fix: biometric prompt is not shown

Author: wmontwe

…ings/ui/common/BiometricPasswordInput.kt …ings/ui/common/ProtectedPasswordInput.ktfeature/account/server/settings/src/main/kotlin/app/k9mail/feature/account/server/settings/ui/common/BiometricPasswordInput.kt renamed to feature/account/server/settings/src/main/kotlin/app/k9mail/feature/account/server/settings/ui/common/ProtectedPasswordInput.kt feature/account/server/settings/src/main/kotlin/app/k9mail/feature/account/server/settings/ui/common/BiometricPasswordInput.kt renamed to feature/account/server/settings/src/main/kotlin/app/k9mail/feature/account/server/settings/ui/common/ProtectedPasswordInput.kt

@@ -1,6 +1,6 @@
 package app.k9mail.feature.account.server.settings.ui.common
 
-import androidx.biometric.BiometricPrompt
+import androidx.activity.compose.LocalActivity
 import androidx.compose.foundation.layout.PaddingValues
 import androidx.compose.foundation.layout.fillMaxWidth
 import androidx.compose.runtime.Composable
@@ -11,30 +11,29 @@ import androidx.compose.runtime.remember
 import androidx.compose.runtime.setValue
 import androidx.compose.ui.Modifier
 import androidx.compose.ui.res.stringResource
-import androidx.fragment.app.FragmentActivity
 import app.k9mail.core.ui.compose.designsystem.molecule.input.InputLayout
-import app.k9mail.core.ui.compose.designsystem.molecule.input.PasswordInput
 import app.k9mail.core.ui.compose.designsystem.molecule.input.inputContentPadding
 import app.k9mail.feature.account.server.settings.R
 import kotlinx.coroutines.delay
+import net.thunderbird.feature.account.server.settings.ui.common.Authenticator
+import net.thunderbird.feature.account.server.settings.ui.common.BiometricAuthenticator
 import app.k9mail.core.ui.compose.designsystem.R as RDesign
 
 private const val SHOW_WARNING_DURATION = 5000L
 
 /**
  * Variant of [PasswordInput] that only allows the password to be unmasked after the user has authenticated using
- * [BiometricPrompt].
- *
- * Note: Due to limitations of [BiometricPrompt] this composable can only be used inside a [FragmentActivity].
+ * [Authenticator] that defaults to [BiometricAuthenticator].
  */
 @Composable
-fun BiometricPasswordInput(
+fun ProtectedPasswordInput(
     onPasswordChange: (String) -> Unit,
     modifier: Modifier = Modifier,
     password: String = "",
     isRequired: Boolean = false,
     errorMessage: String? = null,
     contentPadding: PaddingValues = inputContentPadding(),
+    authenticator: Authenticator? = null,
 ) {
     var biometricWarning by remember { mutableStateOf<String?>(value = null) }
 
@@ -56,13 +55,21 @@ fun BiometricPasswordInput(
         val needScreenLockMessage =
             stringResource(R.string.account_server_settings_password_authentication_screen_lock_required)
 
-        TextFieldOutlinedPasswordBiometric(
+        val resolvedAuthenticator: Authenticator = authenticator ?: run {
+            val activity = LocalActivity.current as androidx.fragment.app.FragmentActivity
+            BiometricAuthenticator(
+                activity = activity,
+                title = title,
+                subtitle = subtitle,
+                needScreenLockMessage = needScreenLockMessage,
+            )
+        }
+
+        ProtectedTextFieldOutlinedPassword(
             value = password,
             onValueChange = onPasswordChange,
-            authenticationTitle = title,
-            authenticationSubtitle = subtitle,
-            needScreenLockMessage = needScreenLockMessage,
             onWarningChange = { biometricWarning = it?.toString() },
+            authenticator = resolvedAuthenticator,
             label = stringResource(id = RDesign.string.designsystem_molecule_password_input_label),
             isRequired = isRequired,
             hasError = errorMessage != null,

feature/account/server/settings/src/main/kotlin/app/k9mail/feature/account/server/settings/ui/common/ProtectedTextFieldOutlinedPassword.kt

@@ -0,0 +1,86 @@
+package app.k9mail.feature.account.server.settings.ui.common
+
+import android.app.Activity
+import android.view.WindowManager
+import androidx.activity.compose.LocalActivity
+import androidx.compose.runtime.Composable
+import androidx.compose.runtime.DisposableEffect
+import androidx.compose.runtime.getValue
+import androidx.compose.runtime.mutableStateOf
+import androidx.compose.runtime.rememberCoroutineScope
+import androidx.compose.runtime.saveable.rememberSaveable
+import androidx.compose.runtime.setValue
+import androidx.compose.ui.Modifier
+import app.k9mail.core.ui.compose.designsystem.atom.textfield.TextFieldOutlinedPassword
+import kotlinx.coroutines.launch
+import net.thunderbird.core.outcome.Outcome
+import net.thunderbird.feature.account.server.settings.ui.common.Authenticator
+
+/**
+ * Variant of [TextFieldOutlinedPassword] that only allows the
+ * password to be unmasked after the user has authenticated using [Authenticator].
+ */
+@Suppress("LongParameterList")
+@Composable
+fun ProtectedTextFieldOutlinedPassword(
+    value: String,
+    onValueChange: (String) -> Unit,
+    onWarningChange: (CharSequence?) -> Unit,
+    authenticator: Authenticator,
+    modifier: Modifier = Modifier,
+    label: String? = null,
+    isEnabled: Boolean = true,
+    isReadOnly: Boolean = false,
+    isRequired: Boolean = false,
+    hasError: Boolean = false,
+) {
+    var isPasswordVisible by rememberSaveable { mutableStateOf(false) }
+    var isAuthenticated by rememberSaveable { mutableStateOf(false) }
+
+    val activity = LocalActivity.current as Activity
+    val scope = rememberCoroutineScope()
+
+    TextFieldOutlinedPassword(
+        value = value,
+        onValueChange = onValueChange,
+        modifier = modifier,
+        label = label,
+        isEnabled = isEnabled,
+        isReadOnly = isReadOnly,
+        isRequired = isRequired,
+        hasError = hasError,
+        isPasswordVisible = isPasswordVisible,
+        onPasswordVisibilityToggleClicked = {
+            if (isAuthenticated) {
+                isPasswordVisible = !isPasswordVisible
+                activity.setSecure(isPasswordVisible)
+            } else {
+                scope.launch {
+                    when (val outcome = authenticator.authenticate()) {
+                        is Outcome.Success -> {
+                            isAuthenticated = true
+                            isPasswordVisible = true
+                            onWarningChange(null)
+                            activity.setSecure(true)
+                        }
+                        is Outcome.Failure -> {
+                            onWarningChange(outcome.error)
+                        }
+                    }
+                }
+            }
+        },
+    )
+
+    DisposableEffect(key1 = "secureWindow") {
+        activity.setSecure(isPasswordVisible)
+
+        onDispose {
+            activity.setSecure(false)
+        }
+    }
+}
+
+private fun Activity.setSecure(secure: Boolean) {
+    window.setFlags(if (secure) WindowManager.LayoutParams.FLAG_SECURE else 0, WindowManager.LayoutParams.FLAG_SECURE)
+}

feature/account/server/settings/src/main/kotlin/app/k9mail/feature/account/server/settings/ui/common/ServerSettingsPasswordInput.kt

@@ -27,7 +27,7 @@ fun ServerSettingsPasswordInput(
             contentPadding = contentPadding,
         )
     } else {
-        BiometricPasswordInput(
+        ProtectedPasswordInput(
             onPasswordChange = onPasswordChange,
             modifier = modifier,
             password = password,

feature/account/server/settings/src/main/kotlin/app/k9mail/feature/account/server/settings/ui/common/TextFieldOutlinedPasswordBiometric.kt

@@ -0,0 +1,10 @@
+package net.thunderbird.feature.account.server.settings.ui.common
+
+import net.thunderbird.core.outcome.Outcome
+
+/**
+ * A functional interface for authenticating a user.
+ */
+fun interface Authenticator {
+    suspend fun authenticate(): Outcome<Unit, String>
+}

feature/account/server/settings/src/main/kotlin/net/thunderbird/feature/account/server/settings/ui/common/Authenticator.kt

@@ -0,0 +1,71 @@
+package net.thunderbird.feature.account.server.settings.ui.common
+
+import androidx.biometric.BiometricManager
+import androidx.biometric.BiometricPrompt
+import androidx.core.content.ContextCompat
+import androidx.fragment.app.FragmentActivity
+import kotlin.coroutines.resume
+import kotlinx.coroutines.suspendCancellableCoroutine
+import net.thunderbird.core.outcome.Outcome
+
+/**
+ * An [Authenticator] implementation that uses Android's BiometricPrompt to authenticate the user.
+ *
+ *  Note: Due to limitations of [androidx.biometric.BiometricPrompt] this composable can only be used inside a
+ *  [androidx.fragment.app.FragmentActivity].
+ *
+ * @param activity The FragmentActivity context to use for the BiometricPrompt.
+ * @param title The title to display on the biometric prompt.
+ * @param subtitle The subtitle to display on the biometric prompt.
+ * @param needScreenLockMessage The message to display when screen lock is required but not set
+ */
+class BiometricAuthenticator(
+    private val activity: FragmentActivity,
+    private val title: String,
+    private val subtitle: String,
+    private val needScreenLockMessage: String,
+) : Authenticator {
+
+    @Suppress("TooGenericExceptionCaught")
+    override suspend fun authenticate(): Outcome<Unit, String> = suspendCancellableCoroutine { continuation ->
+        val authenticationCallback = object : BiometricPrompt.AuthenticationCallback() {
+            override fun onAuthenticationSucceeded(result: BiometricPrompt.AuthenticationResult) {
+                if (continuation.isActive) continuation.resume(Outcome.Success(Unit))
+            }
+
+            override fun onAuthenticationError(errorCode: Int, errString: CharSequence) {
+                val message: String = when (errorCode) {
+                    BiometricPrompt.ERROR_HW_NOT_PRESENT,
+                    BiometricPrompt.ERROR_NO_DEVICE_CREDENTIAL,
+                    BiometricPrompt.ERROR_NO_BIOMETRICS,
+                    -> needScreenLockMessage
+
+                    else -> if (errString.isNotEmpty()) errString.toString() else "Authentication failed"
+                }
+                if (continuation.isActive) continuation.resume(Outcome.Failure(message))
+            }
+        }
+
+        val promptInfo = BiometricPrompt.PromptInfo.Builder()
+            .setAllowedAuthenticators(
+                BiometricManager.Authenticators.BIOMETRIC_STRONG or
+                    BiometricManager.Authenticators.BIOMETRIC_WEAK or
+                    BiometricManager.Authenticators.DEVICE_CREDENTIAL,
+            )
+            .setTitle(title)
+            .setSubtitle(subtitle)
+            .build()
+
+        val executor = ContextCompat.getMainExecutor(activity)
+        try {
+            BiometricPrompt(activity, executor, authenticationCallback).authenticate(promptInfo)
+        } catch (e: Exception) {
+            val message: String = e.message ?: "Unable to start biometric prompt"
+            if (continuation.isActive) continuation.resume(Outcome.Failure(message))
+        }
+
+        continuation.invokeOnCancellation {
+            // No explicit cancellation support for BiometricPrompt
+        }
+    }
+}