@onairos/react-native 3.1.16 → 3.1.17

package/src/services/biometricPinService.ts

@@ -1,193 +1,193 @@
-import * as Keychain from 'react-native-keychain';
-import { Platform } from 'react-native';
-
-// Service key for PIN storage
-const PIN_SERVICE_KEY = 'OnairosEventsPIN';
-const PIN_USERNAME = 'user_pin';
-
-export interface BiometricPinService {
-  storePinWithBiometric: (pin: string) => Promise<boolean>;
-  retrievePinWithBiometric: () => Promise<string | null>;
-  isPinStored: () => Promise<boolean>;
-  removePinFromStorage: () => Promise<boolean>;
-  isBiometricAvailable: () => Promise<boolean>;
-}
-
-/**
- * Check if biometric authentication is available on the device
- */
-export const isBiometricAvailable = async (): Promise<boolean> => {
-  try {
-    const biometryType = await Keychain.getSupportedBiometryType();
-    console.log('📱 Biometric support:', biometryType);
-    
-    // Check for Face ID on iOS or any biometric on Android
-    return biometryType === Keychain.BIOMETRY_TYPE.FACE_ID || 
-           biometryType === Keychain.BIOMETRY_TYPE.TOUCH_ID ||
-           biometryType === Keychain.BIOMETRY_TYPE.FINGERPRINT ||
-           biometryType === Keychain.BIOMETRY_TYPE.FACE ||
-           biometryType === Keychain.BIOMETRY_TYPE.IRIS;
-  } catch (error) {
-    console.error('❌ Error checking biometric availability:', error);
-    return false;
-  }
-};
-
-/**
- * Store PIN with biometric authentication
- */
-export const storePinWithBiometric = async (pin: string): Promise<boolean> => {
-  try {
-    console.log('🔐 Starting Face ID authentication for PIN storage...');
-    
-    // Check if biometric is available - REQUIRED for this implementation
-    const biometricAvailable = await isBiometricAvailable();
-    if (!biometricAvailable) {
-      console.error('❌ Face ID/Touch ID not available on this device');
-      return false;
-    }
-    
-    console.log('📱 Face ID available, showing authentication prompt...');
-    
-    // Configure keychain options for MANDATORY biometric authentication
-    const keychainOptions = {
-      accessControl: Keychain.ACCESS_CONTROL.BIOMETRY_CURRENT_SET,
-      authenticationType: Keychain.AUTHENTICATION_TYPE.BIOMETRICS,
-      touchID: true,
-      showModal: true,
-      kLocalizedFallbackTitle: '', // Disable fallback to prevent passcode option
-      // Add explicit prompts for better UX
-      ...(Platform.OS === 'ios' && {
-        localizedPrompt: 'Authenticate with Face ID to secure your PIN',
-        localizedCancel: 'Cancel',
-      }),
-      ...(Platform.OS === 'android' && {
-        promptMessage: 'Authenticate with biometric to secure your PIN',
-        cancelButtonText: 'Cancel',
-      })
-    } as const;
-    
-    // Store the PIN - this will trigger the Face ID prompt
-    console.log('👤 Requesting Face ID authentication...');
-    const result = await Keychain.setInternetCredentials(
-      PIN_SERVICE_KEY,
-      PIN_USERNAME,
-      pin,
-      keychainOptions
-    );
-    
-    console.log('✅ Face ID authentication successful - PIN stored securely');
-    console.log('🔍 Keychain storage result:', result);
-    return true;
-    
-  } catch (error: any) {
-    console.error('❌ Face ID authentication failed:', error);
-    console.error('❌ Error details:', {
-      message: error.message,
-      code: error.code,
-      domain: error.domain,
-      userInfo: error.userInfo
-    });
-    
-    // Handle specific error cases
-    if (error?.message?.includes('UserCancel') || error?.code === -128) {
-      console.log('👤 User cancelled Face ID authentication');
-      return false;
-    } else if (error?.message?.includes('BiometryNotAvailable') || error?.code === -6) {
-      console.log('📱 Face ID/Touch ID not available');
-      return false;
-    } else if (error?.message?.includes('AuthenticationFailed') || error?.code === -1) {
-      console.log('🚫 Face ID authentication failed');
-      return false;
-    } else if (error?.message?.includes('BiometryLockout') || error?.code === -8) {
-      console.log('🔒 Face ID locked out - too many failed attempts');
-      return false;
-    }
-    
-    console.error('❌ Unknown Face ID error:', error.message);
-    return false;
-  }
-};
-
-/**
- * Retrieve PIN with biometric authentication
- */
-export const retrievePinWithBiometric = async (): Promise<string | null> => {
-  try {
-    console.log('🔓 Retrieving PIN with biometric authentication...');
-    
-    // Retrieve the PIN (will prompt for biometric if configured)
-    const credentials = await Keychain.getInternetCredentials(PIN_SERVICE_KEY);
-    
-    if (credentials && credentials.password) {
-      console.log('✅ PIN retrieved successfully');
-      return credentials.password;
-    } else {
-      console.log('⚠️ No PIN found in secure storage');
-      return null;
-    }
-    
-  } catch (error: any) {
-    console.error('❌ Error retrieving PIN with biometric:', error);
-    
-    // Handle specific error cases
-    if (error?.message?.includes('UserCancel')) {
-      console.log('👤 User cancelled biometric authentication');
-      return null;
-    } else if (error?.message?.includes('BiometryNotAvailable')) {
-      console.log('📱 Biometric not available');
-      return null;
-    }
-    
-    return null;
-  }
-};
-
-/**
- * Check if PIN is stored in secure storage
- */
-export const isPinStored = async (): Promise<boolean> => {
-  try {
-    const credentials = await Keychain.getInternetCredentials(PIN_SERVICE_KEY);
-    return !!(credentials && credentials.password);
-  } catch (error: any) {
-    console.error('❌ Error checking PIN storage:', error);
-    return false;
-  }
-};
-
-/**
- * Remove PIN from secure storage
- */
-export const removePinFromStorage = async (): Promise<boolean> => {
-  try {
-    console.log('🗑️ Removing PIN from secure storage...');
-    
-    // For v10.0.0, we need to use resetGenericPassword instead of resetInternetCredentials
-    // or handle the API difference properly
-    try {
-      await Keychain.resetGenericPassword({ service: PIN_SERVICE_KEY });
-      console.log('✅ PIN removed successfully');
-      return true;
-    } catch (resetError) {
-      // Fallback: try the old API
-      console.log('🔄 Trying alternative reset method...');
-      const result = await (Keychain as any).resetInternetCredentials(PIN_SERVICE_KEY);
-      console.log('✅ PIN removed successfully with fallback method');
-      return true;
-    }
-    
-  } catch (error: any) {
-    console.error('❌ Error removing PIN from storage:', error);
-    return false;
-  }
-};
-
-// Export the service object
-export const biometricPinService: BiometricPinService = {
-  storePinWithBiometric,
-  retrievePinWithBiometric,
-  isPinStored,
-  removePinFromStorage,
-  isBiometricAvailable,
+import * as Keychain from 'react-native-keychain';
+import { Platform } from 'react-native';
+
+// Service key for PIN storage
+const PIN_SERVICE_KEY = 'OnairosEventsPIN';
+const PIN_USERNAME = 'user_pin';
+
+export interface BiometricPinService {
+  storePinWithBiometric: (pin: string) => Promise<boolean>;
+  retrievePinWithBiometric: () => Promise<string | null>;
+  isPinStored: () => Promise<boolean>;
+  removePinFromStorage: () => Promise<boolean>;
+  isBiometricAvailable: () => Promise<boolean>;
+}
+
+/**
+ * Check if biometric authentication is available on the device
+ */
+export const isBiometricAvailable = async (): Promise<boolean> => {
+  try {
+    const biometryType = await Keychain.getSupportedBiometryType();
+    console.log('📱 Biometric support:', biometryType);
+    
+    // Check for Face ID on iOS or any biometric on Android
+    return biometryType === Keychain.BIOMETRY_TYPE.FACE_ID || 
+           biometryType === Keychain.BIOMETRY_TYPE.TOUCH_ID ||
+           biometryType === Keychain.BIOMETRY_TYPE.FINGERPRINT ||
+           biometryType === Keychain.BIOMETRY_TYPE.FACE ||
+           biometryType === Keychain.BIOMETRY_TYPE.IRIS;
+  } catch (error) {
+    console.error('❌ Error checking biometric availability:', error);
+    return false;
+  }
+};
+
+/**
+ * Store PIN with biometric authentication
+ */
+export const storePinWithBiometric = async (pin: string): Promise<boolean> => {
+  try {
+    console.log('🔐 Starting Face ID authentication for PIN storage...');
+    
+    // Check if biometric is available - REQUIRED for this implementation
+    const biometricAvailable = await isBiometricAvailable();
+    if (!biometricAvailable) {
+      console.error('❌ Face ID/Touch ID not available on this device');
+      return false;
+    }
+    
+    console.log('📱 Face ID available, showing authentication prompt...');
+    
+    // Configure keychain options for MANDATORY biometric authentication
+    const keychainOptions = {
+      accessControl: Keychain.ACCESS_CONTROL.BIOMETRY_CURRENT_SET,
+      authenticationType: Keychain.AUTHENTICATION_TYPE.BIOMETRICS,
+      touchID: true,
+      showModal: true,
+      kLocalizedFallbackTitle: '', // Disable fallback to prevent passcode option
+      // Add explicit prompts for better UX
+      ...(Platform.OS === 'ios' && {
+        localizedPrompt: 'Authenticate with Face ID to secure your PIN',
+        localizedCancel: 'Cancel',
+      }),
+      ...(Platform.OS === 'android' && {
+        promptMessage: 'Authenticate with biometric to secure your PIN',
+        cancelButtonText: 'Cancel',
+      })
+    } as const;
+    
+    // Store the PIN - this will trigger the Face ID prompt
+    console.log('👤 Requesting Face ID authentication...');
+    const result = await Keychain.setInternetCredentials(
+      PIN_SERVICE_KEY,
+      PIN_USERNAME,
+      pin,
+      keychainOptions
+    );
+    
+    console.log('✅ Face ID authentication successful - PIN stored securely');
+    console.log('🔍 Keychain storage result:', result);
+    return true;
+    
+  } catch (error: any) {
+    console.error('❌ Face ID authentication failed:', error);
+    console.error('❌ Error details:', {
+      message: error.message,
+      code: error.code,
+      domain: error.domain,
+      userInfo: error.userInfo
+    });
+    
+    // Handle specific error cases
+    if (error?.message?.includes('UserCancel') || error?.code === -128) {
+      console.log('👤 User cancelled Face ID authentication');
+      return false;
+    } else if (error?.message?.includes('BiometryNotAvailable') || error?.code === -6) {
+      console.log('📱 Face ID/Touch ID not available');
+      return false;
+    } else if (error?.message?.includes('AuthenticationFailed') || error?.code === -1) {
+      console.log('🚫 Face ID authentication failed');
+      return false;
+    } else if (error?.message?.includes('BiometryLockout') || error?.code === -8) {
+      console.log('🔒 Face ID locked out - too many failed attempts');
+      return false;
+    }
+    
+    console.error('❌ Unknown Face ID error:', error.message);
+    return false;
+  }
+};
+
+/**
+ * Retrieve PIN with biometric authentication
+ */
+export const retrievePinWithBiometric = async (): Promise<string | null> => {
+  try {
+    console.log('🔓 Retrieving PIN with biometric authentication...');
+    
+    // Retrieve the PIN (will prompt for biometric if configured)
+    const credentials = await Keychain.getInternetCredentials(PIN_SERVICE_KEY);
+    
+    if (credentials && credentials.password) {
+      console.log('✅ PIN retrieved successfully');
+      return credentials.password;
+    } else {
+      console.log('⚠️ No PIN found in secure storage');
+      return null;
+    }
+    
+  } catch (error: any) {
+    console.error('❌ Error retrieving PIN with biometric:', error);
+    
+    // Handle specific error cases
+    if (error?.message?.includes('UserCancel')) {
+      console.log('👤 User cancelled biometric authentication');
+      return null;
+    } else if (error?.message?.includes('BiometryNotAvailable')) {
+      console.log('📱 Biometric not available');
+      return null;
+    }
+    
+    return null;
+  }
+};
+
+/**
+ * Check if PIN is stored in secure storage
+ */
+export const isPinStored = async (): Promise<boolean> => {
+  try {
+    const credentials = await Keychain.getInternetCredentials(PIN_SERVICE_KEY);
+    return !!(credentials && credentials.password);
+  } catch (error: any) {
+    console.error('❌ Error checking PIN storage:', error);
+    return false;
+  }
+};
+
+/**
+ * Remove PIN from secure storage
+ */
+export const removePinFromStorage = async (): Promise<boolean> => {
+  try {
+    console.log('🗑️ Removing PIN from secure storage...');
+    
+    // For v10.0.0, we need to use resetGenericPassword instead of resetInternetCredentials
+    // or handle the API difference properly
+    try {
+      await Keychain.resetGenericPassword({ service: PIN_SERVICE_KEY });
+      console.log('✅ PIN removed successfully');
+      return true;
+    } catch (resetError) {
+      // Fallback: try the old API
+      console.log('🔄 Trying alternative reset method...');
+      const result = await (Keychain as any).resetInternetCredentials(PIN_SERVICE_KEY);
+      console.log('✅ PIN removed successfully with fallback method');
+      return true;
+    }
+    
+  } catch (error: any) {
+    console.error('❌ Error removing PIN from storage:', error);
+    return false;
+  }
+};
+
+// Export the service object
+export const biometricPinService: BiometricPinService = {
+  storePinWithBiometric,
+  retrievePinWithBiometric,
+  isPinStored,
+  removePinFromStorage,
+  isBiometricAvailable,
 };