Auth/PM-10601 - Tech Debt Cleanup - Refactor Lock Component and User Verification to use PinService (#10408)

* PM-10601 - PinSvc new unlock check first draft * PM-10601 - PinSvc - add new method for determining if pin decryption is available. * PM-10601 - Add more docs on PinSvc * PM-10601 - Update Lock Comp & User Verification service + tests to use new isPinDecryptionAvailable method
2025-12-15 15:53:27 +00:00 · 2024-08-13 15:19:13 -04:00
parent a6176aaf2c
commit a13e99ebe9
6 changed files with 115 additions and 12 deletions
--- a/libs/common/src/auth/services/user-verification/user-verification.service.spec.ts
+++ b/libs/common/src/auth/services/user-verification/user-verification.service.spec.ts
@@ -410,6 +410,12 @@ describe("UserVerificationService", () => {

  function setPinAvailability(type: PinLockType) {
    pinService.getPinLockType.mockResolvedValue(type);
+
+    if (type === "EPHEMERAL" || type === "PERSISTENT") {
+      pinService.isPinDecryptionAvailable.mockResolvedValue(true);
+    } else if (type === "DISABLED") {
+      pinService.isPinDecryptionAvailable.mockResolvedValue(false);
+    }
  }

  function disableBiometricsAvailability() {
--- a/libs/common/src/auth/services/user-verification/user-verification.service.ts
+++ b/libs/common/src/auth/services/user-verification/user-verification.service.ts
@@ -57,13 +57,17 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
  ): Promise<UserVerificationOptions> {
    const userId = (await firstValueFrom(this.accountService.activeAccount$))?.id;
    if (verificationType === "client") {
-      const [userHasMasterPassword, pinLockType, biometricsLockSet, biometricsUserKeyStored] =
-        await Promise.all([
-          this.hasMasterPasswordAndMasterKeyHash(userId),
-          this.pinService.getPinLockType(userId),
-          this.vaultTimeoutSettingsService.isBiometricLockSet(userId),
-          this.cryptoService.hasUserKeyStored(KeySuffixOptions.Biometric, userId),
-        ]);
+      const [
+        userHasMasterPassword,
+        isPinDecryptionAvailable,
+        biometricsLockSet,
+        biometricsUserKeyStored,
+      ] = await Promise.all([
+        this.hasMasterPasswordAndMasterKeyHash(userId),
+        this.pinService.isPinDecryptionAvailable(userId),
+        this.vaultTimeoutSettingsService.isBiometricLockSet(userId),
+        this.cryptoService.hasUserKeyStored(KeySuffixOptions.Biometric, userId),
+      ]);

      // note: we do not need to check this.platformUtilsService.supportsBiometric() because
      // we can just use the logic below which works for both desktop & the browser extension.
@@ -71,7 +75,7 @@ export class UserVerificationService implements UserVerificationServiceAbstracti
      return {
        client: {
          masterPassword: userHasMasterPassword,
-          pin: pinLockType !== "DISABLED",
+          pin: isPinDecryptionAvailable,
          biometrics:
            biometricsLockSet &&
            (biometricsUserKeyStored || !this.platformUtilsService.supportsSecureStorage()),