Biometrics lock (Lock app with FaceID/TouchID/iOS Password)

[bgoncal]

Summary

Concept for locking the HA app using iOS biometrics. (FaceID wasn't working on my simulator, thats why the video shows password instead).

Pending:

• Localised copy
• Better error logging
• Remove print statements

Screenshots

[codecov]

Codecov Report

Attention: 474 lines in your changes are missing coverage. Please review.

Comparison is base (8f7f0ec) 28.37% compared to head (eec44b0) 28.16%.
Report is 3 commits behind head on master.

❗ Current head eec44b0 differs from pull request most recent head 5dbb72e. Consider uploading reports for the commit 5dbb72e to get more accurate results

Files	Patch %	Lines
...dentialsSharing/ThreadCredentialsSharingView.swift	0.00%	117 Missing ⚠️
Sources/App/WebView/WebViewController.swift	0.00%	85 Missing ⚠️
...thentication/BiometricsAuthenticationService.swift	0.00%	82 Missing ⚠️
...alsSharing/ThreadCredentialsSharingViewModel.swift	38.46%	24 Missing ⚠️
...ces/App/Settings/DebugSettingsViewController.swift	0.00%	21 Missing ⚠️
...rces/Shared/DesignSystem/Components/CardView.swift	0.00%	21 Missing ⚠️
...App/Settings/Security/SecurityViewController.swift	0.00%	18 Missing ⚠️
...rces/Shared/DesignSystem/Components/HAButton.swift	0.00%	14 Missing ⚠️
...es/Shared/LocalAuthentication/BiometricsView.swift	0.00%	14 Missing ⚠️
Sources/Shared/Environment/MatterWrapper.swift	0.00%	12 Missing ⚠️
... and 14 more

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2398      +/-   ##
==========================================
- Coverage   28.37%   28.16%   -0.21%     
==========================================
  Files         273      290      +17     
  Lines       30284    30834     +550     
==========================================
+ Hits         8593     8685      +92     
- Misses      21691    22149     +458     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[zacwest]

the hard part here is also blocking the ui while this should be happening, and e.g. in the app switcher. how would you imagine this to be implemented?

[bgoncal]

Usually most apps blur the UI using and overlay UIView, what do you think? I'd go for that, although at least in the simulator I wasn't able to dismiss iOS biometric/password screen (which is visible in the video), so maybe it is already doing that.

[bgoncal]

Something like this, I just added to the PR, but Im not 100% sure the App Switcher will show this overlay if the user has already authenticated.

[home-assistant]

Please take a look at the requested changes, and use the Ready for review button when you are done, thanks 👍

Learn more about our pull request process.

[zacwest]

every time

[zacwest]

what should we tell the user if they fail to do this? should we have on-screen ui that says an error?

[bgoncal]

If the user can't authenticate neither with biometrics or password then the user is locked out, I would say this is very edge case since it's credentials are the same as the iOS/macOS device. Any suggestion?

[zacwest]

how does this work on catalyst? should we hide it or make it available -- if the latter, how do we deal with e.g. the settings scene?

[bgoncal]

In catalyst it was a bit trickier, because of the "enter background/foreground" thats happens all the time even with the touchID dialog, I treated it with an extra logic to only reauthenticate when the user has reply enter background.

When the user open settings scene, the main web view scene locks again until the user unlocks it.

Screen.Recording.2023-11-16.at.16.33.08.mov

RPReplay_Final1700149090.MP4

[zacwest]

what happens if the user gets signed out (e.g. remotely, due to token) while this is happening?

[bgoncal]

How can I easily reproduce that? I think the overlay will stay there, but it's nice to verify

[zacwest]

go into your user profile & delete the token for your device in your profile. you can do it from the same machine or other.

if the overlay stays, it may be worth killing it off since there's nothing it's protecting (if it's the last account) and may block signing into something new. there's no way to get to settings during onboarding.

[bgoncal]

Tested. Indeed the "lock screen" was still being shown even with no servers. So I updated it in a way that the user needs to authenticate one last time after the token expires, and then the biometric lock will be disabled and only reenabled if the user sets up a new server and manually enables the toggle.

[zacwest]

go into your user profile & delete the token for your device in your profile. you can do it from the same machine or other.

if the overlay stays, it may be worth killing it off since there's nothing it's protecting (if it's the last account) and may block signing into something new. there's no way to get to settings during onboarding.

[zacwest]

i think things seem good, but i am a little worried about the 'protect' part and how it works with multiple windows happening

[zacwest]

bad merge?

[zacwest]

what happens if there are multiple windows open? e.g. multi-scene support on iPad.

i think you probably want to either collate all the windows during the lock phase, or make this chain off the WebViewWindowController itself, but synchronize the unlock status

[bgoncal]

I think I will start over with this implementation, I liked your idea of sync status. Another question... should we allow shortcut actions if the app is locked?

[zacwest]

I think it becomes really hard to do locking if we disallow extensions to do work. Most of them do not support being able to prompt the user for permission.

We could either:

• tell the user it won't lock extensions
• disallow extensions entirely if lock is enabled (where we cannot prompt)
• allow the user to choose which extensions should be allowed

Maybe we could add more control in app but I think the first one sounds easiest for now.

[bgoncal]

Closing PR, I will start over with a better foundation for locking the app