feat: allow set desired policy when checking biometric auth availability (#3)

* feat: allow set desired policy when checking biometric auth availability

* fix: move mapping LocalAuthenticationPolicy->LAPolicy. fix SwiftLint

* fix: disable compilation of code on platforms which do not support it

Author: AndriyVasyk

README.md

@@ -58,7 +58,7 @@ Use the provided methods to perform authentication tasks:
 
 ```swift
 // Check if biometric authentication is available
-if try await provider.checkBiometricAvailable() {
+if try await provider.checkBiometricAvailable(with: .biometrics) {
     // Set up biometric authentication
     if try await provider.setBiometricAuthentication(localizedReason: "Authenticate to access your data") {
         // Authenticate the user

Sources/LocalAuthenticationProvider/LAContext+Extensions.swift

@@ -0,0 +1,29 @@
+//
+//  LAContext+Extensions.swift
+//
+//
+//  Created by Andriy Vasyk on 02.09.2024.
+//
+
+import Foundation
+import LocalAuthentication
+
+extension LAContext {
+    internal func canEvaluate(policy: LocalAuthenticationPolicy, error: NSErrorPointer) -> Bool {
+        let localPolicy: LAPolicy
+        switch policy {
+        case .authentication:
+            localPolicy = .deviceOwnerAuthentication
+        case .biometrics:
+            localPolicy = .deviceOwnerAuthenticationWithBiometrics
+#if os(macOS)
+        case .watch:
+            localPolicy = .deviceOwnerAuthenticationWithWatch
+        case .biometricsOrWatch:
+            localPolicy = .deviceOwnerAuthenticationWithBiometricsOrWatch
+#endif
+        }
+
+        return self.canEvaluatePolicy(localPolicy, error: error)
+    }
+}

Sources/LocalAuthenticationProvider/LocalAuthenticationPolicy.swift

@@ -0,0 +1,24 @@
+//
+//  LocalAuthenticationPolicy.swift
+//
+//
+//  Created by Andriy Vasyk on 02.09.2024.
+//
+
+import Foundation
+
+public enum LocalAuthenticationPolicy: Int {
+    /// Device owner will be authenticated using a biometric method (Touch ID).
+    case biometrics = 1
+
+    /// Device owner will be authenticated by biometry or user password.
+    case authentication = 2
+
+#if os(macOS)
+    /// Device owner will be authenticated by Apple Watch.
+    case watch = 3
+
+    /// Device owner will be authenticated by biometry or Apple Watch.
+    case biometricsOrWatch = 4
+#endif
+}

Sources/LocalAuthenticationProvider/LocalAuthenticationProvider.swift

@@ -45,13 +45,12 @@ public final class LocalAuthenticationProvider: LocalAuthenticationProviderProto
     }
 
     /// Checks if biometric authentication is available on the device.
+    /// - Parameter policy: The policy to evaluate.
     /// - Returns: `true` if biometric authentication is available, `false` otherwise.
     /// - Throws: An appropriate `LocalAuthenticationError` if an error occurs during the check.
-    public func checkBiometricAvailable() async throws -> Bool {
+    public func checkBiometricAvailable(with policy: LocalAuthenticationPolicy) async throws -> Bool {
         var error: NSError?
-        if context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: &error) {
-            return true
-        } else if context.canEvaluatePolicy(.deviceOwnerAuthentication, error: &error) {
+        if context.canEvaluate(policy: policy, error: &error) {
             return true
         } else {
             if let error {
@@ -87,7 +86,7 @@ public final class LocalAuthenticationProvider: LocalAuthenticationProviderProto
     /// - Returns: `true` if biometric authentication was successfully set up, `false` otherwise.
     /// - Throws: An appropriate `LocalAuthenticationError` if an error occurs during setup.
     public func setBiometricAuthentication(localizedReason: String) async throws -> Bool {
-        if try await checkBiometricAvailable() {
+        if try await checkBiometricAvailable(with: .biometrics) {
             return try await context.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, localizedReason: localizedReason)
         } else {
             return false
@@ -99,7 +98,7 @@ public final class LocalAuthenticationProvider: LocalAuthenticationProviderProto
     /// - Returns: `true` if authentication was successful, `false` otherwise.
     /// - Throws: An appropriate `LocalAuthenticationError` if an error occurs during authentication.
     public func authenticate(localizedReason: String) async throws -> Bool {
-        if try await checkBiometricAvailable() {
+        if try await checkBiometricAvailable(with: .biometrics) {
             guard context.biometryType != .none else {
                 logger.error("\(#function) User face or fingerprint were not recognized")
                 throw LocalAuthenticationError.biometricError

Sources/LocalAuthenticationProvider/LocalAuthenticationProviderProtocol.swift

@@ -28,9 +28,10 @@ import Foundation
 public protocol LocalAuthenticationProviderProtocol {
     /// Checks if biometric authentication is available on the device.
     ///
+    /// - Parameter policy: The policy to evaluate.
     /// - Returns: `true` if biometric authentication is available, `false` otherwise.
     /// - Throws: An appropriate `LocalAuthenticationError` if an error occurs during the check.
-    func checkBiometricAvailable() async throws -> Bool
+    func checkBiometricAvailable(with policy: LocalAuthenticationPolicy) async throws -> Bool
 
     /// Sets up biometric authentication with the given localized reason, preparing for authentication but not initiating it immediately.
     ///

Tests/LocalAuthenticationProviderTests/LocalAuthenticationProviderTests.swift

@@ -29,19 +29,19 @@ final class LocalAuthenticationProviderTests: XCTestCase {
     func testCanEvaluatePolicyWhenOwnerAuthenticatedWithBiometrics() async throws {
         let context = MockLAContext(canEvaluatePolicies: [.deviceOwnerAuthenticationWithBiometrics])
         let provider = LocalAuthenticationProvider(context: context)
-        let checkBiometricsSuccess = try await provider.checkBiometricAvailable()
+        let checkBiometricsSuccess = try await provider.checkBiometricAvailable(with: .biometrics)
         XCTAssert(checkBiometricsSuccess)
     }
 
     func testCanEvaluatePolicyWhenOwnerNotAuthenticateWithBiometricsIssue() async throws {
-        let result = try await provider.checkBiometricAvailable()
+        let result = try await provider.checkBiometricAvailable(with: .biometrics)
         XCTAssertFalse(result)
     }
 
     func testCanEvaluatePolicyWhenOwnerAlreadyAuthenticated() async throws {
         let context = MockLAContext(canEvaluatePolicies: [.deviceOwnerAuthentication])
         let provider = LocalAuthenticationProvider(context: context)
-        let checkBiometricsSuccess = try await provider.checkBiometricAvailable()
+        let checkBiometricsSuccess = try await provider.checkBiometricAvailable(with: .authentication)
         XCTAssert(checkBiometricsSuccess)
     }
 
@@ -50,7 +50,7 @@ final class LocalAuthenticationProviderTests: XCTestCase {
         let context = MockLAContext(canEvaluatePolicyError: NSError(domain: "", code: errorCode))
         let provider = LocalAuthenticationProvider(context: context)
         do {
-            _ = try await provider.checkBiometricAvailable()
+            _ = try await provider.checkBiometricAvailable(with: .biometrics)
             XCTFail("Error must be thrown")
         } catch LocalAuthenticationError.deniedAccess {
         } catch {
@@ -63,7 +63,7 @@ final class LocalAuthenticationProviderTests: XCTestCase {
         let context = MockLAContext(canEvaluatePolicyError: NSError(domain: "", code: errorCode))
         let provider = LocalAuthenticationProvider(context: context)
         do {
-            _ = try await provider.checkBiometricAvailable()
+            _ = try await provider.checkBiometricAvailable(with: .biometrics)
             XCTFail(".noPasscodeSet error must be thrown")
         } catch LocalAuthenticationError.noPasscodeSet {
         } catch {
@@ -76,7 +76,7 @@ final class LocalAuthenticationProviderTests: XCTestCase {
         let context = MockLAContext(canEvaluatePolicyError: NSError(domain: "", code: errorCode))
         let provider = LocalAuthenticationProvider(context: context)
         do {
-            _ = try await provider.checkBiometricAvailable()
+            _ = try await provider.checkBiometricAvailable(with: .biometrics)
             XCTFail("Error must be thrown")
         } catch LocalAuthenticationError.biometricError {
         } catch {
@@ -89,7 +89,7 @@ final class LocalAuthenticationProviderTests: XCTestCase {
         let context = MockLAContext(canEvaluatePolicyError: NSError(domain: "", code: errorCode), biometryType: .faceID)
         let provider = LocalAuthenticationProvider(context: context)
         do {
-            _ = try await provider.checkBiometricAvailable()
+            _ = try await provider.checkBiometricAvailable(with: .biometrics)
             XCTFail("Error must be thrown")
         } catch LocalAuthenticationError.noFaceIdEnrolled {
         } catch {
@@ -102,7 +102,7 @@ final class LocalAuthenticationProviderTests: XCTestCase {
         let context = MockLAContext(canEvaluatePolicyError: NSError(domain: "", code: errorCode), biometryType: .touchID)
         let provider = LocalAuthenticationProvider(context: context)
         do {
-            _ = try await provider.checkBiometricAvailable()
+            _ = try await provider.checkBiometricAvailable(with: .biometrics)
             XCTFail("Error must be thrown")
         } catch LocalAuthenticationError.noFingerprintEnrolled {
         } catch {
@@ -116,7 +116,7 @@ final class LocalAuthenticationProviderTests: XCTestCase {
         let context = MockLAContext(canEvaluatePolicyError: expectedError)
         let provider = LocalAuthenticationProvider(context: context)
         do {
-            _ = try await provider.checkBiometricAvailable()
+            _ = try await provider.checkBiometricAvailable(with: .biometrics)
             XCTFail("Error must be thrown")
         } catch LocalAuthenticationError.error(let error) {
             XCTAssertEqual(error as NSError, expectedError)