Attempt to fix browserbiometrics
This commit is contained in:
Bernd Schoolmann
parent
49e17b36ae
commit
fd8d483e91
|
|
@ -37,6 +37,7 @@ func (registry *ActionsRegistry) Get(messageType messages.IPCMessageType) (Actio
|
|||
func ensureIsLoggedIn(action Action) Action {
|
||||
return func(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (messages.IPCMessage, error) {
|
||||
if hash, err := cfg.GetMasterPasswordHash(); err != nil || len(hash) == 0 {
|
||||
actionsLog.Error("EnsureIsLoggedIn - %s", err.Error())
|
||||
return messages.IPCMessageFromPayload(messages.ActionResponse{
|
||||
Success: false,
|
||||
Message: "Not logged in",
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package actions
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
"time"
|
||||
|
|
@ -8,7 +9,6 @@ import (
|
|||
"github.com/quexten/goldwarden/agent/config"
|
||||
"github.com/quexten/goldwarden/agent/notify"
|
||||
"github.com/quexten/goldwarden/agent/sockets"
|
||||
"github.com/quexten/goldwarden/agent/systemauth"
|
||||
"github.com/quexten/goldwarden/agent/systemauth/biometrics"
|
||||
"github.com/quexten/goldwarden/agent/systemauth/pinentry"
|
||||
"github.com/quexten/goldwarden/agent/vault"
|
||||
|
|
@ -18,12 +18,47 @@ import (
|
|||
|
||||
func handleGetBiometricsKey(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (response messages.IPCMessage, err error) {
|
||||
actionsLog.Info("Browser Biometrics: Key requested, verifying biometrics...")
|
||||
if !(systemauth.VerifyPinSession(*ctx) || biometrics.CheckBiometrics(biometrics.BrowserBiometrics)) {
|
||||
authenticated := false
|
||||
|
||||
if cfg.IsLocked() {
|
||||
actionsLog.Info("Browser Biometrics: Vault is locked, asking for pin...")
|
||||
err := cfg.TryUnlock(vault)
|
||||
if err != nil {
|
||||
actionsLog.Info("Browser Biometrics: Vault not unlocked")
|
||||
return messages.IPCMessage{}, err
|
||||
}
|
||||
ctx1 := context.Background()
|
||||
success := sync(ctx1, vault, cfg)
|
||||
if !success {
|
||||
actionsLog.Info("Browser Biometrics: Vault not synced")
|
||||
return messages.IPCMessage{}, err
|
||||
}
|
||||
actionsLog.Info("Browser Biometrics: Vault unlocked")
|
||||
authenticated = true
|
||||
} else {
|
||||
authenticated = biometrics.CheckBiometrics(biometrics.BrowserBiometrics)
|
||||
if !authenticated {
|
||||
// todo, skip when explicitly denied instead of error
|
||||
actionsLog.Info("Browser Biometrics: Biometrics not approved, asking for pin...")
|
||||
pin, err := pinentry.GetPassword("Goldwarden", "Enter your pin to unlock your vault")
|
||||
if err == nil {
|
||||
authenticated = cfg.VerifyPin(pin)
|
||||
if !authenticated {
|
||||
actionsLog.Info("Browser Biometrics: Pin not approved")
|
||||
} else {
|
||||
actionsLog.Info("Browser Biometrics: Pin approved")
|
||||
}
|
||||
}
|
||||
} else {
|
||||
actionsLog.Info("Browser Biometrics: Biometrics approved")
|
||||
}
|
||||
}
|
||||
|
||||
if !authenticated {
|
||||
response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
|
||||
Success: false,
|
||||
Message: "not approved",
|
||||
})
|
||||
actionsLog.Info("Browser Biometrics: Biometrics not approved %v", err)
|
||||
if err != nil {
|
||||
return messages.IPCMessage{}, err
|
||||
}
|
||||
|
|
@ -58,5 +93,5 @@ func handleGetBiometricsKey(request messages.IPCMessage, cfg *config.Config, vau
|
|||
}
|
||||
|
||||
func init() {
|
||||
AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.GetBiometricsKeyRequest{}), ensureIsNotLocked(ensureIsLoggedIn(handleGetBiometricsKey)))
|
||||
AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.GetBiometricsKeyRequest{}), handleGetBiometricsKey)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -288,6 +288,8 @@ func StartUnixAgent(path string, runtimeConfig config.RuntimeConfig) error {
|
|||
fd, err := l.Accept()
|
||||
if err != nil {
|
||||
println("accept error", err.Error())
|
||||
} else {
|
||||
log.Info("Accepted unix socket connection; handling request")
|
||||
}
|
||||
|
||||
go serveAgentSession(fd, ctx, vault, &cfg)
|
||||
|
|
|
|||
|
|
@ -105,6 +105,7 @@ func handlePayloadMessage(msg PayloadMessage, appID string) {
|
|||
case "biometricUnlock":
|
||||
logging.Debugf("Biometric unlock requested")
|
||||
// logging.Debugf("Biometrics authorized: %t", isAuthorized)
|
||||
logging.Debugf("Connecting to agent at path %s", runtimeConfig.GoldwardenSocketPath)
|
||||
result, err := client.NewUnixSocketClient(runtimeConfig).SendToAgent(messages.GetBiometricsKeyRequest{})
|
||||
if err != nil {
|
||||
logging.Errorf("Unable to send message to agent: %s", err.Error())
|
||||
|
|
|
|||
Loading…
Reference in New Issue