fix isLocked logic and add comments (#2802)

This commit is contained in:
Jake Fink 2023-10-13 13:41:52 -04:00 committed by GitHub
parent bc2eb212a6
commit 21fc56457d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -3,7 +3,6 @@ using System.Threading.Tasks;
using Bit.Core.Abstractions; using Bit.Core.Abstractions;
using Bit.Core.Enums; using Bit.Core.Enums;
using Bit.Core.Exceptions; using Bit.Core.Exceptions;
using Bit.Core.Models.Domain;
namespace Bit.Core.Services namespace Bit.Core.Services
{ {
@ -56,8 +55,15 @@ namespace Bit.Core.Services
public long? DelayLockAndLogoutMs { get; set; } public long? DelayLockAndLogoutMs { get; set; }
/// <summary>
/// Determine if the current or provided account is locked.
/// </summary>
/// <param name="userId">
/// Optional specified user, must be provided if not the current account.
/// </param>
public async Task<bool> IsLockedAsync(string userId = null) public async Task<bool> IsLockedAsync(string userId = null)
{ {
// If biometrics are used, we can use the flag to determine locked state
var biometricSet = await IsBiometricLockSetAsync(userId); var biometricSet = await IsBiometricLockSetAsync(userId);
if (biometricSet && await _stateService.GetBiometricLockedAsync(userId)) if (biometricSet && await _stateService.GetBiometricLockedAsync(userId))
{ {
@ -68,18 +74,21 @@ namespace Bit.Core.Services
{ {
try try
{ {
// Filter out accounts without auto key
if (!await _cryptoService.HasAutoUnlockKeyAsync(userId)) if (!await _cryptoService.HasAutoUnlockKeyAsync(userId))
{ {
return true; return true;
} }
// Inactive accounts with an auto key aren't locked, but we shouldn't set user key
if (userId != null && await _stateService.GetActiveUserIdAsync() != userId) if (userId != null && await _stateService.GetActiveUserIdAsync() != userId)
{ {
await _cryptoService.SetUserKeyAsync(await _cryptoService.GetAutoUnlockKeyAsync(userId), return false;
userId);
} }
await _cryptoService.SetUserKeyAsync(await _cryptoService.GetAutoUnlockKeyAsync(userId), userId);
} }
catch (LegacyUserException) catch (LegacyUserException)
{ {
// Legacy users must migrate on web vault before login
await LogOutAsync(false, userId); await LogOutAsync(false, userId);
} }