soft lock with PIN

jslib

@@ -1 +1 @@
-Subproject commit f67fac3eebc21b8935a54a28b7a21152c8513322
+Subproject commit a19a30ffed177e18d6e64801066510bc983a3e8d

src/app/accounts/settings.component.ts

@@ -82,7 +82,8 @@ export class SettingsComponent implements OnInit {
     async ngOnInit() {
         this.showMinToTray = this.platformUtilsService.getDevice() === DeviceType.WindowsDesktop;
         this.lockOption = await this.storageService.get<number>(ConstantsService.lockOptionKey);
-        this.pin = await this.lockService.isPinLockSet();
+        const pinSet = await this.lockService.isPinLockSet();
+        this.pin = pinSet[0] || pinSet[1];
         this.disableFavicons = await this.storageService.get<boolean>(ConstantsService.disableFaviconKey);
         this.enableMinToTray = await this.storageService.get<boolean>(ElectronConstants.enableMinimizeToTrayKey);
         this.enableCloseToTray = await this.storageService.get<boolean>(ElectronConstants.enableCloseToTrayKey);
@@ -98,26 +99,49 @@ export class SettingsComponent implements OnInit {
 
     async updatePin() {
         if (this.pin) {
-            const pin = await swal({
+            const div = document.createElement('div');
+            const label = document.createElement('label');
+            label.className = 'checkbox';
+            const checkboxText = document.createElement('span');
+            const restartText = document.createTextNode(this.i18nService.t('lockWithMasterPassOnRestart'));
+            checkboxText.appendChild(restartText);
+            label.innerHTML = '<input type="checkbox" id="master-pass-restart" checked>';
+            label.appendChild(checkboxText);
+            div.innerHTML = '<input type="text" class="swal-content__input" id="pin-val">';
+            (div.querySelector('#pin-val') as HTMLInputElement).placeholder = this.i18nService.t('pin');
+            div.appendChild(label);
+
+            const submitted = await swal({
                 text: this.i18nService.t('setYourPinCode'),
-                content: { element: 'input' },
+                content: { element: div },
                 buttons: [this.i18nService.t('cancel'), this.i18nService.t('submit')],
             });
-
+            let pin: string = null;
+            let masterPassOnRestart: boolean = null;
+            if (submitted) {
+                pin = (document.getElementById('pin-val') as HTMLInputElement).value;
+                masterPassOnRestart = (document.getElementById('master-pass-restart') as HTMLInputElement).checked;
+            }
             if (pin != null && pin.trim() !== '') {
-                const kdf = await this.userService.getKdf();
-                const kdfIterations = await this.userService.getKdfIterations();
-                const email = await this.userService.getEmail();
-                const pinKey = await this.cryptoService.makePinKey(pin, email, kdf, kdfIterations);
-                const key = await this.cryptoService.getKey();
-                const pinProtectedKey = await this.cryptoService.encrypt(key.key, pinKey);
-                await this.storageService.save(ConstantsService.pinProtectedKey, pinProtectedKey.encryptedString);
+                if (masterPassOnRestart) {
+                    const encPin = await this.cryptoService.encrypt(pin);
+                    await this.storageService.save(ConstantsService.protectedPin, encPin.encryptedString);
+                } else {
+                    const kdf = await this.userService.getKdf();
+                    const kdfIterations = await this.userService.getKdfIterations();
+                    const email = await this.userService.getEmail();
+                    const pinKey = await this.cryptoService.makePinKey(pin, email, kdf, kdfIterations);
+                    const key = await this.cryptoService.getKey();
+                    const pinProtectedKey = await this.cryptoService.encrypt(key.key, pinKey);
+                    await this.storageService.save(ConstantsService.pinProtectedKey, pinProtectedKey.encryptedString);
+                }
             } else {
                 this.pin = false;
             }
         }
         if (!this.pin) {
             await this.storageService.remove(ConstantsService.pinProtectedKey);
+            await this.storageService.remove(ConstantsService.protectedPin);
         }
     }
 

src/app/app.component.ts

@@ -120,7 +120,7 @@ export class AppComponent implements OnInit {
                         this.logOut(!!message.expired);
                         break;
                     case 'lockVault':
-                        await this.lockService.lock();
+                        await this.lockService.lock(true);
                         break;
                     case 'locked':
                         this.router.navigate(['lock'], { queryParams: { refresh: true } });
@@ -175,7 +175,7 @@ export class AppComponent implements OnInit {
     private async updateAppMenu() {
         this.messagingService.send('updateAppMenu', {
             isAuthenticated: await this.userService.isAuthenticated(),
-            isLocked: !(await this.cryptoService.hasKey()),
+            isLocked: await this.lockService.isLocked(),
         });
     }
 
@@ -192,8 +192,10 @@ export class AppComponent implements OnInit {
             this.folderService.clear(userId),
             this.collectionService.clear(userId),
             this.passwordGenerationService.clear(),
+            this.lockService.clear(),
         ]);
 
+        this.lockService.pinLocked = false;
         this.searchService.clearIndex();
         this.authService.logOut(async () => {
             this.analytics.eventTrack.next({ action: 'Logged Out' });

src/app/services.module.ts

@@ -113,7 +113,7 @@ const authService = new AuthService(cryptoService, apiService,
 const exportService = new ExportService(folderService, cipherService, apiService);
 const auditService = new AuditService(cryptoFunctionService, apiService);
 const notificationsService = new NotificationsService(userService, syncService, appIdService,
-    apiService, cryptoService, async () => messagingService.send('logout', { expired: true }));
+    apiService, lockService, async () => messagingService.send('logout', { expired: true }));
 const environmentService = new EnvironmentService(apiService, storageService, notificationsService);
 
 const analytics = new Analytics(window, () => isDev(), platformUtilsService, storageService, appIdService);

src/locales/en/messages.json

@@ -1188,5 +1188,8 @@
   },
   "yourVaultIsLockedPinCode": {
     "message": "Your vault is locked. Verify your PIN code to continue."
+  },
+  "lockWithMasterPassOnRestart": {
+    "message": "Lock with master password on restart"
   }
 }

src/scss/plugins.scss

@@ -106,6 +106,21 @@ $fa-font-path: "~font-awesome/fonts";
         color: themed('textColor');
     }
 
+    .swal-content {
+        font-size: $font-size-base;
+
+        label.checkbox {
+            margin-top: 10px;
+            display: flex;
+            text-align: left;
+            align-items: top;
+
+            input {
+                margin: 3px 5px 0 1px;
+            }
+        }
+    }
+
     .swal-text {
         font-size: $font-size-base;