Merge pull request #41 from nevissecurity/feature/NEVISACCESSAPP-5966-…

…add-password-authenticator

NEVISACCESSAPP-5966: added password authenticator with custom policy

Gemfile

@@ -3,4 +3,4 @@ source 'https://rubygems.org'
 # You may use http://rbenv.org/ or https://rvm.io/ to install and use this version
 ruby ">= 2.6.10"
 
-gem 'cocoapods', '~> 1.14'
+gem 'cocoapods', '~> 1.15.2'

Gemfile.lock

@@ -1,26 +1,35 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    CFPropertyList (3.0.6)
+    CFPropertyList (3.0.7)
+      base64
+      nkf
       rexml
-    activesupport (7.0.8)
+    activesupport (7.1.3.4)
+      base64
+      bigdecimal
       concurrent-ruby (~> 1.0, >= 1.0.2)
+      connection_pool (>= 2.2.5)
+      drb
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
+      mutex_m
       tzinfo (~> 2.0)
-    addressable (2.8.5)
-      public_suffix (>= 2.0.2, < 6.0)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
     algoliasearch (1.27.5)
       httpclient (~> 2.8, >= 2.8.3)
       json (>= 1.5.1)
     atomos (0.1.3)
+    base64 (0.2.0)
+    bigdecimal (3.1.8)
     claide (1.1.0)
-    cocoapods (1.14.2)
+    cocoapods (1.15.2)
       addressable (~> 2.8)
       claide (>= 1.0.2, < 2.0)
-      cocoapods-core (= 1.14.2)
+      cocoapods-core (= 1.15.2)
       cocoapods-deintegrate (>= 1.0.3, < 2.0)
-      cocoapods-downloader (>= 2.0)
+      cocoapods-downloader (>= 2.1, < 3.0)
       cocoapods-plugins (>= 1.0.0, < 2.0)
       cocoapods-search (>= 1.0.0, < 2.0)
       cocoapods-trunk (>= 1.6.0, < 2.0)
@@ -33,7 +42,7 @@ GEM
       nap (~> 1.0)
       ruby-macho (>= 2.3.0, < 3.0)
       xcodeproj (>= 1.23.0, < 2.0)
-    cocoapods-core (1.14.2)
+    cocoapods-core (1.15.2)
       activesupport (>= 5.0, < 8)
       addressable (~> 2.8)
       algoliasearch (~> 1.0)
@@ -44,7 +53,7 @@ GEM
       public_suffix (~> 4.0)
       typhoeus (~> 1.0)
     cocoapods-deintegrate (1.0.5)
-    cocoapods-downloader (2.0)
+    cocoapods-downloader (2.1)
     cocoapods-plugins (1.0.0)
       nap
     cocoapods-search (1.0.1)
@@ -53,31 +62,39 @@ GEM
       netrc (~> 0.11)
     cocoapods-try (1.2.0)
     colored2 (3.1.2)
-    concurrent-ruby (1.2.2)
+    concurrent-ruby (1.3.3)
+    connection_pool (2.4.1)
+    drb (2.2.1)
     escape (0.0.4)
     ethon (0.16.0)
       ffi (>= 1.15.0)
-    ffi (1.16.2)
+    ffi (1.17.0)
+    ffi (1.17.0-arm64-darwin)
+    ffi (1.17.0-x86_64-darwin)
     fourflusher (2.3.1)
     fuzzy_match (2.0.4)
     gh_inspector (1.1.3)
     httpclient (2.8.3)
-    i18n (1.14.1)
+    i18n (1.14.5)
       concurrent-ruby (~> 1.0)
-    json (2.6.3)
-    minitest (5.20.0)
+    json (2.7.2)
+    minitest (5.24.1)
     molinillo (0.8.0)
+    mutex_m (0.2.0)
     nanaimo (0.3.0)
     nap (1.1.0)
     netrc (0.11.0)
+    nkf (0.2.0)
     public_suffix (4.0.7)
-    rexml (3.2.6)
+    rexml (3.2.9)
+      strscan
     ruby-macho (2.5.1)
-    typhoeus (1.4.0)
+    strscan (3.1.0)
+    typhoeus (1.4.1)
       ethon (>= 0.9.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    xcodeproj (1.23.0)
+    xcodeproj (1.24.0)
       CFPropertyList (>= 2.3.3, < 4.0)
       atomos (~> 0.1.3)
       claide (>= 1.0.2, < 2.0)
@@ -87,12 +104,17 @@ GEM
 
 PLATFORMS
   ruby
+  arm64-darwin-21
+  arm64-darwin-22
+  arm64-darwin-23
+  x86_64-darwin-21
+  x86_64-darwin-22
 
 DEPENDENCIES
-  cocoapods (~> 1.14)
+  cocoapods (~> 1.15.2)
 
 RUBY VERSION
-   ruby 3.2.2p53
+   ruby 3.1.2p20
 
 BUNDLED WITH
-   2.3.26
+   2.5.15

android/app/build.gradle

@@ -88,7 +88,7 @@ android {
 
 dependencies {
     //noinspection GradleDynamicVersion
-    debugImplementation 'ch.nevis:nevis-mobile-authentication-sdk-android-debug:3.6.+'
+    debugImplementation 'ch.nevis:nevis-mobile-authentication-sdk-android-debug:3.7.+'
 
     // The version of react-native is set by the React Native Gradle Plugin
     implementation("com.facebook.react:react-android")

ios/Podfile

@@ -36,8 +36,8 @@ if linkage != nil
 end
 
 target 'nevis_mobile_authentication_sdk_example_app_react' do
-	pod 'NevisMobileAuthentication-Debug', '~> 3.6.0', :configurations => ['Debug']
-	pod 'NevisMobileAuthentication', '~> 3.6.0', :configurations => ['Release']
+	pod 'NevisMobileAuthentication-Debug', '~> 3.7.0', :configurations => ['Debug']
+	pod 'NevisMobileAuthentication', '~> 3.7.0', :configurations => ['Release']
 
   config = use_native_modules!
 

ios/Podfile.lock

@@ -74,11 +74,11 @@ PODS:
     - hermes-engine/Pre-built (= 0.72.14)
   - hermes-engine/Pre-built (0.72.14)
   - libevent (2.1.12)
-  - NevisMobileAuthentication (3.6.9)
-  - NevisMobileAuthentication-Debug (3.6.9)
-  - NevisMobileAuthenticationSdkReact (3.6.1):
-    - NevisMobileAuthentication (~> 3.6.0)
-    - NevisMobileAuthentication-Debug (~> 3.6.0)
+  - NevisMobileAuthentication (3.7.0)
+  - NevisMobileAuthentication-Debug (3.7.0)
+  - NevisMobileAuthenticationSdkReact (3.7.0):
+    - NevisMobileAuthentication (~> 3.7.0)
+    - NevisMobileAuthentication-Debug (~> 3.7.0)
     - RCT-Folly (= 2021.07.22.00)
     - React-Core
   - OpenSSL-Universal (1.1.1100)
@@ -538,8 +538,8 @@ DEPENDENCIES:
   - glog (from `../node_modules/react-native/third-party-podspecs/glog.podspec`)
   - hermes-engine (from `../node_modules/react-native/sdks/hermes-engine/hermes-engine.podspec`)
   - libevent (~> 2.1.12)
-  - NevisMobileAuthentication (~> 3.6.0)
-  - NevisMobileAuthentication-Debug (~> 3.6.0)
+  - NevisMobileAuthentication (~> 3.7.0)
+  - NevisMobileAuthentication-Debug (~> 3.7.0)
   - "NevisMobileAuthenticationSdkReact (from `../node_modules/@nevis-security/nevis-mobile-authentication-sdk-react`)"
   - OpenSSL-Universal (= 1.1.1100)
   - RCT-Folly (from `../node_modules/react-native/third-party-podspecs/RCT-Folly.podspec`)
@@ -712,9 +712,9 @@ SPEC CHECKSUMS:
   glog: 04b94705f318337d7ead9e6d17c019bd9b1f6b1b
   hermes-engine: b213bace5f31766ad1434d2d9b2cbf04cf92a2b6
   libevent: 4049cae6c81cdb3654a443be001fb9bdceff7913
-  NevisMobileAuthentication: a2b2d76b9a3e286a15461b7fc32b67288ec66bd9
-  NevisMobileAuthentication-Debug: 1ec32fbcd0955d48033dfe7ec34048e8fbe6cee6
-  NevisMobileAuthenticationSdkReact: 39b68748f477b68f6aaff83a05f22e1bfc6d6edf
+  NevisMobileAuthentication: 0b4094d60be9ba4b5a298a29b6f5ee33b5405a83
+  NevisMobileAuthentication-Debug: e458515add04dc3fe7cda6e18a352c96d237180e
+  NevisMobileAuthenticationSdkReact: a3da6c2c258f564018ac59dd74e2e27115f7f53d
   OpenSSL-Universal: ebc357f1e6bc71fa463ccb2fe676756aff50e88c
   RCT-Folly: 424b8c9a7a0b9ab2886ffe9c3b041ef628fd4fb1
   RCTRequired: 264adaca1d8b1a9c078761891898d4142df05313
@@ -757,6 +757,6 @@ SPEC CHECKSUMS:
   Yoga: c32e0be1a17f8f1f0e633a3122f7666441f52c82
   YogaKit: f782866e155069a2cca2517aafea43200b01fd5a
 
-PODFILE CHECKSUM: 87de3e2db7db10509f72796562d772711bd03078
+PODFILE CHECKSUM: 934fc3ca38948c3e617365c42be5c1796b1cb151
 
 COCOAPODS: 1.15.2

ios/nevis_mobile_authentication_sdk_example_app_react/Info.plist

@@ -2,8 +2,6 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
-	<key>ITSAppUsesNonExemptEncryption</key>
-	<false/>
 	<key>CFBundleDevelopmentRegion</key>
 	<string>en</string>
 	<key>CFBundleDisplayName</key>
@@ -35,6 +33,8 @@
 	</array>
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
+	<key>ITSAppUsesNonExemptEncryption</key>
+	<false/>
 	<key>LSRequiresIPhoneOS</key>
 	<true/>
 	<key>NSAppTransportSecurity</key>

package.json

@@ -20,7 +20,7 @@
 		"fix-dependencies": "rnx-align-deps --diff-mode allow-subset --write"
 	},
 	"dependencies": {
-		"@nevis-security/nevis-mobile-authentication-sdk-react": "3.6.1",
+		"@nevis-security/nevis-mobile-authentication-sdk-react": "3.7.0",
 		"@react-native-community/hooks": "3.0.0",
 		"@react-navigation/native": "6.1.10",
 		"@react-navigation/native-stack": "6.9.18",

src/App.tsx

@@ -11,6 +11,7 @@ import AuthCloudApiRegistrationScreen from './screens/AuthCloudApiRegistrationSc
 import ConfirmationScreen from './screens/ConfirmationScreen';
 import DeviceInformationChangeScreen from './screens/DeviceInformationChangeScreen';
 import HomeScreen from './screens/HomeScreen';
+import PasswordScreen from './screens/PasswordScreen';
 import PinScreen from './screens/PinScreen';
 import ReadQrCodeScreen from './screens/ReadQrCodeScreen';
 import ResultScreen from './screens/ResultScreen';
@@ -49,6 +50,7 @@ export default function App() {
 						component={SelectAuthenticatorScreen}
 					/>
 					<RootStack.Screen name="Pin" component={PinScreen} />
+					<RootStack.Screen name="Password" component={PasswordScreen} />
 					<RootStack.Screen
 						name="DeviceInformationChange"
 						component={DeviceInformationChangeScreen}

src/components/InputField.tsx

@@ -11,10 +11,12 @@ function InputField({
 	placeholder,
 	onChangeText,
 	keyboardType,
+	secureTextEntry,
 }: {
-	placeholder: string;
-	onChangeText: (text: string) => void;
-	keyboardType?: KeyboardTypeOptions;
+	readonly placeholder: string;
+	readonly onChangeText: (text: string) => void;
+	readonly keyboardType?: KeyboardTypeOptions;
+	readonly secureTextEntry?: boolean;
 }) {
 	const colorScheme = useColorScheme();
 	const styles = colorScheme === 'dark' ? darkStyle : lightStyle;
@@ -23,9 +25,10 @@ function InputField({
 		<TextInput
 			style={[styles.input, styles.inputField]}
 			autoCorrect={false}
-			keyboardType={keyboardType || 'default'}
+			keyboardType={keyboardType ?? 'default'}
 			onChangeText={onChangeText}
 			placeholder={placeholder}
+			secureTextEntry={secureTextEntry}
 			placeholderTextColor={placeholderTextColor}
 		/>
 	);

src/error/AppError.ts

@@ -77,6 +77,16 @@ export class AppErrorPinAuthenticatorNotFound extends AppError {
 	}
 }
 
+export class AppErrorPasswordAuthenticatorNotFound extends AppError {
+	description: string = i18next.t('appError.passwordAuthenticatorNotFound');
+	cause?: string;
+
+	constructor(cause?: string) {
+		super();
+		this.cause = cause;
+	}
+}
+
 export class AppErrorDeviceInformationNotFound extends AppError {
 	description: string = i18next.t('appError.deviceInformationNotFound');
 	cause?: string;

src/i18n/en/translation.json

@@ -8,6 +8,7 @@
 		"deregister": "Deregister",
 		"deviceInformationChange": "Change Device Information",
 		"pinChange": "PIN Change",
+		"passwordChange": "Password Change",
 		"deleteAuthenticators": "Delete Authenticators",
 		"inBandRegister": "In-Band Register",
 		"identitySuiteOnly": "Identity Suite only"
@@ -53,6 +54,26 @@
 		"pinProtectionStatusDescriptionLocked": "Authenticator is locked.",
 		"pinProtectionStatusDescriptionUnlocked": "Authenticator is unlocked. You have {{remainingRetries}} try left.\nPlease retry in {{coolDown}} seconds."
 	},
+	"password": {
+		"enrollment": {
+			"title": "Create password",
+			"description": "Please define a password."
+		},
+		"verification": {
+			"title": "Verify password",
+			"description": "Please enter your password to complete the process."
+		},
+		"change": {
+			"title": "Change password",
+			"description": "Please define a password."
+		},
+		"placeholder": {
+			"password": "Enter password",
+			"oldPassword": "Enter old password"
+		},
+		"passwordProtectionStatusDescriptionLocked": "Authenticator is locked.",
+		"passwordProtectionStatusDescriptionUnlocked": "Authenticator is unlocked. You have {{remainingRetries}} try left.\nPlease retry in {{coolDown}} seconds."
+	},
 	"transactionConfirmation": {
 		"title": "Transaction Confirmation"
 	},
@@ -91,7 +112,8 @@
 			"faceID": "Face ID",
 			"devicePasscode": "Device Passcode",
 			"fingerprint": "Fingerprint",
-			"touchID": "Touch ID"
+			"touchID": "Touch ID",
+			"password": "Password"
 		},
 		"notPolicyCompliant": "This authentication method cannot be used with your application",
 		"notEnrolled": "Before using the authenticator, enroll it in the phone System Settings"
@@ -105,6 +127,7 @@
 		"deviceInformationChange": "Device Information Change",
 		"payloadDecode": "OOB Payload Decode",
 		"pinChange": "PIN Change",
+		"passwordChange": "Password Change",
 		"localData": "Local Data",
 		"unknown": "Operation",
 		"success": {

src/model/AuthenticatorItem.ts

@@ -16,7 +16,10 @@ export class AuthenticatorItem {
 		this.isPolicyCompliant = isPolicyCompliant;
 		this.isUserEnrolled = isUserEnrolled;
 		this.isEnabled =
-			isPolicyCompliant && (authenticator.aaid === Aaid.PIN.rawValue() || isUserEnrolled);
+			isPolicyCompliant &&
+			(authenticator.aaid === Aaid.PIN.rawValue() ||
+				authenticator.aaid === Aaid.PASSWORD.rawValue() ||
+				isUserEnrolled);
 	}
 }
 

src/model/OperationType.ts

@@ -13,6 +13,7 @@ export enum OperationType {
 	deviceInformationChange,
 	payloadDecode,
 	pinChange,
+	passwordChange,
 	localData,
 	unknown,
 }
@@ -36,6 +37,8 @@ export class OperationTypeUtils {
 				return i18next.t('operation.payloadDecode');
 			case OperationType.pinChange:
 				return i18next.t('operation.pinChange');
+			case OperationType.passwordChange:
+				return i18next.t('operation.passwordChange');
 			case OperationType.localData:
 				return i18next.t('operation.localData');
 			case OperationType.unknown:

src/model/PasswordMode.ts

@@ -0,0 +1,9 @@
+/**
+ * Copyright © 2024 Nevis Security AG. All rights reserved.
+ */
+
+export enum PasswordMode {
+	enrollment,
+	verification,
+	credentialChange,
+}