[PM-3394] Fix login with device for passwordless approvals (#2686)

* set activeUserId to null when logging in a new account
- Also stop the user key from being set in inactive accounts

* get token for login with device if approving device doesn't have master key

* add comment

* simplify logic

* check for route instead of using isAuthenticated
- we don't clear the user id when logging in new account
- this means we can't trust the state service, so we have to base our logic off the route in login with device

* use authenticated auth request for tde login with device

* [PM-3394] Add authingWithSso parameter to LoginPasswordlessRequestPage.

* pr feedback

* [PM-3394] Refactor condition

Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>

---------

Co-authored-by: André Bispo <abispo@bitwarden.com>
Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>

src/App/Pages/Accounts/LoginApproveDevicePage.xaml.cs

@@ -50,13 +50,13 @@ namespace Bit.App.Pages
 
         private async Task StartLoginWithDeviceAsync()
         {
-            var page = new LoginPasswordlessRequestPage(_vm.Email, AuthRequestType.AuthenticateAndUnlock, _appOptions);
+            var page = new LoginPasswordlessRequestPage(_vm.Email, AuthRequestType.AuthenticateAndUnlock, _appOptions, true);
             await Navigation.PushModalAsync(new NavigationPage(page));
         }
 
         private async Task RequestAdminApprovalAsync()
         {
-            var page = new LoginPasswordlessRequestPage(_vm.Email, AuthRequestType.AdminApproval, _appOptions);
+            var page = new LoginPasswordlessRequestPage(_vm.Email, AuthRequestType.AdminApproval, _appOptions, true);
             await Navigation.PushModalAsync(new NavigationPage(page));
         }
     }

src/App/Pages/Accounts/LoginPasswordlessRequestPage.xaml.cs

@@ -13,7 +13,7 @@ namespace Bit.App.Pages
         private LoginPasswordlessRequestViewModel _vm;
         private readonly AppOptions _appOptions;
 
-        public LoginPasswordlessRequestPage(string email, AuthRequestType authRequestType, AppOptions appOptions = null)
+        public LoginPasswordlessRequestPage(string email, AuthRequestType authRequestType, AppOptions appOptions = null, bool authingWithSso = false)
         {
             InitializeComponent();
             _appOptions = appOptions;
@@ -21,6 +21,7 @@ namespace Bit.App.Pages
             _vm.Page = this;
             _vm.Email = email;
             _vm.AuthRequestType = authRequestType;
+            _vm.AuthingWithSso = authingWithSso;
             _vm.StartTwoFactorAction = () => Device.BeginInvokeOnMainThread(async () => await StartTwoFactorAsync());
             _vm.LogInSuccessAction = () => Device.BeginInvokeOnMainThread(async () => await LogInSuccessAsync());
             _vm.UpdateTempPasswordAction = () => Device.BeginInvokeOnMainThread(async () => await UpdateTempPasswordAsync());

src/App/Pages/Accounts/LoginPasswordlessRequestViewModel.cs

@@ -80,6 +80,7 @@ namespace Bit.App.Pages
         public Action LogInSuccessAction { get; set; }
         public Action UpdateTempPasswordAction { get; set; }
         public Action CloseAction { get; set; }
+        public bool AuthingWithSso { get; set; }
 
         public ICommand CreatePasswordlessLoginCommand { get; }
         public ICommand CloseCommand { get; }
@@ -233,7 +234,7 @@ namespace Bit.App.Pages
             try
             {
                 PasswordlessLoginResponse response = null;
-                if (await _stateService.IsAuthenticatedAsync())
+                if (AuthingWithSso)
                 {
                     response = await _authService.GetPasswordlessLoginRequestByIdAsync(_requestId);
                 }
@@ -242,14 +243,14 @@ namespace Bit.App.Pages
                     response = await _authService.GetPasswordlessLoginResquestAsync(_requestId, _requestAccessCode);
                 }
 
-                if (response.RequestApproved == null || !response.RequestApproved.Value)
+                if (response?.RequestApproved != true)
                 {
                     return;
                 }
 
                 StopCheckLoginRequestStatus();
 
-                var authResult = await _authService.LogInPasswordlessAsync(Email, _requestAccessCode, _requestId, _requestKeyPair.Item2, response.Key, response.MasterPasswordHash);
+                var authResult = await _authService.LogInPasswordlessAsync(AuthingWithSso, Email, _requestAccessCode, _requestId, _requestKeyPair.Item2, response.Key, response.MasterPasswordHash);
                 await AppHelpers.ResetInvalidUnlockAttemptsAsync();
 
                 if (authResult == null && await _stateService.IsAuthenticatedAsync())

src/App/Pages/Accounts/LoginSsoPageViewModel.cs

@@ -240,9 +240,9 @@ namespace Bit.App.Pages
                     else if (pendingRequest != null)
                     {
                         var authRequest = await _authService.GetPasswordlessLoginRequestByIdAsync(pendingRequest.Id);
-                        if (authRequest != null && authRequest.RequestApproved != null && authRequest.RequestApproved.Value)
+                        if (authRequest?.RequestApproved == true)
                         {
-                            var authResult = await _authService.LogInPasswordlessAsync(await _stateService.GetActiveUserEmailAsync(), authRequest.RequestAccessCode, pendingRequest.Id, pendingRequest.PrivateKey, authRequest.Key, authRequest.MasterPasswordHash);
+                            var authResult = await _authService.LogInPasswordlessAsync(true, await _stateService.GetActiveUserEmailAsync(), authRequest.RequestAccessCode, pendingRequest.Id, pendingRequest.PrivateKey, authRequest.Key, authRequest.MasterPasswordHash);
                             if (authResult == null && await _stateService.IsAuthenticatedAsync())
                             {
                                 await Xamarin.Essentials.MainThread.InvokeOnMainThreadAsync(