From 83c6ae33dc11dda16ba4c17b6c6c755cf994450c Mon Sep 17 00:00:00 2001
From: Allan Feldman <6374032+a-feld@users.noreply.github.com>
Date: Mon, 27 Feb 2023 22:53:06 -0500
Subject: [PATCH] Fix security bug which autofilled passwords without
 passcode/faceid auth

The autofill extension currently calls the success callback even if a
passcode/FaceID is not successfully verified.

In the case that the PGP key passphrase is stored, this results in
password decryption without further user interaction.

The fix is to only decrypt passwords upon successful passcode / FaceID
verification.
---
 .../Controllers/PasscodeExtensionDisplay.swift                | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/passAutoFillExtension/Controllers/PasscodeExtensionDisplay.swift b/passAutoFillExtension/Controllers/PasscodeExtensionDisplay.swift
index 8bfa284..bb2f290 100644
--- a/passAutoFillExtension/Controllers/PasscodeExtensionDisplay.swift
+++ b/passAutoFillExtension/Controllers/PasscodeExtensionDisplay.swift
@@ -22,9 +22,7 @@ class PasscodeExtensionDisplay {
             before?()
             passcodeLockVC.successCallback = after
             passcodeLockVC.modalPresentationStyle = .fullScreen
-            sender.parent?.present(passcodeLockVC, animated: false) {
-                after?()
-            }
+            sender.parent?.present(passcodeLockVC, animated: false)
         } else {
             after?()
         }