bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-17 00:33:44 +00:00
Code Issues Releases Wiki Activity

clear bio key when pin is migrated as bio is refreshed

Browse Source
This commit is contained in:
Jacob Fink
2023-06-15 16:18:23 -04:00
parent 6b9a7ab1e6
commit c5384cd5f2
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
libs/angular/src/auth/components/lock.component.ts
View File

@@ -381,8 +381,8 @@ export class LockComponent implements OnInit, OnDestroy {
} }
/** /**
* Migrates the Pin key from encrypting the user's master key to encrypting * Creates a new Pin key that encrypts the user's symmetric key instead of the
* the user's symmetric key * master key. Clears the old Pin key from state.
* @param masterPasswordOnRestart True if Master Password on Restart is enabled * @param masterPasswordOnRestart True if Master Password on Restart is enabled
* @param kdf User's KdfType * @param kdf User's KdfType
* @param kdfConfig User's KdfConfig * @param kdfConfig User's KdfConfig
@@ -396,7 +396,7 @@ export class LockComponent implements OnInit, OnDestroy {
kdfConfig: KdfConfig, kdfConfig: KdfConfig,
oldPinProtected?: EncString oldPinProtected?: EncString
): Promise<UserSymKey> { ): Promise<UserSymKey> {
// decrypt // Decrypt
const masterKey = await this.cryptoService.decryptMasterKeyWithPin( const masterKey = await this.cryptoService.decryptMasterKeyWithPin(
this.pin, this.pin,
this.email, this.email,
@@ -409,7 +409,7 @@ export class LockComponent implements OnInit, OnDestroy {
masterKey, masterKey,
new EncString(encUserSymKey) new EncString(encUserSymKey)
); );
// migrate // Migrate
const pinKey = await this.cryptoService.makePinKey(this.pin, this.email, kdf, kdfConfig); const pinKey = await this.cryptoService.makePinKey(this.pin, this.email, kdf, kdfConfig);
const pinProtectedKey = await this.cryptoService.encrypt(userSymKey.key, pinKey); const pinProtectedKey = await this.cryptoService.encrypt(userSymKey.key, pinKey);
if (masterPasswordOnRestart) { if (masterPasswordOnRestart) {
@@ -418,10 +418,14 @@ export class LockComponent implements OnInit, OnDestroy {
} else { } else {
await this.stateService.setEncryptedPinProtected(null); await this.stateService.setEncryptedPinProtected(null);
await this.stateService.setUserSymKeyPin(pinProtectedKey); await this.stateService.setUserSymKeyPin(pinProtectedKey);
// always set the protected pin, even if MP on Restart is disabled // We previously only set the protected pin if MP on Restart was enabled
// now we set it regardless
const encPin = await this.cryptoService.encrypt(this.pin, userSymKey); const encPin = await this.cryptoService.encrypt(this.pin, userSymKey);
await this.stateService.setProtectedPin(encPin.encryptedString); await this.stateService.setProtectedPin(encPin.encryptedString);
} }
// This also clears the old Biometrics key since the new Biometrics key will
// be created when the user's symmetric key is set.
await this.stateService.setCryptoMasterKeyBiometric(null);
return userSymKey; return userSymKey;
} }
} }