bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-16 16:23:44 +00:00
Code Issues Releases Wiki Activity

clear bio key when pin is migrated as bio is refreshed

Browse Source
This commit is contained in:
Jacob Fink
2023-06-15 16:18:23 -04:00
parent 6b9a7ab1e6
commit c5384cd5f2
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
libs/angular/src/auth/components/lock.component.ts
View File

@@ -381,8 +381,8 @@ export class LockComponent implements OnInit, OnDestroy {
}
/**
* Migrates the Pin key from encrypting the user's master key to encrypting
* the user's symmetric key
* Creates a new Pin key that encrypts the user's symmetric key instead of the
* master key. Clears the old Pin key from state.
* @param masterPasswordOnRestart True if Master Password on Restart is enabled
* @param kdf User's KdfType
* @param kdfConfig User's KdfConfig
@@ -396,7 +396,7 @@ export class LockComponent implements OnInit, OnDestroy {
kdfConfig: KdfConfig,
oldPinProtected?: EncString
): Promise<UserSymKey> {
// decrypt
// Decrypt
const masterKey = await this.cryptoService.decryptMasterKeyWithPin(
this.pin,
this.email,
@@ -409,7 +409,7 @@ export class LockComponent implements OnInit, OnDestroy {
masterKey,
new EncString(encUserSymKey)
);
// migrate
// Migrate
const pinKey = await this.cryptoService.makePinKey(this.pin, this.email, kdf, kdfConfig);
const pinProtectedKey = await this.cryptoService.encrypt(userSymKey.key, pinKey);
if (masterPasswordOnRestart) {
@@ -418,10 +418,14 @@ export class LockComponent implements OnInit, OnDestroy {
} else {
await this.stateService.setEncryptedPinProtected(null);
await this.stateService.setUserSymKeyPin(pinProtectedKey);
// always set the protected pin, even if MP on Restart is disabled
// We previously only set the protected pin if MP on Restart was enabled
// now we set it regardless
const encPin = await this.cryptoService.encrypt(this.pin, userSymKey);
await this.stateService.setProtectedPin(encPin.encryptedString);
}
// This also clears the old Biometrics key since the new Biometrics key will
// be created when the user's symmetric key is set.
await this.stateService.setCryptoMasterKeyBiometric(null);
return userSymKey;
}
}