keejef
/
session-ios
mirror of https://github.com/oxen-io/session-ios
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dev
voice-calls-2
voice-calls
authentication
2.5.0
2.4.5
2.4.4
2.4.3
2.4.2
2.4.1
2.4.0
2.3.2
2.3.1
2.3.0
2.2.14
2.2.13
2.2.12
2.2.11
2.2.10
2.2.9
2.2.6
2.2.4
2.2.2
2.2.1
2.2.0
2.1.1
2.0.3
2.0.2
2.0.1
2.0.0
1.0.0-alpha.1
audit-2
audit
2.8.0
2.7.4
2.7.3
2.7.2
2.7.1
2.7.0
2.6.3
2.6.2
2.6.1
2.6.0
2.2.8
2.2.7
2.2.5
2.2.3
2.1.0
1.9.7
1.9.6
1.9.5
1.9.4
1.9.3
1.9.1
1.9.0
1.8.3
1.8.2
1.8.1
1.8.0
1.7.8
1.7.7
1.7.6
1.7.5
1.7.4
1.7.3
1.7.2
1.7.0
1.6.5
1.6.4
1.6.3
1.6.2
1.6.1
1.6.0
1.5.3
1.5.2
1.5.1-beta
1.5.0-beta
1.5.0
1.4.7
1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.0-beta
1.4.0
1.3.0-alpha.1
1.3.0
1.2.6
1.2.5
1.2.4
1.2.3
1.2.1
1.2.0-alpha.2
1.2.0-alpha.1
1.2.0
1.13.0
1.12.9
1.12.8
1.12.7
1.12.6
1.12.5
1.12.4
1.12.2
1.12.1
1.11.9
1.11.8
1.11.7
1.11.6
1.11.5
1.11.4
1.11.3
1.11.24
1.11.23
1.11.22
1.11.21
1.11.20
1.11.2
1.11.19
1.11.18
1.11.17
1.11.16
1.11.15
1.11.14
1.11.13
1.11.12
1.11.11
1.11.10
1.11.1
1.11.0
1.10.2
1.10.1
1.10.0
1.1.0-alpha.4
1.1.0-alpha.3
1.1.0-alpha.2
1.1.0-alpha.1
1.1.0
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0-alpha.3
1.0.0-alpha.2
1.0.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '74a75d5b8a'
${ noResults }
session-ios/SignalMessaging/utils/OWSScreenLock.swift

274 lines
12 KiB
Swift
Raw Blame History

//
// Copyright (c) 2018 Open Whisper Systems. All rights reserved.
//
import Foundation
import LocalAuthentication
@objc public class OWSScreenLock: NSObject {
public enum OWSScreenLockOutcome {
case success
case cancel
case failure(error:String)
case unexpectedFailure(error:String)
}
@objc public let screenLockTimeoutDefault = 15 * kMinuteInterval
@objc public let screenLockTimeouts = [
1 * kMinuteInterval,
5 * kMinuteInterval,
15 * kMinuteInterval,
30 * kMinuteInterval,
1 * kHourInterval,
0
]
@objc public static let ScreenLockDidChange = Notification.Name("ScreenLockDidChange")
let primaryStorage: OWSPrimaryStorage
let dbConnection: YapDatabaseConnection
private let OWSScreenLock_Collection = "OWSScreenLock_Collection"
private let OWSScreenLock_Key_IsScreenLockEnabled = "OWSScreenLock_Key_IsScreenLockEnabled"
private let OWSScreenLock_Key_ScreenLockTimeoutSeconds = "OWSScreenLock_Key_ScreenLockTimeoutSeconds"
// MARK: - Singleton class
@objc(sharedManager)
public static let shared = OWSScreenLock()
private override init() {
self.primaryStorage = OWSPrimaryStorage.shared()
self.dbConnection = self.primaryStorage.newDatabaseConnection()
super.init()
SwiftSingletons.register(self)
}
// MARK: - Properties
@objc public func isScreenLockEnabled() -> Bool {
AssertIsOnMainThread()
if !OWSStorage.isStorageReady() {
owsFailDebug("accessed screen lock state before storage is ready.")
return false
}
return self.dbConnection.bool(forKey: OWSScreenLock_Key_IsScreenLockEnabled, inCollection: OWSScreenLock_Collection, defaultValue: false)
}
@objc
public func setIsScreenLockEnabled(_ value: Bool) {
AssertIsOnMainThread()
assert(OWSStorage.isStorageReady())
self.dbConnection.setBool(value, forKey: OWSScreenLock_Key_IsScreenLockEnabled, inCollection: OWSScreenLock_Collection)
NotificationCenter.default.postNotificationNameAsync(OWSScreenLock.ScreenLockDidChange, object: nil)
}
@objc public func screenLockTimeout() -> TimeInterval {
AssertIsOnMainThread()
if !OWSStorage.isStorageReady() {
owsFailDebug("accessed screen lock state before storage is ready.")
return 0
}
return self.dbConnection.double(forKey: OWSScreenLock_Key_ScreenLockTimeoutSeconds, inCollection: OWSScreenLock_Collection, defaultValue: screenLockTimeoutDefault)
}
@objc public func setScreenLockTimeout(_ value: TimeInterval) {
AssertIsOnMainThread()
assert(OWSStorage.isStorageReady())
self.dbConnection.setDouble(value, forKey: OWSScreenLock_Key_ScreenLockTimeoutSeconds, inCollection: OWSScreenLock_Collection)
NotificationCenter.default.postNotificationNameAsync(OWSScreenLock.ScreenLockDidChange, object: nil)
}
// MARK: - Methods
// This method should only be called:
//
// * On the main thread.
//
// Exactly one of these completions will be performed:
//
// * Asynchronously.
// * On the main thread.
@objc public func tryToUnlockScreenLock(success: @escaping (() -> Void),
failure: @escaping ((Error) -> Void),
unexpectedFailure: @escaping ((Error) -> Void),
cancel: @escaping (() -> Void)) {
AssertIsOnMainThread()
tryToVerifyLocalAuthentication(localizedReason: NSLocalizedString("SCREEN_LOCK_REASON_UNLOCK_SCREEN_LOCK",
comment: "Description of how and why Signal iOS uses Touch ID/Face ID/Phone Passcode to unlock 'screen lock'."),
completion: { (outcome: OWSScreenLockOutcome) in
AssertIsOnMainThread()
switch outcome {
case .failure(let error):
Logger.error("local authentication failed with error: \(error)")
failure(self.authenticationError(errorDescription: error))
case .unexpectedFailure(let error):
Logger.error("local authentication failed with unexpected error: \(error)")
unexpectedFailure(self.authenticationError(errorDescription: error))
case .success:
Logger.verbose("local authentication succeeded.")
success()
case .cancel:
Logger.verbose("local authentication cancelled.")
cancel()
}
})
}
// This method should only be called:
//
// * On the main thread.
//
// completionParam will be performed:
//
// * Asynchronously.
// * On the main thread.
private func tryToVerifyLocalAuthentication(localizedReason: String,
completion completionParam: @escaping ((OWSScreenLockOutcome) -> Void)) {
AssertIsOnMainThread()
let defaultErrorDescription = NSLocalizedString("SCREEN_LOCK_ENABLE_UNKNOWN_ERROR",
comment: "Indicates that an unknown error occurred while using Touch ID/Face ID/Phone Passcode.")
// Ensure completion is always called on the main thread.
let completion = { (outcome: OWSScreenLockOutcome) in
DispatchQueue.main.async {
completionParam(outcome)
}
}
let context = screenLockContext()
var authError: NSError?
let canEvaluatePolicy = context.canEvaluatePolicy(.deviceOwnerAuthentication, error: &authError)
if !canEvaluatePolicy || authError != nil {
Logger.error("could not determine if local authentication is supported: \(String(describing: authError))")
let outcome = self.outcomeForLAError(errorParam: authError,
defaultErrorDescription: defaultErrorDescription)
switch outcome {
case .success:
owsFailDebug("local authentication unexpected success")
completion(.failure(error:defaultErrorDescription))
case .cancel, .failure, .unexpectedFailure:
completion(outcome)
}
return
}
context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: localizedReason) { success, evaluateError in
if success {
Logger.info("local authentication succeeded.")
completion(.success)
} else {
let outcome = self.outcomeForLAError(errorParam: evaluateError,
defaultErrorDescription: defaultErrorDescription)
switch outcome {
case .success:
owsFailDebug("local authentication unexpected success")
completion(.failure(error:defaultErrorDescription))
case .cancel, .failure, .unexpectedFailure:
completion(outcome)
}
}
}
}
// MARK: - Outcome
private func outcomeForLAError(errorParam: Error?, defaultErrorDescription: String) -> OWSScreenLockOutcome {
if let error = errorParam {
guard let laError = error as? LAError else {
return .failure(error:defaultErrorDescription)
}
if #available(iOS 11.0, *) {
switch laError.code {
case .biometryNotAvailable:
Logger.error("local authentication error: biometryNotAvailable.")
return .failure(error: NSLocalizedString("SCREEN_LOCK_ERROR_LOCAL_AUTHENTICATION_NOT_AVAILABLE",
comment: "Indicates that Touch ID/Face ID/Phone Passcode are not available on this device."))
case .biometryNotEnrolled:
Logger.error("local authentication error: biometryNotEnrolled.")
return .failure(error: NSLocalizedString("SCREEN_LOCK_ERROR_LOCAL_AUTHENTICATION_NOT_ENROLLED",
comment: "Indicates that Touch ID/Face ID/Phone Passcode is not configured on this device."))
case .biometryLockout:
Logger.error("local authentication error: biometryLockout.")
return .failure(error: NSLocalizedString("SCREEN_LOCK_ERROR_LOCAL_AUTHENTICATION_LOCKOUT",
comment: "Indicates that Touch ID/Face ID/Phone Passcode is 'locked out' on this device due to authentication failures."))
default:
// Fall through to second switch
break
}
}
switch laError.code {
case .authenticationFailed:
Logger.error("local authentication error: authenticationFailed.")
return .failure(error: NSLocalizedString("SCREEN_LOCK_ERROR_LOCAL_AUTHENTICATION_FAILED",
comment: "Indicates that Touch ID/Face ID/Phone Passcode authentication failed."))
case .userCancel, .userFallback, .systemCancel, .appCancel:
Logger.info("local authentication cancelled.")
return .cancel
case .passcodeNotSet:
Logger.error("local authentication error: passcodeNotSet.")
return .failure(error: NSLocalizedString("SCREEN_LOCK_ERROR_LOCAL_AUTHENTICATION_PASSCODE_NOT_SET",
comment: "Indicates that Touch ID/Face ID/Phone Passcode passcode is not set."))
case .touchIDNotAvailable:
Logger.error("local authentication error: touchIDNotAvailable.")
return .failure(error: NSLocalizedString("SCREEN_LOCK_ERROR_LOCAL_AUTHENTICATION_NOT_AVAILABLE",
comment: "Indicates that Touch ID/Face ID/Phone Passcode are not available on this device."))
case .touchIDNotEnrolled:
Logger.error("local authentication error: touchIDNotEnrolled.")
return .failure(error: NSLocalizedString("SCREEN_LOCK_ERROR_LOCAL_AUTHENTICATION_NOT_ENROLLED",
comment: "Indicates that Touch ID/Face ID/Phone Passcode is not configured on this device."))
case .touchIDLockout:
Logger.error("local authentication error: touchIDLockout.")
return .failure(error: NSLocalizedString("SCREEN_LOCK_ERROR_LOCAL_AUTHENTICATION_LOCKOUT",
comment: "Indicates that Touch ID/Face ID/Phone Passcode is 'locked out' on this device due to authentication failures."))
case .invalidContext:
owsFailDebug("context not valid.")
return .unexpectedFailure(error:defaultErrorDescription)
case .notInteractive:
owsFailDebug("context not interactive.")
return .unexpectedFailure(error:defaultErrorDescription)
}
}
return .failure(error:defaultErrorDescription)
}
private func authenticationError(errorDescription: String) -> Error {
return OWSErrorWithCodeDescription(.localAuthenticationError,
errorDescription)
}
// MARK: - Context
private func screenLockContext() -> LAContext {
let context = LAContext()
// Never recycle biometric auth.
context.touchIDAuthenticationAllowableReuseDuration = TimeInterval(0)
if #available(iOS 11.0, *) {
assert(!context.interactionNotAllowed)
}
return context
}
}
Reference in New Issue View Git Blame Copy Permalink