[PM-3726] prevent legacy user login (#2769)

* [PM-3726] prevent legacy user login * [PM-3726] prevent unlock or auto key migration if legacy user * [PM-3726] add legacy checks to lock page and refactor * [PM-3726] rethrow exception from pin * formatting * [PM-3726] add changes to LockViewController, consolidate logout calls * formatting * [PM-3726] pr feedback * generate resx * formatting
2025-12-17 16:53:26 +00:00 · 2023-09-20 15:56:51 -04:00
parent 8b9658d2c5
commit c4f6ae9077
11 changed files with 5040 additions and 7325 deletions
--- a/src/Core/Services/CryptoService.cs
+++ b/src/Core/Services/CryptoService.cs
@@ -62,6 +62,16 @@ namespace Bit.Core.Services
            return _stateService.GetUserKeyAsync(userId);
        }

+        public async Task<bool> IsLegacyUserAsync(MasterKey masterKey = null, string userId = null)
+        {
+            masterKey ??= await GetMasterKeyAsync(userId);
+            if (masterKey == null)
+            {
+                return false;
+            }
+            return await ValidateUserKeyAsync(new UserKey(masterKey.Key));
+        }
+
        public async Task<UserKey> GetUserKeyWithLegacySupportAsync(string userId = null)
        {
            var userKey = await GetUserKeyAsync(userId);
@@ -997,6 +1007,31 @@ namespace Bit.Core.Services
            return keyCreator(key);
        }

+        private async Task<bool> ValidateUserKeyAsync(UserKey key, string userId = null)
+        {
+            if (key == null)
+            {
+                return false;
+            }
+
+            try
+            {
+                var encPrivateKey = await _stateService.GetPrivateKeyEncryptedAsync(userId);
+                if (encPrivateKey == null)
+                {
+                    return false;
+                }
+
+                var privateKey = await DecryptToBytesAsync(new EncString(encPrivateKey), key);
+                await _cryptoFunctionService.RsaExtractPublicKeyAsync(privateKey);
+                return true;
+            }
+            catch
+            {
+                return false;
+            }
+        }
+
        private class EncryptedObject
        {
            public byte[] Iv { get; set; }
@@ -1019,6 +1054,10 @@ namespace Bit.Core.Services

            // Decrypt
            var masterKey = new MasterKey(Convert.FromBase64String(oldKey));
+            if (await IsLegacyUserAsync(masterKey, userId))
+            {
+                throw new LegacyUserException();
+            }
            var encryptedUserKey = await _stateService.GetEncKeyEncryptedAsync(userId);
            if (encryptedUserKey == null)
            {
@@ -1058,6 +1097,10 @@ namespace Bit.Core.Services
                kdfConfig,
                oldPinKey
            );
+            if (await IsLegacyUserAsync(masterKey))
+            {
+                throw new LegacyUserException();
+            }
            var encUserKey = await _stateService.GetEncKeyEncryptedAsync();
            var userKey = await DecryptUserKeyWithMasterKeyAsync(
                masterKey,