1
0
mirror of https://github.com/bitwarden/browser synced 2024-12-25 17:32:46 +01:00

[bug] Fix logout timeout action for inactive accounts (#660)

* [bug] Fix logout timeout action for inactive accounts

* Pass userId in to the logout callback parameter to the vaultTimeoutService. The message handle in desktop already expects this.
* Set lastActive on account login, and null it on account deauthentication. This prevents an issue where newly logged in accounts immediatly time out due to inactivity.

* Add userId to locked callbacks

* Add userId to log out callback
This commit is contained in:
Addison Beck 2022-02-09 12:15:20 -05:00 committed by GitHub
parent 8cb029947b
commit c282ef8575
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 5 deletions

View File

@ -313,7 +313,8 @@ import { StateFactory } from "jslib-common/factories/stateFactory";
keyConnectorService,
stateService,
null,
async () => messagingService.send("logout", { expired: false })
async (userId?: string) =>
messagingService.send("logout", { expired: false, userId: userId })
),
deps: [
CipherServiceAbstraction,

View File

@ -121,6 +121,7 @@ export class StateService<
await this.storageService.save(keys.authenticatedAccounts, this.state.authenticatedAccounts);
this.state.accounts[account.profile.userId] = account;
await this.scaffoldNewAccountStorage(account);
await this.setLastActive(new Date().getTime(), { userId: account.profile.userId });
await this.setActiveUser(account.profile.userId);
this.activeAccount.next(account.profile.userId);
}
@ -2437,6 +2438,7 @@ export class StateService<
protected async deAuthenticateAccount(userId: string) {
await this.setAccessToken(null, { userId: userId });
await this.setLastActive(null, { userId: userId });
const index = this.state.authenticatedAccounts.indexOf(userId);
if (index > -1) {
this.state.authenticatedAccounts.splice(index, 1);

View File

@ -29,7 +29,7 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
private policyService: PolicyService,
private keyConnectorService: KeyConnectorService,
private stateService: StateService,
private lockedCallback: () => Promise<void> = null,
private lockedCallback: (userId?: string) => Promise<void> = null,
private loggedOutCallback: (userId?: string) => Promise<void> = null
) {}
@ -87,7 +87,7 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
(pinSet[0] && (await this.stateService.getDecryptedPinProtected()) != null) || pinSet[1];
if (!pinLock && !(await this.isBiometricLockSet())) {
await this.logOut();
await this.logOut(userId);
}
}
@ -110,7 +110,7 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
this.messagingService.send("locked", { userId: userId });
if (this.lockedCallback != null) {
await this.lockedCallback();
await this.lockedCallback(userId);
}
}
@ -198,6 +198,6 @@ export class VaultTimeoutService implements VaultTimeoutServiceAbstraction {
private async executeTimeoutAction(userId: string): Promise<void> {
const timeoutAction = await this.stateService.getVaultTimeoutAction({ userId: userId });
timeoutAction === "logOut" ? await this.logOut() : await this.lock(true, userId);
timeoutAction === "logOut" ? await this.logOut(userId) : await this.lock(true, userId);
}
}