[PM-2287][PM-2289][PM-2293] Approval Options (#2608)

* [PM-2293] Add AuthRequestType to PasswordlessLoginPage. * [PM-2293] Add Actions to ApproveWithDevicePage * [PM-2293] Change screen text based on AuthRequestType * [PM-2293] Refactor AuthRequestType enum. Add label. Remove unnecessary actions. * [PM-2293] Change boolean variable expression. * [PM-2293] Trust device after admin request login. * code format * [PM-2287] Add trust device to master password unlock. Change trust device method. Remove email from SSO login page. * [PM-2293] Fix state variable get set. * [PM-2287][PM-2289][PM-2293] Rename method
2026-01-16 23:43:21 +00:00 · 2023-07-12 19:12:57 +01:00
parent 548bd12a8e
commit a5df6c0c65
22 changed files with 261 additions and 29 deletions
--- a/src/Core/Abstractions/IAuthService.cs
+++ b/src/Core/Abstractions/IAuthService.cs
@@ -34,7 +34,7 @@ namespace Bit.Core.Abstractions
        Task<PasswordlessLoginResponse> GetPasswordlessLoginRequestByIdAsync(string id);
        Task<PasswordlessLoginResponse> GetPasswordlessLoginResponseAsync(string id, string accessCode);
        Task<PasswordlessLoginResponse> PasswordlessLoginAsync(string id, string pubKey, bool requestApproved);
-        Task<PasswordlessLoginResponse> PasswordlessCreateLoginRequestAsync(string email);
+        Task<PasswordlessLoginResponse> PasswordlessCreateLoginRequestAsync(string email, AuthRequestType authRequestType);

        void LogOut(Action callback);
        void Init();
--- a/src/Core/Abstractions/IDeviceTrustCryptoService.cs
+++ b/src/Core/Abstractions/IDeviceTrustCryptoService.cs
@@ -7,5 +7,8 @@ namespace Bit.Core.Abstractions
    {
        Task<SymmetricCryptoKey> GetDeviceKeyAsync();
        Task<DeviceResponse> TrustDeviceAsync();
+        Task<DeviceResponse> TrustDeviceIfNeededAsync();
+        Task<bool> GetShouldTrustDeviceAsync();
+        Task SetShouldTrustDeviceAsync(bool value);
    }
 }
--- a/src/Core/Abstractions/IStateService.cs
+++ b/src/Core/Abstractions/IStateService.cs
@@ -179,5 +179,7 @@ namespace Bit.Core.Abstractions
        void SetLocale(string locale);
        ConfigResponse GetConfigs();
        void SetConfigs(ConfigResponse value);
+        Task<bool> GetShouldTrustDeviceAsync();
+        Task SetShouldTrustDeviceAsync(bool value);
    }
 }
--- a/src/Core/Constants.cs
+++ b/src/Core/Constants.cs
@@ -53,6 +53,7 @@
        public const string AppLocaleKey = "appLocale";
        public const string ClearSensitiveFields = "clearSensitiveFields";
        public const string ForceUpdatePassword = "forceUpdatePassword";
+        public const string ShouldTrustDevice = "shouldTrustDevice";
        public const int SelectFileRequestCode = 42;
        public const int SelectFilePermissionRequestCode = 43;
        public const int SaveFileRequestCode = 44;
--- a/src/Core/Enums/AuthRequestType.cs
+++ b/src/Core/Enums/AuthRequestType.cs
@@ -0,0 +1,11 @@
+using System;
+namespace Bit.Core.Enums
+{
+    public enum AuthRequestType : byte
+    {
+        AuthenticateAndUnlock = 0,
+        Unlock = 1,
+        AdminApproval = 2
+    }
+}
+
--- a/src/Core/Models/Request/PasswordlessCreateLoginRequest.cs
+++ b/src/Core/Models/Request/PasswordlessCreateLoginRequest.cs
@@ -1,4 +1,6 @@
 using System;
+using Bit.Core.Enums;
+
 namespace Bit.Core.Models.Request
 {
    public class PasswordlessCreateLoginRequest
@@ -25,10 +27,4 @@ namespace Bit.Core.Models.Request

        public string FingerprintPhrase { get; set; }
    }
-
-    public enum AuthRequestType : byte
-    {
-        AuthenticateAndUnlock = 0,
-        Unlock = 1
-    }
 }
--- a/src/Core/Services/AuthService.cs
+++ b/src/Core/Services/AuthService.cs
@@ -599,7 +599,7 @@ namespace Bit.Core.Services
            return await PopulateFingerprintPhraseAsync(response, await _stateService.GetEmailAsync());
        }

-        public async Task<PasswordlessLoginResponse> PasswordlessCreateLoginRequestAsync(string email)
+        public async Task<PasswordlessLoginResponse> PasswordlessCreateLoginRequestAsync(string email, AuthRequestType authRequestType)
        {
            var deviceId = await _appIdService.GetAppIdAsync();
            var keyPair = await _cryptoFunctionService.RsaGenerateKeyPairAsync(2048);
@@ -607,7 +607,7 @@ namespace Bit.Core.Services
            var fingerprintPhrase = string.Join("-", generatedFingerprintPhrase);
            var publicB64 = Convert.ToBase64String(keyPair.Item1);
            var accessCode = await _passwordGenerationService.GeneratePasswordAsync(PasswordGenerationOptions.CreateDefault.WithLength(25));
-            var passwordlessCreateLoginRequest = new PasswordlessCreateLoginRequest(email, publicB64, deviceId, accessCode, AuthRequestType.AuthenticateAndUnlock, fingerprintPhrase);
+            var passwordlessCreateLoginRequest = new PasswordlessCreateLoginRequest(email, publicB64, deviceId, accessCode, authRequestType, fingerprintPhrase);
            var response = await _apiService.PostCreateRequestAsync(passwordlessCreateLoginRequest);

            if (response != null)
--- a/src/Core/Services/DeviceTrustCryptoService.cs
+++ b/src/Core/Services/DeviceTrustCryptoService.cs
@@ -77,5 +77,27 @@ namespace Bit.Core.Services
            var randomBytes = await _cryptoFunctionService.RandomBytesAsync(DEVICE_KEY_SIZE);
            return new SymmetricCryptoKey(randomBytes);
        }
+
+        public async Task<bool> GetShouldTrustDeviceAsync()
+        {
+            return await _stateService.GetShouldTrustDeviceAsync();
+        }
+
+        public async Task SetShouldTrustDeviceAsync(bool value)
+        {
+            await _stateService.SetShouldTrustDeviceAsync(value);
+        }
+
+        public async Task<DeviceResponse> TrustDeviceIfNeededAsync()
+        {
+            if (!await GetShouldTrustDeviceAsync())
+            {
+                return null;
+            }
+
+            var response = await TrustDeviceAsync();
+            await SetShouldTrustDeviceAsync(false);
+            return response;
+        }
    }
 }
--- a/src/Core/Services/StateService.cs
+++ b/src/Core/Services/StateService.cs
@@ -1298,6 +1298,16 @@ namespace Bit.Core.Services
            ))?.Profile?.UserDecryptionOptions;
        }

+        public async Task<bool> GetShouldTrustDeviceAsync()
+        {
+            return await _storageMediatorService.GetAsync<bool>(Constants.ShouldTrustDevice);
+        }
+
+        public async Task SetShouldTrustDeviceAsync(bool value)
+        {
+            await _storageMediatorService.SaveAsync(Constants.ShouldTrustDevice, value);
+        }
+
        public ConfigResponse GetConfigs()
        {
            return _storageMediatorService.Get<ConfigResponse>(Constants.ConfigsKey);
--- a/src/Core/Utilities/ServiceContainer.cs
+++ b/src/Core/Utilities/ServiceContainer.cs
@@ -88,6 +88,7 @@ namespace Bit.Core.Utilities
                cryptoService);
            var usernameGenerationService = new UsernameGenerationService(cryptoService, apiService, stateService);
            var configService = new ConfigService(apiService, stateService, logger);
+            var deviceTrustCryptoService = new DeviceTrustCryptoService(apiService, appIdService, cryptoFunctionService, cryptoService, stateService);

            Register<IConditionedAwaiterManager>(conditionedRunner);
            Register<ITokenService>("tokenService", tokenService);
@@ -114,6 +115,7 @@ namespace Bit.Core.Utilities
            Register<IUserVerificationService>("userVerificationService", userVerificationService);
            Register<IUsernameGenerationService>(usernameGenerationService);
            Register<IConfigService>(configService);
+            Register<IDeviceTrustCryptoService>(deviceTrustCryptoService);
        }

        public static void Register<T>(string serviceName, T obj)