search

authpass / biometric_storage

Flutter plugin to store data behind biometric authentication (ie. fingerprint)
https://pub.dev/packages/biometric_storage
MIT License
183 stars 107 forks source link

5.0.1-dev.1 returns CanAuthenticate.sucess if device has no credentials set #104

Closed SylvainLosey closed 6 months ago

SylvainLosey commented 1 year ago

Hello,

I might be misunderstanding something, but it seems that the latest dev version has an oversight where canAuthenticate would return successfully whenever the device has no credentials enrolled. This does not seem like the expected behavior, am I missing something ?

        val credentialsResponse = biometricManager.canAuthenticate(DEVICE_CREDENTIAL);
        logger.debug { "canAuthenticate for DEVICE_CREDENTIAL: $credentialsResponse" }
        if (credentialsResponse == BiometricManager.BIOMETRIC_ERROR_NONE_ENROLLED) {
            return CanAuthenticateResponse.Success
        }

Thanks a lot for the great package, Sylvain

OlliePorter commented 1 year ago

Seconded! We're using 5.0.0+1 and calling the canAuthenticate function as so, but we're getting back a success when it should be a failure.

 Future<bool> isDeviceEligible() =>
      storage.canAuthenticate().then((value) => value == CanAuthenticateResponse.success);

The emulator we're using is an iPhone 15 Pro with Face ID capabilities, but these have not been set up. The device is not enrolled, so we're expecting canAuthenticate to return errorNoBiometricEnrolled.

10ndavis commented 10 months ago

@hpoul is this plugin still being maintained? This issue seems critical, as it defeats the purpose of the plugin entirely if biometrics do not prompt but we allow access to the storage.

SylvainLosey commented 10 months ago

Agreed. For information I fixed the issue for our internal use, I will try to find the time to clean it up and raise a PR but it would be good to know if someone is still available to get it reviewed and merged.

flumm commented 7 months ago

Agreed. For information I fixed the issue for our internal use, I will try to find the time to clean it up and raise a PR but it would be good to know if someone is still available to get it reviewed and merged.

i recently opened another issue, but i believe it's the same (or at least similar) issue: https://github.com/authpass/biometric_storage/issues/114

what exactly did you do to fix the issue for you?