2023-07-17 05:02:29 +02:00
package actions
import (
"encoding/base64"
"fmt"
"github.com/quexten/goldwarden/agent/config"
"github.com/quexten/goldwarden/agent/sockets"
2023-09-19 21:49:56 +02:00
"github.com/quexten/goldwarden/agent/systemauth"
2023-09-12 01:22:48 +02:00
"github.com/quexten/goldwarden/agent/systemauth/biometrics"
2023-09-12 02:54:46 +02:00
"github.com/quexten/goldwarden/agent/systemauth/pinentry"
2023-07-17 05:02:29 +02:00
"github.com/quexten/goldwarden/agent/vault"
2023-09-20 03:05:44 +02:00
"github.com/quexten/goldwarden/ipc/messages"
2023-07-17 05:02:29 +02:00
)
2023-09-20 03:05:44 +02:00
func handleGetBiometricsKey ( request messages . IPCMessage , cfg * config . Config , vault * vault . Vault , ctx * sockets . CallingContext ) ( response messages . IPCMessage , err error ) {
2023-09-19 21:49:56 +02:00
if ! ( systemauth . VerifyPinSession ( * ctx ) || biometrics . CheckBiometrics ( biometrics . BrowserBiometrics ) ) {
2023-09-20 03:05:44 +02:00
response , err = messages . IPCMessageFromPayload ( messages . ActionResponse {
2023-09-19 21:49:56 +02:00
Success : false ,
Message : "not approved" ,
} )
if err != nil {
2023-09-20 03:05:44 +02:00
return messages . IPCMessage { } , err
2023-09-19 21:49:56 +02:00
}
return response , nil
}
2023-09-12 02:54:46 +02:00
if approved , err := pinentry . GetApproval ( "Approve Credential Access" , fmt . Sprintf ( "%s on %s>%s>%s is trying to access your vault encryption key for browser biometric unlock." , ctx . UserName , ctx . GrandParentProcessName , ctx . ParentProcessName , ctx . ProcessName ) ) ; err != nil || ! approved {
2023-09-20 03:05:44 +02:00
response , err = messages . IPCMessageFromPayload ( messages . ActionResponse {
2023-07-17 05:02:29 +02:00
Success : false ,
Message : "not approved" ,
} )
if err != nil {
2023-09-20 03:05:44 +02:00
return messages . IPCMessage { } , err
2023-07-17 05:02:29 +02:00
}
return response , nil
}
masterKey , err := cfg . GetMasterKey ( )
2023-09-19 21:49:56 +02:00
if err != nil {
2023-09-20 03:05:44 +02:00
return messages . IPCMessage { } , err
2023-09-19 21:49:56 +02:00
}
2023-07-17 05:02:29 +02:00
masterKeyB64 := base64 . StdEncoding . EncodeToString ( masterKey )
2023-09-20 03:05:44 +02:00
response , err = messages . IPCMessageFromPayload ( messages . GetBiometricsKeyResponse {
2023-07-17 05:02:29 +02:00
Key : masterKeyB64 ,
} )
return response , err
}
func init ( ) {
2023-09-20 03:05:44 +02:00
AgentActionsRegistry . Register ( messages . MessageTypeForEmptyPayload ( messages . GetBiometricsKeyRequest { } ) , ensureIsNotLocked ( ensureIsLoggedIn ( handleGetBiometricsKey ) ) )
2023-07-17 05:02:29 +02:00
}