[PM-2293] Fix login with device normal flow and SSO

2026-01-18 00:13:16 +00:00 · 2023-07-24 13:07:06 +01:00
parent 9b02879782
commit 01ed99e4b1
2 changed files with 48 additions and 6 deletions
--- a/src/App/Pages/Accounts/LoginPasswordlessRequestViewModel.cs
+++ b/src/App/Pages/Accounts/LoginPasswordlessRequestViewModel.cs
@@ -221,6 +221,13 @@ namespace Bit.App.Pages
                var authResult = await _authService.LogInPasswordlessAsync(Email, _requestAccessCode, _requestId, _requestKeyPair.Item2, response.Key, response.MasterPasswordHash);
                await AppHelpers.ResetInvalidUnlockAttemptsAsync();

+                if(authResult == null && await _stateService.IsAuthenticatedAsync())
+                {
+                    _syncService.FullSyncAsync(true).FireAndForget();
+                    LogInSuccessAction?.Invoke();
+                    return;
+                }
+
                if (await HandleCaptchaAsync(authResult.CaptchaSiteKey, authResult.CaptchaNeeded, CheckLoginRequestStatus))
                {
                    return;
@@ -237,7 +244,6 @@ namespace Bit.App.Pages
                else
                {
                    _syncService.FullSyncAsync(true).FireAndForget();
-                    await _deviceTrustCryptoService.TrustDeviceIfNeededAsync();
                    LogInSuccessAction?.Invoke();
                }
            }
@@ -255,6 +261,15 @@ namespace Bit.App.Pages
            var response = await _authService.PasswordlessCreateLoginRequestAsync(_email, AuthRequestType);
            if (response != null)
            {
+                //TODO TDE if is admin type save to memory to later see if it was approved
+                /*
+                  const adminAuthReqStorable = new AdminAuthRequestStorable({
+                      id: reqResponse.id,
+                      privateKey: this.authRequestKeyPair.privateKey,
+                    });
+
+                    await this.stateService.setAdminAuthRequest(adminAuthReqStorable);
+                */
                FingerprintPhrase = response.FingerprintPhrase;
                _requestId = response.Id;
                _requestAccessCode = response.RequestAccessCode;
--- a/src/Core/Services/AuthService.cs
+++ b/src/Core/Services/AuthService.cs
@@ -198,12 +198,32 @@ namespace Bit.Core.Services
            return !await _policyService.EvaluateMasterPassword(strength.Value, masterPassword, _masterPasswordPolicy);
        }

-        public async Task<AuthResult> LogInPasswordlessAsync(string email, string accessCode, string authRequestId, byte[] decryptionKey, string userKeyCiphered, string localHashedPasswordCiphered)
+        public async Task<AuthResult> LogInPasswordlessAsync(string email, string accessCode, string authRequestId, byte[] decryptionKey, string masterKey, string masterKeyHash)
        {
-            var decKey = await _cryptoService.RsaDecryptAsync(userKeyCiphered, decryptionKey);
-            var decPasswordHash = await _cryptoService.RsaDecryptAsync(localHashedPasswordCiphered, decryptionKey);
-            return await LogInHelperAsync(email, accessCode, Encoding.UTF8.GetString(decPasswordHash), null, null, null, new MasterKey(decKey), null, null,
+            AuthResult response = null;
+            // On SSO flow user is already AuthN
+            if (await this._stateService.IsAuthenticatedAsync())
+            {
+                var decryptedKey = await _cryptoService.RsaDecryptAsync(masterKey, decryptionKey);
+                if (string.IsNullOrEmpty(masterKeyHash))
+                {
+                    await _cryptoService.SetUserKeyAsync(new UserKey(decryptedKey));
+                }
+                else
+                {
+                    var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(new MasterKey(decryptedKey));
+                    await _cryptoService.SetUserKeyAsync(userKey);
+                }
+                await _deviceTrustCryptoService.TrustDeviceIfNeededAsync();
+            }
+            else
+            {
+                var decKey = await _cryptoService.RsaDecryptAsync(masterKey, decryptionKey);
+                var decKeyHash = await _cryptoService.RsaDecryptAsync(masterKeyHash, decryptionKey);
+                response = await LogInHelperAsync(email, accessCode, Encoding.UTF8.GetString(decKeyHash), null, null, null, new MasterKey(decKey), null, null,
                null, null, authRequestId: authRequestId);
+            }
+            return response;
        }

        public async Task<AuthResult> LogInSsoAsync(string code, string codeVerifier, string redirectUrl, string orgId)
@@ -474,7 +494,6 @@ namespace Bit.Core.Services
            _messagingService.Send("accountAdded");
            if (_setCryptoKeys)
            {
-
                if (localHashedPassword != null)
                {
                    await _cryptoService.SetPasswordHashAsync(localHashedPassword);
@@ -506,6 +525,14 @@ namespace Bit.Core.Services
                        await _cryptoService.SetUserKeyAsync(userKey);
                    }

+                    // Login with Device
+                    if (masterKey != null && !string.IsNullOrEmpty(authRequestId))
+                    {
+                        await _cryptoService.SetMasterKeyAsync(masterKey);
+                        var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
+                        await _cryptoService.SetUserKeyAsync(userKey);
+                    }
+
                    // User doesn't have a key pair yet (old account), let's generate one for them.
                    if (tokenResponse.PrivateKey == null)
                    {