biometric_storage icon indicating copy to clipboard operation
biometric_storage copied to clipboard

Published 20 hours ago verified publisher icon authpass

Optional custom prompt per action

Open rokk4 opened this issue 3 years ago • 6 comments

First I want to thank you for this nice plugin, saved me A LOT of time I think :)

I needed custom prompts for different actions, because in my App specific actions are happening with them and I want to communicate this clearly to the user.

Hope you will like it too.

Cheers

rokk4 avatar Nov 28 '20 02:11 rokk4

Now with 100% more null-safety ... @hpoul Any chance this will be merged?

rokk4 avatar Mar 05 '21 23:03 rokk4

@rokk4 sorry for the late response. Out of curiosity, do you just have different prompts at different locations inside your app, or do you need to literally have a different prompt on every read call (ie. dynamically creating it with some variables). I'm thinking if it wouldn't it be easier to just have something like BiometricStorageFile BiometricStorageFile.withAndroidPromptInfo(androidPromptInfo) method which returns a variant of the object with a different prompt info.

I like that read/write/delete have a simple api, because this is more or less the only point of having that helper class instead of directly accessing the BiometricStorage 😅️

hpoul avatar Mar 06 '21 09:03 hpoul

@hpoul thanks for the reply right after breakfast :)

I'll show you how I put it to use and than try to explain why prompt customization should be part of the simple helper api IMHO and why more instances are not so desirable. For your curiosity :) :

// auth_bloc.dart
@injectable
class AuthBloc extends Bloc<AuthEvent, AuthState> {
...
  final IEncryptionKeyStorage _encryptionKeyStorage;
...
@override
  Stream<AuthState> mapEventToState(AuthEvent event) async* {
    yield* event.map(
      appStarted: (e) async* {
        await _encryptionKeyStorage.init();
        yield* _getEncryptionKeyAndUnlockDB();
      },
...
    );
}

  Stream<AuthState> _getEncryptionKeyAndUnlockDB() async* {
    final unlockFailureOrEncryptionKey =
        await _encryptionKeyStorage.unlockEncryptionKey();
    yield* unlockFailureOrEncryptionKey.fold(
      (unlockFailure) async* {
        // Generate Key and try again.
        if (unlockFailure == const UnlockFailure.noEncryptionKeyPresent()) {
          await _encryptionKeyStorage.generateEncryptionKey();

          yield* _getEncryptionKeyAndUnlockDB();
        } else {
          yield const AuthState.errorUnlockingDB();
        }
      },
      (encryptionKey) async* {
        await _localDB.unlockDB(encryptionKey);
        yield const AuthState.dbUnlocked();
      },
    );
  }
}

// encryption_key_storage_impl.dart
@LazySingleton(as: IEncryptionKeyStorage)
class EncryptionKeyStorageImpl implements IEncryptionKeyStorage {
  static const String readPromptTitle = 'Datenbank entschlüsseln';
  static const String readPromptSubtitle =
      'Öffnen Sie das biometrische Schloss der lokalen Datenbank.';

  static const String writePromptTitle = 'Verschlüsselte Datenbank erstellen';
  static const String writePromptSubtitle =
      'Erstelle Sie mit Ihrem biometrischem Zugang eine verschlüsselte, lokale Datenbank.';
  static const String writePromptDescription =
      'Alle Ihre Daten werden sicher verschlüsselt auf Ihrem Gerät gespeichert und können nur durch Sie persönlich zugänglich gemacht werden.';

  static const String negativeButton = 'Abbrechen';

  static const AndroidPromptInfo readPrompt = AndroidPromptInfo(
    title: readPromptTitle,
    subtitle: readPromptSubtitle,
    negativeButton: negativeButton,
  );

  static const AndroidPromptInfo writePrompt = AndroidPromptInfo(
    title: writePromptTitle,
    subtitle: writePromptSubtitle,
    description: writePromptDescription,
    negativeButton: negativeButton,
  );

  static const String storageFileName = 'encryptionKeyStorage';

  final storageFileInitOptions = StorageFileInitOptions(
    authenticationValidityDurationSeconds: 30,
    authenticationRequired: !Platform.isLinux,
  );

  BiometricStorageFile encryptionKeyStorage;

  @override
  Future<void> init() async {
    encryptionKeyStorage = await BiometricStorage().getStorage(
      storageFileName,
      options: storageFileInitOptions,
    );
  }

  @override
  Future<Either<UnlockFailure, List<int>>> unlockEncryptionKey() async {
    try {
      return optionOf(
        await encryptionKeyStorage.read(
          perActionPromptInfo: readPrompt,
        ),
      ).fold(
        () => const Left(
          UnlockFailure.noEncryptionKeyPresent(),
        ),
        (encryptionKeyString) => Right(
          base64Decode(encryptionKeyString),
        ),
      );
    } on AuthException {
      return const Left(
        UnlockFailure.bioAuthCanceledByUser(),
      );
    } on PlatformException {
      return const Left(
        UnlockFailure.authNotSetupOnPlatform(),
      );
    }
  }

  @override
  Future<void> generateEncryptionKey() async {
    final newEncryptionKey = Hive.generateSecureKey();
    await encryptionKeyStorage.write(
      base64Encode(newEncryptionKey),
      perActionPromptInfo: writePrompt,
    );
  }
}

At one time values are written, on creation of the DB (first run // key rotation by user), and then again read (normal startup).

Showing the same prompt but with two different actions happening is a huge UX anti-pattern IMHO. Especially with sensitive biometric userdata, the user needs to be informed exactly what action will happen by the use of the fingerprint/face. Currently using the helper api this anti-pattern is happening.

Using BiometricsStorage directly on the other hand would not be so clean, because it absolutely makes sense to have a helper class to operate on specific files only.

Since the BiometricsStorageFile is used in a singleton, it is initialized once and than operated upon while singleton holds on to the instance of BiometricsStorageFile, it would be kind defeat its purpose to create new instances with different prompts for every action. Also I would argue that BiometricStorageFile.withAndroidPromptInfo(androidPromptInfo) is adding more complexity than just adding one optional parameter to the helper class. And because its just optional it is not a breaking change.

But maybe I am just holding it wrong 😅️

rokk4 avatar Mar 06 '21 11:03 rokk4

just adding one optional parameter

well, it always starts with one parameter :-) and the second parameter is just like the first one, so why not add it as well.. ;-) especially since the iOS/MacOS equivalent is still missing.. which is hard coded right now.

wouldn't it be better for your use case to pass in a readPromptInfo, writePromptInfo and deletePromptInfo in the first place, instead of keeping track of those yourself? 🤔️

I think if it was just one platform passing it directly into the method might be the easiest way, but dealing with all platforms for each read/write/delete call seems cumbersome

hpoul avatar Mar 06 '21 13:03 hpoul

Is this getting merged any time soon?

I'm looking towards this too. Sometimes I want to encrypt something without the user authentication, but read it with the user authentication. Since BiometricsStorage is a Singleton, I can't do this without having to copy and paste the same information in another file.

RafaRuiz avatar Dec 07 '21 09:12 RafaRuiz

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar May 12 '23 12:05 CLAassistant