[PM-2297] Add trust device login logic to auth service

src/App/Pages/Accounts/LoginSsoPageViewModel.cs

@@ -232,15 +232,6 @@ namespace Bit.App.Pages
                     }
                     else if (await _deviceTrustCryptoService.IsDeviceTrustedAsync())
                     {
-                        // TODO MOVE THIS CODE TO AUTH SERVICE
-                        //if (await _deviceTrustCryptoService.IsDeviceTrustedAsync() && decryptOptions?.TrustedDeviceOption != null)
-                        //{
-                        //    var key = await _deviceTrustCryptoService.DecryptUserKeyWithDeviceKeyAsync(decryptOptions?.TrustedDeviceOption.EncryptedPrivateKey, decryptOptions?.TrustedDeviceOption.EncryptedUserKey);
-                        //    if (key != null)
-                        //    {
-                        //        await _cryptoService.SetEncKeyAsync(key);
-                        //    }
-                        //}
                         var task = Task.Run(async () => await _syncService.FullSyncAsync(true));
                         SsoAuthSuccessAction?.Invoke();
                     }

src/Core/Services/AuthService.cs

@@ -27,6 +27,7 @@ namespace Bit.Core.Services
         private readonly IKeyConnectorService _keyConnectorService;
         private readonly IPasswordGenerationService _passwordGenerationService;
         private readonly IPolicyService _policyService;
+        private readonly IDeviceTrustCryptoService _deviceTrustCryptoService;
         private readonly bool _setCryptoKeys;
 
         private readonly LazyResolve<IWatchDeviceService> _watchDeviceService = new LazyResolve<IWatchDeviceService>();
@@ -50,6 +51,7 @@ namespace Bit.Core.Services
             IKeyConnectorService keyConnectorService,
             IPasswordGenerationService passwordGenerationService,
             IPolicyService policyService,
+            IDeviceTrustCryptoService deviceTrustCryptoService,
             bool setCryptoKeys = true)
         {
             _cryptoService = cryptoService;
@@ -64,6 +66,7 @@ namespace Bit.Core.Services
             _keyConnectorService = keyConnectorService;
             _passwordGenerationService = passwordGenerationService;
             _policyService = policyService;
+            _deviceTrustCryptoService = deviceTrustCryptoService;
             _setCryptoKeys = setCryptoKeys;
 
             TwoFactorProviders = new Dictionary<TwoFactorProviderType, TwoFactorProvider>();
@@ -486,11 +489,23 @@ namespace Bit.Core.Services
 
                     await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(tokenResponse.Key);
 
-                    if (masterKey != null)
+                    var decryptOptions = await _stateService.GetAccountDecryptionOptions();
+                    if (await _deviceTrustCryptoService.IsDeviceTrustedAsync() && decryptOptions?.TrustedDeviceOption != null)
                     {
-                        await _cryptoService.SetMasterKeyAsync(masterKey);
-                        var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
-                        await _cryptoService.SetUserKeyAsync(userKey);
+                        var key = await _deviceTrustCryptoService.DecryptUserKeyWithDeviceKeyAsync(decryptOptions?.TrustedDeviceOption.EncryptedPrivateKey, decryptOptions?.TrustedDeviceOption.EncryptedUserKey);
+                        if (key != null)
+                        {
+                            await _cryptoService.SetUserKeyAsync(key);
+                        }
+                    }
+                    else if (!string.IsNullOrEmpty(tokenResponse.KeyConnectorUrl) || !string.IsNullOrEmpty(decryptOptions?.KeyConnectorOption?.KeyConnectorUrl))
+                    {
+                        if (masterKey != null)
+                        {
+                            await _cryptoService.SetMasterKeyAsync(masterKey);
+                            var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey);
+                            await _cryptoService.SetUserKeyAsync(userKey);
+                        }
                     }
 
                     // User doesn't have a key pair yet (old account), let's generate one for them.

src/Core/Utilities/ServiceContainer.cs

@@ -77,9 +77,10 @@ namespace Bit.Core.Utilities
                 });
             var passwordGenerationService = new PasswordGenerationService(cryptoService, stateService, cryptoFunctionService, policyService);
             var totpService = new TotpService(cryptoFunctionService);
+            var deviceTrustCryptoService = new DeviceTrustCryptoService(apiService, appIdService, cryptoFunctionService, cryptoService, stateService);
             var authService = new AuthService(cryptoService, cryptoFunctionService, apiService, stateService,
                 tokenService, appIdService, i18nService, platformUtilsService, messagingService, vaultTimeoutService,
-                keyConnectorService, passwordGenerationService, policyService);
+                keyConnectorService, passwordGenerationService, policyService, deviceTrustCryptoService);
             var exportService = new ExportService(folderService, cipherService, cryptoService);
             var auditService = new AuditService(cryptoFunctionService, apiService);
             var environmentService = new EnvironmentService(apiService, stateService, conditionedRunner);
@@ -88,7 +89,6 @@ namespace Bit.Core.Utilities
                 cryptoService);
             var usernameGenerationService = new UsernameGenerationService(cryptoService, apiService, stateService);
             var configService = new ConfigService(apiService, stateService, logger);
-            var deviceTrustCryptoService = new DeviceTrustCryptoService(apiService, appIdService, cryptoFunctionService, cryptoService, stateService);
 
             Register<IConditionedAwaiterManager>(conditionedRunner);
             Register<ITokenService>("tokenService", tokenService);