PM-23649: CXF Import note (#382)

abergs · web-flow · commit acea0843439e · 2025-08-14T16:55:33.000+02:00
## 🎟️ Tracking https://bitwarden.atlassian.net/browse/PM-23649  ## 📔 Objective This PR maps the Note type, and adds mapping the note for existing vault items. Note: A separate task has been created to track that we're mapping notes for all other cipheritems (some are not created yet).  ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Protected functional changes with optionality (feature flags) - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team ## 🦮 Reviewer guidelines  - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes
diff --git a/crates/bitwarden-exporters/src/cxf/import.rs b/crates/bitwarden-exporters/src/cxf/import.rs
@@ -1,13 +1,14 @@
 use chrono::{DateTime, Utc};
 use credential_exchange_format::{
     Account as CxfAccount, ApiKeyCredential, BasicAuthCredential, Credential, CreditCardCredential,
-    Item, PasskeyCredential, WifiCredential,
+    Item, NoteCredential, PasskeyCredential, WifiCredential,
 };
 
 use crate::{
     cxf::{
         api_key::api_key_to_fields,
         login::{to_fields, to_login},
+        note::extract_note_content,
         wifi::wifi_to_fields,
         CxfError,
     },
@@ -52,7 +53,7 @@ fn convert_date(ts: Option<u64>) -> DateTime<Utc> {
         .unwrap_or(Utc::now())
 }
 
-fn parse_item(value: Item) -> Vec<ImportingCipher> {
+pub(crate) fn parse_item(value: Item) -> Vec<ImportingCipher> {
     let grouped = group_credentials_by_type(value.credentials);
 
     let creation_date = convert_date(value.creation_at);
@@ -62,6 +63,9 @@ fn parse_item(value: Item) -> Vec<ImportingCipher> {
 
     let scope = value.scope.as_ref();
 
+    // Extract note content if present (to be added to parent cipher)
+    let note_content = grouped.note.first().map(extract_note_content);
+
     // Login credentials
     if !grouped.basic_auth.is_empty() || !grouped.passkey.is_empty() {
         let basic_auth = grouped.basic_auth.first();
@@ -72,7 +76,7 @@ fn parse_item(value: Item) -> Vec<ImportingCipher> {
         output.push(ImportingCipher {
             folder_id: None, // TODO: Handle folders
             name: value.title.clone(),
-            notes: None,
+            notes: note_content.clone(),
             r#type: CipherType::Login(Box::new(login)),
             favorite: false,
             reprompt: 0,
@@ -92,7 +96,7 @@ fn parse_item(value: Item) -> Vec<ImportingCipher> {
         output.push(ImportingCipher {
             folder_id: None, // TODO: Handle folders
             name: value.title.clone(),
-            notes: None,
+            notes: note_content.clone(),
             r#type: CipherType::Card(Box::new(credit_card.into())),
             favorite: false,
             reprompt: 0,
@@ -110,7 +114,7 @@ fn parse_item(value: Item) -> Vec<ImportingCipher> {
         output.push(ImportingCipher {
             folder_id: None, // TODO: Handle folders
             name: value.title.clone(),
-            notes: None,
+            notes: note_content.clone(),
             r#type: CipherType::SecureNote(Box::new(SecureNote {
                 r#type: SecureNoteType::Generic,
             })),
@@ -130,7 +134,7 @@ fn parse_item(value: Item) -> Vec<ImportingCipher> {
         output.push(ImportingCipher {
             folder_id: None, // TODO: Handle folders
             name: value.title.clone(),
-            notes: None,
+            notes: note_content.clone(),
             r#type: CipherType::SecureNote(Box::new(SecureNote {
                 r#type: SecureNoteType::Generic,
             })),
@@ -143,6 +147,26 @@ fn parse_item(value: Item) -> Vec<ImportingCipher> {
         })
     }
 
+    // Standalone Note credentials -> Secure Note (only if no other credentials exist)
+    if !grouped.note.is_empty() && output.is_empty() {
+        let note_content = grouped.note.first().map(extract_note_content);
+
+        output.push(ImportingCipher {
+            folder_id: None, // TODO: Handle folders
+            name: value.title.clone(),
+            notes: note_content,
+            r#type: CipherType::SecureNote(Box::new(SecureNote {
+                r#type: SecureNoteType::Generic,
+            })),
+            favorite: false,
+            reprompt: 0,
+            fields: vec![],
+            revision_date,
+            creation_date,
+            deleted_date: None,
+        })
+    }
+
     output
 }
 
@@ -184,6 +208,10 @@ fn group_credentials_by_type(credentials: Vec<Credential>) -> GroupedCredentials
             Credential::Wifi(wifi) => Some(wifi.as_ref()),
             _ => None,
         }),
+        note: filter_credentials(&credentials, |c| match c {
+            Credential::Note(note) => Some(note.as_ref()),
+            _ => None,
+        }),
     }
 }
 
@@ -193,6 +221,7 @@ struct GroupedCredentials {
     passkey: Vec<PasskeyCredential>,
     credit_card: Vec<CreditCardCredential>,
     wifi: Vec<WifiCredential>,
+    note: Vec<NoteCredential>,
 }
 
 #[cfg(test)]
diff --git a/crates/bitwarden-exporters/src/cxf/mod.rs b/crates/bitwarden-exporters/src/cxf/mod.rs
@@ -16,4 +16,5 @@ mod api_key;
 mod card;
 mod editable_field;
 mod login;
+mod note;
 mod wifi;
diff --git a/crates/bitwarden-exporters/src/cxf/note.rs b/crates/bitwarden-exporters/src/cxf/note.rs
@@ -0,0 +1,261 @@
+use credential_exchange_format::NoteCredential;
+
+/// Extract note content from a CXF Note credential
+/// The way notes are handled (in import.rs) depends on their context:
+/// - If part of an item, use parent type and map content to Cipher::notes
+/// - If standalone, map to SecureNote
+///
+/// That's why we only have this small utility function and tests here.
+pub(super) fn extract_note_content(note: &NoteCredential) -> String {
+    note.content.value.0.clone()
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_extract_note_content_with_content() {
+        let note = NoteCredential {
+            content: "This is a test note with important information."
+                .to_owned()
+                .into(),
+        };
+
+        let content = extract_note_content(&note);
+        assert_eq!(
+            content,
+            "This is a test note with important information.".to_string()
+        );
+    }
+
+    #[test]
+    fn test_extract_note_content_empty_string() {
+        let note = NoteCredential {
+            content: "".to_owned().into(),
+        };
+
+        let content = extract_note_content(&note);
+        assert_eq!(content, "".to_string());
+    }
+
+    #[test]
+    fn test_extract_note_content_multiline() {
+        let note = NoteCredential {
+            content: "Line 1\nLine 2\nLine 3".to_owned().into(),
+        };
+
+        let content = extract_note_content(&note);
+        assert_eq!(content, "Line 1\nLine 2\nLine 3".to_string());
+    }
+
+    #[test]
+    fn test_extract_note_content_special_characters() {
+        let note = NoteCredential {
+            content: "Note with emojis 🔐 and special chars: @#$%^&*()"
+                .to_owned()
+                .into(),
+        };
+
+        let content = extract_note_content(&note);
+        assert_eq!(
+            content,
+            "Note with emojis 🔐 and special chars: @#$%^&*()".to_string()
+        );
+    }
+
+    #[test]
+    fn test_extract_note_content_very_long() {
+        let long_content = "A".repeat(10000);
+        let note = NoteCredential {
+            content: long_content.clone().into(),
+        };
+
+        let content = extract_note_content(&note);
+        assert_eq!(content, long_content);
+    }
+
+    #[test]
+    fn test_cxf_example_note_integration() {
+        use std::fs;
+
+        use crate::{cxf::import::parse_cxf_spec, CipherType};
+
+        // Read the actual CXF example file
+        let cxf_data = fs::read_to_string("resources/cxf_example.json")
+            .expect("Should be able to read cxf_example.json");
+
+        let items = parse_cxf_spec(cxf_data).expect("Should parse CXF data successfully");
+
+        // Find the note item (Home alarm)
+        let note_cipher = items
+            .iter()
+            .find(|cipher| cipher.name == "Home alarm")
+            .expect("Should find Home alarm note item");
+
+        // Validate it's a SecureNote cipher
+        match &note_cipher.r#type {
+            CipherType::SecureNote(_) => (), // Successfully identified as SecureNote
+            _ => panic!("Expected SecureNote for standalone note credential"),
+        }
+
+        // Validate the note content
+        assert_eq!(
+            note_cipher.notes,
+            Some("some instructionts to enable/disable the alarm".to_string())
+        );
+
+        // Should have no custom fields since it's a standalone note
+        assert_eq!(note_cipher.fields.len(), 0);
+
+        // Validate basic properties
+        assert_eq!(note_cipher.name, "Home alarm");
+        assert_eq!(note_cipher.folder_id, None);
+        assert!(!note_cipher.favorite);
+    }
+
+    #[test]
+    fn test_standalone_note_credential() {
+        use credential_exchange_format::{Credential, Item};
+
+        use crate::{cxf::import::parse_item, CipherType, ImportingCipher};
+
+        let item = Item {
+            id: [0, 1, 2, 3, 4, 5, 6].as_ref().into(),
+            creation_at: Some(1706613834),
+            modified_at: Some(1706623773),
+            title: "My Important Note".to_string(),
+            subtitle: None,
+            favorite: None,
+            credentials: vec![Credential::Note(Box::new(NoteCredential {
+                content:
+                    "This is a standalone secure note with important information.\nLine 2\nLine 3"
+                        .to_string()
+                        .into(),
+            }))],
+            tags: None,
+            extensions: None,
+            scope: None,
+        };
+
+        let ciphers: Vec<ImportingCipher> = parse_item(item);
+        assert_eq!(ciphers.len(), 1);
+        let cipher = ciphers.first().unwrap();
+
+        assert_eq!(cipher.folder_id, None);
+        assert_eq!(cipher.name, "My Important Note");
+        assert_eq!(
+            cipher.notes,
+            Some(
+                "This is a standalone secure note with important information.\nLine 2\nLine 3"
+                    .to_string()
+            )
+        );
+
+        match &cipher.r#type {
+            CipherType::SecureNote(_) => (), // Successfully created a SecureNote
+            _ => panic!("Expected SecureNote"),
+        };
+
+        assert_eq!(cipher.fields.len(), 0); // Notes don't have custom fields
+    }
+
+    // TODO: Consider moving this logic to import.rs since it's more about how notes are handled
+    // during the import process
+    #[test]
+    fn test_note_as_part_of_login() {
+        use credential_exchange_format::{BasicAuthCredential, Credential, Item};
+
+        use crate::{cxf::import::parse_item, CipherType, ImportingCipher};
+
+        let item = Item {
+            id: [0, 1, 2, 3, 4, 5, 6].as_ref().into(),
+            creation_at: Some(1706613834),
+            modified_at: Some(1706623773),
+            title: "Login with Note".to_string(),
+            subtitle: None,
+            favorite: None,
+            credentials: vec![
+                Credential::BasicAuth(Box::new(BasicAuthCredential {
+                    username: Some("testuser".to_string().into()),
+                    password: Some("testpass".to_string().into()),
+                })),
+                Credential::Note(Box::new(NoteCredential {
+                    content: "This note should be added to the login cipher."
+                        .to_string()
+                        .into(),
+                })),
+            ],
+            tags: None,
+            extensions: None,
+            scope: None,
+        };
+
+        let ciphers: Vec<ImportingCipher> = parse_item(item);
+        assert_eq!(ciphers.len(), 1); // Should create only one cipher (Login with note content)
+        let cipher = ciphers.first().unwrap();
+
+        assert_eq!(cipher.name, "Login with Note");
+        assert_eq!(
+            cipher.notes,
+            Some("This note should be added to the login cipher.".to_string())
+        );
+
+        match &cipher.r#type {
+            CipherType::Login(_) => (), // Should be a Login cipher
+            _ => panic!("Expected Login cipher with note content"),
+        };
+    }
+
+    #[test]
+    fn test_note_as_part_of_api_key() {
+        use credential_exchange_format::{ApiKeyCredential, Credential, Item};
+
+        use crate::{cxf::import::parse_item, CipherType, ImportingCipher};
+
+        let item = Item {
+            id: [0, 1, 2, 3, 4, 5, 6].as_ref().into(),
+            creation_at: Some(1706613834),
+            modified_at: Some(1706623773),
+            title: "API Key with Note".to_string(),
+            subtitle: None,
+            favorite: None,
+            credentials: vec![
+                Credential::ApiKey(Box::new(ApiKeyCredential {
+                    key: Some("api-key-12345".to_string().into()),
+                    username: Some("api-user".to_string().into()),
+                    key_type: Some("Bearer".to_string().into()),
+                    url: None,
+                    valid_from: None,
+                    expiry_date: None,
+                })),
+                Credential::Note(Box::new(NoteCredential {
+                    content: "This note should be added to the API key cipher."
+                        .to_string()
+                        .into(),
+                })),
+            ],
+            tags: None,
+            extensions: None,
+            scope: None,
+        };
+
+        let ciphers: Vec<ImportingCipher> = parse_item(item);
+        assert_eq!(ciphers.len(), 1); // Should create only one cipher (SecureNote with note content)
+        let cipher = ciphers.first().unwrap();
+
+        assert_eq!(cipher.name, "API Key with Note");
+        assert_eq!(
+            cipher.notes,
+            Some("This note should be added to the API key cipher.".to_string())
+        );
+
+        match &cipher.r#type {
+            CipherType::SecureNote(_) => (), // Should be a SecureNote cipher
+            _ => panic!("Expected SecureNote cipher with note content"),
+        };
+
+        // Should have API key fields
+        assert!(!cipher.fields.is_empty());
+    }
+}
