PM-5064 Fix lock interaction between biometrics and vault timeout never

2025-12-05 23:53:33 +00:00 · 2023-12-04 12:14:16 -03:00
parent 11348e6bd3
commit 172476f7eb
1 changed files with 9 additions and 2 deletions
--- a/src/Core/Services/VaultTimeoutService.cs
+++ b/src/Core/Services/VaultTimeoutService.cs
@@ -63,12 +63,20 @@ namespace Bit.Core.Services
        /// </param>
        public async Task<bool> IsLockedAsync(string userId = null)
        {
+            // If biometrics are used, we can use the flag to determine locked state taking into account the auto unlock key for vault timeout never.
+            var biometricSet = await IsBiometricLockSetAsync(userId);
+            var hasAutoUnlockKey = await _cryptoService.HasAutoUnlockKeyAsync(userId);
+            if (biometricSet && await _stateService.GetBiometricLockedAsync(userId) && !hasAutoUnlockKey)
+            {
+                return true;
+            }
+
            if (!await _cryptoService.HasUserKeyAsync(userId))
            {
                try
                {
                    // Filter out accounts without auto key
-                    if (!await _cryptoService.HasAutoUnlockKeyAsync(userId))
+                    if (!hasAutoUnlockKey)
                    {
                        return true;
                    }
@@ -84,7 +92,6 @@ namespace Bit.Core.Services
                    // Legacy users must migrate on web vault before login
                    await LogOutAsync(false, userId);
                }
-
            }

            // Check again to verify auto key was set