[PM-26177] feat: Add base64url Data extensions

[iinuwa]

🎟️ Tracking

PM-26177

📔 Objective

Adds extensions to the Data object for handling base64url, which is used extensively throughout WebAuthn.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 226e3116-f266-4602-9bad-64b001477bd9

Great job! No new security vulnerabilities introduced in this pull request

[iinuwa]

I need help on this one; this worked in a previous branch, but now the tests won't recognize the extension I created.

[claude]

Claude finished @iinuwa's task in 3m 6s —— View job

---

Code Review Summary

PR: PM-26177 Add base64url Data extensions

Status: Approved - No issues found

Overview

This PR adds Data extensions for base64url encoding/decoding, providing utilities needed for WebAuthn data structures. The implementation is clean and follows established patterns.

Analysis

Area	Assessment
Security	No concerns - pure encoding/decoding utility code
Correctness	Implementation is correct
Breaking Changes	None - adds new functionality only
Test Coverage	Good - 4 test cases covering encode, decode (padded/unpadded), and error handling
Documentation	Complete DocC documentation

Details

Implementation approach:

• Uses existing urlEncoded() / urlDecoded() String extensions from String.swift
• Follows the failable throwing initializer pattern (init?(...) throws) already established in Policy.swift and Organization.swift
• Error semantics are clear: throws URLDecodingError.invalidLength for invalid base64 length, returns nil for other decode failures

Regarding the test recognition issue mentioned in PR comments:
The code structure appears correct - the extension is public and tests use @testable import BitwardenKit. This may have been a transient build/cache issue that was resolved in subsequent commits.

---

Reviewed by Claude Code

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.77%. Comparing base (e6ef39c) to head (3bc8f51).
⚠️ Report is 20 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2294      +/-   ##
==========================================
- Coverage   86.04%   84.77%   -1.28%     
==========================================
  Files        1772     2016     +244     
  Lines      154058   170099   +16041     
==========================================
+ Hits       132566   144196   +11630     
- Misses      21492    25903    +4411     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[matt-livefront]

⛏️ To match our existing conventions, we should uppercase URL when it's in the middle or end of a variable/function. Applies to the rest of the PR as well.

ios/BitwardenShared/Core/Platform/Services/EnvironmentService.swift

Lines 98 to 99 in 3bc8f51

	var apiURL: URL {
	environmentURLs.apiURL

Suggested change

	/// - base64urlEncoded: A base64url-encoded string.
	///
	init?(base64urlEncoded str: String) throws {
	/// - base64URLEncoded: A base64URL-encoded string.
	///
	init?(base64URLEncoded str: String) throws {

[matt-livefront]

👍 This comment is good context to have.

❓ I assumed that the test test_fromBase64urlString_unpadded() would fail without this ignoreUnknownCharacters option though. Is that not the case? I'm wondering if the comment is accurate or if there's a better example we could use in the tests for why this option is needed?