Merge pull request #273 from TaskarCenterAtUW/bug-2050-Biometric-login-flow-issues

Bug 2050 biometric login flow issues

Author: srikanth-vg

GoInfoGame/GoInfoGame.xcodeproj/project.pbxproj

@@ -2674,7 +2674,7 @@
 				ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 37;
+				CURRENT_PROJECT_VERSION = 38;
 				DEVELOPMENT_TEAM = G8MQVE5WWW;
 				GENERATE_INFOPLIST_FILE = YES;
 				INFOPLIST_FILE = GoInfoGame/Info.plist;
@@ -2712,7 +2712,7 @@
 				ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor;
 				CODE_SIGN_IDENTITY = "Apple Development";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 37;
+				CURRENT_PROJECT_VERSION = 38;
 				DEVELOPMENT_TEAM = G8MQVE5WWW;
 				GENERATE_INFOPLIST_FILE = YES;
 				INFOPLIST_FILE = GoInfoGame/Info.plist;

GoInfoGame/GoInfoGame/Login/BiometricAuthManager.swift

@@ -15,6 +15,10 @@ struct BiometricAuthManager {
         case failure(String)
         case unavailable(String)
     }
+    
+    static func canEvaluateBiometrics() -> Bool {
+        return LAContext().canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: nil)
+    }
 
     static func authenticate(reason: String = "Authenticate to proceed", completion: @escaping (BiometricAuthResult) -> Void) {
         let context = LAContext()
@@ -33,9 +37,7 @@ struct BiometricAuthManager {
             }
         } else {
             let message = error?.localizedDescription ?? "Biometric authentication not available."
-            DispatchQueue.main.async {
-                completion(.unavailable(message))
-            }
+            completion(.unavailable(message))
         }
     }
 

GoInfoGame/GoInfoGame/Login/BiometricToggleView.swift

@@ -10,7 +10,7 @@ import LocalAuthentication
 
 struct BiometricToggleView: View {
     @Binding var isEnabled: Bool
-    let onToggleOn: () -> Void
+    let onToggleOn: (_ status: Bool) -> Void
 
     private var biometricToggleText: String {
         let context = LAContext()
@@ -24,12 +24,8 @@ struct BiometricToggleView: View {
         Toggle(isOn: Binding(
             get: { isEnabled },
             set: { newValue in
-                let wasOff = !isEnabled
                 isEnabled = newValue
-                if newValue && wasOff {
-                    // User turned it on manually
-                    onToggleOn()
-                }
+                onToggleOn(newValue)
             }
         )) {
             Text(biometricToggleText)

GoInfoGame/GoInfoGame/Login/PasswordAuthenticationPopupView.swift

@@ -63,7 +63,7 @@ struct PasswordAuthenticationPopupView: View {
 
     private func handleContinue() {
         let environment = APIConfiguration.shared.environment
-        let username = KeychainManager.load(.username, for: environment) ?? ""
+        let username = SessionManager.shared.username ?? ""
 
         viewModel.performBiometricEnrollment(
             username: username,

GoInfoGame/GoInfoGame/Login/SessionManager.swift

@@ -7,13 +7,16 @@
 
 import Foundation
 
-@MainActor
+//@MainActor
 final class SessionManager: ObservableObject {
     static let shared = SessionManager()
-    private init() {}
+    private init() {
+        username = KeychainManager.load(.username, for: APIConfiguration.shared.environment)
+    }
 
     @Published var isLoginSuccessful: Bool = false
     @Published var hasLoginFailed: Bool = false
+    private(set) var username: String? = nil
 
     var lastLoginPassword: String?
 
@@ -29,37 +32,40 @@ final class SessionManager: ObservableObject {
             setupType: .login,
             modelType: PosmLoginSuccessResponse.self
         ) { result in
-            DispatchQueue.main.async {
+            DispatchQueue.main.async { [weak self] in
                 switch result {
                 case .success(let response):
-                    _ = KeychainManager.save(.username, value: username, for: environment)
+                    self?.username = username
                     _ = KeychainManager.save(key: "accessToken", data: response.accessToken)
-                    self.lastLoginPassword = password
+                    self?.lastLoginPassword = password
 
-                    self.isLoginSuccessful = true
-                    self.hasLoginFailed = false
+                    self?.isLoginSuccessful = true
+                    self?.hasLoginFailed = false
                     completion(true, "")
 
                 case .failure(let error):
                     print("Login failed:", error)
-                    self.isLoginSuccessful = false
-                    self.hasLoginFailed = true
+                    self?.isLoginSuccessful = false
+                    self?.hasLoginFailed = true
                     completion(false, "Invalid credentials")
                 }
             }
         }
     }
 
     func savePasswordForBiometric(for environment: APIEnvironment) {
-        if let password = lastLoginPassword {
+        if let password = lastLoginPassword,
+         let username = username {
             _ = KeychainManager.save(.password, value: password, for: environment)
+            _ = KeychainManager.save(.username, value: username, for: environment)
+            setBiometricEnabled(true, for: environment)
+        } else {
+            print("❌ not able to save the biometric credentials.")
         }
-        setBiometricEnabled(true, for: environment)
     }
 
     func logout(environment: APIEnvironment, clearBiometricCreds: Bool = false) {
         if clearBiometricCreds {
-            _ = KeychainManager.delete(.username, for: environment)
             _ = KeychainManager.delete(.password, for: environment)
             setBiometricEnabled(false, for: environment)
         }

GoInfoGame/GoInfoGame/Login/View/PosmLogin.swift

@@ -94,11 +94,13 @@ struct PosmLoginView: View {
                                     } else {
                                         print("Missing credentials in Keychain")
                                         viewModel.hasLoginFailed = true
+                                        viewModel.loginFailedMessage = "Invalid Credentials"
                                     }
 
                                 case .failure(let message), .unavailable(let message):
                                     print("Biometric login failed: \(message)")
                                     viewModel.hasLoginFailed = true
+                                    viewModel.loginFailedMessage = message
                                 }
                             }
                         }) {
@@ -109,7 +111,7 @@ struct PosmLoginView: View {
                     }
 
                     if viewModel.hasLoginFailed {
-                        Text("Invalid Credentials")
+                        Text(viewModel.loginFailedMessage ??  "Invalid Credentials")
                             .foregroundColor(.red)
                             .padding(.top, 10)
                     }
@@ -127,9 +129,19 @@ struct PosmLoginView: View {
                 InitialView()
             }
         }
-        .alert("Invalid Credentials", isPresented: $viewModel.shouldShowValidationAlert) {
+        .alert(viewModel.errorMessage ?? "Invalid Credentials", isPresented: $viewModel.shouldShowValidationAlert) {
             Button("OK", role: .cancel) { }
         }
+        .alert("Enable Biometric Login?", isPresented: $viewModel.showBiometricPrompt) {
+            Button("Enable") {
+                viewModel.enableBiometrics(enable: true)
+            }
+            Button("Not Now", role: .cancel) {
+                viewModel.enableBiometrics(enable: false)
+            }
+        } message: {
+            Text("Would you like to use Face ID or Touch ID for faster logins?")
+        }
         .onReceive(NotificationCenter.default.publisher(for: Notification.Name("SessionExpired"))) { notification in
                     showAlert = true
                 }

GoInfoGame/GoInfoGame/Login/ViewModel/PosmLoginViewModel.swift

@@ -7,16 +7,18 @@
 
 import Foundation
 import SwiftUI
+import LocalAuthentication
 
-@MainActor
 class PosmLoginViewModel: ObservableObject {
     @Published var username: String = ""
     @Published var password: String = ""
     @Published var hasLoginFailed: Bool = false
+    @Published var loginFailedMessage: String? = nil
     @Published var isLoginSuccess: Bool = false
     @Published var errorMessage: String?
     @Published var isLoading = false
     @Published var shouldShowValidationAlert: Bool = false
+    @Published var showBiometricPrompt = false
 
     @AppStorage("loggedIn") private var loggedIn: Bool = false
 
@@ -28,6 +30,7 @@ class PosmLoginViewModel: ObservableObject {
         } else if password.isEmpty {
             errorMessage = "Password is required."
         } else {
+            errorMessage = nil
             return true
         }
 
@@ -43,13 +46,57 @@ class PosmLoginViewModel: ObservableObject {
         SessionManager.shared.performLogin(username: username, password: password, environment: environment) { [weak self] success, error  in
             guard let self = self else { return }
 
-            DispatchQueue.main.async {
-                self.isLoading = false
+            self.isLoading = false
+            self.loggedIn = success
+            let env = APIConfiguration.shared.environment
+            if success {
+                if canEvaluateBiometrics() {
+                    if !SessionManager.shared.hasDeclinedBiometric(for: env) {
+                        if !SessionManager.shared.isBiometricEnabled(for: env) ||
+                            (SessionManager.shared.isBiometricEnabled(for: env) && self.username != KeychainManager.load(.username, for: env)){
+                            self.showBiometricPrompt = true
+                            return
+                        }
+                    }
+                }
                 self.isLoginSuccess = success
+            } else {
                 self.hasLoginFailed = !success
-                self.loggedIn = success
             }
         }
     }
+    
+    private func canEvaluateBiometrics() -> Bool {
+        BiometricAuthManager.canEvaluateBiometrics()
+    }
+    
+    func enableBiometrics(enable: Bool) {
+        guard self.loggedIn else {
+            return
+        }
+        if enable, canEvaluateBiometrics() {
+            BiometricAuthManager.authenticate { [weak self] result in
+                switch result {
+                    case .success:
+                    if let username = self?.username,
+                       let password = self?.password {
+                        let env = APIConfiguration.shared.environment
+                        _ = KeychainManager.save(.username, value: username, for: env)
+                        _ = KeychainManager.save(.password, value: password, for: env)
+                        SessionManager.shared.setBiometricEnabled(true, for: env)
+                    }
+                    
+                case .failure(let message):
+                    print(message)
+                case .unavailable(let message):
+                    print(message)
+                }
+                self?.isLoginSuccess = true
+            }
+        } else {
+            SessionManager.shared.setDeclinedBiometric(true, for: APIConfiguration.shared.environment)
+            self.isLoginSuccess = true
+        }
+    }
 }
 

GoInfoGame/GoInfoGame/UI/InitialView/InitialView.swift

@@ -13,7 +13,6 @@ struct InitialView: View {
     @State private var selectedWorkspace: Workspace? = nil
     @StateObject private var locManagerDelegate = LocationManagerDelegate()
     @AppStorage("loggedIn") private var loggedIn: Bool = false
-    @State private var showBiometricPrompt = false
 
     var body: some View {
         NavigationStack {
@@ -60,20 +59,6 @@ struct InitialView: View {
                 }
             }
         }
-        .onAppear {
-            viewModel.checkBiometricOptInCondition(for: APIConfiguration.shared.environment)
-            showBiometricPrompt = viewModel.shouldShowBiometricOptInPrompt
-        }
-        .alert("Enable Biometric Login?", isPresented: $showBiometricPrompt) {
-            Button("Enable") {
-                viewModel.userAcceptedBiometricOptIn(for: APIConfiguration.shared.environment)
-            }
-            Button("Not Now", role: .cancel) {
-                viewModel.userDeclinedBiometricOptIn(for: APIConfiguration.shared.environment)
-            }
-        } message: {
-            Text("Would you like to use Face ID or Touch ID for faster logins?")
-        }
         .toolbar(.hidden)
     }
 }

GoInfoGame/GoInfoGame/UI/InitialView/InitialViewModel.swift

@@ -14,11 +14,10 @@ import LocalAuthentication
 @MainActor
 class InitialViewModel: ObservableObject {
     let locationManagerDelegate = LocationManagerDelegate()
-    @Published var workspaces: [Workspace] = [] 
+    @Published var workspaces: [Workspace] = []
     @Published var longQuests: [LongFormElement] = []
     @Published var isLoading: Bool = false
 
-    @Published var shouldShowBiometricOptInPrompt = false
     @Published var showBiometricIDError: Bool = false
     @Published var biometricIDErrorMessage: String?
 
@@ -32,30 +31,7 @@ class InitialViewModel: ObservableObject {
             guard let self = self else { return }
             fetchWorkspacesList()
         }
-        
-        checkBiometricOptInCondition(for: APIConfiguration.shared.environment)
     }
-    
-    func checkBiometricOptInCondition(for env: APIEnvironment) {
-           if !SessionManager.shared.isBiometricEnabled(for: env) &&
-              !SessionManager.shared.hasDeclinedBiometric(for: env) &&
-              KeychainManager.load(.username, for: env) != nil &&
-              SessionManager.shared.lastLoginPassword != nil {
-               shouldShowBiometricOptInPrompt = true
-           } else {
-               shouldShowBiometricOptInPrompt = false
-           }
-       }
-
-       func userAcceptedBiometricOptIn(for env: APIEnvironment) {
-           SessionManager.shared.setBiometricEnabled(true, for: env)
-           SessionManager.shared.setDeclinedBiometric(false, for: env)
-           SessionManager.shared.savePasswordForBiometric(for: env)
-       }
-
-       func userDeclinedBiometricOptIn(for env: APIEnvironment) {
-           SessionManager.shared.setDeclinedBiometric(true, for: env)
-       }
 
     // fetch workspaces list
     func fetchWorkspacesList() {

GoInfoGame/GoInfoGame/UserProfile/View/UserProfileView.swift

@@ -39,8 +39,12 @@ struct UserProfileView: View {
                     }
                     .padding([.bottom], 200)
 
-                    BiometricToggleView(isEnabled: $useBiometricID) {
-                        showPasswordAuthenticationView = true
+                    BiometricToggleView(isEnabled: $useBiometricID) {status in
+                        if status {
+                            showPasswordAuthenticationView = true
+                        } else {
+                            SessionManager.shared.logout(environment: APIConfiguration.shared.environment, clearBiometricCreds: true)
+                        }
                     }
                     .padding([.bottom], 30)
 
@@ -95,10 +99,6 @@ struct UserProfileView: View {
         Button {
             Utilities.clearAllData()
 
-            if useBiometricID == false {
-                SessionManager.shared.logout(environment: APIConfiguration.shared.environment, clearBiometricCreds: true)
-            }
-            
             if let window = UIApplication.window() {
                    window.rootViewController = UIHostingController(rootView: PosmLoginView())
                }