For #18264: add biometric prompt to credit card settings #19505
For #18264: add biometric prompt to credit card settings #19505
Conversation
ae9a184
to
700f429
Compare
700f429
to
e0b3df0
Compare
Codecov Report
@@ Coverage Diff @@
## master #19505 +/- ##
============================================
- Coverage 35.52% 35.41% -0.12%
+ Complexity 1649 1648 -1
============================================
Files 544 545 +1
Lines 21949 22022 +73
Branches 3252 3260 +8
============================================
Hits 7798 7798
- Misses 13254 13325 +71
- Partials 897 899 +2
Continue to review full report at Codecov.
|
a82bd08
to
e65b0bf
Compare
This pull request has conflicts when rebasing. Could you fix it @eliserichards? 🙏 |
e65b0bf
to
299ab14
Compare
app/src/main/java/org/mozilla/fenix/settings/creditcards/CreditCardEditorFragment.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/org/mozilla/fenix/settings/creditcards/CreditCardsManagementFragment.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/org/mozilla/fenix/settings/creditcards/CreditCardsManagementFragment.kt
Show resolved
Hide resolved
app/src/main/java/org/mozilla/fenix/settings/creditcards/CreditCardsSettingFragment.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/org/mozilla/fenix/settings/biometric/BiometricPromptPreferenceFragment.kt
Show resolved
Hide resolved
app/src/main/java/org/mozilla/fenix/settings/creditcards/CreditCardsManagementFragment.kt
Show resolved
Hide resolved
app/src/main/java/org/mozilla/fenix/settings/creditcards/CreditCardsSettingFragment.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/org/mozilla/fenix/settings/biometric/BiometricPromptFeature.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/org/mozilla/fenix/settings/biometric/BiometricPromptPreferenceFragment.kt
Show resolved
Hide resolved
app/src/main/java/org/mozilla/fenix/settings/creditcards/CreditCardEditorFragment.kt
Show resolved
Hide resolved
app/src/main/java/org/mozilla/fenix/settings/creditcards/CreditCardEditorFragment.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/org/mozilla/fenix/settings/creditcards/CreditCardsSettingFragment.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/org/mozilla/fenix/settings/creditcards/CreditCardsSettingFragment.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/org/mozilla/fenix/settings/creditcards/CreditCardsSettingFragment.kt
Show resolved
Hide resolved
CreditCardsSettingFragmentDirections | ||
.actionCreditCardsSettingFragmentToCreditCardsManagementFragment() | ||
findNavController().navigateBlockingForAsyncNavGraph(directions) | ||
verifyCredentialsOrShowSetupWarning(preference.context, creditCardPreferences) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a little drive-by comment, but I figured I'll chime in...
There's no reason to require authentication to display a list of cards, or even to open a specific card. Sensitive information (card number) should not be displayed right away. We can't actually display it - it's encrypted! So, that's what I imagined would be guarded by an auth prompt - the action to display a specific credit card number.
To put it in other words - there's a cryptographic key that we need to fetch in order to decrypt or encrypt sensitive information related to a credit card number. The act of obtaining a key, while not technically necessary, should be protected by some authentication mechanism (e.g. a biometrics prompt).
What I think is happening in this PR is more akin to how we're treating logins currently. That's not wrong, of course. However, even for logins we'll be soon switching to a per-field authentication model (vs per-db, as it is currently), which would mean that only username/password fields will be encrypted, while the rest will be in plaintext. That'll allow us to follow the same pattern for both credit cards and logins at the product UX level (e.g. require auth only when accessing sensitive information).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the context! We should probably check in with UX on this because AFAIK this is the user authentication flow that they want (for now)
This pull request has conflicts when rebasing. Could you fix it @eliserichards? 🙏 |
app/src/main/java/org/mozilla/fenix/settings/creditcards/CreditCardsSettingFragment.kt
Show resolved
Hide resolved
669db86
to
b59780b
Compare
b59780b
to
e8631e8
Compare
This pull request has conflicts when rebasing. Could you fix it @eliserichards? 🙏 |
Confirmed with @topotropic that we should be securing CCs the same way we secure logins, pending discussion with Grisha and GL. |
e8631e8
to
4db61e2
Compare
Cleanup Rename biometric prompt helper to BiometricPromptPreferenceFragment. Add authentication for eeditor fragment. Add newline between unrelated strings Cleanup nits Remove secure flags now that we are using the secure fragment Move navigation inline for cc settings fragment. Improve kdocs in biometric prompt pref fragment. Improve function name for toggling prefs. Make fragment redirect to reauth generic for logins and cc. Increment security warning when we show pin on credit card settings
4db61e2
to
7889a73
Compare
app/src/main/java/org/mozilla/fenix/settings/biometric/BiometricPromptPreferenceFragment.kt
Show resolved
Hide resolved
app/src/main/java/org/mozilla/fenix/settings/creditcards/CreditCardsSettingFragment.kt
Show resolved
Hide resolved
Seeing this in the failure
|
|
@@ -69,8 +103,11 @@ class CreditCardsSettingFragment : PreferenceFragmentCompat() { | |||
override fun onViewCreated(view: View, savedInstanceState: Bundle?) { | |||
super.onViewCreated(view, savedInstanceState) | |||
consumeFrom(creditCardsStore) { state -> | |||
updateCardManagementPreference(state.creditCards.isNotEmpty(), findNavController()) | |||
hasCreditCards = state.creditCards.isNotEmpty() | |||
updateCardManagementPreference(state.creditCards.isNotEmpty()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I always get this comment whenever I did this, but it seems fair that I would repeat my learning that hasCreditCarrds
can be used here
} | ||
|
||
/** | ||
* Updates preferences visibility depending on credit cards being already saved or not. | ||
*/ | ||
@VisibleForTesting | ||
internal fun updateCardManagementPreference( | ||
hasCreditCards: Boolean, | ||
navController: NavController |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think passing the navController
was intentional here looking at the CI error.
java.lang.IllegalStateException: Fragment CreditCardsSettingFragment{3765b2a8} (1aeee736-e127-4a19-a7a2-770054a54a3b) CreditCardsSettingFragmentTest} does not have a NavController set
at androidx.navigation.fragment.NavHostFragment.findNavController(NavHostFragment.java:131)
at androidx.navigation.fragment.FragmentKt.findNavController(Fragment.kt:29)
at org.mozilla.fenix.settings.creditcards.CreditCardsSettingFragment$updateCardManagementPreference$1.onPreferenceClick(CreditCardsSettingFragment.kt:171)
at androidx.preference.Preference.performClick(Preference.java:1184)
at org.mozilla.fenix.settings.creditcards.CreditCardsSettingFragmentTest.GIVEN the list of credit cards is empty, WHEN fragment is displayed THEN the manage credit cards pref is 'Add card'(CreditCardsSettingFragmentTest.kt:99)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.robolectric.RobolectricTestRunner$HelperTestRunner$1.evaluate(RobolectricTestRunner.java:546)
at org.robolectric.internal.SandboxTestRunner$2.lambda$evaluate$0(SandboxTestRunner.java:252)
at org.robolectric.internal.bytecode.Sandbox.lambda$runOnMainThread$0(Sandbox.java:89)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
|
||
private lateinit var creditCardsStore: CreditCardsFragmentStore | ||
private var hasCreditCards: Boolean = false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one is a bit weird since we have a variable here, but I don't think this is ever being used since we are always passing this into updateCardManagementPreference
.
Fixes #18264
Followup to use prompt helper in logins auth fragment: #19547
In this PR:
BiometricPromptPreferenceFragment.kt
to be used with CC, addresses (future), and logins (Use BiometricPromptPreferenceFragment for saved logins #19547)Screenshots
secure on pause
Whenever the app is paused (backgrounded, etc) after we authenticate, we shouldn't be able to see what's on the screen. This is the same functionality as logins.
authenticate to see cards
When navigating to the list of credit cards from settings, we prompt the user to authenticate (or prompt them to make a device pin/password if they don't have one)
reauth on pause - list of cards
If we have authenticated and see the list of credit cards, if the user pauses the app we pop them back to the CC settings so they have to reauth to see the list again.
reauth on pause - editing card
If we are in the credit card editor, if the user pauses the app we pop them back to the CC settings so they have to reauth to see the cards again.
Pull Request checklist
To download an APK when reviewing a PR: