Improve detection of configure PIN code.
This commit is contained in:
Benoit Marty
Benoit Marty
parent
2f45ca8835
commit
61374bca4e
13 changed files with 77 additions and 44 deletions
|
|
@ -36,13 +36,13 @@ interface BiometricAuthenticator {
|
|||
}
|
||||
|
||||
val isActive: Boolean
|
||||
fun setup()
|
||||
suspend fun setup()
|
||||
suspend fun authenticate(): AuthenticationResult
|
||||
}
|
||||
|
||||
class NoopBiometricAuthentication : BiometricAuthenticator {
|
||||
override val isActive: Boolean = false
|
||||
override fun setup() = Unit
|
||||
override suspend fun setup() = Unit
|
||||
override suspend fun authenticate() = BiometricAuthenticator.AuthenticationResult.Failure()
|
||||
}
|
||||
|
||||
|
|
@ -58,7 +58,7 @@ class DefaultBiometricAuthentication(
|
|||
|
||||
private var cryptoObject: CryptoObject? = null
|
||||
|
||||
override fun setup() {
|
||||
override suspend fun setup() {
|
||||
try {
|
||||
val secretKey = ensureKey()
|
||||
val cipher = encryptionDecryptionService.createEncryptionCipher(secretKey)
|
||||
|
|
@ -86,7 +86,7 @@ class DefaultBiometricAuthentication(
|
|||
}
|
||||
|
||||
@Throws(KeyPermanentlyInvalidatedException::class)
|
||||
private fun ensureKey() = secretKeyRepository.getOrCreateKey(keyAlias, true).also {
|
||||
private suspend fun ensureKey() = secretKeyRepository.getOrCreateKey(keyAlias, true).also {
|
||||
encryptionDecryptionService.createEncryptionCipher(it)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ import io.element.android.libraries.cryptography.api.SecretKeyRepository
|
|||
import kotlinx.coroutines.flow.Flow
|
||||
import java.util.concurrent.CopyOnWriteArrayList
|
||||
|
||||
private const val SECRET_KEY_ALIAS = "elementx.SECRET_KEY_ALIAS_PIN_CODE"
|
||||
internal const val SECRET_KEY_ALIAS = "elementx.SECRET_KEY_ALIAS_PIN_CODE"
|
||||
|
||||
@ContributesBinding(AppScope::class)
|
||||
@SingleIn(AppScope::class)
|
||||
|
|
@ -38,7 +38,7 @@ class DefaultPinCodeManager(
|
|||
}
|
||||
|
||||
override fun hasPinCode(): Flow<Boolean> {
|
||||
return lockScreenStore.hasPinCode()
|
||||
return secretKeyRepository.hasKey(SECRET_KEY_ALIAS)
|
||||
}
|
||||
|
||||
override suspend fun getPinCodeSize(): Int {
|
||||
|
|
@ -79,6 +79,7 @@ class DefaultPinCodeManager(
|
|||
override suspend fun deletePinCode() {
|
||||
lockScreenStore.deleteEncryptedPinCode()
|
||||
lockScreenStore.resetCounter()
|
||||
secretKeyRepository.deleteKey(SECRET_KEY_ALIAS)
|
||||
callbacks.forEach { it.onPinCodeRemoved() }
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -8,8 +8,6 @@
|
|||
|
||||
package io.element.android.features.lockscreen.impl.storage
|
||||
|
||||
import kotlinx.coroutines.flow.Flow
|
||||
|
||||
/**
|
||||
* Should be implemented by any class that provides access to the encrypted PIN code.
|
||||
* All methods are suspending in case there are async IO operations involved.
|
||||
|
|
@ -29,9 +27,4 @@ interface EncryptedPinCodeStorage {
|
|||
* Deletes the PIN code from some persistable storage.
|
||||
*/
|
||||
suspend fun deleteEncryptedPinCode()
|
||||
|
||||
/**
|
||||
* Returns whether the PIN code is stored or not.
|
||||
*/
|
||||
fun hasPinCode(): Flow<Boolean>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -70,12 +70,6 @@ class PreferencesLockScreenStore(
|
|||
}
|
||||
}
|
||||
|
||||
override fun hasPinCode(): Flow<Boolean> {
|
||||
return dataStore.data.map { preferences ->
|
||||
preferences[pinCodeKey] != null
|
||||
}
|
||||
}
|
||||
|
||||
override fun isBiometricUnlockAllowed(): Flow<Boolean> {
|
||||
return dataStore.data.map { preferences ->
|
||||
preferences[biometricUnlockKey] ?: false
|
||||
|
|
|
|||
|
|
@ -14,9 +14,12 @@ import io.element.android.features.lockscreen.impl.biometric.BiometricAuthentica
|
|||
import io.element.android.features.lockscreen.impl.biometric.FakeBiometricAuthenticatorManager
|
||||
import io.element.android.features.lockscreen.impl.fixtures.aLockScreenConfig
|
||||
import io.element.android.features.lockscreen.impl.pin.PinCodeManager
|
||||
import io.element.android.features.lockscreen.impl.pin.SECRET_KEY_ALIAS
|
||||
import io.element.android.features.lockscreen.impl.pin.createDefaultPinCodeManager
|
||||
import io.element.android.features.lockscreen.impl.pin.storage.InMemoryLockScreenStore
|
||||
import io.element.android.features.lockscreen.impl.storage.LockScreenStore
|
||||
import io.element.android.libraries.cryptography.api.SecretKeyRepository
|
||||
import io.element.android.libraries.cryptography.test.SimpleSecretKeyRepository
|
||||
import io.element.android.libraries.sessionstorage.api.observer.SessionObserver
|
||||
import io.element.android.libraries.sessionstorage.test.observer.FakeSessionObserver
|
||||
import io.element.android.services.appnavstate.api.AppForegroundStateService
|
||||
|
|
@ -38,18 +41,18 @@ class DefaultLockScreenServiceTest {
|
|||
|
||||
@Test
|
||||
fun `when the pin is mandatory, isSetupRequired emits true`() = runTest {
|
||||
val lockScreenStore = InMemoryLockScreenStore()
|
||||
val secretKeyRepository = SimpleSecretKeyRepository()
|
||||
val sut = createDefaultLockScreenService(
|
||||
lockScreenConfig = aLockScreenConfig(isPinMandatory = true),
|
||||
lockScreenStore = lockScreenStore,
|
||||
secretKeyRepository = secretKeyRepository,
|
||||
)
|
||||
sut.isSetupRequired().test {
|
||||
assertThat(awaitItem()).isTrue()
|
||||
// When the user configures the pin code, the setup is not required anymore
|
||||
lockScreenStore.saveEncryptedPinCode("encryptedCode")
|
||||
secretKeyRepository.getOrCreateKey(SECRET_KEY_ALIAS, true)
|
||||
assertThat(awaitItem()).isFalse()
|
||||
// Users deletes the pin code
|
||||
lockScreenStore.deleteEncryptedPinCode()
|
||||
secretKeyRepository.deleteKey("elementx.SECRET_KEY_ALIAS_PIN_CODE")
|
||||
assertThat(awaitItem()).isTrue()
|
||||
}
|
||||
}
|
||||
|
|
@ -57,16 +60,16 @@ class DefaultLockScreenServiceTest {
|
|||
@Test
|
||||
fun `when the last session is deleted, the pin code is removed`() = runTest {
|
||||
val sessionObserver = FakeSessionObserver()
|
||||
val lockScreenStore = InMemoryLockScreenStore()
|
||||
val secretKeyRepository = SimpleSecretKeyRepository()
|
||||
val sut = createDefaultLockScreenService(
|
||||
lockScreenConfig = aLockScreenConfig(isPinMandatory = true),
|
||||
lockScreenStore = lockScreenStore,
|
||||
secretKeyRepository = secretKeyRepository,
|
||||
sessionObserver = sessionObserver,
|
||||
)
|
||||
sut.isPinSetup().test {
|
||||
assertThat(awaitItem()).isFalse()
|
||||
// When the user configure the pin code, the setup is not required anymore
|
||||
lockScreenStore.saveEncryptedPinCode("encryptedCode")
|
||||
secretKeyRepository.getOrCreateKey(SECRET_KEY_ALIAS, true)
|
||||
assertThat(awaitItem()).isTrue()
|
||||
sessionObserver.onSessionDeleted("userId", wasLastSession = false)
|
||||
expectNoEvents()
|
||||
|
|
@ -79,8 +82,10 @@ class DefaultLockScreenServiceTest {
|
|||
private fun TestScope.createDefaultLockScreenService(
|
||||
lockScreenConfig: LockScreenConfig = aLockScreenConfig(),
|
||||
lockScreenStore: LockScreenStore = InMemoryLockScreenStore(),
|
||||
secretKeyRepository: SecretKeyRepository = SimpleSecretKeyRepository(),
|
||||
pinCodeManager: PinCodeManager = createDefaultPinCodeManager(
|
||||
lockScreenStore = lockScreenStore,
|
||||
secretKeyRepository = secretKeyRepository,
|
||||
),
|
||||
sessionObserver: SessionObserver = FakeSessionObserver(),
|
||||
appForegroundStateService: AppForegroundStateService = FakeAppForegroundStateService(),
|
||||
|
|
|
|||
|
|
@ -12,6 +12,6 @@ class FakeBiometricAuthenticator(
|
|||
override val isActive: Boolean = false,
|
||||
private val authenticateLambda: suspend () -> BiometricAuthenticator.AuthenticationResult = { BiometricAuthenticator.AuthenticationResult.Success },
|
||||
) : BiometricAuthenticator {
|
||||
override fun setup() = Unit
|
||||
override suspend fun setup() = Unit
|
||||
override suspend fun authenticate() = authenticateLambda()
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,12 +15,7 @@ import kotlinx.coroutines.flow.MutableStateFlow
|
|||
private const val DEFAULT_REMAINING_ATTEMPTS = 3
|
||||
|
||||
class InMemoryLockScreenStore : LockScreenStore {
|
||||
private val hasPinCode = MutableStateFlow(false)
|
||||
private var pinCode: String? = null
|
||||
set(value) {
|
||||
field = value
|
||||
hasPinCode.value = value != null
|
||||
}
|
||||
private var remainingAttempts: Int = DEFAULT_REMAINING_ATTEMPTS
|
||||
private var isBiometricUnlockAllowed = MutableStateFlow(false)
|
||||
|
||||
|
|
@ -48,10 +43,6 @@ class InMemoryLockScreenStore : LockScreenStore {
|
|||
pinCode = null
|
||||
}
|
||||
|
||||
override fun hasPinCode(): Flow<Boolean> {
|
||||
return hasPinCode
|
||||
}
|
||||
|
||||
override fun isBiometricUnlockAllowed(): Flow<Boolean> {
|
||||
return isBiometricUnlockAllowed
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue