diff --git a/apps/browser/src/vault/popup/components/fido2/fido2.component.ts b/apps/browser/src/vault/popup/components/fido2/fido2.component.ts index fbba7a5a011..6146247a0d0 100644 --- a/apps/browser/src/vault/popup/components/fido2/fido2.component.ts +++ b/apps/browser/src/vault/popup/components/fido2/fido2.component.ts @@ -220,9 +220,10 @@ export class Fido2Component implements OnInit, OnDestroy { async submit() { const data = this.message$.value; if (data?.type === "PickCredentialRequest") { - let userVerified = false; - if (data.userVerification) { - userVerified = await this.passwordRepromptService.showPasswordPrompt(); + const userVerified = await this.handleUserVerification(data.userVerification); + + if (!userVerified) { + return; } this.send({ @@ -232,8 +233,6 @@ export class Fido2Component implements OnInit, OnDestroy { userVerified, }); } else if (data?.type === "ConfirmNewCredentialRequest") { - let userVerified = false; - if (this.cipher.login.fido2Credentials.length > 0) { const confirmed = await this.dialogService.openSimpleDialog({ title: { key: "overwritePasskey" }, @@ -246,8 +245,10 @@ export class Fido2Component implements OnInit, OnDestroy { } } - if (data.userVerification) { - userVerified = await this.passwordRepromptService.showPasswordPrompt(); + const userVerified = await this.handleUserVerification(data.userVerification); + + if (!userVerified) { + return; } this.send({ @@ -404,6 +405,16 @@ export class Fido2Component implements OnInit, OnDestroy { this.destroy$.complete(); } + private async handleUserVerification(userVerification: boolean): Promise { + const masterPasswordRempromptRequired = this.cipher && this.cipher.reprompt !== 0; + + if (!masterPasswordRempromptRequired && !userVerification) { + return true; + } + + return await this.passwordRepromptService.showPasswordPrompt(); + } + private send(msg: BrowserFido2Message) { BrowserFido2UserInterfaceSession.sendMessage({ sessionId: this.sessionId,