2023-07-17 06:02:29 +03:00
package actions
import (
"encoding/base64"
"fmt"
"github.com/quexten/goldwarden/agent/config"
"github.com/quexten/goldwarden/agent/sockets"
2023-09-19 22:49:56 +03:00
"github.com/quexten/goldwarden/agent/systemauth"
2023-09-12 02:22:48 +03:00
"github.com/quexten/goldwarden/agent/systemauth/biometrics"
2023-09-12 03:54:46 +03:00
"github.com/quexten/goldwarden/agent/systemauth/pinentry"
2023-07-17 06:02:29 +03:00
"github.com/quexten/goldwarden/agent/vault"
2023-09-20 04:05:44 +03:00
"github.com/quexten/goldwarden/ipc/messages"
2023-07-17 06:02:29 +03:00
)
2023-09-20 04:05:44 +03:00
func handleGetBiometricsKey ( request messages . IPCMessage , cfg * config . Config , vault * vault . Vault , ctx * sockets . CallingContext ) ( response messages . IPCMessage , err error ) {
2023-12-22 12:44:49 +03:00
actionsLog . Info ( "Browser Biometrics: Key requested, verifying biometrics..." )
2023-09-19 22:49:56 +03:00
if ! ( systemauth . VerifyPinSession ( * ctx ) || biometrics . CheckBiometrics ( biometrics . BrowserBiometrics ) ) {
2023-09-20 04:05:44 +03:00
response , err = messages . IPCMessageFromPayload ( messages . ActionResponse {
2023-09-19 22:49:56 +03:00
Success : false ,
Message : "not approved" ,
} )
2023-12-22 12:44:49 +03:00
actionsLog . Info ( "Browser Biometrics: Biometrics not approved %v" , err )
2023-09-19 22:49:56 +03:00
if err != nil {
2023-09-20 04:05:44 +03:00
return messages . IPCMessage { } , err
2023-09-19 22:49:56 +03:00
}
return response , nil
}
2023-12-22 12:44:49 +03:00
actionsLog . Info ( "Browser Biometrics: Biometrics verified, asking for approval..." )
2023-09-12 03:54:46 +03:00
if approved , err := pinentry . GetApproval ( "Approve Credential Access" , fmt . Sprintf ( "%s on %s>%s>%s is trying to access your vault encryption key for browser biometric unlock." , ctx . UserName , ctx . GrandParentProcessName , ctx . ParentProcessName , ctx . ProcessName ) ) ; err != nil || ! approved {
2023-09-20 04:05:44 +03:00
response , err = messages . IPCMessageFromPayload ( messages . ActionResponse {
2023-07-17 06:02:29 +03:00
Success : false ,
Message : "not approved" ,
} )
2023-12-22 12:44:49 +03:00
actionsLog . Info ( "Browser Biometrics: Biometrics not approved %v" , err )
2023-07-17 06:02:29 +03:00
if err != nil {
2023-09-20 04:05:44 +03:00
return messages . IPCMessage { } , err
2023-07-17 06:02:29 +03:00
}
return response , nil
}
2023-12-22 12:44:49 +03:00
actionsLog . Info ( "Browser Biometrics: Approved, getting key..." )
2023-07-17 06:02:29 +03:00
masterKey , err := cfg . GetMasterKey ( )
2023-09-19 22:49:56 +03:00
if err != nil {
2023-09-20 04:05:44 +03:00
return messages . IPCMessage { } , err
2023-09-19 22:49:56 +03:00
}
2023-07-17 06:02:29 +03:00
masterKeyB64 := base64 . StdEncoding . EncodeToString ( masterKey )
2023-09-20 04:05:44 +03:00
response , err = messages . IPCMessageFromPayload ( messages . GetBiometricsKeyResponse {
2023-07-17 06:02:29 +03:00
Key : masterKeyB64 ,
} )
2023-12-22 12:44:49 +03:00
actionsLog . Info ( "Browser Biometrics: Sending key..." )
2023-07-17 06:02:29 +03:00
return response , err
}
func init ( ) {
2023-09-20 04:05:44 +03:00
AgentActionsRegistry . Register ( messages . MessageTypeForEmptyPayload ( messages . GetBiometricsKeyRequest { } ) , ensureIsNotLocked ( ensureIsLoggedIn ( handleGetBiometricsKey ) ) )
2023-07-17 06:02:29 +03:00
}