search

oblador / react-native-keychain

:key: Keychain Access for React Native
MIT License
3.19k stars 520 forks source link

getSupportedBiometryType() always returns the result #279

Open webforuse opened 4 years ago

webforuse commented 4 years ago

getSupportedBiometryType() always returns the result even if Faceid or Touchid is not Enrolled although according to the documentation should return null

System: OS: macOS Mojave 10.14.6 CPU: (4) x64 Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz Memory: 689.89 MB / 8.00 GB Shell: 3.2.57 - /bin/bash Binaries: Node: 10.15.3 - /usr/local/bin/node Yarn: 1.15.2 - /usr/local/bin/yarn npm: 6.4.1 - /usr/local/bin/npm SDKs: iOS SDK: Platforms: iOS 12.1, macOS 10.14, tvOS 12.1, watchOS 5.1 Android SDK: API Levels: 23, 26, 27, 28 Build Tools: 27.0.3, 28.0.3 System Images: android-18 | Google APIs Intel x86 Atom, android-24 | Google Play Intel x86 Atom, android-27 | Google APIs Intel x86 Atom, android-27 | Google Play Intel x86 Atom, android-28 | Google APIs Intel x86 Atom, android-29 | Google Play Intel x86 Atom IDEs: Android Studio: 3.4 AI-183.6156.11.34.5522156 Xcode: 10.1/10B61 - /usr/bin/xcodebuild npmPackages: react: 16.8.6 => 16.8.6 react-native: 0.60.4 => 0.60.4 npmGlobalPackages: react-native-cli: 2.0.1

petekp commented 4 years ago

@webforuse The getSupportedBiometryType API recently changed and this method only returns null if no biometry type is supported, otherwise it always returns the device's biometry type. I submitted a PR to update the docs: https://github.com/oblador/react-native-keychain/pull/292

eporomaa commented 4 years ago

Any suggestions on how to check if the device is enrolled for any biometrics?

edersonmberti commented 4 years ago

I noticed that this behavior occurs only on iOS devices.

The solution I found was change de policy LAPolicyDeviceOwnerAuthentication to LAPolicyDeviceOwnerAuthenticationWithBiometrics inside node_modules folder on file "RNKeychainManager.m", to be more precise on line 273.

BOOL canBeProtected = [context canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:&aerr];

After that, I used patch-package to generate a patch to change every time that packages are installed.

npx patch-package react-native-keychain

I don't know if it's the best solution, but works.

pasine commented 4 years ago

I read a potential workaround on iOS is to use canImplyAuthentication with Keychain.ACCESS_CONTROL.BIOMETRY_CURRENT_SET, but I don't understand how this would work with Android, as canImplyAuthentication works on iOS only.

jess-dovetail commented 4 years ago

@edersonmberti I wonder if you can submit a PR of your change? Perhaps the authors and main collaborators can review it and merge it in.