PM-5064 Fix lock interaction between biometrics and vault timeout never

bitwarden · Dec 4, 2023 · 172476f · 172476f
1 parent 11348e6
commit 172476f
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/src/Core/Services/VaultTimeoutService.cs b/src/Core/Services/VaultTimeoutService.cs
@@ -63,12 +63,20 @@ public class VaultTimeoutService : IVaultTimeoutService
         /// </param>
         public async Task<bool> IsLockedAsync(string userId = null)
         {
+            // If biometrics are used, we can use the flag to determine locked state taking into account the auto unlock key for vault timeout never.
+            var biometricSet = await IsBiometricLockSetAsync(userId);
+            var hasAutoUnlockKey = await _cryptoService.HasAutoUnlockKeyAsync(userId);
+            if (biometricSet && await _stateService.GetBiometricLockedAsync(userId) && !hasAutoUnlockKey)
+            {
+                return true;
+            }
+
             if (!await _cryptoService.HasUserKeyAsync(userId))
             {
                 try
                 {
                     // Filter out accounts without auto key
-                    if (!await _cryptoService.HasAutoUnlockKeyAsync(userId))
+                    if (!hasAutoUnlockKey)
                     {
                         return true;
                     }
@@ -84,7 +92,6 @@ public async Task<bool> IsLockedAsync(string userId = null)
                     // Legacy users must migrate on web vault before login
                     await LogOutAsync(false, userId);
                 }
-
             }
 
             // Check again to verify auto key was set