diff --git a/src/Core/Services/VaultTimeoutService.cs b/src/Core/Services/VaultTimeoutService.cs index 50b3a411b..b5c985095 100644 --- a/src/Core/Services/VaultTimeoutService.cs +++ b/src/Core/Services/VaultTimeoutService.cs @@ -3,7 +3,6 @@ using System.Threading.Tasks; using Bit.Core.Abstractions; using Bit.Core.Enums; using Bit.Core.Exceptions; -using Bit.Core.Models.Domain; namespace Bit.Core.Services { @@ -56,8 +55,15 @@ namespace Bit.Core.Services public long? DelayLockAndLogoutMs { get; set; } + /// + /// Determine if the current or provided account is locked. + /// + /// + /// Optional specified user, must be provided if not the current account. + /// public async Task IsLockedAsync(string userId = null) { + // If biometrics are used, we can use the flag to determine locked state var biometricSet = await IsBiometricLockSetAsync(userId); if (biometricSet && await _stateService.GetBiometricLockedAsync(userId)) { @@ -68,18 +74,21 @@ namespace Bit.Core.Services { try { + // Filter out accounts without auto key if (!await _cryptoService.HasAutoUnlockKeyAsync(userId)) { return true; } + // Inactive accounts with an auto key aren't locked, but we shouldn't set user key if (userId != null && await _stateService.GetActiveUserIdAsync() != userId) { - await _cryptoService.SetUserKeyAsync(await _cryptoService.GetAutoUnlockKeyAsync(userId), - userId); + return false; } + await _cryptoService.SetUserKeyAsync(await _cryptoService.GetAutoUnlockKeyAsync(userId), userId); } catch (LegacyUserException) { + // Legacy users must migrate on web vault before login await LogOutAsync(false, userId); }