PM-11979: Allow PIN unlock to configure biometric integrity if needed (…

…#918)
bitwarden · Sep 11, 2024 · 121a26d · 121a26d
1 parent 261bb86
commit 121a26d
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 2 deletions.
diff --git a/BitwardenShared/Core/Auth/Repositories/AuthRepository.swift b/BitwardenShared/Core/Auth/Repositories/AuthRepository.swift
@@ -959,8 +959,7 @@ extension DefaultAuthRepository: AuthRepository {
 
             try await configureBiometricUnlockIfRequired()
         case .pin:
-            // No-op: nothing extra to do for pin unlock.
-            break
+            try await configureBiometricUnlockIfRequired()
         }
 
         _ = try await trustDeviceService.trustDeviceIfNeeded()

diff --git a/BitwardenShared/Core/Auth/Repositories/AuthRepositoryTests.swift b/BitwardenShared/Core/Auth/Repositories/AuthRepositoryTests.swift
@@ -1742,6 +1742,37 @@ class AuthRepositoryTests: BitwardenTestCase { // swiftlint:disable:this type_bo
         )
         XCTAssertFalse(vaultTimeoutService.isLocked(userId: "1"))
         XCTAssertTrue(vaultTimeoutService.unlockVaultHadUserInteraction)
+        XCTAssertFalse(biometricsRepository.didConfigureBiometricIntegrity)
+    }
+
+    /// `unlockVaultWithPIN(_:)` unlocks the vault with the user's PIN and configures biometric
+    /// integrity if needed.
+    func test_unlockVaultWithPIN_configuresBiometrics() async throws {
+        let account = Account.fixture()
+        stateService.activeAccount = account
+        stateService.accountEncryptionKeys = [
+            "1": AccountEncryptionKeys(encryptedPrivateKey: "PRIVATE_KEY", encryptedUserKey: "USER_KEY"),
+        ]
+        stateService.encryptedPinByUserId[account.profile.userId] = "123"
+        stateService.pinProtectedUserKeyValue[account.profile.userId] = "123"
+        biometricsRepository.biometricUnlockStatus = .success(
+            .available(.faceID, enabled: true, hasValidIntegrity: false)
+        )
+
+        try await subject.unlockVaultWithPIN(pin: "123")
+
+        XCTAssertEqual(
+            clientService.mockCrypto.initializeUserCryptoRequest,
+            InitUserCryptoRequest(
+                kdfParams: .pbkdf2(iterations: UInt32(Constants.pbkdf2Iterations)),
+                email: "[email protected]",
+                privateKey: "PRIVATE_KEY",
+                method: .pin(pin: "123", pinProtectedUserKey: "123")
+            )
+        )
+        XCTAssertFalse(vaultTimeoutService.isLocked(userId: "1"))
+        XCTAssertTrue(vaultTimeoutService.unlockVaultHadUserInteraction)
+        XCTAssertTrue(biometricsRepository.didConfigureBiometricIntegrity)
     }
 
     /// `unlockVaultWithPIN(_:)` throws an error if there's no pin.