diff --git a/apps/desktop/electron-builder.json b/apps/desktop/electron-builder.json
index 9b894b0bfc7..38f11a97a8b 100644
--- a/apps/desktop/electron-builder.json
+++ b/apps/desktop/electron-builder.json
@@ -241,7 +241,16 @@
"autoStart": true,
"base": "core22",
"confinement": "strict",
- "plugs": ["default", "network-bind", "password-manager-service"],
+ "plugs": [
+ "default",
+ "network-bind",
+ "password-manager-service",
+ {
+ "polkit": {
+ "action-prefix": "com.bitwarden.Bitwarden"
+ }
+ }
+ ],
"stagePackages": ["default"]
},
"protocols": [
diff --git a/apps/desktop/package.json b/apps/desktop/package.json
index eab9a7d7119..f546563ed18 100644
--- a/apps/desktop/package.json
+++ b/apps/desktop/package.json
@@ -35,7 +35,7 @@
"clean:dist": "rimraf ./dist",
"pack:dir": "npm run clean:dist && electron-builder --dir -p never",
"pack:lin:flatpak": "npm run clean:dist && electron-builder --dir -p never && flatpak-builder --repo=build/.repo build/.flatpak ./resources/com.bitwarden.desktop.devel.yaml --install-deps-from=flathub --force-clean && flatpak build-bundle ./build/.repo/ ./dist/com.bitwarden.desktop.flatpak com.bitwarden.desktop",
- "pack:lin": "npm run clean:dist && electron-builder --linux --x64 -p never",
+ "pack:lin": "npm run clean:dist && electron-builder --linux --x64 -p never && export SNAP_FILE=$(realpath ./dist/bitwarden_*.snap) && unsquashfs -d ./dist/tmp-snap/ $SNAP_FILE && mkdir -p ./dist/tmp-snap/meta/polkit/ && cp ./resources/com.bitwarden.desktop.policy ./dist/tmp-snap/meta/polkit/polkit.com.bitwarden.desktop.policy && rm $SNAP_FILE && mksquashfs ./dist/tmp-snap/ $SNAP_FILE -noappend -comp lzo -no-fragments && rm -rf ./dist/tmp-snap/",
"pack:mac": "npm run clean:dist && electron-builder --mac --universal -p never",
"pack:mac:arm64": "npm run clean:dist && electron-builder --mac --arm64 -p never",
"pack:mac:mas": "npm run clean:dist && electron-builder --mac mas --universal -p never",
diff --git a/apps/desktop/resources/com.bitwarden.desktop.policy b/apps/desktop/resources/com.bitwarden.desktop.policy
new file mode 100644
index 00000000000..e48bc6b8fbb
--- /dev/null
+++ b/apps/desktop/resources/com.bitwarden.desktop.policy
@@ -0,0 +1,16 @@
+
+
+
+
+
+ Unlock Bitwarden
+ Authenticate to unlock Bitwarden
+
+ no
+ no
+ auth_self
+
+
+
diff --git a/apps/desktop/src/key-management/biometrics/biometric.unix.main.ts b/apps/desktop/src/key-management/biometrics/biometric.unix.main.ts
index 771f1ea3a1c..f2bcf62e03e 100644
--- a/apps/desktop/src/key-management/biometrics/biometric.unix.main.ts
+++ b/apps/desktop/src/key-management/biometrics/biometric.unix.main.ts
@@ -87,8 +87,8 @@ export default class BiometricUnixMain implements OsBiometricService {
}
async authenticateBiometric(): Promise {
- const hwnd = this.windowMain.win.getNativeWindowHandle();
- return await biometrics.prompt(hwnd, this.i18nservice.t("polkitConsentMessage"));
+ const hwnd = Buffer.from("");
+ return await biometrics.prompt(hwnd, "");
}
async osSupportsBiometric(): Promise {
@@ -98,10 +98,14 @@ export default class BiometricUnixMain implements OsBiometricService {
// This could be dynamically detected on dbus in the future.
// We should check if a libsecret implementation is available on the system
// because otherwise we cannot offlod the protected userkey to secure storage.
- return (await passwords.isAvailable()) && !isSnapStore();
+ return await passwords.isAvailable();
}
async osBiometricsNeedsSetup(): Promise {
+ if (isSnapStore()) {
+ return false;
+ }
+
// check whether the polkit policy is loaded via dbus call to polkit
return !(await biometrics.available());
}
diff --git a/apps/desktop/src/locales/en/messages.json b/apps/desktop/src/locales/en/messages.json
index e4c235dada9..f8f81a5ac2c 100644
--- a/apps/desktop/src/locales/en/messages.json
+++ b/apps/desktop/src/locales/en/messages.json
@@ -1734,9 +1734,6 @@
"windowsHelloConsentMessage": {
"message": "Verify for Bitwarden."
},
- "polkitConsentMessage": {
- "message": "Authenticate to unlock Bitwarden."
- },
"unlockWithTouchId": {
"message": "Unlock with Touch ID"
},