Fail decryption if any part of the cipher fails to decrypt

[nikwithak]

🎟️ Tracking

📔 Objective

While testing SDK integration on https://bitwarden.atlassian.net/browse/PM-24745, I found that failures to decrypt were being swallowed - values were being coerced into empty-string / None if that value failed to decrypt, and therefore were reported as successful decryptions from the SDK.

I specifically noticed it and fixed it for Login ciphers, and then I ran a find/replace to update all instances where errors from decrypt were being coerced into an Option with .ok() -- I replaced all of these with the ? operator, using the below regex, and verified that the crates still build locally. Since these are all called from functions that already return a Result of the appropriate type, it's assumed (read: untested) that these errors are appropriately handled upstream.

Regex used: sed/(decrypt\([^)]*\))\.ok\(\)((\.unwrap_or_default\(\))|(\.flatten\(\)))?/\1?/g

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation
  team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
  issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 98b3c2a6-d54d-462b-944b-e03dcc747ab2

Great job! No new security vulnerabilities introduced in this pull request

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

❌ Patch coverage is 44.00000% with 28 lines in your changes missing coverage. Please review.
✅ Project coverage is 77.04%. Comparing base (03d02e6) to head (3489d41).

Files with missing lines	Patch %	Lines
crates/bitwarden-vault/src/cipher/identity.rs	0.00%	18 Missing ⚠️
crates/bitwarden-vault/src/cipher/card.rs	0.00%	7 Missing ⚠️
crates/bitwarden-vault/src/cipher/field.rs	0.00%	2 Missing ⚠️
crates/bitwarden-vault/src/password_history.rs	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #425      +/-   ##
==========================================
+ Coverage   77.03%   77.04%   +0.01%     
==========================================
  Files         268      268              
  Lines       25399    25389      -10     
==========================================
- Hits        19565    19560       -5     
+ Misses       5834     5829       -5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.