Add warning messages on biometrics issues

2024-09-18 02:41:15 +02:00 · 2024-07-05 18:53:56 +02:00 · 2024-07-05 18:53:56 +02:00 · c8536219fd
commit c8536219fd
parent 9c1b0c5f33
3 changed files with 83 additions and 9 deletions
--- a/apps/browser/src/_locales/en/messages.json
+++ b/apps/browser/src/_locales/en/messages.json
@ -1947,6 +1947,30 @@
  "biometricsNotUnlockedDesc": {
    "message": "Please unlock this user in the desktop application and try again."
  },
+  "biometricsNoUserIdTitle": {
+    "message": "No user was provided"
+  },
+  "biometricsNoUserIdDesc": {
+    "message": "No user was provided in the communication to the desktop application. Please report this as a bug."
+  },  
+  "biometricsNoUserTitle": {
+    "message": "No user found in desktop app"
+  },
+  "biometricsNoUserDesc": {
+    "message": "The user you are trying to unlock in the browser extension is not signed in to the desktop application. Please sign in to the desktop application and try again."
+  },
+  "biometricsNoClientKeyHalfTitle": {
+    "message": "Password or PIN required"
+  },
+  "biometricsNoClientKeyHalfDesc": {
+    "message": "Unlocking with biometrics is unavailable until you unlock your vault with another method."
+  },
+  "biometricsBrokenIPCMessage": {
+    "message": "Communication failed"
+  },
+  "biometricsBrokenIPCMessageDesc": {
+    "message": "Communication with the desktop app encountered an unexpected message. Ensure your desktop app is up to date."
+  },
  "biometricsFailedTitle": {
    "message": "Biometrics failed"
  },
--- a/apps/browser/src/background/nativeMessaging.background.ts
+++ b/apps/browser/src/background/nativeMessaging.background.ts
@ -308,7 +308,7 @@ export class NativeMessagingBackground {
            content: { key: "biometricsNotEnabledDesc" },
            acceptButtonText: { key: "ok" },
            cancelButtonText: null,
-            type: "danger",
+            type: "warning",
          });
          break;
        } else if (message.response === "not supported") {
@ -317,7 +317,34 @@ export class NativeMessagingBackground {
            content: { key: "biometricsNotSupportedDesc" },
            acceptButtonText: { key: "ok" },
            cancelButtonText: null,
-            type: "danger",
+            type: "warning",
+          });
+          break;
+        } else if (message.response === "no userid") {
+          this.messagingService.send("showDialog", {
+            title: { key: "biometricsNoUserIdTitle" },
+            content: { key: "biometricsNoUserIdDesc" },
+            acceptButtonText: { key: "ok" },
+            cancelButtonText: null,
+            type: "warning",
+          });
+          break;
+        } else if (message.response === "no user") {
+          this.messagingService.send("showDialog", {
+            title: { key: "biometricsNoUserTitle" },
+            content: { key: "biometricsNoUserDesc" },
+            acceptButtonText: { key: "ok" },
+            cancelButtonText: null,
+            type: "warning",
+          });
+          break;
+        } else if (message.response === "no clientKeyHalf") {
+          this.messagingService.send("showDialog", {
+            title: { key: "biometricsNoClientKeyHalfTitle" },
+            content: { key: "biometricsNoClientKeyHalfDesc" },
+            acceptButtonText: { key: "ok" },
+            cancelButtonText: null,
+            type: "warning",
          });
          break;
        } else if (message.response === "not unlocked") {
@ -326,11 +353,19 @@ export class NativeMessagingBackground {
            content: { key: "biometricsNotUnlockedDesc" },
            acceptButtonText: { key: "ok" },
            cancelButtonText: null,
-            type: "danger",
+            type: "warning",
          });
          break;
        } else if (message.response === "canceled") {
          break;
+        } else {
+          this.messagingService.send("showDialog", {
+            title: { key: "biometricsBrokenIPCMessage" },
+            content: { key: "biometricsBrokenIPCMessageDesc" },
+            acceptButtonText: { key: "ok" },
+            cancelButtonText: null,
+            type: "danger",
+          });
        }

        // Check for initial setup of biometric unlock
--- a/apps/desktop/src/services/native-messaging.service.ts
+++ b/apps/desktop/src/services/native-messaging.service.ts
@ -139,15 +139,30 @@ export class NativeMessagingService {
    switch (message.command) {
      case "biometricUnlock": {
        if (!(await this.platformUtilService.supportsBiometric())) {
-          return this.send({ command: "biometricUnlock", response: "not supported" }, appId);
+          await this.send({ command: "biometricUnlock", response: "not supported" }, appId);
+          return;
        }

-        const userId =
-          (message.userId as UserId) ??
-          (await firstValueFrom(this.accountService.activeAccount$.pipe(map((a) => a?.id))));
-
+        const userId = message.userId as UserId;
        if (userId == null) {
-          return this.send({ command: "biometricUnlock", response: "not unlocked" }, appId);
+          await this.send({ command: "biometricUnlock", response: "no userid" }, appId);
+          return;
+        }
+
+        const hasUser = await firstValueFrom(
+          this.accountService.accounts$.pipe(
+            map((accounts) => Object.keys(accounts).includes(userId)),
+          ),
+        );
+        if (!hasUser) {
+          await this.send({ command: "biometricUnlock", response: "no user" }, appId);
+          return;
+        }
+
+        // todo improve this detection, depends on https://github.com/bitwarden/clients/pull/9851
+        if (!(await ipc.platform.biometric.enabled(userId))) {
+          await this.send({ command: "biometricUnlock", response: "no clientKeyHalf" }, appId);
+          return;
        }

        const biometricUnlockPromise =