PM-3386 Fix MP reprompt / OTP decision to be also based on the master key hash. (#2688)

src/Android/MainApplication.cs

@@ -68,7 +68,6 @@ namespace Bit.Droid
                 ServiceContainer.Register<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner", deleteAccountActionFlowExecutioner);
 
                 var verificationActionsFlowHelper = new VerificationActionsFlowHelper(
-                    ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"),
                     ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"),
                     ServiceContainer.Resolve<ICryptoService>("cryptoService"),
                     ServiceContainer.Resolve<IUserVerificationService>());

src/App/Pages/Settings/ExportVaultPageViewModel.cs

@@ -65,7 +65,7 @@ namespace Bit.App.Pages
             _initialized = true;
             FileFormatSelectedIndex = FileFormatOptions.FindIndex(k => k.Key == "json");
             DisablePrivateVaultPolicyEnabled = await _policyService.PolicyAppliesToUser(PolicyType.DisablePersonalVaultExport);
-            UseOTPVerification = !await _userVerificationService.HasMasterPasswordAsync();
+            UseOTPVerification = !await _userVerificationService.HasMasterPasswordAsync(true);
 
             if (UseOTPVerification)
             {
@@ -163,7 +163,7 @@ namespace Bit.App.Pages
                 return;
             }
 
-            var verificationType = await _userVerificationService.HasMasterPasswordAsync()
+            var verificationType = await _userVerificationService.HasMasterPasswordAsync(true)
                 ? VerificationType.MasterPassword
                 : VerificationType.OTP;
             if (!await _userVerificationService.VerifyUser(Secret, verificationType))

src/App/Utilities/VerificationActionsFlowHelper.cs

@@ -60,7 +60,6 @@ namespace Bit.App.Utilities
     /// </summary>
     public class VerificationActionsFlowHelper : IVerificationActionsFlowHelper
     {
-        private readonly IKeyConnectorService _keyConnectorService;
         private readonly IPasswordRepromptService _passwordRepromptService;
         private readonly ICryptoService _cryptoService;
         private readonly IUserVerificationService _userVerificationService;
@@ -72,12 +71,11 @@ namespace Bit.App.Utilities
 
         private readonly Dictionary<VerificationFlowAction, IActionFlowExecutioner> _actionExecutionerDictionary = new Dictionary<VerificationFlowAction, IActionFlowExecutioner>();
 
-        public VerificationActionsFlowHelper(IKeyConnectorService keyConnectorService,
+        public VerificationActionsFlowHelper(
             IPasswordRepromptService passwordRepromptService,
             ICryptoService cryptoService,
             IUserVerificationService userVerificationService)
         {
-            _keyConnectorService = keyConnectorService;
             _passwordRepromptService = passwordRepromptService;
             _cryptoService = cryptoService;
             _userVerificationService = userVerificationService;
@@ -110,7 +108,7 @@ namespace Bit.App.Utilities
 
         public async Task ValidateAndExecuteAsync()
         {
-            var verificationType = await _userVerificationService.HasMasterPasswordAsync()
+            var verificationType = await _userVerificationService.HasMasterPasswordAsync(true)
                 ? VerificationType.MasterPassword
                 : VerificationType.OTP;
 

src/Core/Abstractions/IUserVerificationService.cs

@@ -6,6 +6,6 @@ namespace Bit.Core.Abstractions
     public interface IUserVerificationService
     {
         Task<bool> VerifyUser(string secret, VerificationType verificationType);
-        Task<bool> HasMasterPasswordAsync();
+        Task<bool> HasMasterPasswordAsync(bool checkMasterKeyHash = false);
     }
 }

src/Core/Services/UserVerificationService.cs

@@ -68,15 +68,20 @@ namespace Bit.Core.Services
             await _platformUtilsService.ShowDialogAsync(errorMessage);
         }
 
-        public async Task<bool> HasMasterPasswordAsync()
+        public async Task<bool> HasMasterPasswordAsync(bool checkMasterKeyHash = false)
         {
+            async Task<bool> CheckMasterKeyHashAsync()
+            {
+                return !checkMasterKeyHash && await _cryptoService.GetMasterKeyHashAsync() != null;
+            };
+
             var decryptOptions = await _stateService.GetAccountDecryptionOptions();
             if (decryptOptions != null)
             {
-                return decryptOptions.HasMasterPassword;
+                return decryptOptions.HasMasterPassword && await CheckMasterKeyHashAsync();
             }
 
-            return !await _keyConnectorService.GetUsesKeyConnectorAsync();
+            return !await _keyConnectorService.GetUsesKeyConnectorAsync() && await CheckMasterKeyHashAsync();
         }
     }
 }

src/iOS.Core/Utilities/iOSCoreHelpers.cs

@@ -245,7 +245,6 @@ namespace Bit.iOS.Core.Utilities
             ServiceContainer.Register<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner", deleteAccountActionFlowExecutioner);
 
             var verificationActionsFlowHelper = new VerificationActionsFlowHelper(
-                ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"),
                 ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"),
                 ServiceContainer.Resolve<ICryptoService>("cryptoService"),
                 ServiceContainer.Resolve<IUserVerificationService>());