-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/fga/biometric unlock #1702
Conversation
@@ -42,7 +42,7 @@ import timber.log.Timber | |||
|
|||
private val loggerTag = LoggerTag("MainActivity") | |||
|
|||
class MainActivity : NodeComponentActivity() { | |||
class MainActivity : NodeActivity() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Necessary to have FragmentActivity for Biometric api
|
📱 Scan the QR code below to install the build (arm64 only) for this PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM thanks! I just have a few nits and one thing we might either want to implement now or as soon as we get some errors we saw back in EA (which we might avoid if we're lucky).
Also, if biometric auth is enabled, shouldn't it be prompted by default, instead of the PIN code?
Feel free to ignore the nits or implement them in another PR.
@@ -48,7 +48,16 @@ data class LockScreenConfig( | |||
/** | |||
* Time period before locking the app once backgrounded. | |||
*/ | |||
val gracePeriodInMillis: Long | |||
val gracePeriodInMillis: Long, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: maybe this could be a Duration
instead?
override fun setup() { | ||
try { | ||
val secretKey = ensureKey() | ||
val cipher = encryptionDecryptionService.createEncryptionCipher(secretKey) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While this will work in general, on EA we had some nasty issues with 'user not authenticated' errors. To avoid this, one possible workaround may be to create the Cipher
on demand and have 2 internal authentication methods, since it seems like this is a possible workaround:
authenticateWithCryptoObject
, should be called by default, it will do what's insideauthenticate
right now. If thecreateEncryptionCipher
inside this authenticate method fails with the 'user not authenticated error', however, we go to the 2nd method.authenticateWithoutCryptoObject
, will call the sameprompt.authenticate
method without aCryptoObject
, which will authenticate the user and get rid of the error, then you should be able to initialize theCipher
and use it as you'd usually do.
I'm not saying you should implement this now, but we definitely should if we see those kind of issues coming back on EXA.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
user not authenticated error
is something different than KeyPermanentlyInvalidatedException
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it's completely different. This error should only appear if you tried to use the Cipher
before using the biometric prompt I think, but for some reason it sometimes will trigger as soon as you initialize the Cipher.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok I see, otherwise I'll remove the flag for now...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you do that we might have to handle key migrations in the future, so be careful.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will handle that later if we encounter the issue, no time for now :/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No worries, given the deadlines, I think that's the right call too
/** | ||
* Returns true if any biometric method (weak or strong) can be used. | ||
*/ | ||
private val canUseBiometricAuth: Boolean |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we should rename this to 'isAuthenticatorAvailable'?
/** | ||
* Returns whether the biometric unlock is allowed or not. | ||
*/ | ||
fun isBiometricUnlockAllowed(): Flow<Boolean> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: maybe use enabled
here instead of allowed
? Allowed sounds like something coming from the OS to me, rather than from a user preference.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was to reflects what we show on the ui...
This is the case, it automatically opens the Biometric bottom sheet, on top of the
|
Ah, true, it does by default. However, for me it doesn't anymore after:
It won't work automatically, I need to click on 'use biometric'. It does work fine again after restarting the app. |
Got it, will fix, thanks! |
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## develop #1702 +/- ##
===========================================
- Coverage 63.64% 63.40% -0.25%
===========================================
Files 1267 1277 +10
Lines 32881 33129 +248
Branches 6809 6854 +45
===========================================
+ Hits 20928 21006 +78
- Misses 8805 8959 +154
- Partials 3148 3164 +16
☔ View full report in Codecov by Sentry. |
Kudos, SonarCloud Quality Gate passed! |
This PR branches the biometric unlock logic.