[PM-25373] Windows native biometric rewrite (#16432)

* Extract windows biometrics v2 changes Co-authored-by: Bernd Schoolmann <mail@quexten.com> * Handle TDE edge cases * Make windows rust code async and fix restoring focus freezes * Add unit test coverage --------- Co-authored-by: Bernd Schoolmann <mail@quexten.com>
2025-12-28 22:23:28 +00:00 · 2025-10-20 14:47:15 -05:00
parent d2c6757626
commit f65e5d52c2
35 changed files with 1971 additions and 182 deletions
--- a/apps/desktop/desktop_native/napi/index.d.ts
+++ b/apps/desktop/desktop_native/napi/index.d.ts
@@ -58,6 +58,18 @@ export declare namespace biometrics {
    ivB64: string
  }
 }
+export declare namespace biometrics_v2 {
+  export function initBiometricSystem(): BiometricLockSystem
+  export function authenticate(biometricLockSystem: BiometricLockSystem, hwnd: Buffer, message: string): Promise<boolean>
+  export function authenticateAvailable(biometricLockSystem: BiometricLockSystem): Promise<boolean>
+  export function enrollPersistent(biometricLockSystem: BiometricLockSystem, userId: string, key: Buffer): Promise<void>
+  export function provideKey(biometricLockSystem: BiometricLockSystem, userId: string, key: Buffer): Promise<void>
+  export function unlock(biometricLockSystem: BiometricLockSystem, userId: string, hwnd: Buffer): Promise<Buffer>
+  export function unlockAvailable(biometricLockSystem: BiometricLockSystem, userId: string): Promise<boolean>
+  export function hasPersistent(biometricLockSystem: BiometricLockSystem, userId: string): Promise<boolean>
+  export function unenroll(biometricLockSystem: BiometricLockSystem, userId: string): Promise<void>
+  export class BiometricLockSystem {   }
+}
 export declare namespace clipboards {
  export function read(): Promise<string>
  export function write(text: string, password: boolean): Promise<void>
--- a/apps/desktop/desktop_native/napi/src/lib.rs
+++ b/apps/desktop/desktop_native/napi/src/lib.rs
@@ -149,6 +149,123 @@ pub mod biometrics {
    }
 }

+#[napi]
+pub mod biometrics_v2 {
+    use desktop_core::biometric_v2::BiometricTrait;
+
+    #[napi]
+    pub struct BiometricLockSystem {
+        inner: desktop_core::biometric_v2::BiometricLockSystem,
+    }
+
+    #[napi]
+    pub fn init_biometric_system() -> napi::Result<BiometricLockSystem> {
+        Ok(BiometricLockSystem {
+            inner: desktop_core::biometric_v2::BiometricLockSystem::new(),
+        })
+    }
+
+    #[napi]
+    pub async fn authenticate(
+        biometric_lock_system: &BiometricLockSystem,
+        hwnd: napi::bindgen_prelude::Buffer,
+        message: String,
+    ) -> napi::Result<bool> {
+        biometric_lock_system
+            .inner
+            .authenticate(hwnd.into(), message)
+            .await
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+
+    #[napi]
+    pub async fn authenticate_available(
+        biometric_lock_system: &BiometricLockSystem,
+    ) -> napi::Result<bool> {
+        biometric_lock_system
+            .inner
+            .authenticate_available()
+            .await
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+
+    #[napi]
+    pub async fn enroll_persistent(
+        biometric_lock_system: &BiometricLockSystem,
+        user_id: String,
+        key: napi::bindgen_prelude::Buffer,
+    ) -> napi::Result<()> {
+        biometric_lock_system
+            .inner
+            .enroll_persistent(&user_id, &key)
+            .await
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+
+    #[napi]
+    pub async fn provide_key(
+        biometric_lock_system: &BiometricLockSystem,
+        user_id: String,
+        key: napi::bindgen_prelude::Buffer,
+    ) -> napi::Result<()> {
+        biometric_lock_system
+            .inner
+            .provide_key(&user_id, &key)
+            .await;
+        Ok(())
+    }
+
+    #[napi]
+    pub async fn unlock(
+        biometric_lock_system: &BiometricLockSystem,
+        user_id: String,
+        hwnd: napi::bindgen_prelude::Buffer,
+    ) -> napi::Result<napi::bindgen_prelude::Buffer> {
+        biometric_lock_system
+            .inner
+            .unlock(&user_id, hwnd.into())
+            .await
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+            .map(|v| v.into())
+    }
+
+    #[napi]
+    pub async fn unlock_available(
+        biometric_lock_system: &BiometricLockSystem,
+        user_id: String,
+    ) -> napi::Result<bool> {
+        biometric_lock_system
+            .inner
+            .unlock_available(&user_id)
+            .await
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+
+    #[napi]
+    pub async fn has_persistent(
+        biometric_lock_system: &BiometricLockSystem,
+        user_id: String,
+    ) -> napi::Result<bool> {
+        biometric_lock_system
+            .inner
+            .has_persistent(&user_id)
+            .await
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+
+    #[napi]
+    pub async fn unenroll(
+        biometric_lock_system: &BiometricLockSystem,
+        user_id: String,
+    ) -> napi::Result<()> {
+        biometric_lock_system
+            .inner
+            .unenroll(&user_id)
+            .await
+            .map_err(|e| napi::Error::from_reason(e.to_string()))
+    }
+}
+
 #[napi]
 pub mod clipboards {
    #[allow(clippy::unused_async)] // FIXME: Remove unused async!