedly on launch. Do NOT SELECT ‘Always Allow’ from the Keychain access prompt.
- Before moving to testing, ensure the Keychain is still in a prepared state as described in Step 4 above

Steps to test this PR

1. Keychain Data Migration

• Launch Debug from the PR branch
• Observe you are asked for your password three times. Each time, input your password and select ‘Allow’, NOT ‘Always Allow’
• Stop running the app
• Check the Keychain Access app. You should now see three new DuckDuckGo Secure Vault v3 entries. Check the Access Control of each, and you should see the Debug variant as the only app listed
• Launch the app again via Xcode
• Observe you are not asked for passwords
• Open up Autofill, and ensure you are not prompted for Keychain access

2. Smoke Test Password Management

• Add/edit/delete entries
• Ensure at no point at you prompted for your Keychain access password

3. Smoke Test Autofill

• Navigate to fill.dev
• Login with new credentials
• Ensure you are prompted to save
• Ensure at no point at you prompted for your Keychain access password
• Navigate back to login
• Ensure you are prompted to enter credentials
• Ensure at no point at you prompted for your Keychain access password

4. Smoke Test Sync

• Ensure that the credentials added in Test 2 above have synced to phone
• Add credentials to phone, and ensure they are synced to desktop

<!—
Tagging instructions
If this PR isn't ready to be merged for whatever reason it should be marked with the DO NOT MERGE label (particularly if it's a draft)
If it's pending Product Review/PFR, please add the Pending Product Review label.

If at any point it isn't actively being worked on/ready for review/otherwise moving forward (besides the above PR/PFR exception) strongly consider closing it (or not opening it in the first place). If you decide not to close it, make sure it's labelled to make it clear the PRs state and comment with more information.
—>

—

Internal references:

Pull Request Review Checklist
Software Engineering Expectations
Technical Design Template
Pull Request Documentation

[ayoy]

LGTM! 💪

Just a naming change suggestion, which would cause a massive renaming across all 3 PRs, and perhaps we could live without it, so only address it if you're really up for it :) Thanks @aataraxiaa!

[samsymons]

No additional comments here, this looks solid. Great work!