Fixes for password reprompt (#1416)

2025-12-12 14:23:26 +00:00 · 2021-06-10 17:57:18 +02:00
parent 33791a03ac
commit 2b8dbde923
7 changed files with 90 additions and 18 deletions
--- a/src/iOS.Autofill/CredentialProviderViewController.cs
+++ b/src/iOS.Autofill/CredentialProviderViewController.cs
@@ -79,6 +79,9 @@ namespace Bit.iOS.Autofill
        public override async void ProvideCredentialWithoutUserInteraction(ASPasswordCredentialIdentity credentialIdentity)
        {
            InitAppIfNeeded();
+            var storageService = ServiceContainer.Resolve<IStorageService>("storageService");
+            await storageService.SaveAsync(Bit.Core.Constants.PasswordRepromptAutofillKey, false);
+            await storageService.SaveAsync(Bit.Core.Constants.PasswordVerifiedAutofillKey, false);
            if (!await IsAuthed() || await IsLocked())
            {
                var err = new NSError(new NSString("ASExtensionErrorDomain"),
@@ -87,7 +90,7 @@ namespace Bit.iOS.Autofill
                return;
            }
            _context.CredentialIdentity = credentialIdentity;
-            await ProvideCredentialAsync();
+            await ProvideCredentialAsync(false);
        }

        public override async void PrepareInterfaceToProvideCredential(ASPasswordCredentialIdentity credentialIdentity)
@@ -209,7 +212,7 @@ namespace Bit.iOS.Autofill
            });
        }

-        private async Task ProvideCredentialAsync()
+        private async Task ProvideCredentialAsync(bool userInteraction = true)
        {
            var cipherService = ServiceContainer.Resolve<ICipherService>("cipherService", true);
            Bit.Core.Models.Domain.Cipher cipher = null;
@@ -229,6 +232,30 @@ namespace Bit.iOS.Autofill

            var storageService = ServiceContainer.Resolve<IStorageService>("storageService");
            var decCipher = await cipher.DecryptAsync();
+            if (decCipher.Reprompt != Bit.Core.Enums.CipherRepromptType.None)
+            {
+                // Prompt for password using either the lock screen or dialog unless
+                // already verified the password.
+                if (!userInteraction)
+                {
+                    await storageService.SaveAsync(Bit.Core.Constants.PasswordRepromptAutofillKey, true);
+                    var err = new NSError(new NSString("ASExtensionErrorDomain"),
+                    Convert.ToInt32(ASExtensionErrorCode.UserInteractionRequired), null);
+                    ExtensionContext?.CancelRequest(err);
+                    return;
+                }
+                else if (!await storageService.GetAsync<bool>(Bit.Core.Constants.PasswordVerifiedAutofillKey))
+                {
+                    var passwordRepromptService = ServiceContainer.Resolve<IPasswordRepromptService>("passwordRepromptService");
+                    if (!await passwordRepromptService.ShowPasswordPromptAsync())
+                    {
+                        var err = new NSError(new NSString("ASExtensionErrorDomain"),
+                            Convert.ToInt32(ASExtensionErrorCode.UserCanceled), null);
+                        ExtensionContext?.CancelRequest(err);
+                        return;
+                    }
+                }
+            }
            string totpCode = null;
            var disableTotpCopy = await storageService.GetAsync<bool?>(Bit.Core.Constants.DisableAutoTotpCopyKey);
            if (!disableTotpCopy.GetValueOrDefault(false))
@@ -248,7 +275,8 @@ namespace Bit.iOS.Autofill

        private async void CheckLock(Action notLockedAction)
        {
-            if (await IsLocked())
+            var storageService = ServiceContainer.Resolve<IStorageService>("storageService");
+            if (await IsLocked() || await storageService.GetAsync<bool>(Bit.Core.Constants.PasswordRepromptAutofillKey))
            {
                PerformSegue("lockPasswordSegue", this);
            }