diff --git a/src/App/Services/MobilePasswordRepromptService.cs b/src/App/Services/MobilePasswordRepromptService.cs index f9c3112da..d5a173a2f 100644 --- a/src/App/Services/MobilePasswordRepromptService.cs +++ b/src/App/Services/MobilePasswordRepromptService.cs @@ -51,13 +51,7 @@ namespace Bit.App.Services { await AppHelpers.ResetInvalidUnlockAttemptsAsync(); - var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey); - await _cryptoService.SetMasterKeyAsync(masterKey); - var hasKey = await _cryptoService.HasUserKeyAsync(); - if (!hasKey) - { - await _cryptoService.SetUserKeyAsync(userKey); - } + await _cryptoService.UpdateMasterKeyAndUserKeyAsync(masterKey); } return passwordValid; diff --git a/src/Core/Abstractions/ICryptoService.cs b/src/Core/Abstractions/ICryptoService.cs index 66582bdf9..427179776 100644 --- a/src/Core/Abstractions/ICryptoService.cs +++ b/src/Core/Abstractions/ICryptoService.cs @@ -62,5 +62,6 @@ namespace Bit.Core.Abstractions Task EncryptToBytesAsync(byte[] plainValue, SymmetricCryptoKey key = null); Task DecryptAndMigrateOldPinKeyAsync(bool masterPasswordOnRestart, string pin, string email, KdfConfig kdfConfig, EncString oldPinKey); Task GetOrDeriveMasterKeyAsync(string password, string userId = null); + Task UpdateMasterKeyAndUserKeyAsync(MasterKey masterKey); } } diff --git a/src/Core/Services/CryptoService.cs b/src/Core/Services/CryptoService.cs index 5bd3c2129..15f8d893c 100644 --- a/src/Core/Services/CryptoService.cs +++ b/src/Core/Services/CryptoService.cs @@ -719,6 +719,17 @@ namespace Bit.Core.Services await _stateService.GetActiveUserCustomDataAsync(a => new KdfConfig(a?.Profile))); } + public async Task UpdateMasterKeyAndUserKeyAsync(MasterKey masterKey) + { + var userKey = await DecryptUserKeyWithMasterKeyAsync(masterKey); + await SetMasterKeyAsync(masterKey); + var hasKey = await HasUserKeyAsync(); + if (!hasKey) + { + await SetUserKeyAsync(userKey); + } + } + // --HELPER METHODS-- private async Task StoreAdditionalKeysAsync(UserKey userKey, string userId = null) diff --git a/src/Core/Services/UserVerificationService.cs b/src/Core/Services/UserVerificationService.cs index 5399c9d70..6149ce9ba 100644 --- a/src/Core/Services/UserVerificationService.cs +++ b/src/Core/Services/UserVerificationService.cs @@ -48,12 +48,14 @@ namespace Bit.Core.Services } else { - var passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(secret, null); + var masterKey = await _cryptoService.GetOrDeriveMasterKeyAsync(secret); + var passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(secret, masterKey); if (!passwordValid) { await InvalidSecretErrorAsync(verificationType); return false; } + await _cryptoService.UpdateMasterKeyAndUserKeyAsync(masterKey); } return true;