From 497d4928fa7e1f2814b455d90a7a788e15d8ec98 Mon Sep 17 00:00:00 2001
From: Thomas Rittson <trittson@bitwarden.com>
Date: Thu, 10 Jun 2021 09:53:57 +1000
Subject: [PATCH] Force logout if user has old keyHash stored

---
 src/App/Pages/Accounts/LockPageViewModel.cs            | 7 +++++++
 src/Core/Services/CryptoService.cs                     | 2 ++
 src/iOS.Core/Controllers/LockPasswordViewController.cs | 9 ++++++++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/App/Pages/Accounts/LockPageViewModel.cs b/src/App/Pages/Accounts/LockPageViewModel.cs
index 811da6cba..2004ff1dc 100644
--- a/src/App/Pages/Accounts/LockPageViewModel.cs
+++ b/src/App/Pages/Accounts/LockPageViewModel.cs
@@ -121,6 +121,13 @@ namespace Bit.App.Pages
 
         public async Task InitAsync(bool autoPromptBiometric)
         {
+            var useLocalHash = await _storageService.GetAsync<bool>("useLocalHash");
+            if (useLocalHash != true)
+            {
+                _messagingService.Send("logout");
+                return;
+            }
+
             _pinSet = await _vaultTimeoutService.IsPinLockSetAsync();
             PinLock = (_pinSet.Item1 && _vaultTimeoutService.PinProtectedKey != null) || _pinSet.Item2;
             BiometricLock = await _vaultTimeoutService.IsBiometricLockSetAsync() && await _cryptoService.HasKeyAsync();
diff --git a/src/Core/Services/CryptoService.cs b/src/Core/Services/CryptoService.cs
index 2947ba609..fd0025cbb 100644
--- a/src/Core/Services/CryptoService.cs
+++ b/src/Core/Services/CryptoService.cs
@@ -33,6 +33,7 @@ namespace Bit.Core.Services
         private const string Keys_EncPrivateKey = "encPrivateKey";
         private const string Keys_EncKey = "encKey";
         private const string Keys_KeyHash = "keyHash";
+        private const string Keys_UseLocalHash = "useLocalHash";
 
         public CryptoService(
             IStorageService storageService,
@@ -61,6 +62,7 @@ namespace Bit.Core.Services
         {
             _keyHash = keyHash;
             await _storageService.SaveAsync(Keys_KeyHash, keyHash);
+            await _storageService.SaveAsync(Keys_UseLocalHash, true);
         }
 
         public async Task SetEncKeyAsync(string encKey)
diff --git a/src/iOS.Core/Controllers/LockPasswordViewController.cs b/src/iOS.Core/Controllers/LockPasswordViewController.cs
index 28228661a..dac34c762 100644
--- a/src/iOS.Core/Controllers/LockPasswordViewController.cs
+++ b/src/iOS.Core/Controllers/LockPasswordViewController.cs
@@ -44,7 +44,7 @@ namespace Bit.iOS.Core.Controllers
         
         public string BiometricIntegrityKey { get; set; }
 
-        public override void ViewDidLoad()
+        public async override void ViewDidLoad()
         {
             _vaultTimeoutService = ServiceContainer.Resolve<IVaultTimeoutService>("vaultTimeoutService");
             _cryptoService = ServiceContainer.Resolve<ICryptoService>("cryptoService");
@@ -88,6 +88,13 @@ namespace Bit.iOS.Core.Controllers
 
             base.ViewDidLoad();
 
+            var useLocalHash = await _storageService.GetAsync<bool>("useLocalHash");
+            if (useLocalHash != true)
+            {
+                await LogOutAsync();
+                return;
+            }
+
             if (_biometricLock)
             {
                 if (!_biometricIntegrityValid)