[PM-3726] prevent legacy user login #2769
Conversation
|
No New Or Fixed Issues Found |
There was a problem hiding this comment.
Great work!
I see this repeated several times:
if (await _cryptoService.IsLegacyUserAsync(masterKey))
{
throw new LegacyUserException();
}If every time checking legacy should throw that exception, couldn't that be just done inside the method like:
public async Task CheckIfUserIsLegacyAsync(MasterKey masterKey = null, string userId = null)
{
if (await ValidateUserKeyAsync(new UserKey((masterKey ?? await GetMasterKeyAsync(userId)).Key))) // Also here see other comment to check the possibility of null getting the master key
{
throw new LegacyUserException();
}
}So we avoid checking and throwing it everywhere. Thoughts?
| var masterKey = await _cryptoService.MakeMasterKeyAsync(MasterPassword, _email, kdfConfig); | ||
| var storedKeyHash = await _cryptoService.GetMasterKeyHashAsync(); | ||
| var passwordValid = false; | ||
| MasterPasswordPolicyOptions enforcedMasterPasswordOptions = null; | ||
|
|
||
| if (await _cryptoService.IsLegacyUserAsync(masterKey)) | ||
| { | ||
| throw new LegacyUserException(); | ||
| } |
There was a problem hiding this comment.
⛏️ Can the check be moved right after masterKey initialization, because there's no need to await for getting the master key hash if it's a legacy user. Unless it depends on some internal computation on that latter task to be able to say whether it's legacy or not.
🤔 Could the check be done directly in MakeMasterKeyAsync()? Or is it not done that way to prevent potentially breaking other places?
There was a problem hiding this comment.
We won't have all the pieces yet to determine if they are legacy when simply logging in. I also didn't know if we wanted to run that code every time so left it out for now.
src/Core/Services/CryptoService.cs
Outdated
| public async Task<bool> IsLegacyUserAsync(MasterKey masterKey = null, string userId = null) | ||
| { | ||
| return await ValidateUserKeyAsync(new UserKey((masterKey ?? await GetMasterKeyAsync(userId)).Key)); | ||
| } |
There was a problem hiding this comment.
GetMasterKeyAsync(...) could potentially return null. Is it ok if that happens to throw a null reference exception here (when accessing .Key)?
There was a problem hiding this comment.
Good catch, added a check
I actually had to add that check to the login process, where we don't want it to throw. Would definitely clean up the code but I didn't want to use exceptions for the login process. |
# Conflicts: # src/App/Pages/Accounts/LockPageViewModel.cs # src/App/Resources/AppResources.Designer.cs # src/iOS.Core/Controllers/BaseLockPasswordViewController.cs
* [PM-3726] prevent legacy user login * [PM-3726] prevent unlock or auto key migration if legacy user * [PM-3726] add legacy checks to lock page and refactor * [PM-3726] rethrow exception from pin * formatting * [PM-3726] add changes to LockViewController, consolidate logout calls * formatting * [PM-3726] pr feedback * generate resx * formatting (cherry picked from commit c4f6ae9)
Type of change
Objective
Prevent legacy users from logging in and direct them to the web vault for migration.
Code changes
Legacy users are detected early in the
AuthService.LoginHelperby checking for the existence of a local hashed password (meaning MP was used to login) and the absence of aIdentityToken.Key. We can then return early before the authentication process and prevent any state from being set.SubmitAsyncmethod intoUnlockWithPinAsyncandUnlockWithMasterPasswordAsync. I also am catching anyLegacyUserExceptionerrors now in theSubmitAsyncmethod in order to process them.LockPageViewModelLegacyUserExceptionlike on the LockPage, I have addedAuthResult.RequiresEncryptionKeyMigration. The clients repo couldn't use an exception in the same way so I decided to keep the models similar.ValidateUserKeyAsyncandIsLegacyUserAsyncfor legacy user detection. Throw exceptions from migration methods if a legacy user is detected.Screenshots
Before you submit
dotnet format --verify-no-changes) (required)