[local_auth] Allow device authentication (pin/pattern/passcode)

packages/local_auth/CHANGELOG.md

@@ -1,7 +1,9 @@
 ## 0.6.3+1
 
+* Add `authenticate` method that uses biometric authentication, but allows users to also use device authentication - pin, pattern, passcode.
 * Update package:e2e -> package:integration_test
 
+
 ## 0.6.3
 
 * Increase upper range of `package:platform` constraint to allow 3.X versions.
@@ -33,10 +35,12 @@
 
 * Replace deprecated `getFlutterEngine` call on Android.
 
+
 ## 0.6.1+3
 
 * Make the pedantic dev_dependency explicit.
 
+
 ## 0.6.1+2
 
 * Support v2 embedding.

packages/local_auth/README.md

@@ -23,8 +23,8 @@ bool canCheckBiometrics =
 
 Currently the following biometric types are implemented:
 
-* BiometricType.face
-* BiometricType.fingerprint
+- BiometricType.face
+- BiometricType.fingerprint
 
 To get a list of enrolled biometrics, call getAvailableBiometrics:
 
@@ -44,24 +44,39 @@ if (Platform.isIOS) {
 We have default dialogs with an 'OK' button to show authentication error
 messages for the following 2 cases:
 
-1.  Passcode/PIN/Pattern Not Set. The user has not yet configured a passcode on
-    iOS or PIN/pattern on Android.
-2.  Touch ID/Fingerprint Not Enrolled. The user has not enrolled any
-    fingerprints on the device.
+1. Passcode/PIN/Pattern Not Set. The user has not yet configured a passcode on
+   iOS or PIN/pattern on Android.
+2. Touch ID/Fingerprint Not Enrolled. The user has not enrolled any
+   fingerprints on the device.
 
 Which means, if there's no fingerprint on the user's device, a dialog with
 instructions will pop up to let the user set up fingerprint. If the user clicks
 'OK' button, it will return 'false'.
 
 Use the exported APIs to trigger local authentication with default dialogs:
 
+The `authenticate()` method uses biometric authentication, but also allows
+users to use pin, pattern, or passcode.
+
+```dart
+var localAuth = LocalAuthentication();
+bool didAuthenticate =
+    await localAuth.authenticate(
+        localizedReason: 'Please authenticate to show  account balance');
+```
+
+The `authenticateWithBiometrics()` method uses biometric authentication only.
+
 ```dart
 var localAuth = LocalAuthentication();
 bool didAuthenticate =
     await localAuth.authenticateWithBiometrics(
-        localizedReason: 'Please authenticate to show account balance');
+        localizedReason: 'Please authenticate to show  account balance');
 ```
 
+Note that `authenticate()` and `authenticateWithBiometrics()` methods have
+the same signature and parameters.
+
 If you don't want to use the default dialogs, call this API with
 'useErrorDialogs = false'. In this case, it will throw the error message back
 and you need to handle them in your dart code:
@@ -134,7 +149,6 @@ you need to also add:
 to your Info.plist file. Failure to do so results in a dialog that tells the user your
 app has not been updated to use TouchID.
 
-
 ## Android Integration
 
 Note that local_auth plugin requires the use of a FragmentActivity as
@@ -155,7 +169,7 @@ Update your project's `AndroidManifest.xml` file to include the
 On Android, you can check only for existence of fingerprint hardware prior
 to API 29 (Android Q). Therefore, if you would like to support other biometrics
 types (such as face scanning) and you want to support SDKs lower than Q,
-*do not* call `getAvailableBiometrics`. Simply call `authenticateWithBiometrics`.
+_do not_ call `getAvailableBiometrics`. Simply call `authenticateWithBiometrics`.
 This will return an error if there was no hardware available.
 
 ## Sticky Auth

packages/local_auth/android/src/main/AndroidManifest.xml

@@ -1,3 +1,5 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
   package="io.flutter.plugins.localauth">
+    <uses-sdk android:targetSdkVersion="29"/>
+    <uses-permission android:name="android.permission.USE_FINGERPRINT" />
 </manifest>

packages/local_auth/android/src/main/java/io/flutter/plugins/localauth/AuthenticationHelper.java

@@ -7,10 +7,12 @@
 import android.app.Activity;
 import android.app.AlertDialog;
 import android.app.Application;
+import android.app.KeyguardManager;
 import android.content.Context;
 import android.content.DialogInterface;
 import android.content.DialogInterface.OnClickListener;
 import android.content.Intent;
+import android.os.Build;
 import android.os.Bundle;
 import android.os.Handler;
 import android.os.Looper;
@@ -20,6 +22,7 @@
 import android.view.View;
 import android.widget.TextView;
 import androidx.annotation.NonNull;
+import androidx.annotation.RequiresApi;
 import androidx.biometric.BiometricPrompt;
 import androidx.fragment.app.FragmentActivity;
 import androidx.lifecycle.DefaultLifecycleObserver;
@@ -28,6 +31,8 @@
 import io.flutter.plugin.common.MethodCall;
 import java.util.concurrent.Executor;
 
+import static android.content.Context.KEYGUARD_SERVICE;
+
 /**
  * Authenticates the user with fingerprint and sends corresponding response back to Flutter.
  *
@@ -75,21 +80,35 @@ interface AuthCompletionHandler {
       Lifecycle lifecycle,
       FragmentActivity activity,
       MethodCall call,
-      AuthCompletionHandler completionHandler) {
+      AuthCompletionHandler completionHandler,
+      boolean allowCredentials) {
     this.lifecycle = lifecycle;
     this.activity = activity;
     this.completionHandler = completionHandler;
     this.call = call;
     this.isAuthSticky = call.argument("stickyAuth");
     this.uiThreadExecutor = new UiThreadExecutor();
-    this.promptInfo =
-        new BiometricPrompt.PromptInfo.Builder()
-            .setDescription((String) call.argument("localizedReason"))
-            .setTitle((String) call.argument("signInTitle"))
-            .setSubtitle((String) call.argument("fingerprintHint"))
-            .setNegativeButtonText((String) call.argument("cancelButton"))
-            .setConfirmationRequired((Boolean) call.argument("sensitiveTransaction"))
-            .build();
+
+    if (allowCredentials) {
+      this.promptInfo =
+          new BiometricPrompt.PromptInfo.Builder()
+              .setDescription((String) call.argument("localizedReason"))
+              .setTitle((String) call.argument("signInTitle"))
+              .setSubtitle((String) call.argument("fingerprintHint"))
+              .setConfirmationRequired((Boolean) call.argument("sensitiveTransaction"))
+              .setDeviceCredentialAllowed(true)
+              .build();
+
+    } else {
+      this.promptInfo =
+          new BiometricPrompt.PromptInfo.Builder()
+              .setDescription((String) call.argument("localizedReason"))
+              .setTitle((String) call.argument("signInTitle"))
+              .setSubtitle((String) call.argument("fingerprintHint"))
+              .setNegativeButtonText((String) call.argument("cancelButton"))
+              .setConfirmationRequired((Boolean) call.argument("sensitiveTransaction"))
+              .build();
+    }
   }
 
   /** Start the fingerprint listener. */
@@ -125,21 +144,25 @@ private void stop() {
   public void onAuthenticationError(int errorCode, CharSequence errString) {
     switch (errorCode) {
       case BiometricPrompt.ERROR_NO_DEVICE_CREDENTIAL:
-        completionHandler.onError(
-            "PasscodeNotSet",
-            "Phone not secured by PIN, pattern or password, or SIM is currently locked.");
-        break;
+        if (call.argument("useErrorDialogs")) {
+          showGoToSettingsDialog(
+              "Device credentials required",
+              "Device credentials security does not appear to be set up. Go to \'Settings > Security\' to add credentials.");
+          return;
+        }
+        completionHandler.onError("NotAvailable", "Security credentials not available.");
       case BiometricPrompt.ERROR_NO_SPACE:
       case BiometricPrompt.ERROR_NO_BIOMETRICS:
+        if(promptInfo.isDeviceCredentialAllowed())return;
         if (call.argument("useErrorDialogs")) {
-          showGoToSettingsDialog();
+          showGoToSettingsDialog((String) call.argument("fingerprintRequired"), (String) call.argument("goToSettingDescription"));
           return;
         }
         completionHandler.onError("NotEnrolled", "No Biometrics enrolled on this device.");
         break;
       case BiometricPrompt.ERROR_HW_UNAVAILABLE:
       case BiometricPrompt.ERROR_HW_NOT_PRESENT:
-        completionHandler.onError("NotAvailable", "Biometrics is not available on this device.");
+        completionHandler.onError("NotAvailable", "Security credentials not available.");
         break;
       case BiometricPrompt.ERROR_LOCKOUT:
         completionHandler.onError(
@@ -213,19 +236,23 @@ public void onResume(@NonNull LifecycleOwner owner) {
     onActivityResumed(null);
   }
 
+  //hack: dialog opens twice on Android 8
+  private boolean isSettingsDialogOpen = false;
   // Suppress inflateParams lint because dialogs do not need to attach to a parent view.
   @SuppressLint("InflateParams")
-  private void showGoToSettingsDialog() {
+  private void showGoToSettingsDialog(String title, String descriptionText) {
+    if(isSettingsDialogOpen) return;
     View view = LayoutInflater.from(activity).inflate(R.layout.go_to_setting, null, false);
     TextView message = (TextView) view.findViewById(R.id.fingerprint_required);
     TextView description = (TextView) view.findViewById(R.id.go_to_setting_description);
-    message.setText((String) call.argument("fingerprintRequired"));
-    description.setText((String) call.argument("goToSettingDescription"));
+    message.setText(title);
+    description.setText(descriptionText);
     Context context = new ContextThemeWrapper(activity, R.style.AlertDialogCustom);
     OnClickListener goToSettingHandler =
         new OnClickListener() {
           @Override
           public void onClick(DialogInterface dialog, int which) {
+            isSettingsDialogOpen = false;
             completionHandler.onFailure();
             stop();
             activity.startActivity(new Intent(Settings.ACTION_SECURITY_SETTINGS));
@@ -235,10 +262,12 @@ public void onClick(DialogInterface dialog, int which) {
         new OnClickListener() {
           @Override
           public void onClick(DialogInterface dialog, int which) {
+            isSettingsDialogOpen = false;
             completionHandler.onFailure();
             stop();
           }
         };
+    isSettingsDialogOpen = true;
     new AlertDialog.Builder(context)
         .setView(view)
         .setPositiveButton((String) call.argument("goToSetting"), goToSettingHandler)