[PM-2289] [PM-2293] TDE Login with device Admin Request (#2642)

2025-12-17 16:53:26 +00:00 · 2023-07-27 21:18:36 +01:00
parent dfc7c55b77
commit c25906206e
15 changed files with 193 additions and 27 deletions
--- a/src/App/Pages/Accounts/TwoFactorPageViewModel.cs
+++ b/src/App/Pages/Accounts/TwoFactorPageViewModel.cs
@@ -11,6 +11,7 @@ using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Request;
+using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Newtonsoft.Json;
 using Xamarin.CommunityToolkit.ObjectModel;
@@ -33,7 +34,7 @@ namespace Bit.App.Pages
        private readonly II18nService _i18nService;
        private readonly IAppIdService _appIdService;
        private readonly ILogger _logger;
-
+        private readonly IDeviceTrustCryptoService _deviceTrustCryptoService;
        private TwoFactorProviderType? _selectedProviderType;
        private string _totpInstruction;
        private string _webVaultUrl = "https://vault.bitwarden.com";
@@ -55,6 +56,7 @@ namespace Bit.App.Pages
            _i18nService = ServiceContainer.Resolve<II18nService>("i18nService");
            _appIdService = ServiceContainer.Resolve<IAppIdService>("appIdService");
            _logger = ServiceContainer.Resolve<ILogger>();
+            _deviceTrustCryptoService = ServiceContainer.Resolve<IDeviceTrustCryptoService>();

            PageTitle = AppResources.TwoStepLogin;
            SubmitCommand = new Command(async () => await SubmitAsync());
@@ -118,6 +120,7 @@ namespace Bit.App.Pages
        public Command SubmitCommand { get; }
        public ICommand MoreCommand { get; }
        public Action TwoFactorAuthSuccessAction { get; set; }
+        public Action StartDeviceApprovalOptionsAction { get; set; }
        public Action StartSetPasswordAction { get; set; }
        public Action CloseAction { get; set; }
        public Action UpdateTempPasswordAction { get; set; }
@@ -315,6 +318,7 @@ namespace Bit.App.Pages

                var task = Task.Run(() => _syncService.FullSyncAsync(true));
                await _deviceActionService.HideLoadingAsync();
+                var decryptOptions = await _stateService.GetAccountDecryptionOptions();
                _messagingService.Send("listenYubiKeyOTP", false);
                _broadcasterService.Unsubscribe(nameof(TwoFactorPage));

@@ -326,6 +330,27 @@ namespace Bit.App.Pages
                {
                    UpdateTempPasswordAction?.Invoke();
                }
+                else if (decryptOptions?.TrustedDeviceOption != null)
+                {
+                    // If user doesn't have a MP, but has reset password permission, they must set a MP
+                    if (!decryptOptions.HasMasterPassword &&
+                        decryptOptions.TrustedDeviceOption.HasManageResetPasswordPermission)
+                    {
+                        StartSetPasswordAction?.Invoke();
+                    }
+                    else if (result.ForcePasswordReset)
+                    {
+                        UpdateTempPasswordAction?.Invoke();
+                    }
+                    else if (await _deviceTrustCryptoService.IsDeviceTrustedAsync())
+                    {
+                        TwoFactorAuthSuccessAction?.Invoke();
+                    }
+                    else
+                    {
+                        StartDeviceApprovalOptionsAction?.Invoke();
+                    }
+                }
                else
                {
                    TwoFactorAuthSuccessAction?.Invoke();