1
0
mirror of https://github.com/bitwarden/mobile.git synced 2024-11-22 11:35:21 +01:00

track failed unlock attempts in storage (#1421)

This commit is contained in:
Matt Portune 2021-06-09 10:03:05 -04:00 committed by GitHub
parent 80a33e98a2
commit 33791a03ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 82 additions and 7 deletions

View File

@ -8,6 +8,7 @@ using Bit.Core.Models.Domain;
using Bit.Core.Utilities;
using System;
using System.Threading.Tasks;
using Bit.App.Utilities;
using Bit.Core.Models.Request;
using Xamarin.Forms;
@ -37,7 +38,6 @@ namespace Bit.App.Pages
private string _biometricButtonText;
private string _loggedInAsText;
private string _lockedVerifyText;
private int _invalidPinAttempts = 0;
private Tuple<bool, bool> _pinSet;
public LockPageViewModel()
@ -208,6 +208,7 @@ namespace Bit.App.Pages
if (!failed)
{
Pin = string.Empty;
await AppHelpers.ResetInvalidUnlockAttemptsAsync();
await SetKeyAndContinueAsync(key);
}
}
@ -217,6 +218,7 @@ namespace Bit.App.Pages
kdf.GetValueOrDefault(KdfType.PBKDF2_SHA256), kdfIterations.GetValueOrDefault(5000));
failed = false;
Pin = string.Empty;
await AppHelpers.ResetInvalidUnlockAttemptsAsync();
await SetKeyAndContinueAsync(key);
}
}
@ -226,8 +228,8 @@ namespace Bit.App.Pages
}
if (failed)
{
_invalidPinAttempts++;
if (_invalidPinAttempts >= 5)
var invalidUnlockAttempts = await AppHelpers.IncrementInvalidUnlockAttemptsAsync();
if (invalidUnlockAttempts >= 5)
{
_messagingService.Send("logout");
return;
@ -278,6 +280,7 @@ namespace Bit.App.Pages
_vaultTimeoutService.PinProtectedKey = await _cryptoService.EncryptAsync(key.Key, pinKey);
}
MasterPassword = string.Empty;
await AppHelpers.ResetInvalidUnlockAttemptsAsync();
await SetKeyAndContinueAsync(key);
// Re-enable biometrics
@ -288,6 +291,12 @@ namespace Bit.App.Pages
}
else
{
var invalidUnlockAttempts = await AppHelpers.IncrementInvalidUnlockAttemptsAsync();
if (invalidUnlockAttempts >= 5)
{
_messagingService.Send("logout");
return;
}
await _platformUtilsService.ShowDialogAsync(AppResources.InvalidMasterPassword,
AppResources.AnErrorHasOccurred);
}

View File

@ -6,6 +6,7 @@ using Bit.Core.Exceptions;
using Bit.Core.Utilities;
using System;
using System.Threading.Tasks;
using Bit.App.Utilities;
using Xamarin.Forms;
namespace Bit.App.Pages
@ -125,6 +126,7 @@ namespace Bit.App.Pages
{
await _storageService.RemoveAsync(Keys_RememberedEmail);
}
await AppHelpers.ResetInvalidUnlockAttemptsAsync();
await _deviceActionService.HideLoadingAsync();
if (response.TwoFactor)
{

View File

@ -5,6 +5,7 @@ using Bit.Core.Abstractions;
using Bit.Core.Utilities;
using System;
using System.Threading.Tasks;
using Bit.App.Utilities;
using Bit.Core.Enums;
using Bit.Core.Exceptions;
using Bit.Core.Models.Domain;
@ -182,6 +183,7 @@ namespace Bit.App.Pages
try
{
var response = await _authService.LogInSsoAsync(code, codeVerifier, redirectUri);
await AppHelpers.ResetInvalidUnlockAttemptsAsync();
if (RememberOrgIdentifier)
{
await _storageService.SaveAsync(Keys_RememberedOrgIdentifier, OrgIdentifier);

View File

@ -39,6 +39,7 @@ namespace Bit.App.Services
Constants.iOSExtensionBiometricIntegrityKey,
Constants.EnvironmentUrlsKey,
Constants.InlineAutofillEnabledKey,
Constants.InvalidUnlockAttempts,
};
private readonly HashSet<string> _migrateToPreferences = new HashSet<string>

View File

@ -440,5 +440,20 @@ namespace Bit.App.Utilities
}
return previousPage;
}
public static async Task<int> IncrementInvalidUnlockAttemptsAsync()
{
var storageService = ServiceContainer.Resolve<IStorageService>("storageService");
var invalidUnlockAttempts = await storageService.GetAsync<int>(Constants.InvalidUnlockAttempts);
invalidUnlockAttempts++;
await storageService.SaveAsync(Constants.InvalidUnlockAttempts, invalidUnlockAttempts);
return invalidUnlockAttempts;
}
public static async Task ResetInvalidUnlockAttemptsAsync()
{
var storageService = ServiceContainer.Resolve<IStorageService>("storageService");
await storageService.RemoveAsync(Constants.InvalidUnlockAttempts);
}
}
}

View File

@ -40,6 +40,7 @@
public static string EventCollectionKey = "eventCollection";
public static string PreviousPageKey = "previousPage";
public static string InlineAutofillEnabledKey = "inlineAutofillEnabled";
public static string InvalidUnlockAttempts = "invalidUnlockAttempts";
public const int SelectFileRequestCode = 42;
public const int SelectFilePermissionRequestCode = 43;
public const int SaveFileRequestCode = 44;

View File

@ -8,6 +8,7 @@ using Bit.App.Abstractions;
using Bit.Core.Abstractions;
using Bit.Core.Utilities;
using System.Threading.Tasks;
using Bit.App.Utilities;
using Bit.Core.Models.Domain;
using Bit.Core.Enums;
@ -27,7 +28,6 @@ namespace Bit.iOS.Core.Controllers
private bool _pinLock;
private bool _biometricLock;
private bool _biometricIntegrityValid = true;
private int _invalidPinAttempts;
public LockPasswordViewController(IntPtr handle)
: base(handle)
@ -144,6 +144,7 @@ namespace Bit.iOS.Core.Controllers
failed = decPin != inputtedValue;
if (!failed)
{
await AppHelpers.ResetInvalidUnlockAttemptsAsync();
await SetKeyAndContinueAsync(key);
}
}
@ -152,6 +153,7 @@ namespace Bit.iOS.Core.Controllers
var key2 = await _cryptoService.MakeKeyFromPinAsync(inputtedValue, email,
kdf.GetValueOrDefault(KdfType.PBKDF2_SHA256), kdfIterations.GetValueOrDefault(5000));
failed = false;
await AppHelpers.ResetInvalidUnlockAttemptsAsync();
await SetKeyAndContinueAsync(key2);
}
}
@ -161,10 +163,10 @@ namespace Bit.iOS.Core.Controllers
}
if (failed)
{
_invalidPinAttempts++;
if (_invalidPinAttempts >= 5)
var invalidUnlockAttempts = await AppHelpers.IncrementInvalidUnlockAttemptsAsync();
if (invalidUnlockAttempts >= 5)
{
Cancel?.Invoke();
await LogOutAsync();
return;
}
InvalidValue();
@ -196,6 +198,7 @@ namespace Bit.iOS.Core.Controllers
kdf.GetValueOrDefault(KdfType.PBKDF2_SHA256), kdfIterations.GetValueOrDefault(5000));
_vaultTimeoutService.PinProtectedKey = await _cryptoService.EncryptAsync(key2.Key, pinKey);
}
await AppHelpers.ResetInvalidUnlockAttemptsAsync();
await SetKeyAndContinueAsync(key2);
// Re-enable biometrics
@ -206,6 +209,12 @@ namespace Bit.iOS.Core.Controllers
}
else
{
var invalidUnlockAttempts = await AppHelpers.IncrementInvalidUnlockAttemptsAsync();
if (invalidUnlockAttempts >= 5)
{
await LogOutAsync();
return;
}
InvalidValue();
}
}
@ -257,6 +266,42 @@ namespace Bit.iOS.Core.Controllers
PresentViewController(alert, true, null);
}
private async Task LogOutAsync()
{
var syncService = ServiceContainer.Resolve<ISyncService>("syncService");
var tokenService = ServiceContainer.Resolve<ITokenService>("tokenService");
var settingsService = ServiceContainer.Resolve<ISettingsService>("settingsService");
var cipherService = ServiceContainer.Resolve<ICipherService>("cipherService");
var folderService = ServiceContainer.Resolve<IFolderService>("folderService");
var collectionService = ServiceContainer.Resolve<ICollectionService>("collectionService");
var passwordGenerationService = ServiceContainer.Resolve<IPasswordGenerationService>(
"passwordGenerationService");
var stateService = ServiceContainer.Resolve<IStateService>("stateService");
var searchService = ServiceContainer.Resolve<ISearchService>("searchService");
var authService = ServiceContainer.Resolve<IAuthService>("authService");
var userId = await _userService.GetUserIdAsync();
await Task.WhenAll(
syncService.SetLastSyncAsync(DateTime.MinValue),
tokenService.ClearTokenAsync(),
_cryptoService.ClearKeysAsync(),
_userService.ClearAsync(),
settingsService.ClearAsync(userId),
cipherService.ClearAsync(userId),
folderService.ClearAsync(userId),
collectionService.ClearAsync(userId),
passwordGenerationService.ClearAsync(),
_vaultTimeoutService.ClearAsync(),
stateService.PurgeAsync(),
_deviceActionService.ClearCacheAsync());
_vaultTimeoutService.BiometricLocked = true;
searchService.ClearIndex();
authService.LogOut(() =>
{
Cancel?.Invoke();
});
}
public class TableSource : ExtendedUITableViewSource
{
private LockPasswordViewController _controller;