Added lock on idle and made lock on system lock work with timed locks

[ajayyy]

Lock on idle will lock when the timer is up and the browser is idle.

Resolves https://community.bitwarden.com/t/on-system-idle-lock-option/33/8

Requires https://github.com/bitwarden/jslib/pull/78

[kspearrin]

Hey, thanks for the PR. What about the idle and system lock options that already exist under the lock options dropdown? It seems that you are attempting to break this out from the standard "timeout" lock options, but we have duplicates now with cases that step on one another.

[ajayyy]

I don't think there is another idle option right now. As for the lock option, I thought I would keep it to ensure people who already have that set won't get their settings reset.

[CLAassistant]

All committers have signed the CLA.

[customer2020]

I too have issues with the Bitwarden app not locking after set amount of time. I can come back to my PC (which locks) the next day and Bitwarden is still not locked. (Doesn't always do this, don't know why). This seems to be more prevalent when set to 15 or 30 minutes than set to 5 minutes. I do not use the side bar. My side bar shows bookmarks not the Bitwarden menu. I'm using Firefox Add on. Firefox 74.0.

I do not see the options shown above "Lock after idle" and "Lock on System Lock".

I did sign up as a premium member.

Thanks.

[ajayyy]

@customer2020 They have not merged my pull request. None of my PRs have been merged yet, so if you want those features, you must follow the steps here: https://github.com/ajayyy/browser#bitwarden-browser-extension-fork-by-ajay

[customer2020]

@ajayyy Thank you!

[straygecko]

I am unable to build and test this but it appears looking at the code and API doc that if the browser is closed before the idle period is up then when the browser is restarted the user will not need to log in even if it has been longer than the idle period.

[ajayyy]

@straygecko This shouldn't happen since I think the data is only stored in RAM.

I've been using this since I made this PR on my main browser and it always locks when I close the browser.

[straygecko]

@ajayyy Ahh, I see. I just started looking at Bitwarden and I didn't realize it always locks on browser restart.

[ajayyy]

Any update on this being merged?

[mpfaff]

I'd really like this to be merged. I have the sidebar open 24/7 for convenience, and not having it auto-lock is a huge security issue.

[ajayyy]

Since this my PRs are not going to be merged soon, I will be maintaining a separate fork with these changes.

I've been using this on my personal fork since I made this PR and it has been working well.

https://github.com/ajayyy/browser/releases/

[daviddem1971]

Any news about merging this? I am on Windows 10, Firefox 83 and the vault doesn't time out if the sidebar is left open. I would prefer if there was an option to time out even if the sidebar is open.

[ajayyy]

I just updated my fork with the latest bitwarden version since it seems they don't want to merge my stuff :(

https://github.com/ajayyy/browser/releases/tag/1.47.1

[FireController1847]

I just found this PR whilst searching for why the "On System Lock" option does not perform as expected — it seems as though this PR would have fixed this. Unfortunate to see such a good request having been lost to time. I wonder if it would be possible to come back to this at some point or find some other solution?

[ajayyy]

This PR does work, I use it on my fork. If Bitwarden is interested in merging it upstream, I can update this PR

[andreapx]

@ajayyy @kspearrin what's blocking this from being merged?

[dbosompem]

Hey y'all, apologies this PR has not had some attention for a while. I am happy to pick this up and oversee it's merge. I am going to add this to our internal tracking board and we'd definitely review this and get back with any concerns we may have.

[ajayyy]

Awesome, let me know if you have any questions

[dbosompem]

Hi @ajayyy, we have done an initial overview, and we would be glad if you could create a new PR/update this PR to fix all conflicts before we can do a thorough review. A lot has changed since your initial PR, example more vault timeout options, account switching and the move to the mono-repo(looks like this PR is dependent on one PR which is in our archived repository).

[github-actions[bot]]

We can’t merge your pull request until you make the changes we’ve requested. As we haven’t heard from you recently, this pull request will be closed.

If you’re still working on this, please respond here after you’ve made the changes we’ve requested and our team will re-open it for further review.

Please make sure to resolve any conflicts with the master branch before requesting another review.

[monholm]

We just started our enterprise trial period and quite quickly stumbled upon this limitation. We've been through two password managers that both supported locking the user out, based upon system idle time.

We might have been able to accept the limitation if the client would at least lock when the systen turns into a locked state, but it seems like bitwarden doesn't inercept this event (e.g. you can lock and unlock the macOS system and the bitwarden client will remain unlocked).

Any change the bitwarden team will prioritize this change, even though it's made by 3. party contributor?

[ajayyy]

I've realized that this does not work on Firefox, so I'm not sure if it's a good idea to merge to upstream.