check security stamp when syncing profile

src/App/Abstractions/Services/IAppSettingsService.cs

@@ -8,5 +8,6 @@ namespace Bit.App.Abstractions
         DateTime LastActivity { get; set; }
         bool AutofillPersistNotification { get; set; }
         bool AutofillPasswordField { get; set; }
+        string SecurityStamp { get; set; }
     }
 }

src/App/Constants.cs

@@ -26,7 +26,7 @@
         public const string ExtensionStarted = "extension:started";
         public const string ExtensionActivated = "extension:activated";
 
-        public const string FirstVaultLoad = "other:firstVaultLoad";
+        public const string SecurityStamp = "other:securityStamp";
         public const string LastActivityDate = "other:lastActivityDate";
         public const string Locked = "other:locked";
         public const string LastLoginEmail = "other:lastLoginEmail";

src/App/Models/Api/Response/ProfileResponse.cs

@@ -12,6 +12,7 @@ namespace Bit.App.Models.Api
         public bool TwoFactorEnabled { get; set; }
         public string Key { get; set; }
         public string PrivateKey { get; set; }
+        public string SecurityStamp { get; set; }
         public IEnumerable<ProfileOrganizationResponseModel> Organizations { get; set; }
     }
 }

src/App/Services/AppSettingsService.cs

@@ -61,5 +61,17 @@ namespace Bit.App.Services
                 _settings.AddOrUpdateValue(Constants.AutofillPasswordField, value);
             }
         }
+
+        public string SecurityStamp
+        {
+            get
+            {
+                return _settings.GetValueOrDefault<string>(Constants.SecurityStamp);
+            }
+            set
+            {
+                _settings.AddOrUpdateValue(Constants.SecurityStamp, value);
+            }
+        }
     }
 }

src/App/Services/AuthService.cs

@@ -202,7 +202,7 @@ namespace Bit.App.Services
             UserId = null;
             Email = null;
             _cryptoService.ClearKeys();
-            _settings.Remove(Constants.FirstVaultLoad);
+            _settings.Remove(Constants.SecurityStamp);
             _settings.Remove(Constants.PushLastRegistrationDate);
             _settings.Remove(Constants.Locked);
         }

src/App/Services/SyncService.cs

@@ -25,6 +25,7 @@ namespace Bit.App.Services
         private readonly IAuthService _authService;
         private readonly ICryptoService _cryptoService;
         private readonly ISettings _settings;
+        private readonly IAppSettingsService _appSettingsService;
 
         public SyncService(
             ICipherApiRepository cipherApiRepository,
@@ -37,7 +38,8 @@ namespace Bit.App.Services
             ISettingsRepository settingsRepository,
             IAuthService authService,
             ICryptoService cryptoService,
-            ISettings settings)
+            ISettings settings,
+            IAppSettingsService appSettingsService)
         {
             _cipherApiRepository = cipherApiRepository;
             _folderApiRepository = folderApiRepository;
@@ -50,6 +52,7 @@ namespace Bit.App.Services
             _authService = authService;
             _cryptoService = cryptoService;
             _settings = settings;
+            _appSettingsService = appSettingsService;
         }
 
         public bool SyncInProgress { get; private set; }
@@ -197,7 +200,8 @@ namespace Bit.App.Services
             SyncStarted();
 
             var profile = await _accountsApiRepository.GetProfileAsync().ConfigureAwait(false);
-            if(!CheckSuccess(profile))
+            if(!CheckSuccess(profile, !string.IsNullOrWhiteSpace(_appSettingsService.SecurityStamp) &&
+                _appSettingsService.SecurityStamp != profile.Result.SecurityStamp))
             {
                 return false;
             }
@@ -238,7 +242,8 @@ namespace Bit.App.Services
 
             // Just check profile first to make sure we'll have a success with the API
             var profile = await _accountsApiRepository.GetProfileAsync().ConfigureAwait(false);
-            if(!CheckSuccess(profile))
+            if(!CheckSuccess(profile, !string.IsNullOrWhiteSpace(_appSettingsService.SecurityStamp) &&
+                _appSettingsService.SecurityStamp != profile.Result.SecurityStamp))
             {
                 return false;
             }
@@ -408,6 +413,11 @@ namespace Bit.App.Services
                 _cryptoService.SetPrivateKey(new CipherString(profile.PrivateKey));
             }
 
+            if(!string.IsNullOrWhiteSpace(profile.SecurityStamp))
+            {
+                _appSettingsService.SecurityStamp = profile.SecurityStamp;
+            }
+
             _cryptoService.SetOrgKeys(profile);
             return Task.FromResult(0);
         }
@@ -434,14 +444,15 @@ namespace Bit.App.Services
             MessagingCenter.Send(Application.Current, "SyncCompleted", successfully);
         }
 
-        private bool CheckSuccess<T>(ApiResult<T> result)
+        private bool CheckSuccess<T>(ApiResult<T> result, bool logout = false)
         {
-            if(!result.Succeeded)
+            if(!result.Succeeded || logout)
             {
                 SyncCompleted(false);
 
-                if(Application.Current != null && (result.StatusCode == System.Net.HttpStatusCode.Forbidden
+                if(Application.Current != null && (logout ||
-                    || result.StatusCode == System.Net.HttpStatusCode.Unauthorized))
+                    result.StatusCode == System.Net.HttpStatusCode.Forbidden ||
+                    result.StatusCode == System.Net.HttpStatusCode.Unauthorized))
                 {
                     MessagingCenter.Send(Application.Current, "Logout", (string)null);
                 }