-
Notifications
You must be signed in to change notification settings - Fork 741
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable 'Enable biometrics' option if there are not biometric authenticators enrolled. #6714
Disable 'Enable biometrics' option if there are not biometric authenticators enrolled. #6714
Conversation
…icators enrolled.
@@ -59,7 +59,7 @@ class LockScreenFragment : VectorBaseFragment<FragmentLockScreenBinding>() { | |||
if (state.lockScreenConfiguration.mode == LockScreenMode.CREATE) return@withState | |||
|
|||
viewLifecycleOwner.lifecycleScope.launchWhenResumed { | |||
if (state.isBiometricKeyInvalidated) { | |||
if (state.canUseBiometricAuth && state.isBiometricKeyInvalidated) { | |||
lockScreenListener?.onBiometricKeyInvalidated() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
out of interest, what happens in this onBiometricKeyInvalidated
flow?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are 2 points where the state. isBiometricKeyInvalidated
can change and trigger this code:
LockScreenViewModel.showBiometricPrompt
, this will callBiometricHelper.authenticate
that will fail before showing any UI if the system key is not valid and instead it:
- Catches any exceptions.
- Posts a
LockScreenViewEvent.AuthError
to handle it in the UI. - If the error was an instance of
KeyPermanentlyInvalidatedException
, it will callremoveBiometricAuthentication()
which will disable the 'biometric enabled' option, delete the broken system key and update the current state to display an alert saying that the key has just been invalidated.
LockScreenViewModel.updateStateWithBiometricInfo
is automatically called when theLockScreenConfiguration
changes:
- It calls
biometricHelper.isSystemKeyValid
. - This will reach
KeyStoreCrypto.hasValidKey()
, which tries to retrieve the current system key and either return true or catch bothKeyPermanentlyInvalidatedException
andUserNotAuthenticatedException
, which are thrown when the internalCipher.init
fails, and return false. state.isBiometricKeyInvalidated
will be updated with this returned value and used to display the same alert as in the case above.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for explaining 👍
|
||
runCatching { keyStoreCrypto.ensureKey() } | ||
val userNotAuthenticatedException = UserNotAuthenticatedException() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for adding the test case 💯
override fun onResume() { | ||
super.onResume() | ||
|
||
useBiometricPref.isEnabled = usePinCodePref.isChecked | ||
useBiometricPref.isChecked = shouldCheckBiometricPref(usePinCodePref.isChecked) | ||
useBiometricPref.isEnabled = shouldEnableBiometricPref(isPinCodeChecked = usePinCodePref.isChecked) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you think it's worth extracting the useBiometricPref.isEnabled and useBiometricPref.isChecked
setting to a reusable function?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍 minor extraction comment, will leave up to you!
SonarCloud Quality Gate failed. |
Type of change
Content
Fixes #6713 .
Motivation and context
Enabling biometric auth in the app is not restricted to users who have biometric authenticators enrolled in the device. This caused
UserNotAuthenticatedException
crashes for users who enabled this option without having those authenticators.Screenshots / GIFs
Tests
Note: I had some issues while testing this on emulators, it seems like an emulator bug. Having several fingerprints enrolled and enabling biometrics in the app caused the same
UserNotAuthenticatedException
crash mentioned above. Apparently,BiometricManager
detects the valid authenticators butBiometricPrompt
doesn't.Tested devices
Checklist