From 9ac1d8100ae54ae9f6433a2ed1ec622ab11c9e80 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Sat, 17 Feb 2024 09:52:19 +0100
Subject: [PATCH] Grant other sessions while pin session is active

---
 agent/systemauth/systemauth.go | 28 +++++++++++++++-------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/agent/systemauth/systemauth.go b/agent/systemauth/systemauth.go
index 8f44099..d85374f 100644
--- a/agent/systemauth/systemauth.go
+++ b/agent/systemauth/systemauth.go
@@ -86,19 +86,21 @@ func GetPermission(sessionType SessionType, ctx sockets.CallingContext, config *
 	if sessionStore.verifySession(ctx, sessionType) {
 		log.Info("Permission granted from cached session")
 	} else {
-		if biometrics.BiometricsWorking() {
-			biometricsApproval := biometrics.CheckBiometrics(biometricsApprovalType)
-			if !biometricsApproval {
-				return false, nil
-			}
-		} else {
-			log.Warn("Biometrics is not available, asking for pin")
-			pin, err := pinentry.GetPassword("Enter PIN", "Biometrics is not available. Enter your pin to authorize this action. "+message)
-			if err != nil {
-				return false, err
-			}
-			if !config.VerifyPin(pin) {
-				return false, nil
+		if !sessionStore.verifySession(ctx, Pin) {
+			if biometrics.BiometricsWorking() {
+				biometricsApproval := biometrics.CheckBiometrics(biometricsApprovalType)
+				if !biometricsApproval {
+					return false, nil
+				}
+			} else {
+				log.Warn("Biometrics is not available, asking for pin")
+				pin, err := pinentry.GetPassword("Enter PIN", "Biometrics is not available. Enter your pin to authorize this action. "+message)
+				if err != nil {
+					return false, err
+				}
+				if !config.VerifyPin(pin) {
+					return false, nil
+				}
 			}
 		}