From 3dd5dcd9bba2a828ffe9468e55132e3191c0011d Mon Sep 17 00:00:00 2001 From: Ray Strode Date: Mon, 15 May 2023 10:48:15 -0400 Subject: [PATCH] authPrompt: Disregard smartcard status changes if VERIFICATION_IN_PROGRESS commit c8bb45b41c3a13ef161103f649aa18938e028a70 introduced a new verification state, VERIFICATION_IN_PROGRESS, to detect when the user has already interacted with the authentication prompt, so the prompt can rate limit the number of times the user can cancel authentication attempts with the escape key (without also rate limiting the number of times they can hit escape to go back to the clock without interacting with the prompt). That means there are now two states that represent the user actively undergoing verification: VERIFYING and VERIFICATION_IN_PROGRESS. It's inappropriate to reset the smartcard service if the user is actively conversing with it. We try to check for that by looking at the original verification state, VERIFYING, but we unfortunately, neglect to account for the new VERIFICATION_IN_PROGRESS state. The result is that if a user types their smartcard pin at the clock, and then inserts their smartcard, the pin will get cleared instead of used, and they have to retype it again. This commit fixes the oversight, and allows users to again pre-type their smartcard pin at the clock before inserting their smartcard. Part-of: --- js/gdm/authPrompt.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/js/gdm/authPrompt.js b/js/gdm/authPrompt.js index d8bc2e4b2..ec1c931e6 100644 --- a/js/gdm/authPrompt.js +++ b/js/gdm/authPrompt.js @@ -352,7 +352,8 @@ export const AuthPrompt = GObject.registerClass({ // 2) Don't reset if we've already succeeded at verification and // the user is getting logged in. if (this._userVerifier.serviceIsDefault(GdmUtil.SMARTCARD_SERVICE_NAME) && - this.verificationStatus === AuthPromptStatus.VERIFYING && + (this.verificationStatus === AuthPromptStatus.VERIFYING || + this.verificationStatus === AuthPromptStatus.VERIFICATION_IN_PROGRESS) && this.smartcardDetected) return;