From 121a26d9a02c655de8b20ba23a67c144886142a5 Mon Sep 17 00:00:00 2001 From: Matt Czech Date: Wed, 11 Sep 2024 15:43:21 -0500 Subject: [PATCH] PM-11979: Allow PIN unlock to configure biometric integrity if needed (#918) --- .../Auth/Repositories/AuthRepository.swift | 3 +- .../Repositories/AuthRepositoryTests.swift | 31 +++++++++++++++++++ 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/BitwardenShared/Core/Auth/Repositories/AuthRepository.swift b/BitwardenShared/Core/Auth/Repositories/AuthRepository.swift index 1096294aa..a266c717e 100644 --- a/BitwardenShared/Core/Auth/Repositories/AuthRepository.swift +++ b/BitwardenShared/Core/Auth/Repositories/AuthRepository.swift @@ -959,8 +959,7 @@ extension DefaultAuthRepository: AuthRepository { try await configureBiometricUnlockIfRequired() case .pin: - // No-op: nothing extra to do for pin unlock. - break + try await configureBiometricUnlockIfRequired() } _ = try await trustDeviceService.trustDeviceIfNeeded() diff --git a/BitwardenShared/Core/Auth/Repositories/AuthRepositoryTests.swift b/BitwardenShared/Core/Auth/Repositories/AuthRepositoryTests.swift index c8ae9eb88..039f7aada 100644 --- a/BitwardenShared/Core/Auth/Repositories/AuthRepositoryTests.swift +++ b/BitwardenShared/Core/Auth/Repositories/AuthRepositoryTests.swift @@ -1742,6 +1742,37 @@ class AuthRepositoryTests: BitwardenTestCase { // swiftlint:disable:this type_bo ) XCTAssertFalse(vaultTimeoutService.isLocked(userId: "1")) XCTAssertTrue(vaultTimeoutService.unlockVaultHadUserInteraction) + XCTAssertFalse(biometricsRepository.didConfigureBiometricIntegrity) + } + + /// `unlockVaultWithPIN(_:)` unlocks the vault with the user's PIN and configures biometric + /// integrity if needed. + func test_unlockVaultWithPIN_configuresBiometrics() async throws { + let account = Account.fixture() + stateService.activeAccount = account + stateService.accountEncryptionKeys = [ + "1": AccountEncryptionKeys(encryptedPrivateKey: "PRIVATE_KEY", encryptedUserKey: "USER_KEY"), + ] + stateService.encryptedPinByUserId[account.profile.userId] = "123" + stateService.pinProtectedUserKeyValue[account.profile.userId] = "123" + biometricsRepository.biometricUnlockStatus = .success( + .available(.faceID, enabled: true, hasValidIntegrity: false) + ) + + try await subject.unlockVaultWithPIN(pin: "123") + + XCTAssertEqual( + clientService.mockCrypto.initializeUserCryptoRequest, + InitUserCryptoRequest( + kdfParams: .pbkdf2(iterations: UInt32(Constants.pbkdf2Iterations)), + email: "user@bitwarden.com", + privateKey: "PRIVATE_KEY", + method: .pin(pin: "123", pinProtectedUserKey: "123") + ) + ) + XCTAssertFalse(vaultTimeoutService.isLocked(userId: "1")) + XCTAssertTrue(vaultTimeoutService.unlockVaultHadUserInteraction) + XCTAssertTrue(biometricsRepository.didConfigureBiometricIntegrity) } /// `unlockVaultWithPIN(_:)` throws an error if there's no pin.