Attempt to fix browserbiometrics

agent/actions/actions.go

@@ -37,6 +37,7 @@ func (registry *ActionsRegistry) Get(messageType messages.IPCMessageType) (Actio
 func ensureIsLoggedIn(action Action) Action {
 	return func(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (messages.IPCMessage, error) {
 		if hash, err := cfg.GetMasterPasswordHash(); err != nil || len(hash) == 0 {
+			actionsLog.Error("EnsureIsLoggedIn - %s", err.Error())
 			return messages.IPCMessageFromPayload(messages.ActionResponse{
 				Success: false,
 				Message: "Not logged in",

agent/actions/browserbiometrics.go

@@ -1,14 +1,14 @@
 package actions
 
 import (
+	"context"
 	"encoding/base64"
 	"fmt"
 	"time"
 
 	"github.com/quexten/goldwarden/agent/config"
 	"github.com/quexten/goldwarden/agent/notify"
 	"github.com/quexten/goldwarden/agent/sockets"
-	"github.com/quexten/goldwarden/agent/systemauth"
 	"github.com/quexten/goldwarden/agent/systemauth/biometrics"
 	"github.com/quexten/goldwarden/agent/systemauth/pinentry"
 	"github.com/quexten/goldwarden/agent/vault"
@@ -18,12 +18,47 @@ import (
 
 func handleGetBiometricsKey(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (response messages.IPCMessage, err error) {
 	actionsLog.Info("Browser Biometrics: Key requested, verifying biometrics...")
-	if !(systemauth.VerifyPinSession(*ctx) || biometrics.CheckBiometrics(biometrics.BrowserBiometrics)) {
+	authenticated := false
+
+	if cfg.IsLocked() {
+		actionsLog.Info("Browser Biometrics: Vault is locked, asking for pin...")
+		err := cfg.TryUnlock(vault)
+		if err != nil {
+			actionsLog.Info("Browser Biometrics: Vault not unlocked")
+			return messages.IPCMessage{}, err
+		}
+		ctx1 := context.Background()
+		success := sync(ctx1, vault, cfg)
+		if !success {
+			actionsLog.Info("Browser Biometrics: Vault not synced")
+			return messages.IPCMessage{}, err
+		}
+		actionsLog.Info("Browser Biometrics: Vault unlocked")
+		authenticated = true
+	} else {
+		authenticated = biometrics.CheckBiometrics(biometrics.BrowserBiometrics)
+		if !authenticated {
+			// todo, skip when explicitly denied instead of error
+			actionsLog.Info("Browser Biometrics: Biometrics not approved, asking for pin...")
+			pin, err := pinentry.GetPassword("Goldwarden", "Enter your pin to unlock your vault")
+			if err == nil {
+				authenticated = cfg.VerifyPin(pin)
+				if !authenticated {
+					actionsLog.Info("Browser Biometrics: Pin not approved")
+				} else {
+					actionsLog.Info("Browser Biometrics: Pin approved")
+				}
+			}
+		} else {
+			actionsLog.Info("Browser Biometrics: Biometrics approved")
+		}
+	}
+
+	if !authenticated {
 		response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
 			Success: false,
 			Message: "not approved",
 		})
-		actionsLog.Info("Browser Biometrics: Biometrics not approved %v", err)
 		if err != nil {
 			return messages.IPCMessage{}, err
 		}
@@ -58,5 +93,5 @@ func handleGetBiometricsKey(request messages.IPCMessage, cfg *config.Config, vau
 }
 
 func init() {
-	AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.GetBiometricsKeyRequest{}), ensureIsNotLocked(ensureIsLoggedIn(handleGetBiometricsKey)))
+	AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.GetBiometricsKeyRequest{}), handleGetBiometricsKey)
 }

agent/unixsocketagent.go

@@ -288,6 +288,8 @@ func StartUnixAgent(path string, runtimeConfig config.RuntimeConfig) error {
 			fd, err := l.Accept()
 			if err != nil {
 				println("accept error", err.Error())
+			} else {
+				log.Info("Accepted unix socket connection; handling request")
 			}
 
 			go serveAgentSession(fd, ctx, vault, &cfg)

browserbiometrics/protocol.go

@@ -105,6 +105,7 @@ func handlePayloadMessage(msg PayloadMessage, appID string) {
 	case "biometricUnlock":
 		logging.Debugf("Biometric unlock requested")
 		// logging.Debugf("Biometrics authorized: %t", isAuthorized)
+		logging.Debugf("Connecting to agent at path %s", runtimeConfig.GoldwardenSocketPath)
 		result, err := client.NewUnixSocketClient(runtimeConfig).SendToAgent(messages.GetBiometricsKeyRequest{})
 		if err != nil {
 			logging.Errorf("Unable to send message to agent: %s", err.Error())