From f2be840a7d17eb923b98e8862dd6551d58a77b99 Mon Sep 17 00:00:00 2001
From: aj-rosado <109146700+aj-rosado@users.noreply.github.com>
Date: Tue, 3 Oct 2023 12:54:22 +0100
Subject: [PATCH]  Added GetOrDeriveMasterKey to UserVerificationService
 (#2808)

---
 src/App/Services/MobilePasswordRepromptService.cs |  8 +-------
 src/Core/Abstractions/ICryptoService.cs           |  1 +
 src/Core/Services/CryptoService.cs                | 11 +++++++++++
 src/Core/Services/UserVerificationService.cs      |  4 +++-
 4 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/App/Services/MobilePasswordRepromptService.cs b/src/App/Services/MobilePasswordRepromptService.cs
index f9c3112da..d5a173a2f 100644
--- a/src/App/Services/MobilePasswordRepromptService.cs
+++ b/src/App/Services/MobilePasswordRepromptService.cs
@@ -51,13 +51,7 @@ namespace Bit.App.Services
             {
                 await AppHelpers.ResetInvalidUnlockAttemptsAsync();
 
-                var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
-                await _cryptoService.SetMasterKeyAsync(masterKey);
-                var hasKey = await _cryptoService.HasUserKeyAsync();
-                if (!hasKey)
-                {
-                    await _cryptoService.SetUserKeyAsync(userKey);
-                }
+                await _cryptoService.UpdateMasterKeyAndUserKeyAsync(masterKey);
             }
 
             return passwordValid;
diff --git a/src/Core/Abstractions/ICryptoService.cs b/src/Core/Abstractions/ICryptoService.cs
index 66582bdf9..427179776 100644
--- a/src/Core/Abstractions/ICryptoService.cs
+++ b/src/Core/Abstractions/ICryptoService.cs
@@ -62,5 +62,6 @@ namespace Bit.Core.Abstractions
         Task<EncByteArray> EncryptToBytesAsync(byte[] plainValue, SymmetricCryptoKey key = null);
         Task<UserKey> DecryptAndMigrateOldPinKeyAsync(bool masterPasswordOnRestart, string pin, string email, KdfConfig kdfConfig, EncString oldPinKey);
         Task<MasterKey> GetOrDeriveMasterKeyAsync(string password, string userId = null);
+        Task UpdateMasterKeyAndUserKeyAsync(MasterKey masterKey);
     }
 }
diff --git a/src/Core/Services/CryptoService.cs b/src/Core/Services/CryptoService.cs
index 5bd3c2129..15f8d893c 100644
--- a/src/Core/Services/CryptoService.cs
+++ b/src/Core/Services/CryptoService.cs
@@ -719,6 +719,17 @@ namespace Bit.Core.Services
                 await _stateService.GetActiveUserCustomDataAsync(a => new KdfConfig(a?.Profile)));
         }
 
+        public async Task UpdateMasterKeyAndUserKeyAsync(MasterKey masterKey)
+        {
+            var userKey = await DecryptUserKeyWithMasterKeyAsync(masterKey);
+            await SetMasterKeyAsync(masterKey);
+            var hasKey = await HasUserKeyAsync();
+            if (!hasKey)
+            {
+                await SetUserKeyAsync(userKey);
+            }
+        }
+
         // --HELPER METHODS--
 
         private async Task StoreAdditionalKeysAsync(UserKey userKey, string userId = null)
diff --git a/src/Core/Services/UserVerificationService.cs b/src/Core/Services/UserVerificationService.cs
index 5399c9d70..6149ce9ba 100644
--- a/src/Core/Services/UserVerificationService.cs
+++ b/src/Core/Services/UserVerificationService.cs
@@ -48,12 +48,14 @@ namespace Bit.Core.Services
             }
             else
             {
-                var passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(secret, null);
+                var masterKey = await _cryptoService.GetOrDeriveMasterKeyAsync(secret);
+                var passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(secret, masterKey);
                 if (!passwordValid)
                 {
                     await InvalidSecretErrorAsync(verificationType);
                     return false;
                 }
+                await _cryptoService.UpdateMasterKeyAndUserKeyAsync(masterKey);
             }
 
             return true;