goldwarden/agent/actions/browserbiometrics.go

54 lines
1.8 KiB
Go
Raw Normal View History

package actions
import (
"encoding/base64"
"fmt"
"github.com/quexten/goldwarden/agent/config"
"github.com/quexten/goldwarden/agent/sockets"
2023-09-19 22:49:56 +03:00
"github.com/quexten/goldwarden/agent/systemauth"
2023-09-12 02:22:48 +03:00
"github.com/quexten/goldwarden/agent/systemauth/biometrics"
2023-09-12 03:54:46 +03:00
"github.com/quexten/goldwarden/agent/systemauth/pinentry"
"github.com/quexten/goldwarden/agent/vault"
2023-09-20 04:05:44 +03:00
"github.com/quexten/goldwarden/ipc/messages"
)
2023-09-20 04:05:44 +03:00
func handleGetBiometricsKey(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (response messages.IPCMessage, err error) {
2023-09-19 22:49:56 +03:00
if !(systemauth.VerifyPinSession(*ctx) || biometrics.CheckBiometrics(biometrics.BrowserBiometrics)) {
2023-09-20 04:05:44 +03:00
response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
2023-09-19 22:49:56 +03:00
Success: false,
Message: "not approved",
})
if err != nil {
2023-09-20 04:05:44 +03:00
return messages.IPCMessage{}, err
2023-09-19 22:49:56 +03:00
}
return response, nil
}
2023-09-12 03:54:46 +03:00
if approved, err := pinentry.GetApproval("Approve Credential Access", fmt.Sprintf("%s on %s>%s>%s is trying to access your vault encryption key for browser biometric unlock.", ctx.UserName, ctx.GrandParentProcessName, ctx.ParentProcessName, ctx.ProcessName)); err != nil || !approved {
2023-09-20 04:05:44 +03:00
response, err = messages.IPCMessageFromPayload(messages.ActionResponse{
Success: false,
Message: "not approved",
})
if err != nil {
2023-09-20 04:05:44 +03:00
return messages.IPCMessage{}, err
}
return response, nil
}
masterKey, err := cfg.GetMasterKey()
2023-09-19 22:49:56 +03:00
if err != nil {
2023-09-20 04:05:44 +03:00
return messages.IPCMessage{}, err
2023-09-19 22:49:56 +03:00
}
masterKeyB64 := base64.StdEncoding.EncodeToString(masterKey)
2023-09-20 04:05:44 +03:00
response, err = messages.IPCMessageFromPayload(messages.GetBiometricsKeyResponse{
Key: masterKeyB64,
})
return response, err
}
func init() {
2023-09-20 04:05:44 +03:00
AgentActionsRegistry.Register(messages.MessageTypeForEmptyPayload(messages.GetBiometricsKeyRequest{}), ensureIsNotLocked(ensureIsLoggedIn(handleGetBiometricsKey)))
}