From 5b249bed67e80aa5ddc2e60a9496b79542bcd48d Mon Sep 17 00:00:00 2001 From: Federico Maccaroni Date: Mon, 4 Dec 2023 12:13:13 -0300 Subject: [PATCH] PM-5064 Fix lock interaction between biometrics and vault timeout never (#2885) --- src/Core/Services/VaultTimeoutService.cs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/Core/Services/VaultTimeoutService.cs b/src/Core/Services/VaultTimeoutService.cs index d9ee8fd44..528dad82e 100644 --- a/src/Core/Services/VaultTimeoutService.cs +++ b/src/Core/Services/VaultTimeoutService.cs @@ -63,12 +63,20 @@ namespace Bit.Core.Services /// public async Task IsLockedAsync(string userId = null) { + // If biometrics are used, we can use the flag to determine locked state taking into account the auto unlock key for vault timeout never. + var biometricSet = await IsBiometricLockSetAsync(userId); + var hasAutoUnlockKey = await _cryptoService.HasAutoUnlockKeyAsync(userId); + if (biometricSet && await _stateService.GetBiometricLockedAsync(userId) && !hasAutoUnlockKey) + { + return true; + } + if (!await _cryptoService.HasUserKeyAsync(userId)) { try { // Filter out accounts without auto key - if (!await _cryptoService.HasAutoUnlockKeyAsync(userId)) + if (!hasAutoUnlockKey) { return true; } @@ -84,7 +92,6 @@ namespace Bit.Core.Services // Legacy users must migrate on web vault before login await LogOutAsync(false, userId); } - } // Check again to verify auto key was set