search

bitwarden / clients

Bitwarden client apps (web, browser extension, desktop, and cli).
https://bitwarden.com
Other
9.22k stars 1.24k forks source link

"Ask for Touch ID on launch" not working when "Start to menu bar" is enabled on macOS #10201

Open poopsicles opened 3 months ago

poopsicles commented 3 months ago

Steps To Reproduce

  1. Turn on "Ask for Touch ID on launch" while leaving "Start to menu bar" unchecked.
  2. Quit and reopen the application.
  3. Try turning them both on.
  4. Quit, reopen the application, then click on the menu bar icon.

Expected Result

For the first bit (only Ask for... on), once the window pops up, the Touch ID window should come up and ask to authenticate.

For the second bit (both settings turned on), the application should start minimised to the menu bar, but when opened should ask for Touch ID.

Actual Result

The first one works as intended, the second doesnt--the window comes up but doesn't try to authenticate with Touch ID.

Screenshots or Videos

No response

Additional Context

I think I'm also experiencing #8640 too, the Touch ID popup randomly appears (and my vault timeout is set to 1 minute), as well as #9742 with the fingerprint being accepted but Bitwarden not unlocking.

Operating System

macOS

Operating System Version

14.4

Installation method

Mac App Store

Build Version

2024.6.4

Issue Tracking Info

SergeantConfused commented 3 months ago

Hello @poopsicles,

Thank you for this report. In that setup, where the Bitwarden macOS desktop client is initially launched in the background and to the menu bar, it is expected to not be automatically prompted for biometrics; The (Ask for Touch ID on launch) function refers to when the client is first launched, not when its window is brought up from the menu bar or tray. It's also worth noting that we do not prompt for biometrics whilst the client is in the background to avoid confusion.

If you wish to change this, you may want to consider submitting this idea as an improvement suggestion/feature request in the Bitwarden Community; Please remember to search before creating a new request, just in case there already is a thread about this.

If you have any questions or concerns, please feel free to get in touch and please include a link to this GitHub report if you do.

I will now proceed and close this GitHub report.

Thank you again,

wearsshoes commented 2 months ago

@SergeantConfused I would like to reopen this; as your explanation contradicts the explanation given by @Krychaz in #8640 :

"Many users use this to quickly unlock their vault when returning to their PC. For example they might have timeout set to 8H and the next day, when they start working, they are only prompted for touch ID."

The behavior on my machine matches Krychaz's explanation if I have a time-based Vault timeout, for example "5 minutes". Then when the "Ask for Touch ID on app start" option is enabled, it interrupts whatever I am currently doing to immediately prompt for Touch ID, even while I am currently working and have not logged out in the interim, a very undesired behavior.

However, when I have an event-based Vault timeout, for example "On System Lock" and "Start to menu bar" enabled, if I then select "Ask for Touch ID on app start", the Touch ID prompt does not automatically activate either upon system unlock, nor when I foreground Bitwarden, nor even when I quit and reopen the app. This is similar to the condition @poopsicles describes.

So the option's currently the worst of both worlds: it does something when it isn't supposed to, and doesn't do anything when it is supposed to.

In both cases, I think the proper solution would be that the "Ask for Touch ID on app start" flag should be changed to "Prompt for Touch ID when activated", with corresponding program behavior modification. Then whenever the app comes to the foreground (either due to app start or user interaction), the flag makes the Touch ID prompt automatically appear if the app is in a locked state, satisfying both classes of user interests.

Running MacOS Sequoia 15.0 Beta (24A5327a), but also had this issue prior to upgrading to the Beta.

wearsshoes commented 2 months ago

While I think the bug can be resolved without changing intended program behavior, I've submitted this proposed UI fix as a feature request, since I think that changing the program behavior will reduce confusion: https://community.bitwarden.com/t/macos-desktop-change-ask-for-touch-id-on-app-start-flag-to-prompt-for-touch-id-when-activated/71360