Invalidate biometric on change (#1026)

* Initial working version for Android * Add a fallback for when upgrading from older app version. * Ensure biometric validity is re-checked on focus * Only setup biometric integrity key if biometric is turned on. * Fix styling according to comments * Fallback for Android 5. * Improve comment * Add boilerplate for iOS * Change BiometricService to public * Untested iOS implementation. * Convert IBiometricService to async. Fix code style for iOS. * Base64 NSData. * Review comments for Android BiometricService. * Rename methods in BiometricService to append Async * Ensure we wait for async SetupBiometricAsync. * Update BiometricService.cs Co-authored-by: Kyle Spearrin <kspearrin@users.noreply.github.com>
2025-12-18 01:03:24 +00:00 · 2020-08-09 03:33:49 +02:00
parent 39de2c1d25
commit ae28de4159
12 changed files with 218 additions and 20 deletions
--- a/src/iOS.Core/Services/BiometricService.cs
+++ b/src/iOS.Core/Services/BiometricService.cs
@@ -0,0 +1,62 @@
+using System.Threading.Tasks;
+using Bit.Core.Abstractions;
+using Foundation;
+using LocalAuthentication;
+
+namespace Bit.iOS.Core.Services
+{
+    public class BiometricService : IBiometricService
+    {
+        private IStorageService _storageService;
+
+        public BiometricService(IStorageService storageService)
+        {
+            _storageService = storageService;
+        }
+
+        public async Task<bool> SetupBiometricAsync()
+        {
+            var state = GetState();
+            await _storageService.SaveAsync("biometricState", ToBase64(state));
+
+            return true;
+        }
+
+        public async Task<bool> ValidateIntegrityAsync()
+        {
+            var oldState = await _storageService.GetAsync<string>("biometricState");
+            if (oldState == null)
+            {
+                // Fallback for upgraded devices
+                await SetupBiometricAsync();
+
+                return true;
+            }
+            else
+            {
+                var state = GetState();
+
+                return FromBase64(oldState) == state;
+            }
+        }
+
+        private NSData GetState()
+        {
+            var context = new LAContext();
+            context.CanEvaluatePolicy(LAPolicy.DeviceOwnerAuthenticationWithBiometrics, out _);
+
+            return context.EvaluatedPolicyDomainState;
+        }
+
+        private string ToBase64(NSData data)
+        {
+            return System.Convert.ToBase64String(data.ToArray());
+        }
+
+        private NSData FromBase64(string data)
+        {
+            var bytes = System.Convert.FromBase64String(data);
+            return NSData.FromArray(bytes);
+        }
+    }
+}