Initial windows support

Author: Choochmeque

guest-js/index.ts

@@ -7,12 +7,14 @@ import { invoke } from "@tauri-apps/api/core";
 export enum BiometryType {
   /** No biometry available */
   None = 0,
+  /** Automatic biometry (e.g., Face ID, Touch ID) */
+  Auto = 1,
   /** Apple Touch ID or Android fingerprint authentication */
-  TouchID = 1,
+  TouchID = 2,
   /** Apple Face ID or Android face authentication */
-  FaceID = 2,
+  FaceID = 3,
   /** Android iris authentication (Samsung devices) */
-  Iris = 3,
+  Iris = 4,
 }
 
 /**

src/models.rs

@@ -28,8 +28,9 @@ pub struct AuthenticatePayload {
 #[repr(u8)]
 pub enum BiometryType {
     None = 0,
-    TouchID = 1,
-    FaceID = 2,
+    Auto = 1,
+    TouchID = 2,
+    FaceID = 3,
 }
 
 #[derive(Debug, Clone, Deserialize, Serialize)]

src/windows.rs

@@ -7,16 +7,15 @@ use windows::{
     core::*,
     Foundation::IAsyncOperation,
     Security::Credentials::UI::{
-        UserConsentVerifier, UserConsentVerificationResult, UserConsentVerifierAvailability,
+        UserConsentVerificationResult, UserConsentVerifier, UserConsentVerifierAvailability,
     },
     Security::Credentials::{
-        KeyCredentialManager, KeyCredentialCreationOption, KeyCredentialRetrievalResult,
+        KeyCredentialCreationOption, KeyCredentialManager, KeyCredentialRetrievalResult,
     },
     Win32::{
         Foundation::HWND,
         UI::WindowsAndMessaging::{
-            FindWindowW, SetForegroundWindow, ShowWindow, BringWindowToTop,
-            IsIconic, SW_RESTORE,
+            BringWindowToTop, FindWindowW, IsIconic, SetForegroundWindow, ShowWindow, SW_RESTORE,
         },
     },
 };
@@ -31,7 +30,10 @@ pub fn init<R: Runtime, C: DeserializeOwned>(
 #[inline]
 fn to_wide(s: &str) -> Vec<u16> {
     use std::os::windows::ffi::OsStrExt;
-    std::ffi::OsStr::new(s).encode_wide().chain(std::iter::once(0)).collect()
+    std::ffi::OsStr::new(s)
+        .encode_wide()
+        .chain(std::iter::once(0))
+        .collect()
 }
 
 /// Try to find and foreground the Windows Hello credential dialog.
@@ -76,75 +78,135 @@ pub struct Biometry<R: Runtime>(AppHandle<R>);
 impl<R: Runtime> Biometry<R> {
     pub fn status(&self) -> crate::Result<Status> {
         let availability = UserConsentVerifier::CheckAvailabilityAsync()
-            .map_err(|e| crate::Error::from(std::io::Error::new(std::io::ErrorKind::Other, format!("Failed to check availability: {:?}", e))))?
-            .get()
-            .map_err(|e| crate::Error::from(std::io::Error::new(std::io::ErrorKind::Other, format!("Failed to get availability: {:?}", e))))?;
+            .and_then(|async_op| async_op.get())
+            .map_err(|e| {
+                crate::Error::from(std::io::Error::new(
+                    std::io::ErrorKind::Other,
+                    format!("Failed to check biometry availability: {:?}", e),
+                ))
+            })?;
 
-        Ok(Status {
-            is_available: matches!(
-                availability,
-                UserConsentVerifierAvailability::Available
+        let (is_available, biometry_type, error, error_code) = match availability {
+            UserConsentVerifierAvailability::Available => (true, BiometryType::Auto, None, None),
+            UserConsentVerifierAvailability::DeviceNotPresent => (
+                false,
+                BiometryType::None,
+                Some("No biometric device found".to_string()),
+                Some("biometryNotAvailable".to_string()),
             ),
-            biometry_type: if matches!(
-                availability,
-                UserConsentVerifierAvailability::Available
-            ) {
-                BiometryType::FaceID // Windows Hello supports multiple modalities, but we simplify here
-            } else {
-                BiometryType::None
-            },
-            error: None,
-            error_code: None,
+            UserConsentVerifierAvailability::NotConfiguredForUser => (
+                false,
+                BiometryType::None,
+                Some("Biometric authentication not configured".to_string()),
+                Some("biometryNotEnrolled".to_string()),
+            ),
+            UserConsentVerifierAvailability::DisabledByPolicy => (
+                false,
+                BiometryType::None,
+                Some("Biometric authentication disabled by policy".to_string()),
+                Some("biometryNotAvailable".to_string()),
+            ),
+            UserConsentVerifierAvailability::DeviceBusy => (
+                false,
+                BiometryType::None,
+                Some("Biometric device is busy".to_string()),
+                Some("systemCancel".to_string()),
+            ),
+            _ => (
+                false,
+                BiometryType::None,
+                Some("Unknown availability status".to_string()),
+                Some("biometryNotAvailable".to_string()),
+            ),
+        };
+
+        Ok(Status {
+            is_available,
+            biometry_type,
+            error,
+            error_code,
         })
     }
 
-    pub fn authenticate(&self, _reason: String, _options: AuthOptions) -> crate::Result<()> {
+    pub fn authenticate(&self, reason: String, _options: AuthOptions) -> crate::Result<()> {
         let result = UserConsentVerifier::RequestVerificationAsync(&HSTRING::from(reason))
+            .and_then(|async_op| {
+                nudge_hello_dialog_focus_async(5, 250);
+                async_op.get()
+            })
             .map_err(|e| {
                 crate::Error::from(std::io::Error::new(
                     std::io::ErrorKind::Other,
-                    format!("Failed to request verification: {:?}", e),
-                ))
-            })?
-            .get()
-            .map_err(|e| {
-                crate::Error::from(std::io::Error::new(
-                    std::io::ErrorKind::Other,
-                    format!("Failed to get verification result: {:?}", e),
+                    format!("Failed to request user verification: {:?}", e),
                 ))
             })?;
 
         match result {
             UserConsentVerificationResult::Verified => Ok(()),
-            UserConsentVerificationResult::DeviceBusy => Err(crate::Error::from(std::io::Error::new(std::io::ErrorKind::Other, "Device is busy"))),
-            UserConsentVerificationResult::DeviceNotPresent => Err(crate::Error::from(std::io::Error::new(std::io::ErrorKind::Other, "No biometric device found"))),
-            UserConsentVerificationResult::DisabledByPolicy => Err(crate::Error::from(std::io::Error::new(std::io::ErrorKind::Other, "Biometric authentication is disabled by policy"))),
-            UserConsentVerificationResult::NotConfiguredForUser => Err(crate::Error::from(std::io::Error::new(std::io::ErrorKind::Other, "Biometric authentication is not configured for the user"))),
-            _ => Err(crate::Error::from(std::io::Error::new(std::io::ErrorKind::Other, "Authentication failed"))),
+            UserConsentVerificationResult::DeviceBusy => {
+                Err(crate::Error::from(std::io::Error::new(
+                    std::io::ErrorKind::ResourceBusy,
+                    "Device is busy",
+                )))
+            }
+            UserConsentVerificationResult::DeviceNotPresent => {
+                Err(crate::Error::from(std::io::Error::new(
+                    std::io::ErrorKind::NotFound,
+                    "No biometric device found",
+                )))
+            }
+            UserConsentVerificationResult::DisabledByPolicy => {
+                Err(crate::Error::from(std::io::Error::new(
+                    std::io::ErrorKind::PermissionDenied,
+                    "Biometric authentication is disabled by policy",
+                )))
+            }
+            UserConsentVerificationResult::NotConfiguredForUser => {
+                Err(crate::Error::from(std::io::Error::new(
+                    std::io::ErrorKind::Other,
+                    "Biometric authentication is not configured for the user",
+                )))
+            }
+            UserConsentVerificationResult::Canceled => {
+                Err(crate::Error::from(std::io::Error::new(
+                    std::io::ErrorKind::Interrupted,
+                    "Authentication was canceled by the user",
+                )))
+            }
+            UserConsentVerificationResult::RetriesExhausted => {
+                Err(crate::Error::from(std::io::Error::new(
+                    std::io::ErrorKind::PermissionDenied,
+                    "Too many failed authentication attempts",
+                )))
+            }
+            _ => Err(crate::Error::from(std::io::Error::new(
+                std::io::ErrorKind::Other,
+                "Authentication failed",
+            ))),
         }
     }
 
     pub fn has_data(&self, _options: DataOptions) -> crate::Result<bool> {
         Err(crate::Error::from(std::io::Error::other(
-            "Biometry is not supported on desktop platforms",
+            "Has data is not supported on windows platform",
         )))
     }
 
     pub fn get_data(&self, _options: GetDataOptions) -> crate::Result<DataResponse> {
         Err(crate::Error::from(std::io::Error::other(
-            "Biometry is not supported on desktop platforms",
+            "Get data is not supported on windows platform",
         )))
     }
 
     pub fn set_data(&self, _options: SetDataOptions) -> crate::Result<()> {
         Err(crate::Error::from(std::io::Error::other(
-            "Biometry is not supported on desktop platforms",
+            "Set data is not supported on windows platform",
         )))
     }
 
     pub fn remove_data(&self, _options: RemoveDataOptions) -> crate::Result<()> {
         Err(crate::Error::from(std::io::Error::other(
-            "Biometry is not supported on desktop platforms",
+            "Remove data is not supported on windows platform",
         )))
     }
 }