fix: correctly use biometrics result in passphrase cache flow

msfjarvis · msfjarvis · commit fe7aee24d497 · 2023-07-09T17:59:33.000+05:30
diff --git a/app/src/main/java/app/passwordstore/ui/autofill/AutofillDecryptActivity.kt b/app/src/main/java/app/passwordstore/ui/autofill/AutofillDecryptActivity.kt
@@ -18,6 +18,7 @@ import app.passwordstore.data.passfile.PasswordEntry
 import app.passwordstore.ui.crypto.BasePGPActivity
 import app.passwordstore.ui.crypto.PasswordDialog
 import app.passwordstore.util.auth.BiometricAuthenticator
+import app.passwordstore.util.auth.BiometricAuthenticator.Result
 import app.passwordstore.util.autofill.AutofillPreferences
 import app.passwordstore.util.autofill.AutofillResponseBuilder
 import app.passwordstore.util.autofill.DirectoryStructure
@@ -70,33 +71,49 @@ class AutofillDecryptActivity : BasePGPActivity() {
     directoryStructure = AutofillPreferences.directoryStructure(this)
     logcat { action.toString() }
     requireKeysExist {
-      val gpgIdentifiers = getPGPIdentifiers("") ?: return@requireKeysExist
       if (
         features.isEnabled(EnablePGPPassphraseCache) && BiometricAuthenticator.canAuthenticate(this)
       ) {
         BiometricAuthenticator.authenticate(
           this,
           R.string.biometric_prompt_title_gpg_passphrase_cache,
         ) { authResult ->
-          if (authResult is BiometricAuthenticator.Result.Success) {
-            lifecycleScope.launch {
-              val cachedPassphrase =
-                passphraseCache.retrieveCachedPassphrase(
-                  this@AutofillDecryptActivity,
-                  gpgIdentifiers.first()
-                )
-              if (cachedPassphrase != null) {
-                decrypt(File(filePath), clientState, action, cachedPassphrase)
-              } else {
-                askPassphrase(filePath, clientState, action)
-              }
-            }
+          decrypt(filePath, clientState, action, authResult)
+        }
+      } else {
+        decrypt(filePath, clientState, action, Result.Cancelled)
+      }
+    }
+  }
+
+  private fun decrypt(
+    filePath: String,
+    clientState: Bundle,
+    action: AutofillAction,
+    authResult: Result,
+  ) {
+    val gpgIdentifiers = getPGPIdentifiers("") ?: return
+    lifecycleScope.launch(dispatcherProvider.main()) {
+      when (authResult) {
+        // Internally handled by the prompt dialog
+        is Result.Retry -> {}
+        // If the dialog is dismissed for any reason, prompt for passphrase
+        is Result.Cancelled,
+        is Result.Failure,
+        is Result.HardwareUnavailableOrDisabled -> askPassphrase(filePath, clientState, action)
+        //
+        is Result.Success -> {
+          val cachedPassphrase =
+            passphraseCache.retrieveCachedPassphrase(
+              this@AutofillDecryptActivity,
+              gpgIdentifiers.first()
+            )
+          if (cachedPassphrase != null) {
+            decryptWithPassphrase(File(filePath), clientState, action, cachedPassphrase)
           } else {
             askPassphrase(filePath, clientState, action)
           }
         }
-      } else {
-        askPassphrase(filePath, clientState, action)
       }
     }
   }
@@ -107,15 +124,15 @@ class AutofillDecryptActivity : BasePGPActivity() {
       withContext(dispatcherProvider.main()) {
         dialog.password.collectLatest { value ->
           if (value != null) {
-            decrypt(File(filePath), clientState, action, value)
+            decryptWithPassphrase(File(filePath), clientState, action, value)
           }
         }
       }
     }
     dialog.show(supportFragmentManager, "PASSWORD_DIALOG")
   }
 
-  private suspend fun decrypt(
+  private suspend fun decryptWithPassphrase(
     filePath: File,
     clientState: Bundle,
     action: AutofillAction,
diff --git a/app/src/main/java/app/passwordstore/ui/crypto/DecryptActivity.kt b/app/src/main/java/app/passwordstore/ui/crypto/DecryptActivity.kt
@@ -18,6 +18,7 @@ import app.passwordstore.data.password.FieldItem
 import app.passwordstore.databinding.DecryptLayoutBinding
 import app.passwordstore.ui.adapters.FieldItemAdapter
 import app.passwordstore.util.auth.BiometricAuthenticator
+import app.passwordstore.util.auth.BiometricAuthenticator.Result
 import app.passwordstore.util.extensions.getString
 import app.passwordstore.util.extensions.unsafeLazy
 import app.passwordstore.util.extensions.viewBinding
@@ -77,7 +78,7 @@ class DecryptActivity : BasePGPActivity() {
         requireKeysExist { decrypt(isError = false, authResult) }
       }
     } else {
-      requireKeysExist { decrypt(isError = false, BiometricAuthenticator.Result.Cancelled) }
+      requireKeysExist { decrypt(isError = false, Result.Cancelled) }
     }
   }
 
@@ -149,27 +150,35 @@ class DecryptActivity : BasePGPActivity() {
     )
   }
 
-  private fun decrypt(isError: Boolean, authResult: BiometricAuthenticator.Result) {
+  private fun decrypt(isError: Boolean, authResult: Result) {
     val gpgIdentifiers = getPGPIdentifiers("") ?: return
     lifecycleScope.launch(dispatcherProvider.main()) {
-      if (authResult is BiometricAuthenticator.Result.Success) {
-        val cachedPassphrase =
-          passphraseCache.retrieveCachedPassphrase(this@DecryptActivity, gpgIdentifiers.first())
-        if (cachedPassphrase != null) {
-          decryptWithCachedPassphrase(cachedPassphrase, gpgIdentifiers, authResult)
-        } else {
+      when (authResult) {
+        // Internally handled by the prompt dialog
+        is Result.Retry -> {}
+        // If the dialog is dismissed for any reason, prompt for passphrase
+        is Result.Cancelled,
+        is Result.Failure,
+        is Result.HardwareUnavailableOrDisabled ->
           askPassphrase(isError, gpgIdentifiers, authResult)
+        //
+        is Result.Success -> {
+          val cachedPassphrase =
+            passphraseCache.retrieveCachedPassphrase(this@DecryptActivity, gpgIdentifiers.first())
+          if (cachedPassphrase != null) {
+            decryptWithCachedPassphrase(cachedPassphrase, gpgIdentifiers, authResult)
+          } else {
+            askPassphrase(isError, gpgIdentifiers, authResult)
+          }
         }
-      } else {
-        askPassphrase(isError, gpgIdentifiers, authResult)
       }
     }
   }
 
   private fun askPassphrase(
     isError: Boolean,
     gpgIdentifiers: List<PGPIdentifier>,
-    authResult: BiometricAuthenticator.Result,
+    authResult: Result,
   ) {
     if (retries < MAX_RETRIES) {
       retries += 1
@@ -189,7 +198,7 @@ class DecryptActivity : BasePGPActivity() {
               passwordEntry = entry
               createPasswordUI(entry)
               startAutoDismissTimer()
-              if (authResult is BiometricAuthenticator.Result.Success) {
+              if (authResult is Result.Success) {
                 passphraseCache.cachePassphrase(this@DecryptActivity, gpgIdentifiers.first(), value)
               }
             }
@@ -207,7 +216,7 @@ class DecryptActivity : BasePGPActivity() {
   private suspend fun decryptWithCachedPassphrase(
     passphrase: String,
     identifiers: List<PGPIdentifier>,
-    authResult: BiometricAuthenticator.Result,
+    authResult: Result,
   ) {
     when (val result = decryptWithPassphrase(passphrase, identifiers)) {
       is Ok -> {
