import { ConstantsService } from './constants.service'; import { CipherService } from '../abstractions/cipher.service'; import { CollectionService } from '../abstractions/collection.service'; import { CryptoService } from '../abstractions/crypto.service'; import { FolderService } from '../abstractions/folder.service'; import { MessagingService } from '../abstractions/messaging.service'; import { PlatformUtilsService } from '../abstractions/platformUtils.service'; import { PolicyService } from '../abstractions/policy.service'; import { SearchService } from '../abstractions/search.service'; import { StorageService } from '../abstractions/storage.service'; import { TokenService } from '../abstractions/token.service'; import { UserService } from '../abstractions/user.service'; import { VaultTimeoutService as VaultTimeoutServiceAbstraction } from '../abstractions/vaultTimeout.service'; import { PolicyType } from '../enums/policyType'; import { EncString } from '../models/domain/encString'; export class VaultTimeoutService implements VaultTimeoutServiceAbstraction { pinProtectedKey: EncString = null; biometricLocked: boolean = true; everBeenUnlocked: boolean = false; private inited = false; constructor(private cipherService: CipherService, private folderService: FolderService, private collectionService: CollectionService, private cryptoService: CryptoService, protected platformUtilsService: PlatformUtilsService, private storageService: StorageService, private messagingService: MessagingService, private searchService: SearchService, private userService: UserService, private tokenService: TokenService, private policyService: PolicyService, private lockedCallback: () => Promise = null, private loggedOutCallback: () => Promise = null) { } init(checkOnInterval: boolean) { if (this.inited) { return; } this.inited = true; if (checkOnInterval) { this.startCheck(); } } startCheck() { this.checkVaultTimeout(); setInterval(() => this.checkVaultTimeout(), 10 * 1000); // check every 10 seconds } // Keys aren't stored for a device that is locked or logged out. async isLocked(): Promise { // Handle never lock startup situation if (await this.cryptoService.hasKeyStored('auto') && !this.everBeenUnlocked) { await this.cryptoService.getKey('auto'); } return !this.cryptoService.hasKeyInMemory(); } async checkVaultTimeout(): Promise { if (await this.platformUtilsService.isViewOpen()) { // Do not lock return; } // "is logged out check" - similar to isLocked, below const authed = await this.userService.isAuthenticated(); if (!authed) { return; } if (await this.isLocked()) { return; } const vaultTimeout = await this.getVaultTimeout(); if (vaultTimeout == null || vaultTimeout < 0) { return; } const lastActive = await this.storageService.get(ConstantsService.lastActiveKey); if (lastActive == null) { return; } const vaultTimeoutSeconds = vaultTimeout * 60; const diffSeconds = ((new Date()).getTime() - lastActive) / 1000; if (diffSeconds >= vaultTimeoutSeconds) { // Pivot based on the saved vault timeout action const timeoutAction = await this.storageService.get(ConstantsService.vaultTimeoutActionKey); timeoutAction === 'logOut' ? await this.logOut() : await this.lock(true); } } async lock(allowSoftLock = false): Promise { const authed = await this.userService.isAuthenticated(); if (!authed) { return; } this.biometricLocked = true; this.everBeenUnlocked = true; await this.cryptoService.clearKey(false); await this.cryptoService.clearOrgKeys(true); await this.cryptoService.clearKeyPair(true); await this.cryptoService.clearEncKey(true); this.folderService.clearCache(); this.cipherService.clearCache(); this.collectionService.clearCache(); this.searchService.clearIndex(); this.messagingService.send('locked'); if (this.lockedCallback != null) { await this.lockedCallback(); } } async logOut(): Promise { if (this.loggedOutCallback != null) { await this.loggedOutCallback(); } } async setVaultTimeoutOptions(timeout: number, action: string): Promise { await this.storageService.save(ConstantsService.vaultTimeoutKey, timeout); await this.storageService.save(ConstantsService.vaultTimeoutActionKey, action); await this.cryptoService.toggleKey(); await this.tokenService.toggleTokens(); } async isPinLockSet(): Promise<[boolean, boolean]> { const protectedPin = await this.storageService.get(ConstantsService.protectedPin); const pinProtectedKey = await this.storageService.get(ConstantsService.pinProtectedKey); return [protectedPin != null, pinProtectedKey != null]; } async isBiometricLockSet(): Promise { return await this.storageService.get(ConstantsService.biometricUnlockKey); } async getVaultTimeout(): Promise { const vaultTimeout = await this.storageService.get(ConstantsService.vaultTimeoutKey); if (await this.policyService.policyAppliesToUser(PolicyType.MaximumVaultTimeout)) { const policy = await this.policyService.getAll(PolicyType.MaximumVaultTimeout); // Remove negative values, and ensure it's smaller than maximum allowed value according to policy let timeout = Math.min(vaultTimeout, policy[0].data.minutes); if (vaultTimeout == null || timeout < 0) { timeout = policy[0].data.minutes; } // We really shouldn't need to set the value here, but multiple services relies on this value being correct. if (vaultTimeout !== timeout) { await this.storageService.save(ConstantsService.vaultTimeoutKey, timeout); } return timeout; } return vaultTimeout; } clear(): Promise { this.everBeenUnlocked = false; this.pinProtectedKey = null; return this.storageService.remove(ConstantsService.protectedPin); } }