diff --git a/src/Core/Services/VaultTimeoutService.cs b/src/Core/Services/VaultTimeoutService.cs
index 50b3a411b..b5c985095 100644
--- a/src/Core/Services/VaultTimeoutService.cs
+++ b/src/Core/Services/VaultTimeoutService.cs
@@ -3,7 +3,6 @@ using System.Threading.Tasks;
using Bit.Core.Abstractions;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
-using Bit.Core.Models.Domain;
namespace Bit.Core.Services
{
@@ -56,8 +55,15 @@ namespace Bit.Core.Services
public long? DelayLockAndLogoutMs { get; set; }
+ ///
+ /// Determine if the current or provided account is locked.
+ ///
+ ///
+ /// Optional specified user, must be provided if not the current account.
+ ///
public async Task IsLockedAsync(string userId = null)
{
+ // If biometrics are used, we can use the flag to determine locked state
var biometricSet = await IsBiometricLockSetAsync(userId);
if (biometricSet && await _stateService.GetBiometricLockedAsync(userId))
{
@@ -68,18 +74,21 @@ namespace Bit.Core.Services
{
try
{
+ // Filter out accounts without auto key
if (!await _cryptoService.HasAutoUnlockKeyAsync(userId))
{
return true;
}
+ // Inactive accounts with an auto key aren't locked, but we shouldn't set user key
if (userId != null && await _stateService.GetActiveUserIdAsync() != userId)
{
- await _cryptoService.SetUserKeyAsync(await _cryptoService.GetAutoUnlockKeyAsync(userId),
- userId);
+ return false;
}
+ await _cryptoService.SetUserKeyAsync(await _cryptoService.GetAutoUnlockKeyAsync(userId), userId);
}
catch (LegacyUserException)
{
+ // Legacy users must migrate on web vault before login
await LogOutAsync(false, userId);
}