From 20c8eda9863a4162a6c3ab2c0dc93a41c59d13c6 Mon Sep 17 00:00:00 2001
From: Bernd Schoolmann <mail@quexten.com>
Date: Thu, 9 Jan 2025 16:37:16 +0100
Subject: [PATCH] Fix ssh agent initializiation (#12779)

---
 .../platform/services/ssh-agent.service.ts    | 37 ++++++++++++++++---
 1 file changed, 32 insertions(+), 5 deletions(-)

diff --git a/apps/desktop/src/platform/services/ssh-agent.service.ts b/apps/desktop/src/platform/services/ssh-agent.service.ts
index e860ebe1db5..726d28022e5 100644
--- a/apps/desktop/src/platform/services/ssh-agent.service.ts
+++ b/apps/desktop/src/platform/services/ssh-agent.service.ts
@@ -45,6 +45,8 @@ export class SshAgentService implements OnDestroy {
   SSH_VAULT_UNLOCK_REQUEST_TIMEOUT = 60_000;
   SSH_REQUEST_UNLOCK_POLLING_INTERVAL = 100;
 
+  private isFeatureFlagEnabled = false;
+
   private destroy$ = new Subject<void>();
 
   constructor(
@@ -65,18 +67,19 @@ export class SshAgentService implements OnDestroy {
       .getFeatureFlag$(FeatureFlag.SSHAgent)
       .pipe(
         concatMap(async (enabled) => {
-          if (enabled && !(await ipc.platform.sshAgent.isLoaded())) {
-            return this.initSshAgent();
+          this.isFeatureFlagEnabled = enabled;
+          if (!(await ipc.platform.sshAgent.isLoaded()) && enabled) {
+            await ipc.platform.sshAgent.init();
           }
         }),
         takeUntil(this.destroy$),
       )
       .subscribe();
+
+    await this.initListeners();
   }
 
-  private async initSshAgent() {
-    await ipc.platform.sshAgent.init();
-
+  private async initListeners() {
     this.messageListener
       .messages$(new CommandDefinition("sshagent.signrequest"))
       .pipe(
@@ -179,18 +182,30 @@ export class SshAgentService implements OnDestroy {
 
     this.accountService.activeAccount$.pipe(skip(1), takeUntil(this.destroy$)).subscribe({
       next: (account) => {
+        if (!this.isFeatureFlagEnabled) {
+          return;
+        }
+
         this.logService.info("Active account changed, clearing SSH keys");
         ipc.platform.sshAgent
           .clearKeys()
           .catch((e) => this.logService.error("Failed to clear SSH keys", e));
       },
       error: (e: unknown) => {
+        if (!this.isFeatureFlagEnabled) {
+          return;
+        }
+
         this.logService.error("Error in active account observable", e);
         ipc.platform.sshAgent
           .clearKeys()
           .catch((e) => this.logService.error("Failed to clear SSH keys", e));
       },
       complete: () => {
+        if (!this.isFeatureFlagEnabled) {
+          return;
+        }
+
         this.logService.info("Active account observable completed, clearing SSH keys");
         ipc.platform.sshAgent
           .clearKeys()
@@ -204,11 +219,23 @@ export class SshAgentService implements OnDestroy {
     ])
       .pipe(
         concatMap(async ([, enabled]) => {
+          if (!this.isFeatureFlagEnabled) {
+            return;
+          }
+
           if (!enabled) {
             await ipc.platform.sshAgent.clearKeys();
             return;
           }
 
+          const activeAccount = await firstValueFrom(this.accountService.activeAccount$);
+          const authStatus = await firstValueFrom(
+            this.authService.authStatusFor$(activeAccount.id),
+          );
+          if (authStatus !== AuthenticationStatus.Unlocked) {
+            return;
+          }
+
           const ciphers = await this.cipherService.getAllDecrypted();
           if (ciphers == null) {
             await ipc.platform.sshAgent.lock();