Skip to content

Commit

Permalink
PM-11979: Allow PIN unlock to configure biometric integrity if needed (
Browse files Browse the repository at this point in the history
  • Loading branch information
matt-livefront authored Sep 11, 2024
1 parent 261bb86 commit 121a26d
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 2 deletions.
3 changes: 1 addition & 2 deletions BitwardenShared/Core/Auth/Repositories/AuthRepository.swift
Original file line number Diff line number Diff line change
Expand Up @@ -959,8 +959,7 @@ extension DefaultAuthRepository: AuthRepository {

try await configureBiometricUnlockIfRequired()
case .pin:
// No-op: nothing extra to do for pin unlock.
break
try await configureBiometricUnlockIfRequired()
}

_ = try await trustDeviceService.trustDeviceIfNeeded()
Expand Down
31 changes: 31 additions & 0 deletions BitwardenShared/Core/Auth/Repositories/AuthRepositoryTests.swift
Original file line number Diff line number Diff line change
Expand Up @@ -1742,6 +1742,37 @@ class AuthRepositoryTests: BitwardenTestCase { // swiftlint:disable:this type_bo
)
XCTAssertFalse(vaultTimeoutService.isLocked(userId: "1"))
XCTAssertTrue(vaultTimeoutService.unlockVaultHadUserInteraction)
XCTAssertFalse(biometricsRepository.didConfigureBiometricIntegrity)
}

/// `unlockVaultWithPIN(_:)` unlocks the vault with the user's PIN and configures biometric
/// integrity if needed.
func test_unlockVaultWithPIN_configuresBiometrics() async throws {
let account = Account.fixture()
stateService.activeAccount = account
stateService.accountEncryptionKeys = [
"1": AccountEncryptionKeys(encryptedPrivateKey: "PRIVATE_KEY", encryptedUserKey: "USER_KEY"),
]
stateService.encryptedPinByUserId[account.profile.userId] = "123"
stateService.pinProtectedUserKeyValue[account.profile.userId] = "123"
biometricsRepository.biometricUnlockStatus = .success(
.available(.faceID, enabled: true, hasValidIntegrity: false)
)

try await subject.unlockVaultWithPIN(pin: "123")

XCTAssertEqual(
clientService.mockCrypto.initializeUserCryptoRequest,
InitUserCryptoRequest(
kdfParams: .pbkdf2(iterations: UInt32(Constants.pbkdf2Iterations)),
email: "user@bitwarden.com",
privateKey: "PRIVATE_KEY",
method: .pin(pin: "123", pinProtectedUserKey: "123")
)
)
XCTAssertFalse(vaultTimeoutService.isLocked(userId: "1"))
XCTAssertTrue(vaultTimeoutService.unlockVaultHadUserInteraction)
XCTAssertTrue(biometricsRepository.didConfigureBiometricIntegrity)
}

/// `unlockVaultWithPIN(_:)` throws an error if there's no pin.
Expand Down

0 comments on commit 121a26d

Please sign in to comment.