[PM-3543] [PM-3607] Fix password re-prompt when editing and on autofill. (#2713)

* [PM-3543] [PM-3507] Fix password re-prompt when editing and on autofill.
2023-08-30 09:38:46 +01:00 · 2023-08-30 09:38:46 +01:00 · 4d0f9d1c03
parent 68759fc608
commit 4d0f9d1c03
5 changed files with 32 additions and 4 deletions
--- a/src/Android/MainApplication.cs
+++ b/src/Android/MainApplication.cs
@ -159,7 +159,7 @@ namespace Bit.Droid
            var cryptoFunctionService = new PclCryptoFunctionService(cryptoPrimitiveService);
            var cryptoService = new CryptoService(stateService, cryptoFunctionService);
            var biometricService = new BiometricService(stateService, cryptoService);
-            var passwordRepromptService = new MobilePasswordRepromptService(platformUtilsService, cryptoService);
+            var passwordRepromptService = new MobilePasswordRepromptService(platformUtilsService, cryptoService, stateService);

            ServiceContainer.Register<ISynchronousStorageService>(preferencesStorage);
            ServiceContainer.Register<IBroadcasterService>("broadcasterService", broadcasterService);
--- a/src/App/Services/MobilePasswordRepromptService.cs
+++ b/src/App/Services/MobilePasswordRepromptService.cs
@ -1,6 +1,7 @@
 using System.Threading.Tasks;
 using Bit.App.Abstractions;
 using Bit.App.Resources;
+using Bit.App.Utilities;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;

@ -10,11 +11,13 @@ namespace Bit.App.Services
    {
        private readonly IPlatformUtilsService _platformUtilsService;
        private readonly ICryptoService _cryptoService;
+        private readonly IStateService _stateService;

-        public MobilePasswordRepromptService(IPlatformUtilsService platformUtilsService, ICryptoService cryptoService)
+        public MobilePasswordRepromptService(IPlatformUtilsService platformUtilsService, ICryptoService cryptoService, IStateService stateService)
        {
            _platformUtilsService = platformUtilsService;
            _cryptoService = cryptoService;
+            _stateService = stateService;
        }

        public string[] ProtectedFields { get; } = { "LoginTotp", "LoginPassword", "H_FieldValue", "CardNumber", "CardCode" };
@ -42,7 +45,22 @@ namespace Bit.App.Services
                return false;
            };

-            return await _cryptoService.CompareAndUpdateKeyHashAsync(password, null);
+            var masterKey = await _cryptoService.GetOrDeriveMasterKeyAsync(password);
+            var passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(password, masterKey);
+            if (passwordValid)
+            {
+                await AppHelpers.ResetInvalidUnlockAttemptsAsync();
+
+                var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
+                await _cryptoService.SetMasterKeyAsync(masterKey);
+                var hasKey = await _cryptoService.HasUserKeyAsync();
+                if (!hasKey)
+                {
+                    await _cryptoService.SetUserKeyAsync(userKey);
+                }
+            }
+
+            return passwordValid;
        }

        private async Task<bool> ShouldByPassMasterPasswordRepromptAsync()
--- a/src/Core/Abstractions/ICryptoService.cs
+++ b/src/Core/Abstractions/ICryptoService.cs
@ -60,5 +60,6 @@ namespace Bit.Core.Abstractions
        Task<EncString> EncryptAsync(string plainValue, SymmetricCryptoKey key = null);
        Task<EncByteArray> EncryptToBytesAsync(byte[] plainValue, SymmetricCryptoKey key = null);
        Task<UserKey> DecryptAndMigrateOldPinKeyAsync(bool masterPasswordOnRestart, string pin, string email, KdfConfig kdfConfig, EncString oldPinKey);
+        Task<MasterKey> GetOrDeriveMasterKeyAsync(string password, string userId = null);
    }
 }
--- a/src/Core/Services/CryptoService.cs
+++ b/src/Core/Services/CryptoService.cs
@ -700,6 +700,15 @@ namespace Bit.Core.Services
            return new EncByteArray(encBytes);
        }

+        public async Task<MasterKey> GetOrDeriveMasterKeyAsync(string password, string userId = null)
+        {
+            var masterKey = await GetMasterKeyAsync(userId);
+            return masterKey ?? await this.MakeMasterKeyAsync(
+                password,
+                await _stateService.GetEmailAsync(userId),
+                await _stateService.GetActiveUserCustomDataAsync(a => new KdfConfig(a?.Profile)));
+        }
+
        // --HELPER METHODS--

        private async Task StoreAdditionalKeysAsync(UserKey userKey, string userId = null)
--- a/src/iOS.Core/Utilities/iOSCoreHelpers.cs
+++ b/src/iOS.Core/Utilities/iOSCoreHelpers.cs
@ -115,7 +115,7 @@ namespace Bit.iOS.Core.Utilities
            var cryptoFunctionService = new PclCryptoFunctionService(cryptoPrimitiveService);
            var cryptoService = new CryptoService(stateService, cryptoFunctionService);
            var biometricService = new BiometricService(stateService, cryptoService);
-            var passwordRepromptService = new MobilePasswordRepromptService(platformUtilsService, cryptoService);
+            var passwordRepromptService = new MobilePasswordRepromptService(platformUtilsService, cryptoService, stateService);

            ServiceContainer.Register<ISynchronousStorageService>(preferencesStorage);
            ServiceContainer.Register<IBroadcasterService>("broadcasterService", broadcasterService);