[PM-5537] Biometric State Service (#7761)

* Create state for biometric client key halves * Move enc string util to central utils * Provide biometric state through service * Use biometric state to track client key half * Create migration for client key half * Ensure client key half is removed on logout * Remove account data for client key half * Remove unnecessary key definition likes * Remove moved state from account * Fix null-conditional operator failure * Simplify migration * Remove lame test * Fix test type * Add migrator * Prefer userKey when legacy not needed * Fix tests
2025-12-23 11:43:46 +00:00 · 2024-02-05 13:02:28 -05:00
parent 99f18c9666
commit 414ee2563f
25 changed files with 547 additions and 155 deletions
--- a/apps/desktop/src/app/accounts/settings.component.ts
+++ b/apps/desktop/src/app/accounts/settings.component.ts
@@ -12,16 +12,17 @@ import { PolicyType } from "@bitwarden/common/admin-console/enums";
 import { UserVerificationService as UserVerificationServiceAbstraction } from "@bitwarden/common/auth/abstractions/user-verification/user-verification.service.abstraction";
 import { DeviceType } from "@bitwarden/common/enums";
 import { VaultTimeoutAction } from "@bitwarden/common/enums/vault-timeout-action.enum";
-import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
 import { I18nService } from "@bitwarden/common/platform/abstractions/i18n.service";
 import { MessagingService } from "@bitwarden/common/platform/abstractions/messaging.service";
 import { PlatformUtilsService } from "@bitwarden/common/platform/abstractions/platform-utils.service";
+import { BiometricStateService } from "@bitwarden/common/platform/biometrics/biometric-state.service";
 import { ThemeType, KeySuffixOptions } from "@bitwarden/common/platform/enums";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import { DialogService } from "@bitwarden/components";

 import { SetPinComponent } from "../../auth/components/set-pin.component";
 import { flagEnabled } from "../../platform/flags";
+import { ElectronCryptoService } from "../../platform/services/electron-crypto.service";
 import { ElectronStateService } from "../../platform/services/electron-state.service.abstraction";
@Component({
  selector: "app-settings",
@@ -112,12 +113,13 @@ export class SettingsComponent implements OnInit {
    private vaultTimeoutSettingsService: VaultTimeoutSettingsService,
    private stateService: ElectronStateService,
    private messagingService: MessagingService,
-    private cryptoService: CryptoService,
+    private cryptoService: ElectronCryptoService,
    private modalService: ModalService,
    private themingService: AbstractThemingService,
    private settingsService: SettingsService,
    private dialogService: DialogService,
    private userVerificationService: UserVerificationServiceAbstraction,
+    private biometricStateService: BiometricStateService,
  ) {
    const isMac = this.platformUtilsService.getDevice() === DeviceType.MacOsDesktop;

@@ -242,8 +244,9 @@ export class SettingsComponent implements OnInit {
      pin: this.userHasPinSet,
      biometric: await this.vaultTimeoutSettingsService.isBiometricLockSet(),
      autoPromptBiometrics: !(await this.stateService.getDisableAutoBiometricsPrompt()),
-      requirePasswordOnStart:
-        (await this.stateService.getBiometricRequirePasswordOnStart()) ?? false,
+      requirePasswordOnStart: await firstValueFrom(
+        this.biometricStateService.requirePasswordOnStart$,
+      ),
      approveLoginRequests: (await this.stateService.getApproveLoginRequests()) ?? false,
      clearClipboard: await this.stateService.getClearClipboard(),
      minimizeOnCopyToClipboard: await this.stateService.getMinimizeOnCopyToClipboard(),
@@ -454,7 +457,7 @@ export class SettingsComponent implements OnInit {
        this.form.controls.requirePasswordOnStart.setValue(true);
        this.form.controls.autoPromptBiometrics.setValue(false);
        await this.stateService.setDisableAutoBiometricsPrompt(true);
-        await this.stateService.setBiometricRequirePasswordOnStart(true);
+        await this.cryptoService.setBiometricClientKeyHalf();
        await this.stateService.setDismissedBiometricRequirePasswordOnStart();
      }
      await this.cryptoService.refreshAdditionalKeys();
@@ -488,10 +491,9 @@ export class SettingsComponent implements OnInit {
      this.form.controls.autoPromptBiometrics.setValue(false);
      await this.updateAutoPromptBiometrics();

-      await this.stateService.setBiometricRequirePasswordOnStart(true);
+      await this.cryptoService.setBiometricClientKeyHalf();
    } else {
-      await this.stateService.setBiometricRequirePasswordOnStart(false);
-      await this.stateService.setBiometricEncryptionClientKeyHalf(null);
+      await this.cryptoService.removeBiometricClientKeyHalf();
    }
    await this.stateService.setDismissedBiometricRequirePasswordOnStart();
    await this.cryptoService.refreshAdditionalKeys();