/
TiIdentityModule.m
280 lines (228 loc) · 9.97 KB
/
TiIdentityModule.m
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
/**
* Ti.Identity
*
* Created by Hans Knoechel
* Copyright (c) 2017-present by Axway. All rights reserved.
*/
#import "TiIdentityModule.h"
#import "TiBase.h"
#import "TiHost.h"
#import "TiUtils.h"
@implementation TiIdentityModule
#pragma mark Internal
- (id)moduleGUID
{
return @"ae6ffc93-6e6e-4251-8373-b0cb263a1662";
}
// This is generated for your module, please do not change it
- (NSString *)moduleId
{
return @"ti.identity";
}
- (NSString *)apiName
{
return @"Ti.Identity";
}
#pragma mark Lifecycle
- (void)startup
{
[super startup];
NSLog(@"[DEBUG] %@ loaded", self);
}
- (id)_initWithPageContext:(id<TiEvaluator>)context
{
if (self = [super _initWithPageContext:context]) {
_authPolicy = LAPolicyDeviceOwnerAuthenticationWithBiometrics;
}
return self;
}
- (LAContext *)authContext
{
if (!_authContext) {
_authContext = [LAContext new];
}
return _authContext;
}
#pragma mark Public API
- (void)setAuthenticationPolicy:(id)value
{
ENSURE_TYPE(value, NSNumber);
_authPolicy = [TiUtils intValue:value def:LAPolicyDeviceOwnerAuthenticationWithBiometrics];
}
- (NSNumber *)biometryType
{
if ([TiUtils isIOSVersionOrGreater:@"11.0"]) {
return @([[self authContext] biometryType]);
} else {
NSLog(@"[ERROR] Ti.Identity.biometryType is only available on iOS 11 and later!");
return NUMINT(-1);
}
}
- (id)authenticationPolicy
{
return NUMINTEGER(_authPolicy ?: LAPolicyDeviceOwnerAuthenticationWithBiometrics);
}
- (NSNumber *)isSupported:(id)unused
{
__block BOOL isSupported = NO;
__weak TiIdentityModule *weakSelf = self;
TiThreadPerformOnMainThread(
^{
TiIdentityModule *strongSelf = weakSelf;
if (strongSelf == nil) {
return;
}
isSupported = [[strongSelf authContext] canEvaluatePolicy:strongSelf->_authPolicy error:nil];
},
YES);
return NUMBOOL(isSupported);
}
- (void)authenticate:(id)args
{
ENSURE_SINGLE_ARG(args, NSDictionary);
NSError *authError = nil;
NSString *reason = [TiUtils stringValue:[args valueForKey:@"reason"]];
NSDictionary *isSupportedDict = [self deviceCanAuthenticate:nil];
KrollCallback *callback = [args valueForKey:@"callback"];
id allowableReuseDuration = [args valueForKey:@"allowableReuseDuration"];
id fallbackTitle = [args valueForKey:@"fallbackTitle"];
id cancelTitle = [args valueForKey:@"cancelTitle"];
BOOL keepAlive = [TiUtils boolValue:@"keepAlive" properties:args def:YES];
__weak TiIdentityModule *weakSelf = self;
if (![callback isKindOfClass:[KrollCallback class]]) {
NSLog(@"[WARN] Ti.Identity: The parameter `callback` in `authenticate` must be a function.");
return;
}
[self replaceValue:callback forKey:@"callback" notification:NO];
// Fail when Touch ID is not supported by the current device
if ([isSupportedDict valueForKey:@"canAuthenticate"] == NUMBOOL(NO)) {
TiThreadPerformOnMainThread(
^{
NSDictionary *event = @{
@"error" : [isSupportedDict valueForKey:@"error"],
@"code" : [isSupportedDict valueForKey:@"code"],
@"success" : NUMBOOL(NO)
};
[self fireCallback:@"callback" withArg:event withSource:self];
},
NO);
return;
}
// Expose failure behavior
if (allowableReuseDuration) {
[[self authContext] setTouchIDAuthenticationAllowableReuseDuration:[TiUtils doubleValue:allowableReuseDuration]];
}
// iOS 10: Expose support for localized titles
if ([TiUtils isIOSVersionOrGreater:@"10.0"]) {
if (fallbackTitle) {
[[self authContext] setLocalizedFallbackTitle:[TiUtils stringValue:fallbackTitle]];
}
if (cancelTitle) {
[[self authContext] setLocalizedCancelTitle:[TiUtils stringValue:cancelTitle]];
}
}
// Display the dialog if the security policy allows it (= device has Touch ID enabled)
if ([[self authContext] canEvaluatePolicy:_authPolicy error:&authError]) {
TiThreadPerformOnMainThread(
^{
TiIdentityModule *strongSelf = weakSelf;
if (strongSelf == nil) {
return;
}
[[strongSelf authContext] evaluatePolicy:strongSelf->_authPolicy
localizedReason:reason
reply:^(BOOL success, NSError *error) {
NSMutableDictionary *event = [NSMutableDictionary dictionary];
if (error != nil) {
[event setValue:[error localizedDescription] forKey:@"error"];
[event setValue:NUMINTEGER([error code]) forKey:@"code"];
}
[event setValue:NUMBOOL(success) forKey:@"success"];
// TIMOB-24489: Use this callback invocation to prevent issues with Kroll-Thread
// and proxies that open another thread (e.g. Ti.Network)
[self fireCallback:@"callback" withArg:event withSource:self];
if (!keepAlive) {
strongSelf->_authContext = nil;
}
}];
},
NO);
return;
}
// Again, make sure the callback function runs on the main thread
TiThreadPerformOnMainThread(
^{
NSMutableDictionary *event = [NSMutableDictionary dictionary];
if (authError != nil) {
[event setValue:[authError localizedDescription] forKey:@"error"];
[event setValue:NUMINTEGER([authError code]) forKey:@"code"];
} else {
[event setValue:@"Can not evaluate Touch ID" forKey:@"error"];
[event setValue:NUMINTEGER(1) forKey:@"code"];
}
[event setValue:NUMBOOL(NO) forKey:@"success"];
[self fireCallback:@"callback" withArg:event withSource:self];
},
NO);
}
- (void)invalidate:(id)unused
{
if (!_authContext) {
NSLog(@"[ERROR] Ti.Identity: Cannot invalidate a Touch ID instance that does not exist. Use 'authenticate' before calling this.");
return;
}
[_authContext invalidate];
_authContext = nil;
}
- (NSDictionary *)deviceCanAuthenticate:(id)unused
{
NSError *authError = nil;
BOOL canAuthenticate = [[self authContext] canEvaluatePolicy:_authPolicy error:&authError];
NSMutableDictionary *result = [NSMutableDictionary dictionaryWithDictionary:@{
@"canAuthenticate" : NUMBOOL(canAuthenticate)
}];
if (authError != nil) {
[result setValue:[TiUtils messageFromError:authError] forKey:@"error"];
[result setValue:NUMINTEGER([authError code]) forKey:@"code"];
}
return result;
}
#pragma mark Constants
MAKE_SYSTEM_PROP_DEPRECATED_REPLACED(ERROR_TOUCH_ID_LOCKOUT, LAErrorBiometryLockout, @"Modules.Identity.ERROR_TOUCH_ID_LOCKOUT", @"10.0.0", @"Modules.Identity.ERROR_BIOMETRY_LOCKOUT");
MAKE_SYSTEM_PROP(ERROR_INVALID_CONTEXT, LAErrorInvalidContext);
MAKE_SYSTEM_PROP(ERROR_APP_CANCELLED, LAErrorAppCancel);
MAKE_SYSTEM_PROP_DEPRECATED_REPLACED(ERROR_TOUCH_ID_NOT_ENROLLED, LAErrorBiometryLockout, @"Modules.Identity.ERROR_BIOMETRY_NOT_ENROLLED", @"10.0.0", @"Modules.Identity.ERROR_BIOMETRY_NOT_ENROLLED");
MAKE_SYSTEM_PROP_DEPRECATED_REPLACED(ERROR_TOUCH_ID_NOT_AVAILABLE, LAErrorBiometryNotAvailable, @"Modules.Identity.ERROR_TOUCH_ID_NOT_AVAILABLE", @"10.0.0", @"Modules.Identity.ERROR_BIOMETRY_NOT_AVAILABLE");
MAKE_SYSTEM_PROP(ERROR_PASSCODE_NOT_SET, LAErrorPasscodeNotSet);
MAKE_SYSTEM_PROP(ERROR_SYSTEM_CANCEL, LAErrorSystemCancel);
MAKE_SYSTEM_PROP(ERROR_USER_FALLBACK, LAErrorUserFallback);
MAKE_SYSTEM_PROP(ERROR_USER_CANCEL, LAErrorUserCancel);
MAKE_SYSTEM_PROP(ERROR_AUTHENTICATION_FAILED, LAErrorAuthenticationFailed);
MAKE_SYSTEM_PROP(ERROR_BIOMETRY_NOT_AVAILABLE, LAErrorBiometryNotAvailable);
MAKE_SYSTEM_PROP(ERROR_BIOMETRY_NOT_ENROLLED, LAErrorBiometryNotEnrolled);
MAKE_SYSTEM_PROP(ERROR_BIOMETRY_LOCKOUT, LAErrorBiometryLockout);
MAKE_SYSTEM_PROP(BIOMETRY_TYPE_NONE, LABiometryNone);
MAKE_SYSTEM_PROP(BIOMETRY_TYPE_TOUCH_ID, LABiometryTypeTouchID);
MAKE_SYSTEM_PROP(BIOMETRY_TYPE_FACE_ID, LABiometryTypeFaceID);
MAKE_SYSTEM_STR(ACCESSIBLE_WHEN_UNLOCKED, kSecAttrAccessibleWhenUnlocked);
MAKE_SYSTEM_STR(ACCESSIBLE_AFTER_FIRST_UNLOCK, kSecAttrAccessibleAfterFirstUnlock);
MAKE_SYSTEM_STR(ACCESSIBLE_ALWAYS, kSecAttrAccessibleAlways);
MAKE_SYSTEM_STR(ACCESSIBLE_WHEN_PASSCODE_SET_THIS_DEVICE_ONLY, kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly);
MAKE_SYSTEM_STR(ACCESSIBLE_WHEN_UNLOCKED_THIS_DEVICE_ONLY, kSecAttrAccessibleWhenUnlockedThisDeviceOnly);
MAKE_SYSTEM_STR(ACCESSIBLE_AFTER_FIRST_UNLOCK_THIS_DEVICE_ONLY, kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly);
MAKE_SYSTEM_STR(ACCESSIBLE_ALWAYS_THIS_DEVICE_ONLY, kSecAttrAccessibleAlwaysThisDeviceOnly);
MAKE_SYSTEM_PROP(ACCESS_CONTROL_USER_PRESENCE, 1); // kSecAccessControlUserPresence
MAKE_SYSTEM_PROP(ACCESS_CONTROL_TOUCH_ID_ANY, 2); // kSecAccessControlTouchIDAny
MAKE_SYSTEM_PROP(ACCESS_CONTROL_TOUCH_ID_CURRENT_SET, 8); // kSecAccessControlTouchIDCurrentSet
MAKE_SYSTEM_PROP(ACCESS_CONTROL_DEVICE_PASSCODE, 16); // kSecAccessControlDevicePasscode
MAKE_SYSTEM_PROP(ACCESS_CONTROL_OR, 16384); // kSecAccessControlOr
MAKE_SYSTEM_PROP(ACCESS_CONTROL_AND, 32768); // kSecAccessControlAnd
MAKE_SYSTEM_PROP(ACCESS_CONTROL_PRIVATE_KEY_USAGE, 1073741824); // kSecAccessControlPrivateKeyUsage
MAKE_SYSTEM_PROP(ACCESS_CONTROL_APPLICATION_PASSWORD, -2147483648); // kSecAccessControlApplicationPassword
MAKE_SYSTEM_PROP(AUTHENTICATION_POLICY_BIOMETRICS, LAPolicyDeviceOwnerAuthenticationWithBiometrics);
MAKE_SYSTEM_PROP(AUTHENTICATION_POLICY_PASSCODE, LAPolicyDeviceOwnerAuthentication);
#if __IPHONE_OS_VERSION_MAX_ALLOWED >= 130000
MAKE_SYSTEM_PROP(AUTHENTICATION_POLICY_BIOMETRICS_OR_WATCH, kLAPolicyDeviceOwnerAuthenticationWithBiometricsOrWatch);
MAKE_SYSTEM_PROP(AUTHENTICATION_POLICY_WATCH, kLAPolicyDeviceOwnerAuthenticationWithWatch);
#endif
@end