From 3fd7c2fdfd73bfde6f173dc540ace62039bc3f2e Mon Sep 17 00:00:00 2001 From: Lungu Cristian Date: Tue, 21 Nov 2023 12:44:52 +0200 Subject: [PATCH 01/19] feat: added migration for the keychain hashed password --- src/status_im2/common/keychain/events.cljs | 20 +++++++ .../contexts/onboarding/events.cljs | 5 +- .../contexts/profile/login/events.cljs | 52 ++++++++++++++++--- 3 files changed, 69 insertions(+), 8 deletions(-) diff --git a/src/status_im2/common/keychain/events.cljs b/src/status_im2/common/keychain/events.cljs index 84d7c88481c..23d60c0ef5e 100644 --- a/src/status_im2/common/keychain/events.cljs +++ b/src/status_im2/common/keychain/events.cljs @@ -82,6 +82,25 @@ #(callback (if % (oops/oget % "password") auth-method-none))) (callback nil)))))) +(defn save-migration-auth-hashed! + [key-uid] + (keychain/save-credentials + (str key-uid "-hashed") + key-uid + ;; NOTE: using the key-id as the password, but we don't really care about the + ;; value, we only care that it's there + key-uid + #(when-not % + (log/error + (str "Error while setting up keychain migration"))))) + +(re-frame/reg-fx + :keychain/get-migration-auth-hashed + (fn [[key-uid callback]] + (keychain/get-credentials + (str key-uid "-hashed") + #(callback (boolean %))))) + (defn save-user-password! [key-uid password] (keychain/save-credentials key-uid key-uid (security/safe-unmask-data password) #())) @@ -107,5 +126,6 @@ (fn [{:keys [key-uid masked-password on-success on-error]}] (-> (save-user-password! key-uid masked-password) (.then #(save-auth-method! key-uid auth-method-biometric)) + (.then #(save-migration-auth-hashed! key-uid)) (.then #(when on-success (on-success))) (.catch #(when on-error (on-error %)))))) diff --git a/src/status_im2/contexts/onboarding/events.cljs b/src/status_im2/contexts/onboarding/events.cljs index 814ac84cb79..9e7d78a645d 100644 --- a/src/status_im2/contexts/onboarding/events.cljs +++ b/src/status_im2/contexts/onboarding/events.cljs @@ -154,7 +154,10 @@ biometric-enabled? (assoc :keychain/save-password-and-auth-method {:key-uid key-uid - :masked-password masked-password + :masked-password (-> masked-password + security/safe-unmask-data + native-module/sha3 + security/mask-data) :on-success (fn [] (if syncing? (rf/dispatch [:onboarding-2/navigate-to-enable-notifications]) diff --git a/src/status_im2/contexts/profile/login/events.cljs b/src/status_im2/contexts/profile/login/events.cljs index 6734abe05bd..822ac5a2195 100644 --- a/src/status_im2/contexts/profile/login/events.cljs +++ b/src/status_im2/contexts/profile/login/events.cljs @@ -42,6 +42,13 @@ {:db (assoc-in db [:profile/login :processing] true) ::login [key-uid (native-module/sha3 (security/safe-unmask-data password))]})) +(rf/defn biometry-login + {:events [:profile.login/biometry-login]} + [{:keys [db]}] + (let [{:keys [key-uid password]} (:profile/login db)] + {:db (assoc-in db [:profile/login :processing] true) + ::login [key-uid (security/safe-unmask-data password)]})) + (rf/defn login-local-paired-user {:events [:profile.login/local-paired-user]} [{:keys [db]}] @@ -149,14 +156,45 @@ {:keychain/get-auth-method [key-uid #(rf/dispatch [:profile.login/get-auth-method-success % key-uid])]}) +;; NOTE: replacing the plaintext password in the keychain with the hashed one +(rf/defn migrate-biometrics-keychain-password + {:events [:profile.login/migrate-biometrics-keychain-password]} + [_ key-uid callback] + {:keychain/get-user-password + [key-uid + (fn [password] + (-> password + security/safe-unmask-data + native-module/sha3 + security/mask-data + (->> (keychain/save-user-password! key-uid)) + (.then #(keychain/save-migration-auth-hashed! key-uid)) + (.then #(callback)) + (.catch #(log/error "Failed to migrate the keychain for " key-uid))))]}) + +(rf/defn check-biometrics-keychain-migration + {:events [:profile.login/check-biometrics-keychain-migration]} + [_ key-uid callback] + {:keychain/get-migration-auth-hashed + [key-uid + (fn [hashed?] + (println "hashed?: " hashed?) + (if hashed? + (callback) + (rf/dispatch [:profile.login/migrate-biometrics-keychain-password key-uid callback])))]}) + (rf/defn get-auth-method-success {:events [:profile.login/get-auth-method-success]} - [{:keys [db]} auth-method] - (merge {:db (assoc db :auth-method auth-method)} - (when (= auth-method keychain/auth-method-biometric) - {:biometric/authenticate - {:on-success #(rf/dispatch [:profile.login/biometric-success]) - :on-faile #(rf/dispatch [:profile.login/biometric-auth-fail])}}))) + [{:keys [db] :as cofx} auth-method key-uid] + (rf/merge cofx + {:db (assoc db :auth-method auth-method)} + (when (= auth-method keychain/auth-method-biometric) + (check-biometrics-keychain-migration + key-uid + (fn [] + (rf/dispatch [:biometric/authenticate + {:on-success #(rf/dispatch [:profile.login/biometric-success]) + :on-faile #(rf/dispatch [:profile.login/biometric-auth-fail])}])))))) (rf/defn biometric-auth-success {:events [:profile.login/biometric-success]} @@ -175,7 +213,7 @@ cofx {:db (assoc-in db [:profile/login :password] password)} (navigation/init-root :progress) - (login)))) + (biometry-login)))) (rf/defn biometric-auth-fail {:events [:profile.login/biometric-auth-fail]} From e6cea4713387bc388dfe03b448b804a73adfea44 Mon Sep 17 00:00:00 2001 From: Lungu Cristian Date: Tue, 21 Nov 2023 13:24:57 +0200 Subject: [PATCH 02/19] feat: added sync biometry without password entry --- src/status_im2/common/keychain/events.cljs | 7 ++++-- .../onboarding/enable_biometrics/view.cljs | 24 ++++++------------- .../contexts/onboarding/events.cljs | 16 +++---------- .../contexts/profile/login/events.cljs | 13 +++++----- src/utils/security/core.cljs | 8 +++++++ 5 files changed, 30 insertions(+), 38 deletions(-) diff --git a/src/status_im2/common/keychain/events.cljs b/src/status_im2/common/keychain/events.cljs index 23d60c0ef5e..e417783cd39 100644 --- a/src/status_im2/common/keychain/events.cljs +++ b/src/status_im2/common/keychain/events.cljs @@ -82,10 +82,12 @@ #(callback (if % (oops/oget % "password") auth-method-none))) (callback nil)))))) +(def ^:const migration-server-suffix "-hashed") + (defn save-migration-auth-hashed! [key-uid] (keychain/save-credentials - (str key-uid "-hashed") + (str key-uid migration-server-suffix) key-uid ;; NOTE: using the key-id as the password, but we don't really care about the ;; value, we only care that it's there @@ -98,7 +100,7 @@ :keychain/get-migration-auth-hashed (fn [[key-uid callback]] (keychain/get-credentials - (str key-uid "-hashed") + (str key-uid migration-server-suffix) #(callback (boolean %))))) (defn save-user-password! @@ -119,6 +121,7 @@ (re-frame/reg-fx :keychain/clear-user-password (fn [key-uid] + (keychain/reset-credentials (str key-uid migration-server-suffix)) (keychain/reset-credentials key-uid))) (re-frame/reg-fx diff --git a/src/status_im2/contexts/onboarding/enable_biometrics/view.cljs b/src/status_im2/contexts/onboarding/enable_biometrics/view.cljs index 146d2e754d9..5dc5a4a3b83 100644 --- a/src/status_im2/contexts/onboarding/enable_biometrics/view.cljs +++ b/src/status_im2/contexts/onboarding/enable_biometrics/view.cljs @@ -34,23 +34,13 @@ syncing-results? (= :syncing-results @state/root-id)] [rn/view {:style (style/buttons insets)} [standard-auth/button - (merge - {:size 40 - :accessibility-label :enable-biometrics-button - :icon-left :i/face-id - :customization-color profile-color - :button-label (i18n/label :t/biometric-enable-button {:bio-type-label bio-type-label})} - (if syncing-results? - {:theme theme - :blur? true - :on-enter-password (fn [entered-password] - (rf/dispatch - [:onboarding-2/authenticate-enable-biometrics - (security/safe-unmask-data - entered-password)]) - (rf/dispatch [:hide-bottom-sheet])) - :auth-button-label (i18n/label :t/confirm)} - {:on-press #(rf/dispatch [:onboarding-2/enable-biometrics])}))] + {:size 40 + :accessibility-label :enable-biometrics-button + :icon-left :i/face-id + :customization-color profile-color + :theme theme + :on-press #(rf/dispatch [:onboarding-2/enable-biometrics]) + :button-label (i18n/label :t/biometric-enable-button {:bio-type-label bio-type-label})}] [quo/button {:accessibility-label :maybe-later-button :background :blur diff --git a/src/status_im2/contexts/onboarding/events.cljs b/src/status_im2/contexts/onboarding/events.cljs index 9e7d78a645d..3295513428a 100644 --- a/src/status_im2/contexts/onboarding/events.cljs +++ b/src/status_im2/contexts/onboarding/events.cljs @@ -35,15 +35,6 @@ {:biometric/authenticate {:on-success #(rf/dispatch [:onboarding-2/biometrics-done]) :on-fail #(rf/dispatch [:onboarding-2/biometrics-fail %])}}) -(rf/defn authenticate-enable-biometrics - {:events [:onboarding-2/authenticate-enable-biometrics]} - [{:keys [db]} password] - {:db (-> db - (assoc-in [:onboarding-2/profile :password] password) - (assoc-in [:onboarding-2/profile :syncing?] true)) - :biometric/authenticate {:on-success #(rf/dispatch [:onboarding-2/biometrics-done]) - :on-fail #(rf/dispatch [:onboarding-2/biometrics-fail %])}}) - (rf/defn navigate-to-enable-notifications {:events [:onboarding-2/navigate-to-enable-notifications]} [{:keys [db]}] @@ -154,10 +145,9 @@ biometric-enabled? (assoc :keychain/save-password-and-auth-method {:key-uid key-uid - :masked-password (-> masked-password - security/safe-unmask-data - native-module/sha3 - security/mask-data) + :masked-password (if syncing? + masked-password + (security/hash-masked-password masked-password)) :on-success (fn [] (if syncing? (rf/dispatch [:onboarding-2/navigate-to-enable-notifications]) diff --git a/src/status_im2/contexts/profile/login/events.cljs b/src/status_im2/contexts/profile/login/events.cljs index 822ac5a2195..5664214b084 100644 --- a/src/status_im2/contexts/profile/login/events.cljs +++ b/src/status_im2/contexts/profile/login/events.cljs @@ -52,8 +52,12 @@ (rf/defn login-local-paired-user {:events [:profile.login/local-paired-user]} [{:keys [db]}] - (let [{:keys [key-uid password]} (get-in db [:syncing :profile])] - {::login [key-uid password]})) + (let [{:keys [key-uid password]} (get-in db [:syncing :profile]) + masked-password (security/mask-data password)] + {:db (-> db + (assoc-in [:onboarding-2/profile :password] masked-password) + (assoc-in [:onboarding-2/profile :syncing?] true)) + ::login [key-uid password]})) (rf/defn redirect-to-root [{:keys [db] :as cofx}] @@ -164,9 +168,7 @@ [key-uid (fn [password] (-> password - security/safe-unmask-data - native-module/sha3 - security/mask-data + security/hash-masked-password (->> (keychain/save-user-password! key-uid)) (.then #(keychain/save-migration-auth-hashed! key-uid)) (.then #(callback)) @@ -178,7 +180,6 @@ {:keychain/get-migration-auth-hashed [key-uid (fn [hashed?] - (println "hashed?: " hashed?) (if hashed? (callback) (rf/dispatch [:profile.login/migrate-biometrics-keychain-password key-uid callback])))]}) diff --git a/src/utils/security/core.cljs b/src/utils/security/core.cljs index 84c9b61b674..b1790a14eab 100644 --- a/src/utils/security/core.cljs +++ b/src/utils/security/core.cljs @@ -1,5 +1,6 @@ (ns utils.security.core (:require + [native-module.core :as native-module] [utils.security.security-html :as h])) (defprotocol Unmaskable @@ -58,3 +59,10 @@ and does not contain an rtlo character, which might mean that the url is spoofed" [text] (not (re-matches rtlo-link-regex text))) + +(defn hash-masked-password + [masked-password] + (-> masked-password + safe-unmask-data + native-module/sha3 + mask-data)) From cd85f72dc1e08d9991782b6ad5a6ba4d92f0c8e5 Mon Sep 17 00:00:00 2001 From: Lungu Cristian Date: Tue, 21 Nov 2023 14:36:56 +0200 Subject: [PATCH 03/19] fix: biometry typo from develop --- src/status_im2/contexts/profile/login/events.cljs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/status_im2/contexts/profile/login/events.cljs b/src/status_im2/contexts/profile/login/events.cljs index 5664214b084..df3d89b3404 100644 --- a/src/status_im2/contexts/profile/login/events.cljs +++ b/src/status_im2/contexts/profile/login/events.cljs @@ -195,7 +195,7 @@ (fn [] (rf/dispatch [:biometric/authenticate {:on-success #(rf/dispatch [:profile.login/biometric-success]) - :on-faile #(rf/dispatch [:profile.login/biometric-auth-fail])}])))))) + :on-fail #(rf/dispatch [:profile.login/biometric-auth-fail])}])))))) (rf/defn biometric-auth-success {:events [:profile.login/biometric-success]} From c63c80dd9b1b468b0d5712b72527dfedd787fd3e Mon Sep 17 00:00:00 2001 From: Lungu Cristian Date: Tue, 21 Nov 2023 18:56:18 +0200 Subject: [PATCH 04/19] ref: moved migration side-effects outside the event --- src/status_im2/common/keychain/events.cljs | 40 ++++++++++++++---- .../contexts/profile/login/events.cljs | 42 ++++--------------- 2 files changed, 40 insertions(+), 42 deletions(-) diff --git a/src/status_im2/common/keychain/events.cljs b/src/status_im2/common/keychain/events.cljs index e417783cd39..9128b53555d 100644 --- a/src/status_im2/common/keychain/events.cljs +++ b/src/status_im2/common/keychain/events.cljs @@ -96,23 +96,27 @@ (log/error (str "Error while setting up keychain migration"))))) -(re-frame/reg-fx - :keychain/get-migration-auth-hashed - (fn [[key-uid callback]] - (keychain/get-credentials - (str key-uid migration-server-suffix) - #(callback (boolean %))))) +(defn get-migration-auth-hashed! + [key-uid callback] + (keychain/get-credentials + (str key-uid migration-server-suffix) + #(callback (boolean %)))) (defn save-user-password! [key-uid password] (keychain/save-credentials key-uid key-uid (security/safe-unmask-data password) #())) +(defn get-user-password! + [key-uid callback] + (keychain/get-credentials key-uid + #(if % + (callback (security/mask-data (oops/oget % "password"))) + (callback nil)))) + (re-frame/reg-fx :keychain/get-user-password (fn [[key-uid callback]] - (keychain/get-credentials - key-uid - #(if % (callback (security/mask-data (oops/oget % "password"))) (callback nil))))) + (get-user-password! key-uid callback))) (rf/defn get-user-password [_ key-uid callback] @@ -132,3 +136,21 @@ (.then #(save-migration-auth-hashed! key-uid)) (.then #(when on-success (on-success))) (.catch #(when on-error (on-error %)))))) + +;; NOTE: migrating the plaintext password in the keychain +;; with the hashed one. Added due to the sync onboarding +;; flow, where the password arrives already hashed. +(re-frame/reg-fx + :keychain/password-hash-migration + (fn [{:keys [key-uid callback]}] + (-> (get-migration-auth-hashed! key-uid identity) + (.then (fn [pw-already-hashed?] + (if pw-already-hashed? + (callback) + (-> (get-user-password! key-uid identity) + (.then #(security/hash-masked-password %)) + (.then #(save-user-password! key-uid %)) + (.then #(save-migration-auth-hashed! key-uid)) + (.then #(callback)) + (.catch #(log/error "Failed to migrate the keychain password for " key-uid + "\nError: " %))))))))) diff --git a/src/status_im2/contexts/profile/login/events.cljs b/src/status_im2/contexts/profile/login/events.cljs index df3d89b3404..5cd360fdf20 100644 --- a/src/status_im2/contexts/profile/login/events.cljs +++ b/src/status_im2/contexts/profile/login/events.cljs @@ -160,42 +160,18 @@ {:keychain/get-auth-method [key-uid #(rf/dispatch [:profile.login/get-auth-method-success % key-uid])]}) -;; NOTE: replacing the plaintext password in the keychain with the hashed one -(rf/defn migrate-biometrics-keychain-password - {:events [:profile.login/migrate-biometrics-keychain-password]} - [_ key-uid callback] - {:keychain/get-user-password - [key-uid - (fn [password] - (-> password - security/hash-masked-password - (->> (keychain/save-user-password! key-uid)) - (.then #(keychain/save-migration-auth-hashed! key-uid)) - (.then #(callback)) - (.catch #(log/error "Failed to migrate the keychain for " key-uid))))]}) - -(rf/defn check-biometrics-keychain-migration - {:events [:profile.login/check-biometrics-keychain-migration]} - [_ key-uid callback] - {:keychain/get-migration-auth-hashed - [key-uid - (fn [hashed?] - (if hashed? - (callback) - (rf/dispatch [:profile.login/migrate-biometrics-keychain-password key-uid callback])))]}) - (rf/defn get-auth-method-success {:events [:profile.login/get-auth-method-success]} [{:keys [db] :as cofx} auth-method key-uid] - (rf/merge cofx - {:db (assoc db :auth-method auth-method)} - (when (= auth-method keychain/auth-method-biometric) - (check-biometrics-keychain-migration - key-uid - (fn [] - (rf/dispatch [:biometric/authenticate - {:on-success #(rf/dispatch [:profile.login/biometric-success]) - :on-fail #(rf/dispatch [:profile.login/biometric-auth-fail])}])))))) + (merge {:db (assoc db :auth-method auth-method)} + (when (= auth-method keychain/auth-method-biometric) + {:keychain/password-hash-migration + {:key-uid key-uid + :callback (fn [] + (rf/dispatch [:biometric/authenticate + {:on-success #(rf/dispatch [:profile.login/biometric-success]) + :on-fail #(rf/dispatch + [:profile.login/biometric-auth-fail])}]))}}))) (rf/defn biometric-auth-success {:events [:profile.login/biometric-success]} From 357ee4e1104a547ac36b6b5423a9ef14f12a79ca Mon Sep 17 00:00:00 2001 From: Lungu Cristian Date: Tue, 21 Nov 2023 20:06:48 +0200 Subject: [PATCH 05/19] ref: some renaming for keychain migration --- src/status_im2/common/keychain/events.cljs | 55 +++++++++++----------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/src/status_im2/common/keychain/events.cljs b/src/status_im2/common/keychain/events.cljs index 9128b53555d..0567fb44bb7 100644 --- a/src/status_im2/common/keychain/events.cljs +++ b/src/status_im2/common/keychain/events.cljs @@ -81,27 +81,6 @@ (str key-uid "-auth") #(callback (if % (oops/oget % "password") auth-method-none))) (callback nil)))))) - -(def ^:const migration-server-suffix "-hashed") - -(defn save-migration-auth-hashed! - [key-uid] - (keychain/save-credentials - (str key-uid migration-server-suffix) - key-uid - ;; NOTE: using the key-id as the password, but we don't really care about the - ;; value, we only care that it's there - key-uid - #(when-not % - (log/error - (str "Error while setting up keychain migration"))))) - -(defn get-migration-auth-hashed! - [key-uid callback] - (keychain/get-credentials - (str key-uid migration-server-suffix) - #(callback (boolean %)))) - (defn save-user-password! [key-uid password] (keychain/save-credentials key-uid key-uid (security/safe-unmask-data password) #())) @@ -122,10 +101,32 @@ [_ key-uid callback] {:keychain/get-user-password [key-uid callback]}) +(defn- password-migration-key-name + [key-uid] + (str key-uid "-password-migration")) + +(defn save-password-migration! + [key-uid] + (keychain/save-credentials + (password-migration-key-name key-uid) + key-uid + ;; NOTE: using the key-id as the password, but we don't really care about the + ;; value, we only care that it's there + key-uid + #(when-not % + (log/error + (str "Error while setting up keychain migration"))))) + +(defn get-password-migration! + [key-uid callback] + (keychain/get-credentials + (password-migration-key-name key-uid) + #(callback (boolean %)))) + (re-frame/reg-fx :keychain/clear-user-password (fn [key-uid] - (keychain/reset-credentials (str key-uid migration-server-suffix)) + (keychain/reset-credentials (password-migration-key-name key-uid)) (keychain/reset-credentials key-uid))) (re-frame/reg-fx @@ -133,7 +134,7 @@ (fn [{:keys [key-uid masked-password on-success on-error]}] (-> (save-user-password! key-uid masked-password) (.then #(save-auth-method! key-uid auth-method-biometric)) - (.then #(save-migration-auth-hashed! key-uid)) + (.then #(save-password-migration! key-uid)) (.then #(when on-success (on-success))) (.catch #(when on-error (on-error %)))))) @@ -143,14 +144,14 @@ (re-frame/reg-fx :keychain/password-hash-migration (fn [{:keys [key-uid callback]}] - (-> (get-migration-auth-hashed! key-uid identity) - (.then (fn [pw-already-hashed?] - (if pw-already-hashed? + (-> (get-password-migration! key-uid identity) + (.then (fn [migrated?] + (if migrated? (callback) (-> (get-user-password! key-uid identity) (.then #(security/hash-masked-password %)) (.then #(save-user-password! key-uid %)) - (.then #(save-migration-auth-hashed! key-uid)) + (.then #(save-password-migration! key-uid)) (.then #(callback)) (.catch #(log/error "Failed to migrate the keychain password for " key-uid "\nError: " %))))))))) From 2963eceb329648411d3e0cf1e506141c703cbf22 Mon Sep 17 00:00:00 2001 From: Cristian Lungu Date: Tue, 21 Nov 2023 21:44:54 +0200 Subject: [PATCH 06/19] ref: addressed @cammellos' review comments --- src/status_im2/common/keychain/events.cljs | 10 ++++++---- .../contexts/onboarding/enable_biometrics/view.cljs | 3 +-- src/status_im2/contexts/profile/login/events.cljs | 4 ++-- src/utils/security/core.cljs | 10 ++++------ 4 files changed, 13 insertions(+), 14 deletions(-) diff --git a/src/status_im2/common/keychain/events.cljs b/src/status_im2/common/keychain/events.cljs index 0567fb44bb7..e08d44b6e6d 100644 --- a/src/status_im2/common/keychain/events.cljs +++ b/src/status_im2/common/keychain/events.cljs @@ -81,6 +81,7 @@ (str key-uid "-auth") #(callback (if % (oops/oget % "password") auth-method-none))) (callback nil)))))) + (defn save-user-password! [key-uid password] (keychain/save-credentials key-uid key-uid (security/safe-unmask-data password) #())) @@ -88,9 +89,10 @@ (defn get-user-password! [key-uid callback] (keychain/get-credentials key-uid - #(if % - (callback (security/mask-data (oops/oget % "password"))) - (callback nil)))) + #(callback (when % + (-> % + (oops/oget "password") + (security/mask-data)))))) (re-frame/reg-fx :keychain/get-user-password @@ -121,7 +123,7 @@ [key-uid callback] (keychain/get-credentials (password-migration-key-name key-uid) - #(callback (boolean %)))) + #(comp callback boolean))) (re-frame/reg-fx :keychain/clear-user-password diff --git a/src/status_im2/contexts/onboarding/enable_biometrics/view.cljs b/src/status_im2/contexts/onboarding/enable_biometrics/view.cljs index 5dc5a4a3b83..7f75a8738ad 100644 --- a/src/status_im2/contexts/onboarding/enable_biometrics/view.cljs +++ b/src/status_im2/contexts/onboarding/enable_biometrics/view.cljs @@ -12,8 +12,7 @@ [status-im2.contexts.onboarding.enable-biometrics.style :as style] [status-im2.navigation.state :as state] [utils.i18n :as i18n] - [utils.re-frame :as rf] - [utils.security.core :as security])) + [utils.re-frame :as rf])) (defn page-title diff --git a/src/status_im2/contexts/profile/login/events.cljs b/src/status_im2/contexts/profile/login/events.cljs index 5cd360fdf20..daa17eb505f 100644 --- a/src/status_im2/contexts/profile/login/events.cljs +++ b/src/status_im2/contexts/profile/login/events.cljs @@ -162,7 +162,7 @@ (rf/defn get-auth-method-success {:events [:profile.login/get-auth-method-success]} - [{:keys [db] :as cofx} auth-method key-uid] + [{:keys [db]} auth-method key-uid] (merge {:db (assoc db :auth-method auth-method)} (when (= auth-method keychain/auth-method-biometric) {:keychain/password-hash-migration @@ -212,7 +212,7 @@ (rf/defn verify-database-password-success {:events [:profile.login/verified-database-password]} - [{:keys [db] :as cofx} valid? callback] + [{:keys [db]} valid? callback] (if valid? (do (when (fn? callback) diff --git a/src/utils/security/core.cljs b/src/utils/security/core.cljs index b1790a14eab..66eb87ed53a 100644 --- a/src/utils/security/core.cljs +++ b/src/utils/security/core.cljs @@ -60,9 +60,7 @@ [text] (not (re-matches rtlo-link-regex text))) -(defn hash-masked-password - [masked-password] - (-> masked-password - safe-unmask-data - native-module/sha3 - mask-data)) +(def hash-masked-password + (comp safe-unmask-data + native-module/sha3 + mask-data)) From 78f75984b0f705c08f62b2993f24fa1ca1fffeaa Mon Sep 17 00:00:00 2001 From: Cristian Lungu Date: Tue, 21 Nov 2023 22:16:10 +0200 Subject: [PATCH 07/19] ref: removed unnecessary anon fn --- src/status_im2/common/keychain/events.cljs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/status_im2/common/keychain/events.cljs b/src/status_im2/common/keychain/events.cljs index e08d44b6e6d..306611e771a 100644 --- a/src/status_im2/common/keychain/events.cljs +++ b/src/status_im2/common/keychain/events.cljs @@ -123,7 +123,7 @@ [key-uid callback] (keychain/get-credentials (password-migration-key-name key-uid) - #(comp callback boolean))) + (comp callback boolean))) (re-frame/reg-fx :keychain/clear-user-password From ec1f7b60caf67e1db874d66cc9b49cb1d4fcb30d Mon Sep 17 00:00:00 2001 From: Cristian Lungu Date: Wed, 22 Nov 2023 15:58:24 +0200 Subject: [PATCH 08/19] fix: addressed @ilmotta's review comments --- src/react_native/keychain.cljs | 18 ++++---- src/status_im2/common/keychain/events.cljs | 48 ++++++++++++---------- 2 files changed, 37 insertions(+), 29 deletions(-) diff --git a/src/react_native/keychain.cljs b/src/react_native/keychain.cljs index 3eb0c3fc9c0..66fd8cf4b44 100644 --- a/src/react_native/keychain.cljs +++ b/src/react_native/keychain.cljs @@ -58,14 +58,16 @@ (defn save-credentials "Stores the credentials for the address to the Keychain" - [server username password callback] - (-> (.setInternetCredentials ^js react-native-keychain - (string/lower-case server) - username - password - keychain-secure-hardware - keychain-restricted-availability) - (.then callback))) + ([server username password] + (save-credentials server username password identity)) + ([server username password callback] + (-> (.setInternetCredentials ^js react-native-keychain + (string/lower-case server) + username + password + keychain-secure-hardware + keychain-restricted-availability) + (.then callback)))) (defn get-credentials "Gets the credentials for a specified server from the Keychain" diff --git a/src/status_im2/common/keychain/events.cljs b/src/status_im2/common/keychain/events.cljs index 306611e771a..7338f5c4206 100644 --- a/src/status_im2/common/keychain/events.cljs +++ b/src/status_im2/common/keychain/events.cljs @@ -52,13 +52,12 @@ (keychain/save-credentials (str key-uid "-auth") key-uid - method - #(when-not % - (log/error - (str "Error while saving auth method." - " " - "The app will continue to work normally, " - "but you will have to login again next time you launch it."))))) + method) + (.catch (fn [err] + (log/error "Failed to save auth method in the keychain" + {:error err + :key-uid key-uid + :auth-method method})))) (re-frame/reg-fx :keychain/save-auth-method @@ -79,7 +78,8 @@ (if can-save? (keychain/get-credentials (str key-uid "-auth") - #(callback (if % (oops/oget % "password") auth-method-none))) + (fn [value] + (callback (if value (oops/oget value "password") auth-method-none)))) (callback nil)))))) (defn save-user-password! @@ -89,10 +89,11 @@ (defn get-user-password! [key-uid callback] (keychain/get-credentials key-uid - #(callback (when % - (-> % - (oops/oget "password") - (security/mask-data)))))) + (fn [value] + (callback (when value + (-> value + (oops/oget "password") + (security/mask-data))))))) (re-frame/reg-fx :keychain/get-user-password @@ -114,10 +115,11 @@ key-uid ;; NOTE: using the key-id as the password, but we don't really care about the ;; value, we only care that it's there - key-uid - #(when-not % - (log/error - (str "Error while setting up keychain migration"))))) + key-uid) + (.catch (fn [error] + (log/error "Failed to get the keychain password migration flag" + {:error error + :key-uid key-uid})))) (defn get-password-migration! [key-uid callback] @@ -145,15 +147,19 @@ ;; flow, where the password arrives already hashed. (re-frame/reg-fx :keychain/password-hash-migration - (fn [{:keys [key-uid callback]}] + (fn [{:keys [key-uid callback] + :or {callback identity}}] (-> (get-password-migration! key-uid identity) (.then (fn [migrated?] (if migrated? (callback) (-> (get-user-password! key-uid identity) - (.then #(security/hash-masked-password %)) + (.then security/hash-masked-password) (.then #(save-user-password! key-uid %)) (.then #(save-password-migration! key-uid)) - (.then #(callback)) - (.catch #(log/error "Failed to migrate the keychain password for " key-uid - "\nError: " %))))))))) + (.then callback))))) + (.catch (fn [err] + (log/error "Failed to migrate the keychain password" + {:error err + :key-uid key-uid + :event :keychain/password-hash-migration})))))) From 3ec23ae78cc67183a5f9a0b20e518aa3aed4669d Mon Sep 17 00:00:00 2001 From: Cristian Lungu Date: Wed, 22 Nov 2023 16:58:21 +0200 Subject: [PATCH 09/19] ref: removed theme from enable-biometrics --- .../onboarding/enable_biometrics/view.cljs | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/src/status_im2/contexts/onboarding/enable_biometrics/view.cljs b/src/status_im2/contexts/onboarding/enable_biometrics/view.cljs index 7f75a8738ad..8ad8a42c418 100644 --- a/src/status_im2/contexts/onboarding/enable_biometrics/view.cljs +++ b/src/status_im2/contexts/onboarding/enable_biometrics/view.cljs @@ -1,7 +1,6 @@ (ns status-im2.contexts.onboarding.enable-biometrics.view (:require [quo.core :as quo] - [quo.theme :as quo.theme] [react-native.core :as rn] [react-native.safe-area :as safe-area] [status-im2.common.biometric.events :as biometric] @@ -25,7 +24,7 @@ :description-accessibility-label :enable-biometrics-sub-title}]) (defn enable-biometrics-buttons - [insets theme] + [insets] (let [supported-biometric-type (rf/sub [:biometric/supported-type]) bio-type-label (biometric/get-label-by-type supported-biometric-type) profile-color (or (:color (rf/sub [:onboarding-2/profile])) @@ -37,7 +36,6 @@ :accessibility-label :enable-biometrics-button :icon-left :i/face-id :customization-color profile-color - :theme theme :on-press #(rf/dispatch [:onboarding-2/enable-biometrics]) :button-label (i18n/label :t/biometric-enable-button {:bio-type-label bio-type-label})}] [quo/button @@ -67,18 +65,16 @@ :source (resources/get-image :biometrics)}])) (defn f-enable-biometrics - [{:keys [theme]}] + [] (let [insets (safe-area/get-insets)] [rn/view {:style (style/page-container insets)} [page-title] (if whitelist/whitelisted? [enable-biometrics-parallax] [enable-biometrics-simple]) - [enable-biometrics-buttons insets theme]])) - + [enable-biometrics-buttons insets]])) -(defn- internale-enable-biometrics - [params] - [:f> f-enable-biometrics params]) +(defn view + [] + [:f> f-enable-biometrics]) -(def view (quo.theme/with-theme internale-enable-biometrics)) From 8a8d9ab53fe1370d8d21d5bf045fd77f6eb8ed27 Mon Sep 17 00:00:00 2001 From: Cristian Lungu Date: Wed, 22 Nov 2023 18:43:40 +0200 Subject: [PATCH 10/19] ref: addressed J-Son89's review comments --- src/status_im2/common/keychain/events.cljs | 2 +- src/status_im2/contexts/profile/login/events.cljs | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/status_im2/common/keychain/events.cljs b/src/status_im2/common/keychain/events.cljs index 7338f5c4206..5b427503639 100644 --- a/src/status_im2/common/keychain/events.cljs +++ b/src/status_im2/common/keychain/events.cljs @@ -113,7 +113,7 @@ (keychain/save-credentials (password-migration-key-name key-uid) key-uid - ;; NOTE: using the key-id as the password, but we don't really care about the + ;; NOTE: using the key-uid as the password, but we don't really care about the ;; value, we only care that it's there key-uid) (.catch (fn [error] diff --git a/src/status_im2/contexts/profile/login/events.cljs b/src/status_im2/contexts/profile/login/events.cljs index daa17eb505f..39243fe3fff 100644 --- a/src/status_im2/contexts/profile/login/events.cljs +++ b/src/status_im2/contexts/profile/login/events.cljs @@ -42,8 +42,8 @@ {:db (assoc-in db [:profile/login :processing] true) ::login [key-uid (native-module/sha3 (security/safe-unmask-data password))]})) -(rf/defn biometry-login - {:events [:profile.login/biometry-login]} +(rf/defn biometrics-login + {:events [:profile.login/biometrics-login]} [{:keys [db]}] (let [{:keys [key-uid password]} (:profile/login db)] {:db (assoc-in db [:profile/login :processing] true) @@ -190,7 +190,7 @@ cofx {:db (assoc-in db [:profile/login :password] password)} (navigation/init-root :progress) - (biometry-login)))) + (biometrics-login)))) (rf/defn biometric-auth-fail {:events [:profile.login/biometric-auth-fail]} From 151262f2f19d789b6a076f359033be9863083b59 Mon Sep 17 00:00:00 2001 From: Cristian Lungu Date: Wed, 22 Nov 2023 18:50:14 +0200 Subject: [PATCH 11/19] test: added tests for mask-data and hash-masked-password --- src/utils/security/core.cljs | 4 ++-- src/utils/security/security_test.cljs | 25 +++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/src/utils/security/core.cljs b/src/utils/security/core.cljs index 66eb87ed53a..c254c59e074 100644 --- a/src/utils/security/core.cljs +++ b/src/utils/security/core.cljs @@ -61,6 +61,6 @@ (not (re-matches rtlo-link-regex text))) (def hash-masked-password - (comp safe-unmask-data + (comp mask-data native-module/sha3 - mask-data)) + safe-unmask-data)) diff --git a/src/utils/security/security_test.cljs b/src/utils/security/security_test.cljs index 3e8c2a51f65..dcd4c76f96d 100644 --- a/src/utils/security/security_test.cljs +++ b/src/utils/security/security_test.cljs @@ -1,6 +1,7 @@ (ns utils.security.security-test (:require [cljs.test :refer-macros [deftest is testing]] + [native-module.core :as native-module] [utils.security.core :as security])) (def rtlo-link "‮http://google.com") @@ -29,3 +30,27 @@ (deftest safe-link-text-test-exceptions (testing "rtlo links" (is (not (security/safe-link-text? rtlo-link-text))))) + +(deftest mask-data-test + (testing "returns an instance of MaskedData" + (is (instance? security/MaskedData (security/mask-data "test")))) + (testing "hides the original value" + (is (= "******" (str (security/mask-data "test"))))) + (testing "succeeds the equality check between same MaskedData instances" + (is (= (security/mask-data "value") (security/mask-data "value")))) + (testing "fails the equality check between different MaskedData instances" + (is (not (= (security/mask-data "value-A") (security/mask-data "value-B"))))) + (testing "fails the equality check with non-MaskedData instances" + (is (not (= (security/mask-data "value") "value")))) + (testing "counts the masked data correctly" + (is (= (count "test") (count (security/mask-data "test"))))) + (testing "unmasks the data correctly" + (is (= "test" (-> "test" security/mask-data security/safe-unmask-data))))) + +(deftest hash-masked-password-test + (testing "returns an instance of MaskedData with the hashed content" + (is (= (-> "test" native-module/sha3 security/mask-data) + (-> "test" security/mask-data security/hash-masked-password)))) + (testing "returns the hashed content if the argument is not a MaskedData instance" + (is (= (native-module/sha3 "test") + (-> "test" security/hash-masked-password security/safe-unmask-data))))) From a73e1e3f5ec3b00684d464b4e0b2b3b02aa9716d Mon Sep 17 00:00:00 2001 From: Cristian Lungu Date: Wed, 22 Nov 2023 20:03:03 +0200 Subject: [PATCH 12/19] test: added schema to hash-masked-password and fixed test --- src/utils/security/core.cljs | 23 +++++++++++++++++++---- src/utils/security/security_test.cljs | 5 ++--- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/src/utils/security/core.cljs b/src/utils/security/core.cljs index c254c59e074..ae09424d8e3 100644 --- a/src/utils/security/core.cljs +++ b/src/utils/security/core.cljs @@ -1,6 +1,7 @@ (ns utils.security.core (:require [native-module.core :as native-module] + [schema.core :as schema] [utils.security.security-html :as h])) (defprotocol Unmaskable @@ -60,7 +61,21 @@ [text] (not (re-matches rtlo-link-regex text))) -(def hash-masked-password - (comp mask-data - native-module/sha3 - safe-unmask-data)) +(defn hash-masked-password + [masked-password] + (-> masked-password + safe-unmask-data + native-module/sha3 + mask-data)) + +(defn masked-data-instance? + [value] + (instance? MaskedData value)) + +(schema/=> hash-masked-password + [:=> + [:cat + [:fn {:error/message "argument should be an instance of MaskedData"} + masked-data-instance?]] + [:fn {:error/message "return value should be an instance of MaskedData"} + masked-data-instance?]]) diff --git a/src/utils/security/security_test.cljs b/src/utils/security/security_test.cljs index dcd4c76f96d..5c75644911f 100644 --- a/src/utils/security/security_test.cljs +++ b/src/utils/security/security_test.cljs @@ -51,6 +51,5 @@ (testing "returns an instance of MaskedData with the hashed content" (is (= (-> "test" native-module/sha3 security/mask-data) (-> "test" security/mask-data security/hash-masked-password)))) - (testing "returns the hashed content if the argument is not a MaskedData instance" - (is (= (native-module/sha3 "test") - (-> "test" security/hash-masked-password security/safe-unmask-data))))) + (testing "throws a schema exception if the argument is not an instance of MaskedData" + (is (thrown? js/Error (security/hash-masked-password "test"))))) From 4038c83896073b119d71368bae0b8585f7eb86bf Mon Sep 17 00:00:00 2001 From: Cristian Lungu Date: Wed, 22 Nov 2023 20:24:01 +0200 Subject: [PATCH 13/19] fix: forgot the threading --- src/status_im2/common/keychain/events.cljs | 38 +++++++++++----------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/src/status_im2/common/keychain/events.cljs b/src/status_im2/common/keychain/events.cljs index 5b427503639..f6eb8e2b276 100644 --- a/src/status_im2/common/keychain/events.cljs +++ b/src/status_im2/common/keychain/events.cljs @@ -49,15 +49,15 @@ (defn save-auth-method! [key-uid method] - (keychain/save-credentials - (str key-uid "-auth") - key-uid - method) - (.catch (fn [err] - (log/error "Failed to save auth method in the keychain" - {:error err - :key-uid key-uid - :auth-method method})))) + (-> (keychain/save-credentials + (str key-uid "-auth") + key-uid + method) + (.catch (fn [err] + (log/error "Failed to save auth method in the keychain" + {:error err + :key-uid key-uid + :auth-method method}))))) (re-frame/reg-fx :keychain/save-auth-method @@ -110,16 +110,16 @@ (defn save-password-migration! [key-uid] - (keychain/save-credentials - (password-migration-key-name key-uid) - key-uid - ;; NOTE: using the key-uid as the password, but we don't really care about the - ;; value, we only care that it's there - key-uid) - (.catch (fn [error] - (log/error "Failed to get the keychain password migration flag" - {:error error - :key-uid key-uid})))) + (-> (keychain/save-credentials + (password-migration-key-name key-uid) + key-uid + ;; NOTE: using the key-uid as the password, but we don't really care about the + ;; value, we only care that it's there + key-uid) + (.catch (fn [error] + (log/error "Failed to get the keychain password migration flag" + {:error error + :key-uid key-uid}))))) (defn get-password-migration! [key-uid callback] From 52a7adba31c77accc516f84b0c94fc3d0b84a586 Mon Sep 17 00:00:00 2001 From: Cristian Lungu Date: Wed, 22 Nov 2023 23:47:15 +0200 Subject: [PATCH 14/19] ref: improved the masked data schema --- src/utils/security/core.cljs | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/utils/security/core.cljs b/src/utils/security/core.cljs index ae09424d8e3..029d723ceb2 100644 --- a/src/utils/security/core.cljs +++ b/src/utils/security/core.cljs @@ -72,10 +72,11 @@ [value] (instance? MaskedData value)) +(def ?masked-password + [:fn {:error/message "should be an instance of utils.security.core/MaskedData"} + masked-data-instance?]) + (schema/=> hash-masked-password [:=> - [:cat - [:fn {:error/message "argument should be an instance of MaskedData"} - masked-data-instance?]] - [:fn {:error/message "return value should be an instance of MaskedData"} - masked-data-instance?]]) + [:cat ?masked-password] + ?masked-password]) From da0f986d808004a95122e94529500a4ce95e3dd9 Mon Sep 17 00:00:00 2001 From: Lungu Cristian Date: Mon, 27 Nov 2023 15:26:02 +0200 Subject: [PATCH 15/19] fix: no biometry error when canceled by user --- src/status_im2/common/biometric/events.cljs | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/status_im2/common/biometric/events.cljs b/src/status_im2/common/biometric/events.cljs index 928c5e85e90..edb9ac1f2a8 100644 --- a/src/status_im2/common/biometric/events.cljs +++ b/src/status_im2/common/biometric/events.cljs @@ -42,11 +42,12 @@ (rf/defn show-message [_ code] - (let [content (if (#{"NOT_AVAILABLE" "NOT_ENROLLED"} code) - (i18n/label :t/grant-face-id-permissions) - (when-not (or (= code "USER_CANCELED") (= code "USER_FALLBACK")) - (i18n/label :t/biometric-auth-error {:code code})))] - (when content + (let [handle-error? (and code + (not (contains? #{"USER_CANCELED" "USER_FALLBACK"} code))) + content (if (#{"NOT_AVAILABLE" "NOT_ENROLLED"} code) + (i18n/label :t/grant-face-id-permissions) + (i18n/label :t/biometric-auth-error {:code code}))] + (when handle-error? {:utils/show-popup {:title (i18n/label :t/biometric-auth-login-error-title) :content content}}))) From 05e72d199876656f308d3a1d5c370201bc818984 Mon Sep 17 00:00:00 2001 From: Lungu Cristian Date: Mon, 27 Nov 2023 15:32:22 +0200 Subject: [PATCH 16/19] fix: biometry error wasn't propagated during login --- src/status_im2/contexts/profile/login/events.cljs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/status_im2/contexts/profile/login/events.cljs b/src/status_im2/contexts/profile/login/events.cljs index 39243fe3fff..b51619ee5f9 100644 --- a/src/status_im2/contexts/profile/login/events.cljs +++ b/src/status_im2/contexts/profile/login/events.cljs @@ -171,7 +171,7 @@ (rf/dispatch [:biometric/authenticate {:on-success #(rf/dispatch [:profile.login/biometric-success]) :on-fail #(rf/dispatch - [:profile.login/biometric-auth-fail])}]))}}))) + [:profile.login/biometric-auth-fail %])}]))}}))) (rf/defn biometric-auth-success {:events [:profile.login/biometric-success]} From 04d8bca85d4877f496f4e5016d6dd74ac727f0c0 Mon Sep 17 00:00:00 2001 From: Cristian Lungu Date: Tue, 28 Nov 2023 15:17:17 +0200 Subject: [PATCH 17/19] fix: alert dismiss button not passed properly --- src/status_im2/common/alert/events.cljs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/status_im2/common/alert/events.cljs b/src/status_im2/common/alert/events.cljs index 0664035f7d2..e12e03e8b55 100644 --- a/src/status_im2/common/alert/events.cljs +++ b/src/status_im2/common/alert/events.cljs @@ -22,7 +22,7 @@ (vector action-button dismiss-button) - dismiss-button) + (vector dismiss-button)) (when on-dismiss {:cancelable false}))))) From 326db658cf296a5f3e0c4ac4546019a704fd27bb Mon Sep 17 00:00:00 2001 From: Lungu Cristian Date: Wed, 29 Nov 2023 12:11:52 +0200 Subject: [PATCH 18/19] fix: show biometrics NOT_ENROLLED error only once --- src/status_im2/common/biometric/events.cljs | 45 +++++++++++++++++++ .../contexts/profile/login/events.cljs | 35 +++++++++------ 2 files changed, 66 insertions(+), 14 deletions(-) diff --git a/src/status_im2/common/biometric/events.cljs b/src/status_im2/common/biometric/events.cljs index edb9ac1f2a8..7508e197a07 100644 --- a/src/status_im2/common/biometric/events.cljs +++ b/src/status_im2/common/biometric/events.cljs @@ -2,9 +2,11 @@ (:require [native-module.core :as native-module] [re-frame.core :as re-frame] + [react-native.async-storage :as async-storage] [react-native.platform :as platform] [react-native.touch-id :as touch-id] [status-im2.common.keychain.events :as keychain] + [taoensso.timbre :as log] [utils.i18n :as i18n] [utils.re-frame :as rf])) @@ -41,6 +43,7 @@ {:db (assoc db :biometric/supported-type supported-type)}) (rf/defn show-message + {:events [:biometric/show-message]} [_ code] (let [handle-error? (and code (not (contains? #{"USER_CANCELED" "USER_FALLBACK"} code))) @@ -52,6 +55,48 @@ {:title (i18n/label :t/biometric-auth-login-error-title) :content content}}))) +(defn- supress-biometry-error-key + [key-uid] + (keyword (str "biometric/supress-not-enrolled-error-" key-uid))) + +;; NOTE: if the account had biometrics registered, but it's not enrolled at the moment, +;; we should show the error message only once and supress further "NOT_ENROLLED" errors +;; until biometry is enrolled again. Note that we can only know that when :biometric/authenticate +;; is dispatched and fails with "NOT_ENROLLED", since :biometric/get-supported-biometric-type +;; only tells us what kind of biometric is available on the device, but it doesn't know of its +;; enrollment status. +(re-frame/reg-fx + :biometric/supress-not-enrolled-error + (fn [[key-uid dispatch-event]] + (let [storage-key (supress-biometry-error-key key-uid)] + (-> (async-storage/get-item storage-key identity) + (.then (fn [item] + (when (not item) + (rf/dispatch dispatch-event) + (async-storage/set-item! storage-key true)))) + (.catch (fn [err] + (log/error "Couldn't supress biometry NOT_ENROLLED error" + {:key-uid key-uid + :event :biometric/supress-not-enrolled-error + :error err}))))))) + +;; NOTE: when biometrics is re-enrolled, we erase the flag in async-storage to assure +;; the "NOT_ENROLLED" error message will be shown again if biometrics is un-enrolled +;; in the future. +(re-frame/reg-fx + :biometric/reset-not-enrolled-error + (fn [key-uid] + (let [storage-key (supress-biometry-error-key key-uid)] + (-> (async-storage/get-item storage-key identity) + (.then (fn [supress?] + (when supress? + (async-storage/set-item! storage-key nil)))) + (.catch (fn [err] + (log/error "Couldn't reset supressing biometry NOT_ENROLLED error" + {:key-uid key-uid + :event :biometric/reset-not-enrolled-error + :error err}))))))) + (re-frame/reg-fx :biometric/authenticate (fn [options] diff --git a/src/status_im2/contexts/profile/login/events.cljs b/src/status_im2/contexts/profile/login/events.cljs index b51619ee5f9..9c9cc3a626d 100644 --- a/src/status_im2/contexts/profile/login/events.cljs +++ b/src/status_im2/contexts/profile/login/events.cljs @@ -173,14 +173,6 @@ :on-fail #(rf/dispatch [:profile.login/biometric-auth-fail %])}]))}}))) -(rf/defn biometric-auth-success - {:events [:profile.login/biometric-success]} - [{:keys [db] :as cofx}] - (let [key-uid (get-in db [:profile/login :key-uid])] - (keychain/get-user-password cofx - key-uid - #(rf/dispatch [:profile.login/get-user-password-success %])))) - ;; result of :keychain/get-auth-method above (rf/defn get-user-password-success {:events [:profile.login/get-user-password-success]} @@ -192,12 +184,27 @@ (navigation/init-root :progress) (biometrics-login)))) -(rf/defn biometric-auth-fail - {:events [:profile.login/biometric-auth-fail]} - [{:keys [db] :as cofx} code] - (rf/merge cofx - (navigation/init-root :profiles) - (biometric/show-message code))) +(rf/reg-event-fx + :profile.login/biometric-success + (fn [{:keys [db]}] + (let [key-uid (get-in db [:profile/login :key-uid])] + {:db db + :fx [[:biometric/reset-not-enrolled-error key-uid] + [:keychain/get-user-password + [key-uid #(rf/dispatch [:profile.login/get-user-password-success %])]]]}))) + +(rf/reg-event-fx + :profile.login/biometric-auth-fail + (fn [{:keys [db]} [code]] + (let [key-uid (get-in db [:profile/login :key-uid])] + {:db db + :fx [[:dispatch [:init-root :profiles]] + (if (= code "NOT_ENROLLED") + [:biometric/supress-not-enrolled-error + [key-uid + [:biometric/show-message code]]] + [:dispatch [:biometric/show-message code]])]}))) + (rf/defn verify-database-password {:events [:profile.login/verify-database-password]} From 331f2cb646a974d706ad34869926f16fc127825c Mon Sep 17 00:00:00 2001 From: Cristian Lungu Date: Thu, 30 Nov 2023 13:09:28 +0200 Subject: [PATCH 19/19] lint: removed unused require --- src/status_im2/contexts/profile/login/events.cljs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/status_im2/contexts/profile/login/events.cljs b/src/status_im2/contexts/profile/login/events.cljs index 9c9cc3a626d..f9737409bcb 100644 --- a/src/status_im2/contexts/profile/login/events.cljs +++ b/src/status_im2/contexts/profile/login/events.cljs @@ -11,7 +11,6 @@ [status-im.group-chats.core :as group-chats] [status-im.mobile-sync-settings.core :as mobile-network] [status-im.transport.core :as transport] - [status-im2.common.biometric.events :as biometric] [status-im2.common.keychain.events :as keychain] [status-im2.common.log :as logging] [status-im2.config :as config]