[PM-2297] Login with trusted device (Flow 2) (#2623)

* [PM-2297] Add DecryptUserKeyWithDeviceKey method * [PM-2297] Add methods to DeviceTrustCryptoService update decryption options model * [PM-2297] Update account decryption options model * [PM-2297] Fix TrustedDeviceOption and DeviceResponse model. Change StateService device key get set to have default user id * [PM-2297] Update navigation to decryption options * [PM-2297] Add missing action navigations to iOS extensions * [PM-2297] Fix trust device bug/typo * [PM-2297] Fix model bug * [PM-2297] Fix state var crash * [PM-2297] Add trust device login logic to auth service * [PM-2297] Refactor auth service key connector code * [PM-2297] Remove reconciledOptions for deviceKey in state service * [PM-2297] Remove unnecessary user id params
2026-01-06 10:34:07 +00:00 · 2023-07-27 16:55:06 +01:00
parent 080aabfe82
commit dfc7c55b77
14 changed files with 182 additions and 43 deletions
--- a/src/App/Pages/Accounts/LoginApproveDevicePage.xaml.cs
+++ b/src/App/Pages/Accounts/LoginApproveDevicePage.xaml.cs
@@ -19,7 +19,7 @@ namespace Bit.App.Pages
        {
            InitializeComponent();
            _vm = BindingContext as LoginApproveDeviceViewModel;
-            _vm.LogInWithMasterPassword = () => StartLogInWithMasterPassword().FireAndForget();
+            _vm.LogInWithMasterPasswordAction = () => StartLogInWithMasterPassword().FireAndForget();
            _vm.LogInWithDeviceAction = () => StartLoginWithDeviceAsync().FireAndForget();
            _vm.RequestAdminApprovalAction = () => RequestAdminApprovalAsync().FireAndForget();
            _vm.CloseAction = () => { Navigation.PopModalAsync(); };
--- a/src/App/Pages/Accounts/LoginApproveDeviceViewModel.cs
+++ b/src/App/Pages/Accounts/LoginApproveDeviceViewModel.cs
@@ -32,7 +32,7 @@ namespace Bit.App.Pages
        public ICommand ApproveWithMasterPasswordCommand { get; }
        public ICommand ContinueCommand { get; }

-        public Action LogInWithMasterPassword { get; set; }
+        public Action LogInWithMasterPasswordAction { get; set; }
        public Action LogInWithDeviceAction { get; set; }
        public Action RequestAdminApprovalAction { get; set; }
        public Action CloseAction { get; set; }
@@ -53,7 +53,7 @@ namespace Bit.App.Pages
                onException: ex => HandleException(ex),
                allowsMultipleExecutions: false);

-            ApproveWithMasterPasswordCommand = new AsyncCommand(() => SetDeviceTrustAndInvokeAsync(LogInWithMasterPassword),
+            ApproveWithMasterPasswordCommand = new AsyncCommand(() => SetDeviceTrustAndInvokeAsync(LogInWithMasterPasswordAction),
                onException: ex => HandleException(ex),
                allowsMultipleExecutions: false);

@@ -111,15 +111,7 @@ namespace Bit.App.Pages
                var decryptOptions = await _stateService.GetAccountDecryptionOptions();
                RequestAdminApprovalEnabled = decryptOptions?.TrustedDeviceOption?.HasAdminApproval ?? false;
                ApproveWithMasterPasswordEnabled = decryptOptions?.HasMasterPassword ?? false;
-            }
-            catch (Exception ex)
-            {
-                HandleException(ex);
-            }
-
-            try
-            {
-                ApproveWithMyOtherDeviceEnabled = await _apiService.GetDevicesExistenceByTypes(DeviceTypeExtensions.GetDesktopAndMobileTypes().ToArray());
+                ApproveWithMyOtherDeviceEnabled = decryptOptions?.TrustedDeviceOption?.HasLoginApprovingDevice ?? false;
            }
            catch (Exception ex)
            {
--- a/src/App/Pages/Accounts/LoginSsoPage.xaml.cs
+++ b/src/App/Pages/Accounts/LoginSsoPage.xaml.cs
@@ -29,6 +29,8 @@ namespace Bit.App.Pages
            _vm.SsoAuthSuccessAction = () => Device.BeginInvokeOnMainThread(async () => await SsoAuthSuccessAsync());
            _vm.UpdateTempPasswordAction =
                () => Device.BeginInvokeOnMainThread(async () => await UpdateTempPasswordAsync());
+            _vm.StartDeviceApprovalOptionsAction =
+                () => Device.BeginInvokeOnMainThread(async () => await StartDeviceApprovalOptionsAsync());
            _vm.CloseAction = async () =>
            {
                await Navigation.PopModalAsync();
@@ -106,15 +108,17 @@ namespace Bit.App.Pages
            await Navigation.PushModalAsync(new NavigationPage(page));
        }

+        private async Task StartDeviceApprovalOptionsAsync()
+        {
+            var page = new LoginApproveDevicePage();
+            await Navigation.PushModalAsync(new NavigationPage(page));
+        }
+
        private async Task SsoAuthSuccessAsync()
        {
            RestoreAppOptionsFromCopy();
            await AppHelpers.ClearPreviousPage();

-            // Just for testing the screen
-            Application.Current.MainPage = new NavigationPage(new LoginApproveDevicePage(_appOptions));
-            return;
-
            if (await _vaultTimeoutService.IsLockedAsync())
            {
                Application.Current.MainPage = new NavigationPage(new LockPage(_appOptions));
--- a/src/App/Pages/Accounts/LoginSsoPageViewModel.cs
+++ b/src/App/Pages/Accounts/LoginSsoPageViewModel.cs
@@ -9,6 +9,7 @@ using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Models.Domain;
+using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Xamarin.CommunityToolkit.ObjectModel;
 using Xamarin.Essentials;
@@ -29,6 +30,8 @@ namespace Bit.App.Pages
        private readonly IStateService _stateService;
        private readonly ILogger _logger;
        private readonly IOrganizationService _organizationService;
+        private readonly IDeviceTrustCryptoService _deviceTrustCryptoService;
+        private readonly ICryptoService _cryptoService;

        private string _orgIdentifier;

@@ -45,7 +48,8 @@ namespace Bit.App.Pages
            _stateService = ServiceContainer.Resolve<IStateService>("stateService");
            _logger = ServiceContainer.Resolve<ILogger>("logger");
            _organizationService = ServiceContainer.Resolve<IOrganizationService>();
-
+            _deviceTrustCryptoService = ServiceContainer.Resolve<IDeviceTrustCryptoService>();
+            _cryptoService = ServiceContainer.Resolve<ICryptoService>();

            PageTitle = AppResources.Bitwarden;
            LogInCommand = new AsyncCommand(LogInAsync, allowsMultipleExecutions: false);
@@ -61,6 +65,7 @@ namespace Bit.App.Pages
        public Action StartTwoFactorAction { get; set; }
        public Action StartSetPasswordAction { get; set; }
        public Action SsoAuthSuccessAction { get; set; }
+        public Action StartDeviceApprovalOptionsAction { get; set; }
        public Action CloseAction { get; set; }
        public Action UpdateTempPasswordAction { get; set; }

@@ -197,6 +202,7 @@ namespace Bit.App.Pages
            try
            {
                var response = await _authService.LogInSsoAsync(code, codeVerifier, REDIRECT_URI, orgId);
+                var decryptOptions = await _stateService.GetAccountDecryptionOptions();
                await AppHelpers.ResetInvalidUnlockAttemptsAsync();
                await _stateService.SetRememberedOrgIdentifierAsync(OrgIdentifier);
                await _deviceActionService.HideLoadingAsync();
@@ -212,9 +218,31 @@ namespace Bit.App.Pages
                {
                    UpdateTempPasswordAction?.Invoke();
                }
+                else if (decryptOptions?.TrustedDeviceOption != null)
+                {
+                    // If user doesn't have a MP, but has reset password permission, they must set a MP
+                    if (!decryptOptions.HasMasterPassword &&
+                        decryptOptions.TrustedDeviceOption.HasManageResetPasswordPermission)
+                    {
+                        StartSetPasswordAction?.Invoke();
+                    }
+                    else if (response.ForcePasswordReset)
+                    {
+                        UpdateTempPasswordAction?.Invoke();
+                    }
+                    else if (await _deviceTrustCryptoService.IsDeviceTrustedAsync())
+                    {
+                        _syncService.FullSyncAsync(true).FireAndForget();
+                        SsoAuthSuccessAction?.Invoke();
+                    }
+                    else
+                    {
+                        StartDeviceApprovalOptionsAction?.Invoke();
+                    }
+                }
                else
                {
-                    var task = Task.Run(async () => await _syncService.FullSyncAsync(true));
+                    _syncService.FullSyncAsync(true).FireAndForget();
                    SsoAuthSuccessAction?.Invoke();
                }
            }