Decrypt response not returning password.

[AugusDogus]

I've been using your plugin for the past few weeks with great results, however today I started to have issues. After some debugging it seems that even after a successful decryption configured to not use a backup pin, the only item the response consists of is withFingerprint that returns as true.

Has there been any changes that would cause this as of 1.2.7?

[mjwheatley]

Could you possibly provide the output of your logcat to see if that could shine any light on the issue?

[AugusDogus]

Sure, you can see it here.

[AugusDogus]

Here's another example, I honestly don't see the problem. This was working flawlessly up until recently and to my knowledge I haven't changed anything to cause the issue.

[mjwheatley]

Have the registered fingerprints on the device changed at all (added or removed)?

[AugusDogus]

No

[mjwheatley]

This is what happens after you successfully authenticate for decrypt mode:

bytes = result.getCryptoObject().getCipher().doFinal(Base64.decode(mClientSecret, Base64.NO_WRAP));
String credentialString = new String(bytes, "UTF-8");
String[] credentialArray = credentialString.split(":");
if (credentialArray.length == 2) {
    String username = credentialArray[0];
    String password = credentialArray[1];
    if (username.equalsIgnoreCase(mClientId + mUsername)) {
        resultJson.put("password", credentialArray[1]);
    }
}

The encrypted token is base64 decoded and then decrypted. The credential string is parsed. If the parsed credential array does not equal 2 you will not get a result. This means the clientId, username, and password cannot contain a colon.

Could this possibly be the issue?

[AugusDogus]

That shouldn't be the case, all three clientId, username, and password are alphanumeric. I'm going to try and replicate my problem and create a repo for it. Last Friday this was working fine for me, I came in Monday and I stopped seeing the password in the decrypted response.

[mjwheatley]

Can you run your app in debug mode from Android Studio and set a breakpoint in FingerprintAuth.java at line 594 where the token is being decrypted? Then inspect the credentialString and report the value.

[AugusDogus]

I've been working in IntelliJ IDEA by running it on my phone through Ionic, but tomorrow I will take a shot at trying that as it's time for me to wrap up for the day.

[mjwheatley]

Find the directory ionic outputs the Android project and open that as an existing project in Android Studio.

[AugusDogus]

I went ahead and followed your instructions, but also set a breakpoint at line 598. credentialString comes back as ���p�gN��R%o�****** where the asterisks are part of my password. This leaves credentialArray[1] = java.lang.IndexOutOfBoundsException : Invalid array range: 1 to 1 and credentialArray[0] = ���p�gN��R%o�******.

[mjwheatley]

The credential string should decrypt as <clientId><username>:<password> Your credentialString does not appear to be decrypted properly. Did your entire password get decrypted and you only obfuscated part of it with asterisks? Does this happen with every username and password combination or only this specific pair? Can you use a clientId, username, and password for testing purposes that you don't have to obfuscate so you can share the output?

[AugusDogus]

-No, I obfuscated only the part of the password. Only part of the password is shown and I put the amount of asterisks as there are characters of my password.

-I am not aware, I have only been using my account.

-There isn't currently a testing account on the server I'm hitting to authenticate, but if need be I can spin something up to test against.

[mjwheatley]

So some characters are being decoded and decrypted correctly but others are not, correct?

[AugusDogus]

Yes it looks like the last six characters are being decoded correctly, I'm unsure about the g near the center of the string.

[mjwheatley]

When I was developing I remember a case where the password was decrypted correctly but the clientId and username were not and believe I resolved that issue. However, this does not seem to match that case exactly.

Have you re-encrypted and tried decrypting a new token? Perhaps something has invalidated your secret key or the stored cipher for that userId.

[AugusDogus]

I'll go ahead and uninstall, install, encrypt, and decrypt again to see if that has any effect.

[AugusDogus]

Without touching the part of the code that manages fingerprint decryption the issue resolved itself. I didn't end up doing what I said I would do in the previous comment, but nonetheless the issue went away. It's a mystery to me. Thank you for all your assistance, please consider this issue closed.