Force sign out if PIN code store is corrupted.

2026-05-06 10:36:00 +02:00 · 2026-05-06 10:36:00 +02:00 · 8799dda471
commit 8799dda471
parent 61374bca4e
4 changed files with 18 additions and 8 deletions
--- a/features/lockscreen/impl/src/main/kotlin/io/element/android/features/lockscreen/impl/pin/DefaultPinCodeManager.kt
+++ b/features/lockscreen/impl/src/main/kotlin/io/element/android/features/lockscreen/impl/pin/DefaultPinCodeManager.kt
@ -41,8 +41,8 @@ class DefaultPinCodeManager(
        return secretKeyRepository.hasKey(SECRET_KEY_ALIAS)
    }

-    override suspend fun getPinCodeSize(): Int {
-        val encryptedPinCode = lockScreenStore.getEncryptedCode() ?: return 0
+    override suspend fun getPinCodeSize(): Int? {
+        val encryptedPinCode = lockScreenStore.getEncryptedCode() ?: return null
        val secretKey = secretKeyRepository.getOrCreateKey(SECRET_KEY_ALIAS, false)
        val decryptedPinCode = encryptionDecryptionService.decrypt(secretKey, EncryptionResult.fromBase64(encryptedPinCode))
        return decryptedPinCode.size
--- a/features/lockscreen/impl/src/main/kotlin/io/element/android/features/lockscreen/impl/pin/PinCodeManager.kt
+++ b/features/lockscreen/impl/src/main/kotlin/io/element/android/features/lockscreen/impl/pin/PinCodeManager.kt
@ -51,9 +51,9 @@ interface PinCodeManager {
    fun hasPinCode(): Flow<Boolean>

    /**
-     * @return the size of the saved pin code.
+     * @return the size of the saved pin code. Return null if no pin code is saved.
     */
-    suspend fun getPinCodeSize(): Int
+    suspend fun getPinCodeSize(): Int?

    /**
     * Creates a new encrypted pin code.
--- a/features/lockscreen/impl/src/main/kotlin/io/element/android/features/lockscreen/impl/unlock/PinUnlockPresenter.kt
+++ b/features/lockscreen/impl/src/main/kotlin/io/element/android/features/lockscreen/impl/unlock/PinUnlockPresenter.kt
@ -69,7 +69,13 @@ class PinUnlockPresenter(
        LaunchedEffect(Unit) {
            suspend {
                val pinCodeSize = pinCodeManager.getPinCodeSize()
-                PinEntry.createEmpty(pinCodeSize)
+                if (pinCodeSize == null) {
+                    // No pin code set, deleted store? Force sign out
+                    showSignOutPrompt = true
+                    throw Exception("No pin code size found")
+                } else {
+                    PinEntry.createEmpty(pinCodeSize)
+                }
            }.runCatchingUpdatingState(pinEntryState)
        }
        LaunchedEffect(biometricUnlock) {
--- a/features/lockscreen/impl/src/main/kotlin/io/element/android/features/lockscreen/impl/unlock/PinUnlockState.kt
+++ b/features/lockscreen/impl/src/main/kotlin/io/element/android/features/lockscreen/impl/unlock/PinUnlockState.kt
@ -25,9 +25,13 @@ data class PinUnlockState(
    val biometricUnlockResult: BiometricAuthenticator.AuthenticationResult?,
    val eventSink: (PinUnlockEvents) -> Unit
 ) {
-    val isSignOutPromptCancellable = when (remainingAttempts) {
-        is AsyncData.Success -> remainingAttempts.data > 0
-        else -> true
+    val isSignOutPromptCancellable = if (pinEntry.isFailure()) {
+        false
+    } else {
+        when (remainingAttempts) {
+            is AsyncData.Success -> remainingAttempts.data > 0
+            else -> true
+        }
    }

    val biometricUnlockErrorMessage = when {