[PM-990] Unix biometrics unlock via Polkit (#4586)

* Update unix biometrics for desktop biometrics rework * Implement polkit policy setup * Enable browser integration on Linux * Remove polkit policy file * Undo change to messages.json * Fix biometrics setup, implement missing functions * Implement osSupportsBiometrics * Fix polkit settings message * Remove unwraps in biometrics unix rust module * Force password reprompt on start on linux with biometrics * Merge branch 'main' into feature/unix-biometrics * Allow browser extension to be unlocked on Linux via Polkit * Implement availability check * Cleanup * Add auto-setup, manual setup, setup detection and change localized prompts * Implement missing methods * Add i18n to polkit message * Implement missing method * Small cleanup * Update polkit consent message * Fix unlock and print errors on failed biometrics * Add dependencies to core crate * Fix reference and update polkit policy * Remove async-trait * Add tsdoc * Add comment about auto setup * Delete unused init * Update help link * Remove additional settings for polkit * Add availability-check to passwords implementation on linux * Add availability test * Add availability check to libsecret * Expose availability check in napi crate * Update d.ts * Update osSupportsBiometric check to detect libsecret presence * Improve secret service detection * Add client half to Linux biometrics * Fix windows build * Remove unencrypted key handling for biometric key * Move rng to rust, align linux bio implementation with windows * Consolidate elevated commands into one * Disable snap support in linux biometrics --------- Co-authored-by: DigitallyRefined <129616584+DigitallyRefined@users.noreply.github.com>
2025-12-21 10:43:35 +00:00 · 2024-08-06 17:04:17 +02:00
parent 320e4f18ce
commit 2ce8500391
29 changed files with 557 additions and 80 deletions
--- a/apps/desktop/src/app/accounts/settings.component.ts
+++ b/apps/desktop/src/app/accounts/settings.component.ts
@@ -55,6 +55,7 @@ export class SettingsComponent implements OnInit, OnDestroy {
  requireEnableTray = false;
  showDuckDuckGoIntegrationOption = false;
  isWindows: boolean;
+  isLinux: boolean;

  enableTrayText: string;
  enableTrayDescText: string;
@@ -197,6 +198,7 @@ export class SettingsComponent implements OnInit, OnDestroy {
    this.userHasMasterPassword = await this.userVerificationService.hasMasterPassword();

    this.isWindows = (await this.platformUtilsService.getDevice()) === DeviceType.WindowsDesktop;
+    this.isLinux = (await this.platformUtilsService.getDevice()) === DeviceType.LinuxDesktop;

    if ((await this.stateService.getUserId()) == null) {
      return;
@@ -464,6 +466,26 @@ export class SettingsComponent implements OnInit, OnDestroy {
        return;
      }

+      const needsSetup = await this.platformUtilsService.biometricsNeedsSetup();
+      const supportsBiometricAutoSetup =
+        await this.platformUtilsService.biometricsSupportsAutoSetup();
+
+      if (needsSetup) {
+        if (supportsBiometricAutoSetup) {
+          await this.platformUtilsService.biometricsSetup();
+        } else {
+          const confirmed = await this.dialogService.openSimpleDialog({
+            title: { key: "biometricsManualSetupTitle" },
+            content: { key: "biometricsManualSetupDesc" },
+            type: "warning",
+          });
+          if (confirmed) {
+            this.platformUtilsService.launchUri("https://bitwarden.com/help/biometrics/");
+          }
+          return;
+        }
+      }
+
      await this.biometricStateService.setBiometricUnlockEnabled(true);
      if (this.isWindows) {
        // Recommended settings for Windows Hello
@@ -472,6 +494,13 @@ export class SettingsComponent implements OnInit, OnDestroy {
        await this.biometricStateService.setPromptAutomatically(false);
        await this.biometricStateService.setRequirePasswordOnStart(true);
        await this.biometricStateService.setDismissedRequirePasswordOnStartCallout();
+      } else if (this.isLinux) {
+        // Similar to Windows
+        this.form.controls.requirePasswordOnStart.setValue(true);
+        this.form.controls.autoPromptBiometrics.setValue(false);
+        await this.biometricStateService.setPromptAutomatically(false);
+        await this.biometricStateService.setRequirePasswordOnStart(true);
+        await this.biometricStateService.setDismissedRequirePasswordOnStartCallout();
      }
      await this.cryptoService.refreshAdditionalKeys();

@@ -624,7 +653,7 @@ export class SettingsComponent implements OnInit, OnDestroy {

      this.form.controls.enableBrowserIntegration.setValue(false);
      return;
-    } else if (ipc.platform.deviceType === DeviceType.LinuxDesktop) {
+    } else if (ipc.platform.isSnapStore || ipc.platform.isFlatpak) {
      await this.dialogService.openSimpleDialog({
        title: { key: "browserIntegrationUnsupportedTitle" },
        content: { key: "browserIntegrationLinuxDesc" },
@@ -735,6 +764,8 @@ export class SettingsComponent implements OnInit, OnDestroy {
        return "unlockWithTouchId";
      case DeviceType.WindowsDesktop:
        return "unlockWithWindowsHello";
+      case DeviceType.LinuxDesktop:
+        return "unlockWithPolkit";
      default:
        throw new Error("Unsupported platform");
    }
@@ -746,6 +777,8 @@ export class SettingsComponent implements OnInit, OnDestroy {
        return "autoPromptTouchId";
      case DeviceType.WindowsDesktop:
        return "autoPromptWindowsHello";
+      case DeviceType.LinuxDesktop:
+        return "autoPromptPolkit";
      default:
        throw new Error("Unsupported platform");
    }