[PM-1817] Expand biometric integrity checks to the account level (#2498)

* Change bio integrity validation to work at account-level * biometric state migration * fix account bio valid key storage location during migration * comment clarification * fix for iOS extensions not using custom avatar color
2025-12-17 08:43:21 +00:00 · 2023-05-01 09:47:00 -04:00
parent 4f0238122b
commit 0f417b8434
22 changed files with 236 additions and 102 deletions
--- a/src/iOS.Core/Controllers/BaseLockPasswordViewController.cs
+++ b/src/iOS.Core/Controllers/BaseLockPasswordViewController.cs
@@ -56,7 +56,7 @@ namespace Bit.iOS.Core.Controllers
        public FormEntryTableViewCell MasterPasswordCell { get; set; } = new FormEntryTableViewCell(
            AppResources.MasterPassword, buttonsConfig: FormEntryTableViewCell.ButtonsConfig.One);

-        public string BiometricIntegrityKey { get; set; }
+        public string BiometricIntegritySourceKey { get; set; }

        public UITableViewCell BiometricCell
        {
@@ -77,7 +77,7 @@ namespace Bit.iOS.Core.Controllers
                    cell.TextLabel.Font = ThemeHelpers.GetDangerFont();
                    cell.TextLabel.Lines = 0;
                    cell.TextLabel.LineBreakMode = UILineBreakMode.WordWrap;
-                    cell.TextLabel.Text = AppResources.BiometricInvalidatedExtension;
+                    cell.TextLabel.Text = AppResources.AccountBiometricInvalidatedExtension;
                }
                return cell;
            }
@@ -114,7 +114,8 @@ namespace Bit.iOS.Core.Controllers
                           _isPinProtectedWithKey;
                _biometricLock = await _vaultTimeoutService.IsBiometricLockSetAsync() &&
                                 await _cryptoService.HasKeyAsync();
-                _biometricIntegrityValid = await _biometricService.ValidateIntegrityAsync(BiometricIntegrityKey);
+                _biometricIntegrityValid =
+                    await _platformUtilsService.IsBiometricIntegrityValidAsync(BiometricIntegritySourceKey);
                _usesKeyConnector = await _keyConnectorService.GetUsesKeyConnector();
                _biometricUnlockOnly = _usesKeyConnector && _biometricLock && !_pinLock;
            }
@@ -371,7 +372,7 @@ namespace Bit.iOS.Core.Controllers
            // Re-enable biometrics if initial use
            if (_biometricLock & !_biometricIntegrityValid)
            {
-                await _biometricService.SetupBiometricAsync(BiometricIntegrityKey);
+                await _biometricService.SetupBiometricAsync(BiometricIntegritySourceKey);
            }
        }