expo-secure-store 12.7.0 → 12.8.0

package/CHANGELOG.md

@@ -10,6 +10,13 @@
 
 ### 💡 Others
 
+## 12.8.0 — 2023-12-12
+
+### 🎉 New features
+
+- [iOS] Added possibility to store values that require authentication and ones that don't under the same `keychainService`. ([#23841](https://github.com/expo/expo/pull/23841) by [@behenate](https://github.com/behenate))
+- [iOS] Added synchronous functions for storing and retrieving values from the store. ([#23841](https://github.com/expo/expo/pull/23841) by [@behenate](https://github.com/behenate))
+
 ## 12.7.0 — 2023-11-14
 
 ### 🛠 Breaking changes

package/android/build.gradle

@@ -3,7 +3,7 @@ apply plugin: 'kotlin-android'
 apply plugin: 'maven-publish'
 
 group = 'host.exp.exponent'
-version = '12.7.0'
+version = '12.8.0'
 
 def expoModulesCorePlugin = new File(project(":expo-modules-core").projectDir.absolutePath, "ExpoModulesCorePlugin.gradle")
 if (expoModulesCorePlugin.exists()) {
@@ -94,7 +94,7 @@ android {
   namespace "expo.modules.securestore"
   defaultConfig {
     versionCode 17
-    versionName '12.7.0'
+    versionName '12.8.0'
   }
 }
 

package/ios/SecureStoreModule.swift

@@ -17,20 +17,22 @@ public final class SecureStoreModule: Module {
     ])
 
     AsyncFunction("getValueWithKeyAsync") { (key: String, options: SecureStoreOptions) -> String? in
-      guard let key = validate(for: key) else {
-        throw InvalidKeyException()
-      }
+      return try get(with: key, options: options)
+    }
 
-      let data = try searchKeyChain(with: key, options: options)
+    Function("getValueWithKeySync") { (key: String, options: SecureStoreOptions) -> String? in
+      return try get(with: key, options: options)
+    }
 
-      guard let data = data else {
-        return nil
+    AsyncFunction("setValueWithKeyAsync") { (value: String, key: String, options: SecureStoreOptions) -> Bool in
+      guard let key = validate(for: key) else {
+        throw InvalidKeyException()
       }
 
-      return String(data: data, encoding: .utf8)
+      return try set(value: value, with: key, options: options)
     }
 
-    AsyncFunction("setValueWithKeyAsync") { (value: String, key: String, options: SecureStoreOptions) -> Bool in
+    Function("setValueWithKeySync") {(value: String, key: String, options: SecureStoreOptions) -> Bool in
       guard let key = validate(for: key) else {
         throw InvalidKeyException()
       }
@@ -39,33 +41,61 @@ public final class SecureStoreModule: Module {
     }
 
     AsyncFunction("deleteValueWithKeyAsync") { (key: String, options: SecureStoreOptions) in
-      let searchDictionary = query(with: key, options: options)
-      SecItemDelete(searchDictionary as CFDictionary)
+      let noAuthSearchDictionary = query(with: key, options: options, requireAuthentication: false)
+      let authSearchDictionary = query(with: key, options: options, requireAuthentication: true)
+      let legacySearchDictionary = query(with: key, options: options)
+
+      SecItemDelete(legacySearchDictionary as CFDictionary)
+      SecItemDelete(authSearchDictionary as CFDictionary)
+      SecItemDelete(noAuthSearchDictionary as CFDictionary)
     }
   }
 
+  private func get(with key: String, options: SecureStoreOptions) throws -> String? {
+    guard let key = validate(for: key) else {
+      throw InvalidKeyException()
+    }
+
+    if let unauthenticatedItem = try searchKeyChain(with: key, options: options, requireAuthentication: false) {
+      return String(data: unauthenticatedItem, encoding: .utf8)
+    }
+
+    if let authenticatedItem = try searchKeyChain(with: key, options: options, requireAuthentication: true) {
+      return String(data: authenticatedItem, encoding: .utf8)
+    }
+
+    if let legacyItem = try searchKeyChain(with: key, options: options) {
+      return String(data: legacyItem, encoding: .utf8)
+    }
+
+    return nil
+  }
+
   private func set(value: String, with key: String, options: SecureStoreOptions) throws -> Bool {
-    var query = query(with: key, options: options)
+    var setItemQuery = query(with: key, options: options, requireAuthentication: options.requireAuthentication)
 
     let valueData = value.data(using: .utf8)
-    query[kSecValueData as String] = valueData
+    setItemQuery[kSecValueData as String] = valueData
 
     let accessibility = attributeWith(options: options)
 
     if !options.requireAuthentication {
-      query[kSecAttrAccessible as String] = accessibility
+      setItemQuery[kSecAttrAccessible as String] = accessibility
     } else {
       guard let _ = Bundle.main.infoDictionary?["NSFaceIDUsageDescription"] as? String else {
         throw MissingPlistKeyException()
       }
       let accessOptions = SecAccessControlCreateWithFlags(kCFAllocatorDefault, accessibility, SecAccessControlCreateFlags.biometryCurrentSet, nil)
-      query[kSecAttrAccessControl as String] = accessOptions
+      setItemQuery[kSecAttrAccessControl as String] = accessOptions
     }
 
-    let status = SecItemAdd(query as CFDictionary, nil)
+    let status = SecItemAdd(setItemQuery as CFDictionary, nil)
 
     switch status {
     case errSecSuccess:
+      // On success we want to remove the other key alias and legacy key (if they exist) to avoid conflicts during reads
+      SecItemDelete(query(with: key, options: options) as CFDictionary)
+      SecItemDelete(query(with: key, options: options, requireAuthentication: !options.requireAuthentication) as CFDictionary)
       return true
     case errSecDuplicateItem:
       return try update(value: value, with: key, options: options)
@@ -75,7 +105,7 @@ public final class SecureStoreModule: Module {
   }
 
   private func update(value: String, with key: String, options: SecureStoreOptions) throws -> Bool {
-    var query = query(with: key, options: options)
+    var query = query(with: key, options: options, requireAuthentication: options.requireAuthentication)
 
     let valueData = value.data(using: .utf8)
     let updateDictionary = [kSecValueData as String: valueData]
@@ -93,8 +123,8 @@ public final class SecureStoreModule: Module {
     }
   }
 
-  private func searchKeyChain(with key: String, options: SecureStoreOptions) throws -> Data? {
-    var query = query(with: key, options: options)
+  private func searchKeyChain(with key: String, options: SecureStoreOptions, requireAuthentication: Bool? = nil) throws -> Data? {
+    var query = query(with: key, options: options, requireAuthentication: requireAuthentication)
 
     query[kSecMatchLimit as String] = kSecMatchLimitOne
     query[kSecReturnData as String] = kCFBooleanTrue
@@ -119,8 +149,12 @@ public final class SecureStoreModule: Module {
     }
   }
 
-  private func query(with key: String, options: SecureStoreOptions) -> [String: Any] {
-    let service = options.keychainService ?? "app"
+  private func query(with key: String, options: SecureStoreOptions, requireAuthentication: Bool? = nil) -> [String: Any] {
+    var service = options.keychainService ?? "app"
+    if let requireAuthentication {
+      service.append(":\(requireAuthentication ? "auth" : "no-auth")")
+    }
+
     let encodedKey = Data(key.utf8)
 
     return [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "expo-secure-store",
-  "version": "12.7.0",
+  "version": "12.8.0",
   "description": "Provides a way to encrypt and securely store key–value pairs locally on the device.",
   "main": "build/SecureStore.js",
   "types": "build/SecureStore.d.ts",
@@ -42,5 +42,5 @@
   "peerDependencies": {
     "expo": "*"
   },
-  "gitHead": "3142a086578deffd8704a8f1b6f0f661527d836c"
+  "gitHead": "6aca7ce098ddc667776a3d7cf612adbb985e264a"
 }