When the vault automatically locks after time-out, it prompts for biometrics again

bitwarden / clients

Bitwarden client apps (web, browser extension, desktop, and cli).

https://bitwarden.com

Other

8.66k stars 1.14k forks source link

When the vault automatically locks after time-out, it prompts for biometrics again #9885

Open hach-que opened 3 days ago

hach-que commented 3 days ago

Steps To Reproduce

Configure your vault to time-out after 5 minutes.
Configure your vault to unlock with Windows Hello biometrics.
Unlock your vault with biometrics.
Wait 5 minutes.
The vault will lock, and you'll get the Windows Hello biometrics prompt again (even though you most likely don't want to unlock the vault at this point, you just want it to auto-lock).

Expected Result

Biometrics prompt should not show.

Actual Result

Biometrics prompt shows.

Screenshots or Videos

No response

Additional Context

No response

Operating System

Windows

Operating System Version

No response

Installation method

Direct Download (from bitwarden.com)

Build Version

Version 2024.6.3 Shell 29.4.2 Renderer 122.0.6261.156 Node 20.9.0 Architecture x64

Issue Tracking Info

[X] I understand that work is tracked outside of GitHub. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

c3JpbmkK commented 3 days ago

Adding to the issue, the browser extension is unable to "Unlock with biometrics" when the desktop app is locked.

I have Vault timeout with lock on the browser extension (30m) and the desktop app (5m), and prior to last week's update, the browser extension would unlock the desktop vault using biometrics when the desktop app is locked (correct me if im wrong here, I've never checked if desktop app is unlocked when i unlock the browser extension). Now it just shows "User locked or logged out" and doesnt attempt to unlock the vault. After I unlock the desktop app (also using biometrics), the "Unlock with biometrics" option works as expected.

Web Browser

Firefox 127.0.2 (64-bit)

Operating System

macOS Sonoma 14.5 (23F79)

Installation method

Mac App Store (otherwise biometrics integration doesnt work)

Build Version

Version 2024.6.3 Shell 29.4.2 Renderer 122.0.6261.156 Node 20.9.0 Architecture arm64

sammbw commented 2 days ago

@c3JpbmkK this is a separate issue, could you please open a new issue for this example? Thank you!

sammbw commented 2 days ago

Hi there,

I am unable to reproduce this issue, it has been escalated for further investigation. If you have more information that can help us, please add it below.

Thanks!

hach-que commented 2 days ago

Adding to the issue, the browser extension is unable to "Unlock with biometrics" when the desktop app is locked.

I have Vault timeout with lock on the browser extension (30m) and the desktop app (5m), and prior to last week's update, the browser extension would unlock the desktop vault using biometrics when the desktop app is locked (correct me if im wrong here, I've never checked if desktop app is unlocked when i unlock the browser extension). Now it just shows "User locked or logged out" and doesnt attempt to unlock the vault. After I unlock the desktop app (also using biometrics), the "Unlock with biometrics" option works as expected.

Yep, I've also noticed this regression as well.