PM-3386 Fix MP reprompt / OTP decision to be also based on the master key hash. (#2688)

2025-12-21 18:53:29 +00:00 · 2023-08-14 14:53:55 -03:00
parent afeec41500
commit 12f8c7b0d3
6 changed files with 13 additions and 12 deletions
--- a/src/Android/MainApplication.cs
+++ b/src/Android/MainApplication.cs
@@ -68,7 +68,6 @@ namespace Bit.Droid
                ServiceContainer.Register<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner", deleteAccountActionFlowExecutioner);

                var verificationActionsFlowHelper = new VerificationActionsFlowHelper(
-                    ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"),
                    ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"),
                    ServiceContainer.Resolve<ICryptoService>("cryptoService"),
                    ServiceContainer.Resolve<IUserVerificationService>());
--- a/src/App/Pages/Settings/ExportVaultPageViewModel.cs
+++ b/src/App/Pages/Settings/ExportVaultPageViewModel.cs
@@ -65,7 +65,7 @@ namespace Bit.App.Pages
            _initialized = true;
            FileFormatSelectedIndex = FileFormatOptions.FindIndex(k => k.Key == "json");
            DisablePrivateVaultPolicyEnabled = await _policyService.PolicyAppliesToUser(PolicyType.DisablePersonalVaultExport);
-            UseOTPVerification = !await _userVerificationService.HasMasterPasswordAsync();
+            UseOTPVerification = !await _userVerificationService.HasMasterPasswordAsync(true);

            if (UseOTPVerification)
            {
@@ -163,7 +163,7 @@ namespace Bit.App.Pages
                return;
            }

-            var verificationType = await _userVerificationService.HasMasterPasswordAsync()
+            var verificationType = await _userVerificationService.HasMasterPasswordAsync(true)
                ? VerificationType.MasterPassword
                : VerificationType.OTP;
            if (!await _userVerificationService.VerifyUser(Secret, verificationType))
--- a/src/App/Utilities/VerificationActionsFlowHelper.cs
+++ b/src/App/Utilities/VerificationActionsFlowHelper.cs
@@ -60,7 +60,6 @@ namespace Bit.App.Utilities
    /// </summary>
    public class VerificationActionsFlowHelper : IVerificationActionsFlowHelper
    {
-        private readonly IKeyConnectorService _keyConnectorService;
        private readonly IPasswordRepromptService _passwordRepromptService;
        private readonly ICryptoService _cryptoService;
        private readonly IUserVerificationService _userVerificationService;
@@ -72,12 +71,11 @@ namespace Bit.App.Utilities

        private readonly Dictionary<VerificationFlowAction, IActionFlowExecutioner> _actionExecutionerDictionary = new Dictionary<VerificationFlowAction, IActionFlowExecutioner>();

-        public VerificationActionsFlowHelper(IKeyConnectorService keyConnectorService,
+        public VerificationActionsFlowHelper(
            IPasswordRepromptService passwordRepromptService,
            ICryptoService cryptoService,
            IUserVerificationService userVerificationService)
        {
-            _keyConnectorService = keyConnectorService;
            _passwordRepromptService = passwordRepromptService;
            _cryptoService = cryptoService;
            _userVerificationService = userVerificationService;
@@ -110,7 +108,7 @@ namespace Bit.App.Utilities

        public async Task ValidateAndExecuteAsync()
        {
-            var verificationType = await _userVerificationService.HasMasterPasswordAsync()
+            var verificationType = await _userVerificationService.HasMasterPasswordAsync(true)
                ? VerificationType.MasterPassword
                : VerificationType.OTP;

--- a/src/Core/Abstractions/IUserVerificationService.cs
+++ b/src/Core/Abstractions/IUserVerificationService.cs
@@ -6,6 +6,6 @@ namespace Bit.Core.Abstractions
    public interface IUserVerificationService
    {
        Task<bool> VerifyUser(string secret, VerificationType verificationType);
-        Task<bool> HasMasterPasswordAsync();
+        Task<bool> HasMasterPasswordAsync(bool checkMasterKeyHash = false);
    }
 }
--- a/src/Core/Services/UserVerificationService.cs
+++ b/src/Core/Services/UserVerificationService.cs
@@ -68,15 +68,20 @@ namespace Bit.Core.Services
            await _platformUtilsService.ShowDialogAsync(errorMessage);
        }

-        public async Task<bool> HasMasterPasswordAsync()
+        public async Task<bool> HasMasterPasswordAsync(bool checkMasterKeyHash = false)
        {
+            async Task<bool> CheckMasterKeyHashAsync()
+            {
+                return !checkMasterKeyHash && await _cryptoService.GetMasterKeyHashAsync() != null;
+            };
+
            var decryptOptions = await _stateService.GetAccountDecryptionOptions();
            if (decryptOptions != null)
            {
-                return decryptOptions.HasMasterPassword;
+                return decryptOptions.HasMasterPassword && await CheckMasterKeyHashAsync();
            }

-            return !await _keyConnectorService.GetUsesKeyConnectorAsync();
+            return !await _keyConnectorService.GetUsesKeyConnectorAsync() && await CheckMasterKeyHashAsync();
        }
    }
 }
--- a/src/iOS.Core/Utilities/iOSCoreHelpers.cs
+++ b/src/iOS.Core/Utilities/iOSCoreHelpers.cs
@@ -245,7 +245,6 @@ namespace Bit.iOS.Core.Utilities
            ServiceContainer.Register<IDeleteAccountActionFlowExecutioner>("deleteAccountActionFlowExecutioner", deleteAccountActionFlowExecutioner);

            var verificationActionsFlowHelper = new VerificationActionsFlowHelper(
-                ServiceContainer.Resolve<IKeyConnectorService>("keyConnectorService"),
                ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService"),
                ServiceContainer.Resolve<ICryptoService>("cryptoService"),
                ServiceContainer.Resolve<IUserVerificationService>());