From 7cafaf57886b78b74d1c4212b924779a5ef9f668 Mon Sep 17 00:00:00 2001
From: Corentin Mors <corentin@dashlane.com>
Date: Tue, 19 Mar 2024 10:20:50 +0100
Subject: [PATCH] Prevent API call non-interactive device login (#225)

The call to `Get2FAStatusUnauthenticated` has a very strong rate limit
and was called for non-interactive device, which was unnecessary.
---
 src/modules/crypto/keychainManager.ts | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/modules/crypto/keychainManager.ts b/src/modules/crypto/keychainManager.ts
index e61a4956..0f9ec953 100644
--- a/src/modules/crypto/keychainManager.ts
+++ b/src/modules/crypto/keychainManager.ts
@@ -104,7 +104,8 @@ const getLocalConfigurationWithoutDB = async (
           });
 
     // Get the authentication type (mainly to identify if the user is with OTP2)
-    const { type } = await get2FAStatusUnauthenticated({ login });
+    // if non-interactive device, we consider it as email_token, so we don't need to call the API
+    const { type } = deviceCredentials ? { type: 'email_token' } : await get2FAStatusUnauthenticated({ login });
 
     let masterPassword = '';
     const masterPasswordEnv = process.env.DASHLANE_MASTER_PASSWORD;
@@ -114,10 +115,8 @@ const getLocalConfigurationWithoutDB = async (
     // In case of SSO
     if (isSSO) {
         masterPassword = decryptSsoRemoteKey({ ssoServerKey, ssoSpKey, remoteKeys });
-    } else if (masterPasswordEnv) {
-        masterPassword = masterPasswordEnv;
     } else {
-        masterPassword = await askMasterPassword();
+        masterPassword = masterPasswordEnv ?? (await askMasterPassword());
 
         // In case of OTP2
         if (type === 'totp_login' && serverKey) {