gui: deny execution of hold&ask events immediately if unavailable (#749)

russellhancox · web-flow · commit 890908291302 · 2026-01-27T20:03:55.000-05:00
Prior to this change, if a hold &amp; ask execution triggered a Santa dialog
but biometry is not available (and the
`EnableStandalonePasswordFallback` key is not set to true) the execution
would remain held until the dialog was dismissed. With this change, the
execution will be denied immediately.
diff --git a/Source/gui/SNTBinaryMessageWindowView.swift b/Source/gui/SNTBinaryMessageWindowView.swift
@@ -250,9 +250,18 @@ struct SNTBinaryMessageWindowView: View {
 
   @State public var preventFutureNotifications = false
   @State public var preventFutureNotificationPeriod: TimeInterval = NotificationSilencePeriods[0]
+  @State private var repliedToCallback = false
 
   let c = SNTConfigurator.configurator()
 
+  func callReplyCallback(_ response: Bool) {
+    guard !repliedToCallback else { return }
+    repliedToCallback = true
+    if let cb = replyCallback {
+      cb(response)
+    }
+  }
+
   func getDismissText() -> String? {
     if event?.needsBundleHash ?? false && !bundleProgress.isFinished {
       return "Cancel"
@@ -290,8 +299,14 @@ struct SNTBinaryMessageWindowView: View {
       if event?.holdAndAsk ?? false {
         let (canAuthz, err) = CanAuthorizeWithTouchID()
         if !canAuthz {
-          if let errMsg = err {
-            Text(errMsg.localizedDescription).foregroundColor(.red)
+          Group {
+            if let errMsg = err {
+              Text(errMsg.localizedDescription).foregroundColor(.red)
+            }
+          }.task {
+            // If this is a holdAndAsk event but TouchID is not available,
+            // call the reply block immediately with false.
+            let _ = callReplyCallback(false)
           }
         }
       }
@@ -342,9 +357,7 @@ struct SNTBinaryMessageWindowView: View {
       }
     }
 
-    if let callback = replyCallback {
-      callback(false)
-    }
+    callReplyCallback(false)
 
     window?.close()
 
@@ -357,22 +370,15 @@ struct SNTBinaryMessageWindowView: View {
   // the "Open Event" button.
   func standAloneButton() {
     guard let e = self.event else {
-      if let cb = self.replyCallback {
-        cb(false)
+      DispatchQueue.main.async {
+        callReplyCallback(false)
       }
       return
     }
 
-    // Force unwrap the callback because it should always be set and is a
-    // programming error if it isn't.
-    //
-    // Note: this may prevent other replyBlocks from being run, but should only
-    // crash the GUI process meaning policy decisions will still be enforced.
-    let callback = self.replyCallback!;
-
     SNTAuthorizationHelper.authorizeExecution(for: e) { success in
-      callback(success)
       DispatchQueue.main.sync {
+        callReplyCallback(success)
         window?.close()
       }
     }
@@ -388,9 +394,7 @@ struct SNTBinaryMessageWindowView: View {
     }
 
     // Close the window after responding to the block.
-    if let callback = replyCallback {
-      callback(false)
-    }
+    callReplyCallback(false)
     window?.close()
   }
 }
