diff --git a/src/App/Pages/Accounts/LoginSsoPageViewModel.cs b/src/App/Pages/Accounts/LoginSsoPageViewModel.cs index 91a039a54..a6e06e131 100644 --- a/src/App/Pages/Accounts/LoginSsoPageViewModel.cs +++ b/src/App/Pages/Accounts/LoginSsoPageViewModel.cs @@ -232,15 +232,6 @@ namespace Bit.App.Pages } else if (await _deviceTrustCryptoService.IsDeviceTrustedAsync()) { - // TODO MOVE THIS CODE TO AUTH SERVICE - //if (await _deviceTrustCryptoService.IsDeviceTrustedAsync() && decryptOptions?.TrustedDeviceOption != null) - //{ - // var key = await _deviceTrustCryptoService.DecryptUserKeyWithDeviceKeyAsync(decryptOptions?.TrustedDeviceOption.EncryptedPrivateKey, decryptOptions?.TrustedDeviceOption.EncryptedUserKey); - // if (key != null) - // { - // await _cryptoService.SetEncKeyAsync(key); - // } - //} var task = Task.Run(async () => await _syncService.FullSyncAsync(true)); SsoAuthSuccessAction?.Invoke(); } diff --git a/src/Core/Services/AuthService.cs b/src/Core/Services/AuthService.cs index d7203c9bd..1af112db2 100644 --- a/src/Core/Services/AuthService.cs +++ b/src/Core/Services/AuthService.cs @@ -27,6 +27,7 @@ namespace Bit.Core.Services private readonly IKeyConnectorService _keyConnectorService; private readonly IPasswordGenerationService _passwordGenerationService; private readonly IPolicyService _policyService; + private readonly IDeviceTrustCryptoService _deviceTrustCryptoService; private readonly bool _setCryptoKeys; private readonly LazyResolve _watchDeviceService = new LazyResolve(); @@ -50,6 +51,7 @@ namespace Bit.Core.Services IKeyConnectorService keyConnectorService, IPasswordGenerationService passwordGenerationService, IPolicyService policyService, + IDeviceTrustCryptoService deviceTrustCryptoService, bool setCryptoKeys = true) { _cryptoService = cryptoService; @@ -64,6 +66,7 @@ namespace Bit.Core.Services _keyConnectorService = keyConnectorService; _passwordGenerationService = passwordGenerationService; _policyService = policyService; + _deviceTrustCryptoService = deviceTrustCryptoService; _setCryptoKeys = setCryptoKeys; TwoFactorProviders = new Dictionary(); @@ -486,11 +489,23 @@ namespace Bit.Core.Services await _cryptoService.SetMasterKeyEncryptedUserKeyAsync(tokenResponse.Key); - if (masterKey != null) + var decryptOptions = await _stateService.GetAccountDecryptionOptions(); + if (await _deviceTrustCryptoService.IsDeviceTrustedAsync() && decryptOptions?.TrustedDeviceOption != null) { - await _cryptoService.SetMasterKeyAsync(masterKey); - var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey); - await _cryptoService.SetUserKeyAsync(userKey); + var key = await _deviceTrustCryptoService.DecryptUserKeyWithDeviceKeyAsync(decryptOptions?.TrustedDeviceOption.EncryptedPrivateKey, decryptOptions?.TrustedDeviceOption.EncryptedUserKey); + if (key != null) + { + await _cryptoService.SetUserKeyAsync(key); + } + } + else if (!string.IsNullOrEmpty(tokenResponse.KeyConnectorUrl) || !string.IsNullOrEmpty(decryptOptions?.KeyConnectorOption?.KeyConnectorUrl)) + { + if (masterKey != null) + { + await _cryptoService.SetMasterKeyAsync(masterKey); + var userKey = await _cryptoService.DecryptUserKeyWithMasterKeyAsync(masterKey); + await _cryptoService.SetUserKeyAsync(userKey); + } } // User doesn't have a key pair yet (old account), let's generate one for them. diff --git a/src/Core/Utilities/ServiceContainer.cs b/src/Core/Utilities/ServiceContainer.cs index 36dd7efc9..c9a2255df 100644 --- a/src/Core/Utilities/ServiceContainer.cs +++ b/src/Core/Utilities/ServiceContainer.cs @@ -77,9 +77,10 @@ namespace Bit.Core.Utilities }); var passwordGenerationService = new PasswordGenerationService(cryptoService, stateService, cryptoFunctionService, policyService); var totpService = new TotpService(cryptoFunctionService); + var deviceTrustCryptoService = new DeviceTrustCryptoService(apiService, appIdService, cryptoFunctionService, cryptoService, stateService); var authService = new AuthService(cryptoService, cryptoFunctionService, apiService, stateService, tokenService, appIdService, i18nService, platformUtilsService, messagingService, vaultTimeoutService, - keyConnectorService, passwordGenerationService, policyService); + keyConnectorService, passwordGenerationService, policyService, deviceTrustCryptoService); var exportService = new ExportService(folderService, cipherService, cryptoService); var auditService = new AuditService(cryptoFunctionService, apiService); var environmentService = new EnvironmentService(apiService, stateService, conditionedRunner); @@ -88,7 +89,6 @@ namespace Bit.Core.Utilities cryptoService); var usernameGenerationService = new UsernameGenerationService(cryptoService, apiService, stateService); var configService = new ConfigService(apiService, stateService, logger); - var deviceTrustCryptoService = new DeviceTrustCryptoService(apiService, appIdService, cryptoFunctionService, cryptoService, stateService); Register(conditionedRunner); Register("tokenService", tokenService);