Skip to content

Commit

Permalink
[FR-485] Add support for custom LAPolicy when evaluating biometry aut…
Browse files Browse the repository at this point in the history 
…hentication (#486)
  • Loading branch information
@krodak
krodak committed Jul 14, 2021
1 parent d45b465 commit 0098b6d
Show file tree
Hide file tree
Showing 4 changed files with 35 additions and 10 deletions.
8 changes: 5 additions & 3 deletions Auth0/BioAuthentication.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import LocalAuthentication
struct BioAuthentication {

private let authContext: LAContext
private let evaluationPolicy: LAPolicy

let title: String
var fallbackTitle: String? {
Expand All @@ -42,19 +43,20 @@ struct BioAuthentication {

@available(iOS 9.0, macOS 10.15, *)
var available: Bool {
return self.authContext.canEvaluatePolicy(LAPolicy.deviceOwnerAuthenticationWithBiometrics, error: nil)
return self.authContext.canEvaluatePolicy(evaluationPolicy, error: nil)
}

init(authContext: LAContext, title: String, cancelTitle: String? = nil, fallbackTitle: String? = nil) {
init(authContext: LAContext, evaluationPolicy: LAPolicy, title: String, cancelTitle: String? = nil, fallbackTitle: String? = nil) {
self.authContext = authContext
self.evaluationPolicy = evaluationPolicy
self.title = title
if #available(iOS 10.0, macOS 10.15, *) { self.cancelTitle = cancelTitle }
self.fallbackTitle = fallbackTitle
}

@available(iOS 9.0, macOS 10.15, *)
func validateBiometric(callback: @escaping (Error?) -> Void) {
self.authContext.evaluatePolicy(LAPolicy.deviceOwnerAuthenticationWithBiometrics, localizedReason: self.title) {
self.authContext.evaluatePolicy(evaluationPolicy, localizedReason: self.title) {
guard $1 == nil else { return callback($1) }
callback($0 ? nil : LAError(LAError.authenticationFailed))
}
Expand Down
9 changes: 6 additions & 3 deletions Auth0/CredentialsManager.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,20 +71,23 @@ public struct CredentialsManager {
/// - fallbackTitle: fallback message to display in TouchID prompt after a failed match
#if WEB_AUTH_PLATFORM
@available(*, deprecated, message: "see enableBiometrics(withTitle title:, cancelTitle:, fallbackTitle:)")
@available(iOS 9.0, macOS 10.15, *)
public mutating func enableTouchAuth(withTitle title: String, cancelTitle: String? = nil, fallbackTitle: String? = nil) {
self.enableBiometrics(withTitle: title, cancelTitle: cancelTitle, fallbackTitle: fallbackTitle)
}
#endif

#if WEB_AUTH_PLATFORM
/// Enable Biometric Authentication for additional security during credentials retrieval
///
/// - Parameters:
/// - title: main message to display when Touch ID is used
/// - cancelTitle: cancel message to display when Touch ID is used (iOS 10+)
/// - fallbackTitle: fallback message to display when Touch ID is used after a failed match
#if WEB_AUTH_PLATFORM
public mutating func enableBiometrics(withTitle title: String, cancelTitle: String? = nil, fallbackTitle: String? = nil) {
self.bioAuth = BioAuthentication(authContext: LAContext(), title: title, cancelTitle: cancelTitle, fallbackTitle: fallbackTitle)
/// - evaluationPolicy: policy to be used for authentication policy evaluation
@available(iOS 9.0, macOS 10.15, *)
public mutating func enableBiometrics(withTitle title: String, cancelTitle: String? = nil, fallbackTitle: String? = nil, evaluationPolicy: LAPolicy = LAPolicy.deviceOwnerAuthenticationWithBiometrics) {
self.bioAuth = BioAuthentication(authContext: LAContext(), evaluationPolicy: evaluationPolicy, title: title, cancelTitle: cancelTitle, fallbackTitle: fallbackTitle)
}
#endif

Expand Down
22 changes: 18 additions & 4 deletions Auth0Tests/BioAuthenticationSpec.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,13 +31,14 @@ import LocalAuthentication
class BioAuthenticationSpec: QuickSpec {

override func spec() {

var evaluationPolicy: LAPolicy!
var mockContext: MockLAContext!
var bioAuthentication: BioAuthentication!

beforeEach {
evaluationPolicy = .deviceOwnerAuthenticationWithBiometrics
mockContext = MockLAContext()
bioAuthentication = BioAuthentication(authContext: mockContext, title: "Touch Auth")
bioAuthentication = BioAuthentication(authContext: mockContext, evaluationPolicy: evaluationPolicy, title: "Touch Auth")
}

describe("touch availablility") {
Expand All @@ -50,6 +51,11 @@ class BioAuthenticationSpec: QuickSpec {
mockContext.enabled = false
expect(bioAuthentication.available).to(beFalse())
}

it("touch should check passed evaluate policy") {
_ = bioAuthentication.available
expect(mockContext.canEvaluatePolicyReceivedPolicy).to(equal(evaluationPolicy))
}
}

describe("setters") {
Expand Down Expand Up @@ -90,22 +96,30 @@ class BioAuthenticationSpec: QuickSpec {
bioAuthentication.validateBiometric { error = $0 }
expect(error).toEventually(matchError(touchError))
}


it("should evaluate passed policy") {
bioAuthentication.validateBiometric { _ in }
expect(mockContext.evaluatePolicyReceivedPolicy).to(equal(evaluationPolicy))
}
}
}
}

class MockLAContext: LAContext {


var canEvaluatePolicyReceivedPolicy: LAPolicy?
var evaluatePolicyReceivedPolicy: LAPolicy?
var enabled = true
var replySuccess = true
var replyError: Error? = nil

override func canEvaluatePolicy(_ policy: LAPolicy, error: NSErrorPointer) -> Bool {
canEvaluatePolicyReceivedPolicy = policy
return self.enabled
}

override func evaluatePolicy(_ policy: LAPolicy, localizedReason: String, reply: @escaping (Bool, Error?) -> Void) {
evaluatePolicyReceivedPolicy = policy
reply(replySuccess, replyError)
}
}
Expand Down
6 changes: 6 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -337,6 +337,12 @@ You can enable an additional level of user authentication before retrieving cred
credentialsManager.enableBiometrics(withTitle: "Touch to Login")
```

If needed, you are able to specify specific `LAPolicy` to be used - i.e. you might want to support FaceID, but allow fallback to pin code.

```swift
credentialsManager.enableBiometrics(withTitle: "Touch or enter pincode to Login", evaluationPolicy: .deviceOwnerAuthentication)
```

### Native Social Login

#### Sign in With Apple
Expand Down

0 comments on commit 0098b6d

Please sign in to comment.