status-mobile icon indicating copy to clipboard operation
status-mobile copied to clipboard
verified publisher icon status-im

Biometric login is cancelled after signing out AND UI could explain that a last non biometric login is needed when setting it up

Open hesterbruikman opened this issue 5 years ago • 13 comments

Bug Report

Problem

When ticking the box to Don't ask for card to sign in, a modal comes up to Enable fingerprint. When tapping Cancel, the checkbox remains ticked. However, it is possible to continue unlocking the Keycard multiaccount with passcode, while being required to still hold the Keycard to the phone.

Expected behavior

When the checkbox Don't ask for card to sign in is checked, the user is not required to hold the Keycard to the phone to unlock the Keycard multiaccount.

Actual behavior

When the checkbox Don't ask for card to sign in is checked, the user is required to hold the Keycard to the phone to unlock the Keycard multiaccount.

Notes

Not sure if there's any reason we would require the user to hold their Keycard to the phone if they don't enable fingerprint. If this is required and passcode alone is never accepted, the solution would be to uncheck Don't ask for card to sign in when the user taps Cancel on the dialog to enable fingerprint.

Acceptance Criteria

Reproduction

  • Open Status
  • Select Keycard multiaccount
  • Select checkbox Don't ask for card to sign in
  • Select Cancel on dialog to enable fingerprint
  • Enter passcode
  • App now asks to hold keycard to phone

Additional Information

  • Status version:

  • Operating System: Android

hesterbruikman avatar Jan 07 '20 16:01 hesterbruikman

cc @churik @guylouis

hesterbruikman avatar Jan 07 '20 16:01 hesterbruikman

It is the same for save password option - you need to fill the password once more to save this setting. I told about that around 3 weeks ago with @andmironov, probably he has smth on mind about that

churik avatar Jan 08 '20 09:01 churik

Check. I think the issue was exacerbated by a bug that when having to hold the card once more, the card lost connection the Get started screen was shown. The only way to get back to the unlock screen was by going to recover with Keycard. In this flow, the app detected that there were already paired keys on the card and offered the option to unlock. This was the only way to get back to the unlock screen.

Does that sound like a familiar issue @churik ? It's separate, but made the check box behavior a lot more of a hassle because next to having to hold the card once more I ended up having to go through recovery.

hesterbruikman avatar Jan 08 '20 12:01 hesterbruikman

As for https://github.com/status-im/status-react/issues/9763#issuecomment-572018694 it is something different - and I don't remember such issue

As for issue itself from https://github.com/status-im/status-react/issues/9763#issue-546385944, I would agree on option

If this is required and passcode alone is never accepted, the solution would be to uncheck Don't ask for card to sign in when the user taps Cancel on the dialog to enable fingerprint.

because I believe it is not possible to use only passcode without card (it is bound to the card afaik), just wanted to highlight that it is not only keycard problem as far as I can understand.

churik avatar Jan 08 '20 12:01 churik

Expected behavior When the checkbox Don't ask for card to sign in is checked, the user is not required to hold the Keycard to the phone to unlock the Keycard multiaccount.

Just to clarify, this is supposed to happen next time the user signs in, but instead, it's not happening, is that correct?

andmironov avatar Jan 09 '20 13:01 andmironov

Thanks for your comments on this @churik @andmironov.

To your question @andmironov I think there are 3 separate issues. Apologies for the confusion, the distinction is only now becoming clear to me. @guylouis can you also take a look please? As I think these might also need to be addressed in 3 separate GH issues.

Functionally

  • Enabling fingerprint works when killing the app, but is reset when signing out After checking box and enabling fingerprint, card needs to be held to phone right after ánd successive times after sign out. Not after restarting the app (??) Box is no longer checked and when checking it, the dialog to enable fingerprint is shown again (even though it is set in Settings to Lock app with fingerprint)

  • Checking Don't ask for card to sign in works when killing the app, but is reset when signing out The state is reset when signing out. I sign in with the box checked. Then when I sign out, the box on the passcode/unlock screen is unchecked.

Non-functionally, in terms of UI

  • After checking box, regardless of whether you opt to enable biometrics or cancel, the UI shows the checked box Don't ask for card to sign in. Yet it is required to use the card once more. If the card needs to be held 'one last time', the UI needs to communicate this either as a hint by the checkbox or on the dialog asking to hold the keycard and that this is required one last time.

hesterbruikman avatar Jan 10 '20 14:01 hesterbruikman

@rasom I noticed closing the app leaves login settings whereas sign out resets login settings.

Do you recall why this is and if it's possible to save the settings? e.g. Would this flow be possible, leaving settings in tact?

  • Set finger print or save passcode/password
  • Go to Profile > Sign out
  • View "your keys" screen
  • Choose account
  • Sign in / Unlock with the saved settings

If the user closes the app opening the last used multiaccount is opened with the respective settings (i.e. no password if save password was set, passcode only if Don't ask for card to sign in was set, finger print modal if finger print was set)

hesterbruikman avatar Jan 10 '20 14:01 hesterbruikman

@hesterbruikman I get your 3 points, thanks for summarizing like this, it's pretty clear ! My understanding is

  • these issues are not specific to keycard, the only difference between keycard vs non-keycard is that tapping is replaced by entering the password
  • for the two functional issues, it comes down to understanding (your question to @rasom) if the two settings (one for each issue) can (technically) be saved even when the user signs out. ANd if yes, do we want to change our behaviour to save them (product question)
  • for the ui issue (being that it's unclear to the user he has to tap his card (keycard account) or enter his password (non keycard account) a last time) it's for keycard and non-keycard (with different screen of course). @andmironov do you already have an issue for this ?

guylouis avatar Jan 21 '20 09:01 guylouis

I'll change title and labels to make it clearer that that this is not specific to keycard cc @rachelhamlin

guylouis avatar Feb 10 '20 11:02 guylouis

It is the same for save password option - you need to fill the password once more to save this setting.

Are you talking about the intentional log-out and log-in flow with Save password checked in order to confirm biometric? I wasn't aware there was a bug in the regular flow. @churik

rachelhamlin avatar Feb 11 '20 10:02 rachelhamlin

This issue is very much related to Sign out behavior: https://github.com/status-im/status-react/issues/9902 It's closed now, as the issue was created for a very targeted solution, but the context might help. There's a bit of a can of worms with how we store unlock settings (biometrics, save password).

hesterbruikman avatar Feb 11 '20 13:02 hesterbruikman

A user reported me this bug. The comment from user was "Fingerprint scanner don't works, it always asks me password again." Turns out, user was using "log out" button.

This bug totally defeats the fingerprint scanner.

3esmit avatar Aug 04 '20 05:08 3esmit

still relevant on nightly 26/07/2022

churik avatar Jul 26 '22 14:07 churik

Obsolete and will be re-considered in the redesigned app

churik avatar Dec 05 '22 12:12 churik