[BEEEP/PM-10534] Add snap biometric support (#12187)

* Add snap biometric support

* Fix linting

* Remove unused message

* Disable snap browser integration again

apps/desktop/electron-builder.json

@@ -241,7 +241,16 @@
     "autoStart": true,
     "base": "core22",
     "confinement": "strict",
-    "plugs": ["default", "network-bind", "password-manager-service"],
+    "plugs": [
+      "default",
+      "network-bind",
+      "password-manager-service",
+      {
+        "polkit": {
+          "action-prefix": "com.bitwarden.Bitwarden"
+        }
+      }
+    ],
     "stagePackages": ["default"]
   },
   "protocols": [

apps/desktop/package.json

@@ -35,7 +35,7 @@
     "clean:dist": "rimraf ./dist",
     "pack:dir": "npm run clean:dist && electron-builder --dir -p never",
     "pack:lin:flatpak": "npm run clean:dist && electron-builder --dir -p never && flatpak-builder  --repo=build/.repo build/.flatpak  ./resources/com.bitwarden.desktop.devel.yaml --install-deps-from=flathub --force-clean &&  flatpak build-bundle ./build/.repo/ ./dist/com.bitwarden.desktop.flatpak com.bitwarden.desktop",
-    "pack:lin": "npm run clean:dist && electron-builder --linux --x64 -p never",
+    "pack:lin": "npm run clean:dist && electron-builder --linux --x64 -p never && export SNAP_FILE=$(realpath ./dist/bitwarden_*.snap) && unsquashfs -d ./dist/tmp-snap/ $SNAP_FILE && mkdir -p ./dist/tmp-snap/meta/polkit/ && cp ./resources/com.bitwarden.desktop.policy  ./dist/tmp-snap/meta/polkit/polkit.com.bitwarden.desktop.policy && rm $SNAP_FILE && mksquashfs ./dist/tmp-snap/ $SNAP_FILE -noappend -comp lzo -no-fragments && rm -rf ./dist/tmp-snap/",
     "pack:mac": "npm run clean:dist && electron-builder --mac --universal -p never",
     "pack:mac:arm64": "npm run clean:dist && electron-builder --mac --arm64 -p never",
     "pack:mac:mas": "npm run clean:dist && electron-builder --mac mas --universal -p never",

apps/desktop/resources/com.bitwarden.desktop.policy

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+
+<policyconfig>
+    <action id="com.bitwarden.Bitwarden.unlock">
+      <description>Unlock Bitwarden</description>
+      <message>Authenticate to unlock Bitwarden</message>
+      <defaults>
+        <allow_any>no</allow_any>
+        <allow_inactive>no</allow_inactive>
+        <allow_active>auth_self</allow_active>
+      </defaults>
+    </action>
+</policyconfig>

apps/desktop/src/key-management/biometrics/biometric.unix.main.ts

@@ -87,8 +87,8 @@ export default class BiometricUnixMain implements OsBiometricService {
   }
 
   async authenticateBiometric(): Promise<boolean> {
-    const hwnd = this.windowMain.win.getNativeWindowHandle();
-    return await biometrics.prompt(hwnd, this.i18nservice.t("polkitConsentMessage"));
+    const hwnd = Buffer.from("");
+    return await biometrics.prompt(hwnd, "");
   }
 
   async osSupportsBiometric(): Promise<boolean> {
@@ -98,10 +98,14 @@ export default class BiometricUnixMain implements OsBiometricService {
     // This could be dynamically detected on dbus in the future.
     // We should check if a libsecret implementation is available on the system
     // because otherwise we cannot offlod the protected userkey to secure storage.
-    return (await passwords.isAvailable()) && !isSnapStore();
+    return await passwords.isAvailable();
   }
 
   async osBiometricsNeedsSetup(): Promise<boolean> {
+    if (isSnapStore()) {
+      return false;
+    }
+
     // check whether the polkit policy is loaded via dbus call to polkit
     return !(await biometrics.available());
   }

apps/desktop/src/locales/en/messages.json

@@ -1734,9 +1734,6 @@
   "windowsHelloConsentMessage": {
     "message": "Verify for Bitwarden."
   },
-  "polkitConsentMessage": {
-    "message": "Authenticate to unlock Bitwarden."
-  },
   "unlockWithTouchId": {
     "message": "Unlock with Touch ID"
   },