chore: Improved the master password unlock method.

Skyost · Skyost · commit f711d45cbc32 · 2026-04-29T19:23:27.000+02:00
diff --git a/lib/model/app_unlock/methods/local_auth.dart b/lib/model/app_unlock/methods/local_auth.dart
@@ -19,7 +19,7 @@ class LocalAuthenticationAppUnlockMethod extends AppUnlockMethod {
   }
 
   @override
-  Future<CannotUnlockException?> canUnlock() async {
+  Future<CannotUnlockException?> canUnlock(UnlockReason reason) async {
     if (!(await LocalAuthentication.instance.isSupported())) {
       return LocalAuthenticationDeviceNotSupported();
     }
diff --git a/lib/model/app_unlock/methods/master_password.dart b/lib/model/app_unlock/methods/master_password.dart
@@ -55,28 +55,45 @@ class MasterPasswordAppUnlockMethod extends AppUnlockMethod<String> {
   }
 
   @override
-  Future<CannotUnlockException?> canUnlock() async {
-    Salt? salt = await Salt.readFromLocalStorage();
-    if (salt == null) {
-      try {
-        List<Totp> totps = await _ref.read(totpRepositoryProvider.future);
-        salt = totps.firstOrNull?.encryptedData.encryptionSalt;
-        if (salt == null) {
-          return MasterPasswordNoSalt();
-        }
-        await salt.saveToLocalStorage();
-      } catch (ex, stackTrace) {
-        handleException(ex, stackTrace);
-        return MasterPasswordNoSalt();
+  Future<CannotUnlockException?> canUnlock(UnlockReason reason) async {
+    if (reason != .openApp && reason != .sensibleAction) {
+      List<Totp> totps = await _ref.read(totpRepositoryProvider.future);
+      if (totps.isEmpty) {
+        return null;
       }
     }
+    if (!(await _ensureSaltAvailable())) {
+      return MasterPasswordNoSalt();
+    }
     List<PasswordVerificationMethod> passwordVerificationMethods = await _ref.read(passwordVerificationProvider.future);
     if (passwordVerificationMethods.isEmpty) {
       return MasterPasswordNoPasswordVerificationMethodAvailable();
     }
     return null;
   }
 
+  /// Ensures that the local salt exists, restoring it from the TOTP list when possible.
+  Future<bool> _ensureSaltAvailable() async {
+    if (await Salt.readFromLocalStorage() != null) {
+      return true;
+    }
+    try {
+      List<Totp> totps = await _ref.read(totpRepositoryProvider.future);
+      Salt? salt = totps.firstOrNull?.encryptedData.encryptionSalt;
+      if (salt == null) {
+        return false;
+      }
+      await salt.saveToLocalStorage();
+      _ref.invalidate(cryptoStoreProvider);
+      _ref.invalidate(cryptoStoreVerificationMethodProvider);
+      _ref.invalidate(passwordVerificationProvider);
+      return true;
+    } catch (ex, stackTrace) {
+      handleException(ex, stackTrace);
+      return false;
+    }
+  }
+
   /// Prompts master password for unlock.
   Future<Result<String>> _promptMasterPasswordForUnlock(BuildContext context, String? message) async {
     String? password = await MasterPasswordInputDialog.prompt(
diff --git a/lib/model/app_unlock/methods/method.dart b/lib/model/app_unlock/methods/method.dart
@@ -5,6 +5,7 @@ import 'package:open_authenticator/i18n/localizable_exception.dart';
 import 'package:open_authenticator/i18n/translations.g.dart';
 import 'package:open_authenticator/model/app_unlock/reason.dart';
 import 'package:open_authenticator/model/crypto.dart';
+import 'package:open_authenticator/model/password_verification/methods/crypto_store.dart';
 import 'package:open_authenticator/model/password_verification/methods/method.dart';
 import 'package:open_authenticator/model/password_verification/methods/password_signature.dart';
 import 'package:open_authenticator/model/password_verification/password_verification.dart';
@@ -47,7 +48,7 @@ sealed class AppUnlockMethod<T> {
   /// [context] is required so that we can interact with the user.
   Future<Result<T>> unlock(BuildContext context, UnlockReason reason) async {
     try {
-      CannotUnlockException? cannotUnlockException = await canUnlock();
+      CannotUnlockException? cannotUnlockException = await canUnlock(reason);
       if (cannotUnlockException != null) {
         throw cannotUnlockException;
       }
@@ -76,7 +77,7 @@ sealed class AppUnlockMethod<T> {
   AppLockState get defaultAppLockState => AppLockState.locked;
 
   /// Returns whether the app can be unlocked using this method.
-  Future<CannotUnlockException?> canUnlock() => Future.value(null);
+  Future<CannotUnlockException?> canUnlock(UnlockReason reason) => Future.value(null);
 
   /// Triggered when this method has been chosen has the app unlock method.
   /// [unlockResult] is the result of the [tryUnlock] call.

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ class LocalAuthenticationAppUnlockMethod extends AppUnlockMethod {`
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`@override`
`22`		`- Future<CannotUnlockException?> canUnlock() async {`
	`22`	`+ Future<CannotUnlockException?> canUnlock(UnlockReason reason) async {`
`23`	`23`	`if (!(await LocalAuthentication.instance.isSupported())) {`
`24`	`24`	`return LocalAuthenticationDeviceNotSupported();`
`25`	`25`	`}`