[PM-3340] Change settings screen vault timeout action cell UI.

src/Android/Properties/AndroidManifest.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:versionCode="1" android:versionName="2023.9.1" android:installLocation="internalOnly" package="com.x8bit.bitwarden">
+<manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:versionCode="1" android:versionName="2023.8.1" android:installLocation="internalOnly" package="com.x8bit.bitwarden">
 	<uses-sdk android:minSdkVersion="21" android:targetSdkVersion="33" />
 	<uses-permission android:name="android.permission.INTERNET" />
 	<uses-permission android:name="android.permission.NFC" />

src/App/Pages/Accounts/LockPageViewModel.cs

@@ -7,7 +7,6 @@ using Bit.App.Utilities;
 using Bit.Core;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
-using Bit.Core.Exceptions;
 using Bit.Core.Models.Domain;
 using Bit.Core.Models.Request;
 using Bit.Core.Services;
@@ -73,8 +72,7 @@ namespace Bit.App.Pages
             TogglePasswordCommand = new Command(TogglePassword);
             SubmitCommand = new Command(async () => await SubmitAsync());
 
-            AccountSwitchingOverlayViewModel =
+            AccountSwitchingOverlayViewModel = new AccountSwitchingOverlayViewModel(_stateService, _messagingService, _logger)
-                new AccountSwitchingOverlayViewModel(_stateService, _messagingService, _logger)
             {
                 AllowAddAccountRow = true,
                 AllowActiveAccountSelection = true
@@ -157,12 +155,8 @@ namespace Bit.App.Pages
 
         public Command SubmitCommand { get; }
         public Command TogglePasswordCommand { get; }
-
         public string ShowPasswordIcon => ShowPassword ? BitwardenIcons.EyeSlash : BitwardenIcons.Eye;
-        public string PasswordVisibilityAccessibilityText => ShowPassword
+        public string PasswordVisibilityAccessibilityText => ShowPassword ? AppResources.PasswordIsVisibleTapToHide : AppResources.PasswordIsNotVisibleTapToShow;
-            ? AppResources.PasswordIsVisibleTapToHide
-            : AppResources.PasswordIsNotVisibleTapToShow;
-
         public Action UnlockedAction { get; set; }
         public event Action<int?> FocusSecretEntry
         {
@@ -185,8 +179,7 @@ namespace Bit.App.Pages
                 ?? await _stateService.GetPinProtectedKeyAsync();
             PinEnabled = (_pinStatus == PinLockType.Transient && ephemeralPinSet != null) ||
                       _pinStatus == PinLockType.Persistent;
-
+            BiometricEnabled = await _vaultTimeoutService.IsBiometricLockSetAsync() && await _biometricService.CanUseBiometricsUnlockAsync();
-            BiometricEnabled = await IsBiometricsEnabledAsync();
 
             // Users without MP and without biometric or pin has no MP to unlock with
             _hasMasterPassword = await _userVerificationService.HasMasterPasswordAsync();
@@ -221,9 +214,7 @@ namespace Bit.App.Pages
             else
             {
                 PageTitle = _hasMasterPassword ? AppResources.VerifyMasterPassword : AppResources.UnlockVault;
-                LockedVerifyText = _hasMasterPassword
+                LockedVerifyText = _hasMasterPassword ? AppResources.VaultLockedMasterPassword : AppResources.VaultLockedIdentity;
-                    ? AppResources.VaultLockedMasterPassword
-                    : AppResources.VaultLockedIdentity;
             }
 
             if (BiometricEnabled)
@@ -242,32 +233,11 @@ namespace Bit.App.Pages
                     BiometricButtonText = supportsFace ? AppResources.UseFaceIDToUnlock :
                         AppResources.UseFingerprintToUnlock;
                 }
+
             }
         }
 
         public async Task SubmitAsync()
-        {
-            ShowPassword = false;
-            try
-            {
-                var kdfConfig = await _stateService.GetActiveUserCustomDataAsync(a => new KdfConfig(a?.Profile));
-                if (PinEnabled)
-                {
-                    await UnlockWithPinAsync(kdfConfig);
-                }
-                else
-                {
-                    await UnlockWithMasterPasswordAsync(kdfConfig);
-                }
-
-            }
-            catch (LegacyUserException)
-            {
-                await HandleLegacyUserAsync();
-            }
-        }
-
-        private async Task UnlockWithPinAsync(KdfConfig kdfConfig)
         {
             if (PinEnabled && string.IsNullOrWhiteSpace(Pin))
             {
@@ -276,28 +246,34 @@ namespace Bit.App.Pages
                     AppResources.Ok);
                 return;
             }
+            if (!PinEnabled && string.IsNullOrWhiteSpace(MasterPassword))
+            {
+                await Page.DisplayAlert(AppResources.AnErrorHasOccurred,
+                    string.Format(AppResources.ValidationFieldRequired, AppResources.MasterPassword),
+                    AppResources.Ok);
+                return;
+            }
 
+            ShowPassword = false;
+            var kdfConfig = await _stateService.GetActiveUserCustomDataAsync(a => new KdfConfig(a?.Profile));
+
+            if (PinEnabled)
+            {
                 var failed = true;
                 try
                 {
-                EncString userKeyPin;
+                    EncString userKeyPin = null;
-                EncString oldPinProtected;
+                    EncString oldPinProtected = null;
-                switch (_pinStatus)
+                    if (_pinStatus == PinLockType.Persistent)
-                {
-                    case PinLockType.Persistent:
                     {
                         userKeyPin = await _stateService.GetPinKeyEncryptedUserKeyAsync();
                         var oldEncryptedKey = await _stateService.GetPinProtectedAsync();
                         oldPinProtected = oldEncryptedKey != null ? new EncString(oldEncryptedKey) : null;
-                            break;
                     }
-                    case PinLockType.Transient:
+                    else if (_pinStatus == PinLockType.Transient)
+                    {
                         userKeyPin = await _stateService.GetPinKeyEncryptedUserKeyEphemeralAsync();
                         oldPinProtected = await _stateService.GetPinProtectedKeyAsync();
-                        break;
-                    case PinLockType.Disabled:
-                    default:
-                        throw new Exception("Pin is disabled");
                     }
 
                     UserKey userKey;
@@ -331,10 +307,6 @@ namespace Bit.App.Pages
                         await SetUserKeyAndContinueAsync(userKey);
                     }
                 }
-            catch (LegacyUserException)
-            {
-                throw;
-            }
                 catch
                 {
                     failed = true;
@@ -351,23 +323,9 @@ namespace Bit.App.Pages
                         AppResources.AnErrorHasOccurred);
                 }
             }
-
+            else
-        private async Task UnlockWithMasterPasswordAsync(KdfConfig kdfConfig)
             {
-            if (!PinEnabled && string.IsNullOrWhiteSpace(MasterPassword))
-            {
-                await Page.DisplayAlert(AppResources.AnErrorHasOccurred,
-                    string.Format(AppResources.ValidationFieldRequired, AppResources.MasterPassword),
-                    AppResources.Ok);
-                return;
-            }
-
                 var masterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, _email, kdfConfig);
-            if (await _cryptoService.IsLegacyUserAsync(masterKey))
-            {
-                throw new LegacyUserException();
-            }
-
                 var storedKeyHash = await _cryptoService.GetMasterKeyHashAsync();
                 var passwordValid = false;
                 MasterPasswordPolicyOptions enforcedMasterPasswordOptions = null;
@@ -381,8 +339,7 @@ namespace Bit.App.Pages
                 {
                     // Online unlock required
                     await _deviceActionService.ShowLoadingAsync(AppResources.Loading);
-                var keyHash = await _cryptoService.HashMasterKeyAsync(MasterPassword, masterKey,
+                    var keyHash = await _cryptoService.HashMasterKeyAsync(MasterPassword, masterKey, HashPurpose.ServerAuthorization);
-                    HashPurpose.ServerAuthorization);
                     var request = new PasswordVerificationRequest();
                     request.MasterPasswordHash = keyHash;
 
@@ -391,8 +348,7 @@ namespace Bit.App.Pages
                         var response = await _apiService.PostAccountVerifyPasswordAsync(request);
                         enforcedMasterPasswordOptions = response.MasterPasswordPolicy;
                         passwordValid = true;
-                    var localKeyHash = await _cryptoService.HashMasterKeyAsync(MasterPassword, masterKey,
+                        var localKeyHash = await _cryptoService.HashMasterKeyAsync(MasterPassword, masterKey, HashPurpose.LocalAuthorization);
-                        HashPurpose.LocalAuthorization);
                         await _cryptoService.SetMasterKeyHashAsync(localKeyHash);
                     }
                     catch (Exception e)
@@ -401,7 +357,6 @@ namespace Bit.App.Pages
                     }
                     await _deviceActionService.HideLoadingAsync();
                 }
-
                 if (passwordValid)
                 {
                     if (await RequirePasswordChangeAsync(enforcedMasterPasswordOptions))
@@ -436,6 +391,7 @@ namespace Bit.App.Pages
                         AppResources.AnErrorHasOccurred);
                 }
             }
+        }
 
         /// <summary>
         /// Checks if the master password requires updating to meet the enforced policy requirements
@@ -496,13 +452,10 @@ namespace Bit.App.Pages
         {
             ShowPassword = !ShowPassword;
             var secret = PinEnabled ? Pin : MasterPassword;
-            _secretEntryFocusWeakEventManager.RaiseEvent(string.IsNullOrEmpty(secret) ? 0 : secret.Length,
+            _secretEntryFocusWeakEventManager.RaiseEvent(string.IsNullOrEmpty(secret) ? 0 : secret.Length, nameof(FocusSecretEntry));
-                nameof(FocusSecretEntry));
         }
 
         public async Task PromptBiometricAsync()
-        {
-            try
         {
             BiometricIntegrityValid = await _platformUtilsService.IsBiometricIntegrityValidAsync();
             BiometricButtonVisible = BiometricIntegrityValid;
@@ -510,7 +463,6 @@ namespace Bit.App.Pages
             {
                 return;
             }
-
             var success = await _platformUtilsService.AuthenticateBiometricAsync(null,
                 PinEnabled ? AppResources.PIN : AppResources.MasterPassword,
                 () => _secretEntryFocusWeakEventManager.RaiseEvent((int?)null, nameof(FocusSecretEntry)));
@@ -521,11 +473,6 @@ namespace Bit.App.Pages
                 await SetUserKeyAndContinueAsync(userKey);
             }
         }
-            catch (LegacyUserException)
-            {
-                await HandleLegacyUserAsync();
-            }
-        }
 
         private async Task SetUserKeyAndContinueAsync(UserKey key)
         {
@@ -546,29 +493,5 @@ namespace Bit.App.Pages
             _messagingService.Send("unlocked");
             UnlockedAction?.Invoke();
         }
-
-        private async Task<bool> IsBiometricsEnabledAsync()
-        {
-            try
-            {
-                return await _vaultTimeoutService.IsBiometricLockSetAsync() &&
-                   await _biometricService.CanUseBiometricsUnlockAsync();
-            }
-            catch (LegacyUserException)
-            {
-                await HandleLegacyUserAsync();
-            }
-            return false;
-        }
-
-        private async Task HandleLegacyUserAsync()
-        {
-            // Legacy users must migrate on web vault.
-            await _platformUtilsService.ShowDialogAsync(AppResources.EncryptionKeyMigrationRequiredDescriptionLong,
-                AppResources.AnErrorHasOccurred,
-                AppResources.Ok);
-            await _vaultTimeoutService.LogOutAsync();
-        }
-
     }
 }

src/App/Pages/Accounts/LoginPageViewModel.cs

@@ -248,14 +248,6 @@ namespace Bit.App.Pages
 
                 await _deviceActionService.HideLoadingAsync();
 
-                if (response.RequiresEncryptionKeyMigration)
-                {
-                    // Legacy users must migrate on web vault.
-                    await _platformUtilsService.ShowDialogAsync(AppResources.EncryptionKeyMigrationRequiredDescriptionLong, AppResources.AnErrorHasOccurred,
-                        AppResources.Ok);
-                    return;
-                }
-
                 if (response.TwoFactor)
                 {
                     StartTwoFactorAction?.Invoke();

src/App/Pages/Settings/SettingsPage/SettingsPage.xaml

@@ -49,6 +49,38 @@
                            AutomationId="{Binding AutomationIdSettingStatus}" />
                 </controls:ExtendedStackLayout>
             </DataTemplate>
+            <DataTemplate
+                x:Key="regularWithDescriptionTemplate"
+                x:DataType="pages:SettingsPageListItem">
+                <controls:ExtendedStackLayout Orientation="Horizontal"
+                             StyleClass="list-row, list-row-platform">
+                    <StackLayout
+                         HorizontalOptions="StartAndExpand"
+                         VerticalOptions="Center">
+                         <controls:CustomLabel 
+                           Text="{Binding Name, Mode=OneWay}"
+                           LineBreakMode="{Binding LineBreakMode}"
+                           StyleClass="list-title"
+                           TextColor="{Binding NameColor}"
+                           AutomationId="{Binding AutomationIdSettingName}" />
+                        <controls:CustomLabel 
+                           Text="{Binding Description, Mode=OneWay}"
+                           LineBreakMode="{Binding LineBreakMode}"
+                           TextColor="{DynamicResource MutedColor}"
+                           FontSize="Micro"
+                           StyleClass="list-sub"/>
+                    </StackLayout>
+                    <controls:CustomLabel  Text="{Binding SubLabel, Mode=OneWay}"
+                           IsVisible="{Binding ShowSubLabel}"
+                           HorizontalOptions="End"
+                           HorizontalTextAlignment="End"
+                           VerticalOptions="CenterAndExpand"
+                           VerticalTextAlignment="Start"
+                           TextColor="{Binding SubLabelColor}"
+                           StyleClass="list-sub"
+                           AutomationId="{Binding AutomationIdSettingStatus}" />
+                </controls:ExtendedStackLayout>
+            </DataTemplate>
             <DataTemplate
                 x:Key="timePickerTemplate"
                 x:DataType="pages:SettingsPageListItem">
@@ -107,6 +139,7 @@
                 x:Key="listItemDataTemplateSelector"
                 HeaderTemplate="{StaticResource headerTemplate}"
                 RegularTemplate="{StaticResource regularTemplate}"
+                RegularWithDescriptionTemplate="{StaticResource regularWithDescriptionTemplate}"
                 TimePickerTemplate="{StaticResource timePickerTemplate}" />
         </ResourceDictionary>
     </ContentPage.Resources>

src/App/Pages/Settings/SettingsPage/SettingsPage.xaml.cs

@@ -64,7 +64,7 @@ namespace Bit.App.Pages
         private void RowSelected(object sender, SelectionChangedEventArgs e)
         {
             ((ExtendedCollectionView)sender).SelectedItem = null;
-            if (e.CurrentSelection?.FirstOrDefault() is SettingsPageListItem item)
+            if (e.CurrentSelection?.FirstOrDefault() is SettingsPageListItem item && item.Enabled)
             {
                 _vm?.ExecuteSettingItemCommand.Execute(item);
             }

src/App/Pages/Settings/SettingsPage/SettingsPageListItem.cs

@@ -13,8 +13,10 @@ namespace Bit.App.Pages
         public string Icon { get; set; }
         public string Name { get; set; }
         public string SubLabel { get; set; }
+        public string Description { get; set; }
         public TimeSpan? Time { get; set; }
         public bool UseFrame { get; set; }
+        public bool Enabled { get; set; } = true;
         public Func<Task> ExecuteAsync { get; set; }
 
         public bool SubLabelTextEnabled => SubLabel == AppResources.On;
@@ -24,6 +26,9 @@ namespace Bit.App.Pages
         public Color SubLabelColor => SubLabelTextEnabled ?
             ThemeManager.GetResourceColor("SuccessColor") :
             ThemeManager.GetResourceColor("MutedColor");
+        public Color NameColor => Enabled ?
+            ThemeManager.GetResourceColor("TextColor") :
+            ThemeManager.GetResourceColor("MutedColor");
 
         public string AutomationIdSettingName
         {

src/App/Pages/Settings/SettingsPage/SettingsPageListItemSelector.cs

@@ -7,6 +7,7 @@ namespace Bit.App.Pages
         public DataTemplate HeaderTemplate { get; set; }
         public DataTemplate RegularTemplate { get; set; }
         public DataTemplate TimePickerTemplate { get; set; }
+        public DataTemplate RegularWithDescriptionTemplate { get; set; }
 
         protected override DataTemplate OnSelectTemplate(object item, BindableObject container)
         {
@@ -16,6 +17,10 @@ namespace Bit.App.Pages
             }
             if (item is SettingsPageListItem listItem)
             {
+                if (!string.IsNullOrEmpty(listItem.Description))
+                {
+                    return RegularWithDescriptionTemplate;
+                }
                 return listItem.ShowTimeInput ? TimePickerTemplate : RegularTemplate;
             }
             return null;

src/App/Pages/Settings/SettingsPage/SettingsPageViewModel.cs

@@ -567,6 +567,8 @@ namespace Bit.App.Pages
                 {
                     Name = AppResources.VaultTimeoutAction,
                     SubLabel = _vaultTimeoutActionDisplayValue,
+                    Description = IsVaultTimeoutActionLockAllowed ? null : AppResources.SetUpAnUnlockMethodToChangeYourVaultTimeoutAction,
+                    Enabled = IsVaultTimeoutActionLockAllowed,
                     ExecuteAsync = () => VaultTimeoutActionAsync()
                 },
                 new SettingsPageListItem
@@ -582,16 +584,19 @@ namespace Bit.App.Pages
                     ExecuteAsync = () => ApproveLoginRequestsAsync()
                 },
                 new SettingsPageListItem
-                {
-                    Name = AppResources.LockNow,
-                    ExecuteAsync = () => LockAsync()
-                },
-                new SettingsPageListItem
                 {
                     Name = AppResources.TwoStepLogin,
                     ExecuteAsync = () => TwoStepAsync()
                 }
             };
+            if (IsVaultTimeoutActionLockAllowed)
+            {
+                securityItems.Insert(4, new SettingsPageListItem
+                {
+                    Name = AppResources.LockNow,
+                    ExecuteAsync = () => LockAsync()
+                });
+            }
             if (_approvePasswordlessLoginRequests)
             {
                 manageItems.Add(new SettingsPageListItem

src/App/Resources/AppResources.resx

@@ -954,9 +954,6 @@ Scanning will happen automatically.</value>
   <data name="UpdateKey" xml:space="preserve">
     <value>You cannot use this feature until you update your encryption key.</value>
   </data>
-  <data name="EncryptionKeyMigrationRequiredDescriptionLong" xml:space="preserve">
-    <value>Encryption key migration required. Please login through the web vault to update your encryption key.</value>
-  </data>
   <data name="LearnMore" xml:space="preserve">
     <value>Learn more</value>
   </data>
@@ -2765,4 +2762,7 @@ Do you want to switch to this account?</value>
   <data name="LoggingInOn" xml:space="preserve">
     <value>Logging in on</value>
   </data>
+  <data name="SetUpAnUnlockMethodToChangeYourVaultTimeoutAction" xml:space="preserve">
+    <value>Set up an unlock method to change your vault timeout action.</value>
+  </data>
 </root>

src/Core/Abstractions/ICryptoService.cs

@@ -13,7 +13,6 @@ namespace Bit.Core.Abstractions
         Task RefreshKeysAsync();
         Task SetUserKeyAsync(UserKey userKey, string userId = null);
         Task<UserKey> GetUserKeyAsync(string userId = null);
-        Task<bool> IsLegacyUserAsync(MasterKey masterKey = null, string userId = null);
         Task<UserKey> GetUserKeyWithLegacySupportAsync(string userId = null);
         Task<bool> HasUserKeyAsync(string userId = null);
         Task<bool> HasEncryptedUserKeyAsync(string userId = null);

src/Core/Exceptions/LegacyUserException.cs

@@ -1,11 +0,0 @@
-using System;
-namespace Bit.Core.Exceptions
-{
-    public class LegacyUserException : Exception
-    {
-        public LegacyUserException()
-            : base("Legacy users must migrate on web vault.")
-        {
-        }
-    }
-}

src/Core/Models/Domain/AuthResult.cs

@@ -13,7 +13,6 @@ namespace Bit.Core.Models.Domain
         [Obsolete("Use AccountDecryptionOptions to determine if the user does not have a MP")]
         public bool ResetMasterPassword { get; set; }
         public bool ForcePasswordReset { get; set; }
-        public bool RequiresEncryptionKeyMigration { get; set; }
         public Dictionary<TwoFactorProviderType, Dictionary<string, object>> TwoFactorProviders { get; set; }
     }
 }

src/Core/Services/AuthService.cs

@@ -477,17 +477,6 @@ namespace Bit.Core.Services
             }
 
             var tokenResponse = response.TokenResponse;
-            if (localHashedPassword != null && tokenResponse.Key == null)
-            {
-                // Only check for legacy if there is no key on token
-                if (await _cryptoService.IsLegacyUserAsync(masterKey))
-                {
-                    // Legacy users must migrate on web vault;
-                    result.RequiresEncryptionKeyMigration = true;
-                    return result;
-                }
-            }
-
             result.ResetMasterPassword = tokenResponse.ResetMasterPassword;
             result.ForcePasswordReset = tokenResponse.ForcePasswordReset;
             _masterPasswordPolicy = tokenResponse.MasterPasswordPolicy;

src/Core/Services/CryptoService.cs

@@ -62,16 +62,6 @@ namespace Bit.Core.Services
             return _stateService.GetUserKeyAsync(userId);
         }
 
-        public async Task<bool> IsLegacyUserAsync(MasterKey masterKey = null, string userId = null)
-        {
-            masterKey ??= await GetMasterKeyAsync(userId);
-            if (masterKey == null)
-            {
-                return false;
-            }
-            return await ValidateUserKeyAsync(new UserKey(masterKey.Key));
-        }
-
         public async Task<UserKey> GetUserKeyWithLegacySupportAsync(string userId = null)
         {
             var userKey = await GetUserKeyAsync(userId);
@@ -1007,31 +997,6 @@ namespace Bit.Core.Services
             return keyCreator(key);
         }
 
-        private async Task<bool> ValidateUserKeyAsync(UserKey key, string userId = null)
-        {
-            if (key == null)
-            {
-                return false;
-            }
-
-            try
-            {
-                var encPrivateKey = await _stateService.GetPrivateKeyEncryptedAsync(userId);
-                if (encPrivateKey == null)
-                {
-                    return false;
-                }
-
-                var privateKey = await DecryptToBytesAsync(new EncString(encPrivateKey), key);
-                await _cryptoFunctionService.RsaExtractPublicKeyAsync(privateKey);
-                return true;
-            }
-            catch
-            {
-                return false;
-            }
-        }
-
         private class EncryptedObject
         {
             public byte[] Iv { get; set; }
@@ -1054,10 +1019,6 @@ namespace Bit.Core.Services
 
             // Decrypt
             var masterKey = new MasterKey(Convert.FromBase64String(oldKey));
-            if (await IsLegacyUserAsync(masterKey, userId))
-            {
-                throw new LegacyUserException();
-            }
             var encryptedUserKey = await _stateService.GetEncKeyEncryptedAsync(userId);
             if (encryptedUserKey == null)
             {
@@ -1097,10 +1058,6 @@ namespace Bit.Core.Services
                 kdfConfig,
                 oldPinKey
             );
-            if (await IsLegacyUserAsync(masterKey))
-            {
-                throw new LegacyUserException();
-            }
             var encUserKey = await _stateService.GetEncKeyEncryptedAsync();
             var userKey = await DecryptUserKeyWithMasterKeyAsync(
                 masterKey,

src/Core/Services/VaultTimeoutService.cs

@@ -2,8 +2,6 @@
 using System.Threading.Tasks;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
-using Bit.Core.Exceptions;
-using Bit.Core.Models.Domain;
 
 namespace Bit.Core.Services
 {
@@ -68,8 +66,6 @@ namespace Bit.Core.Services
             }
 
             if (!await _cryptoService.HasUserKeyAsync(userId))
-            {
-                try
             {
                 if (!await _cryptoService.HasAutoUnlockKeyAsync(userId))
                 {
@@ -77,16 +73,9 @@ namespace Bit.Core.Services
                 }
                 if (userId != null && await _stateService.GetActiveUserIdAsync() != userId)
                 {
-                        await _cryptoService.SetUserKeyAsync(await _cryptoService.GetAutoUnlockKeyAsync(userId),
+                    await _cryptoService.SetUserKeyAsync(await _cryptoService.GetAutoUnlockKeyAsync(userId), userId);
-                            userId);
                 }
             }
-                catch (LegacyUserException)
-                {
-                    await LogOutAsync(false, userId);
-                }
-
-            }
 
             // Check again to verify auto key was set
             var hasKey = await _cryptoService.HasUserKeyAsync(userId);

src/iOS.Autofill/Info.plist

@@ -11,7 +11,7 @@
 	<key>CFBundleIdentifier</key>
 	<string>com.8bit.bitwarden.autofill</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2023.9.1</string>
+	<string>2023.8.1</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 	<key>CFBundleLocalizations</key>

src/iOS.Core/Controllers/BaseLockPasswordViewController.cs

@@ -7,7 +7,6 @@ using Bit.App.Resources;
 using Bit.App.Utilities;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
-using Bit.Core.Exceptions;
 using Bit.Core.Models.Domain;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
@@ -121,7 +120,8 @@ namespace Bit.iOS.Core.Controllers
                 _pinEnabled = (_pinStatus == PinLockType.Transient && ephemeralPinSet != null) ||
                     _pinStatus == PinLockType.Persistent;
 
-                _biometricEnabled = await IsBiometricsEnabledAsync();
+                _biometricEnabled = await _vaultTimeoutService.IsBiometricLockSetAsync()
+                    && await _biometricService.CanUseBiometricsUnlockAsync();
                 _hasMasterPassword = await _userVerificationService.HasMasterPasswordAsync();
                 _biometricUnlockOnly = !_hasMasterPassword && _biometricEnabled && !_pinEnabled;
 
@@ -260,44 +260,12 @@ namespace Bit.iOS.Core.Controllers
                     &&
                     kdfConfig.Memory > Constants.MaximumArgon2IdMemoryBeforeExtensionCrashing
                     &&
-                    !await _platformUtilsService.ShowDialogAsync(
+                    !await _platformUtilsService.ShowDialogAsync(AppResources.UnlockingMayFailDueToInsufficientMemoryDecreaseYourKDFMemorySettingsToResolve, AppResources.Warning, AppResources.Continue, AppResources.Cancel))
-                        AppResources.UnlockingMayFailDueToInsufficientMemoryDecreaseYourKDFMemorySettingsToResolve,
-                        AppResources.Warning, AppResources.Continue, AppResources.Cancel))
                 {
                     return;
                 }
 
                 if (_pinEnabled)
-                {
-                    await UnlockWithPinAsync(inputtedValue, email, kdfConfig);
-                }
-                else
-                {
-                    await UnlockWithMasterPasswordAsync(inputtedValue, email, kdfConfig);
-                }
-            }
-            catch (LegacyUserException)
-            {
-                await HandleLegacyUserAsync();
-            }
-            finally
-            {
-                _checkingPassword = false;
-            }
-        }
-
-        private async Task HandleFailedCredentialsAsync()
-        {
-            var invalidUnlockAttempts = await AppHelpers.IncrementInvalidUnlockAttemptsAsync();
-            if (invalidUnlockAttempts >= 5)
-            {
-                await _accountManager.LogOutAsync(await _stateService.GetActiveUserIdAsync(), false, false);
-                return;
-            }
-            InvalidValue();
-        }
-
-        private async Task UnlockWithPinAsync(string inputPin, string email, KdfConfig kdfConfig)
                 {
                     var failed = true;
                     try
@@ -321,7 +289,7 @@ namespace Bit.iOS.Core.Controllers
                         {
                             userKey = await _cryptoService.DecryptAndMigrateOldPinKeyAsync(
                                 _pinStatus == PinLockType.Transient,
-                        inputPin,
+                                inputtedValue,
                                 email,
                                 kdfConfig,
                                 oldPinProtected
@@ -330,7 +298,7 @@ namespace Bit.iOS.Core.Controllers
                         else
                         {
                             userKey = await _cryptoService.DecryptUserKeyWithPinAsync(
-                        inputPin,
+                                inputtedValue,
                                 email,
                                 kdfConfig,
                                 userKeyPin
@@ -339,7 +307,7 @@ namespace Bit.iOS.Core.Controllers
 
                         var protectedPin = await _stateService.GetProtectedPinAsync();
                         var decryptedPin = await _cryptoService.DecryptToUtf8Async(new EncString(protectedPin), userKey);
-                failed = decryptedPin != inputPin;
+                        failed = decryptedPin != inputtedValue;
                         if (!failed)
                         {
                             await AppHelpers.ResetInvalidUnlockAttemptsAsync();
@@ -350,20 +318,14 @@ namespace Bit.iOS.Core.Controllers
                     {
                         failed = true;
                     }
-
                     if (failed)
                     {
                         await HandleFailedCredentialsAsync();
                     }
                 }
-
+                else
-        private async Task UnlockWithMasterPasswordAsync(string inputPassword, string email, KdfConfig kdfConfig)
                 {
-            var masterKey = await _cryptoService.MakeMasterKeyAsync(inputPassword, email, kdfConfig);
+                    var masterKey = await _cryptoService.MakeMasterKeyAsync(inputtedValue, email, kdfConfig);
-            if (await _cryptoService.IsLegacyUserAsync(masterKey))
-            {
-                throw new LegacyUserException();
-            }
 
                     var storedPasswordHash = await _cryptoService.GetMasterKeyHashAsync();
                     if (storedPasswordHash == null)
@@ -371,15 +333,12 @@ namespace Bit.iOS.Core.Controllers
                         var oldKey = await _secureStorageService.GetAsync<string>("oldKey");
                         if (masterKey.KeyB64 == oldKey)
                         {
-                    var localPasswordHash =
+                            var localPasswordHash = await _cryptoService.HashMasterKeyAsync(inputtedValue, masterKey, HashPurpose.LocalAuthorization);
-                        await _cryptoService.HashMasterKeyAsync(inputPassword, masterKey,
-                            HashPurpose.LocalAuthorization);
                             await _secureStorageService.RemoveAsync("oldKey");
                             await _cryptoService.SetMasterKeyHashAsync(localPasswordHash);
                         }
                     }
-
+                    var passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(inputtedValue, masterKey);
-            var passwordValid = await _cryptoService.CompareAndUpdateKeyHashAsync(inputPassword, masterKey);
                     if (passwordValid)
                     {
                         await AppHelpers.ResetInvalidUnlockAttemptsAsync();
@@ -393,16 +352,30 @@ namespace Bit.iOS.Core.Controllers
                         await HandleFailedCredentialsAsync();
                     }
                 }
+            }
+            finally
+            {
+                _checkingPassword = false;
+            }
+        }
+
+        private async Task HandleFailedCredentialsAsync()
+        {
+            var invalidUnlockAttempts = await AppHelpers.IncrementInvalidUnlockAttemptsAsync();
+            if (invalidUnlockAttempts >= 5)
+            {
+                await _accountManager.LogOutAsync(await _stateService.GetActiveUserIdAsync(), false, false);
+                return;
+            }
+            InvalidValue();
+        }
 
         public async Task PromptBiometricAsync()
-        {
-            try
         {
             if (!_biometricEnabled || !_biometricIntegrityValid)
             {
                 return;
             }
-
             var success = await _platformUtilsService.AuthenticateBiometricAsync(null,
                 _pinEnabled ? AppResources.PIN : AppResources.MasterPassword,
                 () => MasterPasswordCell.TextField.BecomeFirstResponder());
@@ -413,11 +386,6 @@ namespace Bit.iOS.Core.Controllers
                 await SetKeyAndContinueAsync(userKey);
             }
         }
-            catch (LegacyUserException)
-            {
-                await HandleLegacyUserAsync();
-            }
-        }
 
         public void PromptSSO()
         {
@@ -468,29 +436,6 @@ namespace Bit.iOS.Core.Controllers
             }
         }
 
-        private async Task<bool> IsBiometricsEnabledAsync()
-        {
-            try
-            {
-                return await _vaultTimeoutService.IsBiometricLockSetAsync() &&
-                                   await _biometricService.CanUseBiometricsUnlockAsync();
-            }
-            catch (LegacyUserException)
-            {
-                await HandleLegacyUserAsync();
-            }
-            return false;
-        }
-
-        private async Task HandleLegacyUserAsync()
-        {
-            // Legacy users must migrate on web vault.
-            await _platformUtilsService.ShowDialogAsync(AppResources.EncryptionKeyMigrationRequiredDescriptionLong,
-                AppResources.AnErrorHasOccurred,
-                AppResources.Ok);
-            await _vaultTimeoutService.LogOutAsync();
-        }
-
         private void InvalidValue()
         {
             var alert = Dialogs.CreateAlert(AppResources.AnErrorHasOccurred,

src/iOS.Extension/Info.plist

@@ -11,7 +11,7 @@
 	<key>CFBundleIdentifier</key>
 	<string>com.8bit.bitwarden.find-login-action-extension</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2023.9.1</string>
+	<string>2023.8.1</string>
 	<key>CFBundleLocalizations</key>
 	<array>
 		<string>en</string>

src/iOS.ShareExtension/Info.plist

@@ -15,7 +15,7 @@
 	<key>CFBundlePackageType</key>
 	<string>XPC!</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2023.9.1</string>
+	<string>2023.8.1</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 	<key>MinimumOSVersion</key>

src/iOS/Info.plist

@@ -11,7 +11,7 @@
 	<key>CFBundleIdentifier</key>
 	<string>com.8bit.bitwarden</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2023.9.1</string>
+	<string>2023.8.1</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 	<key>CFBundleIconName</key>