Ensured BIO MPE is handled correctly in PIV banner

elibon99 · elibon99 · commit 81c21a4f55a0 · 2025-05-09T13:53:13.000+02:00
diff --git a/lib/app/views/reset_dialog.dart b/lib/app/views/reset_dialog.dart
@@ -73,6 +73,7 @@ class ResetDialog extends ConsumerStatefulWidget {
 
 class _ResetDialogState extends ConsumerState<ResetDialog> {
   late Capability? _application;
+  late bool _globalReset;
   StreamSubscription<InteractionEvent>? _subscription;
   InteractionEvent? _interaction;
   int _currentStep = -1;
@@ -84,7 +85,8 @@ class _ResetDialogState extends ConsumerState<ResetDialog> {
     super.initState();
     final nfc = widget.data.node.transport == Transport.nfc;
     _totalSteps = nfc ? 2 : 3;
-    _application = widget.application;
+    _globalReset = _isGlobalReset();
+    _application = !_globalReset ? widget.application : null;
   }
 
   @override
@@ -109,6 +111,20 @@ class _ResetDialogState extends ConsumerState<ResetDialog> {
     };
   }
 
+  bool _isGlobalReset() {
+    final enabled =
+        widget.data.info.config.enabledCapabilities[widget
+            .data
+            .node
+            .transport] ??
+        0;
+    final isBio = [
+      FormFactor.usbABio,
+      FormFactor.usbCBio,
+    ].contains(widget.data.info.formFactor);
+    return isBio && (enabled & Capability.piv.value) != 0;
+  }
+
   @override
   Widget build(BuildContext context) {
     final hasFeature = ref.watch(featureProvider);
@@ -121,11 +137,6 @@ class _ResetDialogState extends ConsumerState<ResetDialog> {
             .transport] ??
         0;
 
-    final isBio = [
-      FormFactor.usbABio,
-      FormFactor.usbCBio,
-    ].contains(widget.data.info.formFactor);
-    final globalReset = isBio && (enabled & Capability.piv.value) != 0;
     final l10n = AppLocalizations.of(context);
     final usbTransport = widget.data.node.transport == Transport.usb;
 
@@ -289,7 +300,7 @@ class _ResetDialogState extends ConsumerState<ResetDialog> {
                         });
                       },
                       null =>
-                        globalReset
+                        _globalReset
                             ? () async {
                               setState(() {
                                 _resetting = true;
@@ -324,7 +335,7 @@ class _ResetDialogState extends ConsumerState<ResetDialog> {
               crossAxisAlignment: CrossAxisAlignment.start,
               children:
                   [
-                        if (!globalReset)
+                        if (!_globalReset)
                           Builder(
                             builder: (context) {
                               final width = MediaQuery.of(context).size.width;
@@ -383,7 +394,7 @@ class _ResetDialogState extends ConsumerState<ResetDialog> {
                             Capability.piv => l10n.p_warning_piv_reset,
                             Capability.fido2 => l10n.p_warning_deletes_accounts,
                             _ =>
-                              globalReset
+                              _globalReset
                                   ? l10n.p_warning_global_reset
                                   : l10n.p_factory_reset_an_app,
                           },
@@ -400,7 +411,7 @@ class _ResetDialogState extends ConsumerState<ResetDialog> {
                             Capability.piv => l10n.p_warning_piv_reset_desc,
                             Capability.fido2 => l10n.p_warning_disable_accounts,
                             _ =>
-                              globalReset
+                              _globalReset
                                   ? l10n.p_warning_global_reset_desc
                                   : l10n.p_factory_reset_desc,
                           }),
diff --git a/lib/desktop/piv/state.dart b/lib/desktop/piv/state.dart
@@ -51,6 +51,14 @@ final _sessionProvider = Provider.autoDispose.family<
   // Make sure the managementKey and PIN are held for the duration of the session.
   ref.watch(_managementKeyProvider(devicePath));
   ref.watch(_pinProvider(devicePath));
+  // Reset the state if resetBlocked is toggled from != 0 to == 0 (as on Global Reset)
+  ref.listen(currentDeviceDataProvider, (prev, next) {
+    final prevResetBlocked = prev?.value?.info.resetBlocked;
+    final nextResetBlocked = next.value?.info.resetBlocked;
+    if (prevResetBlocked != 0 && nextResetBlocked == 0) {
+      ref.invalidateSelf();
+    }
+  });
   return RpcNodeSession(ref.watch(rpcProvider).requireValue, devicePath, [
     'ccid',
     'piv',
diff --git a/lib/l10n/app_cs.arb b/lib/l10n/app_cs.arb
@@ -388,6 +388,7 @@
     "p_pin_required_desc": "Akce, kterou se chystáte provést, vyžaduje zadání kódu PIV PIN.",
     "l_piv_pin_blocked": "Zablokováno, pro obnovení použijte PUK",
     "p_piv_pin_blocked_desc": "PIN je zablokován. Použijte PUK pro jeho obnovení.",
+    "l_piv_pin_blocked_bio": null,
     "l_piv_pin_puk_blocked": "Zablokováno, je potřeba obnovení továrních nastavení",
     "p_piv_pin_puk_blocked_desc": "PIN i PUK jsou zablokovány. Je potřeba resetovat aplikaci PIV.",
     "p_new_piv_pin_puk_requirements": "{name} musí mít alespoň {length} znaků.",
diff --git a/lib/l10n/app_de.arb b/lib/l10n/app_de.arb
@@ -388,6 +388,7 @@
     "p_pin_required_desc": "Diese Aktion erfordert die PIV PIN.",
     "l_piv_pin_blocked": "Gesperrt, verwende die PUK zum Zurücksetzen",
     "p_piv_pin_blocked_desc": "Die PIN ist blockiert. Benutze die PUK um sie zurückzusetzen.",
+    "l_piv_pin_blocked_bio": null,
     "l_piv_pin_puk_blocked": "Gesperrt, Zurücksetzen auf Werkseinstellungen erforderlich",
     "p_piv_pin_puk_blocked_desc": "Sowohl die PIN als auch PUK sind blockiert. Die PIV-Anwendung muss zurückgesetzt werden.",
     "p_new_piv_pin_puk_requirements": "Eine {name} muss mindestens {length} Zeichen lang sein.",
diff --git a/lib/l10n/app_en.arb b/lib/l10n/app_en.arb
@@ -388,6 +388,7 @@
     "p_pin_required_desc": "The action you are about to perform requires the PIV PIN to be entered.",
     "l_piv_pin_blocked": "Blocked, use PUK to reset",
     "p_piv_pin_blocked_desc": "The PIN is blocked. Use the PUK to reset it.",
+    "l_piv_pin_blocked_bio": "The PIN is blocked. A factory reset is required.",
     "l_piv_pin_puk_blocked": "Blocked, factory reset needed",
     "p_piv_pin_puk_blocked_desc": "Both the PIN and PUK are blocked. A factory reset of the PIV application is required.",
     "p_new_piv_pin_puk_requirements": "A {name} must be at least {length} characters long.",
diff --git a/lib/l10n/app_fr.arb b/lib/l10n/app_fr.arb
@@ -388,6 +388,7 @@
     "p_pin_required_desc": "L'action que vous allez effectuer nécessite la saisie du PIN PIV.",
     "l_piv_pin_blocked": "Bloqué, utilisez PUK pour réinitialiser",
     "p_piv_pin_blocked_desc": "Le code PIN est bloqué. Utilisez le code PUK pour le réinitialiser.",
+    "l_piv_pin_blocked_bio": null,
     "l_piv_pin_puk_blocked": "Bloqué, réinitialisation aux paramètres d'usine nécessaire",
     "p_piv_pin_puk_blocked_desc": "Le code PIN et le code PUK sont tous deux bloqués. Une réinitialisation d'usine de l'application PIV est nécessaire.",
     "p_new_piv_pin_puk_requirements": "Le {name} doit avoir au moins {length} caractères.",
diff --git a/lib/l10n/app_ja.arb b/lib/l10n/app_ja.arb
@@ -388,6 +388,7 @@
     "p_pin_required_desc": "実行しようとしているアクションでは、PIV PINを入力する必要があります。",
     "l_piv_pin_blocked": "ブロックされています。リセットするにはPUKを使用してください",
     "p_piv_pin_blocked_desc": "PIN がブロックされています。PUK を使用してリセットしてください。",
+    "l_piv_pin_blocked_bio": null,
     "l_piv_pin_puk_blocked": "ブロックされています。工場出荷時の状態にリセットする必要があります",
     "p_piv_pin_puk_blocked_desc": "PIN と PUK の両方がブロックされています。PIV アプリケーションの工場出荷時リセットが必要です。",
     "p_new_piv_pin_puk_requirements": "{name} は {length} 文字以上で設定してください。",
diff --git a/lib/l10n/app_pl.arb b/lib/l10n/app_pl.arb
@@ -388,6 +388,7 @@
     "p_pin_required_desc": "Działanie wymaga wpisania kodu PIN PIV.",
     "l_piv_pin_blocked": "Zablokowano. Użyj kodu PUK, aby zresetować",
     "p_piv_pin_blocked_desc": "Kod PIN jest zablokowany. Użyj kodu PUK, aby zresetować.",
+    "l_piv_pin_blocked_bio": null,
     "l_piv_pin_puk_blocked": "Zablokowano. Wymagane jest przywrócenie ustawień fabrycznych",
     "p_piv_pin_puk_blocked_desc": "Kody PIN i PUK są zablokowane. Wymagane jest przywrócenie ustawień fabrycznych aplikacji PIV.",
     "p_new_piv_pin_puk_requirements": "{name} musi składać się z co najmniej {length} znaków.",
diff --git a/lib/l10n/app_sk.arb b/lib/l10n/app_sk.arb
@@ -388,6 +388,7 @@
     "p_pin_required_desc": "Akcia, ktorú sa chystáte vykonať, vyžaduje zadanie kódu PIV PIN.",
     "l_piv_pin_blocked": "Zablokované, na obnovenie použite PUK",
     "p_piv_pin_blocked_desc": "PIN kód je zablokovaný. Na jeho obnovenie použite PUK.",
+    "l_piv_pin_blocked_bio": null,
     "l_piv_pin_puk_blocked": "Zablokované, je potrebné obnovenie výrobných nastavení",
     "p_piv_pin_puk_blocked_desc": "PIN aj PUK sú zablokované. Vyžaduje sa obnovenie výrobných nastavení aplikácie PIV.",
     "p_new_piv_pin_puk_requirements": "{name} musí mať aspoň {length} znakov.",
diff --git a/lib/l10n/app_sv.arb b/lib/l10n/app_sv.arb
@@ -388,6 +388,7 @@
     "p_pin_required_desc": "Den åtgärd du ska utföra kräver att du anger PIV PIN-koden.",
     "l_piv_pin_blocked": "Blockerad, använd PUK för att återställa",
     "p_piv_pin_blocked_desc": "PIN-koden är blockerad. Använd PUK för att återställa den.",
+    "l_piv_pin_blocked_bio": null,
     "l_piv_pin_puk_blocked": "Blockerad, fabriksåterställning krävs",
     "p_piv_pin_puk_blocked_desc": "Både PIN och PUK är blockerade. En fabriksåterställning av PIV applikationen krävs.",
     "p_new_piv_pin_puk_requirements": "A {name} must be at least {length} characters long.",
diff --git a/lib/l10n/app_vi.arb b/lib/l10n/app_vi.arb
@@ -388,6 +388,7 @@
     "p_pin_required_desc": "Hành động bạn sắp thực hiện yêu cầu phải nhập Mã PIN PIV.",
     "l_piv_pin_blocked": "Bị khóa, sử dụng PUK để khôi phục",
     "p_piv_pin_blocked_desc": "The PIN is blocked. Use the PUK to reset it.",
+    "l_piv_pin_blocked_bio": null,
     "l_piv_pin_puk_blocked": "Bị khóa, cần khôi phục cài đặt gốc",
     "p_piv_pin_puk_blocked_desc": "Both the PIN and PUK are blocked. A factory reset of the PIV application is required.",
     "p_new_piv_pin_puk_requirements": "A {name} must be at least {length} characters long.",
diff --git a/lib/l10n/app_zh.arb b/lib/l10n/app_zh.arb
@@ -388,6 +388,7 @@
     "p_pin_required_desc": "您将要执行的操作需要输入 PIV PIN 。",
     "l_piv_pin_blocked": "已封禁，请使用 PUK 以重置",
     "p_piv_pin_blocked_desc": "PIN 已被封禁。请使用 PUK 重置。",
+    "l_piv_pin_blocked_bio": null,
     "l_piv_pin_puk_blocked": "已封禁，需要出厂重置",
     "p_piv_pin_puk_blocked_desc": "PIN 和 PUK 均被封禁。需要对 PIV 应用程序进行出厂重置。",
     "p_new_piv_pin_puk_requirements": "{name} 的长度必须至少为 {length} 个字符。",
diff --git a/lib/piv/views/key_actions.dart b/lib/piv/views/key_actions.dart
@@ -16,12 +16,10 @@
 
 import 'package:flutter/material.dart';
 
-import 'package:flutter_riverpod/flutter_riverpod.dart';
 import 'package:material_symbols_icons/symbols.dart';
 
 import '../../app/message.dart';
 import '../../app/models.dart';
-import '../../app/state.dart';
 import '../../app/views/action_list.dart';
 import '../../generated/l10n/app_localizations.dart';
 import '../../management/models.dart';
@@ -42,9 +40,8 @@ bool pivShowActionsNotifier(PivState state) {
 
 Widget pivBuildActions(
   BuildContext context,
-  DevicePath devicePath,
+  YubiKeyData data,
   PivState pivState,
-  WidgetRef ref,
 ) {
   final colors =
       Theme.of(context).buttonTheme.colorScheme ??
@@ -60,11 +57,11 @@ Widget pivBuildActions(
   final pukAttempts = pivState.metadata?.pukMetadata.attemptsRemaining;
   final alertIcon = Icon(Symbols.warning_amber, color: colors.tertiary);
 
-  final deviceData = ref.read(currentDeviceDataProvider).valueOrNull;
+  final devicePath = data.node.path;
   final isBio = [
     FormFactor.usbABio,
     FormFactor.usbCBio,
-  ].contains(deviceData?.info.formFactor);
+  ].contains(data.info.formFactor);
 
   return Column(
     children: [
diff --git a/lib/piv/views/piv_screen.dart b/lib/piv/views/piv_screen.dart
@@ -242,9 +242,8 @@ class _PivScreenState extends ConsumerState<PivScreen> {
                           hasFeature(features.actions)
                               ? (context) => pivBuildActions(
                                 context,
-                                widget.data.node.path,
+                                widget.data,
                                 pivState,
-                                ref,
                               )
                               : null,
                       keyActionsBadge: pivShowActionsNotifier(pivState),
@@ -258,6 +257,11 @@ class _PivScreenState extends ConsumerState<PivScreen> {
                           });
                         }
 
+                        final isBio = [
+                          FormFactor.usbABio,
+                          FormFactor.usbCBio,
+                        ].contains(widget.data.info.formFactor);
+
                         final usingDefaultPin =
                             pivState.metadata?.pinMetadata.defaultValue == true;
                         final pinBlocked = pivState.pinAttempts == 0;
@@ -293,7 +297,9 @@ class _PivScreenState extends ConsumerState<PivScreen> {
                                 MaterialBanner(
                                   padding: EdgeInsets.all(18),
                                   content: Text(
-                                    pukAttempts == 0
+                                    isBio
+                                        ? l10n.l_piv_pin_blocked_bio
+                                        : pukAttempts == 0
                                         ? l10n.p_piv_pin_puk_blocked_desc
                                         : l10n.p_piv_pin_blocked_desc,
                                   ),
