Fix vault pin not settable without biometrics

2024-01-19 09:26:19 +01:00 · 2024-01-19 09:26:19 +01:00 · d2cd2da7e2
parent f3954e196c
commit d2cd2da7e2
1 changed files with 52 additions and 2 deletions
--- a/agent/actions/vault.go
+++ b/agent/actions/vault.go
@ -7,7 +7,7 @@ import (
 	"github.com/quexten/goldwarden/agent/bitwarden/crypto"
 	"github.com/quexten/goldwarden/agent/config"
 	"github.com/quexten/goldwarden/agent/sockets"
-	"github.com/quexten/goldwarden/agent/systemauth"
+	"github.com/quexten/goldwarden/agent/systemauth/biometrics"
 	"github.com/quexten/goldwarden/agent/systemauth/pinentry"
 	"github.com/quexten/goldwarden/agent/vault"
@ -160,6 +160,56 @@ func handleWipeVault(request messages.IPCMessage, cfg *config.Config, vault *vau
 }
 func handleUpdateVaultPin(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, callingContext *sockets.CallingContext) (response messages.IPCMessage, err error) {
 	//todo refactor
 	if cfg.HasPin() {
 		authenticated := false
 		if cfg.IsLocked() {
 			actionsLog.Info("Browser Biometrics: Vault is locked, asking for pin...")
 			err := cfg.TryUnlock(vault)
 			if err != nil {
 				actionsLog.Info("Browser Biometrics: Vault not unlocked")
 				return messages.IPCMessage{}, err
 			}
 			ctx1 := context.Background()
 			success := sync(ctx1, vault, cfg)
 			if !success {
 				actionsLog.Info("Browser Biometrics: Vault not synced")
 				return messages.IPCMessage{}, err
 			}
 			actionsLog.Info("Browser Biometrics: Vault unlocked")
 			authenticated = true
 		} else {
 			authenticated = biometrics.CheckBiometrics(biometrics.BrowserBiometrics)
 			if !authenticated {
 				// todo, skip when explicitly denied instead of error
 				actionsLog.Info("Browser Biometrics: Biometrics not approved, asking for pin...")
 				pin, err := pinentry.GetPassword("Goldwarden", "Enter your pin to unlock your vault")
 				if err == nil {
 					authenticated = cfg.VerifyPin(pin)
 					if !authenticated {
 						actionsLog.Info("Browser Biometrics: Pin not approved")
 					} else {
 						actionsLog.Info("Browser Biometrics: Pin approved")
 					}
 				}
 			} else {
 				actionsLog.Info("Browser Biometrics: Biometrics approved")
 			}
 		}
 		if !authenticated {
 			response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
 				Success: false,
 				Message: "Not authenticated",
 			})
 			if err != nil {
 				return messages.IPCMessage{}, err
 			} else {
 				return response, nil
 			}
 		}
 	}
 	pin, err := pinentry.GetPassword("Pin Change", "Enter your desired pin")
 	if err != nil {
 		response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
@ -214,7 +264,7 @@ func init() {
 	AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.UnlockVaultRequest{}), handleUnlockVault)
 	AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.LockVaultRequest{}), handleLockVault)
 	AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.WipeVaultRequest{}), handleWipeVault)
-	AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.UpdateVaultPINRequest{}), ensureBiometricsAuthorized(systemauth.AccessVault, handleUpdateVaultPin))
+	AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.UpdateVaultPINRequest{}), handleUpdateVaultPin)
 	AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.GetVaultPINRequest{}), handlePinStatus)
 	AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.VaultStatusRequest{}), handleVaultStatus)
 }