mirror of
https://github.com/bitwarden/mobile
synced 2025-12-20 10:13:42 +00:00
ca944025d7
* Initial WIP implementation for the app unlock flow when called from Passkey. Still needs code organization and to be finished. Also added a new Window workaround in App.xaml.cs to allow CredentialProviderSelectionActivity to launch separately. * Added missing IDeviceActionService.cs implementation for iOS to build. * Added Async to ReturnToPasskeyAfterUnlockMethod Changed i18n to AppResource.Unlock Removed unecessary cast * minor code change (added comment) * Added back the case for loading a specific Window for CredentialProviverSelectionActivity * Added fix for Intent not passing properly to CredentialProviderSelectionActivity Added Activity cancellation on error during execution of ReturnToPasskeyAfterUnlockAsync() * Added WIP code for Android passkey implementation. Currently returns a mostly complete response that is missing the ClientDataJson * Added WIP code for creating passkeys on Android. Still missing unlock flow and response of passkey creation is still not correct. Removed unused throw NotImplementedException from Fido2ClientService Added CredentialCreationActivity for passkey creation Added alternative code on CredentialProviderSelectionActivity to try to debug issue with response not being valid * Started working on logic to adding unlock flow. It's already handling the unlock but not passing the PendingIntentHandler info for CredentialCreation to CredentialCreationActivity * Changed "cross-platform" to "platform" * Created CredentialHelpers.cs class to share code used for Populating Passkeys in Android. * Added Passkey Credential Creation shared code to CredentialHelpers. Unlock flow for Passkey creation should now be working also. * Updated code for checking if the CredentialProviderService has been enabled by the user or not. Still WIP, somes notes in code due to Credential API not being complete. Also changed the disable code to open the Credential Settings. * Replaced the AndroidX.Credential helpers with custom JSON creation to fix the response for Credential Creation * minor code cleanup on CredentialProviderSelectionActivity * added todo comment * Feature/maui migraton passkeys android unlock fix andreas (#3077) * fix: bitwarden providing too many/wrong credentials * feat: use authenticator instead of client --------- Co-authored-by: Dinis Vieira <dinisvieira@outlook.com> * Removed / commented some older Passkey Proof of concept code. Auth and creation of passkey should still work both when device is unlocked (and not) Added some initial code in AutofillCiphersPageViewModel and CipherAddEditPageViewModel for handling Passkey creation * PM-6829 Implemented Fido2...UserInterfaces on Android and necessary logic to get/make a credential with those * Added IFido2MediatorService registrations Inverted two IsLockedAsync checks * Added navigation to autofillCipher when creating passkey * Updated LockPage to avoid multiple executions of SubmitAsync * Added new flow for creating new passkey on Android with the Cipher page for editing details * Changed the Credential Provider Switch to an external link control * Added i18n for Passkey Settings * Cleanup of older Credentials code used for Android Fido2 POC. Removed CredentialCreationActivity as it's no longer needed * fixed merge conflict/error and added error check to Fido2 navigation in App.xaml.cs * Removed from MainActivity casts from DeviceActionService Changed CredentialProviderServiceActivity to handle Fido errors and exceptions gracefully and show the user an error. Still not with the correct messages. * Added some error messages. Still need to confirm the Text Resource to use and change. * Changed some messages to use AppResources * Cleanup of Credential Android code and added exception result if the clientCreateCredentialResult is null * Updated Add new item button text when creating a new passkey * Added AccountSwitchedException for the Fido Mediator Service * Removed TODO that is no longer needed * Updated some todo messages in Android AutofillHandler * When authenticating a passkey on Android the "showDialog" callback can be called and there's no MainPage available so it was changed for that specific scenario to use _deviceActionService instead of MainPage. --------- Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com> Co-authored-by: Federico Maccaroni <fedemkr@gmail.com>
275 lines
12 KiB
C#
275 lines
12 KiB
C#
using Bit.App.Abstractions;
|
|
using Bit.App.Models;
|
|
using Bit.Core.Abstractions;
|
|
using Bit.Core.Enums;
|
|
using Bit.Core.Models.Domain;
|
|
using Bit.Core.Resources.Localization;
|
|
using Bit.Core.Utilities;
|
|
|
|
namespace Bit.App.Utilities.AccountManagement
|
|
{
|
|
public class AccountsManager : IAccountsManager
|
|
{
|
|
private readonly IBroadcasterService _broadcasterService;
|
|
private readonly IVaultTimeoutService _vaultTimeoutService;
|
|
private readonly IStorageService _secureStorageService;
|
|
private readonly IStateService _stateService;
|
|
private readonly IPlatformUtilsService _platformUtilsService;
|
|
private readonly IAuthService _authService;
|
|
private readonly ILogger _logger;
|
|
private readonly IMessagingService _messagingService;
|
|
private readonly IWatchDeviceService _watchDeviceService;
|
|
private readonly IConditionedAwaiterManager _conditionedAwaiterManager;
|
|
|
|
Func<AppOptions> _getOptionsFunc;
|
|
private IAccountsManagerHost _accountsManagerHost;
|
|
|
|
public AccountsManager(IBroadcasterService broadcasterService,
|
|
IVaultTimeoutService vaultTimeoutService,
|
|
IStorageService secureStorageService,
|
|
IStateService stateService,
|
|
IPlatformUtilsService platformUtilsService,
|
|
IAuthService authService,
|
|
ILogger logger,
|
|
IMessagingService messagingService,
|
|
IWatchDeviceService watchDeviceService,
|
|
IConditionedAwaiterManager conditionedAwaiterManager)
|
|
{
|
|
_broadcasterService = broadcasterService;
|
|
_vaultTimeoutService = vaultTimeoutService;
|
|
_secureStorageService = secureStorageService;
|
|
_stateService = stateService;
|
|
_platformUtilsService = platformUtilsService;
|
|
_authService = authService;
|
|
_logger = logger;
|
|
_messagingService = messagingService;
|
|
_watchDeviceService = watchDeviceService;
|
|
_conditionedAwaiterManager = conditionedAwaiterManager;
|
|
}
|
|
|
|
private AppOptions Options => _getOptionsFunc?.Invoke() ?? new AppOptions { IosExtension = true };
|
|
|
|
public void Init(Func<AppOptions> getOptionsFunc, IAccountsManagerHost accountsManagerHost)
|
|
{
|
|
_getOptionsFunc = getOptionsFunc;
|
|
_accountsManagerHost = accountsManagerHost;
|
|
|
|
_broadcasterService.Subscribe(nameof(AccountsManager), OnMessage);
|
|
}
|
|
|
|
public async Task StartDefaultNavigationFlowAsync(Action<AppOptions> appOptionsAction)
|
|
{
|
|
await _conditionedAwaiterManager.GetAwaiterForPrecondition(AwaiterPrecondition.EnvironmentUrlsInited);
|
|
#if ANDROID
|
|
await _conditionedAwaiterManager.GetAwaiterForPrecondition(AwaiterPrecondition.AndroidWindowCreated);
|
|
#endif
|
|
appOptionsAction(Options);
|
|
|
|
await NavigateOnAccountChangeAsync();
|
|
}
|
|
|
|
public async Task NavigateOnAccountChangeAsync(bool? isAuthed = null)
|
|
{
|
|
await _conditionedAwaiterManager.GetAwaiterForPrecondition(AwaiterPrecondition.EnvironmentUrlsInited);
|
|
#if ANDROID
|
|
await _conditionedAwaiterManager.GetAwaiterForPrecondition(AwaiterPrecondition.AndroidWindowCreated);
|
|
#endif
|
|
|
|
// TODO: this could be improved by doing chain of responsability pattern
|
|
// but for now it may be an overkill, if logic gets more complex consider refactoring it
|
|
|
|
var authed = isAuthed ?? await _stateService.IsAuthenticatedAsync();
|
|
if (authed)
|
|
{
|
|
if (await _vaultTimeoutService.IsLoggedOutByTimeoutAsync() ||
|
|
await _vaultTimeoutService.ShouldLogOutByTimeoutAsync())
|
|
{
|
|
// TODO implement orgIdentifier flow to SSO Login page, same as email flow below
|
|
// var orgIdentifier = await _stateService.GetOrgIdentifierAsync();
|
|
|
|
var email = await _stateService.GetEmailAsync();
|
|
Options.HideAccountSwitcher = await _stateService.GetActiveUserIdAsync() == null;
|
|
_accountsManagerHost.Navigate(NavigationTarget.Login, new LoginNavigationParams(email));
|
|
}
|
|
else if (await _vaultTimeoutService.IsLockedAsync() ||
|
|
await _vaultTimeoutService.ShouldLockAsync())
|
|
{
|
|
_accountsManagerHost.Navigate(NavigationTarget.Lock);
|
|
}
|
|
else if (Options.FromAutofillFramework && Options.SaveType.HasValue)
|
|
{
|
|
_accountsManagerHost.Navigate(NavigationTarget.AddEditCipher);
|
|
}
|
|
else if (Options.FromFido2Framework)
|
|
{
|
|
var deviceActionService = Bit.Core.Utilities.ServiceContainer.Resolve<IDeviceActionService>();
|
|
deviceActionService.ExecuteFido2CredentialActionAsync(Options).FireAndForget();
|
|
}
|
|
else if (Options.Uri != null)
|
|
{
|
|
_accountsManagerHost.Navigate(NavigationTarget.AutofillCiphers);
|
|
}
|
|
else if (Options.OtpData != null)
|
|
{
|
|
_accountsManagerHost.Navigate(NavigationTarget.OtpCipherSelection);
|
|
}
|
|
else if (Options.CreateSend != null)
|
|
{
|
|
_accountsManagerHost.Navigate(NavigationTarget.SendAddEdit);
|
|
}
|
|
else
|
|
{
|
|
_accountsManagerHost.Navigate(NavigationTarget.Home);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
Options.HideAccountSwitcher = await _stateService.GetActiveUserIdAsync() == null;
|
|
if (await _vaultTimeoutService.IsLoggedOutByTimeoutAsync() ||
|
|
await _vaultTimeoutService.ShouldLogOutByTimeoutAsync())
|
|
{
|
|
// TODO implement orgIdentifier flow to SSO Login page, same as email flow below
|
|
// var orgIdentifier = await _stateService.GetOrgIdentifierAsync();
|
|
|
|
var email = await _stateService.GetEmailAsync();
|
|
await _stateService.SetRememberedEmailAsync(email);
|
|
_accountsManagerHost.Navigate(NavigationTarget.HomeLogin);
|
|
}
|
|
else
|
|
{
|
|
_accountsManagerHost.Navigate(NavigationTarget.HomeLogin);
|
|
}
|
|
}
|
|
}
|
|
|
|
private async void OnMessage(Message message)
|
|
{
|
|
try
|
|
{
|
|
await _conditionedAwaiterManager.GetAwaiterForPrecondition(AwaiterPrecondition.EnvironmentUrlsInited);
|
|
|
|
switch (message.Command)
|
|
{
|
|
case AccountsManagerMessageCommands.LOCKED:
|
|
await MainThread.InvokeOnMainThreadAsync(() => LockedAsync(message.Data as Tuple<string, bool>));
|
|
break;
|
|
case AccountsManagerMessageCommands.LOCK_VAULT:
|
|
await _vaultTimeoutService.LockAsync(true);
|
|
break;
|
|
case AccountsManagerMessageCommands.LOGOUT:
|
|
var extras = message.Data as Tuple<string, bool, bool>;
|
|
var userId = extras?.Item1;
|
|
var userInitiated = extras?.Item2 ?? true;
|
|
var expired = extras?.Item3 ?? false;
|
|
await MainThread.InvokeOnMainThreadAsync(() => LogOutAsync(userId, userInitiated, expired));
|
|
break;
|
|
case AccountsManagerMessageCommands.LOGGED_OUT:
|
|
// Clean up old migrated key if they ever log out.
|
|
await _secureStorageService.RemoveAsync("oldKey");
|
|
break;
|
|
case AccountsManagerMessageCommands.ADD_ACCOUNT:
|
|
await AddAccountAsync();
|
|
break;
|
|
case AccountsManagerMessageCommands.ACCOUNT_ADDED:
|
|
await _accountsManagerHost.UpdateThemeAsync();
|
|
break;
|
|
case AccountsManagerMessageCommands.SWITCHED_ACCOUNT:
|
|
await SwitchedAccountAsync();
|
|
|
|
break;
|
|
}
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
_logger.Exception(ex);
|
|
}
|
|
}
|
|
|
|
private async Task LockedAsync(Tuple<string, bool> extras)
|
|
{
|
|
var userId = extras?.Item1;
|
|
var userInitiated = extras?.Item2 ?? false;
|
|
|
|
if (!await _stateService.IsActiveAccountAsync(userId))
|
|
{
|
|
_platformUtilsService.ShowToast("info", null, AppResources.AccountLockedSuccessfully);
|
|
return;
|
|
}
|
|
|
|
var autoPromptBiometric = !userInitiated;
|
|
// TODO Xamarin.Forms.Device.RuntimePlatform is no longer supported. Use Microsoft.Maui.Devices.DeviceInfo.Platform instead. For more details see https://learn.microsoft.com/en-us/dotnet/maui/migration/forms-projects#device-changes
|
|
if (autoPromptBiometric && DeviceInfo.Platform == DevicePlatform.iOS)
|
|
{
|
|
var vaultTimeout = await _stateService.GetVaultTimeoutAsync();
|
|
if (vaultTimeout == 0)
|
|
{
|
|
autoPromptBiometric = false;
|
|
}
|
|
}
|
|
|
|
await _accountsManagerHost.SetPreviousPageInfoAsync();
|
|
|
|
await MainThread.InvokeOnMainThreadAsync(() => _accountsManagerHost.Navigate(NavigationTarget.Lock, new LockNavigationParams(autoPromptBiometric)));
|
|
}
|
|
|
|
private async Task AddAccountAsync()
|
|
{
|
|
await AppHelpers.ClearServiceCacheAsync();
|
|
await MainThread.InvokeOnMainThreadAsync(() =>
|
|
{
|
|
Options.HideAccountSwitcher = false;
|
|
_accountsManagerHost.Navigate(NavigationTarget.HomeLogin);
|
|
});
|
|
}
|
|
|
|
public async Task LogOutAsync(string userId, bool userInitiated, bool expired)
|
|
{
|
|
await _conditionedAwaiterManager.GetAwaiterForPrecondition(AwaiterPrecondition.EnvironmentUrlsInited);
|
|
|
|
await AppHelpers.LogOutAsync(userId, userInitiated);
|
|
await NavigateOnAccountChangeAsync();
|
|
_authService.LogOut(() =>
|
|
{
|
|
if (expired)
|
|
{
|
|
_platformUtilsService.ShowToast("warning", null, AppResources.LoginExpired);
|
|
}
|
|
});
|
|
}
|
|
|
|
private async Task SwitchedAccountAsync()
|
|
{
|
|
await AppHelpers.OnAccountSwitchAsync();
|
|
await MainThread.InvokeOnMainThreadAsync(async () =>
|
|
{
|
|
if (await _vaultTimeoutService.ShouldTimeoutAsync())
|
|
{
|
|
await _vaultTimeoutService.ExecuteTimeoutActionAsync();
|
|
}
|
|
else
|
|
{
|
|
await NavigateOnAccountChangeAsync();
|
|
}
|
|
await Task.Delay(50);
|
|
await _accountsManagerHost.UpdateThemeAsync();
|
|
_watchDeviceService.SyncDataToWatchAsync().FireAndForget();
|
|
_messagingService.Send(AccountsManagerMessageCommands.ACCOUNT_SWITCH_COMPLETED);
|
|
});
|
|
}
|
|
|
|
public async Task PromptToSwitchToExistingAccountAsync(string userId)
|
|
{
|
|
var switchToAccount = await _platformUtilsService.ShowDialogAsync(
|
|
AppResources.SwitchToAlreadyAddedAccountConfirmation,
|
|
AppResources.AccountAlreadyAdded, AppResources.Yes, AppResources.Cancel);
|
|
if (switchToAccount)
|
|
{
|
|
await _conditionedAwaiterManager.GetAwaiterForPrecondition(AwaiterPrecondition.EnvironmentUrlsInited);
|
|
|
|
await _stateService.SetActiveUserAsync(userId);
|
|
_messagingService.Send("switchedAccount");
|
|
}
|
|
}
|
|
}
|
|
}
|